Analysis
-
max time kernel
150s -
max time network
147s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
11-05-2021 13:19
General
-
Target
38d16e18bf59b0e170405b2fde743a6f9e57d37cee774458036aae92619d221a.exe
-
Size
69KB
-
MD5
4e9fcd33f8ae7d02858946f86ce0a520
-
SHA1
9269c7fc51b6c424f7f81c9f9a9c5b0a96aab183
-
SHA256
38d16e18bf59b0e170405b2fde743a6f9e57d37cee774458036aae92619d221a
-
SHA512
4723a380921184bdbd51ac677fab270c742a65baf60cba7b5e1e845254915cf32d40e37ea796a76193a12607e0f1957e5c29c2c3371f0f834cb1504a4cfaa7ba
Score
10/10
Malware Config
Signatures
-
Tinba / TinyBanker
Banking trojan which uses packet sniffing to steal data.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of FindShellTrayWindow 5 IoCs
-
Suspicious use of SendNotifyMessage 4 IoCs
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Users\Admin\AppData\Local\Temp\38d16e18bf59b0e170405b2fde743a6f9e57d37cee774458036aae92619d221a.exe"C:\Users\Admin\AppData\Local\Temp\38d16e18bf59b0e170405b2fde743a6f9e57d37cee774458036aae92619d221a.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\winver.exewinver3⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"1⤵
-
C:\Windows\system32\taskhost.exe"taskhost.exe"1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/368-63-0x0000000002150000-0x0000000002B50000-memory.dmpFilesize
10.0MB
-
memory/368-62-0x0000000000020000-0x0000000000021000-memory.dmpFilesize
4KB
-
memory/368-59-0x0000000000400000-0x0000000000413000-memory.dmpFilesize
76KB
-
memory/1128-68-0x0000000001B00000-0x0000000001B06000-memory.dmpFilesize
24KB
-
memory/1180-69-0x0000000000340000-0x0000000000346000-memory.dmpFilesize
24KB
-
memory/1244-73-0x0000000077710000-0x0000000077711000-memory.dmpFilesize
4KB
-
memory/1244-71-0x0000000077730000-0x0000000077731000-memory.dmpFilesize
4KB
-
memory/1244-66-0x0000000002B60000-0x0000000002B66000-memory.dmpFilesize
24KB
-
memory/1244-72-0x0000000077720000-0x0000000077721000-memory.dmpFilesize
4KB
-
memory/1244-70-0x0000000002B70000-0x0000000002B76000-memory.dmpFilesize
24KB
-
memory/2036-65-0x00000000000D0000-0x00000000000D6000-memory.dmpFilesize
24KB
-
memory/2036-67-0x00000000001C0000-0x00000000001C1000-memory.dmpFilesize
4KB
-
memory/2036-60-0x0000000000000000-mapping.dmp
-
memory/2036-64-0x0000000000A50000-0x0000000000A66000-memory.dmpFilesize
88KB
-
memory/2036-61-0x0000000076661000-0x0000000076663000-memory.dmpFilesize
8KB