Analysis

  • max time kernel
    293s
  • max time network
    343s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    26-09-2021 12:43

General

  • Target

    tvqyodlskqy.exe

  • Size

    1MB

  • MD5

    1ccb04e0781f40686a84367247e42c6d

  • SHA1

    4d4969f830b9d74de4b943063d0a7fbea23f020d

  • SHA256

    9b68462224e951b51381fca03a21722bd7b4511ad495ba58700663944e8df9f2

  • SHA512

    89f0cd763783a65aff86eb83f3e9a5528cc2321cae1b1427db4196708f3566866cef56e7c09e2ca210c7b4eb6fe085d20b64910e25c4f6bd5a0a236aa68c1bdf

Score
10/10

Malware Config

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

  • Danabot Loader Component 6 IoCs
  • Blocklisted process makes network request 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\tvqyodlskqy.exe
    "C:\Users\Admin\AppData\Local\Temp\tvqyodlskqy.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1884
    • C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\TVQYOD~1.DLL,s C:\Users\Admin\AppData\Local\Temp\TVQYOD~1.EXE
      2⤵
      • Blocklisted process makes network request
      • Loads dropped DLL
      PID:468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\TVQYOD~1.DLL
    MD5

    e8503f0a4bfbb832630975604448f906

    SHA1

    651186955053af29ae247087d538d36fac66beea

    SHA256

    1bbd32dc3dd7e714c982f7cdec49375c3eb550ba747e924327dee0f63b05f7c8

    SHA512

    6ebc57cd250b1c87202d4591df8ed29a453d5af33ed2fe188a30b422e8fa6282bfd917906499d0ef5e5a591242017ac98d8c99c4ccc1b1541ab841bf9f695e10

  • \Users\Admin\AppData\Local\Temp\TVQYOD~1.DLL
    MD5

    e8503f0a4bfbb832630975604448f906

    SHA1

    651186955053af29ae247087d538d36fac66beea

    SHA256

    1bbd32dc3dd7e714c982f7cdec49375c3eb550ba747e924327dee0f63b05f7c8

    SHA512

    6ebc57cd250b1c87202d4591df8ed29a453d5af33ed2fe188a30b422e8fa6282bfd917906499d0ef5e5a591242017ac98d8c99c4ccc1b1541ab841bf9f695e10

  • \Users\Admin\AppData\Local\Temp\TVQYOD~1.DLL
    MD5

    e8503f0a4bfbb832630975604448f906

    SHA1

    651186955053af29ae247087d538d36fac66beea

    SHA256

    1bbd32dc3dd7e714c982f7cdec49375c3eb550ba747e924327dee0f63b05f7c8

    SHA512

    6ebc57cd250b1c87202d4591df8ed29a453d5af33ed2fe188a30b422e8fa6282bfd917906499d0ef5e5a591242017ac98d8c99c4ccc1b1541ab841bf9f695e10

  • \Users\Admin\AppData\Local\Temp\TVQYOD~1.DLL
    MD5

    e8503f0a4bfbb832630975604448f906

    SHA1

    651186955053af29ae247087d538d36fac66beea

    SHA256

    1bbd32dc3dd7e714c982f7cdec49375c3eb550ba747e924327dee0f63b05f7c8

    SHA512

    6ebc57cd250b1c87202d4591df8ed29a453d5af33ed2fe188a30b422e8fa6282bfd917906499d0ef5e5a591242017ac98d8c99c4ccc1b1541ab841bf9f695e10

  • \Users\Admin\AppData\Local\Temp\TVQYOD~1.DLL
    MD5

    e8503f0a4bfbb832630975604448f906

    SHA1

    651186955053af29ae247087d538d36fac66beea

    SHA256

    1bbd32dc3dd7e714c982f7cdec49375c3eb550ba747e924327dee0f63b05f7c8

    SHA512

    6ebc57cd250b1c87202d4591df8ed29a453d5af33ed2fe188a30b422e8fa6282bfd917906499d0ef5e5a591242017ac98d8c99c4ccc1b1541ab841bf9f695e10

  • memory/468-62-0x0000000000000000-mapping.dmp
  • memory/468-69-0x0000000000A40000-0x0000000000BA3000-memory.dmp
    Filesize

    1MB

  • memory/1884-59-0x0000000001FE0000-0x00000000020E6000-memory.dmp
    Filesize

    1MB

  • memory/1884-60-0x0000000000400000-0x0000000000592000-memory.dmp
    Filesize

    1MB

  • memory/1884-61-0x0000000075891000-0x0000000075893000-memory.dmp
    Filesize

    8KB