Overview

overview

10

Static

static

Bank Slip.exe

windows7_x64

3

Bank Slip.exe

windows10_x64

10

Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-en-20211104
  • submitted
    01-12-2021 14:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Bank Slip.exe

  • Size

    609KB

  • MD5

    23415766fdffe2d1e3df520326e3326c

  • SHA1

    e1d773dbd8164c620b926d1f9bcfde9910840b8b

  • SHA256

    2cf586182f56dcc1131459031b5dca2b6c3037f5c8bc39b70ab226972b5d3d9d

  • SHA512

    2ab7d544257ecacbad91e5185d8e087728d9d3ffda3300458a6f82720743c1eddad3b55bc51f2d8c015dc0cfabab5ff676ebc36612f4187f64f1be0c018061d0

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Bank Slip.exe
    "C:\Users\Admin\AppData\Local\Temp\Bank Slip.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1988
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 676
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      PID:1652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1652-61-0x0000000000000000-mapping.dmp

    Download

  • memory/1652-62-0x0000000002240000-0x0000000002241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1988-55-0x0000000001220000-0x0000000001221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1988-57-0x0000000075D01000-0x0000000075D03000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1988-58-0x0000000004CC0000-0x0000000004CC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1988-59-0x00000000008D0000-0x00000000008D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1988-60-0x0000000007E90000-0x0000000007F1F000-memory.dmp

    Filesize

    572KB

    Download