Analysis
-
max time kernel
137s -
max time network
118s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
07-01-2022 16:04
Static task
static1
Behavioral task
behavioral1
Sample
7d73bbc0c762f65500d81187cabb075d.exe
Resource
win7-en-20211208
General
-
Target
7d73bbc0c762f65500d81187cabb075d.exe
-
Size
1.1MB
-
MD5
7d73bbc0c762f65500d81187cabb075d
-
SHA1
e8a1f531e3ad3a1ee0fecccf34d0f23b6f452a53
-
SHA256
9a8418ab244c91ab1447181ca5544cc1202c1e5aee5549e0e9908ac5080ed3a6
-
SHA512
83455a8f8dbcfb90bcd7a4538dbc89d799710489e21d17cda7a2cdebbcc6679ae2e027835aa4c20de63c75451af37c3ebb614d6217dc81fe10db0055dfb9ec57
Malware Config
Extracted
danabot
4
142.11.244.223:443
192.236.194.72:443
192.119.110.4:443
-
embedded_hash
8357B947FCA843DB2D85EC29EDCDEF3C
-
type
loader
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
rundll32.exepid process 828 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
7d73bbc0c762f65500d81187cabb075d.exedescription pid process target process PID 1988 wrote to memory of 828 1988 7d73bbc0c762f65500d81187cabb075d.exe rundll32.exe PID 1988 wrote to memory of 828 1988 7d73bbc0c762f65500d81187cabb075d.exe rundll32.exe PID 1988 wrote to memory of 828 1988 7d73bbc0c762f65500d81187cabb075d.exe rundll32.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7d73bbc0c762f65500d81187cabb075d.exe"C:\Users\Admin\AppData\Local\Temp\7d73bbc0c762f65500d81187cabb075d.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\7d73bbc0c762f65500d81187cabb075d.exe.dll,z C:\Users\Admin\AppData\Local\Temp\7d73bbc0c762f65500d81187cabb075d.exe2⤵
- Loads dropped DLL
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\7d73bbc0c762f65500d81187cabb075d.exe.dllMD5
e9de04d402de5e31d8512f5b0c3e4e20
SHA11ff5fb62aba37ada25af7e06c97c0f6708d5e047
SHA256e9a6bb79b9177f8bc949c02df9d78bee4a66742d1ace9b0afa94757235fcf720
SHA512d551395d2bfdffe8cc9c61c44b1b7fe2b5b9d9706e351f824df5b160d5eb2630febd44b568bb58acdd99d67523628202a954c9e9160ec285d0c046e62f62ac7d
-
\Users\Admin\AppData\Local\Temp\7d73bbc0c762f65500d81187cabb075d.exe.dllMD5
e9de04d402de5e31d8512f5b0c3e4e20
SHA11ff5fb62aba37ada25af7e06c97c0f6708d5e047
SHA256e9a6bb79b9177f8bc949c02df9d78bee4a66742d1ace9b0afa94757235fcf720
SHA512d551395d2bfdffe8cc9c61c44b1b7fe2b5b9d9706e351f824df5b160d5eb2630febd44b568bb58acdd99d67523628202a954c9e9160ec285d0c046e62f62ac7d
-
memory/828-118-0x0000000000000000-mapping.dmp
-
memory/1988-115-0x00000000007DE000-0x00000000008C1000-memory.dmpFilesize
908KB
-
memory/1988-116-0x00000000008E0000-0x00000000009DA000-memory.dmpFilesize
1000KB
-
memory/1988-117-0x0000000000400000-0x0000000000535000-memory.dmpFilesize
1.2MB