Analysis
-
max time kernel
135s -
max time network
123s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
09-01-2022 09:16
Static task
static1
Behavioral task
behavioral1
Sample
0347b84f4e3d0aa6a1009f509539e2b1.exe
Resource
win7-en-20211208
General
-
Target
0347b84f4e3d0aa6a1009f509539e2b1.exe
-
Size
1.1MB
-
MD5
0347b84f4e3d0aa6a1009f509539e2b1
-
SHA1
48186b9449ca1bbce11c8cc03d5b2c790fb8db40
-
SHA256
1027b3f9e451a16896a4b06e851002ab01ca153421b17cbad6b0e73fac85ed4a
-
SHA512
a9a070821792f07feacdfe3a1d43bd7d2ecd1416a068ad10a3990f78cc9b2c57f58e5db9fb7be483d9cd9f23fd815a9162adbdaa0635264525c5aa55cf4ede55
Malware Config
Extracted
danabot
4
192.119.110.4:443
192.236.194.72:443
-
embedded_hash
422236FD601D11EE82825A484D26DD6F
-
type
loader
Signatures
-
Danabot Loader Component 4 IoCs
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\0347b84f4e3d0aa6a1009f509539e2b1.exe.dll DanabotLoader2021 \Users\Admin\AppData\Local\Temp\0347b84f4e3d0aa6a1009f509539e2b1.exe.dll DanabotLoader2021 \Users\Admin\AppData\Local\Temp\0347b84f4e3d0aa6a1009f509539e2b1.exe.dll DanabotLoader2021 behavioral2/memory/3984-122-0x0000000003FD0000-0x000000000411D000-memory.dmp DanabotLoader2021 -
Loads dropped DLL 2 IoCs
Processes:
rundll32.exepid process 3984 rundll32.exe 3984 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
0347b84f4e3d0aa6a1009f509539e2b1.exedescription pid process target process PID 2744 wrote to memory of 3984 2744 0347b84f4e3d0aa6a1009f509539e2b1.exe rundll32.exe PID 2744 wrote to memory of 3984 2744 0347b84f4e3d0aa6a1009f509539e2b1.exe rundll32.exe PID 2744 wrote to memory of 3984 2744 0347b84f4e3d0aa6a1009f509539e2b1.exe rundll32.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\0347b84f4e3d0aa6a1009f509539e2b1.exe"C:\Users\Admin\AppData\Local\Temp\0347b84f4e3d0aa6a1009f509539e2b1.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\0347b84f4e3d0aa6a1009f509539e2b1.exe.dll,z C:\Users\Admin\AppData\Local\Temp\0347b84f4e3d0aa6a1009f509539e2b1.exe2⤵
- Loads dropped DLL
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\0347b84f4e3d0aa6a1009f509539e2b1.exe.dllMD5
7f138bd65b71ce688a4671e4b248fec0
SHA14af5dc1d4183a3c44e559cb11bcf7ebcba6fbcd0
SHA256df427e5ea62c3691a61fffd4426d1b11ce1cf73a678396c0658f00eea7832235
SHA512c8f8196eabbf4f054afbf432492d5852f0203478ddab37b1b56ae2f6b6c7cf92beaaf469823d46134b60dc8981a979debb77aeaeac9238ca02c5ed61ade70f5a
-
\Users\Admin\AppData\Local\Temp\0347b84f4e3d0aa6a1009f509539e2b1.exe.dllMD5
7f138bd65b71ce688a4671e4b248fec0
SHA14af5dc1d4183a3c44e559cb11bcf7ebcba6fbcd0
SHA256df427e5ea62c3691a61fffd4426d1b11ce1cf73a678396c0658f00eea7832235
SHA512c8f8196eabbf4f054afbf432492d5852f0203478ddab37b1b56ae2f6b6c7cf92beaaf469823d46134b60dc8981a979debb77aeaeac9238ca02c5ed61ade70f5a
-
\Users\Admin\AppData\Local\Temp\0347b84f4e3d0aa6a1009f509539e2b1.exe.dllMD5
7f138bd65b71ce688a4671e4b248fec0
SHA14af5dc1d4183a3c44e559cb11bcf7ebcba6fbcd0
SHA256df427e5ea62c3691a61fffd4426d1b11ce1cf73a678396c0658f00eea7832235
SHA512c8f8196eabbf4f054afbf432492d5852f0203478ddab37b1b56ae2f6b6c7cf92beaaf469823d46134b60dc8981a979debb77aeaeac9238ca02c5ed61ade70f5a
-
memory/2744-116-0x0000000004BB0000-0x0000000004CAA000-memory.dmpFilesize
1000KB
-
memory/2744-115-0x0000000004AC0000-0x0000000004BA2000-memory.dmpFilesize
904KB
-
memory/2744-117-0x0000000000400000-0x0000000002C53000-memory.dmpFilesize
40.3MB
-
memory/3984-118-0x0000000000000000-mapping.dmp
-
memory/3984-122-0x0000000003FD0000-0x000000000411D000-memory.dmpFilesize
1.3MB