Analysis
-
max time kernel
136s -
max time network
122s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
09-01-2022 09:23
Static task
static1
Behavioral task
behavioral1
Sample
4ecba4ce64055cdb334347082b8760bb.exe
Resource
win7-en-20211208
General
-
Target
4ecba4ce64055cdb334347082b8760bb.exe
-
Size
1.1MB
-
MD5
4ecba4ce64055cdb334347082b8760bb
-
SHA1
24c2a2aba3bfefb3c6b2fd9844778dae2b505ec4
-
SHA256
80221beedf16097e3e36392e13b3bae27a6cf0d0190987ca98c72f3e8a3c4ab4
-
SHA512
1440ceeb38b297a1f7f052ec23e3f724b9cef9e60ff44ec98fa564b10f62657c7c1d6c8170c3da56f8081214df187fbc078ae471dded866632386dc0b59c3a52
Malware Config
Extracted
danabot
4
192.119.110.4:443
103.175.16.113:443
-
embedded_hash
422236FD601D11EE82825A484D26DD6F
-
type
loader
Signatures
-
Danabot Loader Component 4 IoCs
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\4ecba4ce64055cdb334347082b8760bb.exe.dll DanabotLoader2021 \Users\Admin\AppData\Local\Temp\4ecba4ce64055cdb334347082b8760bb.exe.dll DanabotLoader2021 \Users\Admin\AppData\Local\Temp\4ecba4ce64055cdb334347082b8760bb.exe.dll DanabotLoader2021 behavioral2/memory/4668-122-0x0000000004020000-0x0000000004171000-memory.dmp DanabotLoader2021 -
Loads dropped DLL 2 IoCs
Processes:
rundll32.exepid process 4668 rundll32.exe 4668 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
4ecba4ce64055cdb334347082b8760bb.exedescription pid process target process PID 2636 wrote to memory of 4668 2636 4ecba4ce64055cdb334347082b8760bb.exe rundll32.exe PID 2636 wrote to memory of 4668 2636 4ecba4ce64055cdb334347082b8760bb.exe rundll32.exe PID 2636 wrote to memory of 4668 2636 4ecba4ce64055cdb334347082b8760bb.exe rundll32.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\4ecba4ce64055cdb334347082b8760bb.exe"C:\Users\Admin\AppData\Local\Temp\4ecba4ce64055cdb334347082b8760bb.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\4ecba4ce64055cdb334347082b8760bb.exe.dll,z C:\Users\Admin\AppData\Local\Temp\4ecba4ce64055cdb334347082b8760bb.exe2⤵
- Loads dropped DLL
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\4ecba4ce64055cdb334347082b8760bb.exe.dllMD5
7e3aa379ea79d7c3057e23f3de420ce3
SHA10fa5168ab1a07427945b84f56666e537306d2f26
SHA256eed3ad651717ac7591efa41970d9f060ce816c0666d1691421275a2d8b5697ff
SHA512278d4f6e23bf4b62f681745a4c505125a343e3172e4b485eac7e773d636f9325d4678a6601370e8ebce11fb52f0506620cc2c5f4b4fee8a110d15f95d13b0298
-
\Users\Admin\AppData\Local\Temp\4ecba4ce64055cdb334347082b8760bb.exe.dllMD5
7e3aa379ea79d7c3057e23f3de420ce3
SHA10fa5168ab1a07427945b84f56666e537306d2f26
SHA256eed3ad651717ac7591efa41970d9f060ce816c0666d1691421275a2d8b5697ff
SHA512278d4f6e23bf4b62f681745a4c505125a343e3172e4b485eac7e773d636f9325d4678a6601370e8ebce11fb52f0506620cc2c5f4b4fee8a110d15f95d13b0298
-
\Users\Admin\AppData\Local\Temp\4ecba4ce64055cdb334347082b8760bb.exe.dllMD5
7e3aa379ea79d7c3057e23f3de420ce3
SHA10fa5168ab1a07427945b84f56666e537306d2f26
SHA256eed3ad651717ac7591efa41970d9f060ce816c0666d1691421275a2d8b5697ff
SHA512278d4f6e23bf4b62f681745a4c505125a343e3172e4b485eac7e773d636f9325d4678a6601370e8ebce11fb52f0506620cc2c5f4b4fee8a110d15f95d13b0298
-
memory/2636-115-0x0000000004B10000-0x0000000004BF5000-memory.dmpFilesize
916KB
-
memory/2636-116-0x0000000004C00000-0x0000000004CFC000-memory.dmpFilesize
1008KB
-
memory/2636-117-0x0000000000400000-0x0000000002C5B000-memory.dmpFilesize
40.4MB
-
memory/4668-118-0x0000000000000000-mapping.dmp
-
memory/4668-122-0x0000000004020000-0x0000000004171000-memory.dmpFilesize
1.3MB