Analysis
-
max time kernel
37s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
24-05-2022 13:24
Static task
static1
Behavioral task
behavioral1
Sample
008ea5eb3a2b854165eb2fa53fe5f88e0de614a0dcc1bdb4dc27164c67cf06cc.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
008ea5eb3a2b854165eb2fa53fe5f88e0de614a0dcc1bdb4dc27164c67cf06cc.exe
-
Size
292KB
-
MD5
cffe42160ce75c168a74e4c16d6be45f
-
SHA1
f65cacbd305a8a62294519baf13fcf8b176a452f
-
SHA256
008ea5eb3a2b854165eb2fa53fe5f88e0de614a0dcc1bdb4dc27164c67cf06cc
-
SHA512
3c63568cfa9040ec539683a860821e9d42d54ee679077fbca7b2992f6cd2fa3c703c01f7c5aa5e9f0d0147ece4dba291f5bc24f3465bd364c3fc8e35baa3fc19
Malware Config
Signatures
-
Trickbot x86 loader 2 IoCs
Detected Trickbot's x86 loader that unpacks the x86 payload.
Processes:
resource yara_rule behavioral1/memory/1532-56-0x00000000003C0000-0x00000000003EB000-memory.dmp trickbot_loader32 behavioral1/memory/1532-59-0x00000000003C0000-0x00000000003EB000-memory.dmp trickbot_loader32 -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
008ea5eb3a2b854165eb2fa53fe5f88e0de614a0dcc1bdb4dc27164c67cf06cc.exepid process 1532 008ea5eb3a2b854165eb2fa53fe5f88e0de614a0dcc1bdb4dc27164c67cf06cc.exe