trickbot | da75bffa697de8d12806a2141cf2099a2c39f0b5bc259586fa22911082513aa6 | Triage

Analysis

max time kernel
151s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
01-07-2022 06:27

Sharing

Report Analysis Logs

General

Target

da75bffa697de8d12806a2141cf2099a2c39f0b5bc259586fa22911082513aa6.exe
Size

296KB
MD5

884b9ba2a87f49828659b2c5a01c0dae
SHA1

9ab732009d02f9b82ec02e4dbbd92106652ddb77
SHA256

da75bffa697de8d12806a2141cf2099a2c39f0b5bc259586fa22911082513aa6
SHA512

810dc40fe36179abec96a4cce45e340710cab605b0c2eb89a57679c75318c1c58003c59db1beed3d96af872a481a6b84b01b8fe7833db6808744f2154afba203

Score

10^/10

trickbot banker trojan

Malware Config

Signatures

Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
trojan banker trickbot

Trickbot x86 loader 2 IoCs

Detected Trickbot's x86 loader that unpacks the x86 payload.

Processes:

resource	yara_rule
behavioral2/memory/4912-130-0x0000000002270000-0x0000000002279000-memory.dmp	trickbot_loader32
behavioral2/memory/4912-131-0x0000000002270000-0x0000000002279000-memory.dmp	trickbot_loader32

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

da75bffa697de8d12806a2141cf2099a2c39f0b5bc259586fa22911082513aa6.exe

pid process

4912 da75bffa697de8d12806a2141cf2099a2c39f0b5bc259586fa22911082513aa6.exe

C:\Users\Admin\AppData\Local\Temp\da75bffa697de8d12806a2141cf2099a2c39f0b5bc259586fa22911082513aa6.exe
"C:\Users\Admin\AppData\Local\Temp\da75bffa697de8d12806a2141cf2099a2c39f0b5bc259586fa22911082513aa6.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4912-130-0x0000000002270000-0x0000000002279000-memory.dmp

Filesize
36KB

Download
memory/4912-131-0x0000000002270000-0x0000000002279000-memory.dmp

Filesize
36KB

Download