Analysis
-
max time kernel
145s -
max time network
156s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
03-07-2022 16:01
Static task
static1
Behavioral task
behavioral1
Sample
3b954a95003838871dbfe77e0f8f390f4a72bb06651edaf2e60983dca6b72223.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
3b954a95003838871dbfe77e0f8f390f4a72bb06651edaf2e60983dca6b72223.exe
-
Size
492KB
-
MD5
fc23fa436b55731d13db036e534913c9
-
SHA1
806fb8500b37ef9b10bd79fdd6cf06ced1209566
-
SHA256
3b954a95003838871dbfe77e0f8f390f4a72bb06651edaf2e60983dca6b72223
-
SHA512
0f76041ee3f7cba562443cb00c053d7dadb4522082f4f3646c9367baf55fcf2b02d4dbf9865d589fbcab60b4ffda862a7bb08be4c304e11d8e44ff041305b3ab
Malware Config
Signatures
-
Trickbot x86 loader 4 IoCs
Detected Trickbot's x86 loader that unpacks the x86 payload.
Processes:
resource yara_rule behavioral1/memory/1444-55-0x0000000000360000-0x0000000000369000-memory.dmp trickbot_loader32 behavioral1/memory/1444-57-0x0000000000350000-0x0000000000357000-memory.dmp trickbot_loader32 behavioral1/memory/1444-58-0x0000000000361000-0x0000000000368000-memory.dmp trickbot_loader32 behavioral1/memory/1444-59-0x0000000000361000-0x0000000000368000-memory.dmp trickbot_loader32 -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
3b954a95003838871dbfe77e0f8f390f4a72bb06651edaf2e60983dca6b72223.exepid process 1444 3b954a95003838871dbfe77e0f8f390f4a72bb06651edaf2e60983dca6b72223.exe 1444 3b954a95003838871dbfe77e0f8f390f4a72bb06651edaf2e60983dca6b72223.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1444-54-0x0000000075DE1000-0x0000000075DE3000-memory.dmpFilesize
8KB
-
memory/1444-55-0x0000000000360000-0x0000000000369000-memory.dmpFilesize
36KB
-
memory/1444-57-0x0000000000350000-0x0000000000357000-memory.dmpFilesize
28KB
-
memory/1444-58-0x0000000000361000-0x0000000000368000-memory.dmpFilesize
28KB
-
memory/1444-59-0x0000000000361000-0x0000000000368000-memory.dmpFilesize
28KB