Analysis
-
max time kernel
181s -
max time network
192s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
03-07-2022 16:01
Static task
static1
Behavioral task
behavioral1
Sample
3b954a95003838871dbfe77e0f8f390f4a72bb06651edaf2e60983dca6b72223.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
3b954a95003838871dbfe77e0f8f390f4a72bb06651edaf2e60983dca6b72223.exe
-
Size
492KB
-
MD5
fc23fa436b55731d13db036e534913c9
-
SHA1
806fb8500b37ef9b10bd79fdd6cf06ced1209566
-
SHA256
3b954a95003838871dbfe77e0f8f390f4a72bb06651edaf2e60983dca6b72223
-
SHA512
0f76041ee3f7cba562443cb00c053d7dadb4522082f4f3646c9367baf55fcf2b02d4dbf9865d589fbcab60b4ffda862a7bb08be4c304e11d8e44ff041305b3ab
Malware Config
Signatures
-
Trickbot x86 loader 3 IoCs
Detected Trickbot's x86 loader that unpacks the x86 payload.
Processes:
resource yara_rule behavioral2/memory/2024-130-0x00000000022B0000-0x00000000022B9000-memory.dmp trickbot_loader32 behavioral2/memory/2024-132-0x0000000002210000-0x0000000002217000-memory.dmp trickbot_loader32 behavioral2/memory/2024-133-0x00000000022B1000-0x00000000022B8000-memory.dmp trickbot_loader32 -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
3b954a95003838871dbfe77e0f8f390f4a72bb06651edaf2e60983dca6b72223.exepid process 2024 3b954a95003838871dbfe77e0f8f390f4a72bb06651edaf2e60983dca6b72223.exe 2024 3b954a95003838871dbfe77e0f8f390f4a72bb06651edaf2e60983dca6b72223.exe