Analysis
-
max time kernel
40s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220718-en -
resource tags
arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system -
submitted
24-07-2022 23:52
Static task
static1
Behavioral task
behavioral1
Sample
5744f89569706b092f3c84da42f2409318ce77b01b7173c722dd00d1c65f4864.exe
Resource
win7-20220718-en
3 signatures
150 seconds
General
-
Target
5744f89569706b092f3c84da42f2409318ce77b01b7173c722dd00d1c65f4864.exe
-
Size
304KB
-
MD5
e6f22ca7f7e05342709de3367352258c
-
SHA1
f7d911ff02edb4f7f7624ba9ab4a5143e5d30c38
-
SHA256
5744f89569706b092f3c84da42f2409318ce77b01b7173c722dd00d1c65f4864
-
SHA512
0c4b9ce2109e1acfc721ec2544548f24a1c083ebf3b207a3fadd1c4995805678381c51241afe9047b9e57403717353f425e7780d8b2d0df7b84731118966ad3b
Malware Config
Signatures
-
Trickbot x86 loader 3 IoCs
Detected Trickbot's x86 loader that unpacks the x86 payload.
Processes:
resource yara_rule behavioral1/memory/1360-56-0x00000000005E0000-0x000000000060B000-memory.dmp trickbot_loader32 behavioral1/memory/1360-59-0x00000000005E0000-0x000000000060B000-memory.dmp trickbot_loader32 behavioral1/memory/1360-60-0x00000000005E0000-0x000000000060B000-memory.dmp trickbot_loader32 -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
5744f89569706b092f3c84da42f2409318ce77b01b7173c722dd00d1c65f4864.exepid process 1360 5744f89569706b092f3c84da42f2409318ce77b01b7173c722dd00d1c65f4864.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1360-56-0x00000000005E0000-0x000000000060B000-memory.dmpFilesize
172KB
-
memory/1360-58-0x0000000075831000-0x0000000075833000-memory.dmpFilesize
8KB
-
memory/1360-59-0x00000000005E0000-0x000000000060B000-memory.dmpFilesize
172KB
-
memory/1360-60-0x00000000005E0000-0x000000000060B000-memory.dmpFilesize
172KB