Overview

overview

10

Static

static

73fa67e237...45.exe

windows7-x64

10

73fa67e237...45.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    163s
  • max time network
    183s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220721-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-07-2022 05:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    73fa67e2370331c0371d8d1b7dc1b269c5e19c934d0e8ee0de32b393f706c045.exe

  • Size

    472KB

  • MD5

    cb0927359c9abc1cad618f66e06ee60f

  • SHA1

    df9f0ce500499530ce5ef6a64ba99f03ed96187e

  • SHA256

    73fa67e2370331c0371d8d1b7dc1b269c5e19c934d0e8ee0de32b393f706c045

  • SHA512

    8aef4668ceb0580bc786275c60bc43b00c3073f6ef52670fdb1fa7b5ac31279bea5c34ffb5101bc8c6de87464d42c911cb45395cb0dcbad16e1d9e08737cad19

Score
10/10
trickbotbankertrojan

Malware Config

Signatures

  • Trickbot

    Developed in 2016, TrickBot is one of the more recent banking Trojans.

    trojanbankertrickbot
  • Trickbot x86 loader 5 IoCs

    Detected Trickbot's x86 loader that unpacks the x86 payload.

  • Executes dropped EXE 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\73fa67e2370331c0371d8d1b7dc1b269c5e19c934d0e8ee0de32b393f706c045.exe
    "C:\Users\Admin\AppData\Local\Temp\73fa67e2370331c0371d8d1b7dc1b269c5e19c934d0e8ee0de32b393f706c045.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2084
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      2⤵
        PID:2704
    • C:\Users\Admin\AppData\Roaming\NuiGet\93fa89e2390331c0391d8d1b9dc1b289c7e19c934d0e8ee0de32b393f908c047.exe
      C:\Users\Admin\AppData\Roaming\NuiGet\93fa89e2390331c0391d8d1b9dc1b289c7e19c934d0e8ee0de32b393f908c047.exe
      1⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3788
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:5032

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\NuiGet\93fa89e2390331c0391d8d1b9dc1b289c7e19c934d0e8ee0de32b393f908c047.exe
      Filesize

      472KB

      MD5

      cb0927359c9abc1cad618f66e06ee60f

      SHA1

      df9f0ce500499530ce5ef6a64ba99f03ed96187e

      SHA256

      73fa67e2370331c0371d8d1b7dc1b269c5e19c934d0e8ee0de32b393f706c045

      SHA512

      8aef4668ceb0580bc786275c60bc43b00c3073f6ef52670fdb1fa7b5ac31279bea5c34ffb5101bc8c6de87464d42c911cb45395cb0dcbad16e1d9e08737cad19

      Download Submit
    • C:\Users\Admin\AppData\Roaming\NuiGet\93fa89e2390331c0391d8d1b9dc1b289c7e19c934d0e8ee0de32b393f908c047.exe
      Filesize

      472KB

      MD5

      cb0927359c9abc1cad618f66e06ee60f

      SHA1

      df9f0ce500499530ce5ef6a64ba99f03ed96187e

      SHA256

      73fa67e2370331c0371d8d1b7dc1b269c5e19c934d0e8ee0de32b393f706c045

      SHA512

      8aef4668ceb0580bc786275c60bc43b00c3073f6ef52670fdb1fa7b5ac31279bea5c34ffb5101bc8c6de87464d42c911cb45395cb0dcbad16e1d9e08737cad19

      Download Submit
    • memory/2084-141-0x0000000002400000-0x0000000002407000-memory.dmp
      Filesize

      28KB

      Download
    • memory/2084-143-0x0000000002400000-0x0000000002407000-memory.dmp
      Filesize

      28KB

      Download
    • memory/2084-137-0x0000000002400000-0x0000000002407000-memory.dmp
      Filesize

      28KB

      Download
    • memory/2084-136-0x0000000002400000-0x0000000002407000-memory.dmp
      Filesize

      28KB

      Download
    • memory/2084-139-0x0000000002400000-0x0000000002407000-memory.dmp
      Filesize

      28KB

      Download
    • memory/2084-138-0x0000000002400000-0x0000000002407000-memory.dmp
      Filesize

      28KB

      Download
    • memory/2084-133-0x0000000002400000-0x0000000002407000-memory.dmp
      Filesize

      28KB

      Download
    • memory/2084-140-0x0000000002400000-0x0000000002407000-memory.dmp
      Filesize

      28KB

      Download
    • memory/2084-142-0x0000000002400000-0x0000000002407000-memory.dmp
      Filesize

      28KB

      Download
    • memory/2084-134-0x0000000002400000-0x0000000002407000-memory.dmp
      Filesize

      28KB

      Download
    • memory/2084-144-0x0000000002400000-0x0000000002407000-memory.dmp
      Filesize

      28KB

      Download
    • memory/2084-145-0x0000000002BF0000-0x0000000002C1E000-memory.dmp
      Filesize

      184KB

      Download
    • memory/2084-147-0x0000000002400000-0x0000000002407000-memory.dmp
      Filesize

      28KB

      Download
    • memory/2084-148-0x0000000002BF0000-0x0000000002C1E000-memory.dmp
      Filesize

      184KB

      Download
    • memory/2084-135-0x0000000002400000-0x0000000002407000-memory.dmp
      Filesize

      28KB

      Download
    • memory/2084-150-0x0000000002BF0000-0x0000000002C1E000-memory.dmp
      Filesize

      184KB

      Download
    • memory/2084-132-0x0000000002400000-0x0000000002407000-memory.dmp
      Filesize

      28KB

      Download
    • memory/2704-153-0x0000014691590000-0x00000146915AE000-memory.dmp
      Filesize

      120KB

      Download
    • memory/2704-152-0x0000014691590000-0x00000146915AE000-memory.dmp
      Filesize

      120KB

      Download
    • memory/2704-151-0x0000014691590000-0x00000146915AE000-memory.dmp
      Filesize

      120KB

      Download
    • memory/2704-149-0x0000000000000000-mapping.dmp
      Download
    • memory/3788-167-0x0000000000630000-0x0000000000637000-memory.dmp
      Filesize

      28KB

      Download
    • memory/3788-169-0x0000000000630000-0x0000000000637000-memory.dmp
      Filesize

      28KB

      Download
    • memory/3788-160-0x0000000000630000-0x0000000000637000-memory.dmp
      Filesize

      28KB

      Download
    • memory/3788-162-0x0000000000630000-0x0000000000637000-memory.dmp
      Filesize

      28KB

      Download
    • memory/3788-164-0x0000000000630000-0x0000000000637000-memory.dmp
      Filesize

      28KB

      Download
    • memory/3788-166-0x0000000000630000-0x0000000000637000-memory.dmp
      Filesize

      28KB

      Download
    • memory/3788-163-0x0000000000630000-0x0000000000637000-memory.dmp
      Filesize

      28KB

      Download
    • memory/3788-159-0x0000000000630000-0x0000000000637000-memory.dmp
      Filesize

      28KB

      Download
    • memory/3788-165-0x0000000000630000-0x0000000000637000-memory.dmp
      Filesize

      28KB

      Download
    • memory/3788-161-0x0000000000630000-0x0000000000637000-memory.dmp
      Filesize

      28KB

      Download
    • memory/3788-168-0x0000000000630000-0x0000000000637000-memory.dmp
      Filesize

      28KB

      Download
    • memory/3788-170-0x0000000000630000-0x0000000000637000-memory.dmp
      Filesize

      28KB

      Download
    • memory/3788-173-0x0000000000630000-0x0000000000637000-memory.dmp
      Filesize

      28KB

      Download
    • memory/3788-174-0x0000000000E30000-0x0000000000E5E000-memory.dmp
      Filesize

      184KB

      Download
    • memory/3788-176-0x0000000000E30000-0x0000000000E5E000-memory.dmp
      Filesize

      184KB

      Download
    • memory/5032-175-0x0000000000000000-mapping.dmp
      Download
    • memory/5032-177-0x0000024A69C00000-0x0000024A69C1E000-memory.dmp
      Filesize

      120KB

      Download
    • memory/5032-178-0x0000024A69C00000-0x0000024A69C1E000-memory.dmp
      Filesize

      120KB

      Download