Analysis
-
max time kernel
155s -
max time network
179s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
resource tags
-
submitted
31-07-2022 09:34
General
-
Target
8c9c56a08b9cc58d1cc57309695ef07ce367a8a7bfac2485328919a954ea7f2c.dll
-
Size
1.4MB
-
MD5
6b448c6851f3235c9b3d0c24353c480f
-
SHA1
f01bfd3a21a887bc85eb6b02baf28f7640513d03
-
SHA256
8c9c56a08b9cc58d1cc57309695ef07ce367a8a7bfac2485328919a954ea7f2c
-
SHA512
663df12c36a4817da30f88072d1195bbbd1b37a4023f0de67b62d0d4deef15bcbb4c2a025648186a22573dba3cd5480701925f0f30cddafff89c053790dffbf3
Score
10/10
Malware Config
Extracted
Family
danabot
C2
243.127.43.6
64.126.175.2
130.15.230.152
74.99.136.192
244.14.226.35
95.179.168.37
51.129.76.8
151.210.85.159
45.76.123.177
75.57.14.121
rsa_pubkey.plain
Signatures
-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8c9c56a08b9cc58d1cc57309695ef07ce367a8a7bfac2485328919a954ea7f2c.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8c9c56a08b9cc58d1cc57309695ef07ce367a8a7bfac2485328919a954ea7f2c.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 7803⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4380 -ip 43801⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4380-130-0x0000000000000000-mapping.dmp
-
memory/4380-131-0x0000000002100000-0x000000000226B000-memory.dmpFilesize
1.4MB