Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    140s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    17/09/2022, 08:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6937fe60697ed628fdee0a7cb4e6125e972062d86fe6b276b9cf0305b2a5d322.exe

  • Size

    291KB

  • MD5

    045ec467d7df4abb4f5e95dbdfb37fef

  • SHA1

    d0a3c83f9a4b194bc27db75412fb803f6100abf1

  • SHA256

    6937fe60697ed628fdee0a7cb4e6125e972062d86fe6b276b9cf0305b2a5d322

  • SHA512

    5a1e0ffd550faee0549e9387e44b93d1beecafe9d5406a7b4bfddcc5165c197dfb2b76367271c43fa0f521f695f6654426054e58eb0e3a336c091c05e6d844cd

  • SSDEEP

    6144:a/MqLHC4IfAUYIe34TG30yIcOPCenigabwVf:a0qTCTvRe3crPti

Score
10/10
danabotbankertrojan

Malware Config

Extracted

Family

danabot

Attributes
  • embedded_hash

    A64A3A6ED13022027B84C77D31BE0C74

  • type

    loader

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Program crash 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6937fe60697ed628fdee0a7cb4e6125e972062d86fe6b276b9cf0305b2a5d322.exe
    "C:\Users\Admin\AppData\Local\Temp\6937fe60697ed628fdee0a7cb4e6125e972062d86fe6b276b9cf0305b2a5d322.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:3504
  • C:\Users\Admin\AppData\Local\Temp\64F4.exe
    C:\Users\Admin\AppData\Local\Temp\64F4.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of WriteProcessMemory
    PID:2884
    • C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\Etfrehti.dll,start C:\Users\Admin\AppData\Local\Temp\64F4.exe
      2⤵
      • Loads dropped DLL
      PID:4564
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 632
        3⤵
        • Program crash
        PID:3652

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\64F4.exe
    Filesize

    1.9MB

    MD5

    5731031c67594f7560bc5e266ff1b54e

    SHA1

    3a7c6a8da1a1adc57855ac107ab207836cf5ef03

    SHA256

    c22b9f4c985b1fecd3ec6286ca20293d54b3493781d393996f548d686633ce16

    SHA512

    327f61dd81c9094501e55b94b787bb6f227bbf56779081c789218b75cfaf1ec8154c914b060c720710cc13e19726e529d900372957def90c9c6baa6ef0ebba2c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\64F4.exe
    Filesize

    1.9MB

    MD5

    5731031c67594f7560bc5e266ff1b54e

    SHA1

    3a7c6a8da1a1adc57855ac107ab207836cf5ef03

    SHA256

    c22b9f4c985b1fecd3ec6286ca20293d54b3493781d393996f548d686633ce16

    SHA512

    327f61dd81c9094501e55b94b787bb6f227bbf56779081c789218b75cfaf1ec8154c914b060c720710cc13e19726e529d900372957def90c9c6baa6ef0ebba2c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Etfrehti.dll
    Filesize

    2.5MB

    MD5

    d7a66ca4622307cefbaf2d548edf21c1

    SHA1

    d6e7396cf81fddc86bd9a6adb17dbec09fbd532d

    SHA256

    c692330b06a1c232eafe7e68f867c6f339ca9545834010b0997e19f936ad0b5d

    SHA512

    4d9e5fa064ea98af43d5fef363a69a593fdd0ae5f4b79db0794bd5b12e9ffd0c52bb53b7c7b08141f4a33ea7b786f2164504af3295ee9466477270e69b87f41c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\Etfrehti.dll
    Filesize

    2.5MB

    MD5

    d7a66ca4622307cefbaf2d548edf21c1

    SHA1

    d6e7396cf81fddc86bd9a6adb17dbec09fbd532d

    SHA256

    c692330b06a1c232eafe7e68f867c6f339ca9545834010b0997e19f936ad0b5d

    SHA512

    4d9e5fa064ea98af43d5fef363a69a593fdd0ae5f4b79db0794bd5b12e9ffd0c52bb53b7c7b08141f4a33ea7b786f2164504af3295ee9466477270e69b87f41c

    Download Submit

  • memory/2884-177-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2884-158-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2884-208-0x0000000000400000-0x00000000005E8000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2884-205-0x0000000002730000-0x000000000290C000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2884-196-0x0000000000400000-0x00000000005E8000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2884-191-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2884-161-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2884-190-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2884-189-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2884-188-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2884-187-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2884-185-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2884-186-0x0000000002730000-0x000000000290C000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2884-184-0x0000000002580000-0x000000000272A000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2884-160-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2884-183-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2884-182-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2884-180-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2884-179-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2884-178-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2884-176-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2884-175-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2884-174-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2884-173-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2884-172-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2884-171-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2884-170-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2884-169-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2884-166-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2884-168-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2884-159-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2884-165-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2884-163-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2884-162-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2884-167-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2884-157-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-141-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-139-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-121-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-127-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-154-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/3504-153-0x00000000005EA000-0x00000000005FA000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3504-152-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-151-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-150-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-146-0x00000000004A0000-0x00000000005EA000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3504-120-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-148-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/3504-149-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-147-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-145-0x00000000005EA000-0x00000000005FA000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3504-144-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-143-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-142-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-122-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-117-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-140-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-135-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-138-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-137-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-136-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-134-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-133-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-132-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-131-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-130-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-129-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-128-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-123-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-126-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-118-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-125-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-124-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3504-119-0x00000000771E0000-0x000000007736E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4564-250-0x0000000000400000-0x0000000000694000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/4564-251-0x0000000000400000-0x0000000000694000-memory.dmp

    Filesize

    2.6MB

    Download