danabot | ca13939ac1036e568800fc1ae1cead04ea7250a75e084ec76df7694e37f1d1dd

Analysis

max time kernel
70s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
12/10/2022, 05:39

Target

ca13939ac1036e568800fc1ae1cead04ea7250a75e084ec76df7694e37f1d1dd.exe
Size

1.2MB
MD5

c2bab2d93261bf3982970f6ede2d21e6
SHA1

c241d1f26e88fe0070be180577344d6823d55ae1
SHA256

ca13939ac1036e568800fc1ae1cead04ea7250a75e084ec76df7694e37f1d1dd
SHA512

206ad6b129f4ef0f6f4c0161aac051727e9ab73ff2c8b1110d96bd200c02105663b84839e809ada3f20b59585dd95a03b17300d67aabed6e547d9af42b8a702d
SSDEEP

24576:mGBWbwMDmHdYeXp3S2ltejdTKaQP4Ij4OhwMjHjEUchRMnijD3ivOX00auCbxaC:tOXDCt5S2CdPQgIwMjwthRMnOP0zD9

Score

10^/10

Family

danabot

Attributes

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 1360	1960	ca13939ac1036e568800fc1ae1cead04ea7250a75e084ec76df7694e37f1d1dd.exe	28
PID 1960 wrote to memory of 1360	1960	ca13939ac1036e568800fc1ae1cead04ea7250a75e084ec76df7694e37f1d1dd.exe	28
PID 1960 wrote to memory of 1360	1960	ca13939ac1036e568800fc1ae1cead04ea7250a75e084ec76df7694e37f1d1dd.exe	28
PID 1960 wrote to memory of 1360	1960	ca13939ac1036e568800fc1ae1cead04ea7250a75e084ec76df7694e37f1d1dd.exe	28

C:\Users\Admin\AppData\Local\Temp\ca13939ac1036e568800fc1ae1cead04ea7250a75e084ec76df7694e37f1d1dd.exe
"C:\Users\Admin\AppData\Local\Temp\ca13939ac1036e568800fc1ae1cead04ea7250a75e084ec76df7694e37f1d1dd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Windows\SysWOW64\AdapterTroubleshooter.exe
  C:\Windows\system32\AdapterTroubleshooter.exe
  2⤵
  PID:1360

memory/1360-58-0x00000000751A1000-0x00000000751A3000-memory.dmp

Filesize
8KB

Download
memory/1960-54-0x00000000006E0000-0x0000000000802000-memory.dmp

Filesize
1.1MB

Download
memory/1960-55-0x00000000006E0000-0x0000000000802000-memory.dmp

Filesize
1.1MB

Download
memory/1960-56-0x0000000002260000-0x000000000252E000-memory.dmp

Filesize
2.8MB

Download
memory/1960-59-0x0000000000400000-0x00000000006DA000-memory.dmp

Filesize
2.9MB

Download
memory/1960-60-0x0000000000400000-0x00000000006DA000-memory.dmp

Filesize
2.9MB

Download
memory/1960-61-0x0000000000400000-0x00000000006DA000-memory.dmp

Filesize
2.9MB

Download
memory/1960-63-0x0000000000400000-0x00000000006DA000-memory.dmp

Filesize
2.9MB

Download