danabot | 7cdcea9fb45bdbbf0019db23d02628e7aabd68695d532a74961bafaf871788d0

Analysis

max time kernel
136s
max time network
140s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
15-10-2022 13:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7cdcea9fb45bdbbf0019db23d02628e7aabd68695d532a74961bafaf871788d0.exe
Size

1.3MB
MD5

e485a261c9368af069b3cb7582030fa9
SHA1

89723ca58ae2b6d40f75cb3a0bedb3afc85e894b
SHA256

7cdcea9fb45bdbbf0019db23d02628e7aabd68695d532a74961bafaf871788d0
SHA512

611d8aa204f0abd8d760e28b191642d9039ca7a56f1880818bd9d5f307652a5df61c35f109e6cdef717158a1caca4c4e3460eba70a402433c08227051e332ce4
SSDEEP

24576:M8pCIlF/FcqUyzcIWSGYhWQSB/WNEfQ+z5aENSqIlLUNfA8AZmz6/SLRVP1/Ufmc:3/PU0W3YqWNe1KflUmtZmW/0NclTjbj

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

192.236.233.188:443

192.119.70.159:443

23.106.124.171:443

213.227.155.103:443

Attributes

embedded_hash
56951C922035D696BFCE443750496462
type
loader

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Program crash 2 IoCs

pid	pid_target	Process	procid_target
348	2772	WerFault.exe	65
1120	2772	WerFault.exe	65

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 2772 wrote to memory of 4756	2772	7cdcea9fb45bdbbf0019db23d02628e7aabd68695d532a74961bafaf871788d0.exe	66
PID 2772 wrote to memory of 4756	2772	7cdcea9fb45bdbbf0019db23d02628e7aabd68695d532a74961bafaf871788d0.exe	66
PID 2772 wrote to memory of 4756	2772	7cdcea9fb45bdbbf0019db23d02628e7aabd68695d532a74961bafaf871788d0.exe	66
PID 2772 wrote to memory of 4204	2772	7cdcea9fb45bdbbf0019db23d02628e7aabd68695d532a74961bafaf871788d0.exe	70
PID 2772 wrote to memory of 4204	2772	7cdcea9fb45bdbbf0019db23d02628e7aabd68695d532a74961bafaf871788d0.exe	70
PID 2772 wrote to memory of 4204	2772	7cdcea9fb45bdbbf0019db23d02628e7aabd68695d532a74961bafaf871788d0.exe	70
PID 2772 wrote to memory of 4204	2772	7cdcea9fb45bdbbf0019db23d02628e7aabd68695d532a74961bafaf871788d0.exe	70
PID 2772 wrote to memory of 4204	2772	7cdcea9fb45bdbbf0019db23d02628e7aabd68695d532a74961bafaf871788d0.exe	70
PID 2772 wrote to memory of 4204	2772	7cdcea9fb45bdbbf0019db23d02628e7aabd68695d532a74961bafaf871788d0.exe	70
PID 2772 wrote to memory of 4204	2772	7cdcea9fb45bdbbf0019db23d02628e7aabd68695d532a74961bafaf871788d0.exe	70
PID 2772 wrote to memory of 4204	2772	7cdcea9fb45bdbbf0019db23d02628e7aabd68695d532a74961bafaf871788d0.exe	70
PID 2772 wrote to memory of 4204	2772	7cdcea9fb45bdbbf0019db23d02628e7aabd68695d532a74961bafaf871788d0.exe	70
PID 2772 wrote to memory of 4204	2772	7cdcea9fb45bdbbf0019db23d02628e7aabd68695d532a74961bafaf871788d0.exe	70
PID 2772 wrote to memory of 4204	2772	7cdcea9fb45bdbbf0019db23d02628e7aabd68695d532a74961bafaf871788d0.exe	70
PID 2772 wrote to memory of 4204	2772	7cdcea9fb45bdbbf0019db23d02628e7aabd68695d532a74961bafaf871788d0.exe	70
PID 2772 wrote to memory of 4204	2772	7cdcea9fb45bdbbf0019db23d02628e7aabd68695d532a74961bafaf871788d0.exe	70
PID 2772 wrote to memory of 4204	2772	7cdcea9fb45bdbbf0019db23d02628e7aabd68695d532a74961bafaf871788d0.exe	70
PID 2772 wrote to memory of 4204	2772	7cdcea9fb45bdbbf0019db23d02628e7aabd68695d532a74961bafaf871788d0.exe	70
PID 2772 wrote to memory of 4204	2772	7cdcea9fb45bdbbf0019db23d02628e7aabd68695d532a74961bafaf871788d0.exe	70
PID 2772 wrote to memory of 4204	2772	7cdcea9fb45bdbbf0019db23d02628e7aabd68695d532a74961bafaf871788d0.exe	70
PID 2772 wrote to memory of 4204	2772	7cdcea9fb45bdbbf0019db23d02628e7aabd68695d532a74961bafaf871788d0.exe	70
PID 2772 wrote to memory of 4204	2772	7cdcea9fb45bdbbf0019db23d02628e7aabd68695d532a74961bafaf871788d0.exe	70

C:\Users\Admin\AppData\Local\Temp\7cdcea9fb45bdbbf0019db23d02628e7aabd68695d532a74961bafaf871788d0.exe
"C:\Users\Admin\AppData\Local\Temp\7cdcea9fb45bdbbf0019db23d02628e7aabd68695d532a74961bafaf871788d0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2772
- C:\Windows\SysWOW64\appidtel.exe
  C:\Windows\system32\appidtel.exe
  2⤵
  PID:4756
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 616
  2⤵
  - Program crash
  PID:348
- C:\Windows\syswow64\rundll32.exe
  "C:\Windows\syswow64\rundll32.exe" "C:\Windows\syswow64\shell32.dll",#61
  2⤵
  PID:4204
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 588
  2⤵
  - Program crash
  PID:1120

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2772-147-0x00000000025A0000-0x0000000002862000-memory.dmp

Filesize
2.8MB

Download
memory/2772-177-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-118-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-119-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-120-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-121-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-122-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-123-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-124-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-125-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-126-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-127-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-128-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-179-0x0000000000400000-0x00000000006CE000-memory.dmp

Filesize
2.8MB

Download
memory/2772-130-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-131-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-132-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-133-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-134-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-135-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-136-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-137-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-138-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-139-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-141-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-142-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-143-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-144-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-145-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-146-0x0000000002470000-0x0000000002592000-memory.dmp

Filesize
1.1MB

Download
memory/2772-116-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-117-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-129-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-178-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-148-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-176-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-167-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-169-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-175-0x0000000000400000-0x00000000006CE000-memory.dmp

Filesize
2.8MB

Download
memory/2772-171-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-173-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-174-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-172-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-161-0x0000000000400000-0x00000000006CE000-memory.dmp

Filesize
2.8MB

Download
memory/2772-170-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-162-0x00000000025A0000-0x0000000002862000-memory.dmp

Filesize
2.8MB

Download
memory/2772-163-0x0000000000400000-0x00000000006CE000-memory.dmp

Filesize
2.8MB

Download
memory/2772-164-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-165-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-166-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/2772-168-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/4756-154-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/4756-155-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/4756-158-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/4756-160-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/4756-159-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/4756-157-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/4756-156-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/4756-151-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/4756-152-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/4756-153-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/4756-150-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads