Analysis
-
max time kernel
416s -
max time network
420s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
02-11-2022 19:43
Static task
static1
Behavioral task
behavioral1
Sample
cb4dd27d08d6def2d5e180f2a99dfc510165aa25c431edd229485fe386818c60.exe
Resource
win7-20220812-en
windows7-x64
3 signatures
600 seconds
General
-
Target
cb4dd27d08d6def2d5e180f2a99dfc510165aa25c431edd229485fe386818c60.exe
-
Size
760KB
-
MD5
5e067587dd3c30aeb6098c4ed610b231
-
SHA1
f44daebb6d0ae3422789bd5a8a15e0ea689a0e43
-
SHA256
cb4dd27d08d6def2d5e180f2a99dfc510165aa25c431edd229485fe386818c60
-
SHA512
8171e91bd36a9adc22f5836ede97ebe4f03f545267862c4dd69b492d9b3a2f34a21cd1c7ef3cc3777215d8c0da20119567fb168e7be866fa2d6e03040a4f3d17
-
SSDEEP
12288:ODoEtDoTDoO9upOnYIhGEiqJ74B5sw/8wUXJwEwSJh:ODLDuDmuYIhGET7PnwS/
Malware Config
Signatures
-
Trickbot x86 loader 2 IoCs
Detected Trickbot's x86 loader that unpacks the x86 payload.
Processes:
resource yara_rule behavioral1/memory/1388-57-0x00000000005E0000-0x0000000000611000-memory.dmp trickbot_loader32 behavioral1/memory/1388-60-0x00000000005E0000-0x0000000000611000-memory.dmp trickbot_loader32 -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
cb4dd27d08d6def2d5e180f2a99dfc510165aa25c431edd229485fe386818c60.exepid process 1388 cb4dd27d08d6def2d5e180f2a99dfc510165aa25c431edd229485fe386818c60.exe 1388 cb4dd27d08d6def2d5e180f2a99dfc510165aa25c431edd229485fe386818c60.exe