Overview

overview

10

Static

static

cb4dd27d08...60.exe

windows7-x64

10

cb4dd27d08...60.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    570s
  • max time network
    576s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-11-2022 19:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cb4dd27d08d6def2d5e180f2a99dfc510165aa25c431edd229485fe386818c60.exe

  • Size

    760KB

  • MD5

    5e067587dd3c30aeb6098c4ed610b231

  • SHA1

    f44daebb6d0ae3422789bd5a8a15e0ea689a0e43

  • SHA256

    cb4dd27d08d6def2d5e180f2a99dfc510165aa25c431edd229485fe386818c60

  • SHA512

    8171e91bd36a9adc22f5836ede97ebe4f03f545267862c4dd69b492d9b3a2f34a21cd1c7ef3cc3777215d8c0da20119567fb168e7be866fa2d6e03040a4f3d17

  • SSDEEP

    12288:ODoEtDoTDoO9upOnYIhGEiqJ74B5sw/8wUXJwEwSJh:ODLDuDmuYIhGET7PnwS/

Score
10/10
trickbotbankertrojan

Malware Config

Signatures

  • Trickbot

    Developed in 2016, TrickBot is one of the more recent banking Trojans.

    trojanbankertrickbot
  • Trickbot x86 loader 7 IoCs

    Detected Trickbot's x86 loader that unpacks the x86 payload.

  • Executes dropped EXE 2 IoCs
  • Modifies data under HKEY_USERS 40 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cb4dd27d08d6def2d5e180f2a99dfc510165aa25c431edd229485fe386818c60.exe
    "C:\Users\Admin\AppData\Local\Temp\cb4dd27d08d6def2d5e180f2a99dfc510165aa25c431edd229485fe386818c60.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4616
    • C:\Users\Admin\AppData\Roaming\monolib\cb4dd27d08d6def2d5e180f2a99dfc510165aa25c431edd229485fe386818c60.exe
      C:\Users\Admin\AppData\Roaming\monolib\cb4dd27d08d6def2d5e180f2a99dfc510165aa25c431edd229485fe386818c60.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1856
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1720
  • C:\Users\Admin\AppData\Roaming\monolib\cb4dd27d08d6def2d5e180f2a99dfc510165aa25c431edd229485fe386818c60.exe
    C:\Users\Admin\AppData\Roaming\monolib\cb4dd27d08d6def2d5e180f2a99dfc510165aa25c431edd229485fe386818c60.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4508
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      2⤵
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\monolib\cb4dd27d08d6def2d5e180f2a99dfc510165aa25c431edd229485fe386818c60.exe
    Filesize

    760KB

    MD5

    5e067587dd3c30aeb6098c4ed610b231

    SHA1

    f44daebb6d0ae3422789bd5a8a15e0ea689a0e43

    SHA256

    cb4dd27d08d6def2d5e180f2a99dfc510165aa25c431edd229485fe386818c60

    SHA512

    8171e91bd36a9adc22f5836ede97ebe4f03f545267862c4dd69b492d9b3a2f34a21cd1c7ef3cc3777215d8c0da20119567fb168e7be866fa2d6e03040a4f3d17

    Download Submit
  • C:\Users\Admin\AppData\Roaming\monolib\cb4dd27d08d6def2d5e180f2a99dfc510165aa25c431edd229485fe386818c60.exe
    Filesize

    760KB

    MD5

    5e067587dd3c30aeb6098c4ed610b231

    SHA1

    f44daebb6d0ae3422789bd5a8a15e0ea689a0e43

    SHA256

    cb4dd27d08d6def2d5e180f2a99dfc510165aa25c431edd229485fe386818c60

    SHA512

    8171e91bd36a9adc22f5836ede97ebe4f03f545267862c4dd69b492d9b3a2f34a21cd1c7ef3cc3777215d8c0da20119567fb168e7be866fa2d6e03040a4f3d17

    Download Submit
  • C:\Users\Admin\AppData\Roaming\monolib\cb4dd27d08d6def2d5e180f2a99dfc510165aa25c431edd229485fe386818c60.exe
    Filesize

    760KB

    MD5

    5e067587dd3c30aeb6098c4ed610b231

    SHA1

    f44daebb6d0ae3422789bd5a8a15e0ea689a0e43

    SHA256

    cb4dd27d08d6def2d5e180f2a99dfc510165aa25c431edd229485fe386818c60

    SHA512

    8171e91bd36a9adc22f5836ede97ebe4f03f545267862c4dd69b492d9b3a2f34a21cd1c7ef3cc3777215d8c0da20119567fb168e7be866fa2d6e03040a4f3d17

    Download Submit
  • memory/916-165-0x00000277903B0000-0x00000277903D4000-memory.dmp
    Filesize

    144KB

    Download
  • memory/916-163-0x00000277903B0000-0x00000277903D4000-memory.dmp
    Filesize

    144KB

    Download
  • memory/916-161-0x0000000000000000-mapping.dmp
    Download
  • memory/1720-152-0x00000150223B0000-0x00000150223D4000-memory.dmp
    Filesize

    144KB

    Download
  • memory/1720-153-0x00000150223B0000-0x00000150223D4000-memory.dmp
    Filesize

    144KB

    Download
  • memory/1720-149-0x0000000000000000-mapping.dmp
    Download
  • memory/1720-150-0x00000150223B0000-0x00000150223D4000-memory.dmp
    Filesize

    144KB

    Download
  • memory/1856-146-0x0000000002220000-0x0000000002251000-memory.dmp
    Filesize

    196KB

    Download
  • memory/1856-151-0x0000000002220000-0x0000000002251000-memory.dmp
    Filesize

    196KB

    Download
  • memory/1856-148-0x0000000010000000-0x0000000010005000-memory.dmp
    Filesize

    20KB

    Download
  • memory/1856-138-0x0000000000000000-mapping.dmp
    Download
  • memory/4508-160-0x0000000001B70000-0x0000000001BA1000-memory.dmp
    Filesize

    196KB

    Download
  • memory/4508-162-0x0000000010000000-0x0000000010005000-memory.dmp
    Filesize

    20KB

    Download
  • memory/4508-164-0x0000000001B70000-0x0000000001BA1000-memory.dmp
    Filesize

    196KB

    Download
  • memory/4616-147-0x00000000023F0000-0x0000000002421000-memory.dmp
    Filesize

    196KB

    Download
  • memory/4616-135-0x00000000023F0000-0x0000000002421000-memory.dmp
    Filesize

    196KB

    Download
  • memory/4616-137-0x00000000023F0000-0x0000000002421000-memory.dmp
    Filesize

    196KB

    Download