Overview

overview

10

Static

static

cursor.exe

windows7-x64

10

cursor.exe

windows10-2004-x64

10

Resubmissions

23-01-2023 07:09

230123-hysersea2z 10

12-11-2022 11:10

221112-m9nm6sab3x 10

Analysis

  • max time kernel
    137s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-11-2022 11:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cursor.exe

  • Size

    492KB

  • MD5

    bd54d40e9eb98623a5436cad1a39d22e

  • SHA1

    d92403c32398a5eefb087da3dc81820fc65fae4b

  • SHA256

    4e76d73f3b303e481036ada80c2eeba8db2f306cbc9323748560843c80b2fed1

  • SHA512

    20db406038601acd3903e8bbad25ce2d943631d8e30ca052effd1943a6b1bca808c57f5f0c39e39141f6a2d54ae491a72d5598b420527e320117b97dc7069f13

  • SSDEEP

    12288:IsE7cgZpZw2de9t8jy3NoGgLGl+EeSg9IBao:FE7cgZXBde9sQwGmg1

Score
10/10
trickbotbankertrojan

Malware Config

Signatures

  • Trickbot

    Developed in 2016, TrickBot is one of the more recent banking Trojans.

    trojanbankertrickbot
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cursor.exe
    "C:\Users\Admin\AppData\Local\Temp\cursor.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4804
    • C:\Windows\system32\wermgr.exe
      C:\Windows\system32\wermgr.exe
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4768-133-0x0000000000000000-mapping.dmp
    Download
  • memory/4768-136-0x0000024866540000-0x0000024866560000-memory.dmp
    Filesize

    128KB

    Download
  • memory/4768-137-0x0000024866540000-0x0000024866560000-memory.dmp
    Filesize

    128KB

    Download
  • memory/4804-132-0x0000000002230000-0x000000000225E000-memory.dmp
    Filesize

    184KB

    Download
  • memory/4804-134-0x0000000000660000-0x000000000068D000-memory.dmp
    Filesize

    180KB

    Download
  • memory/4804-135-0x0000000002231000-0x000000000225E000-memory.dmp
    Filesize

    180KB

    Download