Resubmissions

28-12-2022 22:24

221228-2bvfdsbg78 10

19-12-2022 21:10

221219-z1afeabc4y 10

Analysis

  • max time kernel
    31s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    19-12-2022 21:10

General

  • Target

    zmoperes.ri.exe

  • Size

    313KB

  • MD5

    104b457b6d90fc80ff2dbbcebbb7ca8b

  • SHA1

    7842611837af04d7c986de21ab2454ed397014de

  • SHA256

    1c81272ffc28b29a82d8313bd74d1c6030c2af1ba4b165c44dc8ea6376679d9f

  • SHA512

    504b6d45d0dbafadbefbc30d137ecf399a79bbfefe11418e5defec4f9b6ee66d170ecc12c5e9bd76511403d357d071e71d56f57e2587e558c3a91b3a0ef21df0

  • SSDEEP

    6144:cqzfvclHbmBwuKj6BkT4GvEH5sLLJ6vd4p:cqzHWHbmQGBkT46689I

Score
10/10

Malware Config

Signatures

  • Trickbot

    Developed in 2016, TrickBot is one of the more recent banking Trojans.

  • Trickbot x86 loader 1 IoCs

    Detected Trickbot's x86 loader that unpacks the x86 payload.

Processes

  • C:\Users\Admin\AppData\Local\Temp\zmoperes.ri.exe
    "C:\Users\Admin\AppData\Local\Temp\zmoperes.ri.exe"
    1⤵
      PID:1764

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1764-54-0x0000000010000000-0x0000000010040000-memory.dmp

      Filesize

      256KB