Analysis
-
max time kernel
27s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
20-12-2022 19:37
General
-
Target
dc/gpuhealth/syrecrt.exe
-
Size
636KB
-
MD5
49718c5d4fa5792aad0397190ffbbb49
-
SHA1
9f5c0dd44498575be961e494c53e2de3c27b701a
-
SHA256
2de0320f9a93943e2b0564b760cdbfa13bd90b70cef3c59aadd132c3d24c2de0
-
SHA512
8aec434749b54ca0b9ea80b5d34efa6bc718b7831e6510667fdfbf69e7eabea5dc4ee747bcd2da8b5917489b8f493be22d748e5d16d723793a3727a32066390c
-
SSDEEP
6144:FsD8AG8D0dYIeyIJqteVmdVYk9Lx9WjVLDVElBik2RSRmf/XPXtPiMN7vTBAHn9:WPP0drYqMmdVdpx9qylokuSRmf/XwMtc
Score
10/10
Malware Config
Signatures
-
Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
-
Trickbot x86 loader 3 IoCs
Detected Trickbot's x86 loader that unpacks the x86 payload.
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\dc\gpuhealth\syrecrt.exe"C:\Users\Admin\AppData\Local\Temp\dc\gpuhealth\syrecrt.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1952-60-0x0000000000000000-mapping.dmp
-
memory/1952-62-0x0000000000060000-0x0000000000082000-memory.dmpFilesize
136KB
-
memory/2008-57-0x00000000003B0000-0x00000000003E1000-memory.dmpFilesize
196KB
-
memory/2008-58-0x0000000076931000-0x0000000076933000-memory.dmpFilesize
8KB
-
memory/2008-59-0x00000000003B0000-0x00000000003E1000-memory.dmpFilesize
196KB
-
memory/2008-61-0x00000000003B0000-0x00000000003E1000-memory.dmpFilesize
196KB