Overview

overview

10

Static

static

3

10a335e064...78.dll

windows7-x64

10

10a335e064...78.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-12-2023 20:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    10a335e06446a4213bb6d196319d0778.dll

  • Size

    544KB

  • MD5

    10a335e06446a4213bb6d196319d0778

  • SHA1

    d93af883ef0f05846bb06d3a8c2c2adabcf8c2eb

  • SHA256

    0d1ccd4c1a0c23b458aaf3fcff7b2722fb3a5f63c81d34698653891355880713

  • SHA512

    6a42e83f5b7af48a67dfe7fa2a49d0fe1b2c04a389edd16db145fdba55a65a0e3d4b04bea0b5838543f705edf10fe0093c03c7defefef3c0a066da58f636c24c

  • SSDEEP

    6144:6nhWubOStZ6AbgmgwLp3gUhWeGt7OPc/woVPHma1MXohuPATdTpNSTrbkYW412ph:6nTltgBNwxgUXE/DGaXhu45pI3rep

Score
10/10
trickbotrob109bankertrojan

Malware Config

Extracted

Family

trickbot

Version

100018

Botnet

rob109

C2

38.110.103.124:443

185.56.76.28:443

204.138.26.60:443

60.51.47.65:443

74.85.157.139:443

68.69.26.182:443

38.110.103.136:443

38.110.103.18:443

138.34.28.219:443

185.56.76.94:443

217.115.240.248:443

24.162.214.166:443

80.15.2.105:443

154.58.23.192:443

38.110.100.104:443

45.36.99.184:443

185.56.76.108:443

185.56.76.72:443

138.34.28.35:443

97.83.40.67:443
Attributes
  • autorun
    Name:pwgrabb
    Name:pwgrabc
ecc_pubkey.base64

Signatures

  • Trickbot

    Developed in 2016, TrickBot is one of the more recent banking Trojans.

    trojanbankertrickbot
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\10a335e06446a4213bb6d196319d0778.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2188
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\10a335e06446a4213bb6d196319d0778.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:5020
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe
        3⤵
          PID:4696
        • C:\Windows\system32\wermgr.exe
          C:\Windows\system32\wermgr.exe
          3⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:1840

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1840-14-0x000001A911BB0000-0x000001A911BB1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1840-21-0x000001A911910000-0x000001A911938000-memory.dmp
      Filesize

      160KB

      Download
    • memory/1840-15-0x000001A911910000-0x000001A911938000-memory.dmp
      Filesize

      160KB

      Download
    • memory/5020-13-0x00000000026E0000-0x00000000026E3000-memory.dmp
      Filesize

      12KB

      Download
    • memory/5020-11-0x0000000002A60000-0x0000000002AA4000-memory.dmp
      Filesize

      272KB

      Download
    • memory/5020-12-0x0000000002980000-0x0000000002981000-memory.dmp
      Filesize

      4KB

      Download
    • memory/5020-0-0x00000000029A0000-0x00000000029DB000-memory.dmp
      Filesize

      236KB

      Download
    • memory/5020-8-0x0000000002A20000-0x0000000002A57000-memory.dmp
      Filesize

      220KB

      Download
    • memory/5020-5-0x00000000029E0000-0x0000000002A19000-memory.dmp
      Filesize

      228KB

      Download
    • memory/5020-16-0x0000000002640000-0x0000000002653000-memory.dmp
      Filesize

      76KB

      Download
    • memory/5020-17-0x0000000002A60000-0x0000000002AA4000-memory.dmp
      Filesize

      272KB

      Download
    • memory/5020-19-0x00000000026E0000-0x00000000026E3000-memory.dmp
      Filesize

      12KB

      Download
    • memory/5020-3-0x0000000002690000-0x00000000026C8000-memory.dmp
      Filesize

      224KB

      Download