Analysis
-
max time kernel
163s -
max time network
185s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
29-12-2023 23:15
Static task
static1
Behavioral task
behavioral1
Sample
06a6e6cbb43ff9e121bcf5895b399f33.exe
Resource
win7-20231129-en
General
-
Target
06a6e6cbb43ff9e121bcf5895b399f33.exe
-
Size
1.0MB
-
MD5
06a6e6cbb43ff9e121bcf5895b399f33
-
SHA1
87705c6d5d903c00d176f12dc3bf672379e2c232
-
SHA256
b97c821707e93e8e535dc3661098e792d55d493a5edbd3f59bfd559c34d7822d
-
SHA512
45aa27c23f6497777410a2b5e0064bd38c703f36c8930c36b57a7dcd35d5ddb2aaa3f273bb1615261a5d71869c0718b42466e79b44db3d5df8a7c384019e1dc8
-
SSDEEP
24576:18CRHmAGaXRh0sZ20347PYOHEf2P4iV4uoOAbiy:pBmAXfDMDP4ihRAbiy
Malware Config
Extracted
danabot
4
23.229.29.48:443
5.9.224.204:443
192.210.222.81:443
-
embedded_hash
0E1A7A1479C37094441FA911262B322A
-
type
loader
Signatures
-
Danabot Loader Component 2 IoCs
Processes:
resource yara_rule behavioral2/files/0x000800000001e7ea-18.dat DanabotLoader2021 behavioral2/memory/972-21-0x0000000000400000-0x0000000000560000-memory.dmp DanabotLoader2021 -
Loads dropped DLL 1 IoCs
Processes:
rundll32.exepid Process 972 rundll32.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target Process procid_target 636 3904 WerFault.exe 87 -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
06a6e6cbb43ff9e121bcf5895b399f33.exedescription pid Process procid_target PID 3904 wrote to memory of 972 3904 06a6e6cbb43ff9e121bcf5895b399f33.exe 106 PID 3904 wrote to memory of 972 3904 06a6e6cbb43ff9e121bcf5895b399f33.exe 106 PID 3904 wrote to memory of 972 3904 06a6e6cbb43ff9e121bcf5895b399f33.exe 106
Processes
-
C:\Users\Admin\AppData\Local\Temp\06a6e6cbb43ff9e121bcf5895b399f33.exe"C:\Users\Admin\AppData\Local\Temp\06a6e6cbb43ff9e121bcf5895b399f33.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3904 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 4442⤵
- Program crash
PID:636
-
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\06A6E6~1.DLL,s C:\Users\Admin\AppData\Local\Temp\06A6E6~1.EXE2⤵
- Loads dropped DLL
PID:972
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 3904 -ip 39041⤵PID:3720
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD5791091edf98de7d34af0980105b6b27c
SHA1fef082e454745a269d0712943ec2659ca8cc4d8d
SHA256069dfef3ec5e51fc1eac1b423ad829b045734063161a51e69b4b0d7f9ad9c7de
SHA512b36997bb57058b45a57e2bd70b09723604ea607c91da42772a5a2f7163dba44594b04942881f8b4be8f7d8b8dbc2f6d5994c1d46b55b077321f8ded0bdb38507