Analysis
-
max time kernel
141s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
30-12-2023 00:14
Static task
static1
Behavioral task
behavioral1
Sample
082e530d5eca92e8ad49c1b8487c05aa.exe
Resource
win7-20231129-en
General
-
Target
082e530d5eca92e8ad49c1b8487c05aa.exe
-
Size
1.1MB
-
MD5
082e530d5eca92e8ad49c1b8487c05aa
-
SHA1
89edd59fab8bc491df3da839edf3f718caa439c7
-
SHA256
8cff81b24f92676593f4f654e3158e9ea0f41238222be749393434af8fa1eff4
-
SHA512
7dc936ab5bb67c1b5222f684a42571effd17205fd9e39017ea41fff8907a33df08bbad3755d9e29bc58783e4d5563550fa64473515db0da1e7018007d006e9f5
-
SSDEEP
24576:C/O45NET5YsT2Kg7ltHvfSRauFPjNUhBtExc0dDUkQ:gS5Ysy7l5CauFmhBtExc0DUkQ
Malware Config
Extracted
danabot
4
193.34.167.138:443
142.11.206.50:443
142.11.244.124:443
-
embedded_hash
6AD9FE4F9E491E785665E0D144F61DAB
-
type
loader
Signatures
-
Danabot Loader Component 12 IoCs
Processes:
resource yara_rule behavioral1/memory/2084-8-0x00000000020A0000-0x00000000021FD000-memory.dmp DanabotLoader2021 behavioral1/files/0x00090000000155ed-7.dat DanabotLoader2021 behavioral1/files/0x00090000000155ed-6.dat DanabotLoader2021 behavioral1/memory/2084-11-0x00000000020A0000-0x00000000021FD000-memory.dmp DanabotLoader2021 behavioral1/memory/2084-19-0x00000000020A0000-0x00000000021FD000-memory.dmp DanabotLoader2021 behavioral1/memory/2084-20-0x00000000020A0000-0x00000000021FD000-memory.dmp DanabotLoader2021 behavioral1/memory/2084-21-0x00000000020A0000-0x00000000021FD000-memory.dmp DanabotLoader2021 behavioral1/memory/2084-22-0x00000000020A0000-0x00000000021FD000-memory.dmp DanabotLoader2021 behavioral1/memory/2084-23-0x00000000020A0000-0x00000000021FD000-memory.dmp DanabotLoader2021 behavioral1/memory/2084-24-0x00000000020A0000-0x00000000021FD000-memory.dmp DanabotLoader2021 behavioral1/memory/2084-25-0x00000000020A0000-0x00000000021FD000-memory.dmp DanabotLoader2021 behavioral1/memory/2084-26-0x00000000020A0000-0x00000000021FD000-memory.dmp DanabotLoader2021 -
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid Process 2 2084 rundll32.exe -
Loads dropped DLL 1 IoCs
Processes:
rundll32.exepid Process 2084 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
082e530d5eca92e8ad49c1b8487c05aa.exedescription pid Process procid_target PID 2240 wrote to memory of 2084 2240 082e530d5eca92e8ad49c1b8487c05aa.exe 27 PID 2240 wrote to memory of 2084 2240 082e530d5eca92e8ad49c1b8487c05aa.exe 27 PID 2240 wrote to memory of 2084 2240 082e530d5eca92e8ad49c1b8487c05aa.exe 27 PID 2240 wrote to memory of 2084 2240 082e530d5eca92e8ad49c1b8487c05aa.exe 27 PID 2240 wrote to memory of 2084 2240 082e530d5eca92e8ad49c1b8487c05aa.exe 27 PID 2240 wrote to memory of 2084 2240 082e530d5eca92e8ad49c1b8487c05aa.exe 27 PID 2240 wrote to memory of 2084 2240 082e530d5eca92e8ad49c1b8487c05aa.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\082e530d5eca92e8ad49c1b8487c05aa.exe"C:\Users\Admin\AppData\Local\Temp\082e530d5eca92e8ad49c1b8487c05aa.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2240 -
C:\Windows\SysWOW64\rundll32.exeC:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\082E53~1.TMP,S C:\Users\Admin\AppData\Local\Temp\082E53~1.EXE2⤵
- Blocklisted process makes network request
- Loads dropped DLL
PID:2084
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD5d26c5104f57c49f70594282fcfefa20b
SHA1eeb9703df6cbd9cfc69162dd619ff1af4544c16d
SHA256b2c4ace01d8d1d83819c14c3b2d24f2b873c57e4e0e7a0d8688c982ebfefaf1e
SHA51266f5429a8a034bea111f9ebe947a86efd3a182d63e2b402e256ed8f5c9b9c73ab5e575159f494e256f5672372456cb0c4893e69f400b836bf9e88c945ee99bc6
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e