Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

57b388d86c...bd.exe

windows7-x64

10

57b388d86c...bd.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    13/01/2024, 02:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    57b388d86cf9eeac704fc629587c82bd.exe

  • Size

    1.2MB

  • MD5

    57b388d86cf9eeac704fc629587c82bd

  • SHA1

    75b34c11d1efdcc6763a8290880267c59f5e497c

  • SHA256

    0ffddce470010278a1e5545d5c616def34d6c4b21ac1152a11de5aa48792fb77

  • SHA512

    c791c6ce54d2a6d299675c5c3ad58aefd18e7bb89390d7a4997a6a0570e78f6a0fee20c2bf3f9b27c99c1abdc36a0e101238df130d3cce42425d431279c33a9a

  • SSDEEP

    24576:BEXMeW1VIC29ja0qwyajfytMdDRdL8yBuSKj:u8ezrAwatMt7pBq

Score
10/10
danabot4bankertrojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

142.11.244.124:443

142.11.206.50:443
Attributes
  • embedded_hash

    6AD9FE4F9E491E785665E0D144F61DAB

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Danabot Loader Component 12 IoCs
  • Blocklisted process makes network request 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\57b388d86cf9eeac704fc629587c82bd.exe
    "C:\Users\Admin\AppData\Local\Temp\57b388d86cf9eeac704fc629587c82bd.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3028
    • C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\57B388~1.TMP,S C:\Users\Admin\AppData\Local\Temp\57B388~1.EXE
      2⤵
      • Blocklisted process makes network request
      • Loads dropped DLL
      PID:840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\57B388~1.TMP
    Filesize

    315KB

    MD5

    dd276ce2b934c28514664b17ef9644e1

    SHA1

    323a4dd1bebcdd66df330d7db206dedf087280ed

    SHA256

    8350fece393d31c4e5321118cfba81978536ddd2bfdd64e93c4b69e0409ef9ec

    SHA512

    1a47bedc832b431c0482bbbb98d568e2720af4d1dccfc70221e835d7c4bb9d03c3592224458e5affda1d0d1323de66e57e293141906cc2716667ebcd5215cb68

    Download Submit

  • \Users\Admin\AppData\Local\Temp\57B388~1.TMP
    Filesize

    190KB

    MD5

    2b1e891b3911576777d4f2b5693dcef8

    SHA1

    cd97d22d8c066d63a60b913ffc7572622dddd166

    SHA256

    60d525eea3bc08de610eac98df4e8abd9d0362758782aba8bcc95d1d617235bb

    SHA512

    30fae336092cfa5e1008f25ebfb8abeffaa8690daf5f39920847e5ec2e546e7836a0917413229748e35180b83f34771a6d19154c255e5a271699501d125f14ca

    Download Submit

  • memory/840-21-0x0000000000AE0000-0x0000000000C3D000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/840-22-0x0000000000AE0000-0x0000000000C3D000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/840-10-0x0000000000AE0000-0x0000000000C3D000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/840-26-0x0000000000AE0000-0x0000000000C3D000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/840-25-0x0000000000AE0000-0x0000000000C3D000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/840-24-0x0000000000AE0000-0x0000000000C3D000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/840-23-0x0000000000AE0000-0x0000000000C3D000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/840-11-0x0000000000AE0000-0x0000000000C3D000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/840-19-0x0000000000AE0000-0x0000000000C3D000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/840-20-0x0000000000AE0000-0x0000000000C3D000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/3028-7-0x0000000000B70000-0x0000000000C6E000-memory.dmp

    Filesize

    1016KB

    Download

  • memory/3028-0-0x00000000002C0000-0x00000000003A9000-memory.dmp

    Filesize

    932KB

    Download

  • memory/3028-1-0x00000000002C0000-0x00000000003A9000-memory.dmp

    Filesize

    932KB

    Download

  • memory/3028-5-0x0000000000400000-0x00000000009DE000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/3028-6-0x0000000000400000-0x00000000009DE000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/3028-2-0x0000000000B70000-0x0000000000C6E000-memory.dmp

    Filesize

    1016KB

    Download