Overview

overview

10

Static

static

3

7703c905f0...dc.exe

windows7-x64

10

7703c905f0...dc.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/01/2024, 09:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7703c905f00266749a8ced98ea6375dc.exe

  • Size

    1024KB

  • MD5

    7703c905f00266749a8ced98ea6375dc

  • SHA1

    7167c29af21ad5f0908a88040b802b4fbff6f9fc

  • SHA256

    f1020137e1e780389440658750de8b68e4820533182da2795146c947cceff87f

  • SHA512

    3e5a58ff00dbb6371d59428458e5a71c1210d73e37abec3fa1a42378400e8622e0db78425e42e082613621158459e636efb637036df9e1911c3bf0b9432bca5f

  • SSDEEP

    1536:kKMxrpM6t6n4+DLGgh3aOe5idSQmwzqnwqjhurmKFct:ve64+XGEKFRxwGjAqGct

Score
10/10
tinbabankerpersistencetrojan

Malware Config

Signatures

  • Tinba / TinyBanker

    Banking trojan which uses packet sniffing to steal data.

    trojanbankertinba
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1268
      • C:\Users\Admin\AppData\Local\Temp\7703c905f00266749a8ced98ea6375dc.exe
        "C:\Users\Admin\AppData\Local\Temp\7703c905f00266749a8ced98ea6375dc.exe"
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:2256
        • C:\Windows\SysWOW64\winver.exe
          winver
          3⤵
          • Adds Run key to start application
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of WriteProcessMemory
          PID:2856
    • C:\Windows\system32\Dwm.exe
      "C:\Windows\system32\Dwm.exe"
      1⤵
        PID:1232
      • C:\Windows\system32\taskhost.exe
        "taskhost.exe"
        1⤵
          PID:1124

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1124-23-0x0000000001C40000-0x0000000001C46000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1124-24-0x0000000077081000-0x0000000077082000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1232-20-0x0000000000120000-0x0000000000126000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1232-25-0x0000000000120000-0x0000000000126000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1268-5-0x0000000002B40000-0x0000000002B46000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1268-1-0x0000000002B40000-0x0000000002B46000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1268-9-0x0000000077081000-0x0000000077082000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1268-3-0x0000000002B40000-0x0000000002B46000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1268-26-0x0000000002AF0000-0x0000000002AF6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1268-22-0x0000000002AF0000-0x0000000002AF6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2256-0-0x0000000000020000-0x0000000000021000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2256-2-0x0000000001CC0000-0x00000000026C0000-memory.dmp

          Filesize

          10.0MB

          Download

        • memory/2256-11-0x0000000000400000-0x000000000041A000-memory.dmp

          Filesize

          104KB

          Download

        • memory/2256-12-0x0000000001CC0000-0x00000000026C0000-memory.dmp

          Filesize

          10.0MB

          Download

        • memory/2856-7-0x000000007722F000-0x0000000077231000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2856-15-0x0000000000180000-0x0000000000181000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2856-14-0x0000000000140000-0x0000000000146000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2856-10-0x0000000000D40000-0x0000000000D56000-memory.dmp

          Filesize

          88KB

          Download

        • memory/2856-6-0x000000007722F000-0x0000000077230000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2856-8-0x0000000077230000-0x0000000077231000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2856-4-0x0000000000140000-0x0000000000146000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2856-30-0x0000000000140000-0x0000000000146000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2856-31-0x0000000000190000-0x0000000000191000-memory.dmp

          Filesize

          4KB

          Download