Overview

overview

10

Static

static

3

be53972da9...95.exe

windows7-x64

10

be53972da9...95.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-03-2024 10:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    be53972da967ed278f4f4685725e3695.exe

  • Size

    364KB

  • MD5

    be53972da967ed278f4f4685725e3695

  • SHA1

    fe5116e4a0b8885611edb33f2bcdf2290701c0d2

  • SHA256

    d633a81a25c74e26acf55254999bed3ce9cc88734f8d7697a4eb678e575ad117

  • SHA512

    cbc8924d995fa8fe50d5b2fedb1aa3cbb6b16ee166721a97528cef153778dee736fa4086196438c1388f2f14df0fc90474f3fa95ec482d368d554d1c318a75b4

  • SSDEEP

    6144:WBOO856a60r+UogID97/IXjBE7SL+MEXxtSbsP6ANz:WBOO3VKID90TBEhx4O6az

Score
10/10
trickbotbankerdavetrojan

Malware Config

Signatures

  • Trickbot

    Developed in 2016, TrickBot is one of the more recent banking Trojans.

    trojanbankertrickbot
  • Dave packer 2 IoCs

    Detects executable using a packer named 'Dave' by the community, based on a string at the end.

    dave
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\be53972da967ed278f4f4685725e3695.exe
    "C:\Users\Admin\AppData\Local\Temp\be53972da967ed278f4f4685725e3695.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4628
    • C:\Windows\system32\wermgr.exe
      C:\Windows\system32\wermgr.exe
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2988

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2988-167-0x00000128C83C0000-0x00000128C83E4000-memory.dmp
    Filesize

    144KB

    Download
  • memory/2988-169-0x00000128C83C0000-0x00000128C83E4000-memory.dmp
    Filesize

    144KB

    Download
  • memory/4628-3-0x0000000000AA0000-0x0000000000AD2000-memory.dmp
    Filesize

    200KB

    Download
  • memory/4628-6-0x0000000000610000-0x0000000000640000-memory.dmp
    Filesize

    192KB

    Download
  • memory/4628-10-0x0000000000B10000-0x0000000000B3F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/4628-9-0x0000000000AE0000-0x0000000000B0E000-memory.dmp
    Filesize

    184KB

    Download
  • memory/4628-8-0x0000000000B10000-0x0000000000B3F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/4628-94-0x0000000000B10000-0x0000000000B3F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/4628-166-0x0000000010000000-0x0000000010003000-memory.dmp
    Filesize

    12KB

    Download
  • memory/4628-165-0x0000000000650000-0x0000000000651000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4628-168-0x0000000010000000-0x0000000010003000-memory.dmp
    Filesize

    12KB

    Download
  • memory/4628-170-0x0000000000B10000-0x0000000000B3F000-memory.dmp
    Filesize

    188KB

    Download