Overview

overview

10

Static

static

3

042d64c412...18.exe

windows7-x64

10

042d64c412...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28-04-2024 02:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    042d64c412ec167fbdefabc6432d0859_JaffaCakes118.exe

  • Size

    152KB

  • MD5

    042d64c412ec167fbdefabc6432d0859

  • SHA1

    36c3ecfc7bda59bf71f7a3163addb65b10ca86d8

  • SHA256

    3b3c717f0b6121d8862f4bb0408bd2a225b42829c790d9054b642597bc690f9c

  • SHA512

    bd4593927b2e97df66b70c7b64866d34b3c868959b057cc0e90a99a07ce2442d7b52d817ce060d6a1274af0b3901f91eb3add00c2c710cd5a72c152e462b3954

  • SSDEEP

    1536:e6myQm5x9jSp42U/35fK6q+vMoGMaK9aWLwbOB0QQiz:zn3Wy2w5fK6tvFt9aW+Ozfz

Score
10/10
tinbabankerpersistencetrojan

Malware Config

Signatures

  • Tinba / TinyBanker

    Banking trojan which uses packet sniffing to steal data.

    trojanbankertinba
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Windows\system32\taskhost.exe
    "taskhost.exe"
    1⤵
      PID:1228
    • C:\Windows\system32\Dwm.exe
      "C:\Windows\system32\Dwm.exe"
      1⤵
        PID:1324
      • C:\Windows\Explorer.EXE
        C:\Windows\Explorer.EXE
        1⤵
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:1392
        • C:\Users\Admin\AppData\Local\Temp\042d64c412ec167fbdefabc6432d0859_JaffaCakes118.exe
          "C:\Users\Admin\AppData\Local\Temp\042d64c412ec167fbdefabc6432d0859_JaffaCakes118.exe"
          2⤵
          • Suspicious use of SetThreadContext
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2032
          • C:\Users\Admin\AppData\Local\Temp\042d64c412ec167fbdefabc6432d0859_JaffaCakes118.exe
            "C:\Users\Admin\AppData\Local\Temp\042d64c412ec167fbdefabc6432d0859_JaffaCakes118.exe"
            3⤵
            • Suspicious use of WriteProcessMemory
            PID:2052
            • C:\Windows\SysWOW64\winver.exe
              winver
              4⤵
              • Adds Run key to start application
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of WriteProcessMemory
              PID:2212
      • C:\Windows\system32\DllHost.exe
        C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
        1⤵
          PID:1964

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1228-21-0x0000000000310000-0x0000000000317000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1228-32-0x0000000000310000-0x0000000000317000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1228-33-0x0000000077511000-0x0000000077512000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1324-23-0x0000000000120000-0x0000000000127000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1324-34-0x0000000000120000-0x0000000000127000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1392-35-0x00000000026F0000-0x00000000026F7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1392-7-0x00000000026E0000-0x00000000026E7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1392-4-0x00000000026E0000-0x00000000026E7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1392-3-0x00000000026E0000-0x00000000026E7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1392-14-0x0000000077511000-0x0000000077512000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1392-26-0x00000000026F0000-0x00000000026F7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1964-29-0x0000000000190000-0x0000000000197000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1964-36-0x0000000000190000-0x0000000000197000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1964-37-0x0000000077511000-0x0000000077512000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2052-2-0x0000000000400000-0x0000000000405000-memory.dmp

          Filesize

          20KB

          Download

        • memory/2052-38-0x00000000007E0000-0x00000000011E0000-memory.dmp

          Filesize

          10.0MB

          Download

        • memory/2052-8-0x00000000007E0000-0x00000000011E0000-memory.dmp

          Filesize

          10.0MB

          Download

        • memory/2212-10-0x00000000776C0000-0x00000000776C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2212-12-0x00000000776BF000-0x00000000776C1000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2212-13-0x0000000000210000-0x0000000000211000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2212-11-0x00000000776BF000-0x00000000776C0000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2212-5-0x0000000000140000-0x0000000000147000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2212-15-0x00000000003F0000-0x0000000000406000-memory.dmp

          Filesize

          88KB

          Download

        • memory/2212-9-0x0000000000140000-0x0000000000147000-memory.dmp

          Filesize

          28KB

          Download

        • memory/2212-16-0x0000000000220000-0x0000000000221000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2212-44-0x0000000000140000-0x0000000000147000-memory.dmp

          Filesize

          28KB

          Download