danabot | 4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590

Analysis

max time kernel
278s
max time network
277s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
02-05-2024 05:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe
Size

1.9MB
MD5

426a8ae17ab047f1ce5313bf1f422fc3
SHA1

f8a9a83c4d77b13d08d203997c5df167d0290261
SHA256

4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590
SHA512

080d807d4d9c579cb690413b5d60c1bd6d1aaa27a0195a12d79b3c1eb64e72b1ab9fecf989a0fec0bad0d34bac7e4277bea9cc10254747ada639463042897a19
SSDEEP

49152:9ZHrxCcxEnA8HTeKt8093ysCTKvcXoQQq:r9eAoegIa

Score

10^/10

danabot banker trojan

Malware Config

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Blocklisted process makes network request 55 IoCs

flow	pid	Process
3	2688	rundll32.exe
5	2688	rundll32.exe
6	2688	rundll32.exe
7	2688	rundll32.exe
10	2688	rundll32.exe
11	2688	rundll32.exe
12	2688	rundll32.exe
13	2688	rundll32.exe
14	2688	rundll32.exe
15	2688	rundll32.exe
16	2688	rundll32.exe
17	2688	rundll32.exe
18	2688	rundll32.exe
19	2688	rundll32.exe
20	2688	rundll32.exe
21	2688	rundll32.exe
22	2688	rundll32.exe
23	2688	rundll32.exe
24	2688	rundll32.exe
25	2688	rundll32.exe
26	2688	rundll32.exe
27	2688	rundll32.exe
28	2688	rundll32.exe
29	2688	rundll32.exe
30	2688	rundll32.exe
31	2688	rundll32.exe
32	2688	rundll32.exe
33	2688	rundll32.exe
34	2688	rundll32.exe
35	2688	rundll32.exe
36	2688	rundll32.exe
37	2688	rundll32.exe
38	2688	rundll32.exe
39	2688	rundll32.exe
40	2688	rundll32.exe
41	2688	rundll32.exe
42	2688	rundll32.exe
43	2688	rundll32.exe
44	2688	rundll32.exe
45	2688	rundll32.exe
46	2688	rundll32.exe
47	2688	rundll32.exe
48	2688	rundll32.exe
49	2688	rundll32.exe
50	2688	rundll32.exe
51	2688	rundll32.exe
52	2688	rundll32.exe
53	2688	rundll32.exe
54	2688	rundll32.exe
55	2688	rundll32.exe
56	2688	rundll32.exe
57	2688	rundll32.exe
58	2688	rundll32.exe
59	2688	rundll32.exe
60	2688	rundll32.exe

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 2688	2280	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	28
PID 2280 wrote to memory of 2688	2280	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	28
PID 2280 wrote to memory of 2688	2280	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	28
PID 2280 wrote to memory of 2688	2280	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	28
PID 2280 wrote to memory of 2688	2280	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	28
PID 2280 wrote to memory of 2688	2280	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	28
PID 2280 wrote to memory of 2688	2280	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	28
PID 2280 wrote to memory of 2688	2280	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	28
PID 2280 wrote to memory of 2688	2280	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	28
PID 2280 wrote to memory of 2688	2280	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	28
PID 2280 wrote to memory of 2688	2280	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	28
PID 2280 wrote to memory of 2688	2280	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	28
PID 2280 wrote to memory of 2688	2280	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	28
PID 2280 wrote to memory of 2688	2280	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	28
PID 2280 wrote to memory of 2688	2280	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	28
PID 2280 wrote to memory of 2688	2280	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	28
PID 2280 wrote to memory of 2688	2280	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	28
PID 2280 wrote to memory of 2688	2280	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	28
PID 2280 wrote to memory of 2688	2280	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	28
PID 2280 wrote to memory of 2688	2280	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	28
PID 2280 wrote to memory of 2688	2280	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	28
PID 2280 wrote to memory of 2688	2280	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	28
PID 2280 wrote to memory of 2688	2280	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	28
PID 2280 wrote to memory of 2688	2280	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	28

C:\Users\Admin\AppData\Local\Temp\4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe
"C:\Users\Admin\AppData\Local\Temp\4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Windows\syswow64\rundll32.exe
  "C:\Windows\syswow64\rundll32.exe" "C:\Windows\syswow64\shell32.dll",#61
  2⤵
  - Blocklisted process makes network request
  PID:2688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2280-0-0x0000000000700000-0x0000000000855000-memory.dmp

Filesize
1.3MB

Download
memory/2280-12-0x0000000000700000-0x0000000000855000-memory.dmp

Filesize
1.3MB

Download
memory/2280-13-0x000000007792F000-0x0000000077930000-memory.dmp

Filesize
4KB

Download
memory/2688-14-0x00000000001D0000-0x00000000001D2000-memory.dmp

Filesize
8KB

Download
memory/2688-16-0x00000000001D0000-0x00000000001D2000-memory.dmp

Filesize
8KB

Download
memory/2688-41-0x0000000077920000-0x0000000077921000-memory.dmp

Filesize
4KB

Download
memory/2688-40-0x0000000000080000-0x0000000000082000-memory.dmp

Filesize
8KB

Download
memory/2688-42-0x0000000000150000-0x0000000000152000-memory.dmp

Filesize
8KB

Download
memory/2688-43-0x00000000753B0000-0x00000000753B1000-memory.dmp

Filesize
4KB

Download
memory/2688-49-0x0000000075390000-0x0000000075490000-memory.dmp

Filesize
1024KB

Download
memory/2688-48-0x0000000075390000-0x0000000075490000-memory.dmp

Filesize
1024KB

Download
memory/2688-47-0x0000000075390000-0x0000000075490000-memory.dmp

Filesize
1024KB

Download
memory/2688-46-0x0000000075390000-0x0000000075490000-memory.dmp

Filesize
1024KB

Download
memory/2688-45-0x0000000075390000-0x0000000075490000-memory.dmp

Filesize
1024KB

Download
memory/2688-44-0x0000000075390000-0x0000000075490000-memory.dmp

Filesize
1024KB

Download
memory/2688-50-0x0000000000150000-0x0000000000152000-memory.dmp

Filesize
8KB

Download
memory/2688-51-0x0000000000150000-0x0000000000152000-memory.dmp

Filesize
8KB

Download
memory/2688-52-0x0000000075390000-0x0000000075490000-memory.dmp

Filesize
1024KB

Download
memory/2688-56-0x0000000075390000-0x0000000075490000-memory.dmp

Filesize
1024KB

Download
memory/2688-55-0x0000000075390000-0x0000000075490000-memory.dmp

Filesize
1024KB

Download
memory/2688-54-0x0000000075390000-0x0000000075490000-memory.dmp

Filesize
1024KB

Download
memory/2688-53-0x0000000075390000-0x0000000075490000-memory.dmp

Filesize
1024KB

Download
memory/2688-57-0x0000000000150000-0x0000000000152000-memory.dmp

Filesize
8KB

Download
memory/2688-58-0x0000000000150000-0x0000000000152000-memory.dmp

Filesize
8KB

Download
memory/2688-59-0x0000000000150000-0x0000000000152000-memory.dmp

Filesize
8KB

Download
memory/2688-60-0x0000000000150000-0x0000000000152000-memory.dmp

Filesize
8KB

Download
memory/2688-61-0x0000000000150000-0x0000000000152000-memory.dmp

Filesize
8KB

Download
memory/2688-62-0x0000000000150000-0x0000000000152000-memory.dmp

Filesize
8KB

Download
memory/2688-63-0x0000000000150000-0x0000000000152000-memory.dmp

Filesize
8KB

Download
memory/2688-64-0x0000000000150000-0x0000000000152000-memory.dmp

Filesize
8KB

Download
memory/2688-65-0x0000000000150000-0x0000000000152000-memory.dmp

Filesize
8KB

Download
memory/2688-66-0x0000000000150000-0x0000000000152000-memory.dmp

Filesize
8KB

Download
memory/2688-67-0x0000000000150000-0x0000000000152000-memory.dmp

Filesize
8KB

Download
memory/2688-68-0x0000000000150000-0x0000000000152000-memory.dmp

Filesize
8KB

Download
memory/2688-69-0x0000000000150000-0x0000000000152000-memory.dmp

Filesize
8KB

Download
memory/2688-70-0x0000000000150000-0x0000000000152000-memory.dmp

Filesize
8KB

Download
memory/2688-71-0x0000000000150000-0x0000000000152000-memory.dmp

Filesize
8KB

Download
memory/2688-72-0x0000000000150000-0x0000000000152000-memory.dmp

Filesize
8KB

Download
memory/2688-73-0x0000000000150000-0x0000000000152000-memory.dmp

Filesize
8KB

Download
memory/2688-74-0x0000000000150000-0x0000000000152000-memory.dmp

Filesize
8KB

Download
memory/2688-75-0x0000000000150000-0x0000000000152000-memory.dmp

Filesize
8KB

Download
memory/2688-76-0x0000000000150000-0x0000000000152000-memory.dmp

Filesize
8KB

Download
memory/2688-77-0x0000000000150000-0x0000000000152000-memory.dmp

Filesize
8KB

Download
memory/2688-78-0x0000000000150000-0x0000000000152000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads