danabot | 4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590

Analysis

max time kernel
299s
max time network
305s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
02/05/2024, 05:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe
Size

1.9MB
MD5

426a8ae17ab047f1ce5313bf1f422fc3
SHA1

f8a9a83c4d77b13d08d203997c5df167d0290261
SHA256

4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590
SHA512

080d807d4d9c579cb690413b5d60c1bd6d1aaa27a0195a12d79b3c1eb64e72b1ab9fecf989a0fec0bad0d34bac7e4277bea9cc10254747ada639463042897a19
SSDEEP

49152:9ZHrxCcxEnA8HTeKt8093ysCTKvcXoQQq:r9eAoegIa

Score

10^/10

danabot banker trojan

Malware Config

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Blocklisted process makes network request 61 IoCs

flow	pid	Process
1	4616	rundll32.exe
2	4616	rundll32.exe
4	4616	rundll32.exe
5	4616	rundll32.exe
6	4616	rundll32.exe
8	4616	rundll32.exe
9	4616	rundll32.exe
10	4616	rundll32.exe
11	4616	rundll32.exe
12	4616	rundll32.exe
13	4616	rundll32.exe
14	4616	rundll32.exe
15	4616	rundll32.exe
16	4616	rundll32.exe
20	4616	rundll32.exe
21	4616	rundll32.exe
22	4616	rundll32.exe
23	4616	rundll32.exe
24	4616	rundll32.exe
25	4616	rundll32.exe
26	4616	rundll32.exe
27	4616	rundll32.exe
28	4616	rundll32.exe
29	4616	rundll32.exe
30	4616	rundll32.exe
31	4616	rundll32.exe
40	4616	rundll32.exe
41	4616	rundll32.exe
42	4616	rundll32.exe
43	4616	rundll32.exe
44	4616	rundll32.exe
45	4616	rundll32.exe
46	4616	rundll32.exe
47	4616	rundll32.exe
48	4616	rundll32.exe
49	4616	rundll32.exe
50	4616	rundll32.exe
51	4616	rundll32.exe
55	4616	rundll32.exe
56	4616	rundll32.exe
57	4616	rundll32.exe
58	4616	rundll32.exe
59	4616	rundll32.exe
60	4616	rundll32.exe
61	4616	rundll32.exe
62	4616	rundll32.exe
63	4616	rundll32.exe
64	4616	rundll32.exe
65	4616	rundll32.exe
66	4616	rundll32.exe
67	4616	rundll32.exe
68	4616	rundll32.exe
69	4616	rundll32.exe
70	4616	rundll32.exe
71	4616	rundll32.exe
72	4616	rundll32.exe
73	4616	rundll32.exe
74	4616	rundll32.exe
75	4616	rundll32.exe
76	4616	rundll32.exe
77	4616	rundll32.exe

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 4024 wrote to memory of 4616	4024	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	73
PID 4024 wrote to memory of 4616	4024	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	73
PID 4024 wrote to memory of 4616	4024	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	73
PID 4024 wrote to memory of 4616	4024	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	73
PID 4024 wrote to memory of 4616	4024	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	73
PID 4024 wrote to memory of 4616	4024	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	73
PID 4024 wrote to memory of 4616	4024	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	73
PID 4024 wrote to memory of 4616	4024	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	73
PID 4024 wrote to memory of 4616	4024	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	73
PID 4024 wrote to memory of 4616	4024	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	73
PID 4024 wrote to memory of 4616	4024	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	73
PID 4024 wrote to memory of 4616	4024	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	73
PID 4024 wrote to memory of 4616	4024	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	73
PID 4024 wrote to memory of 4616	4024	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	73
PID 4024 wrote to memory of 4616	4024	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	73
PID 4024 wrote to memory of 4616	4024	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	73
PID 4024 wrote to memory of 4616	4024	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	73
PID 4024 wrote to memory of 4616	4024	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	73
PID 4024 wrote to memory of 4616	4024	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	73
PID 4024 wrote to memory of 4616	4024	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	73
PID 4024 wrote to memory of 4616	4024	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	73
PID 4024 wrote to memory of 4616	4024	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	73
PID 4024 wrote to memory of 4616	4024	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	73
PID 4024 wrote to memory of 4616	4024	4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe	73

C:\Users\Admin\AppData\Local\Temp\4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe
"C:\Users\Admin\AppData\Local\Temp\4f0925a84a5c9624ef8f734239ee56188ba9341d48dc0f07db902e59743a4590.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4024
- C:\Windows\syswow64\rundll32.exe
  "C:\Windows\syswow64\rundll32.exe" "C:\Windows\syswow64\shell32.dll",#61
  2⤵
  - Blocklisted process makes network request
  PID:4616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4024-1-0x0000000000880000-0x00000000009D5000-memory.dmp

Filesize
1.3MB

Download
memory/4024-12-0x0000000000880000-0x00000000009D5000-memory.dmp

Filesize
1.3MB

Download
memory/4024-13-0x0000000077032000-0x0000000077033000-memory.dmp

Filesize
4KB

Download
memory/4616-16-0x0000000074473000-0x0000000074474000-memory.dmp

Filesize
4KB

Download
memory/4616-15-0x0000000077034000-0x0000000077035000-memory.dmp

Filesize
4KB

Download
memory/4616-14-0x0000000002F30000-0x0000000002F33000-memory.dmp

Filesize
12KB

Download
memory/4616-17-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-18-0x0000000074440000-0x000000007457C000-memory.dmp

Filesize
1.2MB

Download
memory/4616-19-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-20-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-21-0x0000000074473000-0x0000000074474000-memory.dmp

Filesize
4KB

Download
memory/4616-22-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-23-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-24-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-25-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-26-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-27-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-28-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-29-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-30-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-31-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-32-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-33-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-34-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-35-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-36-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-37-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-38-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-39-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-40-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-41-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-42-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-43-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-44-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-45-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-46-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-47-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-48-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-49-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-50-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-51-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-52-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-53-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-54-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-55-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-56-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-57-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-58-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-59-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-60-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-61-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-62-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-63-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-64-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-65-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-66-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-67-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-68-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download
memory/4616-69-0x0000000002FE0000-0x0000000002FE3000-memory.dmp

Filesize
12KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads