Overview

overview

10

Static

static

3

0f3bfe4158...18.exe

windows7-x64

10

0f3bfe4158...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-05-2024 00:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0f3bfe4158fd34f60c0b23c50e6fb9ea_JaffaCakes118.exe

  • Size

    364KB

  • MD5

    0f3bfe4158fd34f60c0b23c50e6fb9ea

  • SHA1

    df9502fe331705e01e39a1eeaec2ed4310639987

  • SHA256

    c720e51fc25cb71d74d769450640f2514ac022d7bba8c0f13cba42689ee21a01

  • SHA512

    9d205b309cb3618fb8a7d446c2c9b33e44dc131be61e76d190bd5640cb3b23fd72a14649f57533d1e15de1ceef0315c6a799b7cf412a2addf5bb8ad056cd9524

  • SSDEEP

    6144:WBOO856a60r+UogID97/IXjBE7SL+MEXxtSbsP6ANs:WBOO3VKID90TBEhx4O6as

Score
10/10
trickbotbankerdavetrojan

Malware Config

Signatures

  • Trickbot

    Developed in 2016, TrickBot is one of the more recent banking Trojans.

    trojanbankertrickbot
  • Dave packer 2 IoCs

    Detects executable using a packer named 'Dave' by the community, based on a string at the end.

    dave
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0f3bfe4158fd34f60c0b23c50e6fb9ea_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0f3bfe4158fd34f60c0b23c50e6fb9ea_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3176
    • C:\Windows\system32\wermgr.exe
      C:\Windows\system32\wermgr.exe
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1228
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4136 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:4888

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1228-121-0x0000013A892C0000-0x0000013A892E4000-memory.dmp
      Filesize

      144KB

      Download
    • memory/1228-123-0x0000013A892C0000-0x0000013A892E4000-memory.dmp
      Filesize

      144KB

      Download
    • memory/3176-3-0x0000000002110000-0x0000000002142000-memory.dmp
      Filesize

      200KB

      Download
    • memory/3176-7-0x0000000002280000-0x00000000022AF000-memory.dmp
      Filesize

      188KB

      Download
    • memory/3176-9-0x0000000002250000-0x000000000227E000-memory.dmp
      Filesize

      184KB

      Download
    • memory/3176-8-0x00000000005F0000-0x0000000000620000-memory.dmp
      Filesize

      192KB

      Download
    • memory/3176-10-0x0000000002280000-0x00000000022AF000-memory.dmp
      Filesize

      188KB

      Download
    • memory/3176-96-0x0000000002280000-0x00000000022AF000-memory.dmp
      Filesize

      188KB

      Download
    • memory/3176-119-0x0000000000500000-0x0000000000501000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3176-120-0x0000000010000000-0x0000000010003000-memory.dmp
      Filesize

      12KB

      Download
    • memory/3176-122-0x0000000002280000-0x00000000022AF000-memory.dmp
      Filesize

      188KB

      Download