Overview

overview

10

Static

static

10

19a0210c2f...37.exe

windows7-x64

10

19a0210c2f...37.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    136s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-05-2024 19:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    19a0210c2ffe67ff8156dd3b2d7009dcc7df10c9fb5087a1fca89cbd883e9537.exe

  • Size

    1.4MB

  • MD5

    53eb29f92fe9a89832da0be4b3dc52ed

  • SHA1

    3170c4c2f8658fea9ffdfd0b449f1a833464a6e1

  • SHA256

    19a0210c2ffe67ff8156dd3b2d7009dcc7df10c9fb5087a1fca89cbd883e9537

  • SHA512

    39236803ca6245d4416d0cf51e269b0d12d4286bd1df3f0ce696ff78e07f6b583092201584b201abdec01d9b7f749c0b846fd825a39c7449385c91c8a3c18c5a

  • SSDEEP

    24576:zQ5aILMCfmAUjzX677WOMcT/X2dI7T2FAoUcUOp6doF5ES/ojE2:E5aIwC+Agr6tdlmU1/eoo2

Score
10/10
kpottrickbotbankerstealertrojan

Malware Config

Signatures

  • KPOT

    KPOT is an information stealer that steals user data and account credentials.

    trojanstealerkpot
  • KPOT Core Executable 1 IoCs
  • Trickbot

    Developed in 2016, TrickBot is one of the more recent banking Trojans.

    trojanbankertrickbot
  • Trickbot x86 loader 1 IoCs

    Detected Trickbot's x86 loader that unpacks the x86 payload.

  • Executes dropped EXE 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\19a0210c2ffe67ff8156dd3b2d7009dcc7df10c9fb5087a1fca89cbd883e9537.exe
    "C:\Users\Admin\AppData\Local\Temp\19a0210c2ffe67ff8156dd3b2d7009dcc7df10c9fb5087a1fca89cbd883e9537.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3760
    • C:\Users\Admin\AppData\Roaming\WinSocket\19a0210c2ffe78ff9167dd3b2d8009dcc8df10c9fb6098a1fca99cbd993e9638.exe
      C:\Users\Admin\AppData\Roaming\WinSocket\19a0210c2ffe78ff9167dd3b2d8009dcc8df10c9fb6098a1fca99cbd993e9638.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3972
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe
        3⤵
          PID:916
    • C:\Users\Admin\AppData\Roaming\WinSocket\19a0210c2ffe78ff9167dd3b2d8009dcc8df10c9fb6098a1fca99cbd993e9638.exe
      C:\Users\Admin\AppData\Roaming\WinSocket\19a0210c2ffe78ff9167dd3b2d8009dcc8df10c9fb6098a1fca99cbd993e9638.exe
      1⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3948
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe
        2⤵
          PID:632
      • C:\Users\Admin\AppData\Roaming\WinSocket\19a0210c2ffe78ff9167dd3b2d8009dcc8df10c9fb6098a1fca99cbd993e9638.exe
        C:\Users\Admin\AppData\Roaming\WinSocket\19a0210c2ffe78ff9167dd3b2d8009dcc8df10c9fb6098a1fca99cbd993e9638.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4180
        • C:\Windows\system32\svchost.exe
          C:\Windows\system32\svchost.exe
          2⤵
            PID:2144

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\WinSocket\19a0210c2ffe78ff9167dd3b2d8009dcc8df10c9fb6098a1fca99cbd993e9638.exe
          Filesize

          1.4MB

          MD5

          53eb29f92fe9a89832da0be4b3dc52ed

          SHA1

          3170c4c2f8658fea9ffdfd0b449f1a833464a6e1

          SHA256

          19a0210c2ffe67ff8156dd3b2d7009dcc7df10c9fb5087a1fca89cbd883e9537

          SHA512

          39236803ca6245d4416d0cf51e269b0d12d4286bd1df3f0ce696ff78e07f6b583092201584b201abdec01d9b7f749c0b846fd825a39c7449385c91c8a3c18c5a

          Download Submit

        • C:\Users\Admin\AppData\Roaming\WinSocket\settings.ini
          Filesize

          29KB

          MD5

          e69c167f9ab83aa47154c686ca93966e

          SHA1

          81c26a46fe3da05db0b3f6ce9e12de6fd29ecea9

          SHA256

          f3dbcaacf34f6c6596117ef6c466c79d7e19ebb2e86852576a2242ac97882f3d

          SHA512

          8f7d2020d24521f60b5293f6ae4bd89b3803173644ada55c2cbe464ea9350b9f8e0b88f39dd1d97845b10be811f42ffde84b6935b12f4f06979cd8e6bb14061c

          Download Submit

        • memory/916-46-0x0000000010000000-0x000000001001E000-memory.dmp

          Filesize

          120KB

          Download

        • memory/916-51-0x000001FCE7D10000-0x000001FCE7D11000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3760-4-0x00000000021E0000-0x00000000021E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3760-3-0x00000000021E0000-0x00000000021E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3760-8-0x00000000021E0000-0x00000000021E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3760-7-0x00000000021E0000-0x00000000021E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3760-6-0x00000000021E0000-0x00000000021E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3760-5-0x00000000021E0000-0x00000000021E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3760-10-0x00000000021E0000-0x00000000021E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3760-9-0x00000000021E0000-0x00000000021E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3760-2-0x00000000021E0000-0x00000000021E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3760-15-0x00000000023A0000-0x00000000023C9000-memory.dmp

          Filesize

          164KB

          Download

        • memory/3760-17-0x0000000000421000-0x0000000000422000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3760-18-0x0000000000400000-0x0000000000472000-memory.dmp

          Filesize

          456KB

          Download

        • memory/3760-11-0x00000000021E0000-0x00000000021E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3760-12-0x00000000021E0000-0x00000000021E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3760-14-0x00000000021E0000-0x00000000021E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3760-13-0x00000000021E0000-0x00000000021E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3948-69-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3948-62-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3948-73-0x0000000000400000-0x0000000000472000-memory.dmp

          Filesize

          456KB

          Download

        • memory/3948-72-0x0000000000421000-0x0000000000422000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3948-58-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3948-59-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3948-60-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3948-61-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3948-63-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3948-64-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3948-65-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3948-67-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3948-68-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3948-66-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3972-40-0x0000000000400000-0x0000000000472000-memory.dmp

          Filesize

          456KB

          Download

        • memory/3972-28-0x00000000021C0000-0x00000000021C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3972-37-0x00000000021C0000-0x00000000021C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3972-26-0x00000000021C0000-0x00000000021C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3972-27-0x00000000021C0000-0x00000000021C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3972-35-0x00000000021C0000-0x00000000021C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3972-53-0x00000000031B0000-0x0000000003479000-memory.dmp

          Filesize

          2.8MB

          Download

        • memory/3972-34-0x00000000021C0000-0x00000000021C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3972-52-0x00000000030F0000-0x00000000031AE000-memory.dmp

          Filesize

          760KB

          Download

        • memory/3972-29-0x00000000021C0000-0x00000000021C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3972-41-0x0000000010000000-0x0000000010007000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3972-30-0x00000000021C0000-0x00000000021C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3972-31-0x00000000021C0000-0x00000000021C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3972-32-0x00000000021C0000-0x00000000021C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3972-33-0x00000000021C0000-0x00000000021C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3972-36-0x00000000021C0000-0x00000000021C1000-memory.dmp

          Filesize

          4KB

          Download