Overview

overview

10

Static

static

10

9ce2af15fe...12.exe

windows7-x64

10

9ce2af15fe...12.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    136s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-05-2024 01:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9ce2af15fe90a8239249407469ca4dbab936c87243e2c7205c1b505794f82412.exe

  • Size

    1.2MB

  • MD5

    b29d2508ff170d49747a0d173635e918

  • SHA1

    09d76d17809922cac31558833efe36438e7b9c54

  • SHA256

    9ce2af15fe90a8239249407469ca4dbab936c87243e2c7205c1b505794f82412

  • SHA512

    9d66ee0e6cfe338d0ecad83a9eb86e4367793801f1a66953ba9fbfeff2bda847eb4e0769bd0b75445909d1ea79142865837ed50741bfaa2476b7370e9a3b1d8b

  • SSDEEP

    24576:zQ5aILMCfmAUjzX6xQt+4En+bcMAOFZ+jJ/1q0GrbcUxnMj0K:E5aIwC+Agr6StVEnmcKWnq0vljt

Score
10/10
kpottrickbotbankerstealertrojan

Malware Config

Signatures

  • KPOT

    KPOT is an information stealer that steals user data and account credentials.

    trojanstealerkpot
  • KPOT Core Executable 1 IoCs
  • Trickbot

    Developed in 2016, TrickBot is one of the more recent banking Trojans.

    trojanbankertrickbot
  • Trickbot x86 loader 1 IoCs

    Detected Trickbot's x86 loader that unpacks the x86 payload.

  • Executes dropped EXE 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\9ce2af15fe90a8239249407469ca4dbab936c87243e2c7205c1b505794f82412.exe
    "C:\Users\Admin\AppData\Local\Temp\9ce2af15fe90a8239249407469ca4dbab936c87243e2c7205c1b505794f82412.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1844
    • C:\Users\Admin\AppData\Roaming\WinSocket\9ce2af16fe90a9239249408479ca4dbab937c98243e2c8206c1b606894f92412.exe
      C:\Users\Admin\AppData\Roaming\WinSocket\9ce2af16fe90a9239249408479ca4dbab937c98243e2c8206c1b606894f92412.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3008
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe
        3⤵
          PID:4608
    • C:\Users\Admin\AppData\Roaming\WinSocket\9ce2af16fe90a9239249408479ca4dbab937c98243e2c8206c1b606894f92412.exe
      C:\Users\Admin\AppData\Roaming\WinSocket\9ce2af16fe90a9239249408479ca4dbab937c98243e2c8206c1b606894f92412.exe
      1⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4540
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe
        2⤵
          PID:3832
      • C:\Users\Admin\AppData\Roaming\WinSocket\9ce2af16fe90a9239249408479ca4dbab937c98243e2c8206c1b606894f92412.exe
        C:\Users\Admin\AppData\Roaming\WinSocket\9ce2af16fe90a9239249408479ca4dbab937c98243e2c8206c1b606894f92412.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3452
        • C:\Windows\system32\svchost.exe
          C:\Windows\system32\svchost.exe
          2⤵
            PID:2300

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\WinSocket\9ce2af16fe90a9239249408479ca4dbab937c98243e2c8206c1b606894f92412.exe
          Filesize

          1.2MB

          MD5

          b29d2508ff170d49747a0d173635e918

          SHA1

          09d76d17809922cac31558833efe36438e7b9c54

          SHA256

          9ce2af15fe90a8239249407469ca4dbab936c87243e2c7205c1b505794f82412

          SHA512

          9d66ee0e6cfe338d0ecad83a9eb86e4367793801f1a66953ba9fbfeff2bda847eb4e0769bd0b75445909d1ea79142865837ed50741bfaa2476b7370e9a3b1d8b

          Download Submit

        • C:\Users\Admin\AppData\Roaming\WinSocket\settings.ini
          Filesize

          18KB

          MD5

          63fc0dfc8f45abaa7b74cae9e0de33e4

          SHA1

          e766ab65a0213f6474ba9776051c7e3c84f041eb

          SHA256

          fe18484c6e8aa182a25da96abfa25d52726422416646528605795a063bc10ae8

          SHA512

          bb2dfc18e31bf23a0aed7862a688655e398bb0c1ac026fc754818f85849ddc4b88a621e5f2981bed4157f56c086dd1d523510dae0d29d10ad011d8a845c98a41

          Download Submit

        • memory/1844-3-0x00000000021B0000-0x00000000021B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1844-4-0x00000000021B0000-0x00000000021B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1844-2-0x00000000021B0000-0x00000000021B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1844-5-0x00000000021B0000-0x00000000021B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1844-7-0x00000000021B0000-0x00000000021B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1844-6-0x00000000021B0000-0x00000000021B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1844-9-0x00000000021B0000-0x00000000021B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1844-10-0x00000000021B0000-0x00000000021B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1844-8-0x00000000021B0000-0x00000000021B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1844-14-0x00000000021B0000-0x00000000021B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1844-13-0x00000000021B0000-0x00000000021B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1844-12-0x00000000021B0000-0x00000000021B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1844-11-0x00000000021B0000-0x00000000021B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1844-15-0x00000000029D0000-0x00000000029F9000-memory.dmp

          Filesize

          164KB

          Download

        • memory/1844-18-0x0000000000400000-0x0000000000472000-memory.dmp

          Filesize

          456KB

          Download

        • memory/1844-17-0x0000000000421000-0x0000000000422000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3008-30-0x0000000002A30000-0x0000000002A31000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3008-35-0x0000000002A30000-0x0000000002A31000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3008-34-0x0000000002A30000-0x0000000002A31000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3008-33-0x0000000002A30000-0x0000000002A31000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3008-32-0x0000000002A30000-0x0000000002A31000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3008-31-0x0000000002A30000-0x0000000002A31000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3008-26-0x0000000002A30000-0x0000000002A31000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3008-29-0x0000000002A30000-0x0000000002A31000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3008-28-0x0000000002A30000-0x0000000002A31000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3008-27-0x0000000002A30000-0x0000000002A31000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3008-37-0x0000000002A30000-0x0000000002A31000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3008-36-0x0000000002A30000-0x0000000002A31000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3008-40-0x0000000000400000-0x0000000000472000-memory.dmp

          Filesize

          456KB

          Download

        • memory/3008-41-0x0000000010000000-0x0000000010007000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3008-53-0x0000000003160000-0x0000000003429000-memory.dmp

          Filesize

          2.8MB

          Download

        • memory/3008-52-0x0000000003060000-0x000000000311E000-memory.dmp

          Filesize

          760KB

          Download

        • memory/4540-61-0x0000000000D30000-0x0000000000D31000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4540-62-0x0000000000D30000-0x0000000000D31000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4540-63-0x0000000000D30000-0x0000000000D31000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4540-64-0x0000000000D30000-0x0000000000D31000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4540-69-0x0000000000D30000-0x0000000000D31000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4540-68-0x0000000000D30000-0x0000000000D31000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4540-67-0x0000000000D30000-0x0000000000D31000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4540-66-0x0000000000D30000-0x0000000000D31000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4540-65-0x0000000000D30000-0x0000000000D31000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4540-58-0x0000000000D30000-0x0000000000D31000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4540-60-0x0000000000D30000-0x0000000000D31000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4540-59-0x0000000000D30000-0x0000000000D31000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4540-72-0x0000000000421000-0x0000000000422000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4540-73-0x0000000000400000-0x0000000000472000-memory.dmp

          Filesize

          456KB

          Download

        • memory/4608-46-0x0000000010000000-0x000000001001E000-memory.dmp

          Filesize

          120KB

          Download

        • memory/4608-51-0x000002C492D30000-0x000002C492D31000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4608-47-0x0000000010000000-0x000000001001E000-memory.dmp

          Filesize

          120KB

          Download