Overview

overview

10

Static

static

10

b2a9480f8f...cb.exe

windows7-x64

10

b2a9480f8f...cb.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    136s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-05-2024 02:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b2a9480f8f1f1c943e61edff78428bf13761ae9b442eb516de5a228d3c0232cb.exe

  • Size

    1.1MB

  • MD5

    0b09f7f9f53069928390292e6bd9e895

  • SHA1

    8721a2bc14854db97efb153a2b94c3f3427cef50

  • SHA256

    b2a9480f8f1f1c943e61edff78428bf13761ae9b442eb516de5a228d3c0232cb

  • SHA512

    d35abfe5ab1d95534134739afff3fc6bdc36a35833ead92083b6da8649bee460b705dd131dc661b92878a6898f9f4673c78d0cf343e18c4798b7b12cc9a531be

  • SSDEEP

    24576:zQ5aILMCfmAUjzX6xQt+4En+bcMHI+rMUx+N43XVZpFyI:E5aIwC+Agr6StVEnmcI+2zTyI

Score
10/10
kpottrickbotbankerstealertrojan

Malware Config

Signatures

  • KPOT

    KPOT is an information stealer that steals user data and account credentials.

    trojanstealerkpot
  • KPOT Core Executable 1 IoCs
  • Trickbot

    Developed in 2016, TrickBot is one of the more recent banking Trojans.

    trojanbankertrickbot
  • Trickbot x86 loader 1 IoCs

    Detected Trickbot's x86 loader that unpacks the x86 payload.

  • Executes dropped EXE 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\b2a9480f8f1f1c943e61edff78428bf13761ae9b442eb516de5a228d3c0232cb.exe
    "C:\Users\Admin\AppData\Local\Temp\b2a9480f8f1f1c943e61edff78428bf13761ae9b442eb516de5a228d3c0232cb.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3524
    • C:\Users\Admin\AppData\Roaming\WinSocket\b2a9490f9f1f1c943e71edff89429bf13871ae9b442eb617de6a229d3c0232cb.exe
      C:\Users\Admin\AppData\Roaming\WinSocket\b2a9490f9f1f1c943e71edff89429bf13871ae9b442eb617de6a229d3c0232cb.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1596
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe
        3⤵
          PID:1684
    • C:\Users\Admin\AppData\Roaming\WinSocket\b2a9490f9f1f1c943e71edff89429bf13871ae9b442eb617de6a229d3c0232cb.exe
      C:\Users\Admin\AppData\Roaming\WinSocket\b2a9490f9f1f1c943e71edff89429bf13871ae9b442eb617de6a229d3c0232cb.exe
      1⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2144
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe
        2⤵
          PID:4992
      • C:\Users\Admin\AppData\Roaming\WinSocket\b2a9490f9f1f1c943e71edff89429bf13871ae9b442eb617de6a229d3c0232cb.exe
        C:\Users\Admin\AppData\Roaming\WinSocket\b2a9490f9f1f1c943e71edff89429bf13871ae9b442eb617de6a229d3c0232cb.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2368
        • C:\Windows\system32\svchost.exe
          C:\Windows\system32\svchost.exe
          2⤵
            PID:2628

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\WinSocket\b2a9490f9f1f1c943e71edff89429bf13871ae9b442eb617de6a229d3c0232cb.exe
          Filesize

          1.1MB

          MD5

          0b09f7f9f53069928390292e6bd9e895

          SHA1

          8721a2bc14854db97efb153a2b94c3f3427cef50

          SHA256

          b2a9480f8f1f1c943e61edff78428bf13761ae9b442eb516de5a228d3c0232cb

          SHA512

          d35abfe5ab1d95534134739afff3fc6bdc36a35833ead92083b6da8649bee460b705dd131dc661b92878a6898f9f4673c78d0cf343e18c4798b7b12cc9a531be

          Download Submit

        • C:\Users\Admin\AppData\Roaming\WinSocket\settings.ini
          Filesize

          11KB

          MD5

          ddd67322d5fb9fa63ded29ff420b9e59

          SHA1

          f434047718cc87516bde36b5ea1a9f567e957e89

          SHA256

          68493281f137f78f7c5d96b1b8a1b00deb40b1167e8d935bb4634b26d65bdcda

          SHA512

          e664c23521004c7d34d8800e6c4483dac5486380d73cd3cefa92d1642e3e2cd08fa8e325941e1f85b1ee7c3e509ee9de712d181bbdddbd378728036e350d7a93

          Download Submit

        • memory/1596-35-0x0000000002030000-0x0000000002031000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1596-36-0x0000000002030000-0x0000000002031000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1596-29-0x0000000002030000-0x0000000002031000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1596-30-0x0000000002030000-0x0000000002031000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1596-31-0x0000000002030000-0x0000000002031000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1596-32-0x0000000002030000-0x0000000002031000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1596-33-0x0000000002030000-0x0000000002031000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1596-34-0x0000000002030000-0x0000000002031000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1596-40-0x0000000000400000-0x0000000000472000-memory.dmp

          Filesize

          456KB

          Download

        • memory/1596-41-0x0000000010000000-0x0000000010007000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1596-37-0x0000000002030000-0x0000000002031000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1596-53-0x0000000003190000-0x0000000003459000-memory.dmp

          Filesize

          2.8MB

          Download

        • memory/1596-52-0x0000000003090000-0x000000000314E000-memory.dmp

          Filesize

          760KB

          Download

        • memory/1596-27-0x0000000002030000-0x0000000002031000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1596-26-0x0000000002030000-0x0000000002031000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1596-28-0x0000000002030000-0x0000000002031000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1684-51-0x000001D633590000-0x000001D633591000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1684-46-0x0000000010000000-0x000000001001E000-memory.dmp

          Filesize

          120KB

          Download

        • memory/2144-68-0x0000000000CC0000-0x0000000000CC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2144-62-0x0000000000CC0000-0x0000000000CC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2144-72-0x0000000000421000-0x0000000000422000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2144-73-0x0000000000400000-0x0000000000472000-memory.dmp

          Filesize

          456KB

          Download

        • memory/2144-58-0x0000000000CC0000-0x0000000000CC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2144-59-0x0000000000CC0000-0x0000000000CC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2144-60-0x0000000000CC0000-0x0000000000CC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2144-61-0x0000000000CC0000-0x0000000000CC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2144-63-0x0000000000CC0000-0x0000000000CC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2144-64-0x0000000000CC0000-0x0000000000CC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2144-65-0x0000000000CC0000-0x0000000000CC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2144-66-0x0000000000CC0000-0x0000000000CC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2144-67-0x0000000000CC0000-0x0000000000CC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2144-69-0x0000000000CC0000-0x0000000000CC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3524-7-0x0000000002250000-0x0000000002251000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3524-10-0x0000000002250000-0x0000000002251000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3524-2-0x0000000002250000-0x0000000002251000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3524-5-0x0000000002250000-0x0000000002251000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3524-8-0x0000000002250000-0x0000000002251000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3524-3-0x0000000002250000-0x0000000002251000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3524-6-0x0000000002250000-0x0000000002251000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3524-15-0x0000000002270000-0x0000000002299000-memory.dmp

          Filesize

          164KB

          Download

        • memory/3524-4-0x0000000002250000-0x0000000002251000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3524-18-0x0000000000400000-0x0000000000472000-memory.dmp

          Filesize

          456KB

          Download

        • memory/3524-17-0x0000000000421000-0x0000000000422000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3524-14-0x0000000002250000-0x0000000002251000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3524-13-0x0000000002250000-0x0000000002251000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3524-12-0x0000000002250000-0x0000000002251000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3524-11-0x0000000002250000-0x0000000002251000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3524-9-0x0000000002250000-0x0000000002251000-memory.dmp

          Filesize

          4KB

          Download