Overview

overview

10

Static

static

3

6c0a8a2b30...18.exe

windows7-x64

10

6c0a8a2b30...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    139s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 19:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6c0a8a2b30b2e35564f83da09a143cf2_JaffaCakes118.exe

  • Size

    504KB

  • MD5

    6c0a8a2b30b2e35564f83da09a143cf2

  • SHA1

    4ce0c5b010bd56c5dcd2bfc76f98ab64bfb70e54

  • SHA256

    d0b9cef00b943a7861cf5bceaadff3ddadb7247e540361543b0279fe3c716e86

  • SHA512

    535f6a39275e5114a2c2b9c97e9614da5a8876f605b461fd5ea7454497bb12b9492f8137dbda431202094d0a3fe56330bf407edfc284cba14d2a16dd2f3e4e78

  • SSDEEP

    6144:lif3ei2lpZqRzZclaOyugXi2w5O2dw0ddLWCYPvw5izPUaBHjw8QUllWy6berHDT:M/L3rcqEBRaCY3iQPUaNU8DnX6a

Score
10/10
trickbotmor126bankertrojan

Malware Config

Extracted

Family

trickbot

Version

2000010

Botnet

mor126

C2

195.123.239.59:443

85.143.219.36:443

94.250.254.84:443

94.250.255.217:443

212.80.219.98:443

91.210.171.82:443

45.8.230.108:443

194.156.98.172:443

195.2.93.227:443

62.108.35.179:443

91.200.101.192:443

194.5.249.31:443

195.123.241.157:443

104.161.32.10:443

88.150.197.186:443

62.108.35.204:443

45.155.173.196:443

51.89.177.18:443

194.5.249.107:443

195.123.241.182:443
Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Signatures

  • Trickbot

    Developed in 2016, TrickBot is one of the more recent banking Trojans.

    trojanbankertrickbot
  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6c0a8a2b30b2e35564f83da09a143cf2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\6c0a8a2b30b2e35564f83da09a143cf2_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2244
    • C:\Windows\system32\wermgr.exe
      C:\Windows\system32\wermgr.exe
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:748
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 632
      2⤵
      • Program crash
      PID:1204
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 176 -p 2244 -ip 2244
    1⤵
      PID:3832

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/748-66-0x000001A0BCC50000-0x000001A0BCC51000-memory.dmp
      Filesize

      4KB

      Download
    • memory/748-68-0x000001A0BC9B0000-0x000001A0BC9D7000-memory.dmp
      Filesize

      156KB

      Download
    • memory/748-67-0x000001A0BC9B0000-0x000001A0BC9D7000-memory.dmp
      Filesize

      156KB

      Download
    • memory/2244-10-0x00000000029C0000-0x00000000029C2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2244-5-0x00000000029C0000-0x00000000029C2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2244-11-0x00000000029C0000-0x00000000029C2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2244-9-0x00000000029C0000-0x00000000029C2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2244-8-0x00000000029C0000-0x00000000029C2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2244-3-0x00000000029C0000-0x00000000029C2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2244-7-0x00000000029C0000-0x00000000029C2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2244-12-0x00000000029C0000-0x00000000029C2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2244-4-0x00000000029C0000-0x00000000029C2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2244-15-0x00000000029C0000-0x00000000029C2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2244-16-0x0000000000432000-0x0000000000433000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2244-17-0x00000000029D0000-0x0000000002A09000-memory.dmp
      Filesize

      228KB

      Download
    • memory/2244-19-0x0000000000400000-0x0000000000481000-memory.dmp
      Filesize

      516KB

      Download
    • memory/2244-13-0x00000000029C0000-0x00000000029C2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2244-14-0x00000000029C0000-0x00000000029C2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2244-6-0x00000000029C0000-0x00000000029C2000-memory.dmp
      Filesize

      8KB

      Download