trickbot | 4dcf3e4514b45649473e5ddd5a4e7ceec5c1f5d81e85a765fdc6cc84034cc300

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17-06-2024 18:25

Target

b96352c111e1ec8035e7e5c1df2e0b5f_JaffaCakes118.exe
Size

448KB
MD5

b96352c111e1ec8035e7e5c1df2e0b5f
SHA1

82f1a9bdfbfb20af92af9f637368fb9a27f8083b
SHA256

4dcf3e4514b45649473e5ddd5a4e7ceec5c1f5d81e85a765fdc6cc84034cc300
SHA512

51f09069a58d52c92b4470b82ed5869685b98daca2f54ceabd7bc495ddc4954ec97b08269f8ee360da6704782a80155978ecf4892288e6a81d71e3615bdebae3
SSDEEP

12288:QboBb/W9ANGBAFb5i0P6HfewKQLYg0yCx3:4xBAiAHwfz2

Score

10^/10

Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
trojan banker trickbot

Dave packer 2 IoCs

Detects executable using a packer named 'Dave' by the community, based on a string at the end.

resource	yara_rule
behavioral2/memory/4828-9-0x00000000021B0000-0x00000000021E0000-memory.dmp	dave
behavioral2/memory/4828-3-0x0000000002210000-0x0000000002242000-memory.dmp	dave

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4828	b96352c111e1ec8035e7e5c1df2e0b5f_JaffaCakes118.exe
4828	b96352c111e1ec8035e7e5c1df2e0b5f_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\b96352c111e1ec8035e7e5c1df2e0b5f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b96352c111e1ec8035e7e5c1df2e0b5f_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4828

memory/4828-11-0x0000000002280000-0x00000000022AF000-memory.dmp

Filesize
188KB

Download
memory/4828-10-0x0000000002250000-0x000000000227E000-memory.dmp

Filesize
184KB

Download
memory/4828-9-0x00000000021B0000-0x00000000021E0000-memory.dmp

Filesize
192KB

Download
memory/4828-7-0x0000000002280000-0x00000000022AF000-memory.dmp

Filesize
188KB

Download
memory/4828-3-0x0000000002210000-0x0000000002242000-memory.dmp

Filesize
200KB

Download