Overview

overview

10

Static

static

3

0def1a8747...cs.exe

windows7-x64

10

0def1a8747...cs.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    158s
  • max time network
    165s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/06/2024, 21:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0def1a87472f2d3e633407e031256f0fa5df2d550a46db954eb4b67e2fb28349_NeikiAnalytics.exe

  • Size

    89KB

  • MD5

    68566b294db6b1c61436e54f4f6b1280

  • SHA1

    6ca1bae1c02d08f1ac81f756caa82f2688a08beb

  • SHA256

    0def1a87472f2d3e633407e031256f0fa5df2d550a46db954eb4b67e2fb28349

  • SHA512

    9d72a04e57db14e349955abb531350a964a232e97fc77001599b04836a7343af3458988648fcda7df3ee3e475a51d59943e7f52bbfe9f9d1760c02ef8d3ac071

  • SSDEEP

    1536:k9o65gQK3Zm+Mt9RV5O8oQ9cXFunGm6ManhFLnBqHan6owwosTk8vxA:k9o6fK2XqXQwhnHlqQo8Lvy

Score
10/10
tinbabankerpersistencetrojan

Malware Config

Signatures

  • Tinba / TinyBanker

    Banking trojan which uses packet sniffing to steal data.

    trojanbankertinba
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\sihost.exe
    sihost.exe
    1⤵
      PID:2400
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
      1⤵
        PID:2420
      • C:\Windows\system32\taskhostw.exe
        taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
        1⤵
          PID:2632
        • C:\Windows\Explorer.EXE
          C:\Windows\Explorer.EXE
          1⤵
            PID:3360
            • C:\Users\Admin\AppData\Local\Temp\0def1a87472f2d3e633407e031256f0fa5df2d550a46db954eb4b67e2fb28349_NeikiAnalytics.exe
              "C:\Users\Admin\AppData\Local\Temp\0def1a87472f2d3e633407e031256f0fa5df2d550a46db954eb4b67e2fb28349_NeikiAnalytics.exe"
              2⤵
              • Suspicious use of WriteProcessMemory
              PID:1196
              • C:\Windows\SysWOW64\winver.exe
                winver
                3⤵
                • Adds Run key to start application
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of FindShellTrayWindow
                • Suspicious use of WriteProcessMemory
                PID:2788
          • C:\Windows\system32\svchost.exe
            C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
            1⤵
              PID:3540
            • C:\Windows\system32\DllHost.exe
              C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
              1⤵
                PID:3784
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:3892
                • C:\Windows\System32\RuntimeBroker.exe
                  C:\Windows\System32\RuntimeBroker.exe -Embedding
                  1⤵
                  • Suspicious use of AdjustPrivilegeToken
                  PID:4008
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:3112
                  • C:\Windows\System32\RuntimeBroker.exe
                    C:\Windows\System32\RuntimeBroker.exe -Embedding
                    1⤵
                      PID:4188
                    • C:\Windows\System32\RuntimeBroker.exe
                      C:\Windows\System32\RuntimeBroker.exe -Embedding
                      1⤵
                        PID:4592
                      • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
                        "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
                        1⤵
                          PID:3356
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
                          1⤵
                          • Suspicious use of WriteProcessMemory
                          PID:2448
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x260,0x7ff97c662e98,0x7ff97c662ea4,0x7ff97c662eb0
                            2⤵
                              PID:4388
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2280 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:2
                              2⤵
                                PID:2864
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3224 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:3
                                2⤵
                                  PID:3852
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3328 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
                                  2⤵
                                    PID:2940
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --mojo-platform-channel-handle=5260 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:1
                                    2⤵
                                      PID:1716
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=5468 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:1
                                      2⤵
                                        PID:1164
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3852 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
                                        2⤵
                                          PID:1796

                                      Network

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                        Filesize

                                        9KB

                                        MD5

                                        5453b1c8f0cc705a5cfd7860133fb82b

                                        SHA1

                                        cdc7a93ffa1919a0d552c2b39a0570a4e50b56a7

                                        SHA256

                                        4b2ca3bb8086bbca2f9c99b94b5c93c7192020e67a48ba6308279998fa61057b

                                        SHA512

                                        b0833d76eb3cbe8b172e1978b0150f1c56f8a7e345c1a51e561cdfb73224ffb8da94f52e3a7326ce701e7917e23d1242d12f81df22d693e9ae010085971b14ca

                                        Download Submit

                                      • memory/1196-10-0x0000000000400000-0x000000000041D000-memory.dmp

                                        Filesize

                                        116KB

                                        Download

                                      • memory/1196-1-0x00000000023A0000-0x0000000002DA0000-memory.dmp

                                        Filesize

                                        10.0MB

                                        Download

                                      • memory/1196-11-0x00000000023A0000-0x0000000002DA0000-memory.dmp

                                        Filesize

                                        10.0MB

                                        Download

                                      • memory/1196-0-0x0000000000500000-0x0000000000502000-memory.dmp

                                        Filesize

                                        8KB

                                        Download

                                      • memory/2400-21-0x0000000000A90000-0x0000000000A96000-memory.dmp

                                        Filesize

                                        24KB

                                        Download

                                      • memory/2400-12-0x0000000000A90000-0x0000000000A96000-memory.dmp

                                        Filesize

                                        24KB

                                        Download

                                      • memory/2420-13-0x0000000000520000-0x0000000000526000-memory.dmp

                                        Filesize

                                        24KB

                                        Download

                                      • memory/2420-22-0x0000000000520000-0x0000000000526000-memory.dmp

                                        Filesize

                                        24KB

                                        Download

                                      • memory/2632-23-0x0000000000860000-0x0000000000866000-memory.dmp

                                        Filesize

                                        24KB

                                        Download

                                      • memory/2632-14-0x0000000000860000-0x0000000000866000-memory.dmp

                                        Filesize

                                        24KB

                                        Download

                                      • memory/2788-6-0x0000000000CB0000-0x0000000000CB6000-memory.dmp

                                        Filesize

                                        24KB

                                        Download

                                      • memory/2788-7-0x0000000076FF2000-0x0000000076FF3000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/2788-50-0x0000000000CB0000-0x0000000000CB6000-memory.dmp

                                        Filesize

                                        24KB

                                        Download

                                      • memory/3112-27-0x0000000000410000-0x0000000000416000-memory.dmp

                                        Filesize

                                        24KB

                                        Download

                                      • memory/3356-30-0x0000000000C80000-0x0000000000C86000-memory.dmp

                                        Filesize

                                        24KB

                                        Download

                                      • memory/3356-33-0x0000000000C80000-0x0000000000C86000-memory.dmp

                                        Filesize

                                        24KB

                                        Download

                                      • memory/3360-2-0x0000000000D40000-0x0000000000D46000-memory.dmp

                                        Filesize

                                        24KB

                                        Download

                                      • memory/3360-9-0x00007FF9A430D000-0x00007FF9A430E000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/3360-15-0x0000000000D50000-0x0000000000D56000-memory.dmp

                                        Filesize

                                        24KB

                                        Download

                                      • memory/3360-20-0x0000000000D50000-0x0000000000D56000-memory.dmp

                                        Filesize

                                        24KB

                                        Download

                                      • memory/3360-8-0x0000000000D40000-0x0000000000D46000-memory.dmp

                                        Filesize

                                        24KB

                                        Download

                                      • memory/3540-24-0x0000000000090000-0x0000000000096000-memory.dmp

                                        Filesize

                                        24KB

                                        Download

                                      • memory/3540-16-0x0000000000090000-0x0000000000096000-memory.dmp

                                        Filesize

                                        24KB

                                        Download

                                      • memory/3784-17-0x0000000000040000-0x0000000000046000-memory.dmp

                                        Filesize

                                        24KB

                                        Download

                                      • memory/3892-25-0x0000000000F70000-0x0000000000F76000-memory.dmp

                                        Filesize

                                        24KB

                                        Download

                                      • memory/3892-18-0x0000000000F70000-0x0000000000F76000-memory.dmp

                                        Filesize

                                        24KB

                                        Download

                                      • memory/4008-26-0x0000000000AB0000-0x0000000000AB6000-memory.dmp

                                        Filesize

                                        24KB

                                        Download

                                      • memory/4008-19-0x0000000000AB0000-0x0000000000AB6000-memory.dmp

                                        Filesize

                                        24KB

                                        Download

                                      • memory/4188-31-0x00000000005F0000-0x00000000005F6000-memory.dmp

                                        Filesize

                                        24KB

                                        Download

                                      • memory/4188-28-0x00000000005F0000-0x00000000005F6000-memory.dmp

                                        Filesize

                                        24KB

                                        Download

                                      • memory/4592-32-0x0000000000830000-0x0000000000836000-memory.dmp

                                        Filesize

                                        24KB

                                        Download

                                      • memory/4592-29-0x0000000000830000-0x0000000000836000-memory.dmp

                                        Filesize

                                        24KB

                                        Download