Overview

overview

10

Static

static

7

337d48261d...c2.exe

windows7-x64

10

337d48261d...c2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    21-06-2024 10:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    337d48261da1a0b48edd2c66991d1ac2.exe

  • Size

    6.1MB

  • MD5

    337d48261da1a0b48edd2c66991d1ac2

  • SHA1

    b04bef931efdc0ff889d84461ad97dac48fee4fc

  • SHA256

    5225d9f8fde5e11240a7035a6988b7ee3ffca419eea8ca473e845ba0502bad3b

  • SHA512

    aeb55d66a63fc57c04644c8ff33fe640ebe4ed9245677b653c2319bd1d94de86e3623d742591301f0ba712614dd1ac42a6a238360c94b36f56e981d4821ed59a

  • SSDEEP

    196608:rKppFEfoHJbI9Q0mOOZJYi3SGilZfjadonLE:rK7FtbIfQD9MfGdonL

Score
10/10
danabotbankerdiscoveryspywarestealertrojanupx

Malware Config

Extracted

Family

danabot

Attributes
  • type

    loader

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 15 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\337d48261da1a0b48edd2c66991d1ac2.exe
    "C:\Users\Admin\AppData\Local\Temp\337d48261da1a0b48edd2c66991d1ac2.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2072
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\shell32.dll",#61 C:\Users\Admin\AppData\Local\Temp\337d48261da1a0b48edd2c66991d1ac2.exe
      2⤵
      • Checks processor information in registry
      • Suspicious use of FindShellTrayWindow
      PID:1696

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1696-28-0x0000000003410000-0x0000000003D74000-memory.dmp

    Filesize

    9.4MB

    Download

  • memory/1696-41-0x0000000003410000-0x0000000003D74000-memory.dmp

    Filesize

    9.4MB

    Download

  • memory/1696-32-0x0000000003410000-0x0000000003D74000-memory.dmp

    Filesize

    9.4MB

    Download

  • memory/1696-34-0x0000000003410000-0x0000000003D74000-memory.dmp

    Filesize

    9.4MB

    Download

  • memory/1696-36-0x0000000003410000-0x0000000003D74000-memory.dmp

    Filesize

    9.4MB

    Download

  • memory/1696-23-0x00000000773B0000-0x00000000773B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1696-24-0x0000000003D80000-0x0000000003EC0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/1696-25-0x0000000003D80000-0x0000000003EC0000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/1696-26-0x0000000003410000-0x0000000003D74000-memory.dmp

    Filesize

    9.4MB

    Download

  • memory/1696-18-0x0000000000B70000-0x00000000014C0000-memory.dmp

    Filesize

    9.3MB

    Download

  • memory/1696-27-0x0000000000B70000-0x00000000014C0000-memory.dmp

    Filesize

    9.3MB

    Download

  • memory/1696-29-0x0000000003410000-0x0000000003D74000-memory.dmp

    Filesize

    9.4MB

    Download

  • memory/2072-30-0x0000000077251000-0x0000000077252000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2072-11-0x00000000773F0000-0x00000000773F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2072-13-0x0000000003D50000-0x0000000003E90000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2072-31-0x0000000077200000-0x00000000773A9000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2072-0-0x0000000000400000-0x0000000001741000-memory.dmp

    Filesize

    19.3MB

    Download

  • memory/2072-14-0x0000000004280000-0x0000000004BE4000-memory.dmp

    Filesize

    9.4MB

    Download

  • memory/2072-15-0x0000000077400000-0x0000000077401000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2072-22-0x0000000000400000-0x0000000001741000-memory.dmp

    Filesize

    19.3MB

    Download

  • memory/2072-17-0x0000000003D50000-0x0000000003E90000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2072-16-0x0000000003D50000-0x0000000003E90000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2072-10-0x0000000003D50000-0x0000000003E90000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2072-12-0x0000000003D50000-0x0000000003E90000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2072-9-0x0000000003D50000-0x0000000003E90000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2072-8-0x00000000773E0000-0x00000000773E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2072-7-0x0000000003D50000-0x0000000003E90000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2072-6-0x0000000003D50000-0x0000000003E90000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2072-5-0x00000000773B0000-0x00000000773B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2072-3-0x0000000063080000-0x0000000063301000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2072-4-0x000000006E400000-0x000000006E49E000-memory.dmp

    Filesize

    632KB

    Download

  • memory/2072-2-0x0000000000400000-0x0000000001741000-memory.dmp

    Filesize

    19.3MB

    Download

  • memory/2072-37-0x0000000004280000-0x0000000004BE4000-memory.dmp

    Filesize

    9.4MB

    Download

  • memory/2072-38-0x0000000077200000-0x00000000773A9000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2072-1-0x0000000004280000-0x0000000004BE4000-memory.dmp

    Filesize

    9.4MB

    Download