Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

48ed9a8d6f...cs.exe

windows7-x64

10

48ed9a8d6f...cs.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    25/06/2024, 08:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    48ed9a8d6fa0f5105b0206a147327d99c982990318c67aa81ff6d6c023781102_NeikiAnalytics.exe

  • Size

    160KB

  • MD5

    7a11953147c0fff75e8ad17305aac800

  • SHA1

    15f6a177758689264cd855f3e6e6282f2dcd98f3

  • SHA256

    48ed9a8d6fa0f5105b0206a147327d99c982990318c67aa81ff6d6c023781102

  • SHA512

    44814a60ac26f10e0bf3743fd32de9f06e6917ddadd643ff4470abd1382de50aa648dd311b0b5a896ba28aa83206725f65e14647ff75f9cf874cc8409ba4a1a3

  • SSDEEP

    1536:WH1k7kZccmK9OM1q6wY/6nBRiOW+bUciXDyeAvX0J7M6QG9wIa42U6q:WYM3ERQoem9G9wltu

Score
10/10
tinbabankerpersistencetrojan

Malware Config

Signatures

  • Tinba / TinyBanker

    Banking trojan which uses packet sniffing to steal data.

    trojanbankertinba
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\Dwm.exe
    "C:\Windows\system32\Dwm.exe"
    1⤵
      PID:1044
    • C:\Windows\Explorer.EXE
      C:\Windows\Explorer.EXE
      1⤵
        PID:1068
        • C:\Users\Admin\AppData\Local\Temp\48ed9a8d6fa0f5105b0206a147327d99c982990318c67aa81ff6d6c023781102_NeikiAnalytics.exe
          "C:\Users\Admin\AppData\Local\Temp\48ed9a8d6fa0f5105b0206a147327d99c982990318c67aa81ff6d6c023781102_NeikiAnalytics.exe"
          2⤵
          • Suspicious use of UnmapMainImage
          • Suspicious use of WriteProcessMemory
          PID:2924
          • C:\Windows\SysWOW64\winver.exe
            winver
            3⤵
            • Adds Run key to start application
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of WriteProcessMemory
            PID:3012
      • C:\Windows\system32\taskhost.exe
        "taskhost.exe"
        1⤵
          PID:1116
        • C:\Windows\system32\DllHost.exe
          C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
          1⤵
            PID:2296

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1044-33-0x0000000000130000-0x0000000000137000-memory.dmp

            Filesize

            28KB

            Download

          • memory/1044-19-0x0000000000130000-0x0000000000137000-memory.dmp

            Filesize

            28KB

            Download

          • memory/1044-30-0x0000000076E81000-0x0000000076E82000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1068-22-0x0000000003170000-0x0000000003177000-memory.dmp

            Filesize

            28KB

            Download

          • memory/1068-4-0x00000000030E0000-0x00000000030E7000-memory.dmp

            Filesize

            28KB

            Download

          • memory/1068-31-0x0000000003170000-0x0000000003177000-memory.dmp

            Filesize

            28KB

            Download

          • memory/1068-8-0x00000000030E0000-0x00000000030E7000-memory.dmp

            Filesize

            28KB

            Download

          • memory/1068-5-0x00000000030E0000-0x00000000030E7000-memory.dmp

            Filesize

            28KB

            Download

          • memory/1068-15-0x0000000076E81000-0x0000000076E82000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1116-24-0x0000000000410000-0x0000000000417000-memory.dmp

            Filesize

            28KB

            Download

          • memory/1116-32-0x0000000000410000-0x0000000000417000-memory.dmp

            Filesize

            28KB

            Download

          • memory/2296-34-0x0000000000140000-0x0000000000147000-memory.dmp

            Filesize

            28KB

            Download

          • memory/2296-27-0x0000000000140000-0x0000000000147000-memory.dmp

            Filesize

            28KB

            Download

          • memory/2296-35-0x0000000076E81000-0x0000000076E82000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2924-0-0x0000000000400000-0x000000000046F000-memory.dmp

            Filesize

            444KB

            Download

          • memory/2924-1-0x0000000000410000-0x0000000000413000-memory.dmp

            Filesize

            12KB

            Download

          • memory/2924-2-0x0000000000400000-0x0000000000405000-memory.dmp

            Filesize

            20KB

            Download

          • memory/2924-3-0x0000000000230000-0x0000000000232000-memory.dmp

            Filesize

            8KB

            Download

          • memory/2924-36-0x0000000001F10000-0x0000000002910000-memory.dmp

            Filesize

            10.0MB

            Download

          • memory/2924-9-0x0000000001F10000-0x0000000002910000-memory.dmp

            Filesize

            10.0MB

            Download

          • memory/2924-29-0x0000000000400000-0x0000000000404A00-memory.dmp

            Filesize

            18KB

            Download

          • memory/3012-14-0x00000000001E0000-0x00000000001E1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3012-6-0x00000000001A0000-0x00000000001A7000-memory.dmp

            Filesize

            28KB

            Download

          • memory/3012-10-0x00000000001A0000-0x00000000001A7000-memory.dmp

            Filesize

            28KB

            Download

          • memory/3012-11-0x0000000077030000-0x0000000077031000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3012-12-0x000000007702F000-0x0000000077030000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3012-13-0x000000007702F000-0x0000000077031000-memory.dmp

            Filesize

            8KB

            Download

          • memory/3012-16-0x0000000076E30000-0x0000000076FD9000-memory.dmp

            Filesize

            1.7MB

            Download

          • memory/3012-42-0x00000000001A0000-0x00000000001A7000-memory.dmp

            Filesize

            28KB

            Download