Analysis
-
max time kernel
148s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
28-06-2024 09:26
General
-
Target
90dba29fcade78275c78d0471d85eaf0cf546f0b001379445191b59ada9914d6_NeikiAnalytics.exe
-
Size
237KB
-
MD5
d2c7e9d1a2266dfdc26c1fb1df6a87b0
-
SHA1
428c172082a1b386eb86719968b4fcb45e65b9a6
-
SHA256
90dba29fcade78275c78d0471d85eaf0cf546f0b001379445191b59ada9914d6
-
SHA512
3f3ac284090bc6fb30bc655a84797f2bc758de87357708f0864627d45cb54f55288cac564d633a3b936f8acca9829a46e653bbc340f19a61c3993130de9a6846
-
SSDEEP
6144:IA2P27yTAnKGw0hjFhSR/W1nyAJ9v0pMtRCpYQ:IATuTAnKGwUAWVycQqgj
Score
10/10
Malware Config
Signatures
-
Tinba / TinyBanker
Banking trojan which uses packet sniffing to steal data.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 61 IoCs
-
Suspicious use of FindShellTrayWindow 3 IoCs
-
Suspicious use of SendNotifyMessage 2 IoCs
-
Suspicious use of WriteProcessMemory 10 IoCs
Processes
-
C:\Windows\system32\taskhost.exe"taskhost.exe"1⤵
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Users\Admin\AppData\Local\Temp\90dba29fcade78275c78d0471d85eaf0cf546f0b001379445191b59ada9914d6_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\90dba29fcade78275c78d0471d85eaf0cf546f0b001379445191b59ada9914d6_NeikiAnalytics.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\winver.exewinver3⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1288-9-0x0000000002170000-0x0000000002176000-memory.dmpFilesize
24KB
-
memory/1288-23-0x0000000002170000-0x0000000002176000-memory.dmpFilesize
24KB
-
memory/1348-25-0x00000000001B0000-0x00000000001B6000-memory.dmpFilesize
24KB
-
memory/1348-12-0x00000000001B0000-0x00000000001B6000-memory.dmpFilesize
24KB
-
memory/1376-6-0x0000000002A70000-0x0000000002A76000-memory.dmpFilesize
24KB
-
memory/1376-15-0x0000000002AC0000-0x0000000002AC6000-memory.dmpFilesize
24KB
-
memory/1376-3-0x0000000002A70000-0x0000000002A76000-memory.dmpFilesize
24KB
-
memory/1376-1-0x0000000002A70000-0x0000000002A76000-memory.dmpFilesize
24KB
-
memory/1376-24-0x0000000002AC0000-0x0000000002AC6000-memory.dmpFilesize
24KB
-
memory/2176-22-0x0000000000400000-0x000000000043F000-memory.dmpFilesize
252KB
-
memory/2232-20-0x0000000000740000-0x0000000000746000-memory.dmpFilesize
24KB
-
memory/2232-4-0x0000000000130000-0x0000000000136000-memory.dmpFilesize
24KB
-
memory/2232-27-0x0000000000740000-0x0000000000746000-memory.dmpFilesize
24KB