Overview

overview

10

Static

static

10

044ce8c848...88.exe

windows7-x64

10

044ce8c848...88.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    138s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-08-2024 18:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    044ce8c84830aa4f340192a66ea1df8c197a4350cece903569ecc504bfda8b88.exe

  • Size

    1.2MB

  • MD5

    d804e70c7b5fd8d9c308278e03dc94a0

  • SHA1

    965eb9430e085481861b927cc721a33bcc1d62e8

  • SHA256

    044ce8c84830aa4f340192a66ea1df8c197a4350cece903569ecc504bfda8b88

  • SHA512

    147d4ae3d763c97352077768c083419133d10ebf8a19a3eb9516ad8584891ff0628ad7ab2967e85278ecdb857a311435069d25c43c7dac3479edfc22b0687b84

  • SSDEEP

    24576:zQ5aILMCfmAUjzX6xQ0+wCIygDsAUSTsU9+s8juCCCqR:E5aIwC+Agr6SNasrsFCZqR

Score
10/10
kpottrickbotbankerdiscoverystealertrojan

Malware Config

Signatures

  • KPOT

    KPOT is an information stealer that steals user data and account credentials.

    trojanstealerkpot
  • KPOT Core Executable 1 IoCs
  • Trickbot

    Developed in 2016, TrickBot is one of the more recent banking Trojans.

    trojanbankertrickbot
  • Trickbot x86 loader 1 IoCs

    Detected Trickbot's x86 loader that unpacks the x86 payload.

  • Executes dropped EXE 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\044ce8c84830aa4f340192a66ea1df8c197a4350cece903569ecc504bfda8b88.exe
    "C:\Users\Admin\AppData\Local\Temp\044ce8c84830aa4f340192a66ea1df8c197a4350cece903569ecc504bfda8b88.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5028
    • C:\Users\Admin\AppData\Roaming\WinSocket\044ce9c94930aa4f340192a77ea1df9c198a4360cece903679ecc604bfda9b99.exe
      C:\Users\Admin\AppData\Roaming\WinSocket\044ce9c94930aa4f340192a77ea1df9c198a4360cece903679ecc604bfda9b99.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3016
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe
        3⤵
          PID:4968
    • C:\Users\Admin\AppData\Roaming\WinSocket\044ce9c94930aa4f340192a77ea1df9c198a4360cece903679ecc604bfda9b99.exe
      C:\Users\Admin\AppData\Roaming\WinSocket\044ce9c94930aa4f340192a77ea1df9c198a4360cece903679ecc604bfda9b99.exe
      1⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:440
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe
        2⤵
          PID:4132
      • C:\Users\Admin\AppData\Roaming\WinSocket\044ce9c94930aa4f340192a77ea1df9c198a4360cece903679ecc604bfda9b99.exe
        C:\Users\Admin\AppData\Roaming\WinSocket\044ce9c94930aa4f340192a77ea1df9c198a4360cece903679ecc604bfda9b99.exe
        1⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1196
        • C:\Windows\system32\svchost.exe
          C:\Windows\system32\svchost.exe
          2⤵
            PID:3940

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\WinSocket\044ce9c94930aa4f340192a77ea1df9c198a4360cece903679ecc604bfda9b99.exe
          Filesize

          1.2MB

          MD5

          d804e70c7b5fd8d9c308278e03dc94a0

          SHA1

          965eb9430e085481861b927cc721a33bcc1d62e8

          SHA256

          044ce8c84830aa4f340192a66ea1df8c197a4350cece903569ecc504bfda8b88

          SHA512

          147d4ae3d763c97352077768c083419133d10ebf8a19a3eb9516ad8584891ff0628ad7ab2967e85278ecdb857a311435069d25c43c7dac3479edfc22b0687b84

          Download Submit

        • C:\Users\Admin\AppData\Roaming\WinSocket\settings.ini
          Filesize

          38KB

          MD5

          26783508e93270630498bb33db3b522b

          SHA1

          230e90eb152ab36624b1a5564415ec66b036e232

          SHA256

          97a04482ce1da2b28d143fde54f88870e60089ef835d98d42855e1c470cc5339

          SHA512

          e727cd0cdef0793841bfa4405b78d3f0a182a8cee3719da4fec743f6e9bec2b3820dea2d13dd24a57d034e3750c3ca307a9c50986a85e442f6b7e79d9c394559

          Download Submit

        • memory/440-73-0x0000000000400000-0x0000000000472000-memory.dmp

          Filesize

          456KB

          Download

        • memory/440-72-0x0000000000421000-0x0000000000422000-memory.dmp

          Filesize

          4KB

          Download

        • memory/440-60-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/440-65-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/440-67-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/440-69-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/440-68-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/440-66-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/440-64-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/440-63-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/440-62-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/440-61-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/440-59-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/440-58-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3016-37-0x00000000007A0000-0x00000000007A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3016-36-0x00000000007A0000-0x00000000007A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3016-35-0x00000000007A0000-0x00000000007A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3016-34-0x00000000007A0000-0x00000000007A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3016-33-0x00000000007A0000-0x00000000007A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3016-32-0x00000000007A0000-0x00000000007A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3016-31-0x00000000007A0000-0x00000000007A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3016-30-0x00000000007A0000-0x00000000007A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3016-29-0x00000000007A0000-0x00000000007A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3016-28-0x00000000007A0000-0x00000000007A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3016-53-0x0000000003170000-0x0000000003439000-memory.dmp

          Filesize

          2.8MB

          Download

        • memory/3016-27-0x00000000007A0000-0x00000000007A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3016-40-0x0000000000400000-0x0000000000472000-memory.dmp

          Filesize

          456KB

          Download

        • memory/3016-26-0x00000000007A0000-0x00000000007A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3016-42-0x0000000010000000-0x0000000010007000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3016-41-0x0000000010000000-0x0000000010007000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3016-52-0x00000000030B0000-0x000000000316E000-memory.dmp

          Filesize

          760KB

          Download

        • memory/4968-46-0x0000000010000000-0x000000001001E000-memory.dmp

          Filesize

          120KB

          Download

        • memory/4968-51-0x000001EFEE4C0000-0x000001EFEE4C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4968-47-0x0000000010000000-0x000000001001E000-memory.dmp

          Filesize

          120KB

          Download

        • memory/5028-8-0x0000000002130000-0x0000000002131000-memory.dmp

          Filesize

          4KB

          Download

        • memory/5028-9-0x0000000002130000-0x0000000002131000-memory.dmp

          Filesize

          4KB

          Download

        • memory/5028-2-0x0000000002130000-0x0000000002131000-memory.dmp

          Filesize

          4KB

          Download

        • memory/5028-5-0x0000000002130000-0x0000000002131000-memory.dmp

          Filesize

          4KB

          Download

        • memory/5028-6-0x0000000002130000-0x0000000002131000-memory.dmp

          Filesize

          4KB

          Download

        • memory/5028-7-0x0000000002130000-0x0000000002131000-memory.dmp

          Filesize

          4KB

          Download

        • memory/5028-3-0x0000000002130000-0x0000000002131000-memory.dmp

          Filesize

          4KB

          Download

        • memory/5028-18-0x0000000000400000-0x0000000000472000-memory.dmp

          Filesize

          456KB

          Download

        • memory/5028-17-0x0000000000421000-0x0000000000422000-memory.dmp

          Filesize

          4KB

          Download

        • memory/5028-10-0x0000000002130000-0x0000000002131000-memory.dmp

          Filesize

          4KB

          Download

        • memory/5028-11-0x0000000002130000-0x0000000002131000-memory.dmp

          Filesize

          4KB

          Download

        • memory/5028-12-0x0000000002130000-0x0000000002131000-memory.dmp

          Filesize

          4KB

          Download

        • memory/5028-15-0x0000000002AB0000-0x0000000002AD9000-memory.dmp

          Filesize

          164KB

          Download

        • memory/5028-4-0x0000000002130000-0x0000000002131000-memory.dmp

          Filesize

          4KB

          Download

        • memory/5028-13-0x0000000002130000-0x0000000002131000-memory.dmp

          Filesize

          4KB

          Download

        • memory/5028-14-0x0000000002130000-0x0000000002131000-memory.dmp

          Filesize

          4KB

          Download