Overview

overview

10

Static

static

3

eec2a5cc87...18.exe

windows7-x64

10

eec2a5cc87...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    21-09-2024 00:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eec2a5cc875cd35d9334725f1a6f926c_JaffaCakes118.exe

  • Size

    252KB

  • MD5

    eec2a5cc875cd35d9334725f1a6f926c

  • SHA1

    5ada78b6e5f667996a58246de1ad0453d6eff026

  • SHA256

    50709a83b665c2d2286d16395a93034a9e1b518fcbf4767646cd33d6894e38b9

  • SHA512

    f39f8fa9c31203a6fff5cf30f533c5c3ca8f68a9993f680131be6e3a843d61f609a455abb69686f7eba5cd96904908954c442743202920297a9649ff8c879126

  • SSDEEP

    6144:tCYfPnqFymR5uadElSdEi32oto3PZ3SZmRSu3G:UYnnqQmnu8kvimotKPZCZ6Su3G

Score
10/10
trickbotbankerdavediscoverytrojan

Malware Config

Signatures

  • Trickbot

    Developed in 2016, TrickBot is one of the more recent banking Trojans.

    trojanbankertrickbot
  • Dave packer 3 IoCs

    Detects executable using a packer named 'Dave' by the community, based on a string at the end.

    dave
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\eec2a5cc875cd35d9334725f1a6f926c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\eec2a5cc875cd35d9334725f1a6f926c_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3024
    • C:\ProgramData\љр号后跟تت.exe
      "C:\ProgramData\љр号后跟تت.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2296
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe
        3⤵
          PID:2764

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \ProgramData\љр号后跟تت.exe
      Filesize

      252KB

      MD5

      eec2a5cc875cd35d9334725f1a6f926c

      SHA1

      5ada78b6e5f667996a58246de1ad0453d6eff026

      SHA256

      50709a83b665c2d2286d16395a93034a9e1b518fcbf4767646cd33d6894e38b9

      SHA512

      f39f8fa9c31203a6fff5cf30f533c5c3ca8f68a9993f680131be6e3a843d61f609a455abb69686f7eba5cd96904908954c442743202920297a9649ff8c879126

      Download Submit

    • memory/2296-20-0x0000000001C90000-0x0000000001CC1000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2296-14-0x0000000001C50000-0x0000000001C85000-memory.dmp

      Filesize

      212KB

      Download

    • memory/2296-19-0x0000000001D10000-0x0000000001D41000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2296-21-0x0000000001D10000-0x0000000001D41000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2296-22-0x0000000000280000-0x0000000000281000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2296-23-0x0000000010000000-0x0000000010006000-memory.dmp

      Filesize

      24KB

      Download

    • memory/2296-24-0x0000000001D10000-0x0000000001D41000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2296-26-0x0000000001D10000-0x0000000001D41000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2764-25-0x0000000000060000-0x0000000000082000-memory.dmp

      Filesize

      136KB

      Download

    • memory/2764-27-0x0000000000060000-0x0000000000082000-memory.dmp

      Filesize

      136KB

      Download

    • memory/2764-29-0x0000000000060000-0x0000000000082000-memory.dmp

      Filesize

      136KB

      Download

    • memory/3024-4-0x0000000000280000-0x00000000002B2000-memory.dmp

      Filesize

      200KB

      Download

    • memory/3024-0-0x0000000000640000-0x0000000000675000-memory.dmp

      Filesize

      212KB

      Download