silversurfer

Level 66
Verified
Trusted
Content Creator
Malware Hunter
The TrickBot cybercrime gang has released the hundredth version of the TrickBot malware with additional features to evade detection. [...]

This latest build was discovered by Advanced Intel's Vitali Kremez, who found that they added new features to make it harder to detect.
With this release, TrickBot is now injecting its DLL into the legitimate Windows wermgr.exe (Windows Problem Reporting) executable directly from memory using code from the 'MemoryModule' project.
 

silversurfer

Level 66
Verified
Trusted
Content Creator
Malware Hunter
Just to inform people who don't know what's the legitimate process "wermgr.exe" (Windows Problem Reporting), this system process is signed by Microsoft.
Windows Error Reporting is a crash reporting manager for Windows operating systems. Wermgr.exe runs the error reporting software, and does not pose a threat to your computer.