Overview

overview

10

Static

static

7

??????.exe

windows7-x64

10

??????.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    30-06-2024 15:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ??????.exe

  • Size

    13.2MB

  • MD5

    4d65014ca7fab35caae9d8ac24815e4b

  • SHA1

    55d201d950e1053905f191f437962ea4992dbe86

  • SHA256

    7d1e09800698caf357c17ddc003e443143a9748230a04acbcb0d3487a0a622c4

  • SHA512

    bb668f2a0b42af7b7602c2a016966dace91144d21f9aee03a685190a172b3310dd580fcdac5bc1d3ec68b95fd52c01ceb2a48f1adbd4c13aebe07c1e1130dc19

  • SSDEEP

    393216:gPDPWrjWiaqTjWU5JUkCoAvpyS+Vb3izzn72YZ:YKO8JUN0b+zSYZ

Score
10/10
blackmoonaspackv2bankertrojan

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 14 IoCs
  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\______.exe
    "C:\Users\Admin\AppData\Local\Temp\______.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2932
    • C:\¡ïÎåÑò³ÁĬ¡ï\20988______.exe
      C:\¡ïÎåÑò³ÁĬ¡ï\20988______.exe
      2⤵
      • Executes dropped EXE
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2756

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G17BROQF\httpErrorPagesScripts[1]
    Filesize

    8KB

    MD5

    3f57b781cb3ef114dd0b665151571b7b

    SHA1

    ce6a63f996df3a1cccb81720e21204b825e0238c

    SHA256

    46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

    SHA512

    8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTL9DZJ3\errorPageStrings[1]
    Filesize

    2KB

    MD5

    e3e4a98353f119b80b323302f26b78fa

    SHA1

    20ee35a370cdd3a8a7d04b506410300fd0a6a864

    SHA256

    9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

    SHA512

    d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\42056c46bc4e087c47a0de482530e13e.txt
    Filesize

    16B

    MD5

    0f6f301a359dfda81ee72a4f6cabbb30

    SHA1

    a49a51882cb334df7fc80b87a51a241f6b6cf09e

    SHA256

    f9f4d903b7f52a0ec9ade6018f4f2d23d3493c5b2c0b341ce40170e33c1831ee

    SHA512

    b3a7adf414a76448423c7fa428375681cb30ce8cd270d1aa0381e18a74ce4d3c03c3cc7969a542c443adb30b8982f96be3df2062c9de15eb9b37b1de69fa70cb

    Download Submit
  • \¡ïÎåÑò³ÁĬ¡ï\20988______.exe
    Filesize

    13.2MB

    MD5

    4d65014ca7fab35caae9d8ac24815e4b

    SHA1

    55d201d950e1053905f191f437962ea4992dbe86

    SHA256

    7d1e09800698caf357c17ddc003e443143a9748230a04acbcb0d3487a0a622c4

    SHA512

    bb668f2a0b42af7b7602c2a016966dace91144d21f9aee03a685190a172b3310dd580fcdac5bc1d3ec68b95fd52c01ceb2a48f1adbd4c13aebe07c1e1130dc19

    Download Submit
  • memory/2756-49-0x0000000000400000-0x0000000000926000-memory.dmp
    Filesize

    5.1MB

    Download
  • memory/2756-52-0x0000000000400000-0x0000000000926000-memory.dmp
    Filesize

    5.1MB

    Download
  • memory/2756-83-0x0000000000400000-0x0000000000926000-memory.dmp
    Filesize

    5.1MB

    Download
  • memory/2756-82-0x0000000000400000-0x0000000000926000-memory.dmp
    Filesize

    5.1MB

    Download
  • memory/2756-48-0x0000000000400000-0x0000000000926000-memory.dmp
    Filesize

    5.1MB

    Download
  • memory/2756-50-0x0000000000400000-0x0000000000926000-memory.dmp
    Filesize

    5.1MB

    Download
  • memory/2932-9-0x0000000000400000-0x0000000000926000-memory.dmp
    Filesize

    5.1MB

    Download
  • memory/2932-46-0x000000000CE10000-0x000000000D336000-memory.dmp
    Filesize

    5.1MB

    Download
  • memory/2932-7-0x000000000091E000-0x000000000091F000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2932-8-0x0000000000400000-0x0000000000926000-memory.dmp
    Filesize

    5.1MB

    Download
  • memory/2932-51-0x0000000000400000-0x0000000000926000-memory.dmp
    Filesize

    5.1MB

    Download
  • memory/2932-0-0x0000000000400000-0x0000000000926000-memory.dmp
    Filesize

    5.1MB

    Download
  • memory/2932-10-0x0000000000400000-0x0000000000926000-memory.dmp
    Filesize

    5.1MB

    Download
  • memory/2932-3-0x0000000000400000-0x0000000000926000-memory.dmp
    Filesize

    5.1MB

    Download
  • memory/2932-1-0x0000000000400000-0x0000000000926000-memory.dmp
    Filesize

    5.1MB

    Download
  • memory/2932-2-0x0000000000400000-0x0000000000926000-memory.dmp
    Filesize

    5.1MB

    Download
  • memory/2932-11-0x0000000000400000-0x0000000000926000-memory.dmp
    Filesize

    5.1MB

    Download
  • memory/2932-12-0x0000000000400000-0x0000000000926000-memory.dmp
    Filesize

    5.1MB

    Download