Overview

overview

10

Static

static

7

e0b91bc4c1...9d.exe

windows7-x64

10

e0b91bc4c1...9d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    131s
  • max time network
    134s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-07-2024 12:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e0b91bc4c16ffb3741338da8a283b2ed47acbb7b3fc6c247eccdbeeb0d2ae49d.exe

  • Size

    8.0MB

  • MD5

    425acb663a117031cc036e39dc4c96e4

  • SHA1

    45ef5a3064e9d5d275cf41e77b886f545b2e21f8

  • SHA256

    e0b91bc4c16ffb3741338da8a283b2ed47acbb7b3fc6c247eccdbeeb0d2ae49d

  • SHA512

    b019a90fd7510f057c90d1e6be630c6ec41f5f41794242a93d43b9b96aeedc02277db325321e1af16b541513e11c1df34e404a9dc137110c6aeb2cb6fff96a58

  • SSDEEP

    196608:PYPDPy7fS+caLCNvjvfBN1sfQJDZdnFquJ5bsKp+1sf45:gPDPiRXLGbv/1X73JZhM15

Score
10/10
blackmoonbankertrojan

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 4 IoCs
  • Program crash 3 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e0b91bc4c16ffb3741338da8a283b2ed47acbb7b3fc6c247eccdbeeb0d2ae49d.exe
    "C:\Users\Admin\AppData\Local\Temp\e0b91bc4c16ffb3741338da8a283b2ed47acbb7b3fc6c247eccdbeeb0d2ae49d.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1892
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 1636
      2⤵
      • Program crash
      PID:4784
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 1612
      2⤵
      • Program crash
      PID:4608
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 1660
      2⤵
      • Program crash
      PID:4800
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 1892 -ip 1892
    1⤵
      PID:1392
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1892 -ip 1892
      1⤵
        PID:2620
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 1892 -ip 1892
        1⤵
          PID:4552
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1020,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=3744 /prefetch:8
          1⤵
            PID:876

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1892-1-0x0000000000400000-0x0000000000926000-memory.dmp
            Filesize

            5.1MB

            Download
          • memory/1892-0-0x0000000000400000-0x0000000000926000-memory.dmp
            Filesize

            5.1MB

            Download
          • memory/1892-2-0x0000000000400000-0x0000000000926000-memory.dmp
            Filesize

            5.1MB

            Download
          • memory/1892-3-0x0000000000400000-0x0000000000926000-memory.dmp
            Filesize

            5.1MB

            Download
          • memory/1892-10-0x00000000004FB000-0x00000000004FC000-memory.dmp
            Filesize

            4KB

            Download
          • memory/1892-9-0x00000000040F0000-0x00000000040F1000-memory.dmp
            Filesize

            4KB

            Download
          • memory/1892-7-0x0000000003A80000-0x0000000003A81000-memory.dmp
            Filesize

            4KB

            Download
          • memory/1892-8-0x0000000003A60000-0x0000000003A61000-memory.dmp
            Filesize

            4KB

            Download
          • memory/1892-11-0x0000000000400000-0x0000000000926000-memory.dmp
            Filesize

            5.1MB

            Download