Analysis

  • max time kernel
    150s
  • max time network
    148s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    05-12-2020 15:26

General

  • Target

    invoice.exe

  • Size

    80KB

  • MD5

    d826c6d5d9deef005d705b99cac11016

  • SHA1

    f23633dacb9b6be069c2b43f7b931a720f0c5027

  • SHA256

    a3a387c3b28b1ee8c27dcdc18aac61ef7517cfdd44379a4a77846282fff5c341

  • SHA512

    121bdd22bfaf19efbc1be67417e542177748ea51506051e428f9fd8fbec1ee79718881aae1b0197b259c994cf640d4bb818f4b2e02beecbfb81aee6ec7bad67b

Score
10/10

Malware Config

Signatures

  • BlackNET

    BlackNET is an open source remote access tool written in VB.NET.

  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\invoice.exe
    "C:\Users\Admin\AppData\Local\Temp\invoice.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/640-2-0x00007FF9EA150000-0x00007FF9EAAF0000-memory.dmp

    Filesize

    9.6MB