Malware Analysis Report

2025-04-03 09:07

Sample ID 210416-vqhqsy2ab6
Target 714a08f16bbae43f96dc7274176a7787.exe
SHA256 c1d30ac10457e6ef204271734ac30c15351153e6cad663000a422ec9c22cacca
Tags
blacknet trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c1d30ac10457e6ef204271734ac30c15351153e6cad663000a422ec9c22cacca

Threat Level: Known bad

The file 714a08f16bbae43f96dc7274176a7787.exe was found to be: Known bad.

Malicious Activity Summary

blacknet trojan

BlackNET

Drops desktop.ini file(s)

Drops file in Windows directory

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2021-08-05 15:39

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2021-04-16 22:26

Reported

2021-04-16 22:28

Platform

win7v20210410

Max time kernel

140s

Max time network

141s

Command Line

"C:\Users\Admin\AppData\Local\Temp\714a08f16bbae43f96dc7274176a7787.exe"

Signatures

BlackNET

trojan blacknet

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\714a08f16bbae43f96dc7274176a7787.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\714a08f16bbae43f96dc7274176a7787.exe

"C:\Users\Admin\AppData\Local\Temp\714a08f16bbae43f96dc7274176a7787.exe"

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 micros0ftcenter.xyz udp
N/A 185.239.243.112:80 micros0ftcenter.xyz tcp
N/A 185.239.243.112:80 micros0ftcenter.xyz tcp
N/A 185.239.243.112:80 micros0ftcenter.xyz tcp
N/A 185.239.243.112:80 micros0ftcenter.xyz tcp
N/A 185.239.243.112:80 micros0ftcenter.xyz tcp

Files

memory/1096-59-0x0000000075281000-0x0000000075283000-memory.dmp

memory/1096-60-0x00000000002A0000-0x00000000002A1000-memory.dmp

memory/1096-61-0x00000000002A1000-0x00000000002A2000-memory.dmp

memory/1096-62-0x00000000002A2000-0x00000000002A3000-memory.dmp

memory/1096-63-0x00000000002A7000-0x00000000002B8000-memory.dmp

memory/1096-64-0x00000000002B8000-0x00000000002B9000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2021-04-16 22:26

Reported

2021-04-16 22:28

Platform

win10v20210408

Max time kernel

127s

Max time network

142s

Command Line

"C:\Users\Admin\AppData\Local\Temp\714a08f16bbae43f96dc7274176a7787.exe"

Signatures

BlackNET

trojan blacknet

Drops desktop.ini file(s)

Description Indicator Process Target
File created C:\Windows\assembly\Desktop.ini C:\Users\Admin\AppData\Local\Temp\714a08f16bbae43f96dc7274176a7787.exe N/A
File opened for modification C:\Windows\assembly\Desktop.ini C:\Users\Admin\AppData\Local\Temp\714a08f16bbae43f96dc7274176a7787.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\assembly C:\Users\Admin\AppData\Local\Temp\714a08f16bbae43f96dc7274176a7787.exe N/A
File created C:\Windows\assembly\Desktop.ini C:\Users\Admin\AppData\Local\Temp\714a08f16bbae43f96dc7274176a7787.exe N/A
File opened for modification C:\Windows\assembly\Desktop.ini C:\Users\Admin\AppData\Local\Temp\714a08f16bbae43f96dc7274176a7787.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\714a08f16bbae43f96dc7274176a7787.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\714a08f16bbae43f96dc7274176a7787.exe

"C:\Users\Admin\AppData\Local\Temp\714a08f16bbae43f96dc7274176a7787.exe"

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 micros0ftcenter.xyz udp
N/A 185.239.243.112:80 micros0ftcenter.xyz tcp
N/A 185.239.243.112:80 micros0ftcenter.xyz tcp
N/A 185.239.243.112:80 micros0ftcenter.xyz tcp
N/A 185.239.243.112:80 micros0ftcenter.xyz tcp
N/A 185.239.243.112:80 micros0ftcenter.xyz tcp

Files

memory/584-114-0x0000000000C00000-0x0000000000C01000-memory.dmp

memory/584-116-0x0000000000C02000-0x0000000000C03000-memory.dmp

memory/584-115-0x0000000000C01000-0x0000000000C02000-memory.dmp

memory/584-117-0x0000000000C05000-0x0000000000C07000-memory.dmp

memory/584-118-0x0000000000C07000-0x0000000000C08000-memory.dmp