Malware Analysis Report

2025-04-03 09:07

Sample ID 210417-bxjb1b7d6n
Target a19d54e369d80b257753a6979215eca6.exe
SHA256 82259f0bdaf02774ef0ee028b6c7cb5b90a9173100b972766451c0e8517260dd
Tags
blacknet trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

82259f0bdaf02774ef0ee028b6c7cb5b90a9173100b972766451c0e8517260dd

Threat Level: Known bad

The file a19d54e369d80b257753a6979215eca6.exe was found to be: Known bad.

Malicious Activity Summary

blacknet trojan

BlackNET

Drops desktop.ini file(s)

Drops file in Windows directory

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2021-08-05 15:39

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2021-04-17 15:41

Reported

2021-04-17 15:43

Platform

win7v20210410

Max time kernel

141s

Max time network

140s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a19d54e369d80b257753a6979215eca6.exe"

Signatures

BlackNET

trojan blacknet

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\a19d54e369d80b257753a6979215eca6.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\a19d54e369d80b257753a6979215eca6.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\a19d54e369d80b257753a6979215eca6.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a19d54e369d80b257753a6979215eca6.exe

"C:\Users\Admin\AppData\Local\Temp\a19d54e369d80b257753a6979215eca6.exe"

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 micros0ftcenter.xyz udp
N/A 185.239.243.112:80 micros0ftcenter.xyz tcp
N/A 185.239.243.112:80 micros0ftcenter.xyz tcp
N/A 185.239.243.112:80 micros0ftcenter.xyz tcp
N/A 185.239.243.112:80 micros0ftcenter.xyz tcp
N/A 185.239.243.112:80 micros0ftcenter.xyz tcp

Files

memory/540-60-0x0000000075A71000-0x0000000075A73000-memory.dmp

memory/540-61-0x00000000001F0000-0x00000000001F1000-memory.dmp

memory/540-64-0x00000000001F7000-0x0000000000208000-memory.dmp

memory/540-63-0x00000000001F2000-0x00000000001F3000-memory.dmp

memory/540-65-0x0000000000208000-0x0000000000209000-memory.dmp

memory/540-62-0x00000000001F1000-0x00000000001F2000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2021-04-17 15:41

Reported

2021-04-17 15:43

Platform

win10v20210408

Max time kernel

150s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a19d54e369d80b257753a6979215eca6.exe"

Signatures

BlackNET

trojan blacknet

Drops desktop.ini file(s)

Description Indicator Process Target
File created C:\Windows\assembly\Desktop.ini C:\Users\Admin\AppData\Local\Temp\a19d54e369d80b257753a6979215eca6.exe N/A
File opened for modification C:\Windows\assembly\Desktop.ini C:\Users\Admin\AppData\Local\Temp\a19d54e369d80b257753a6979215eca6.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\assembly C:\Users\Admin\AppData\Local\Temp\a19d54e369d80b257753a6979215eca6.exe N/A
File created C:\Windows\assembly\Desktop.ini C:\Users\Admin\AppData\Local\Temp\a19d54e369d80b257753a6979215eca6.exe N/A
File opened for modification C:\Windows\assembly\Desktop.ini C:\Users\Admin\AppData\Local\Temp\a19d54e369d80b257753a6979215eca6.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\a19d54e369d80b257753a6979215eca6.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\a19d54e369d80b257753a6979215eca6.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\a19d54e369d80b257753a6979215eca6.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a19d54e369d80b257753a6979215eca6.exe

"C:\Users\Admin\AppData\Local\Temp\a19d54e369d80b257753a6979215eca6.exe"

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 micros0ftcenter.xyz udp
N/A 185.239.243.112:80 micros0ftcenter.xyz tcp
N/A 185.239.243.112:80 micros0ftcenter.xyz tcp
N/A 185.239.243.112:80 micros0ftcenter.xyz tcp
N/A 185.239.243.112:80 micros0ftcenter.xyz tcp
N/A 185.239.243.112:80 micros0ftcenter.xyz tcp
N/A 185.239.243.112:80 micros0ftcenter.xyz tcp

Files

memory/3932-114-0x0000000001220000-0x0000000001221000-memory.dmp

memory/3932-116-0x0000000001222000-0x0000000001223000-memory.dmp

memory/3932-115-0x0000000001221000-0x0000000001222000-memory.dmp

memory/3932-117-0x0000000001225000-0x0000000001227000-memory.dmp

memory/3932-118-0x0000000001227000-0x0000000001228000-memory.dmp