Analysis Overview
SHA256
d403c9a7f0a68755b906c4890787db30c209c919932155e6cf4f0e944177be66
Threat Level: Known bad
The file a3016f7c88899b10309dfa72387f2e8c.exe was found to be: Known bad.
Malicious Activity Summary
BlackNET Payload
Blacknet family
Contains code to disable Windows Defender
BlackNET
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2021-08-05 15:39
Signatures
BlackNET Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Blacknet family
Contains code to disable Windows Defender
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2021-04-24 23:01
Reported
2021-04-24 23:03
Platform
win7v20210408
Max time kernel
137s
Max time network
136s
Command Line
Signatures
BlackNET
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a3016f7c88899b10309dfa72387f2e8c.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\a3016f7c88899b10309dfa72387f2e8c.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a3016f7c88899b10309dfa72387f2e8c.exe
"C:\Users\Admin\AppData\Local\Temp\a3016f7c88899b10309dfa72387f2e8c.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 8.8.8.8:53 | chomotrov.rf.gd | udp |
| N/A | 185.27.134.201:80 | chomotrov.rf.gd | tcp |
Files
memory/1828-60-0x00000000009D0000-0x00000000009D2000-memory.dmp
memory/1828-61-0x000007FEF3150000-0x000007FEF41E6000-memory.dmp
memory/1828-62-0x00000000009D6000-0x00000000009F5000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2021-04-24 23:01
Reported
2021-04-24 23:03
Platform
win10v20210410
Max time kernel
13s
Max time network
121s
Command Line
Signatures
BlackNET
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\a3016f7c88899b10309dfa72387f2e8c.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a3016f7c88899b10309dfa72387f2e8c.exe
"C:\Users\Admin\AppData\Local\Temp\a3016f7c88899b10309dfa72387f2e8c.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 8.8.8.8:53 | chomotrov.rf.gd | udp |
| N/A | 185.27.134.201:80 | chomotrov.rf.gd | tcp |
Files
memory/3172-114-0x00000000005B0000-0x00000000005B2000-memory.dmp
memory/3172-115-0x00000000005B2000-0x00000000005B4000-memory.dmp
memory/3172-116-0x00000000005B4000-0x00000000005B5000-memory.dmp
memory/3172-117-0x00000000005B5000-0x00000000005B6000-memory.dmp