Analysis Overview
SHA256
d403c9a7f0a68755b906c4890787db30c209c919932155e6cf4f0e944177be66
Threat Level: Known bad
The file a3016f7c88899b10309dfa72387f2e8c.exe was found to be: Known bad.
Malicious Activity Summary
Blacknet family
Contains code to disable Windows Defender
BlackNET
BlackNET Payload
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2021-08-05 15:39
Signatures
BlackNET Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Blacknet family
Contains code to disable Windows Defender
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2021-04-24 22:56
Reported
2021-04-24 22:58
Platform
win7v20210410
Max time kernel
129s
Max time network
131s
Command Line
Signatures
BlackNET
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a3016f7c88899b10309dfa72387f2e8c.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a3016f7c88899b10309dfa72387f2e8c.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a3016f7c88899b10309dfa72387f2e8c.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\a3016f7c88899b10309dfa72387f2e8c.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a3016f7c88899b10309dfa72387f2e8c.exe
"C:\Users\Admin\AppData\Local\Temp\a3016f7c88899b10309dfa72387f2e8c.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 8.8.8.8:53 | chomotrov.rf.gd | udp |
| N/A | 199.59.242.153:80 | chomotrov.rf.gd | tcp |
Files
memory/1748-59-0x000007FEF2190000-0x000007FEF3226000-memory.dmp
memory/1748-60-0x0000000000AE0000-0x0000000000AE2000-memory.dmp
memory/1748-61-0x0000000000AE6000-0x0000000000B05000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2021-04-24 22:56
Reported
2021-04-24 22:58
Platform
win10v20210408
Max time kernel
133s
Max time network
136s
Command Line
Signatures
BlackNET
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\a3016f7c88899b10309dfa72387f2e8c.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a3016f7c88899b10309dfa72387f2e8c.exe
"C:\Users\Admin\AppData\Local\Temp\a3016f7c88899b10309dfa72387f2e8c.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 8.8.8.8:53 | chomotrov.rf.gd | udp |
| N/A | 199.59.242.153:80 | chomotrov.rf.gd | tcp |
Files
memory/640-114-0x0000000003140000-0x0000000003142000-memory.dmp
memory/640-115-0x0000000003142000-0x0000000003144000-memory.dmp
memory/640-116-0x0000000003145000-0x0000000003146000-memory.dmp