Malware Analysis Report

2024-11-13 17:15

Sample ID 220430-b1431sbccl
Target b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
Tags
blacknet hacked persistence trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09

Threat Level: Known bad

The file b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe was found to be: Known bad.

Malicious Activity Summary

blacknet hacked persistence trojan

BlackNET

BlackNET Payload

Contains code to disable Windows Defender

Blacknet family

Adds Run key to start application

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-04-30 01:37

Signatures

BlackNET Payload

Description Indicator Process Target
N/A N/A N/A N/A

Blacknet family

blacknet

Contains code to disable Windows Defender

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2022-04-30 01:37

Reported

2022-04-30 01:48

Platform

win10v2004-20220414-en

Max time kernel

9s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

Signatures

BlackNET

trojan blacknet

BlackNET Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Contains code to disable Windows Defender

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\df7427b5e05183e625345c3c37ef31c0 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe" C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Roaming\Microsoft\MyClient\WindowsUpdate.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\MyClient\WindowsUpdate.exe"

C:\Users\Admin\AppData\Local\Temp\svchosts.exe

"C:\Users\Admin\AppData\Local\Temp\svchosts.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

Network

Country Destination Domain Proto
NL 88.221.144.179:80 tcp
US 93.184.220.29:80 tcp
US 93.184.220.29:80 tcp
US 93.184.220.29:80 tcp
US 8.8.8.8:53 finalb.xyz udp
US 8.8.8.8:53 finalb.xyz udp
US 8.8.8.8:53 finalb.xyz udp
US 8.8.8.8:53 finalb.xyz udp
US 20.42.73.25:443 tcp
US 8.8.8.8:53 finalb.xyz udp
US 8.8.8.8:53 finalb.xyz udp
NL 104.97.14.81:80 tcp
NL 104.97.14.81:80 tcp
NL 104.97.14.81:80 tcp
US 8.8.8.8:53 finalb.xyz udp
US 8.8.8.8:53 finalb.xyz udp
US 8.8.8.8:53 finalb.xyz udp
US 8.8.8.8:53 finalb.xyz udp
FR 2.18.109.224:443 tcp
US 104.18.24.243:80 tcp
US 8.8.8.8:53 finalb.xyz udp
US 8.8.8.8:53 finalb.xyz udp
US 8.8.8.8:53 finalb.xyz udp
US 8.8.8.8:53 finalb.xyz udp
US 8.8.8.8:53 finalb.xyz udp

Files

memory/4980-130-0x000000000103A000-0x000000000103F000-memory.dmp

memory/5052-131-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\MyClient\WindowsUpdate.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

C:\Users\Admin\AppData\Roaming\Microsoft\MyClient\WindowsUpdate.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/1988-134-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\svchosts.exe

MD5 89dd6e72358a669b7d6e2348307a7af7
SHA1 0db348f3c6114a45d71f4d218e0e088b71c7bb0a
SHA256 ad34794058212006ae974fcc6a0242598e6d020f08044439e3512773cd402b7e
SHA512 93b8a47686d7491281a0809b138a6244a535302ba0d6b2146849e9888632c72b6223ae8eb7a24f1006aaf57ab947a8f43719cff4837df559e7bf42f52c63856b

C:\Users\Admin\AppData\Local\Temp\svchosts.exe

MD5 89dd6e72358a669b7d6e2348307a7af7
SHA1 0db348f3c6114a45d71f4d218e0e088b71c7bb0a
SHA256 ad34794058212006ae974fcc6a0242598e6d020f08044439e3512773cd402b7e
SHA512 93b8a47686d7491281a0809b138a6244a535302ba0d6b2146849e9888632c72b6223ae8eb7a24f1006aaf57ab947a8f43719cff4837df559e7bf42f52c63856b

memory/5052-137-0x0000000000DAA000-0x0000000000DAF000-memory.dmp

memory/4104-138-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe.log

MD5 d7d09fe4ff702ba9f25d5f48923708b6
SHA1 85ce2b7a1c9a4c3252fc9f471cf13ad50ad2cf65
SHA256 ae5b9b53869ba7b6bf99b07cb09c9ce9ff11d4abbbb626570390f9fba4f6f462
SHA512 500a313cc36a23302763d6957516640c981da2fbab691c8b66518f5b0051e25dfb1b09449efff526eab707fa1be36ef9362286869c82b3800e42d2d8287ef1cf

memory/4104-141-0x0000000000E6A000-0x0000000000E6F000-memory.dmp

memory/2204-142-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/2204-144-0x00000000015FA000-0x00000000015FF000-memory.dmp

memory/2144-145-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/2144-147-0x0000000000F6A000-0x0000000000F6F000-memory.dmp

memory/4828-148-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/4828-150-0x000000000064A000-0x000000000064F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/904-151-0x0000000000000000-mapping.dmp

memory/904-153-0x000000000155A000-0x000000000155F000-memory.dmp

memory/4632-154-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/4632-156-0x0000000000FFA000-0x0000000000FFF000-memory.dmp

memory/4912-157-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/4912-159-0x00000000009AA000-0x00000000009AF000-memory.dmp

memory/428-160-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/428-162-0x000000000144A000-0x000000000144F000-memory.dmp

memory/760-163-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/760-165-0x0000000000CAA000-0x0000000000CAF000-memory.dmp

memory/1368-166-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/1368-168-0x0000000000CAA000-0x0000000000CAF000-memory.dmp

memory/4104-169-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/4104-171-0x0000000000BBA000-0x0000000000BBF000-memory.dmp

memory/2096-172-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/2096-174-0x000000000079A000-0x000000000079F000-memory.dmp

memory/2628-175-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/2628-177-0x00000000011AA000-0x00000000011AF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/4008-178-0x0000000000000000-mapping.dmp

memory/4008-180-0x0000000000AFA000-0x0000000000AFF000-memory.dmp

memory/2212-181-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/2212-183-0x00000000009DA000-0x00000000009DF000-memory.dmp

memory/4948-184-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/4948-186-0x000000000171A000-0x000000000171F000-memory.dmp

memory/1252-187-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/1252-189-0x000000000164A000-0x000000000164F000-memory.dmp

memory/1784-190-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/1784-192-0x0000000000BFA000-0x0000000000BFF000-memory.dmp

memory/1748-193-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/1748-195-0x000000000184A000-0x000000000184F000-memory.dmp

memory/3720-196-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/3720-198-0x0000000000C8A000-0x0000000000C8F000-memory.dmp

memory/4364-199-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/4364-201-0x000000000197A000-0x000000000197F000-memory.dmp

memory/2960-202-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/2960-204-0x000000000129A000-0x000000000129F000-memory.dmp

memory/4620-205-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/4620-207-0x00000000008EA000-0x00000000008EF000-memory.dmp

memory/2096-208-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/2096-210-0x00000000009AA000-0x00000000009AF000-memory.dmp

memory/4816-211-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/4816-213-0x000000000158A000-0x000000000158F000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2022-04-30 01:37

Reported

2022-04-30 01:48

Platform

win7-20220414-en

Max time kernel

73s

Max time network

81s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

Signatures

BlackNET

trojan blacknet

BlackNET Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Contains code to disable Windows Defender

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Windows\CurrentVersion\Run\df7427b5e05183e625345c3c37ef31c0 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe" C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe

"C:\Users\Admin\AppData\Local\Temp\b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09.exe"

C:\Users\Admin\AppData\Roaming\Microsoft\MyClient\WindowsUpdate.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\MyClient\WindowsUpdate.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 finalb.xyz udp

Files

memory/1980-54-0x000007FEF3500000-0x000007FEF4596000-memory.dmp

memory/1980-55-0x000007FEFC331000-0x000007FEFC333000-memory.dmp

memory/1980-56-0x0000000000466000-0x0000000000485000-memory.dmp

memory/1980-57-0x00000000004AD000-0x00000000004B1000-memory.dmp

memory/1980-58-0x00000000004B1000-0x00000000004B5000-memory.dmp

memory/1980-60-0x00000000004B9000-0x00000000004BD000-memory.dmp

memory/1980-59-0x00000000004B5000-0x00000000004B9000-memory.dmp

memory/1980-61-0x00000000004BD000-0x00000000004C1000-memory.dmp

memory/1980-62-0x00000000004C1000-0x00000000004C5000-memory.dmp

memory/1980-63-0x00000000004A1000-0x00000000004A4000-memory.dmp

memory/1980-64-0x000000000048F000-0x0000000000492000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\MyClient\WindowsUpdate.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

C:\Users\Admin\AppData\Roaming\Microsoft\MyClient\WindowsUpdate.exe

MD5 c4f79edc4498c5570495bb36fc942134
SHA1 00046b588252502480e8e708a22d25ae1d9b05fa
SHA256 b33d569af5e490875d6473c6402797ddb4ce639bb1f1cf7f67698eeafa625f09
SHA512 07bdeb39b35835a752886c2d308a68d263b36e8372d2bf320ede5b85252d14e284985d0889dfa9fcffec7ede7c3585a46cb0165b00be903755ffe63cacb21cef

memory/1516-65-0x0000000000000000-mapping.dmp

memory/1516-68-0x000007FEF3500000-0x000007FEF4596000-memory.dmp

memory/1516-70-0x0000000001F56000-0x0000000001F75000-memory.dmp