Analysis
-
max time kernel
146s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
24-06-2022 10:27
General
-
Target
1.exe
-
Size
1.2MB
-
MD5
f5aa803f52b91918139254834f6e21ce
-
SHA1
d5698a1014ab1193379af75609594f2bc0e54d80
-
SHA256
50f0d3c53631efa2b454e2a505754fad8bb2f5706d7bb88477449a188e652f68
-
SHA512
2633a85b200e133c13874c362786716d890082cdf1ef31ce2aaaffd5f24b962a3e66337ca15dfe4c679d6aec000fb8dfbec04714850c6c3adadf9fc680aece76
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 2 IoCs
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1.exe"C:\Users\Admin\AppData\Local\Temp\1.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Microsoft\Office\1.exe"C:\Users\Admin\AppData\Roaming\Microsoft\Office\1.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.2MB
MD5f5aa803f52b91918139254834f6e21ce
SHA1d5698a1014ab1193379af75609594f2bc0e54d80
SHA25650f0d3c53631efa2b454e2a505754fad8bb2f5706d7bb88477449a188e652f68
SHA5122633a85b200e133c13874c362786716d890082cdf1ef31ce2aaaffd5f24b962a3e66337ca15dfe4c679d6aec000fb8dfbec04714850c6c3adadf9fc680aece76
-
Filesize
1.2MB
MD5f5aa803f52b91918139254834f6e21ce
SHA1d5698a1014ab1193379af75609594f2bc0e54d80
SHA25650f0d3c53631efa2b454e2a505754fad8bb2f5706d7bb88477449a188e652f68
SHA5122633a85b200e133c13874c362786716d890082cdf1ef31ce2aaaffd5f24b962a3e66337ca15dfe4c679d6aec000fb8dfbec04714850c6c3adadf9fc680aece76
-