Overview

overview

10

Static

static

8da0935bb9...7d.exe

windows7-x64

10

8da0935bb9...7d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    93s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20220718-en
  • resource tags

    arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system
  • submitted
    31-07-2022 07:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8da0935bb9ecfb796a92fd2ed63b5d1dad8bef456ae1b9ec895f8fd69ab6127d.exe

  • Size

    113KB

  • MD5

    16b2192fc64d1cc4347cc505234efbb7

  • SHA1

    dfeae6690c243500a2f91ba2f6b0389231891490

  • SHA256

    8da0935bb9ecfb796a92fd2ed63b5d1dad8bef456ae1b9ec895f8fd69ab6127d

  • SHA512

    488c53e7b55bb53edc608c3f7e6363e2b44fc2f0fd97723598c4e8e80e7e30907473bf995652f62a2bd37f17b28db4f8a262e557675c99ae790ba814223b2d94

Score
10/10
blacknetpersistencetrojan

Malware Config

Signatures

  • BlackNET

    BlackNET is an open source remote access tool written in VB.NET.

    trojanblacknet
  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8da0935bb9ecfb796a92fd2ed63b5d1dad8bef456ae1b9ec895f8fd69ab6127d.exe
    "C:\Users\Admin\AppData\Local\Temp\8da0935bb9ecfb796a92fd2ed63b5d1dad8bef456ae1b9ec895f8fd69ab6127d.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1980
    • C:\Users\Admin\AppData\Roaming\Microsoft\MyClient\svchost.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\MyClient\svchost.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:748
      • C:\Users\Admin\AppData\Roaming\svchosts.exe
        "C:\Users\Admin\AppData\Roaming\svchosts.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:1732

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\MyClient\svchost.exe
    Filesize

    113KB

    MD5

    16b2192fc64d1cc4347cc505234efbb7

    SHA1

    dfeae6690c243500a2f91ba2f6b0389231891490

    SHA256

    8da0935bb9ecfb796a92fd2ed63b5d1dad8bef456ae1b9ec895f8fd69ab6127d

    SHA512

    488c53e7b55bb53edc608c3f7e6363e2b44fc2f0fd97723598c4e8e80e7e30907473bf995652f62a2bd37f17b28db4f8a262e557675c99ae790ba814223b2d94

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\MyClient\svchost.exe
    Filesize

    113KB

    MD5

    16b2192fc64d1cc4347cc505234efbb7

    SHA1

    dfeae6690c243500a2f91ba2f6b0389231891490

    SHA256

    8da0935bb9ecfb796a92fd2ed63b5d1dad8bef456ae1b9ec895f8fd69ab6127d

    SHA512

    488c53e7b55bb53edc608c3f7e6363e2b44fc2f0fd97723598c4e8e80e7e30907473bf995652f62a2bd37f17b28db4f8a262e557675c99ae790ba814223b2d94

    Download Submit
  • C:\Users\Admin\AppData\Roaming\svchosts.exe
    Filesize

    17KB

    MD5

    cb9c9656e6ffd45241a4278af1ffbb97

    SHA1

    3f4af7f4377c254a0df56b9fff385f893f639ffd

    SHA256

    b4b6abe57148a81899636fc9f168c013c0301b8f116a3b8e3a57171d909a33dc

    SHA512

    055cc0651004f0a8f0b884798657ac8ddc977efcd54483a4312087b00205d7aebc048d64a31e0946d48e66b26686d19e7c57e1d88d885d775228c22653ea3d30

    Download Submit
  • C:\Users\Admin\AppData\Roaming\svchosts.exe
    Filesize

    17KB

    MD5

    cb9c9656e6ffd45241a4278af1ffbb97

    SHA1

    3f4af7f4377c254a0df56b9fff385f893f639ffd

    SHA256

    b4b6abe57148a81899636fc9f168c013c0301b8f116a3b8e3a57171d909a33dc

    SHA512

    055cc0651004f0a8f0b884798657ac8ddc977efcd54483a4312087b00205d7aebc048d64a31e0946d48e66b26686d19e7c57e1d88d885d775228c22653ea3d30

    Download Submit
  • memory/748-112-0x0000000000000000-mapping.dmp
    Download
  • memory/748-117-0x000007FEF2DD0000-0x000007FEF3E66000-memory.dmp
    Filesize

    16.6MB

    Download
  • memory/748-116-0x000007FEF4240000-0x000007FEF4C63000-memory.dmp
    Filesize

    10.1MB

    Download
  • memory/1732-145-0x000007FEF2DD0000-0x000007FEF3E66000-memory.dmp
    Filesize

    16.6MB

    Download
  • memory/1732-144-0x000007FEF4240000-0x000007FEF4C63000-memory.dmp
    Filesize

    10.1MB

    Download
  • memory/1732-140-0x0000000000000000-mapping.dmp
    Download
  • memory/1980-73-0x000000001F839000-0x000000001F849000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1980-97-0x000000001FEB1000-0x000000001FED1000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1980-66-0x0000000000A5F000-0x0000000000A67000-memory.dmp
    Filesize

    32KB

    Download
  • memory/1980-67-0x0000000000A67000-0x0000000000A70000-memory.dmp
    Filesize

    36KB

    Download
  • memory/1980-68-0x000000001F810000-0x000000001F819000-memory.dmp
    Filesize

    36KB

    Download
  • memory/1980-69-0x000000001F819000-0x000000001F821000-memory.dmp
    Filesize

    32KB

    Download
  • memory/1980-70-0x000000001F821000-0x000000001F829000-memory.dmp
    Filesize

    32KB

    Download
  • memory/1980-71-0x000000001F829000-0x000000001F831000-memory.dmp
    Filesize

    32KB

    Download
  • memory/1980-72-0x000000001F831000-0x000000001F839000-memory.dmp
    Filesize

    32KB

    Download
  • memory/1980-54-0x000007FEF4240000-0x000007FEF4C63000-memory.dmp
    Filesize

    10.1MB

    Download
  • memory/1980-74-0x000000001F849000-0x000000001F859000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1980-75-0x000000001F859000-0x000000001F869000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1980-76-0x000000001F869000-0x000000001F879000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1980-77-0x000000001F879000-0x000000001F889000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1980-78-0x000000001F889000-0x000000001F899000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1980-79-0x000000001F899000-0x000000001F8A9000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1980-80-0x000000001F8A9000-0x000000001F8B9000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1980-81-0x000000001F8B9000-0x000000001F8D9000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1980-82-0x000000001F8D9000-0x000000001F8F9000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1980-83-0x000000001FD10000-0x000000001FD31000-memory.dmp
    Filesize

    132KB

    Download
  • memory/1980-84-0x000000001FD31000-0x000000001FD51000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1980-85-0x000000001FD51000-0x000000001FD71000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1980-86-0x000000001FD71000-0x000000001FD91000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1980-87-0x000000001FD91000-0x000000001FDB1000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1980-88-0x000000001FDB1000-0x000000001FDD1000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1980-89-0x000000001FDD1000-0x000000001FDF1000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1980-90-0x000000001FDF1000-0x000000001FE11000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1980-91-0x00000000009F6000-0x0000000000A15000-memory.dmp
    Filesize

    124KB

    Download
  • memory/1980-92-0x000000001FE11000-0x000000001FE31000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1980-93-0x000000001FE31000-0x000000001FE51000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1980-94-0x000000001FE51000-0x000000001FE71000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1980-95-0x000000001FE71000-0x000000001FE91000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1980-96-0x000000001FE91000-0x000000001FEB1000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1980-64-0x0000000000A53000-0x0000000000A57000-memory.dmp
    Filesize

    16KB

    Download
  • memory/1980-98-0x000000001FED1000-0x000000001FEF1000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1980-99-0x0000000020AF0000-0x0000000020B11000-memory.dmp
    Filesize

    132KB

    Download
  • memory/1980-100-0x0000000020B11000-0x0000000020B31000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1980-101-0x0000000020B31000-0x0000000020B51000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1980-102-0x0000000020B51000-0x0000000020B71000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1980-104-0x0000000020B91000-0x0000000020BB1000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1980-103-0x0000000020B71000-0x0000000020B91000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1980-105-0x0000000020BB1000-0x0000000020BD1000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1980-106-0x0000000020BD1000-0x0000000020BF1000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1980-107-0x0000000020BF1000-0x0000000020C11000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1980-108-0x0000000020C11000-0x0000000020C31000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1980-109-0x0000000020C31000-0x0000000020C51000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1980-65-0x0000000000A57000-0x0000000000A5F000-memory.dmp
    Filesize

    32KB

    Download
  • memory/1980-63-0x0000000000A4F000-0x0000000000A53000-memory.dmp
    Filesize

    16KB

    Download
  • memory/1980-113-0x0000000020C91000-0x0000000020CB1000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1980-111-0x0000000020C71000-0x0000000020C91000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1980-110-0x0000000020C51000-0x0000000020C71000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1980-62-0x0000000000A4B000-0x0000000000A4F000-memory.dmp
    Filesize

    16KB

    Download
  • memory/1980-61-0x0000000000A47000-0x0000000000A4B000-memory.dmp
    Filesize

    16KB

    Download
  • memory/1980-60-0x0000000000A43000-0x0000000000A47000-memory.dmp
    Filesize

    16KB

    Download
  • memory/1980-118-0x0000000020CB1000-0x0000000020CD1000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1980-124-0x0000000020D91000-0x0000000020DB1000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1980-123-0x0000000020D71000-0x0000000020D91000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1980-122-0x0000000020D51000-0x0000000020D71000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1980-121-0x0000000020D31000-0x0000000020D51000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1980-120-0x0000000020D11000-0x0000000020D31000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1980-119-0x0000000020CF1000-0x0000000020D11000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1980-59-0x0000000000A3F000-0x0000000000A43000-memory.dmp
    Filesize

    16KB

    Download
  • memory/1980-58-0x0000000000A3B000-0x0000000000A3F000-memory.dmp
    Filesize

    16KB

    Download
  • memory/1980-57-0x0000000000A37000-0x0000000000A3B000-memory.dmp
    Filesize

    16KB

    Download
  • memory/1980-56-0x00000000009F6000-0x0000000000A15000-memory.dmp
    Filesize

    124KB

    Download
  • memory/1980-55-0x000007FEF2DD0000-0x000007FEF3E66000-memory.dmp
    Filesize

    16.6MB

    Download