Analysis
-
max time kernel
151s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
24-11-2022 08:12
General
-
Target
register.exe
-
Size
672KB
-
MD5
e8f82a2cc983032396d460fd79177505
-
SHA1
4f2e6d9fbfee5c6ec36c1b377d201231a2379196
-
SHA256
7aeb95508722fd133827a373b1c3a5d7a1128ad0870d883ef853aefdbfe0894b
-
SHA512
5ec63ff7a7d87474116099b7d989414ca9e9b8b14b553d5a6ec14f58cc0e083d039e429f4199d5aca523f13d836d006849fd9ae6658baa46f081d4bcd7e5ee20
-
SSDEEP
12288:byspkLBD00kEZYjwu8lhlHmRiz2fN1zM4WbJQ4Odf:bysp400kEIv8lzHmEKfN1zMB
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 1 IoCs
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\register.exe"C:\Users\Admin\AppData\Local\Temp\register.exe"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
-
Filesize
8KB
-
Filesize
328KB
-
Filesize
1.3MB
-
Filesize
328KB