Analysis
-
max time kernel
144s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
05-03-2023 12:20
General
-
Target
tmp.exe
-
Size
416KB
-
MD5
98c3cbd2910bf9135c230371ca1cfcb2
-
SHA1
6465f6350999cbb2faec6a2fe7602b8a58e33aca
-
SHA256
4dcf73dc989c9bfe797734db6eedf6aef42b8e1f0723d806f8d64bcc48b5bfce
-
SHA512
341051f897d2db527eac29831289009aa65a3bf607712751a6a4a0639f3a1bf41b18d71d33cd89ce0f70616b0e93496dd7a923328e16c5a26e2280b7110d2901
-
SSDEEP
12288:LgUr1+gvyOlC7wiVcub1ii+Kta0V2tRl0l9KJ:LZ1+Ola9VJaptRA9
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 2 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\tmp.exe"C:\Users\Admin\AppData\Local\Temp\tmp.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1116-133-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1116-134-0x0000000000400000-0x0000000000593000-memory.dmpFilesize
1.6MB
-
memory/1116-136-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1116-137-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1116-139-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1116-141-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1116-145-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1116-143-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1116-147-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1116-149-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1116-151-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1116-153-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1116-155-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1116-157-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1116-159-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1116-161-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1116-163-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1116-165-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1116-167-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1116-169-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1116-171-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1116-173-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1116-175-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1116-177-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1116-178-0x0000000000400000-0x0000000000593000-memory.dmpFilesize
1.6MB
-
memory/1116-179-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB