Overview

overview

10

Static

static

7

a8f074d0f1...a4.dll

windows7-x64

10

a8f074d0f1...a4.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    128s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-03-2023 15:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a8f074d0f1dd7a1c61dd5aec5856bf404fae4f38e93eeb05a8fe691f012daaa4.dll

  • Size

    117KB

  • MD5

    44160dd35999d7cb0eaf15f8c3f6ac14

  • SHA1

    1a454b460bbb1fb74be58c3d6402469fdea15a3e

  • SHA256

    a8f074d0f1dd7a1c61dd5aec5856bf404fae4f38e93eeb05a8fe691f012daaa4

  • SHA512

    b907840df609a98cb17b0f92a1dc16edb6210dfcfbaff98917fdb9d0cfc6288f5bb975d0e87cc479c95da48e1c3d1664e99a996d236e5209c414b7ba2d7420f2

  • SSDEEP

    1536:wA/yfatLv5hjJ3uU86cz2K1CwAyjh7buyaqNIQGY2DwOoAtSfhd77ekaU07WJP:OatTJ+Uf45CxyWYKgAtSfz77+C

Score
10/10
blackmoonbankertrojan

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\a8f074d0f1dd7a1c61dd5aec5856bf404fae4f38e93eeb05a8fe691f012daaa4.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1564
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\a8f074d0f1dd7a1c61dd5aec5856bf404fae4f38e93eeb05a8fe691f012daaa4.dll,#1
      2⤵
        PID:4324

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4324-135-0x0000000010000000-0x000000001005D000-memory.dmp
      Filesize

      372KB

      Download
    • memory/4324-134-0x0000000010000000-0x000000001005D000-memory.dmp
      Filesize

      372KB

      Download
    • memory/4324-133-0x0000000010000000-0x000000001005D000-memory.dmp
      Filesize

      372KB

      Download
    • memory/4324-136-0x0000000002E60000-0x0000000003003000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4324-137-0x0000000002710000-0x0000000002800000-memory.dmp
      Filesize

      960KB

      Download
    • memory/4324-138-0x0000000002C40000-0x0000000002E55000-memory.dmp
      Filesize

      2.1MB

      Download