Overview

overview

10

Static

static

3

11c6c95e01...10.exe

windows7-x64

10

11c6c95e01...10.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-05-2023 07:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    11c6c95e01f1ca6c4480fff356afcc4fb9de8623edd4953e350451e395274d10.exe

  • Size

    816KB

  • MD5

    9542b32dd95d60fa9bf0866208b1a0ad

  • SHA1

    b0eb3ca130e56be28f7d7b787dcee1aa11bfa246

  • SHA256

    11c6c95e01f1ca6c4480fff356afcc4fb9de8623edd4953e350451e395274d10

  • SHA512

    33d0222bf3bf148179eb5e619f2eb9a4e07330a5f1ac1ad0d1953f047adef168fe8201664f68fb584f01b81bc075b3c22280c65cf9028e73d9a9ff83a14b9114

  • SSDEEP

    12288:jg3dMdIu2T546BaoWuZIpZut+VT3KNOiAAZWIHU8c0gacqa:jg3dMdIu2l4oaju+/u3wEU90ga

Score
10/10
blackmoonbankertrojan

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 3 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\11c6c95e01f1ca6c4480fff356afcc4fb9de8623edd4953e350451e395274d10.exe
    "C:\Users\Admin\AppData\Local\Temp\11c6c95e01f1ca6c4480fff356afcc4fb9de8623edd4953e350451e395274d10.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:4452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Public\Documents\tyry.dll
    Filesize

    2KB

    MD5

    7943effe67a4647e06def2348949020e

    SHA1

    eabd561f0639a975de259633f63896d82c3f878d

    SHA256

    3fac47db92d581b2daef7a4f9493be2fe441041e5158101d80873d05808d5cfa

    SHA512

    c9db1962e7457c94426c2a5c7f439736697d4399db6982c45357459d58805daa4a9d297912135488b6990e265ffa59d687fd5ba43717aab46ccc212083ef5003

    Download Submit

  • memory/4452-137-0x0000000002200000-0x000000000222D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/4452-138-0x0000000002200000-0x000000000222D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/4452-139-0x0000000002200000-0x000000000222D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/4452-140-0x00000000021D0000-0x00000000021D3000-memory.dmp

    Filesize

    12KB

    Download