Analysis
-
max time kernel
30s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230621-en -
resource tags
-
submitted
21-06-2023 21:51
General
-
Target
1e43e968fa54cfe8837bd4eb44b2dcea41259aa65b5b2d1267ff39ea309e2d40.exe
-
Size
1.8MB
-
MD5
885e67fd720a17376929e8e917a930a8
-
SHA1
47c3be37de473ddb1e8db2ff8fbba077d769cd2d
-
SHA256
1e43e968fa54cfe8837bd4eb44b2dcea41259aa65b5b2d1267ff39ea309e2d40
-
SHA512
46836ca3a03948594346c61d0f8a81d3279551c71180acb33535fa599b8fc3c493ee96de97225aeb9aa4df3752ea721245e815d763995aab6212d663d36216a1
-
SSDEEP
49152:XSnP0icCb1VA/XwFQLvBeozhxbZynvZz0iyxrA:XSP/cS1sIQLJ3x8vZ3SA
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 5 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1e43e968fa54cfe8837bd4eb44b2dcea41259aa65b5b2d1267ff39ea309e2d40.exe"C:\Users\Admin\AppData\Local\Temp\1e43e968fa54cfe8837bd4eb44b2dcea41259aa65b5b2d1267ff39ea309e2d40.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1444-54-0x0000000000400000-0x0000000000871000-memory.dmpFilesize
4.4MB
-
memory/1444-56-0x0000000000400000-0x0000000000871000-memory.dmpFilesize
4.4MB
-
memory/1444-55-0x0000000000400000-0x0000000000871000-memory.dmpFilesize
4.4MB
-
memory/1444-57-0x0000000000400000-0x0000000000871000-memory.dmpFilesize
4.4MB
-
memory/1444-58-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1444-60-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1444-59-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1444-62-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1444-64-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1444-66-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1444-68-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1444-70-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1444-74-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1444-72-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1444-76-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1444-78-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1444-80-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1444-82-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1444-84-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1444-86-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1444-94-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1444-92-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1444-90-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1444-88-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1444-98-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1444-96-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1444-100-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1444-101-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1444-102-0x0000000000400000-0x0000000000871000-memory.dmpFilesize
4.4MB