Analysis
-
max time kernel
30s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230621-en -
resource tags
-
submitted
28-06-2023 05:48
General
-
Target
tmp.exe
-
Size
453KB
-
MD5
ad72103c0392d0880d79bce873d3940d
-
SHA1
8abaada5cb9b16e2a02f1c295d158ec753e85145
-
SHA256
73b24e24d770965decbfc5e7e6e74f1f72f1dfdc0f96e8bb587779a3974d385d
-
SHA512
6c7eccf172ac6ed26fb070d7e8e99ce0f71b0eac2e866743b3d954999fefa0e2705bcc60649bd7f9386363f0ccfded108851896885b6cd8959967b7ac69d6ef4
-
SSDEEP
12288:ofc4FdcU6F1WA8gBSRDRpURAet9lVZwyIo:ofhFL6F19RSRDE7tMR
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 1 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\tmp.exe"C:\Users\Admin\AppData\Local\Temp\tmp.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1784-54-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1784-55-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1784-56-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1784-58-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1784-60-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1784-62-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1784-64-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1784-66-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1784-68-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1784-70-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1784-72-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1784-74-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1784-80-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1784-78-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1784-76-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1784-86-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1784-84-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1784-82-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1784-88-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1784-92-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1784-90-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1784-96-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1784-94-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1784-97-0x0000000001CF0000-0x0000000001CF8000-memory.dmpFilesize
32KB
-
memory/1784-98-0x0000000000400000-0x00000000005BE000-memory.dmpFilesize
1.7MB
-
memory/1784-99-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1784-100-0x0000000001CF0000-0x0000000001CF8000-memory.dmpFilesize
32KB
-
memory/1784-101-0x0000000001D00000-0x0000000001D07000-memory.dmpFilesize
28KB