Analysis
-
max time kernel
77s -
max time network
98s -
platform
windows10-2004_x64 -
resource
win10v2004-20230621-en -
resource tags
-
submitted
28-06-2023 05:48
General
-
Target
tmp.exe
-
Size
453KB
-
MD5
ad72103c0392d0880d79bce873d3940d
-
SHA1
8abaada5cb9b16e2a02f1c295d158ec753e85145
-
SHA256
73b24e24d770965decbfc5e7e6e74f1f72f1dfdc0f96e8bb587779a3974d385d
-
SHA512
6c7eccf172ac6ed26fb070d7e8e99ce0f71b0eac2e866743b3d954999fefa0e2705bcc60649bd7f9386363f0ccfded108851896885b6cd8959967b7ac69d6ef4
-
SSDEEP
12288:ofc4FdcU6F1WA8gBSRDRpURAet9lVZwyIo:ofhFL6F19RSRDE7tMR
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 2 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\tmp.exe"C:\Users\Admin\AppData\Local\Temp\tmp.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3268-134-0x0000000000400000-0x00000000005BE000-memory.dmpFilesize
1.7MB
-
memory/3268-133-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/3268-136-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/3268-137-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/3268-135-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/3268-139-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/3268-141-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/3268-143-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/3268-145-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/3268-147-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/3268-149-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/3268-151-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/3268-153-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/3268-155-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/3268-157-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/3268-159-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/3268-161-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/3268-163-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/3268-165-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/3268-167-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/3268-171-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/3268-169-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/3268-173-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/3268-175-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/3268-177-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/3268-178-0x00000000008A0000-0x00000000008A8000-memory.dmpFilesize
32KB
-
memory/3268-179-0x00000000008A0000-0x00000000008A8000-memory.dmpFilesize
32KB
-
memory/3268-180-0x00000000008C0000-0x00000000008C7000-memory.dmpFilesize
28KB
-
memory/3268-181-0x0000000000400000-0x00000000005BE000-memory.dmpFilesize
1.7MB
-
memory/3268-182-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB