Overview

overview

10

Static

static

10

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230621-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-06-2023 12:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tmp.exe

  • Size

    4.3MB

  • MD5

    ab3ad25cdcf1f451563cf08b50f415a1

  • SHA1

    e684008debaa280316ab4c35d47479a20d030057

  • SHA256

    a53c8d5d80b788145c7903b7fac6515f4ec6064a78f175ef224ed6f8ef071e2d

  • SHA512

    b8e9d1973162bdd18f53e3917d9ddb36eea25f78bd22be1b06c5e171b08292a7cd23c9c39e783394708c701e902c510a23f67219dafc479d1b7289219e7bf9e4

  • SSDEEP

    98304:NS3PA2sI9rJZndrsPfACApodEiyaww2owkeIFNQTSSYTM9YKe9AYoDDN5xnr7GMj:NS/AtI9rOPIhU72o5Np7KMhoDh5xnI2Z

Score
10/10
blackmoonbankertrojanupx

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\tmp.exe
    "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:4824
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k netsvcs -p
    1⤵
    • Drops file in System32 directory
    PID:2468

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\E2EECore.2.7.2.dll
    Filesize

    8.4MB

    MD5

    8b6c94bbdbfb213e94a5dcb4fac28ce3

    SHA1

    b56102ca4f03556f387f8b30e2b404efabe0cb65

    SHA256

    982a177924762f270b36fe34c7d6847392b48ae53151dc2011078dceef487a53

    SHA512

    9d6d63b5d8cf7a978d7e91126d7a343c2f7acd00022da9d692f63e50835fdd84a59a93328564f10622f2b1f6adfd7febdd98b8ddb294d0754ed45cc9c165d25a

    Download Submit

  • memory/4824-133-0x0000000000400000-0x0000000000A7A000-memory.dmp

    Filesize

    6.5MB

    Download

  • memory/4824-139-0x0000000000400000-0x0000000000A7A000-memory.dmp

    Filesize

    6.5MB

    Download