Overview

overview

10

Static

static

10

fcc84413e9...78.exe

windows7-x64

10

fcc84413e9...78.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    07/10/2023, 10:03

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    fcc84413e95e1c264635a78e44e4a8e91b1a246840310a96264e30d5f4189478.exe

  • Size

    4.3MB

  • MD5

    f688126583a05d3c1f1c148ec35fd7d8

  • SHA1

    40f0c8b81e4f7dab20976888e32e57974f2da16b

  • SHA256

    fcc84413e95e1c264635a78e44e4a8e91b1a246840310a96264e30d5f4189478

  • SHA512

    919cbd316d7334160eafd1ca6be064ffe9106763a9a5a8df92c1b94777db5adf6fe53b8953e1ff93fd755ac686e33e38e46a381d72032ec7cf1af7c9cb553c2c

  • SSDEEP

    98304:ciSKMbPs4ZcvDXGsUgG1/Q/g+ZmiPDC+kAE:6GDZHFg+ZTrnkJ

Score
10/10
blackmoonbankertrojan

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fcc84413e95e1c264635a78e44e4a8e91b1a246840310a96264e30d5f4189478.exe
    "C:\Users\Admin\AppData\Local\Temp\fcc84413e95e1c264635a78e44e4a8e91b1a246840310a96264e30d5f4189478.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:2588

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2588-0-0x0000000010000000-0x000000001001A000-memory.dmp

          Filesize

          104KB

          Download

        • memory/2588-1-0x0000000077280000-0x0000000077390000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/2588-3-0x0000000002A40000-0x0000000002B50000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/2588-2-0x0000000002250000-0x00000000022A9000-memory.dmp

          Filesize

          356KB

          Download

        • memory/2588-4-0x0000000002920000-0x00000000029D4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/2588-14-0x0000000000BA0000-0x0000000000BA1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2588-15-0x00000000003A0000-0x00000000003A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2588-19-0x0000000010000000-0x000000001001A000-memory.dmp

          Filesize

          104KB

          Download

        • memory/2588-20-0x0000000002250000-0x00000000022A9000-memory.dmp

          Filesize

          356KB

          Download

        • memory/2588-21-0x0000000002920000-0x00000000029D4000-memory.dmp

          Filesize

          720KB

          Download

        • memory/2588-22-0x00000000003A0000-0x00000000003A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2588-23-0x00000000003F0000-0x00000000003F1000-memory.dmp

          Filesize

          4KB

          Download