Overview

overview

10

Static

static

7

2ba41da2b1...0a.exe

windows7-x64

10

2ba41da2b1...0a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    23/11/2023, 15:59

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2ba41da2b1e03d992c20422e619144da23ee516ec4c265c620e5bde53c465b0a.exe

  • Size

    11.2MB

  • MD5

    7219e0231035d8d8425749645bd2cc79

  • SHA1

    b580f7a286ffe751b863410f57d33a6bfff1be5c

  • SHA256

    2ba41da2b1e03d992c20422e619144da23ee516ec4c265c620e5bde53c465b0a

  • SHA512

    6c55885166edf641a321f0c6f8ec95ea3aa28ecb0ed3513c6a84f83d7fffa045570a74711274d1a18c6406fe9b3924983d3c9c2ab37d25a2cbd94843359de175

  • SSDEEP

    196608:ICBAoVfIAAsyUuzD8u8NYJwPbX3A2I8KpmLn7UC5UNaHVTVzkrWk/4zECLRh2Nei:IOAsxzGk3dIje7UC5UtrWC4lLRwNGI/

Score
10/10
blackmoonaspackv2bankertrojan

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 16 IoCs
  • ASPack v2.12-2.42 4 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 42 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 26 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2ba41da2b1e03d992c20422e619144da23ee516ec4c265c620e5bde53c465b0a.exe
    "C:\Users\Admin\AppData\Local\Temp\2ba41da2b1e03d992c20422e619144da23ee516ec4c265c620e5bde53c465b0a.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2120
    • F:\ACPCkR2XS_d3\7ufgwMX8H651\bi5ypzOYlED\OGfsNBu5kvUc\6u5h4CmlOe.exe
      F:\ACPCkR2XS_d3\7ufgwMX8H651\bi5ypzOYlED\OGfsNBu5kvUc\6u5h4CmlOe.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetThreadContext
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2820
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c wmic OS Get DataExecutionPrevention_SupportPolicy>"C:\cmd_dep.txt"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2632
        • C:\Windows\SysWOW64\Wbem\WMIC.exe
          wmic OS Get DataExecutionPrevention_SupportPolicy
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:1696
      • C:\Windows\SysWOW64\diskraid.exe
        C:\Windows\SysWOW64\diskraid.exe
        3⤵
        • Enumerates connected drives
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:1916
      • C:\Windows\SysWOW64\autoconv.exe
        C:\Windows\SysWOW64\autoconv.exe
        3⤵
          PID:2648
        • C:\Windows\SysWOW64\autoconv.exe
          C:\Windows\SysWOW64\autoconv.exe
          3⤵
            PID:2804
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\2BA41D~1.EXE > nul
          2⤵
            PID:2728

        Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\RSkinPSystem.ini
                Filesize

                155B

                MD5

                2816adcdcd1839f8df6d0c1d96fbc6ed

                SHA1

                79d1a0b695e06597b2c2c695c134dc8aecb59e45

                SHA256

                1963bda1191eb6036bbb80bbce785dc5a01f8706cfe65a3b651962af7c2885d8

                SHA512

                623bd610fdbb1776de558a67b10ce67e9775a3faf875205a8fbe60e92b01bfb4ef0e772bcb4f8be1c7578c8a20f8cc91b8773cdca61e84ca8ae5cc04ad230968

                Download Submit

              • C:\RSkinPSystem.ini
                Filesize

                155B

                MD5

                2816adcdcd1839f8df6d0c1d96fbc6ed

                SHA1

                79d1a0b695e06597b2c2c695c134dc8aecb59e45

                SHA256

                1963bda1191eb6036bbb80bbce785dc5a01f8706cfe65a3b651962af7c2885d8

                SHA512

                623bd610fdbb1776de558a67b10ce67e9775a3faf875205a8fbe60e92b01bfb4ef0e772bcb4f8be1c7578c8a20f8cc91b8773cdca61e84ca8ae5cc04ad230968

                Download Submit

              • C:\RSkinPSystem.ini
                Filesize

                637B

                MD5

                d8e10eefdd7d618f5ad2dc43b66b4b3c

                SHA1

                e1ded35ff82a74e27864323a3433ea369771d337

                SHA256

                fc7b14c153fb37e11d5419cbc528eec7b60298edf96bea7c15f33e8083ae7e9c

                SHA512

                2004a57476f8020aff3a91d80d7a1dc07d31823f5886ebe22a712d68046b54b36f1ce80bf1f864d20cbd1e9e70058e2f49e6f5ce7ce4a20f9e2f4b03c52d6f95

                Download Submit

              • C:\RSkinPSystem.ini
                Filesize

                637B

                MD5

                d8e10eefdd7d618f5ad2dc43b66b4b3c

                SHA1

                e1ded35ff82a74e27864323a3433ea369771d337

                SHA256

                fc7b14c153fb37e11d5419cbc528eec7b60298edf96bea7c15f33e8083ae7e9c

                SHA512

                2004a57476f8020aff3a91d80d7a1dc07d31823f5886ebe22a712d68046b54b36f1ce80bf1f864d20cbd1e9e70058e2f49e6f5ce7ce4a20f9e2f4b03c52d6f95

                Download Submit

              • C:\RSkinPSystem.ini
                Filesize

                129B

                MD5

                78d89536fa344a82364f1dda81d78f3a

                SHA1

                e866b4f7713f3b6718c2b4b836937c8b35ff7c31

                SHA256

                32c064c7c56cae4ea4ee32cf8ee2f110f2f715ed064c28c1a5e5b4b384439fa5

                SHA512

                2a04d9ea26e8617c60f5af189f2fce74baf151bb414390aa617adf140bce277d492764dc7a34671d0a09c61edebbd0b9f8d3ce591a2d6d54f66495f53cce6d58

                Download Submit

              • C:\Users\Admin\Desktop\RSkinP_OGfsNBu5kvUc.lnk
                Filesize

                857B

                MD5

                c33eb302b6710df29747910b8edeb1ce

                SHA1

                ed5301663701b7549b62afd9cfbc7583a681a7d1

                SHA256

                248533ffe1e9b94ab336dd1fb8ae9f59f1e04727a075f5f4cd108af77ffc1f73

                SHA512

                28500e2b05cd5500a5a09554007c1c4a571f342d20539b64b81d53cbfd55598694fb1241497589e609577b495703e94ab4098f954588713ccc549e231b643793

                Download Submit

              • C:\cmd_dep.txt
                Filesize

                166B

                MD5

                2986710bef827476b9eb344a98c1ef75

                SHA1

                be0fa9c426a07af85a7c3e471af5f6a9c1f020da

                SHA256

                5a1bb571dc286002b186cc2139ff0eddfbfbaad4fcaea3b8c987544d8f577768

                SHA512

                d7ab88def47721d4e50c096f85297945cc010cad295bb6fcc1613e500a19cccfdd7b04c502f27c7f70dd2ef7093239f5bbbaa28e55817001d0e0f9c0e213300c

                Download Submit

              • F:\ACPCkR2XS_d3\7ufgwMX8H651\bi5ypzOYlED\OGfsNBu5kvUc\6u5h4CmlOe.exe
                Filesize

                11.2MB

                MD5

                7219e0231035d8d8425749645bd2cc79

                SHA1

                b580f7a286ffe751b863410f57d33a6bfff1be5c

                SHA256

                2ba41da2b1e03d992c20422e619144da23ee516ec4c265c620e5bde53c465b0a

                SHA512

                6c55885166edf641a321f0c6f8ec95ea3aa28ecb0ed3513c6a84f83d7fffa045570a74711274d1a18c6406fe9b3924983d3c9c2ab37d25a2cbd94843359de175

                Download Submit

              • F:\ACPCkR2XS_d3\7ufgwMX8H651\bi5ypzOYlED\OGfsNBu5kvUc\6u5h4CmlOe.exe
                Filesize

                11.2MB

                MD5

                7219e0231035d8d8425749645bd2cc79

                SHA1

                b580f7a286ffe751b863410f57d33a6bfff1be5c

                SHA256

                2ba41da2b1e03d992c20422e619144da23ee516ec4c265c620e5bde53c465b0a

                SHA512

                6c55885166edf641a321f0c6f8ec95ea3aa28ecb0ed3513c6a84f83d7fffa045570a74711274d1a18c6406fe9b3924983d3c9c2ab37d25a2cbd94843359de175

                Download Submit

              • F:\ACPCkR2XS_d3\7ufgwMX8H651\bi5ypzOYlED\OGfsNBu5kvUc\6u5h4CmlOe.exe
                Filesize

                11.2MB

                MD5

                7219e0231035d8d8425749645bd2cc79

                SHA1

                b580f7a286ffe751b863410f57d33a6bfff1be5c

                SHA256

                2ba41da2b1e03d992c20422e619144da23ee516ec4c265c620e5bde53c465b0a

                SHA512

                6c55885166edf641a321f0c6f8ec95ea3aa28ecb0ed3513c6a84f83d7fffa045570a74711274d1a18c6406fe9b3924983d3c9c2ab37d25a2cbd94843359de175

                Download Submit

              • F:\kKVVNEBkZu_d4\IVQlaMVR\Z8EyZUzmdW\2okOJ6Rh\aoDOfXUC4\YUzmOs8PBzw.dll
                Filesize

                19.2MB

                MD5

                4c49605111aa0a6cba17a1b665ec3e2b

                SHA1

                a7b1587a111069118fff963cfd1a6d6e643a9442

                SHA256

                c5ce4ff4d7110eeb91b40059bb7f020fb7c94da87a6aa244789b58079dafbe6a

                SHA512

                e2da7b8b9aa23410f945c7ed55b3c6ed74fb28d00c7b33361a600d7c9c00efd76fd7a7b0d887f02c3217185b5489fd678d7aaf51e95977afc7f4530a4a0c23c7

                Download Submit

              • memory/1916-81-0x0000000010000000-0x0000000011709000-memory.dmp

                Filesize

                23.0MB

                Download

              • memory/1916-67-0x0000000000400000-0x0000000000420000-memory.dmp

                Filesize

                128KB

                Download

              • memory/1916-80-0x0000000010000000-0x0000000011709000-memory.dmp

                Filesize

                23.0MB

                Download

              • memory/1916-79-0x0000000010000000-0x0000000011709000-memory.dmp

                Filesize

                23.0MB

                Download

              • memory/1916-82-0x0000000010000000-0x0000000011709000-memory.dmp

                Filesize

                23.0MB

                Download

              • memory/1916-96-0x0000000003520000-0x0000000003530000-memory.dmp

                Filesize

                64KB

                Download

              • memory/1916-75-0x0000000000400000-0x0000000000420000-memory.dmp

                Filesize

                128KB

                Download

              • memory/1916-71-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1916-70-0x0000000000400000-0x0000000000420000-memory.dmp

                Filesize

                128KB

                Download

              • memory/1916-57-0x0000000000400000-0x0000000000420000-memory.dmp

                Filesize

                128KB

                Download

              • memory/1916-59-0x0000000000400000-0x0000000000420000-memory.dmp

                Filesize

                128KB

                Download

              • memory/1916-61-0x0000000000400000-0x0000000000420000-memory.dmp

                Filesize

                128KB

                Download

              • memory/1916-64-0x0000000000400000-0x0000000000420000-memory.dmp

                Filesize

                128KB

                Download

              • memory/2120-20-0x0000000003A60000-0x0000000003A70000-memory.dmp

                Filesize

                64KB

                Download

              • memory/2120-25-0x0000000008070000-0x00000000098CC000-memory.dmp

                Filesize

                24.4MB

                Download

              • memory/2120-10-0x0000000000400000-0x0000000001C5C000-memory.dmp

                Filesize

                24.4MB

                Download

              • memory/2120-37-0x0000000000400000-0x0000000001C5C000-memory.dmp

                Filesize

                24.4MB

                Download

              • memory/2120-13-0x0000000000400000-0x0000000001C5C000-memory.dmp

                Filesize

                24.4MB

                Download

              • memory/2120-2-0x0000000000400000-0x0000000001C5C000-memory.dmp

                Filesize

                24.4MB

                Download

              • memory/2120-0-0x0000000000400000-0x0000000001C5C000-memory.dmp

                Filesize

                24.4MB

                Download

              • memory/2120-1-0x0000000000400000-0x0000000001C5C000-memory.dmp

                Filesize

                24.4MB

                Download

              • memory/2120-3-0x0000000000400000-0x0000000001C5C000-memory.dmp

                Filesize

                24.4MB

                Download

              • memory/2820-26-0x0000000000400000-0x0000000001C5C000-memory.dmp

                Filesize

                24.4MB

                Download

              • memory/2820-27-0x0000000000400000-0x0000000001C5C000-memory.dmp

                Filesize

                24.4MB

                Download

              • memory/2820-83-0x0000000000400000-0x0000000001C5C000-memory.dmp

                Filesize

                24.4MB

                Download

              • memory/2820-24-0x0000000000400000-0x0000000001C5C000-memory.dmp

                Filesize

                24.4MB

                Download

              • memory/2820-28-0x0000000000400000-0x0000000001C5C000-memory.dmp

                Filesize

                24.4MB

                Download

              • memory/2820-78-0x0000000000400000-0x0000000001C5C000-memory.dmp

                Filesize

                24.4MB

                Download