Overview

overview

10

Static

static

7

ec7c684c0f...b4.exe

windows7-x64

10

ec7c684c0f...b4.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    25/11/2023, 04:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ec7c684c0fb0fa8d61f5304e0531ab82fa7ef356a00d808072d0d47c833eceb4.exe

  • Size

    1.4MB

  • MD5

    740f5a2470924adf6f235521d5e84291

  • SHA1

    2022bf39ee0205ac548e74a378ba17c0f62a8b54

  • SHA256

    ec7c684c0fb0fa8d61f5304e0531ab82fa7ef356a00d808072d0d47c833eceb4

  • SHA512

    71abf1aa6cc5a08fde97eaef537d83f321b12ec6f8ae69686848671ed31f5e75a1c0cfb92e656f0fc428e88c05ca0f6bd86e53b421fd38923f8cdc08db475cad

  • SSDEEP

    24576:HJtykDzVdMYeIq3xDwj+A9Q3PZhTHetfW41MMTjZn73T6ofhXrc5266BH6cQqqs8:PyIzrderhvZlqxfhX+kacpAZI7xg

Score
10/10
blackmoonbankertrojanupx

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 1 IoCs
  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 1 IoCs
  • UPX packed file 19 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ec7c684c0fb0fa8d61f5304e0531ab82fa7ef356a00d808072d0d47c833eceb4.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7c684c0fb0fa8d61f5304e0531ab82fa7ef356a00d808072d0d47c833eceb4.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\AntiVC.dll
    Filesize

    47KB

    MD5

    ed0c74815e4d0c37563d89c7af54f2cc

    SHA1

    f12d4e876740769fe8c81fa421827140c8a0cf4e

    SHA256

    f07eb8723995cf5c90bad1a3fa3bc6419dad3952f238413c9b62d1f8ef292945

    SHA512

    0bccb938bca4f4546879119d81a2e7fe88552f87ab7e3cdfe7b70cd7bbcd847a607ff9e4423448e6bd87ffb901780041ad4fae1261ae7adbece53654935fc4ab

    Download Submit

  • memory/2204-13-0x0000000000400000-0x0000000000AE6000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2204-19-0x0000000000400000-0x0000000000AE6000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2204-6-0x0000000000400000-0x0000000000AE6000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2204-7-0x0000000010000000-0x0000000010052000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2204-8-0x0000000000400000-0x0000000000AE6000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2204-10-0x0000000000400000-0x0000000000AE6000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2204-11-0x0000000000400000-0x0000000000AE6000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2204-0-0x0000000000400000-0x0000000000AE6000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2204-5-0x0000000010000000-0x0000000010052000-memory.dmp

    Filesize

    328KB

    Download

  • memory/2204-15-0x0000000000400000-0x0000000000AE6000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2204-17-0x0000000000400000-0x0000000000AE6000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2204-21-0x0000000000400000-0x0000000000AE6000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2204-23-0x0000000000400000-0x0000000000AE6000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2204-25-0x0000000000400000-0x0000000000AE6000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2204-27-0x0000000000400000-0x0000000000AE6000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2204-29-0x0000000000400000-0x0000000000AE6000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2204-31-0x0000000000400000-0x0000000000AE6000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2204-33-0x0000000000400000-0x0000000000AE6000-memory.dmp

    Filesize

    6.9MB

    Download