blacknet | c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e

Analysis

max time kernel
27s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14-03-2024 02:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
Size

75KB
MD5

344392293aef0a7e7f30cbbde6e179c2
SHA1

3a6197e3f0dcdba4c7b0e3ed25f88a2fc51fb3f9
SHA256

c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e
SHA512

529671e2417d8ff5620e4fd44d84abbb69b523ebf4e85ec637eccfb85d2150c4ba49d801148e0861510d83df109cb4554cfef046677c077caf5210c7c16518ac
SSDEEP

1536:pZuhD5z28TC2WmvbTkN1PeITgbSUPH4LJ0tYIq:u/jTkNY+gbSKHaJoYI

Score

10^/10

blacknet persistence trojan

Malware Config

Signatures

BlackNET
BlackNET is an open source remote access tool written in VB.NET.
trojan blacknet

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\35dcbc7eb742dd4f1edfbccf7826c724 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe"	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe

pid	Process
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe

description	pid	Process
Token: SeDebugPrivilege	2896	c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe

C:\Users\Admin\AppData\Local\Temp\c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe
"C:\Users\Admin\AppData\Local\Temp\c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2896-0-0x000000001B4F0000-0x000000001B596000-memory.dmp

Filesize
664KB

Download
memory/2896-1-0x00007FF883CB0000-0x00007FF884651000-memory.dmp

Filesize
9.6MB

Download
memory/2896-2-0x000000001BAB0000-0x000000001BF7E000-memory.dmp

Filesize
4.8MB

Download
memory/2896-3-0x000000001C060000-0x000000001C0FC000-memory.dmp

Filesize
624KB

Download
memory/2896-4-0x0000000001010000-0x0000000001018000-memory.dmp

Filesize
32KB

Download
memory/2896-5-0x00007FF883CB0000-0x00007FF884651000-memory.dmp

Filesize
9.6MB

Download
memory/2896-6-0x000000001C1C0000-0x000000001C20C000-memory.dmp

Filesize
304KB

Download
memory/2896-7-0x0000000000EE0000-0x0000000000EF0000-memory.dmp

Filesize
64KB

Download
memory/2896-8-0x0000000000EE0000-0x0000000000EF0000-memory.dmp

Filesize
64KB

Download
memory/2896-9-0x000000001F370000-0x000000001F3D2000-memory.dmp

Filesize
392KB

Download
memory/2896-10-0x0000000000EE0000-0x0000000000EF0000-memory.dmp

Filesize
64KB

Download
memory/2896-11-0x0000000000EE0000-0x0000000000EF0000-memory.dmp

Filesize
64KB

Download
memory/2896-12-0x0000000000EE0000-0x0000000000EF0000-memory.dmp

Filesize
64KB

Download
memory/2896-13-0x0000000000EE0000-0x0000000000EF0000-memory.dmp

Filesize
64KB

Download
memory/2896-14-0x00000000207F0000-0x00000000208F0000-memory.dmp

Filesize
1024KB

Download
memory/2896-15-0x00000000207F0000-0x00000000208F0000-memory.dmp

Filesize
1024KB

Download
memory/2896-16-0x00000000207F0000-0x00000000208F0000-memory.dmp

Filesize
1024KB

Download
memory/2896-17-0x00000000207F0000-0x00000000208F0000-memory.dmp

Filesize
1024KB

Download
memory/2896-18-0x00000000207F0000-0x00000000208F0000-memory.dmp

Filesize
1024KB

Download
memory/2896-19-0x00000000207F0000-0x00000000208F0000-memory.dmp

Filesize
1024KB

Download
memory/2896-20-0x00000000207F0000-0x00000000208F0000-memory.dmp

Filesize
1024KB

Download
memory/2896-21-0x00000000207F0000-0x00000000208F0000-memory.dmp

Filesize
1024KB

Download
memory/2896-22-0x00000000207F0000-0x00000000208F0000-memory.dmp

Filesize
1024KB

Download
memory/2896-23-0x00000000207F0000-0x00000000208F0000-memory.dmp

Filesize
1024KB

Download
memory/2896-24-0x00000000207F0000-0x00000000208F0000-memory.dmp

Filesize
1024KB

Download
memory/2896-25-0x00000000207F0000-0x00000000208F0000-memory.dmp

Filesize
1024KB

Download
memory/2896-26-0x00000000207F0000-0x00000000208F0000-memory.dmp

Filesize
1024KB

Download
memory/2896-27-0x00000000207F0000-0x00000000208F0000-memory.dmp

Filesize
1024KB

Download
memory/2896-28-0x00000000207F0000-0x00000000208F0000-memory.dmp

Filesize
1024KB

Download
memory/2896-29-0x00000000207F0000-0x00000000208F0000-memory.dmp

Filesize
1024KB

Download
memory/2896-30-0x00000000207F0000-0x00000000208F0000-memory.dmp

Filesize
1024KB

Download
memory/2896-31-0x00007FF883CB0000-0x00007FF884651000-memory.dmp

Filesize
9.6MB

Download
memory/2896-32-0x00000000208F0000-0x0000000020AF0000-memory.dmp

Filesize
2.0MB

Download
memory/2896-33-0x00000000207F0000-0x00000000208F0000-memory.dmp

Filesize
1024KB

Download
memory/2896-34-0x00007FF883CB0000-0x00007FF884651000-memory.dmp

Filesize
9.6MB

Download
memory/2896-35-0x00000000208F0000-0x0000000020AF0000-memory.dmp

Filesize
2.0MB

Download
memory/2896-36-0x0000000000EE0000-0x0000000000EF0000-memory.dmp

Filesize
64KB

Download
memory/2896-37-0x00000000208F0000-0x0000000020AF0000-memory.dmp

Filesize
2.0MB

Download
memory/2896-38-0x0000000000EE0000-0x0000000000EF0000-memory.dmp

Filesize
64KB

Download
memory/2896-39-0x00000000208F0000-0x0000000020AF0000-memory.dmp

Filesize
2.0MB

Download
memory/2896-40-0x0000000000EE0000-0x0000000000EF0000-memory.dmp

Filesize
64KB

Download
memory/2896-41-0x00000000208F0000-0x0000000020AF0000-memory.dmp

Filesize
2.0MB

Download
memory/2896-42-0x0000000000EE0000-0x0000000000EF0000-memory.dmp

Filesize
64KB

Download
memory/2896-44-0x0000000000EE0000-0x0000000000EF0000-memory.dmp

Filesize
64KB

Download
memory/2896-43-0x0000000000EE0000-0x0000000000EF0000-memory.dmp

Filesize
64KB

Download
memory/2896-45-0x00000000207F0000-0x00000000208F0000-memory.dmp

Filesize
1024KB

Download
memory/2896-46-0x00000000207F0000-0x00000000208F0000-memory.dmp

Filesize
1024KB

Download
memory/2896-47-0x00000000207F0000-0x00000000208F0000-memory.dmp

Filesize
1024KB

Download
memory/2896-48-0x00000000208F0000-0x0000000020AF0000-memory.dmp

Filesize
2.0MB

Download
memory/2896-49-0x0000000000EE0000-0x0000000000EF0000-memory.dmp

Filesize
64KB

Download
memory/2896-50-0x00000000207F0000-0x00000000208F0000-memory.dmp

Filesize
1024KB

Download
memory/2896-51-0x00000000207F0000-0x00000000208F0000-memory.dmp

Filesize
1024KB

Download
memory/2896-52-0x00000000207F0000-0x00000000208F0000-memory.dmp

Filesize
1024KB

Download
memory/2896-54-0x00000000207F0000-0x00000000208F0000-memory.dmp

Filesize
1024KB

Download
memory/2896-53-0x00000000208F0000-0x0000000020AF0000-memory.dmp

Filesize
2.0MB

Download
memory/2896-56-0x00000000207F0000-0x00000000208F0000-memory.dmp

Filesize
1024KB

Download
memory/2896-57-0x00000000207F0000-0x00000000208F0000-memory.dmp

Filesize
1024KB

Download
memory/2896-58-0x00000000207F0000-0x00000000208F0000-memory.dmp

Filesize
1024KB

Download
memory/2896-59-0x00000000208F0000-0x0000000020AF0000-memory.dmp

Filesize
2.0MB

Download
memory/2896-60-0x00000000207F0000-0x00000000208F0000-memory.dmp

Filesize
1024KB

Download
memory/2896-61-0x00000000207F0000-0x00000000208F0000-memory.dmp

Filesize
1024KB

Download
memory/2896-55-0x00000000207F0000-0x00000000208F0000-memory.dmp

Filesize
1024KB

Download
memory/2896-62-0x00000000208F0000-0x0000000020AF0000-memory.dmp

Filesize
2.0MB

Download
memory/2896-63-0x00000000207F0000-0x00000000208F0000-memory.dmp

Filesize
1024KB

Download