Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    02-04-2024 10:49

General

  • Target

    2e4d8723602c5ffc6409dceb0cb4ced2e749e374a0fcd41fe92e0fd50f817c5b.exe

  • Size

    141KB

  • MD5

    8c64a02c90f20524920e6e5e482b5a55

  • SHA1

    cc0f119b3d8e6d91f6e49d9cd21df4bc6b478b52

  • SHA256

    2e4d8723602c5ffc6409dceb0cb4ced2e749e374a0fcd41fe92e0fd50f817c5b

  • SHA512

    45b43dace1960596f7da79f9fec0dc4189ad7d8c5c3d6f6372a6b52d5adc5077ab50e5832852b0e69c92a02b637fb96d5b2f275738a653cb1113e42a9c2a7105

  • SSDEEP

    1536:VZuhD5z28TC2u8OpBPncFPAcTgbSUPH4Lh0tY7:ah0BPncKCgbSKHahoY7

Score
10/10

Malware Config

Signatures

  • BlackNET

    BlackNET is an open source remote access tool written in VB.NET.

  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2e4d8723602c5ffc6409dceb0cb4ced2e749e374a0fcd41fe92e0fd50f817c5b.exe
    "C:\Users\Admin\AppData\Local\Temp\2e4d8723602c5ffc6409dceb0cb4ced2e749e374a0fcd41fe92e0fd50f817c5b.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2336-0-0x000007FEF5920000-0x000007FEF62BD000-memory.dmp

    Filesize

    9.6MB

  • memory/2336-1-0x0000000000A30000-0x0000000000AB0000-memory.dmp

    Filesize

    512KB

  • memory/2336-2-0x000007FEF5920000-0x000007FEF62BD000-memory.dmp

    Filesize

    9.6MB

  • memory/2336-3-0x0000000000A30000-0x0000000000AB0000-memory.dmp

    Filesize

    512KB

  • memory/2336-4-0x000007FEF5920000-0x000007FEF62BD000-memory.dmp

    Filesize

    9.6MB

  • memory/2336-5-0x0000000000A30000-0x0000000000AB0000-memory.dmp

    Filesize

    512KB