blacknet | 7d69e0d82e74059115486fae5dd5ac6463c7fccd91dbbcaa9587117c7d201ddb

Resubmissions

22-04-2024 22:02

22-04-2024 19:25

19-04-2024 03:02

max time kernel
1476s
max time network
1499s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
22-04-2024 19:25

Target

2e4d8723602c5ffc6409dceb0cb4ced2e749e374a0fcd41fe92e0fd50f817c5b.exe
Size

141KB
MD5

8c64a02c90f20524920e6e5e482b5a55
SHA1

cc0f119b3d8e6d91f6e49d9cd21df4bc6b478b52
SHA256

2e4d8723602c5ffc6409dceb0cb4ced2e749e374a0fcd41fe92e0fd50f817c5b
SHA512

45b43dace1960596f7da79f9fec0dc4189ad7d8c5c3d6f6372a6b52d5adc5077ab50e5832852b0e69c92a02b637fb96d5b2f275738a653cb1113e42a9c2a7105
SSDEEP

1536:VZuhD5z28TC2u8OpBPncFPAcTgbSUPH4Lh0tY7:ah0BPncKCgbSKHahoY7

Score

10^/10

blacknet trojan

BlackNET
BlackNET is an open source remote access tool written in VB.NET.
trojan blacknet

Suspicious behavior: EnumeratesProcesses 17 IoCs

Processes:

2e4d8723602c5ffc6409dceb0cb4ced2e749e374a0fcd41fe92e0fd50f817c5b.exe

pid	process
3944	2e4d8723602c5ffc6409dceb0cb4ced2e749e374a0fcd41fe92e0fd50f817c5b.exe
3944	2e4d8723602c5ffc6409dceb0cb4ced2e749e374a0fcd41fe92e0fd50f817c5b.exe
3944	2e4d8723602c5ffc6409dceb0cb4ced2e749e374a0fcd41fe92e0fd50f817c5b.exe
3944	2e4d8723602c5ffc6409dceb0cb4ced2e749e374a0fcd41fe92e0fd50f817c5b.exe
3944	2e4d8723602c5ffc6409dceb0cb4ced2e749e374a0fcd41fe92e0fd50f817c5b.exe
3944	2e4d8723602c5ffc6409dceb0cb4ced2e749e374a0fcd41fe92e0fd50f817c5b.exe
3944	2e4d8723602c5ffc6409dceb0cb4ced2e749e374a0fcd41fe92e0fd50f817c5b.exe
3944	2e4d8723602c5ffc6409dceb0cb4ced2e749e374a0fcd41fe92e0fd50f817c5b.exe
3944	2e4d8723602c5ffc6409dceb0cb4ced2e749e374a0fcd41fe92e0fd50f817c5b.exe
3944	2e4d8723602c5ffc6409dceb0cb4ced2e749e374a0fcd41fe92e0fd50f817c5b.exe
3944	2e4d8723602c5ffc6409dceb0cb4ced2e749e374a0fcd41fe92e0fd50f817c5b.exe
3944	2e4d8723602c5ffc6409dceb0cb4ced2e749e374a0fcd41fe92e0fd50f817c5b.exe
3944	2e4d8723602c5ffc6409dceb0cb4ced2e749e374a0fcd41fe92e0fd50f817c5b.exe
3944	2e4d8723602c5ffc6409dceb0cb4ced2e749e374a0fcd41fe92e0fd50f817c5b.exe
3944	2e4d8723602c5ffc6409dceb0cb4ced2e749e374a0fcd41fe92e0fd50f817c5b.exe
3944	2e4d8723602c5ffc6409dceb0cb4ced2e749e374a0fcd41fe92e0fd50f817c5b.exe
3944	2e4d8723602c5ffc6409dceb0cb4ced2e749e374a0fcd41fe92e0fd50f817c5b.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

2e4d8723602c5ffc6409dceb0cb4ced2e749e374a0fcd41fe92e0fd50f817c5b.exe

description pid process

Token: SeDebugPrivilege 3944 2e4d8723602c5ffc6409dceb0cb4ced2e749e374a0fcd41fe92e0fd50f817c5b.exe

description	pid	process
Token: SeDebugPrivilege	3944	2e4d8723602c5ffc6409dceb0cb4ced2e749e374a0fcd41fe92e0fd50f817c5b.exe

memory/3944-0-0x000000001B800000-0x000000001B8A6000-memory.dmp

Filesize
664KB

Download
memory/3944-2-0x0000000001150000-0x0000000001160000-memory.dmp

Filesize
64KB

Download
memory/3944-1-0x00007FF8AB790000-0x00007FF8AC131000-memory.dmp

Filesize
9.6MB

Download
memory/3944-3-0x000000001BD80000-0x000000001C24E000-memory.dmp

Filesize
4.8MB

Download
memory/3944-4-0x000000001C2F0000-0x000000001C38C000-memory.dmp

Filesize
624KB

Download
memory/3944-5-0x00007FF8AB790000-0x00007FF8AC131000-memory.dmp

Filesize
9.6MB

Download
memory/3944-6-0x0000000000F30000-0x0000000000F38000-memory.dmp

Filesize
32KB

Download
memory/3944-7-0x000000001C500000-0x000000001C54C000-memory.dmp

Filesize
304KB

Download
memory/3944-8-0x0000000001150000-0x0000000001160000-memory.dmp

Filesize
64KB

Download
memory/3944-9-0x000000001ECF0000-0x000000001ED52000-memory.dmp

Filesize
392KB

Download
memory/3944-10-0x0000000001150000-0x0000000001160000-memory.dmp

Filesize
64KB

Download
memory/3944-11-0x00007FF8AB790000-0x00007FF8AC131000-memory.dmp

Filesize
9.6MB

Download
memory/3944-12-0x0000000001150000-0x0000000001160000-memory.dmp

Filesize
64KB

Download
memory/3944-13-0x0000000001150000-0x0000000001160000-memory.dmp

Filesize
64KB

Download
memory/3944-14-0x0000000001150000-0x0000000001160000-memory.dmp

Filesize
64KB

Download