Analysis Overview
SHA256
b71ed1f09e16ce89c7ea9b64feba1e8d39b8103191062ec3f85dc8a689ac3525
Threat Level: Known bad
The file sgiusd表格文件dhu2 .exe was found to be: Known bad.
Malicious Activity Summary
Detect Blackmoon payload
Blackmoon, KrBanker
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-05-18 01:24
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-18 01:24
Reported
2024-05-18 01:26
Platform
win10v2004-20240426-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Blackmoon, KrBanker
Detect Blackmoon payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\sgiusd表格文件dhu2 .exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\sgiusd表格文件dhu2 .exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\sgiusd表格文件dhu2 .exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\sgiusd表格文件dhu2 .exe
"C:\Users\Admin\AppData\Local\Temp\sgiusd表格文件dhu2 .exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| BE | 2.17.196.137:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.196.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| BE | 2.17.196.137:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 52.111.227.14:443 | tcp | |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 74.239.69.13.in-addr.arpa | udp |
Files
memory/4928-0-0x0000000002160000-0x000000000218E000-memory.dmp
memory/4928-1-0x0000000002160000-0x000000000218E000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-18 01:24
Reported
2024-05-18 01:26
Platform
win7-20240221-en
Max time kernel
121s
Max time network
123s
Command Line
Signatures
Blackmoon, KrBanker
Detect Blackmoon payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\sgiusd表格文件dhu2 .exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\sgiusd表格文件dhu2 .exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\sgiusd表格文件dhu2 .exe
"C:\Users\Admin\AppData\Local\Temp\sgiusd表格文件dhu2 .exe"
Network
Files
memory/1952-0-0x00000000003B0000-0x00000000003DE000-memory.dmp
memory/1952-1-0x00000000003B0000-0x00000000003DE000-memory.dmp