Overview

overview

10

Static

static

10

d0bd6e9de8...14.exe

windows7-x64

10

d0bd6e9de8...14.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    23-05-2024 17:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d0bd6e9de8ffcb005b3601e35de0109cfd421f7a4baeb85d00afe599f432ab14.exe

  • Size

    4.5MB

  • MD5

    220589bfb0721d7e587c64e5d630b024

  • SHA1

    981d202e109e6672b43a5fa6921cfd3adf2309b7

  • SHA256

    d0bd6e9de8ffcb005b3601e35de0109cfd421f7a4baeb85d00afe599f432ab14

  • SHA512

    527849e3e2819e099a9fad6d16ffc092a19c6833237be9fc331405177996489905d0e61247a41b679ffbea942f8be0e68bc6b758ae65ebf4063b3da65f4bdedb

  • SSDEEP

    49152:xNIlzFEedDqnroHO8wOZHOlvbuambSIN+6a9AknH:xNIRcnsHtvZHUbmb/+TK

Score
10/10
blackmoonbankerdiscoveryspywarestealertrojanupx

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 27 IoCs
  • Drops file in Drivers directory 2 IoCs
  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 15 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
    adwarespyware
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d0bd6e9de8ffcb005b3601e35de0109cfd421f7a4baeb85d00afe599f432ab14.exe
    "C:\Users\Admin\AppData\Local\Temp\d0bd6e9de8ffcb005b3601e35de0109cfd421f7a4baeb85d00afe599f432ab14.exe"
    1⤵
    • Drops file in Drivers directory
    • Loads dropped DLL
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1260
    • C:\Users\Admin\AppData\Local\Temp\d0bd6e9de8ffcb005b3601e35de0109cfd421f7a4baeb85d00afe599f432ab14.exe
      "C:\Users\Admin\AppData\Local\Temp\d0bd6e9de8ffcb005b3601e35de0109cfd421f7a4baeb85d00afe599f432ab14.exe" Master
      2⤵
      • Drops file in Drivers directory
      • Loads dropped DLL
      • Enumerates connected drives
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2632
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.30my.com/
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1436
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1436 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1420

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    102392d62eb4d8e60659e8430357ade8

    SHA1

    26b2658ed45f3ecd88b1805600f1755bb9959fe2

    SHA256

    03de17c4edaf64e0811ef896d38c263856a9f1cd61a80a3a11adeae8a2c1f0c0

    SHA512

    6e3ab457a4049a80f46f26ba9862e8c73d0ac49e52f9027d4396e6542467be619cc77835960560b8ea7952453347de8c3c63cbeb5133706636b0347fd2a56a7f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    efece646f28f18686637e741c0fba6fc

    SHA1

    a4821a3da97fe764f360d618d0c407896ac46c67

    SHA256

    735932c3336bf33728abba74e0336752aca5556048a9863b4a7c7ccc8c1b5095

    SHA512

    abaacb4959127e310d97272377b65fb4d0ead31494c8a0f4f38034df4cc090d6f4a97f4b4261ef57d3f4acae8a4b623002bda1d7e6bcf4736762da3fe451c3f6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    57bfd1f649b96c4b2490ff816461e404

    SHA1

    dabda24f5d6540c13b59b10ed910901f4b7479cb

    SHA256

    2814da3b942b3e78d742c09cc34cd9801ae232786fc6db1f791396fad5a9460b

    SHA512

    c608b9c470cec9e752a90095392cbe0a3f408b93aad1d9b34d146dcb6f3728ccc8a83719d45a796821920b3e3453590e3420b108889207607e55996f5c4d1db1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c4289379b7fe679e7aa3313163ec8a90

    SHA1

    b38f51ef3c00c9be9f2eba4a63562fffb8d4e004

    SHA256

    e84db8fac4d875de285fd157c74199b7aaef588d93cb3a286c71b493e58191be

    SHA512

    95b6d398298a7d7c1395da38ac6e6c95d2a6a0b631526e1aca101a06fea69b1b15ec3705d36b72e4293d13a6ae9a2fefd3b761802ef984fe9ff15855b3fd7041

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ffa3d352a576616d457050fcea2ca843

    SHA1

    8eb4288c17b23b5de62e2de7a23623235f70f3d2

    SHA256

    d52e77529788768da1f8717106ffa384f3200070a58f5ddb950789bb12f7e1c6

    SHA512

    dbc4117193d558e13b3c85f725a5380fdaa30b73e170efc3d945b6d522ef2c5b436dc9404a34fa4beb40d10afb01591f79c17c1a311689b12665f66e0928f2c6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    da1072ee597df4fbc4a36f1bd65556a7

    SHA1

    516b63eac72e3beaa817cd20b25217838ebef36b

    SHA256

    10a3b7b18b2f3086972c8b8117b9a01f6e932fd8e7c3c0bdd5455e1145380f62

    SHA512

    149cd2cca6d15cff956e2246f396c0af741ce8ef4ef7d9df74e737b67a0d52cb8a65687b5cc54d109bf2b0bb22c3c7cf9f643f08ca8615edacb33854b7e85ad0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fb0a7eac8f2044e6f212ab88c5d6b46a

    SHA1

    63ed46039beaa0e05388bb56ba2b8ffdf76488dd

    SHA256

    9829629f96897029965d28f15972e8d3cb2a095ca397eac171ec908bf5c788ec

    SHA512

    0de77fa0f0df6c8d2d7ce9b114ddcd5b1b8ba55b5893d75264e36ff253c235ee3fb33133bed938e984a07da0a6240a26ca07086ad5feb826333b9015edb4470b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f7607e0e90665dc40e58cb8dfafe4b22

    SHA1

    81647cab1ec8d67d24938c6c9ca6c9f290f3e552

    SHA256

    578d1720dd34a4b0ecd1e3aa9bf2616f4ae70f5486d6c4fa0ce129974b37444b

    SHA512

    5406d701bbdc42001743711dde9f6612d819869d62b3975700228d4b95d5fcb30a021a6664a28956ed16fc231cc556a210df9adee1ab453d0c9dc5a6fda82a96

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    be2794b519768127237609d6c9da22fd

    SHA1

    c7b3187d08007fd36386d205bcae464eba3898fd

    SHA256

    4735e5926b5bb8a6754e0466cac27f193a319a20fa499be1f315d262b8f63312

    SHA512

    7f1bb3ddaee46af7b2da931fc0437ddfde535bb5bd6dbadde1c54ca9b124a5991b2df395071f180a8e0057049ea87b2e4fb0994eb0b2dd3912c12797daa4b735

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    066014ae427239666dbf2d6f2a2e88d1

    SHA1

    8ba4bce46a2b9eac831e81df3a87640142f58dfc

    SHA256

    27a6c5da112970cf200f13b933292f692e1cfce7b57fee47aabc7c3325b3386f

    SHA512

    9663c3aef07faf9992712531b3e054dc7436efa67b2022840ac04c18b424f373aa162ea59de9d5d558be015e0eedf37c91fe92a540ca295c6cfd905e014a92e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    86835d312c88fcbf812f05a9fe3bf848

    SHA1

    848b08be53f228abbfb9cb396c89fd94a2ce74d7

    SHA256

    b97df13b1683f2fb5ada19f9e4255c62701453d4f27f5df42c5f5296cf423c9b

    SHA512

    fac6f2976b6db88cc564c2b874365f7bd1543c16e4ebaac79b3e931231937bdb759ccd2ba14c89aec5e69a3eb13b7810de00159da9ea642cf3d15f1ba517a5ad

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3BF9.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3CEA.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • C:\Users\Admin\Desktop\ħÓò·¢²¼Íø.url
    Filesize

    120B

    MD5

    5c8c7c3ce78aa0a9d56f96ab77676682

    SHA1

    1a591e2d34152149274f46d754174aa7a7bb2694

    SHA256

    40a172493bd1337c6bfd9c0af15be6d6e5d539135dd766577a05362e859ff806

    SHA512

    8ef03cf1967157cf019d1e7b585a45042642d5a1d82c90ef68f1256e40fe162460e7c26919b1fdf8c33de9f95201ee6a13e69676436d7251a017c04fdf047a77

    Download Submit

  • C:\Windows\SysWOW64\msvcp30.ini
    Filesize

    18B

    MD5

    2cd7883782c594d2e2654f8fe988fcbe

    SHA1

    042bcb87c29e901d70c0ad0f8fa53e0338c569fc

    SHA256

    aa98ce751ef6ac5401a9278f30c06e250dbbd5e8c2e2c378b0fdf33a205d7037

    SHA512

    88413dc63847682207d2b1e6cdfcb3de9cc73da5f900a1948e4aa262da20056bcb2486ee8a7c8a4f9b0aa3fdff6b99061262fbc67aebc99bf0b42e5bfc7db360

    Download Submit

  • C:\Windows\msvcp30.ico
    Filesize

    264KB

    MD5

    bdccf3c42497089ae7001328305906ed

    SHA1

    cf6f28e09d98ebe516b408e6b15f03f5891fdc79

    SHA256

    5f191e3486c0bafdd237f8b79f6ce0f69d1f8c9f8c948d14ab061db36286b2f2

    SHA512

    d7876d8d414ca48903393aa523296ffe35bfa3c6b5bfc4ce70adfc93d31efa61a9bfeea571754cde2e205416e57c13df5c45551b5e6aae6eb53b951065ebbf5d

    Download Submit

  • \Windows\SysWOW64\msvcp30.dll
    Filesize

    93KB

    MD5

    a6c4f055c797a43def0a92e5a85923a7

    SHA1

    efaa9c3a065aff6a64066f76e7c77ffcaaf779b2

    SHA256

    73bd285ac6fba28108cdc0d7311e37c4c4fc3ba7d0069c4370778ac3099e21a9

    SHA512

    d8120f7f59c212867c78af42f93db64d35f2d6eae7fc09021c0a6d8ca71a14bd2b2a3006027094ee2edcf65634dcdb3ac96da3ac810171fff021bed4c4254957

    Download Submit

  • memory/1260-6-0x0000000002220000-0x000000000244F000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1260-15-0x00000000008A0000-0x00000000008B1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1260-48-0x00000000021F0000-0x00000000021F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1260-39-0x0000000002220000-0x000000000244F000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1260-36-0x0000000002220000-0x000000000244F000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1260-34-0x0000000000400000-0x0000000000891000-memory.dmp

    Filesize

    4.6MB

    Download

  • memory/1260-35-0x0000000074CC0000-0x0000000074CFC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1260-33-0x0000000002220000-0x000000000244F000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1260-30-0x0000000074CC0000-0x0000000074CFC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1260-50-0x0000000000400000-0x0000000000891000-memory.dmp

    Filesize

    4.6MB

    Download

  • memory/1260-0-0x0000000002220000-0x000000000244F000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1260-16-0x00000000008A0000-0x00000000008B1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1260-21-0x0000000002220000-0x000000000244F000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1260-22-0x00000000008A0000-0x00000000008B1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1260-1-0x0000000002220000-0x000000000244F000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1260-2-0x0000000010000000-0x0000000010008000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1260-53-0x0000000074CC0000-0x0000000074CFC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1260-52-0x0000000002220000-0x000000000244F000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1260-8-0x00000000003F0000-0x00000000003FF000-memory.dmp

    Filesize

    60KB

    Download

  • memory/1260-12-0x00000000008A0000-0x00000000008B1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2632-69-0x0000000000B90000-0x0000000000BA1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2632-105-0x0000000002200000-0x000000000242F000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2632-106-0x0000000002860000-0x0000000002861000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2632-113-0x0000000002200000-0x000000000242F000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2632-114-0x0000000074CB0000-0x0000000074CEC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2632-96-0x0000000002200000-0x000000000242F000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2632-93-0x0000000002200000-0x000000000242F000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2632-92-0x0000000074CB0000-0x0000000074CEC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2632-54-0x0000000002200000-0x000000000242F000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2632-65-0x0000000000A80000-0x0000000000A8F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2632-59-0x0000000002200000-0x000000000242F000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2632-72-0x0000000000B90000-0x0000000000BA1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2632-75-0x0000000000B90000-0x0000000000BA1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2632-90-0x0000000002200000-0x000000000242F000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2632-74-0x0000000002200000-0x000000000242F000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2632-87-0x0000000074CB0000-0x0000000074CEC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2632-73-0x0000000000B90000-0x0000000000BA1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2632-56-0x0000000002200000-0x000000000242F000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2632-55-0x0000000010000000-0x0000000010008000-memory.dmp

    Filesize

    32KB

    Download