Overview

overview

10

Static

static

10

9a3b241af0...da.exe

windows7-x64

10

9a3b241af0...da.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    126s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    23-05-2024 19:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9a3b241af01e5590f2e5896f46e738ee4d8251a69dc7ff9e463b0c675c21dada.exe

  • Size

    3.5MB

  • MD5

    656fc86af52dc060543065727a6b0884

  • SHA1

    90131ec4f6c71515d9b147b44c7cad6b2018731a

  • SHA256

    9a3b241af01e5590f2e5896f46e738ee4d8251a69dc7ff9e463b0c675c21dada

  • SHA512

    5ab0b1773a0784feefd7c505ff6f62fc819e1c2e574311909071f54b654b6f2f34700b744998115d53c6e88540aa58e5cf591099b7c56f94b8dd030f798bcfad

  • SSDEEP

    49152:TNIlbFEedDqnroHO4XGlDXwOZHOzH51IGgik:TNItcnsHXXoDXvZH4vii

Score
10/10
blackmoonbankerdiscoveryspywarestealertrojanupx

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 35 IoCs
  • Drops file in Drivers directory 2 IoCs
  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 15 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9a3b241af01e5590f2e5896f46e738ee4d8251a69dc7ff9e463b0c675c21dada.exe
    "C:\Users\Admin\AppData\Local\Temp\9a3b241af01e5590f2e5896f46e738ee4d8251a69dc7ff9e463b0c675c21dada.exe"
    1⤵
    • Drops file in Drivers directory
    • Loads dropped DLL
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3012
    • C:\Users\Admin\AppData\Local\Temp\9a3b241af01e5590f2e5896f46e738ee4d8251a69dc7ff9e463b0c675c21dada.exe
      "C:\Users\Admin\AppData\Local\Temp\9a3b241af01e5590f2e5896f46e738ee4d8251a69dc7ff9e463b0c675c21dada.exe" Master
      2⤵
      • Drops file in Drivers directory
      • Loads dropped DLL
      • Enumerates connected drives
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2708
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.30my.com/
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2564
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2564 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:812

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ceb304edc10264cf47b0e134e20e026c

    SHA1

    ebfccae73e772cebd338fe9c9e7b029c13782d39

    SHA256

    fd24bca3d1a50f83e1f6c3fe7793a9d1d0e7b831072eb7142eb42cc727667847

    SHA512

    87c8035552fa614ab4839d67d65e134895277b7144077d8dbb10cb83f6be47347e5e9c5a01514ef47d196c5bce5fc959b320d4654cbae446fe2aa9f61afa3ef4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6adcfa06c4a53dd2fa8da86fa486c808

    SHA1

    2e8d533d78fd91a80ddd28a9f2d4822873b3be78

    SHA256

    27e92c6e7b195c3f3929568335dd3d8c7dff5e1a7715301979f999e7b19e6281

    SHA512

    f97ac9f25b4ea13ed7408f02272d6bc7f3a555ec03626ee28f2c1a32bbb1ce7755877ed2023321b3d3d41728358eba9bc41480bbeaad17dfcf2649b8d56e65be

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8d7192a395066b46619c05ab5c987e51

    SHA1

    781d28d00fd3c71f4779e9ca088ceddd556ee105

    SHA256

    303c23b759cbf8b088fff74710cbe1e4fb2e5ad6ab59e584c8ae70668385077f

    SHA512

    bd772359ab01fc551a770e7538686b9648375d01f615392a984384283d9165bd25c16c7f7a9621efe4928554bd03df71be64a89c04ba7ebf94074ec4559834b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    30aa5988b6ed71fbad2a0655b4e4e80a

    SHA1

    a750d9182dda370e21b2357bc03a2add47efb4ec

    SHA256

    aacf95b56e7e80dbc59ac228844e58b0537c918c15ba5d367fb2ccb56c945e08

    SHA512

    e8e1eef6e5d5e8a1125c3a9d76bd352bda9ef6ce80e29292367b76fc1d6ab24d57e54e0eb248fbeaacbb35a23318d94cbed4106eb255369999f2dc9826d0a033

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f069e456a7f11bf883ff7d247650f6fc

    SHA1

    51b7149f64f2929cf23b68f54bd44ea98e015aae

    SHA256

    88b19e74fb8193acd5da74a218f637279d83049eaaa114ad5d7280faf425a312

    SHA512

    cc85883085eec9c1ba9e51824d5d3e5941ac21d3c4bf22d02d9a2a1103efe52cbf2bbeff4e3e92dbca54552c8a22dbad2f112ab87d731b751a979859dd600975

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f3b9bde5895ffed90125d6547123ae32

    SHA1

    09f4359eb7ab11723f8e9193231f6e82797ed93e

    SHA256

    9df4243734b2269a341ffdacea78cd9deb6c68c9f8a0b745cbc827d35a5b8fe7

    SHA512

    e7ad8118b908374403fd85f4ec166a0a761a0a626828cfdbe470379fb3603d029f37b2af9bf8cb6f733572132fcfc079123861f5a517757248e1c68568a68a62

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4b4b4371727072b749774938ff8549ac

    SHA1

    822597e2eb15f2451d94d4da94396339393e54ef

    SHA256

    a0e69f7ec71ca80199a12a68adfb16ece18d38831e9c4d5a560fec0a01d8e863

    SHA512

    4154cdb6403aa365a616949b1789628f49c86fe0e0282ec91dc4804100421456c164ca4941a003d5deb0b6c80eb0160c09af7f156387364f98190937a934c27b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    63619bc4b64c1e6f10489ef22dbb5de5

    SHA1

    8cf548b740b2280329b9388f96c5fe6594a6826d

    SHA256

    e242b13f3ddacf645168e8daa370deb0d5ff81c8d7eb323ec0c014bf3f5f58a5

    SHA512

    6b4c600dc734f53d60027d777e7781fe8b1abc7fd27234f8e02f65fad4da42b59a1906a3f5d9310f7c423486f3298d0ab78f0774346aeb0cb04a2e334e688021

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1dd206b23180cebe4cc45d5ad7e1f512

    SHA1

    3426879ac55d2fe061f9eb28b28106a735acdc5f

    SHA256

    ea3fc623fdbe035f3c1c264ddba13bc6b901d0bde876885aa5abd00059b3820d

    SHA512

    90673181e32ce5e5a96f40edcb6278115a7fb1f9c271c8fcca257cd9c91e8adb1bba3f47c63418cdec4d37ddd574b7c17aca8936c77a082e0a38bce90be603d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f5b1af83b995680940b9f99f5c9d1806

    SHA1

    67abd22f94c2b70f41d18881e62c781178fa15b5

    SHA256

    d3e5e16cbd07a292871266000343fed2b9580b013dadb1eb8023dc04d71dadad

    SHA512

    a0c30c8a13b9497b4f624c683ef36076bdd7db15c17f9aa850635ed719f90fac554dc199f913cb6f3500fe5de0d3ba235087479840bab2ecc0f433442423d092

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8f914139835d2d474933cdff9419f35f

    SHA1

    48ac15415e3e6e818ff60c0c41a9b0c4af47ffe7

    SHA256

    da4935f9bcf77592453c4f25def24a930a249ece02a976c99401f881585e46dd

    SHA512

    4c8f9491edd888adf114aa03d572e779eba8e1beb98a35fa6f063223879e8ac99056945615f53e9dd8d8e7dc4519f237a2961e2f04bec495e090d4c7fdc97d8e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab88D1.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar8960.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • C:\Users\Admin\Desktop\ħÓò·¢²¼Íø.url
    Filesize

    120B

    MD5

    5c8c7c3ce78aa0a9d56f96ab77676682

    SHA1

    1a591e2d34152149274f46d754174aa7a7bb2694

    SHA256

    40a172493bd1337c6bfd9c0af15be6d6e5d539135dd766577a05362e859ff806

    SHA512

    8ef03cf1967157cf019d1e7b585a45042642d5a1d82c90ef68f1256e40fe162460e7c26919b1fdf8c33de9f95201ee6a13e69676436d7251a017c04fdf047a77

    Download Submit

  • C:\Windows\SysWOW64\msvcp30.ini
    Filesize

    18B

    MD5

    2cd7883782c594d2e2654f8fe988fcbe

    SHA1

    042bcb87c29e901d70c0ad0f8fa53e0338c569fc

    SHA256

    aa98ce751ef6ac5401a9278f30c06e250dbbd5e8c2e2c378b0fdf33a205d7037

    SHA512

    88413dc63847682207d2b1e6cdfcb3de9cc73da5f900a1948e4aa262da20056bcb2486ee8a7c8a4f9b0aa3fdff6b99061262fbc67aebc99bf0b42e5bfc7db360

    Download Submit

  • C:\Windows\msvcp30.ico
    Filesize

    264KB

    MD5

    bdccf3c42497089ae7001328305906ed

    SHA1

    cf6f28e09d98ebe516b408e6b15f03f5891fdc79

    SHA256

    5f191e3486c0bafdd237f8b79f6ce0f69d1f8c9f8c948d14ab061db36286b2f2

    SHA512

    d7876d8d414ca48903393aa523296ffe35bfa3c6b5bfc4ce70adfc93d31efa61a9bfeea571754cde2e205416e57c13df5c45551b5e6aae6eb53b951065ebbf5d

    Download Submit

  • \Windows\SysWOW64\msvcp30.dll
    Filesize

    93KB

    MD5

    a6c4f055c797a43def0a92e5a85923a7

    SHA1

    efaa9c3a065aff6a64066f76e7c77ffcaaf779b2

    SHA256

    73bd285ac6fba28108cdc0d7311e37c4c4fc3ba7d0069c4370778ac3099e21a9

    SHA512

    d8120f7f59c212867c78af42f93db64d35f2d6eae7fc09021c0a6d8ca71a14bd2b2a3006027094ee2edcf65634dcdb3ac96da3ac810171fff021bed4c4254957

    Download Submit

  • memory/2708-104-0x0000000000830000-0x0000000000831000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2708-72-0x0000000000310000-0x0000000000321000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2708-106-0x0000000000400000-0x0000000000798000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/2708-108-0x00000000742C0000-0x00000000742FC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2708-105-0x0000000002140000-0x0000000002365000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2708-103-0x0000000002140000-0x0000000002365000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2708-96-0x0000000002140000-0x0000000002365000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2708-53-0x0000000002140000-0x0000000002365000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2708-57-0x0000000002140000-0x0000000002365000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2708-95-0x00000000742C0000-0x00000000742FC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2708-66-0x0000000002140000-0x0000000002365000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2708-54-0x0000000002140000-0x0000000002365000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2708-52-0x0000000002140000-0x0000000002365000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2708-67-0x0000000010000000-0x0000000010008000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2708-58-0x0000000002140000-0x0000000002365000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2708-68-0x0000000000300000-0x000000000030F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2708-86-0x0000000000310000-0x0000000000321000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2708-90-0x00000000742C0000-0x00000000742FC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2708-75-0x0000000000310000-0x0000000000321000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2708-93-0x0000000002140000-0x0000000002365000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2708-77-0x0000000002140000-0x0000000002365000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2708-76-0x0000000000310000-0x0000000000321000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3012-39-0x0000000002060000-0x0000000002285000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3012-38-0x00000000742E0000-0x000000007431C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/3012-19-0x0000000000930000-0x0000000000941000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3012-22-0x0000000000930000-0x0000000000941000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3012-55-0x0000000002060000-0x0000000002285000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3012-15-0x0000000000360000-0x000000000036F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/3012-56-0x00000000742E0000-0x000000007431C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/3012-49-0x00000000023B0000-0x00000000023B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3012-48-0x0000000002060000-0x0000000002285000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3012-3-0x0000000002060000-0x0000000002285000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3012-47-0x0000000002060000-0x0000000002285000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3012-40-0x0000000010000000-0x0000000010008000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3012-0-0x0000000002060000-0x0000000002285000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3012-37-0x0000000000400000-0x0000000000798000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/3012-50-0x0000000000400000-0x0000000000798000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/3012-23-0x0000000000930000-0x0000000000941000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3012-24-0x0000000002060000-0x0000000002285000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3012-33-0x00000000742E0000-0x000000007431C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/3012-25-0x0000000000930000-0x0000000000941000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3012-9-0x0000000002060000-0x0000000002285000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3012-7-0x0000000002060000-0x0000000002285000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3012-5-0x0000000002060000-0x0000000002285000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3012-4-0x0000000010000000-0x0000000010008000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3012-1-0x0000000002060000-0x0000000002285000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3012-2-0x0000000002060000-0x0000000002285000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3012-36-0x0000000002060000-0x0000000002285000-memory.dmp

    Filesize

    2.1MB

    Download