Overview

overview

10

Static

static

3

72887efa78...3e.exe

windows7-x64

10

72887efa78...3e.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 03:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    72887efa78795539be8d3a591410dc2fb163f37aebec49fbb808a88f9f8f9c3e.exe

  • Size

    10.0MB

  • MD5

    633201b7d6f9db6b3d16c2311aa18f74

  • SHA1

    2b9aad4e27973888e783ee44b6a19ec13d2fbaa0

  • SHA256

    72887efa78795539be8d3a591410dc2fb163f37aebec49fbb808a88f9f8f9c3e

  • SHA512

    049d2ad749b19986dbd92eb663193f21091bcebd79cabba925f94f8404252b6f311e9f4e460a880751a478aa3e869973d554de4d214166ea0e93ea36b2771d84

  • SSDEEP

    196608:Rkp9C4BFJ22I82me08gkG+9vcwCSk3yZOtiz6Kv2d205DkgpksUUMVd:R+s4D2rZgk7vGh3aO4z6BJ5DkAghd

Score
10/10
blackmoonbankertrojanupx

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 13 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\72887efa78795539be8d3a591410dc2fb163f37aebec49fbb808a88f9f8f9c3e.exe
    "C:\Users\Admin\AppData\Local\Temp\72887efa78795539be8d3a591410dc2fb163f37aebec49fbb808a88f9f8f9c3e.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/612-0-0x0000000000A85000-0x0000000000DD7000-memory.dmp
    Filesize

    3.3MB

    Download
  • memory/612-20-0x00000000002A0000-0x00000000002A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/612-40-0x00000000002E0000-0x00000000002E1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/612-38-0x00000000002E0000-0x00000000002E1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/612-36-0x00000000002E0000-0x00000000002E1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/612-42-0x0000000000400000-0x00000000017D9000-memory.dmp
    Filesize

    19.8MB

    Download
  • memory/612-50-0x0000000000400000-0x00000000017D9000-memory.dmp
    Filesize

    19.8MB

    Download
  • memory/612-49-0x0000000003110000-0x000000000315C000-memory.dmp
    Filesize

    304KB

    Download
  • memory/612-45-0x0000000010000000-0x000000001043B000-memory.dmp
    Filesize

    4.2MB

    Download
  • memory/612-44-0x0000000000400000-0x00000000017D9000-memory.dmp
    Filesize

    19.8MB

    Download
  • memory/612-35-0x00000000002D0000-0x00000000002D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/612-33-0x00000000002D0000-0x00000000002D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/612-31-0x00000000002D0000-0x00000000002D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/612-30-0x00000000002C0000-0x00000000002C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/612-28-0x00000000002C0000-0x00000000002C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/612-25-0x00000000002B0000-0x00000000002B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/612-23-0x00000000002B0000-0x00000000002B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/612-18-0x00000000002A0000-0x00000000002A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/612-15-0x0000000000210000-0x0000000000211000-memory.dmp
    Filesize

    4KB

    Download
  • memory/612-13-0x0000000000210000-0x0000000000211000-memory.dmp
    Filesize

    4KB

    Download
  • memory/612-10-0x0000000000200000-0x0000000000201000-memory.dmp
    Filesize

    4KB

    Download
  • memory/612-8-0x0000000000200000-0x0000000000201000-memory.dmp
    Filesize

    4KB

    Download
  • memory/612-6-0x0000000000200000-0x0000000000201000-memory.dmp
    Filesize

    4KB

    Download
  • memory/612-5-0x00000000001F0000-0x00000000001F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/612-3-0x00000000001F0000-0x00000000001F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/612-1-0x00000000001F0000-0x00000000001F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/612-51-0x0000000000400000-0x00000000017D9000-memory.dmp
    Filesize

    19.8MB

    Download
  • memory/612-52-0x0000000000400000-0x00000000017D9000-memory.dmp
    Filesize

    19.8MB

    Download
  • memory/612-53-0x0000000000400000-0x00000000017D9000-memory.dmp
    Filesize

    19.8MB

    Download
  • memory/612-69-0x0000000003950000-0x0000000003986000-memory.dmp
    Filesize

    216KB

    Download
  • memory/612-70-0x0000000003950000-0x0000000003986000-memory.dmp
    Filesize

    216KB

    Download
  • memory/612-71-0x0000000000A85000-0x0000000000DD7000-memory.dmp
    Filesize

    3.3MB

    Download
  • memory/612-72-0x0000000000400000-0x00000000017D9000-memory.dmp
    Filesize

    19.8MB

    Download
  • memory/612-73-0x0000000000400000-0x00000000017D9000-memory.dmp
    Filesize

    19.8MB

    Download
  • memory/612-74-0x0000000000400000-0x00000000017D9000-memory.dmp
    Filesize

    19.8MB

    Download
  • memory/612-75-0x0000000000400000-0x00000000017D9000-memory.dmp
    Filesize

    19.8MB

    Download
  • memory/612-76-0x0000000000400000-0x00000000017D9000-memory.dmp
    Filesize

    19.8MB

    Download
  • memory/612-77-0x0000000000400000-0x00000000017D9000-memory.dmp
    Filesize

    19.8MB

    Download