Overview

overview

10

Static

static

10

3a55041887...27.exe

windows10-1703-x64

10

Resubmissions

23-05-2024 18:27

240523-w3r7fsbh23 10

Analysis

  • max time kernel
    37s
  • max time network
    38s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    24-05-2024 16:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3a55041887c1b9a668087e4d36171162d6370a6b12176a121f491a3c9689d927.exe

  • Size

    4.5MB

  • MD5

    c92e7af912704761a33d763fe1244c5d

  • SHA1

    b20b0e4e061f2fd4088036f5f6138cee5019624a

  • SHA256

    3a55041887c1b9a668087e4d36171162d6370a6b12176a121f491a3c9689d927

  • SHA512

    53771164320add74fab50d0e550a19e6aa2c45d2bfcf90fdf08cd3318e8303076134f7c4b06c0b96782292382ac80c6b85d1873791dc159790b68650d1016db9

  • SSDEEP

    49152:xNIlBFEedDqnroHO8wOZHOlvbuambSIN+6a9AknH:xNI7cnsHtvZHUbmb/+TK

Score
10/10
blackmoonbankertrojanupx

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 10 IoCs
  • Drops file in Drivers directory 1 IoCs
  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 7 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious behavior: MapViewOfSection 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a55041887c1b9a668087e4d36171162d6370a6b12176a121f491a3c9689d927.exe
    "C:\Users\Admin\AppData\Local\Temp\3a55041887c1b9a668087e4d36171162d6370a6b12176a121f491a3c9689d927.exe"
    1⤵
    • Drops file in Drivers directory
    • Loads dropped DLL
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2660
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:316
  • C:\Windows\system32\browser_broker.exe
    C:\Windows\system32\browser_broker.exe -Embedding
    1⤵
    • Modifies Internet Explorer settings
    PID:68
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4624
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4324
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:2564

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
    Filesize

    4KB

    MD5

    1bfe591a4fe3d91b03cdf26eaacd8f89

    SHA1

    719c37c320f518ac168c86723724891950911cea

    SHA256

    9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

    SHA512

    02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

    Download Submit
  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4EIVUR8S\api[1].js
    Filesize

    41KB

    MD5

    c667700be084108f8deded9026ffbbf9

    SHA1

    31d633a11ef13a66787ec6504e38c11842664b7b

    SHA256

    e158035a6f740b0245a027bf0d559c56782ebbeec7cab5a827083bd16aa47901

    SHA512

    9eea0c81a4d7e7ed7ee7f30a53b5aa93c356129d9850ae978a6d408f0b1337f3e9fcede25c996dca3a2ac9840b86b4d821cd0a9dffcf8bc427a730f420f33891

    Download Submit
  • C:\Windows\SysWOW64\msvcp30.dll
    Filesize

    93KB

    MD5

    a6c4f055c797a43def0a92e5a85923a7

    SHA1

    efaa9c3a065aff6a64066f76e7c77ffcaaf779b2

    SHA256

    73bd285ac6fba28108cdc0d7311e37c4c4fc3ba7d0069c4370778ac3099e21a9

    SHA512

    d8120f7f59c212867c78af42f93db64d35f2d6eae7fc09021c0a6d8ca71a14bd2b2a3006027094ee2edcf65634dcdb3ac96da3ac810171fff021bed4c4254957

    Download Submit
  • memory/316-70-0x0000026F1F790000-0x0000026F1F792000-memory.dmp
    Filesize

    8KB

    Download
  • memory/316-35-0x0000026F22220000-0x0000026F22230000-memory.dmp
    Filesize

    64KB

    Download
  • memory/316-51-0x0000026F22320000-0x0000026F22330000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2564-126-0x000002E59E1E0000-0x000002E59E1E2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2564-124-0x000002E59D9F0000-0x000002E59D9F2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2564-122-0x000002E59D9D0000-0x000002E59D9D2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2564-105-0x000002E59D600000-0x000002E59D620000-memory.dmp
    Filesize

    128KB

    Download
  • memory/2564-99-0x000002E59CE50000-0x000002E59CE52000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2564-101-0x000002E59CE70000-0x000002E59CE72000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2564-103-0x000002E59CE90000-0x000002E59CE92000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2660-0-0x00000000026B0000-0x00000000028DF000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2660-10-0x00000000026B0000-0x00000000028DF000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2660-30-0x00000000026B0000-0x00000000028DF000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2660-29-0x0000000002CA0000-0x0000000002CB1000-memory.dmp
    Filesize

    68KB

    Download
  • memory/2660-33-0x0000000073B30000-0x0000000073B6C000-memory.dmp
    Filesize

    240KB

    Download
  • memory/2660-2-0x00000000026B0000-0x00000000028DF000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2660-34-0x0000000002CA0000-0x0000000002CB1000-memory.dmp
    Filesize

    68KB

    Download
  • memory/2660-15-0x0000000010000000-0x0000000010008000-memory.dmp
    Filesize

    32KB

    Download
  • memory/2660-28-0x0000000002CA0000-0x0000000002CB1000-memory.dmp
    Filesize

    68KB

    Download
  • memory/2660-20-0x0000000002960000-0x000000000296F000-memory.dmp
    Filesize

    60KB

    Download
  • memory/2660-24-0x0000000002CA0000-0x0000000002CB1000-memory.dmp
    Filesize

    68KB

    Download
  • memory/2660-268-0x0000000073B30000-0x0000000073B6C000-memory.dmp
    Filesize

    240KB

    Download
  • memory/2660-267-0x0000000000400000-0x0000000000891000-memory.dmp
    Filesize

    4.6MB

    Download
  • memory/2660-282-0x00000000026B0000-0x00000000028DF000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/4324-80-0x0000020D1F900000-0x0000020D1FA00000-memory.dmp
    Filesize

    1024KB

    Download
  • memory/4324-79-0x0000020D1F900000-0x0000020D1FA00000-memory.dmp
    Filesize

    1024KB

    Download