Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28-05-2024 16:56

General

  • Target

    Bl4ck Client.exe

  • Size

    6.0MB

  • MD5

    4861a568eb379fcd43b5a0db6994f9e2

  • SHA1

    4a02f9bc5be0fe193c4d71be4d89553b56a1222f

  • SHA256

    af479e34de20aa19a1214d21b9a3c1083b4d37ab1479022df49b4ce06d57938a

  • SHA512

    0fb058fcab917d4742fcaa72af6c33594bd088a86e41d76e402b807851c30ab7eea940de2a895b6c6db48933b51ad84628ab56937c9796fb78fbc128132b623c

  • SSDEEP

    98304:TrSrEtdFBCwAamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4R0OuAKsXw3Dw:TrSCFIwBeN/FJMIDJf0gsAGK4RXuAKsh

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Bl4ck Client.exe
    "C:\Users\Admin\AppData\Local\Temp\Bl4ck Client.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2004
    • C:\Users\Admin\AppData\Local\Temp\Bl4ck Client.exe
      "C:\Users\Admin\AppData\Local\Temp\Bl4ck Client.exe"
      2⤵
      • Loads dropped DLL
      PID:1732
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2592
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\jawshtml.html
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:640
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:640 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1944

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      37d67f7537e88d4af5dde3527d3d00f4

      SHA1

      7592ad5e992f485297e51760e8b9c092cc759b92

      SHA256

      d063ff6bb0432b7a59bf29947e4a9348e1e1d3190295dfeaad0e35365d7ef6c2

      SHA512

      961360e2b149a6ffa414520d273c54de8c0b052687a5101dbc7d59ede627c8fce14251795acfc9d77f5adc6912b5f6f7fbc6c6498796ed7801e60802fa3fa644

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      58eb6e65d8e0d35a29db9007705810c5

      SHA1

      760cbace47728ca82b69b8c9f6050b5aa16ba65c

      SHA256

      cdbf1ca5d6ccca0637b8491c350cf8a25ab05fcbf87bd9b60bc68c46a185e757

      SHA512

      d75a0f1b5a37db65be65c759efa2ce46e8b16c421f353c1e73f0e3239b73fd4baeb68884c6b58387fc9599e444132a9354738ddb283ff76815864a9d28e9d6b5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      32fc955f9ba7ac6487990331974c8960

      SHA1

      fe384c6d73ec3c7c9f3d61f6f26a1cf1d6175685

      SHA256

      e250c060482dc976f021a831b75913c5aeed8c5b573825ed67f88c9533ff4111

      SHA512

      06dc5cf3965c15d3852805387273c6af32f76ef280555e6bb14fa5086dbcfc3616b2c4f39586784b9ca6e8c1e4f9f6fcde17b066713ca727f3613db8fa6c371e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      de3958a5f53886eefde818bbae660716

      SHA1

      c44f687b6ca957697dde7df4ba0b44f97a992437

      SHA256

      9a8e227da71f002801cd90245b31756c1f75bc0f8494c943082355d37cb9c3ac

      SHA512

      88586b5947633f49668002c5103bc0641ca6dcb336f37aaf61b202ec91f318b35bdf8aed280e150468abfe159955ead71b961782f73868ace7f208c71355a8ea

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      70d665fe417129cbf5a439d61a74a559

      SHA1

      eb33ae7dd1a235e9f26681004d46346c8f31e938

      SHA256

      c1494bcc7f5f9daf2026ee0beb858bc1ad75d3da01f0aaec677d57b9fe23f125

      SHA512

      4de959b24bbc1e751ccb28bc21e599e828577a6ba7f8291621feb4a7cd67f9dbbc76b61974728121c2d80468866ce0b16a0b5fdc85a7dc58658233057408b167

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      ec59b8c8ef755f27394e272d815a2814

      SHA1

      e0d246dc0241311ed2e905bc011333a4b45ca999

      SHA256

      aecd437929acd0c4a19c48828bb69b03693f212caf42affc9512c7bde6f3ea97

      SHA512

      8348d04adc4c36964c90e176f018b2a6f0d91397aeb33549a1c4ed99395adba26a14da32af650cd54c180222f655a00818d4788734f4335a17c95a9a7b37a01d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      f616fa6d0c12aea1336f2ac0e0bf958b

      SHA1

      b3b11971ed1ba954b9f28d3e8ebaaeffacacdce1

      SHA256

      e4dd5ecc593b5c58db3164eb5c7ebc0a5d7d132c0809b9056e87eded37c791b8

      SHA512

      0140e58107761929b023f941820fab8137e8e8c03a105531a381e83bd8e5c3780e3fc799ca2f842b943f072d136918fdff42c6357916867033958656890688f1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      71811c48a77ee80c58f0d946c136e5ba

      SHA1

      b588bfab44681e17a079452646d6f140d7c8e161

      SHA256

      38d6b08297e25a5454deece3c2293e1e01ec4080044e786addd4a9ba60acdfcd

      SHA512

      ffab05b75e7bd889d00508e65903ce5b73c4e3eb8494f82a4d4cbdff9b55a819eba09c26b6d1eaa1f83efcce77e20d232eb347b36325d3aac9f37fab84dd6d2e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      2e22ba8ca6f0ecf7736a1dd702d1efa0

      SHA1

      e9e01eb55f8be00c5184283edaf1c6fd9373f65a

      SHA256

      e86d1f0c9f41b2a5d734fd42d6f807cfd2acdfb304c20e8046f4afe120f7e771

      SHA512

      28b1279cd666c09193b20d0f1cdde95f31bcbc637491f9f437951eeb0b1ad887a0d4b9439cb7a388ddedd6a1032b10211cdf39976e362e613909f5d0d05b37ea

    • C:\Users\Admin\AppData\Local\Temp\Cab2FBB.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Tar308C.tmp

      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    • C:\Users\Admin\AppData\Local\Temp\_MEI20042\python310.dll

      Filesize

      1.4MB

      MD5

      178a0f45fde7db40c238f1340a0c0ec0

      SHA1

      dcd2d3d14e06da3e8d7dc91a69b5fd785768b5fe

      SHA256

      9fcb5ad15bd33dd72122a171a5d950e8e47ceda09372f25df828010cde24b8ed

      SHA512

      4b790046787e57b9414a796838a026b1530f497a75c8e62d62b56f8c16a0cbedbefad3d4be957bc18379f64374d8d3bf62d3c64b53476c7c5005a7355acd2cee

    • C:\Users\Admin\AppData\Local\Temp\~DF864CBE36D154B23B.TMP

      Filesize

      16KB

      MD5

      15aad910cf595076ee1de571b9dc4140

      SHA1

      11947e4258586910e334857c9c6e20b16f54dcde

      SHA256

      3e538541c5ffbcc783ff7ef0ae7113a5732811e17011eea03881c291cdeac1fe

      SHA512

      ac2aa117aa27fab9ad9c67e0ba8f646fc778738ae656952dfa19df9f31cc164aa1d271ba8188a99509d53a3866b8164f64857b1e97a10dec20a65e4ba014c9f5

    • memory/1732-23-0x000007FEF5E90000-0x000007FEF62FE000-memory.dmp

      Filesize

      4.4MB