Analysis

  • max time kernel
    11s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    06-06-2024 06:43

General

  • Target

    d42b007dfd55dc0a583f47e0f10a6543204b3f5ad735d907ba7205b128fd2c3f.exe

  • Size

    452KB

  • MD5

    ea792852c9779df6b985f30006d2874b

  • SHA1

    acc1403b0049670216ff392d9b0d75af8f989773

  • SHA256

    d42b007dfd55dc0a583f47e0f10a6543204b3f5ad735d907ba7205b128fd2c3f

  • SHA512

    b437d7e06e973f29cdc63ea3adc4615de431631a7ff70ef4a7f13fc26ed5fab7cc539f67f623acd19dd4ef5d97191ded3a72129eb52bf68e27dba5667e9a7cbd

  • SSDEEP

    6144:/vPBvEQR6H3Udg2FuHRfepwqHpA7b2+yO2COKCZj:/vpv/R6H3U25fehHpAW+yOBOKCZj

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

  • Detect Blackmoon payload 6 IoCs
  • UPX dump on OEP (original entry point) 6 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\d42b007dfd55dc0a583f47e0f10a6543204b3f5ad735d907ba7205b128fd2c3f.exe
    "C:\Users\Admin\AppData\Local\Temp\d42b007dfd55dc0a583f47e0f10a6543204b3f5ad735d907ba7205b128fd2c3f.exe"
    1⤵
      PID:2080
      • C:\Users\Admin\AppData\Local\Temp\elxploreriothu.exe
        "C:\Users\Admin\AppData\Local\Temp\elxploreriothu.exe"
        2⤵
          PID:2684

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\elxploreriothu.exe

        Filesize

        452KB

        MD5

        d536441acbd266db6c8a893b52084b26

        SHA1

        990fbbec0ca4b25f18da8cc313ac96485668e02a

        SHA256

        269b1ab0b598d2ae5bbefd8a86a2ebd0bb83abe17d36edc08ffd621afdf98f14

        SHA512

        8864770837a3004ab44123e6637057ef64b6fbeb926d3064ef5b1a9c29796c4bce64ffa07304e0dec152adc54c194260edc51f3c475a84c94bae5f84d83ca0ef

      • C:\Users\Admin\AppData\Local\Temp\elxploreriothu.exe

        Filesize

        448KB

        MD5

        2d8b2f1e79fbd9bb922649afe2fd91e4

        SHA1

        ed2593c5497a844787525d20aeb08206fac7cf71

        SHA256

        173cad168d1e4064098a002c523030f3cc4bb997c8e5a743fce87d9a0cb60dd0

        SHA512

        dd40e9e79e0e1eccf4265c47bc06dcfc812199fcc333d046aed67a716df1dc779b4638a31f61001a275f944da58d43eee84e82b99fd6518f5e5d2387e53dd24e

      • C:\Users\Admin\AppData\Local\Temp\lpath.ini

        Filesize

        102B

        MD5

        6fa22cbe209fe66f58fae365dc1394a1

        SHA1

        64782510384216673e2ab2f4261bca5ca2aaa3e7

        SHA256

        ea4c428dd784b4e57a40cbe966153fde96f577ca17ee6ad36e608a5c387287af

        SHA512

        8a2858cf6c06a7d1a5834a20337f4fbe3297e1db57b6fcbbc0a04bc4321742d344253bb55102df64a8b291e0eede67c4114d5da2feb9eba470f3e6c2a7adfff2

      • memory/2080-0-0x0000000000400000-0x0000000000473000-memory.dmp

        Filesize

        460KB

      • memory/2080-20-0x0000000003BB0000-0x0000000003C23000-memory.dmp

        Filesize

        460KB

      • memory/2080-25-0x0000000000400000-0x0000000000473000-memory.dmp

        Filesize

        460KB

      • memory/2684-21-0x0000000000400000-0x0000000000473000-memory.dmp

        Filesize

        460KB

      • memory/2684-44-0x0000000000400000-0x0000000000473000-memory.dmp

        Filesize

        460KB