Analysis

  • max time kernel
    148s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    21-06-2024 02:47

General

  • Target

    b9ca606658b39a99c38615c721f77ca56cd80b8836d353030ab8a61cadd4a8f8.exe

  • Size

    436KB

  • MD5

    ac9daffa76a3b5e63e636ed8414b558d

  • SHA1

    b708c0bcd1722c4d10dfeacb87d865ee45d94540

  • SHA256

    b9ca606658b39a99c38615c721f77ca56cd80b8836d353030ab8a61cadd4a8f8

  • SHA512

    9fd132a031ce744820877590f171e4334ccd3217965c86f5b8e7426c0db37297c5d4d60893743d6c5d59f97cce50fdf5381977e71e7023992a7f413adc2f2b4a

  • SSDEEP

    6144:dGdR+Yk/N8duBmG6t+UnRsRCQ/OJZOg7F:doR+Y4NSG6oUnRsdOJZOg7F

Score
10/10

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

  • Detect Blackmoon payload 1 IoCs
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b9ca606658b39a99c38615c721f77ca56cd80b8836d353030ab8a61cadd4a8f8.exe
    "C:\Users\Admin\AppData\Local\Temp\b9ca606658b39a99c38615c721f77ca56cd80b8836d353030ab8a61cadd4a8f8.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1760
    • C:\Users\Admin\AppData\Local\Temp\Syslememhpa.exe
      "C:\Users\Admin\AppData\Local\Temp\Syslememhpa.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2588

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\lpath.ini

    Filesize

    102B

    MD5

    17c35829704a5656831d2ebf0f1cc0a5

    SHA1

    965ab52fecd3001de22bd540f2d7307a9cf7ddc0

    SHA256

    d5d8dc4bb2488121215f8e9f186bb9a7eb06ba932ed99d8a3ca2cd08f2e742ff

    SHA512

    fc1101cfe2182d00376dc9bf9d7160ceb73e8f6437c9b57167208b0d2c6371235b8145b0b360541fd8119f9f15150209554eaa3b77a46837991f12dff57e3d01

  • \Users\Admin\AppData\Local\Temp\Syslememhpa.exe

    Filesize

    436KB

    MD5

    369f4637ae91966cba470659c247f191

    SHA1

    caa52811af50060e79cfaf0f3b6e1aaf5df945b5

    SHA256

    bf7afa1cf8ae7a173961c7f1e37c8a9b289551dda8bf6890b09843a28edadd85

    SHA512

    9c76d57f0f8716fb464cfbed88d795ba4c08d720ac4e43b622c4336364d96814a00e74de555e151f30f1e3f7157c73b35bbf8e14603a52e9297e9ac298ab12d5