Overview

overview

10

Static

static

7

3a0dfcad73...45.exe

windows7-x64

10

3a0dfcad73...45.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    71s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/06/2024, 19:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3a0dfcad73d46e987045ef02f2a0b811c66b6f9ae223c6d78ea5d3442fcca145.exe

  • Size

    13.8MB

  • MD5

    1d9cea8e9d6c540927031efa5eb68b1b

  • SHA1

    d01258fa92d1243df15d1d136ed025dae446a283

  • SHA256

    3a0dfcad73d46e987045ef02f2a0b811c66b6f9ae223c6d78ea5d3442fcca145

  • SHA512

    5a250900732415b3776490304136b951b3e1fecfce87cfe531e26e75637bef31d2884fd754dee144c562bc0cc8da23771c34e574b5f2969b4974df1461a40868

  • SSDEEP

    393216:gPDPOTleBcdgmmJdSaLdc91I44291UbffF:YGVdg5JdSOdch429qx

Score
10/10
blackmoonaspackv2bankertrojan

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 9 IoCs
  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a0dfcad73d46e987045ef02f2a0b811c66b6f9ae223c6d78ea5d3442fcca145.exe
    "C:\Users\Admin\AppData\Local\Temp\3a0dfcad73d46e987045ef02f2a0b811c66b6f9ae223c6d78ea5d3442fcca145.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:968
    • C:\ÐÒ¸£¾Æ¹í\115193a0dfcad73d46e987045ef02f2a0b811c66b6f9ae223c6d78ea5d3442fcca145.exe
      C:\ÐÒ¸£¾Æ¹í\115193a0dfcad73d46e987045ef02f2a0b811c66b6f9ae223c6d78ea5d3442fcca145.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:4976

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\c6ba0a69943ff6a4446e32b279aeeb89.txt
    Filesize

    12B

    MD5

    0bc96d94406f28b439b69720f340ca07

    SHA1

    b44f175f97d3db6e96b202225b585837417c79d1

    SHA256

    1d72086f56f6ec79439c60c82577fbd181eef1f4f734ab4f51875a3e0a3afc6b

    SHA512

    ef9c849d77a27d5371571cf8b9d73c2d2c85e6d172f6565e9426ece773234223aa78ae4a26280f6f2f91cfa109182ed9faa0428a2e3c10dde0ff2f1efd0e6409

    Download Submit

  • C:\ÐÒ¸£¾Æ¹í\115193a0dfcad73d46e987045ef02f2a0b811c66b6f9ae223c6d78ea5d3442fcca145.exe
    Filesize

    13.8MB

    MD5

    1d9cea8e9d6c540927031efa5eb68b1b

    SHA1

    d01258fa92d1243df15d1d136ed025dae446a283

    SHA256

    3a0dfcad73d46e987045ef02f2a0b811c66b6f9ae223c6d78ea5d3442fcca145

    SHA512

    5a250900732415b3776490304136b951b3e1fecfce87cfe531e26e75637bef31d2884fd754dee144c562bc0cc8da23771c34e574b5f2969b4974df1461a40868

    Download Submit

  • memory/968-7-0x00000000040D0000-0x00000000040D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/968-3-0x0000000000400000-0x0000000000926000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/968-9-0x00000000040E0000-0x00000000040E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/968-8-0x0000000003B20000-0x0000000003B21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/968-1-0x0000000000400000-0x0000000000926000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/968-0-0x0000000000400000-0x0000000000926000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/968-20-0x0000000000400000-0x0000000000926000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/968-2-0x0000000000400000-0x0000000000926000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/4976-21-0x0000000000400000-0x0000000000926000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/4976-18-0x0000000000400000-0x0000000000926000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/4976-17-0x0000000000400000-0x0000000000926000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/4976-19-0x0000000000400000-0x0000000000926000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/4976-50-0x0000000000400000-0x0000000000926000-memory.dmp

    Filesize

    5.1MB

    Download