Overview

overview

10

Static

static

5

a0215751b9...79.exe

windows7-x64

10

a0215751b9...79.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20-12-2024 12:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a0215751b9d9912cf79105f29ab293f6c4599284e3bb852efc76787e86ce5a79.exe

  • Size

    11.3MB

  • MD5

    8081a748c7d4483d70ae08aa23ebd8d4

  • SHA1

    0609499806d3c75e390bf248e5c03c8347678159

  • SHA256

    a0215751b9d9912cf79105f29ab293f6c4599284e3bb852efc76787e86ce5a79

  • SHA512

    8cc0da253f58a0b47aad408175b0c115b7e78e85518f5117cf4cefffb689bae1eb35b176813095ac73222c4e05ea2734205b7259547152589e682601178fad4f

  • SSDEEP

    196608:yk6EtwqNp7+RWA7KdeNUsg4pO8AK5JcFm1tn45LmDC73MTYh9J8wk4tOupDxHKX1:H6UwqNJcmskKO8fVtn4mJU9Ww8upDhKl

Score
10/10
blackmoonbankerdiscoverytrojanupx

Malware Config

Signatures

  • Blackmoon family
    blackmoon
  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 2 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a0215751b9d9912cf79105f29ab293f6c4599284e3bb852efc76787e86ce5a79.exe
    "C:\Users\Admin\AppData\Local\Temp\a0215751b9d9912cf79105f29ab293f6c4599284e3bb852efc76787e86ce5a79.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2408
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://jingyan.baidu.com/article/93f9803fe0b0eee0e46f55e1.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2856
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2856 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2648

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9e847342315dbb36540c351ba357bbda

    SHA1

    8235b9c5a323acd9aa466a4dbc09c16795e60a68

    SHA256

    9389fc461fd119e4e8b83afc9a9edd0bcd67fa53da4d911a67643d7f02513751

    SHA512

    377201f73f95af2931ff34f9fc0573fc794a53148e40c7dfc93431ddd1595e6bc910d5f728ddff624841097428b470bb466638d4f1f3000964ec54200749ceea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a5349c93ed420a443be41ef932639813

    SHA1

    b7836522171b152b39f0aea1c8b6d0d8e3810d09

    SHA256

    1fa20d44da45b77bcf1de374784176ddfe29b50ab6c69b67b2d21ddb4379887a

    SHA512

    712ed68e79c4e3686a6a0aa22334eb6808aa6a33193b95fac363f7fb3d4e62eccd2c1c6c9f18b27e654fe0aba5fa0b16ec86d9cd8d605371b6ebcc4be2f0d678

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ba5bae6abc0c1e9a6677b0f6fc056fa0

    SHA1

    804f38e0a859e134351d5dde90c05e6dfbd5140f

    SHA256

    a4ad323ea44aef2e2e3130bc1c1e5fa43549b7ed6d384e6c624440483b2f7d84

    SHA512

    a8d6c27bfdded80b00e9b5462c64708cd724eb703bfd334d1df1924e4f4abbb220c1888beff7d9e6b924209ac978c136e07531aef5fed46af1899b561360faa8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d48ca8d3a0c12d2586986350d1ed9246

    SHA1

    7090baa59146c2ebedcbe91461d99f0a8eafe5e0

    SHA256

    fc4bf5826f2fe6524c5802141ffcd76f643ce7a82fd50be463f159e8839af99c

    SHA512

    672d4859cf65f29eab16123747a6e987b3ea6cf5229bd12736f59ca03a3016a1c56f9605b0e1740e3e83cb5d48a8b3f13f034a9f2b17bee39f0b0cb6eb629731

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cb1f7e6f4e4f614d828f8480fbafd4c1

    SHA1

    c43d0984dc21b2af41513e6de7b334f7c8343d5c

    SHA256

    628b0f2530ae69a59d4c8744419dfbae6e24db8d0c359ce4dcdbd3f7a954974a

    SHA512

    a9668936dfdcd7ebb4a0848e299fd417e2751f190766b9f6d655a2e3004114b52dd47416b7cb7a2996b85f7f8c3ae4553846619a5217768095d3b9779e28a004

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    49787276754f7a09527ea46efa16a958

    SHA1

    4690a7421417e6bdc6e56473e5b093d62f538874

    SHA256

    8beac3b2f87ae6ec8064dd8aab2e8fd7660a001b5b3568b651944fd33f21a511

    SHA512

    61715e4f17f7251e8d71946b1a9fe04cf1f88528c5d75db06ee9b43a9ec9661ed51e64d501cc225daba4786397d6e23c81599ecf89f0376881bd84bb3e532b7a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bc4e06322bed675d8ddeede9acd00eb0

    SHA1

    6d05caaa12ba238ac72297bef522f4739dc36ab5

    SHA256

    cf1e0f87418c84c2594fd572faaa5565a8c80d549d318c13dfc980850f7496c1

    SHA512

    86c6d842d89f8acbb3f0676c4d43f5fd6d86d04765e581335c34ed03cafde7cc4c0e3df528a0b9c256330f388c06aacc01bb3c9462faf3a086ce0d6d674a5921

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ac941e2aa753d72dea4e1f24fda2ce2f

    SHA1

    6e05d3cbb02ca75e5350020e1bbde47da2f9e492

    SHA256

    5fe6a957c1fc65729dd51d1d1a61a2807442d01454e7edb6e5e68e38a2c8ca7d

    SHA512

    e8fc3566cd9f1b0a79eb668ce26890affdaa006b3aed201273667a6b1a1f07df104440c89c67b07eeea40c57f98d1ce7374fc227acc9dcf08d02a141d5b943d2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8d98c5811152585884ec72cb78067b73

    SHA1

    038d823556fbd22ca3a963e7a457673e91595a21

    SHA256

    65c560e7fc3e6beee4f269fd5acefad5334a75e463df91d6966008ee52ed459f

    SHA512

    9c8a837e6109a80086ba585fde5937e27bcb93458cbfd2b82b3be9d30a0a7c33d860d26590f771ef8f6e74d7087b9b078d646496450f57a8425c2861eef1cda4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b39a9186ab69c037520b24e49dc01b9c

    SHA1

    54883bc482e57db12f7a812ad42b478a50e15a2a

    SHA256

    e683eeb89f0d4d71e94ea9f69a8a7de888fef94b6691ae9ef98847ab9e2e8a53

    SHA512

    7b6592c0e56bffaaa16baa15791eadc9b0cff53412161bc025cfe784cd713958b5b845f2b3a94937dcd05778947a31bd16e4ae5818c72c4a2d767233c81e8185

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a8e178c74fc83c640dcda7fb12e7cf63

    SHA1

    63cd3e693bc1437e4a6405fda4078628a2b70d1c

    SHA256

    d82b8c3a1192b8689b54883b8e68df5f0b8bf431cee989a301dcbd7a7e75ad68

    SHA512

    6f9d5af3d1f1d9161d57ceaff0722201ae587c7dd21db387a6fef161b66790ec16f5adbc837f56e281843079815e7d9c7c3033db91abf999ea51a4f7e424b0ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    278cd74f2cd5949022c29f9f6f33be01

    SHA1

    a4fc14a58d2d5ac47e45bae23f87ecba4b85a8af

    SHA256

    c566dc351373b0ab73fd5205726aa74ac91f65d7189bb67f45d5c9b9f776a6f9

    SHA512

    254b7c542a1a50bf8878ae822390010313b871d28cdf50dc86e95fede391e2520db7bb9c971c288d9541dbe042fd99934a68977ecb4d87c27dc1144d55f4d189

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a5a851c48d316fdd0a2a077e8775a037

    SHA1

    1e57dad67398f0ae32fc4906baabd7bef4bb43e4

    SHA256

    03f307d905c7e8890fc73a4f883daa559010c87f05f869707c34b7b4b66c87c9

    SHA512

    efaf3d59ab5a7f98ea1da5c1848eb5b0c9b5ee9f014a60020d163aaf396dca1b0a7ac860b8128a679600ad61f824bda74b0c35b8fdc0b8b7666ca8d6aa03cfca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5c23c96868ba000ec96be7ac0e42e027

    SHA1

    0027d84bec5dabe46a784f094791f5cf8d3837fe

    SHA256

    87656fb712aacfb4de3348a2e3d41ef271e532a0da8b85044d24b9273d21144c

    SHA512

    dc4271a4d32131c4d6ca65a1b7f7717c78f9ea2e1cbe631c79d454172edee441ea611fb510d2591b2d69e0b64c064de93ffeebd48ca8b99edde7806beddf0721

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    71a1cf96eb995109e6bf51a5d4753535

    SHA1

    b00509ea332b44a60017ec83b3ad0ce844972625

    SHA256

    9902624f2fcb37766657d39df22d7c41c63ddcb60a9ca3d0a6fabe75ab57115f

    SHA512

    26f30cf440a5a6991ad359286d885be7226a557fe4b0c98ec7a6cd25eee8d24af00608b1f0dbb0899d4fd26c20545df449df54f2b21df7a49128a1f127289810

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3ad5bd1cd8b2b16310a80f478236e7a4

    SHA1

    923ce65111c41bf5393bf2de25df2f5ec80b352e

    SHA256

    eaa7161b45bfff834b45bed7a00b122f5673c035bd2c52313c81b73af8a78371

    SHA512

    925ac076f2aebb1a35f837617a71aa202d5d204cda6c3ccb2a8fa8d9a350e161f73c1e869f4f99d4d01aad2925590b71fbe6034eef4c5c882ca5a70f9fbcb47e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1e78a1373d79cb03a048497b18e53009

    SHA1

    f8d552cdbc8d8fb02e4e65abb56dacf1a0290a17

    SHA256

    4c528d26990a5c14e81ec33937280a46c8d2a71fb41bec4d231d1cadd6b11f2a

    SHA512

    6c6a6c664f42166d938c4c027002273e5ff6f487594ed172fb4b72d074e4a92a4b211611133ed5a01602a783f4c93495e5fe238e0f696609ce2dc7f41d271e96

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e0ad63fa5b6d36d949e8025dcb130e08

    SHA1

    6bc3ef2f682f11bf0102dd680237625a5adb5e3c

    SHA256

    8ad0cf7cfaf6d74c51b974083f641f589cacb728e21846ca8b4a681db7a20fd5

    SHA512

    3d8eb3c533d7a0aade0006a43478e5ae2f8bf4df5ec5cc99e064c35baa7621a85994eb9cacf26f7661e7923fb40d848f9f91fb906a0e37f51c268c4c7e0d46bd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fd15f3d22110c47dff942325a3812f39

    SHA1

    896e8b739b4fbfec7c4fa84d2548c6d7eb742199

    SHA256

    b5333f17bf081f1ebf7a2186020d2b2917a736af5bbe57e532a0da0313747ea4

    SHA512

    ad8949a2cdf2aa0b765830ab1159d90529f57bc2fcdc290da558e366c9328c39c62e44c952c81d017037cefe346b553f9b53c082142c7296a73bd9276a16db50

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab72A1.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7351.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Roaming\Downloader\libcurl.dll
    Filesize

    729KB

    MD5

    f28f2bc74c40804a95c870ea710d5371

    SHA1

    8654243c7de98a74ede2bcf45e8506f92e77d6fa

    SHA256

    cf6e5d1db6eb6965e639db3bdffaee8eb38c9a603ed5317e2e7c92e8ea7bdc1d

    SHA512

    2542aad8117f91a039d27fe4d844675dd88dc267cc8643c6b2820fc05ab1b02ee05c77d7bdc6d9f56a992572ab67bfaab32bda3b03947a2c7175cd16fbf5726b

    Download Submit

  • memory/2408-0-0x0000000000400000-0x0000000001A60000-memory.dmp

    Filesize

    22.4MB

    Download

  • memory/2408-6-0x0000000001AE0000-0x0000000001AFA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2408-12-0x0000000076940000-0x0000000076A50000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2408-7-0x0000000076951000-0x0000000076952000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2408-8-0x0000000003B00000-0x0000000003BBE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2408-1-0x0000000010000000-0x0000000010116000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2408-10-0x0000000076940000-0x0000000076A50000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2408-11-0x0000000076940000-0x0000000076A50000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2408-16-0x0000000076940000-0x0000000076A50000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2408-21-0x0000000000400000-0x0000000001A60000-memory.dmp

    Filesize

    22.4MB

    Download

  • memory/2408-22-0x0000000076940000-0x0000000076A50000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2408-20-0x0000000000400000-0x0000000001A60000-memory.dmp

    Filesize

    22.4MB

    Download

  • memory/2408-17-0x0000000076940000-0x0000000076A50000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2408-18-0x0000000076940000-0x0000000076A50000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2408-19-0x0000000076940000-0x0000000076A50000-memory.dmp

    Filesize

    1.1MB

    Download