Overview

overview

10

Static

static

5

ccb3bacaf8...93.exe

windows7-x64

10

ccb3bacaf8...93.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20-12-2024 13:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ccb3bacaf837b42216177f0b670088d8ebfae2906f5a8afd59167a8e1fb35193.exe

  • Size

    11.3MB

  • MD5

    527d418380b0e7abe98d699458c8a73d

  • SHA1

    e91358f1ea03727bbf4e1fc16c4e544fb04ae9e0

  • SHA256

    ccb3bacaf837b42216177f0b670088d8ebfae2906f5a8afd59167a8e1fb35193

  • SHA512

    ad44c91b5e0aadd11bacd79d1d442c68780dffe4538b9563e5cc940a5bef667277da92692e2b4706e60044bee32ea9d73392d9ced7207b0f6d0834052377e518

  • SSDEEP

    196608:l1AJb80lqV+MKoZqbfCJ22zUVAmKCOhjSG9xMNp2LQ99jFx+NE51hANP6MoFfAm3:LAJb80AVAI2mUVAmqSYxdk2ohaP6MmYk

Score
10/10
blackmoonbankerdiscoveryphishingtrojanupx

Malware Config

Signatures

  • Blackmoon family
    blackmoon
  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 1 IoCs
  • A potential corporate email address has been identified in the URL: png@3x
    phishing
  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ccb3bacaf837b42216177f0b670088d8ebfae2906f5a8afd59167a8e1fb35193.exe
    "C:\Users\Admin\AppData\Local\Temp\ccb3bacaf837b42216177f0b670088d8ebfae2906f5a8afd59167a8e1fb35193.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1308
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://docs.qq.com/doc/DV0lrck1MZUVBRXV0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2412
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2412 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2872

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    3e668bdb12b93fff78f0aeea02bed5ed

    SHA1

    cb8fae90021e8adfe663b3175e0613d8d85e6fa3

    SHA256

    19625b021bdd077c24db7d3791519811865a1d65c86319e0494caef0f4fa5201

    SHA512

    620a4c6726c2002a80b73abf4522ba2c27117f583c582c687d44c3db424411a34dc935f35cefa9d8f0e5a825a649a3cb100063df6259b1afab771410325e915d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bbdf98f32e29e5fad3ecaa4fdd375d27

    SHA1

    a80ac4fcf38560510f400933d716324df67d924c

    SHA256

    e76f85443d63037c4eb4c0142a1ae68caaf0f52a0eaba9b88209e8ab4db0f155

    SHA512

    cc3db6f60c13e43dd7009fe8bf48ea32710bebd0097890a210aa3bf3ffce345c7be493414a92e7250a4d9b572183abbd6e46c672894bf209ff8704b1cbff4304

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0fc229f2be0cac4c0ed73f6ef6355e35

    SHA1

    95384b97e3433b3f82cfb23479b8426696cbbb63

    SHA256

    8232c4105d4cfcbdaba02cc847c417e5888a3bc9baff110e3d8530be28449e66

    SHA512

    70f5edd8c18ca6945ed8acbc98357458c92e4d2bcb3fc33f5e236e691b2b1f3fb9a99785b79398cda24c09ac11f419fad47c81ea81a5f2554fdffaeba44c13ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7f6c90dcff525351d8b06281339facc4

    SHA1

    b6edee57e2472219d1692fd0346a8cae19205538

    SHA256

    f63b01084ce8fabd1f829dfa71d34f47296cab13becfea30ef1bf3cf12d4f9b7

    SHA512

    def87c0d5ac8b2a9369bf5e94f4c2d435624be037a7691b1d66a6039e027ba1f0589a2e815c30a7e76a1b130d964d78f3865c0d6bfbcbfd868500be29d329449

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e6c6a41808361b9bc223f0cbf1cd5249

    SHA1

    eb6690fbd9ab1fe71b21908f5541b23b3a29615c

    SHA256

    18ed628f03c59f256e7ff602e172e35233977933e8a95166c69ba39c7df54d50

    SHA512

    726ac572f38eee663e8fdfadbaf2625e886e23bf9df4f0cb5fe41b5d01931deab82d140d9f0d9d040ae5093d9f59585a1612713ed67fe090e96b0ca029d5759b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e65720a88954740e7322c300dec7ea54

    SHA1

    b09ab379152dd0338931dafd7fce6dd79035d582

    SHA256

    6fafa83db7e28df57ad78adfd6f8be1438631a552ef1e92d5170cb5cdb68751d

    SHA512

    2759f5f4ada99050736e431fb48f707c2e195c4ce26b6122a48f87a328754777b25aafbd2420a64f821bf52b387f95c00d0a5237139ac09653c9a685a56214f4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1dd9505412ec50697ee3bcc81acbed13

    SHA1

    70319b7c9e1e278c4d1aeebf81315b764146582f

    SHA256

    1d820d64828b828fe80c35d781bf0cfc0d954d54964d371fef8a581222d64730

    SHA512

    63679da2ec3dbf40f36611bf64f1642252964afb0b652ae6cb929afda76a1eec2659b8b5afa94abf2d4edfd763ff64748baa82a3299cb4c68d601bdbd5403056

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dccd3ed98376261e9341817950a85c71

    SHA1

    7ade4088ddd7cc3295bb6ecf9b710952f068e066

    SHA256

    807c5d8d5d4df9631265612b7cd8eab41aa9be5bcffed51537ada7450f42b322

    SHA512

    be38d510efa091f1d4096afa4803ad56f2bef225e41f0931912af4706e4fc8c870b5998d6556fa5064a67c558960933256dc3f0323b4d6d44d2d28ad18d60acf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0eea79d5af8d36d97654a86ab56b13a1

    SHA1

    b4b33b2e9727eec7218ba2ec313452eb44d1dd78

    SHA256

    8e9bd7664020d76a57abf36ca6e74b894fba1d98827db8799fbbc6146910ee1a

    SHA512

    bf3d0424fb78239139b7a326a43be83db0eccf1108809b91fc63af34471315e63e50814a51f83eb0f3599f8a0eb63fbd6dbe6d301952a7c0e38dc4764b808d9d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0b40767e7a19515dc7630cfb7d060703

    SHA1

    fb9aa8a810a548a55e2d82a10e2c84fef7e95c3d

    SHA256

    6398b465e3314d940b3140651bb9ecb37240cec9213251723320428e428b1ee2

    SHA512

    997e4cecd64eefb41bbead0ce70385cff96308bda1b92cf39847024ac1c3ba638e44f3642333448c8df38d6dcb929c1297690034dc11b4d42e8c5a04486b3cf0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c72963de518977563b77f883a6299ad8

    SHA1

    a68bef713eb9cd0916731161911b4087c67f2d58

    SHA256

    9053e92b79b5e5d43898bd11774c853ded1b3c99b85a8ae2a8c722e23c90caab

    SHA512

    5ef3ab217ffbc7e2f75a105399b76309e8077d9deb4ee9d944a3427f29ed0126c4ee5f088dfde2ad84ce8ed502d08be70e018a1c68e22085eaa20531a188f622

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1ffa42d286eed66db368a636e5a3a750

    SHA1

    b0f00ad45f090879632c06a5346538aa0d734706

    SHA256

    6be8d61b480176193505d30e8b56d0f248c9e483fc7901d4a646e4acc04af568

    SHA512

    eb329dd27b2b229e93f37f549761170024c72ba22a1d1dfea540f3de8d6cada8fe464f63f4417240da738f5fc45eee9606c3e858807a62fb5cd1e40a0246b57b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4f633399325f39c4351c72f7165475f2

    SHA1

    2cb4d6d4095411bad60ca41f4882f0600f4b9d02

    SHA256

    75bd034cef265cd366bcfcbf882983d0eda6855e4fbcd3869d60e07e99518717

    SHA512

    4936f8f58d998874d8b99e88cc0cc3e0a32a394edbebad79a0c23e3d5644bd19f6adeebb9768d44c9a99a629ca2a84131e6f6286e2758d7ff011b815edfb2523

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b923d08a3be7c90808c9653dd28a4437

    SHA1

    072a3b29c7fd1bf4aae04d1cd58e65ddb9ceb08b

    SHA256

    e0406cc9405bf5cf662443b0cabebcc05e67a9376586ec6864b4a13236b50141

    SHA512

    4a93a5f60b592f6a43eb418ed0fb82c3054ad5157152458d5d30cb2cbc7159790920dd6da331e791ae9178ecca195e73c8516828b840a8361d4bf1a71650e9a0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2a546424f058ce6cd6f7ad3606cf2bbf

    SHA1

    e15ceded23d2fed4e6c48298ded1d9c4a832b684

    SHA256

    83eb3cf674f80e5969f81e713d25f4c5a6146b8a515ad3d68e1e270e679c4072

    SHA512

    a0174dffad2e7cc9ec2769dc2750511b8d86f70b9bb9901f17f6665beb31959528c4a8485eb1719871bd63dfc85338dae01d4047754d350ee4cc4d7652964d83

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9320bb8889a12b007d04694f5772a1cc

    SHA1

    985fd529f460850c03c55803df09422694c4cea3

    SHA256

    7072d7639082728f8e4aba31534fbaaf73092d17dd08851864f38acaba29866a

    SHA512

    925022cd0067e92309d1a0bfa01dd073455a771b4c0507e36e3db65a288113ec1ebd802a503af7f1a14c182c97ce44c401ecdec47934b3ceb56cedc9c52cd284

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bcf5df1bc04526ea81b332a3aa38d77d

    SHA1

    1f0fa8a14e653b7f959bdc815ca039a97823d0f8

    SHA256

    8393c1f8f716831d7daf72245ccf724601f090de575c251a632690de46326869

    SHA512

    f78181259c9180850b05b47e935be8d03ad8067cae9438cccd544f250c19c5daf8715ca16e36eb459b3bb0c46dbffe6f1754ce819030e23bd6b27fa52cf522c8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ab3fe5d30cee54bd1d0d97111f964034

    SHA1

    2d73e7104815fff82d7ebb91f585d1478a740ea2

    SHA256

    7f41576f7dfc2866677cd1fdfe898f410621175ea1931097e342fe39f25a051b

    SHA512

    466770a58efad7e7c84d6b551c34b6e805f4c3e5fdcb712d71e50e3bc1b628ac755f57bc518cc29699e81498cff635297d99dc6c6536e513cecfe3c536a1447c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    185fd40a77bd4965ef48fadf210940c3

    SHA1

    898be91122d3c37159a27227de0cbc77771fa122

    SHA256

    ba6ee820ca4a7dd0c7cd2461e8e52436a662d4fc3f563a07f6fd42f4f25f154c

    SHA512

    93010bea9106edf252199216b88ecbeea9a86559e14f688ad330070ee3395359c358c04ea23a49a7aabc3b79fc0011ba6a9862cd3009f2e33b038ba0ddade649

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    18aea2cefe4a61066a5e6f5ca9e44dd9

    SHA1

    31b471e71f22ccd64802d7f1646d0cc3a38c7f88

    SHA256

    2149f75215ed2e1abf6ca48442f141c0bd7e193d899e0a2287f0a03ead2a3194

    SHA512

    0ff0af85a8bd265ecee5038acacbb879cb2bce4e484465b0a9dfbecb1e251dec8877c9b1de9241552193e09e5eefc34305ea6b5ba5fc9ffaec7e4b4264df3df4

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLSLTMYI\file_web_logo_32-b074c7d607[1].svg
    Filesize

    1KB

    MD5

    b074c7d607991bcee487b6bab7fe41ac

    SHA1

    b04ce477a18812918bc66f567b474261fa5fed46

    SHA256

    395427601a092f229ea1af00aec598e8b1f8028d200dd6b0cfd51a2639f6d647

    SHA512

    b82e671573d07b4630a2f0295c5be39399c242bb7f899065a2918e89e826fe703fe6a176fb223ee361601f03d505d3a45185d335c7b30220a9c19363ef48e274

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1738IZL\favicon[1].htm
    Filesize

    6KB

    MD5

    e32b3b13cce96fae72c7cd4f79b59aaa

    SHA1

    cc5dca90b34e18d328933dfe6a653e2c87820f93

    SHA256

    da7226a1e59c992dd99af8d191eaa04e7006e86763d7612387ec377bd6131e6b

    SHA512

    d5b00a3bd07d01f6adb24ac29bfb0c7286417e41a68ab66aae4b2b0a01f07321afacd43dd3ec07afe143d0c29dcb69f78e884e0775a509353be0f70295e1e731

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabFDA1.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFEDC.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Roaming\Downloader\libcurl.dll
    Filesize

    729KB

    MD5

    f28f2bc74c40804a95c870ea710d5371

    SHA1

    8654243c7de98a74ede2bcf45e8506f92e77d6fa

    SHA256

    cf6e5d1db6eb6965e639db3bdffaee8eb38c9a603ed5317e2e7c92e8ea7bdc1d

    SHA512

    2542aad8117f91a039d27fe4d844675dd88dc267cc8643c6b2820fc05ab1b02ee05c77d7bdc6d9f56a992572ab67bfaab32bda3b03947a2c7175cd16fbf5726b

    Download Submit

  • memory/1308-17-0x0000000075070000-0x0000000075180000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1308-19-0x0000000075070000-0x0000000075180000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1308-15-0x0000000075070000-0x0000000075180000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1308-0-0x0000000000400000-0x0000000001A96000-memory.dmp

    Filesize

    22.6MB

    Download

  • memory/1308-16-0x0000000075070000-0x0000000075180000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1308-23-0x0000000001B20000-0x0000000001B3A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1308-18-0x0000000075070000-0x0000000075180000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1308-21-0x0000000000400000-0x0000000001A96000-memory.dmp

    Filesize

    22.6MB

    Download

  • memory/1308-14-0x0000000075070000-0x0000000075180000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1308-22-0x0000000075070000-0x0000000075180000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1308-6-0x0000000001B20000-0x0000000001B3A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1308-7-0x0000000075081000-0x0000000075082000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1308-8-0x0000000003CD0000-0x0000000003D8E000-memory.dmp

    Filesize

    760KB

    Download

  • memory/1308-9-0x0000000075070000-0x0000000075180000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1308-1-0x0000000010000000-0x0000000010116000-memory.dmp

    Filesize

    1.1MB

    Download