Overview

overview

10

Static

static

5

76957ecc41...da.exe

windows7-x64

10

76957ecc41...da.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21-12-2024 00:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    76957ecc41ecb79f95acb81bafb815c37f3b4ea70105aec32cc4ce5ff5a944da.exe

  • Size

    11.4MB

  • MD5

    3ab4f5eb9660bab9d2dcd387cee26400

  • SHA1

    fea17b1d8ff4ee7f4bc323cf2df70ed5b94e615a

  • SHA256

    76957ecc41ecb79f95acb81bafb815c37f3b4ea70105aec32cc4ce5ff5a944da

  • SHA512

    e015f84d341d4d966722eaf66050053ef802b15a8b4e5118221866c0ee166568e2329c8d65372336d4f2f45e420b0f5e358b003c05854b31af93c045a937ed6f

  • SSDEEP

    196608:Hk6EtwqOCyrIZWD0mjwUOejqWbt3zruQEHrIsymXK0NiUAq0nOhCIK3idX3jyRLk:E6UwqOvQQ0mBXjHpuZLvXHpApCCl3i9F

Score
10/10
blackmoonbankerdiscoverytrojanupx

Malware Config

Signatures

  • Blackmoon family
    blackmoon
  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 2 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\76957ecc41ecb79f95acb81bafb815c37f3b4ea70105aec32cc4ce5ff5a944da.exe
    "C:\Users\Admin\AppData\Local\Temp\76957ecc41ecb79f95acb81bafb815c37f3b4ea70105aec32cc4ce5ff5a944da.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:876
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://jingyan.baidu.com/article/93f9803fe0b0eee0e46f55e1.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2864
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2864 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2788

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    148aa00ec35176e738363543db435af4

    SHA1

    318fb526dd61cbae96c3b044e933d0caa149484d

    SHA256

    f38f259dac9ecf6970960517352213e17aa51c9b124836524536d546155d5741

    SHA512

    9e8c280798e8db2224acec61dc733dc6358ca8bdf470913588c017ba97336df5eb35b21c45bbda953f4bd2907613802153b315d7de2b79bfca17c55f8b22a355

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    71f98d68139dad1571e8cd3b08ac8f73

    SHA1

    d0efe50294002eb5b0ec6628a9950d6d89143586

    SHA256

    d4f2664047dfce07871153808060699c0224cd2de8327bf0721957f6cc5874c3

    SHA512

    f3f17547f7f939d19c1acd52da6797dc07c22715ff0ccb6fe56ab77df64c18f2ce987db43f78d9c4ed27e4749779f0a5b6241bb53c0fc22a982b4edf9c87d640

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7c80b4d63761f49429e7373452bcb717

    SHA1

    37231962e24a0348403bc906cc3d1755cd802ed6

    SHA256

    dd7e6ff9e28213d25508653658e21923dcf1218865e87c2a683138f460631d95

    SHA512

    e8337544187dfdaad0c6fef1aa9a5cbfd59d90d61c9d996688487a3a34d831c3d73e48de55f046e15a0d5e206b0d2cedc491f608d6935cbc017af8771a664517

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    54805cd2c3a232555597b0eeb53600ab

    SHA1

    134399094908f587fe9f34436fd2823b0d0a650e

    SHA256

    77c27a4addb16ccdc9323911cf6e4ff74b0bd9a604acf61ff920bee5f585e037

    SHA512

    f401f9df6b5694501ba85d533f0b22c589a64dcef2b8ebd8e6963ba628c1f0e5ede333673ce3e9e71d66e37a453bc66e465165457700e8f97c1554f78fc681d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2d2d6eef1abd40729c8ba7038d51876d

    SHA1

    ae14f7d11f6cd314d4e9baa4c723fdb662207921

    SHA256

    5d8ec9b8fcc2a0d9fee85d8b7363b738b2330ebbfc1bbbfc855f2bc830f2545a

    SHA512

    a2a83f3a495f421b8c211e19a03d678947838970b6855e0d0373b77d90b5f1ef5de049b864da5211087ffaaea276895c4c58ba9af87caa2e3edb406ecb1d5206

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7f4f3107ff790528f4feef379ec48c9e

    SHA1

    1a725d299f5c551b54be8d262f93498b18d87cc3

    SHA256

    eca59bfad5eec626625ed949b51c3b544e979afd16360e65f0108a563f46b983

    SHA512

    248e91f8ad6f5a989d108f9aad583f644966fc2c423f00b3f58ae36ec221d52f72fc5f495d7679e65ff98c15de3cbaa267b9e7763d53aa1baa48e7362a4c0824

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    14bdb80dfbc8cb79a07f1367c316c717

    SHA1

    04021f5ed26b99c175e6d85b1e91fa3236a9ac90

    SHA256

    e4038bd47fa8fba65a80ca3036212cd01645af263a3aa265b55e2655b18df3e4

    SHA512

    19981173b32ffb0712c2e94731edd051655356bb115e17a11d058746dde7cf85499fc63784679880b9626fe5fe830367087378c4fb720f28d988821b2781c34b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    47c4c619ded04a6fe73485045260a0a5

    SHA1

    44371099d25bd0f005adb93e3ff5b774f8f7c061

    SHA256

    08385aae4c6c1c3acbe595f6bfa04810e1b03692c53c33fa6f4b7aaab095a1d3

    SHA512

    40404a97429d2f7f2f9873bf5fd0c84416d3f743387c0a16088b7979042bbad88c06b5404f13c9cc7ed5cc60a2924fd7a9751f9a27b3fc4fd1734e206bd1e1fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    141995d15d445ac49cd1cfe631829746

    SHA1

    777b3604c7f7a10b143644a85c15481c7e9dcd8e

    SHA256

    4240f30085eda68133b70734a44076b187983286a177590f990a49f6e78bf71e

    SHA512

    c977fcd0376fee870a66388f5bbf762b3bf5fcf3a0da61bbffc39aa185d5ca387bd9d91254c7255df59158b73de0181282decdd199b029fc52863c588e26e525

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1a8c75ab8d701b7086dec0faf8ac7be8

    SHA1

    a9f2b75c6db1007aeaf9d8c08ce61e753d763ff4

    SHA256

    e62283606b6a33b9be2e9b63edca1042f14f38946120d016fe9dae2001c75689

    SHA512

    f6128d167939c5f6a7c008b8d836bfca529139c7cd202a820069aef8c3bc59e9225655247c1d97b1d9086950f815a57a6e3de85805d9f1f7af63780f7846e6d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6fb82fe2522363e2271ffffc6c52c309

    SHA1

    d7e2521ef7511b8056a4cc9485fea403270590cb

    SHA256

    4fe05b1366f0af7bc78dcd438f1f00a28eca9baddda5fccb883b8247a4ed254e

    SHA512

    c6fca565e9ec897109789bf62c4828edf1ff18c3b0ab054d32545cc41bb27de393f2cd18ba09d32082d0b94cde74f2cc60788bf9744f4569e5bb843ac523a2c3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    03c9de617580dec9ad8473166d314c87

    SHA1

    70398237683537f4395c2ebefc860d1c42965b72

    SHA256

    46761f1a72c9eb6c58888ef226fd78422a642a9c760753757ee966dc9edf6bbb

    SHA512

    08013c4a3d69e1badf264de4dfb6ccfc34f3a054ce8f29a45a28853eb3fc855541d34c643986ca067121b9092b46f926f1bfeac4c32d44fb5c0c35fd244f0eef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9490adce28a7211c496f3b1e8c7fe81f

    SHA1

    753884bfcd335a860572e3d4d8d412b2558ee021

    SHA256

    21270ce3b212b2b49b87088b1a8e468654f6234e9ffb3d87d0ef51e4e0e07421

    SHA512

    0f567348ac39530e7c15d01bf9aff6521dc6cd44de15a7f35fcd391879c32de112f1340054971b421c9ad27908574af0308f8be1199f11e57e5807ea85607b09

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e490e9d778d96fbb40f9ec04c19cc77c

    SHA1

    1866138c5b8b0c740e5379c1f497ce98e129ccbf

    SHA256

    c3cb450240e31357bad80ee6937918d7ddeafbab19da6f94007e42c17082da3b

    SHA512

    6d1280af7f3aad39c3f603d19e57035a5605cad57288a8dbe374dcefeea581b1bde20367c9267151cb2ce7e32433e0956d6266e29f6dc457d6d53316d066e078

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    201c9bfa52ff5945ee654de5c628b865

    SHA1

    f1707e522ab0c377524de4039f2a273b53b7ee10

    SHA256

    9ecdd8b8c62e207d2bcc27299f3c27c8485d158bb8b28835ad87f6c6e42f7fd0

    SHA512

    ffe2200b1967e3e181d7bc34d642327a1db556291713b3a6ca08b2d17a177afad165e65a26067070dec34cc173376ff40c0d49c3370915738bb2ab2c62077925

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    49111e722d434b56be5ee5aa17d05219

    SHA1

    0ab965b9d806fb86e74e49004e6949d02db4a571

    SHA256

    b906c610895bf5af5f6586f59ecde5182adaff13af560f415a434b3069bdb385

    SHA512

    bc9a0bb6e364e483c4b8a0831abb07f7758a258f5dfd61819a492368bd0961c144ce1e9e9ea094bda5ca8df92385004f2e69b5603a08bbe846f9f942cf02b81e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    94e9ca9cb4caacd104771aad8c7bcf7a

    SHA1

    9d2f9d3a3c4782921d76242ff428f6e2b80921b8

    SHA256

    c966acb73367a7cc0506c68c1f1be74e23cd67d073f18cba4d6e7cee2ac148ff

    SHA512

    cc7f5666b5d6668345fb89e1d854ae0e0b8680a3059fe866d2153dd418cf37f1c6eaea387bf821a89d63992a966ce018595056c60bf4f89734fc29fe2791655b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cbedcfb263139375dfbdc602eaa22960

    SHA1

    5f576a38b101d1db11f5a32837175827acaa573e

    SHA256

    ffffab8a62bdb2fdc0f96afb4d3a209fad0ff75d53fcc5f9434621be307f8200

    SHA512

    d0a4d4c8825d6f12ac8c88a9ce7fcbadede6be8b27e127ee1408e1e5e6d24a0f501dd7770fd440adaf50c0a1388af69c3463adf8c4d4e2048aee0029c8f99aae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    66eca2494f5ccfd19b09430cb5dfe48d

    SHA1

    3722b6c3c2d60a11dc8b037da573b831f1ef8bee

    SHA256

    b870a4f9e8c6f233e37ac00aaffec6a10d9bf30142628e9afdfffda84ac4d70a

    SHA512

    ba7f83d34c3c344c5d44af785ee7f336eaf57d3d893d80597411dbbad50814b48e868f0879f4d4f0dcb749b835bf38db29222bab1a5512af399a8dece57effc8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabECB2.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarED60.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Roaming\Downloader\libcurl.dll
    Filesize

    729KB

    MD5

    f28f2bc74c40804a95c870ea710d5371

    SHA1

    8654243c7de98a74ede2bcf45e8506f92e77d6fa

    SHA256

    cf6e5d1db6eb6965e639db3bdffaee8eb38c9a603ed5317e2e7c92e8ea7bdc1d

    SHA512

    2542aad8117f91a039d27fe4d844675dd88dc267cc8643c6b2820fc05ab1b02ee05c77d7bdc6d9f56a992572ab67bfaab32bda3b03947a2c7175cd16fbf5726b

    Download Submit

  • memory/876-18-0x0000000076670000-0x0000000076780000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/876-19-0x0000000076670000-0x0000000076780000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/876-23-0x0000000000400000-0x0000000001A91000-memory.dmp

    Filesize

    22.6MB

    Download

  • memory/876-22-0x00000000003E0000-0x00000000003FA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/876-15-0x0000000076670000-0x0000000076780000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/876-17-0x0000000076670000-0x0000000076780000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/876-21-0x0000000076670000-0x0000000076780000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/876-0-0x0000000000400000-0x0000000001A91000-memory.dmp

    Filesize

    22.6MB

    Download

  • memory/876-16-0x0000000076670000-0x0000000076780000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/876-20-0x0000000000400000-0x0000000001A91000-memory.dmp

    Filesize

    22.6MB

    Download

  • memory/876-6-0x00000000003E0000-0x00000000003FA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/876-7-0x0000000076681000-0x0000000076682000-memory.dmp

    Filesize

    4KB

    Download

  • memory/876-11-0x0000000076670000-0x0000000076780000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/876-9-0x0000000076670000-0x0000000076780000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/876-8-0x0000000003C90000-0x0000000003D4E000-memory.dmp

    Filesize

    760KB

    Download

  • memory/876-1-0x0000000010000000-0x0000000010116000-memory.dmp

    Filesize

    1.1MB

    Download