Overview

overview

10

Static

static

5

781dffc78d...4b.exe

windows7-x64

10

781dffc78d...4b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21-12-2024 03:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    781dffc78dbc31aa8a397263fd50d2392b6a2bc463f6f8cead63edb05efd6d4b.exe

  • Size

    11.8MB

  • MD5

    2a50547b0862c3670769f025619058df

  • SHA1

    dc4044527ffe0a2e3e231f9bbe725f4af7960e6f

  • SHA256

    781dffc78dbc31aa8a397263fd50d2392b6a2bc463f6f8cead63edb05efd6d4b

  • SHA512

    7285260186f2b513bc43178d79f3e6f61f0c5c499db0eff0cb7ee6a0b24da7af076b46f3e0bfb7a6f094d750276b0bbfa77e216896c5e817c6429a03919a2ebf

  • SSDEEP

    196608:Bx0n65dYHadykfgxPFbks7zmELJvBJzzFflbWYzchp8IZTV56srubyohJny1hcGK:g65dLuFb9GELJ5Jzpf4icsIZTPibdGK

Score
10/10
blackmoonbankerdiscoveryphishingtrojanupx

Malware Config

Signatures

  • Blackmoon family
    blackmoon
  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 2 IoCs
  • A potential corporate email address has been identified in the URL: png@3x
    phishing
  • Loads dropped DLL 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\781dffc78dbc31aa8a397263fd50d2392b6a2bc463f6f8cead63edb05efd6d4b.exe
    "C:\Users\Admin\AppData\Local\Temp\781dffc78dbc31aa8a397263fd50d2392b6a2bc463f6f8cead63edb05efd6d4b.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1860
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://docs.qq.com/doc/DV0lrck1MZUVBRXV0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2088
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2088 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2744

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    2d14f18c90ff289c8f5411771afa7cd6

    SHA1

    7e13e0c36bd66b4699f7aa15aec87c8862b32545

    SHA256

    47def51edfab7dcbcadf9e6d51a6ee1fd633b0dd8d5ba08eebebe9cfb0887ddd

    SHA512

    618e899db7b046e79a6e3c994fadf132a8f2a176f61385b886a0f05e8d7661ca1260d28b4c2d89e653cbb83508313740d8ba56dd4e54207dd178edaec340ee56

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    89cc97aa1648f9546a23d784c82c5f64

    SHA1

    e587965adf5f48cc7d3fd2b7e1514673d97667e8

    SHA256

    c0f35363039cfeee9ae48a3eaffcba832be28255beb8d25042e40c15265a2599

    SHA512

    41a000be6277a50fb67f55664e1f5d3a19ce4edaf0ec3dd416ecd644ebc6b90b525bbe38de5478a331d8878475c6dd3d988e84d42ba4428a26bf6409ae5d0222

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    122c7058336cc19351d55bcd15f33ced

    SHA1

    67ed39faf9adb6fceefbe4f63c33b953f3c783bf

    SHA256

    93d85a81847568e22f080cb3cd7e4f75aa93bcf1fbf5753c7c7b2578ee55f312

    SHA512

    61dd0e7c7d67664accd7a4ee9cd2f4d63b83385ac8b54f59eeec52217461c59b9a1c067e544a9d66dbf7b73d13bd3b0d7dc05751381e47046b5b5f069e73bbaf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9a8f1c7189d7ea710c229f1fa239f13c

    SHA1

    753da1099b899c0c2996b927ecb11dc49d0828ae

    SHA256

    46ea07e63f7b9841e276775a7197ab81b7f9f14cd4417d8d619ece56f8d71898

    SHA512

    a0ca12ede99ff0769b77b4258001bf4811e454c5e7a996d69febb0986aec10565a4c56e14ebcccf33f7ff19652cc0b76f631c939061239d54429767eb40287ea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    078c5254530a3971b7b20f82366468a5

    SHA1

    7cde773b29c6e1e4758d321891103750b24b9e3c

    SHA256

    34f7cd78d80e924054be3a51258b943a70e7cf0562bd9445881554e7687e80be

    SHA512

    82bebe57d571b15954f6567caebacb42af2fe5d944dffcaa66a34b746090e428b66ddd2d1932e96d5a587bb7bac268dfdfd36512387ca14769954b54ea750b6a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bfdaf874b6c2c525b626795a74afe649

    SHA1

    4e80ef7d5ac188415408acd45139d2753e413a29

    SHA256

    c856119d062af5cf88ad862263c78e87847ca1f49e55d257072918429343d701

    SHA512

    706aca580e64989ce79e4947c9047c56685f10087504ec4a04de9764199e1808200317bf0836fc35630f13a884cdbde31a3c2aee336e563d23c8a7a3be492a63

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7949feaa051c2414b977035f6e7febef

    SHA1

    053336b4da15c9f6a8f20523bb8c3a4f8da06b25

    SHA256

    8c9e993651e13b63962179e14fae6e0907d035964ba85b62a1c11219a4694043

    SHA512

    206d28764790a3d67f9ec929763de2ba04d581f5e4977a2df46194a3d504d64e125e94b53393548dc1b0d6df90533ac20cfe5eaddbdd68f3a7fb4631fdbafd2a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f30cb9eba6bd72eab91b41da0b26119f

    SHA1

    21271c7a40057e632711639a7139ccdbbe887fbd

    SHA256

    2ca2f4709d48b50e3e71f4686034f77da58cad9ec32660396783d2778b9cb386

    SHA512

    6ac6d567d875fc630f1b23d9f30198c57dff7b917b9ee1e68f3f0379988ef455248eb20f39b1c07940b35a1229665bc4bfc3c743219c92b0f0549e53fb9aa9ba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3abbaeff47bf8f4a7be8292bebee438b

    SHA1

    c1adc329ac94391d3009874bac54e9ded122b163

    SHA256

    a69b6b9af4f40089c4ef8391e8ba6e9f58bf66135d99fa6b81fa4b0147fdb393

    SHA512

    e3fcbd562d52f29640dc5287bd5c11a4add80b3b8678b77697c67d630a13e983aa38a7cb9ffb82726c954f8b812c409e7332b1372562ff3ff4d8d419c127d520

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ac94948d57f8d940e136c11e6e6aa8af

    SHA1

    07fbe581c49ad354f429e968b4663b467074c1b7

    SHA256

    ef86a205e418a4ac6f221a1d96a4a569cf829fdca79050b4024832988397e864

    SHA512

    c52848b937ee20722c0fe51601962c273f9aaa757c7a60291b5ae9c29e65ed9e3742e8c94a0a69d0568ae6f11e0ced43bc5766064257f7678548fb1f5b179033

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8e2b66395951995639c946b9bea1c4ad

    SHA1

    9d1ebb2a480778136efc7dba3dcf2cdb18d3ef52

    SHA256

    fc7b3ceb12cffe43c62e932fa5a88a300372012b21cba72c397e8bbf36f27568

    SHA512

    45343c4e883d63bb02dba18266c66db4a160ac11b4ddd289ce3a986527b08daa2dd7e781de99acad0a8d53e2843a8db8c6d288afdf5cdeccb0f987b68389063a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    30c8f81561c7bc617068d5699dfbaacb

    SHA1

    7af2c49a457ded6e659f436aeac210d5a9568f07

    SHA256

    3a144862a9c17eca39bede566e85e1803ff6c65bd445795fd32578abbecf2b73

    SHA512

    0c591ca992c0514b70f3cfba08ab4d8b2102d7d2acd44060810afc6484d2beb3f670cd9e271f3123f06b3294edc40b668b79ee37948ac78df2e93230f63c5c75

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e16b057fe05c2411aa12d9929d5eb27b

    SHA1

    3512c3783a29dd15d286b5d7c5c4224ea82da809

    SHA256

    e516bd90b29b83d4db0ae1f091dfba36d14a1f516b1ea0fd18ec8bd4fc2fffac

    SHA512

    c8d662721bbeedb6462dea992266985c0b36bc57177d22778f268b28880decf9ed87c581ef49162959f960cb8360eacaacaf598477c2482a6ee9f0a05a6e7c0f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    694019c9a64a18f8cc156b56e43cec5e

    SHA1

    8f48aa295f8bd3a2bbe6713296c72d232536d28d

    SHA256

    d4e97041903d381a1b0b6d965ea7dd0adc3dd1cee1c8d112dae7ba70f77498e4

    SHA512

    80effc21580fa4cbb9c8318d4af6072f250adee3f30618b141705c3b16457fd363a318ba66ff2147c121bf7a365dc4b322b491a8d64cec9a5bd74ceeb4b6bb4c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQQODH7V\file_web_logo_32-b074c7d607[2].svg
    Filesize

    1KB

    MD5

    b074c7d607991bcee487b6bab7fe41ac

    SHA1

    b04ce477a18812918bc66f567b474261fa5fed46

    SHA256

    395427601a092f229ea1af00aec598e8b1f8028d200dd6b0cfd51a2639f6d647

    SHA512

    b82e671573d07b4630a2f0295c5be39399c242bb7f899065a2918e89e826fe703fe6a176fb223ee361601f03d505d3a45185d335c7b30220a9c19363ef48e274

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROLMKJ86\favicon[1].htm
    Filesize

    6KB

    MD5

    31427df76858300902a30522c179ddc3

    SHA1

    8e980bb98c9b0f1e39dd07ff76e6aa28453d519d

    SHA256

    88fb174d6c96ac128c22042bf8bab853373feb921fa35dc9f114aedf9041d614

    SHA512

    c34fed67462ef2dafe2a2f095c3703887e817443131e8be38775eb5e602cd3187bdf20c3157c18c348571d5e82e67c585b8b188d9e60c0b79900da55b19caa83

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF0D5.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF0E8.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Roaming\Downloader\libcurl.dll
    Filesize

    729KB

    MD5

    f28f2bc74c40804a95c870ea710d5371

    SHA1

    8654243c7de98a74ede2bcf45e8506f92e77d6fa

    SHA256

    cf6e5d1db6eb6965e639db3bdffaee8eb38c9a603ed5317e2e7c92e8ea7bdc1d

    SHA512

    2542aad8117f91a039d27fe4d844675dd88dc267cc8643c6b2820fc05ab1b02ee05c77d7bdc6d9f56a992572ab67bfaab32bda3b03947a2c7175cd16fbf5726b

    Download Submit

  • memory/1860-18-0x0000000076040000-0x0000000076150000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1860-16-0x0000000076040000-0x0000000076150000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1860-23-0x0000000001A90000-0x0000000001AAA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1860-20-0x0000000000400000-0x0000000001A8F000-memory.dmp

    Filesize

    22.6MB

    Download

  • memory/1860-19-0x0000000076040000-0x0000000076150000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1860-0-0x0000000000400000-0x0000000001A8F000-memory.dmp

    Filesize

    22.6MB

    Download

  • memory/1860-17-0x0000000076040000-0x0000000076150000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1860-22-0x0000000076040000-0x0000000076150000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1860-15-0x0000000076040000-0x0000000076150000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1860-14-0x0000000076040000-0x0000000076150000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1860-24-0x0000000000400000-0x0000000001A8F000-memory.dmp

    Filesize

    22.6MB

    Download

  • memory/1860-7-0x0000000076051000-0x0000000076052000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1860-8-0x0000000003DB0000-0x0000000003E6E000-memory.dmp

    Filesize

    760KB

    Download

  • memory/1860-6-0x0000000001A90000-0x0000000001AAA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1860-9-0x0000000076040000-0x0000000076150000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1860-1-0x0000000010000000-0x0000000010116000-memory.dmp

    Filesize

    1.1MB

    Download