Overview

overview

10

Static

static

5

a151ff5ee0...80.exe

windows7-x64

10

a151ff5ee0...80.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    21-12-2024 10:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a151ff5ee0b13bb17eb2560fbd4edbab58aae6e706e52797eaad0ec8c78f4380.exe

  • Size

    11.2MB

  • MD5

    e8e31de4b012d50dfa6a24ef79bcae07

  • SHA1

    5c338790931a7d7687f34733415a38ab9136a2f0

  • SHA256

    a151ff5ee0b13bb17eb2560fbd4edbab58aae6e706e52797eaad0ec8c78f4380

  • SHA512

    09122089f05507523bad9b34b4940da3426bfa6d32edd4e7cf0bc26f9e5e641e3bd4941844a68060dce459421425444bac863c18afad793e6b4a11d7502adbf8

  • SSDEEP

    196608:G3nvsE/kJozifAP8x6CD2AiozIqfDwW/Daec0cyURdZg46kHfmTYU15AOjvsAy:G3vTBxPI6CD2AlsqfDZ/DM1/gI/U15TO

Score
10/10
blackmoonbankerdiscoveryphishingtrojanupx

Malware Config

Signatures

  • Blackmoon family
    blackmoon
  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

    trojanbankerblackmoon
  • Detect Blackmoon payload 2 IoCs
  • A potential corporate email address has been identified in the URL: png@3x
    phishing
  • Loads dropped DLL 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a151ff5ee0b13bb17eb2560fbd4edbab58aae6e706e52797eaad0ec8c78f4380.exe
    "C:\Users\Admin\AppData\Local\Temp\a151ff5ee0b13bb17eb2560fbd4edbab58aae6e706e52797eaad0ec8c78f4380.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2060
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://docs.qq.com/doc/DV0lrck1MZUVBRXV0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2964
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2964 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2904

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    b3f2c907005f6f7ccbeea6ca7101c4ec

    SHA1

    08b3793ab99e2ff5932b59e29c025a89cf2a036f

    SHA256

    e0e5e229f5c407832d5174202ddf009e95f5946c4daba11be7e2f93b4acad496

    SHA512

    001ee4a62fa4b8391b7785416faf0671db133b7bdac2c217801c842dccbef2959cbcf66d6a5e61cb906b383c72468fa38ee15150187e7120d20f23223182f653

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3888eea95981c9deb7d433a1897621af

    SHA1

    5e56843f22dd5c87998021facf85fec363a8884a

    SHA256

    efaa8d0c900d05b585a268b120516144924ac2ba50de7db731e5501ce46f90a8

    SHA512

    64b3ea00d8a96033fc744a75ea6d02490b30e0af6da0608b93927d67f2d08c1db280159b404a3eaf6609e1ff58e2a3d8644072c7ed7d36e5f74e14b7bd8d50ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f9e07b32faf237a3f5078cc23572bc79

    SHA1

    b0be4094a4f9c080a8a1c2c8886a726fd1aa5223

    SHA256

    f548b91a7c1d081e31def5b96cef50095beb482f8bf0a191cb759ebb1ea5a0ce

    SHA512

    07d2e8139f43135ed6afcb4a8cc5530ff1b783455a9328dc5c4a349a34c489785a43ea97144c25e1c0e405d92cca97778b53af4c73856058be1af9777ba44efd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    de69ea5a452d4958a35e9148c4cc8f2d

    SHA1

    38be3f88ed76c462786f5389d68a4d1e8b93cf4f

    SHA256

    7b744436f70370b36e59ca4883b5d6173478a5dd075ba5f242b7b10e7263a775

    SHA512

    ad27dc265c307522265846dbd6754d513f353d5eaa96773a8d9962ae20f266720e6b514b3c50ddf6a4b2b87cda4901c5df21d9e2e6a0060a021769d04d41ba53

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ce44a1cb037122662b6d337a8e4cdd7c

    SHA1

    36b41d63138b5512a39147123d25740c19f96e98

    SHA256

    112a54be4d4403f5d61dd27bc80a132f6a6e5b005cceb3e98413236d8382f102

    SHA512

    15b0fcabf8cc8e01289d1d71fd09b50df740e6a656a1b475f8514d15163cbea791009676478e95266f7f7a2a1bdf55b01a9c22eb1720ec49f9e8ea9c81f74639

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2915c2ac8bced65963eef047c2be0c29

    SHA1

    89799b9713c7a55fae094db807bee557ab115502

    SHA256

    b6a4fcfde6143e683ae19762b19041ef9997ed812136d9546e9b40fc2aff97bd

    SHA512

    270396ea11005acbf83918533e094031afe6db0d134ccb8e48684e111255de74d644024fed54422ce1b28e5489526820a5bacff08b0ff32867c36427a5f15f44

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ea4a0668b10ccdaa2ad646ceffbb0ed9

    SHA1

    dfba3149d212a7c304e196aa47fbdf5f11da2c7b

    SHA256

    56ab86ebf827df57c14da8be260790306dbd46530e1eb6ac4618f1458306d5f0

    SHA512

    7e225d2c7b3cbda3f61cf46c0a9697ef94ac66cd766173e64c2b8dcb8ac493a7cb2242278f40fd4399b6a50f6dcc1edb17ebd32ef0314164de959c8e14dfece1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    83817d63db074a3fcaace1054123af9f

    SHA1

    59c2e0c59ebb5573222dd5b6dd92266324a91587

    SHA256

    47bd1c61ac117692c9552fcc9e23712e0b9963db176c2da089d7bc0e4f63c2c7

    SHA512

    cb313b1d4e7229ee387e07331ef7d1a1ff05b29718125a18b9bb3008f43aefc178e07ab14924ec01ea9b31cc2eba9868e232334b9447bd656b35b296cde54ec9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2ee5aa044c14efe39def0289530a2c78

    SHA1

    2ea15c75bc2780569e7db65e7c6a130091306afe

    SHA256

    fc0316ad0c5a2998d36f61994f69c867e7d4ddda52cd8890eda1566f1d3ef080

    SHA512

    5562c6776e1ba630fc4106a749bc69d5b74b173e3fb9275be08f4169b0748fb9779a6318a8df2717319311587289845c3f4dcb2246dfd9daafefb1de6318588f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c445f5cf24e29a8653906204d237ead5

    SHA1

    5421c06986a7486479262e0140c96b8cf27e983f

    SHA256

    444c15d48cdb7bb0d5253353a147c80cc46d9266a664809a4037c4056e931ba2

    SHA512

    f43804b0a3cf43bc54d88c05dd12e9f49e0935f3b6208928955eb89a3aa907b8ddc93b10bd02ecf0fddd72a54405520147c9114a969c1e3e64dbb8ae4a047ea9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9536b5b261885f48663f3e7f997a4abf

    SHA1

    81881bae57d6d8289647bf8ab586616073e3e781

    SHA256

    72e9c98418c4c6fb0f634f4473d344434a197a4b09cc5ec3fbd4d21763b4ace8

    SHA512

    4fa8d6360b04cd36a65ddb9c3a1b29a2b9890fe45c2934191e7e845b14076a15592630fd3818b2c9856ea65fcc8d4bbdb01940c36849c1c7589998249ea268a2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    662d9231f1717dd4501132df4aebfb95

    SHA1

    0a8b98ab4bcf7fde19a9191d195c6b99f99680f4

    SHA256

    4db5b7863952db17afc607a5a5c9150dfe189a58da08c8a3ac33c04f74ba8ab8

    SHA512

    6d55f1eba109be7aea38d5f3f22b8d83b04043ee966b15888cf1c71c30d97537409e508d8085b45ebdad078eb5e0bec4bd3c05f31221dc8a27dc84c7357bd0a8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    09059d67e53eee0e0e254073b5353522

    SHA1

    c2e71e590904882b1db08fe876156039f07a23f0

    SHA256

    b3aaf99ec51f97b786f915b24781eda2a9d18d971e5705319940eae39ec53c18

    SHA512

    8f1a9fd2ae02e050286bb92feb8428f682c05d192c62b200424be7ba685016816cfcc33e51ade220ec6e7bae4734ae981430b6952b85881f4be02202d40644db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cdb88cd4de1a78aa28d97dd6b7aab16d

    SHA1

    97b2b3c3f490b90410ae2d0cb4cf958a37e15377

    SHA256

    bd3dadd8543a3e8ff5eedc95dbab5c710163c563fe82afc3ad848e6360ade663

    SHA512

    403b1630a85bafe0087c88c127330d0f5594e17dc75a1924ab4be1dc23f269bfde9260c5e23da1dd1fc80b651601799462efbbb74e81b7fd287e13c8de7f8c4c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a6d8db7f28c80a8653e43a2306e8ad9f

    SHA1

    a7ec8ff65932ad1e5588ecafd5ff7c761ccda8d0

    SHA256

    7a13364c6232e88e56d7938b495d60c71aa26fc7843bbe2e3578dabc92c21331

    SHA512

    5cb51a641f9dd64b5b3ec1c66424ef04bd8b0b53adbf8642c3c823146ad1b8d04d5c6f374de03ba2ee7adcb3e727cf92d438db0446d4994e493f96302dd66493

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    811198d2471322d447a743d2763ccbde

    SHA1

    57eccebcc2c9e54fb58b2bcac52e9f0fc2bcb6ad

    SHA256

    829f6cb97f3efcf095cf09693a7ac35a61efb6615fac999d574da3388cd263a8

    SHA512

    153d454277b50dd8f83addcf29026bb19bbde1bc6e986a398a8a442c92020b1f957016d003cd8c1dd8b628fb6e0d0c34d71be76b8a916e0cccc4a087a3ae5093

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e214cac1da1dfcfab7a6f7ce4d915a9d

    SHA1

    5657b81f2fe2e9595d25193f377c905656366ff1

    SHA256

    2cda4fde8212bdef372796eef886ac40d82d7bcdbd1345e4617a6ac37b53b074

    SHA512

    0f07e3f7b5d5e43a8b95f12450cc54fa40e3c2de4971089d1246d999f67fb3b79231c0ce7d6771b52da169ebf3e7aaf41a8b1af422d34ddd71e3506d3e63f2bf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    70818b31bfea7215112d4fac34ee0bae

    SHA1

    4b8cebf4e28bbb54aa33bd0211e8b4d1042c0f6e

    SHA256

    c4b5ef256f6fa533aa6a560703f1bb11a76fb4b99b09349bee36bcd4c1c0955c

    SHA512

    785b5811e7236074675d3e70f203bb53c76c07d8ad9e8576ecbd76f8955da14772ca2f24066247d783429e07d0e684392d865f0eb4cdd8ce85927dbdd49dc477

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3fbb1a11c2c8abc3e6577200cac5cad2

    SHA1

    878ff8d9363473212a52269064670b22c2539625

    SHA256

    020a4f3cd184af11a6fd15ba35a5f5b72988754545427895f62c7c1cc5af399d

    SHA512

    eba49c191c2a8a6b008baefe846b43f7108d03c1bc1e60b325281ae713ee2b74ffc7ad0e7bd7e4106e33023bafa61e895a7afd9524c62b1d108d1777edb7ead0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    85ee600a153f7168d1a6af868ae7ae66

    SHA1

    f13cbe88c4244860dfc9c8d9b5ce3793f85305d2

    SHA256

    a9209519361644ec310473d3f39c258814a51374a0a5637e26c054ec72d43af4

    SHA512

    8bcaf02f6b535de45661cf17f8dc3e22261111ac64d683fc1762bd5283e27e1e779385104ba54a1b179db8c11e576d925bd0734aaeefccc220d02b3253a29dfa

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BCOPU31\favicon[1].htm
    Filesize

    6KB

    MD5

    e32b3b13cce96fae72c7cd4f79b59aaa

    SHA1

    cc5dca90b34e18d328933dfe6a653e2c87820f93

    SHA256

    da7226a1e59c992dd99af8d191eaa04e7006e86763d7612387ec377bd6131e6b

    SHA512

    d5b00a3bd07d01f6adb24ac29bfb0c7286417e41a68ab66aae4b2b0a01f07321afacd43dd3ec07afe143d0c29dcb69f78e884e0775a509353be0f70295e1e731

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT668XG4\file_web_logo_32-b074c7d607[1].svg
    Filesize

    1KB

    MD5

    b074c7d607991bcee487b6bab7fe41ac

    SHA1

    b04ce477a18812918bc66f567b474261fa5fed46

    SHA256

    395427601a092f229ea1af00aec598e8b1f8028d200dd6b0cfd51a2639f6d647

    SHA512

    b82e671573d07b4630a2f0295c5be39399c242bb7f899065a2918e89e826fe703fe6a176fb223ee361601f03d505d3a45185d335c7b30220a9c19363ef48e274

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2222.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2234.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Roaming\Downloader\libcurl.dll
    Filesize

    729KB

    MD5

    f28f2bc74c40804a95c870ea710d5371

    SHA1

    8654243c7de98a74ede2bcf45e8506f92e77d6fa

    SHA256

    cf6e5d1db6eb6965e639db3bdffaee8eb38c9a603ed5317e2e7c92e8ea7bdc1d

    SHA512

    2542aad8117f91a039d27fe4d844675dd88dc267cc8643c6b2820fc05ab1b02ee05c77d7bdc6d9f56a992572ab67bfaab32bda3b03947a2c7175cd16fbf5726b

    Download Submit

  • memory/2060-19-0x0000000076520000-0x0000000076630000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2060-23-0x0000000000400000-0x0000000001AE2000-memory.dmp

    Filesize

    22.9MB

    Download

  • memory/2060-15-0x0000000076520000-0x0000000076630000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2060-0-0x0000000000400000-0x0000000001AE2000-memory.dmp

    Filesize

    22.9MB

    Download

  • memory/2060-16-0x0000000076520000-0x0000000076630000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2060-22-0x0000000076520000-0x0000000076630000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2060-17-0x0000000076520000-0x0000000076630000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2060-20-0x0000000000400000-0x0000000001AE2000-memory.dmp

    Filesize

    22.9MB

    Download

  • memory/2060-6-0x0000000000300000-0x000000000031A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2060-7-0x0000000076531000-0x0000000076532000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2060-9-0x0000000076520000-0x0000000076630000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2060-10-0x0000000076520000-0x0000000076630000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2060-11-0x0000000076520000-0x0000000076630000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2060-5-0x0000000003E50000-0x0000000003F0E000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2060-1-0x0000000010000000-0x0000000010116000-memory.dmp

    Filesize

    1.1MB

    Download