Analysis

  • max time kernel
    140s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    23-12-2024 08:41

General

  • Target

    9088445e5a3de899caf9f0dcfa6087437984c641fda49d779613e0515819aa4b.exe

  • Size

    4.7MB

  • MD5

    efa2142d1354e4d7d0ba0eaa75440787

  • SHA1

    66f1d66ff515ca258de9afb777619085d72488e1

  • SHA256

    9088445e5a3de899caf9f0dcfa6087437984c641fda49d779613e0515819aa4b

  • SHA512

    86828dbe4b9eba3f0f4bd62e1d33ee6a8f02d474325385bd1d1083b22f728dbbe3201903a725501c54cee6cf29319a7ecc7643fcec040f8dd3ba169236a61099

  • SSDEEP

    98304:D5BS/oXPsRijK24N+JR+s1JZcmABdewsx+Hen6A:lBdPs4jN4gJRTJZxABdewsxNn6A

Malware Config

Signatures

  • Blackmoon family
  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

  • Detect Blackmoon payload 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9088445e5a3de899caf9f0dcfa6087437984c641fda49d779613e0515819aa4b.exe
    "C:\Users\Admin\AppData\Local\Temp\9088445e5a3de899caf9f0dcfa6087437984c641fda49d779613e0515819aa4b.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:2392

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2392-0-0x0000000000400000-0x0000000000A3E000-memory.dmp

    Filesize

    6.2MB

  • memory/2392-1-0x0000000000400000-0x0000000000A3E000-memory.dmp

    Filesize

    6.2MB