Analysis

  • max time kernel
    141s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    23-12-2024 11:47

General

  • Target

    3ca33988e6ca32866b1b731e829f7ce749027d34fe8bb43ab234b8d29bd86e5b.exe

  • Size

    686KB

  • MD5

    1c3549129700ad7baadf8bbf9bde2772

  • SHA1

    78c081226fd93bda88a153c0dffafb1546bf1127

  • SHA256

    3ca33988e6ca32866b1b731e829f7ce749027d34fe8bb43ab234b8d29bd86e5b

  • SHA512

    751b8c65019d185c6236fe86e435da7c3c22aedbe3b3708d3cc30e7ee95835fcf0aac19267f45b2473f1dacf924eb4f86ff747e6db2a4571f585667487cdeb44

  • SSDEEP

    12288:XQn/9f9uJlapMQ7jvLx3GXhNHdf9usVpzhW2b7+UHOTRRbSJB8NoyoS:oFf9uJEpMCjV4T3jhln+I4u

Malware Config

Signatures

  • Blackmoon family
  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

  • Detect Blackmoon payload 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3ca33988e6ca32866b1b731e829f7ce749027d34fe8bb43ab234b8d29bd86e5b.exe
    "C:\Users\Admin\AppData\Local\Temp\3ca33988e6ca32866b1b731e829f7ce749027d34fe8bb43ab234b8d29bd86e5b.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:1920

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1920-0-0x0000000000400000-0x00000000006E8000-memory.dmp

    Filesize

    2.9MB

  • memory/1920-1-0x0000000000400000-0x00000000006E8000-memory.dmp

    Filesize

    2.9MB