Analysis

  • max time kernel
    141s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    24-12-2024 16:44

General

  • Target

    c5ef29745995c404dd8eb3a02f29330b3aaeb8060388bd210acb20122a0a2bf2.exe

  • Size

    4.7MB

  • MD5

    94e7602230543d6e5cc6d122f01ae611

  • SHA1

    ffe70dff33c5d45a61e86ada32abe2ac604b2f85

  • SHA256

    c5ef29745995c404dd8eb3a02f29330b3aaeb8060388bd210acb20122a0a2bf2

  • SHA512

    5dd1a9e2aa9e853ce1eefcf994cbba6735fbe95e4b13be8164484bf9586b62f840205c923cea2c2cec154714524e6bd2d5bb861ccad94ca83fda78d3d884ebe6

  • SSDEEP

    98304:lBoyZysARdeyijY9UKDfms5guIiIkCrVq+MQZeSFemTWZbQZbWuFzr:l+uRADerY9xDmsaoel3ZeSgnZ6bzzr

Malware Config

Signatures

  • Blackmoon family
  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

  • Detect Blackmoon payload 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c5ef29745995c404dd8eb3a02f29330b3aaeb8060388bd210acb20122a0a2bf2.exe
    "C:\Users\Admin\AppData\Local\Temp\c5ef29745995c404dd8eb3a02f29330b3aaeb8060388bd210acb20122a0a2bf2.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:2452

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2452-0-0x0000000000400000-0x0000000000A3E000-memory.dmp

    Filesize

    6.2MB

  • memory/2452-1-0x0000000000400000-0x0000000000A3E000-memory.dmp

    Filesize

    6.2MB