Analysis
-
max time kernel
120s -
max time network
108s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
26-07-2024 09:00
General
-
Target
b1e79a7f79514e48516a1d619d74a010N.exe
-
Size
272KB
-
MD5
b1e79a7f79514e48516a1d619d74a010
-
SHA1
cdbdcf4d32a309665d298e63137b50063d9f9dd4
-
SHA256
a8e2340c42091c8190e126fc0bd8bde2715bac7000eecb77b3a8a6866f842746
-
SHA512
a4cf18ce6a4fc695db9009612b9aa7ce786c47b463ffd05a1caf6402c410fc55a05d027c6db1ea3a1fdf0b5fb19b9fdb5aaa95d52e2efc4fcb5b4c316b88f83d
-
SSDEEP
3072:LhOmTsF93UYfwC6GIoutVwT0JOfZKldUIbvpynrSPBPOY4W5oo:Lcm4FmowdHoSVwT+aZKlumArSPBPJH
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b1e79a7f79514e48516a1d619d74a010N.exe"C:\Users\Admin\AppData\Local\Temp\b1e79a7f79514e48516a1d619d74a010N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\thnhbt.exec:\thnhbt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdvd.exec:\dpdvd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxfflf.exec:\rlxfflf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrllff.exec:\llrllff.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvpp.exec:\dpvpp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrllrxx.exec:\xrllrxx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbtt.exec:\hhhbtt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrlllr.exec:\xxrlllr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbbbb.exec:\thbbbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpp.exec:\jdvpp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthhhh.exec:\tthhhh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlffllx.exec:\xlffllx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjj.exec:\pjpjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbttt.exec:\tnbttt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvj.exec:\jddvj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xffxxfl.exec:\xffxxfl.exe17⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\5pvpp.exec:\5pvpp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxrrrl.exec:\xxxrrrl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppdd.exec:\pppdd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppddv.exec:\ppddv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxxrrr.exec:\ffxxrrr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbbbb.exec:\htbbbb.exe23⤵
- Executes dropped EXE
-
\??\c:\5rxrrxr.exec:\5rxrrxr.exe24⤵
- Executes dropped EXE
-
\??\c:\9thhnn.exec:\9thhnn.exe25⤵
- Executes dropped EXE
-
\??\c:\pjpjd.exec:\pjpjd.exe26⤵
- Executes dropped EXE
-
\??\c:\3rrrrxx.exec:\3rrrrxx.exe27⤵
- Executes dropped EXE
-
\??\c:\1jpjj.exec:\1jpjj.exe28⤵
- Executes dropped EXE
-
\??\c:\7xxrrrr.exec:\7xxrrrr.exe29⤵
- Executes dropped EXE
-
\??\c:\hnnhhb.exec:\hnnhhb.exe30⤵
- Executes dropped EXE
-
\??\c:\lxrrlff.exec:\lxrrlff.exe31⤵
- Executes dropped EXE
-
\??\c:\bttnbb.exec:\bttnbb.exe32⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\1vdvj.exec:\1vdvj.exe33⤵
- Executes dropped EXE
-
\??\c:\3htbbb.exec:\3htbbb.exe34⤵
- Executes dropped EXE
-
\??\c:\dvddd.exec:\dvddd.exe35⤵
- Executes dropped EXE
-
\??\c:\lxrlxfr.exec:\lxrlxfr.exe36⤵
- Executes dropped EXE
-
\??\c:\xrfllll.exec:\xrfllll.exe37⤵
- Executes dropped EXE
-
\??\c:\dpjjj.exec:\dpjjj.exe38⤵
- Executes dropped EXE
-
\??\c:\vjvpv.exec:\vjvpv.exe39⤵
- Executes dropped EXE
-
\??\c:\9xxrrll.exec:\9xxrrll.exe40⤵
- Executes dropped EXE
-
\??\c:\7bbtnn.exec:\7bbtnn.exe41⤵
- Executes dropped EXE
-
\??\c:\jpvjd.exec:\jpvjd.exe42⤵
- Executes dropped EXE
-
\??\c:\lxlfxll.exec:\lxlfxll.exe43⤵
- Executes dropped EXE
-
\??\c:\llfflrl.exec:\llfflrl.exe44⤵
- Executes dropped EXE
-
\??\c:\hbbhhb.exec:\hbbhhb.exe45⤵
- Executes dropped EXE
-
\??\c:\vvjpp.exec:\vvjpp.exe46⤵
- Executes dropped EXE
-
\??\c:\pddjj.exec:\pddjj.exe47⤵
- Executes dropped EXE
-
\??\c:\rlrflrl.exec:\rlrflrl.exe48⤵
- Executes dropped EXE
-
\??\c:\thnhbb.exec:\thnhbb.exe49⤵
- Executes dropped EXE
-
\??\c:\vjvdp.exec:\vjvdp.exe50⤵
- Executes dropped EXE
-
\??\c:\jvdvv.exec:\jvdvv.exe51⤵
- Executes dropped EXE
-
\??\c:\flrlrrl.exec:\flrlrrl.exe52⤵
- Executes dropped EXE
-
\??\c:\btnnhh.exec:\btnnhh.exe53⤵
- Executes dropped EXE
-
\??\c:\7tbttb.exec:\7tbttb.exe54⤵
- Executes dropped EXE
-
\??\c:\jvjdv.exec:\jvjdv.exe55⤵
- Executes dropped EXE
-
\??\c:\lfrlfxx.exec:\lfrlfxx.exe56⤵
- Executes dropped EXE
-
\??\c:\1ntnhh.exec:\1ntnhh.exe57⤵
- Executes dropped EXE
-
\??\c:\ppdjv.exec:\ppdjv.exe58⤵
- Executes dropped EXE
-
\??\c:\5pvjv.exec:\5pvjv.exe59⤵
- Executes dropped EXE
-
\??\c:\lflxlff.exec:\lflxlff.exe60⤵
- Executes dropped EXE
-
\??\c:\hbbtnh.exec:\hbbtnh.exe61⤵
- Executes dropped EXE
-
\??\c:\hhtthh.exec:\hhtthh.exe62⤵
- Executes dropped EXE
-
\??\c:\vpvvd.exec:\vpvvd.exe63⤵
- Executes dropped EXE
-
\??\c:\rrfxfxr.exec:\rrfxfxr.exe64⤵
- Executes dropped EXE
-
\??\c:\flfxrrl.exec:\flfxrrl.exe65⤵
- Executes dropped EXE
-
\??\c:\nthbtn.exec:\nthbtn.exe66⤵
-
\??\c:\jjvpv.exec:\jjvpv.exe67⤵
-
\??\c:\xrxllxf.exec:\xrxllxf.exe68⤵
-
\??\c:\nbbtbb.exec:\nbbtbb.exe69⤵
-
\??\c:\9ppjd.exec:\9ppjd.exe70⤵
-
\??\c:\rllxrfx.exec:\rllxrfx.exe71⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe72⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe73⤵
-
\??\c:\jjpvd.exec:\jjpvd.exe74⤵
-
\??\c:\lxlfffx.exec:\lxlfffx.exe75⤵
-
\??\c:\xlrlrxr.exec:\xlrlrxr.exe76⤵
-
\??\c:\5hhbbb.exec:\5hhbbb.exe77⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe78⤵
-
\??\c:\lfrlffx.exec:\lfrlffx.exe79⤵
-
\??\c:\7xfxffl.exec:\7xfxffl.exe80⤵
-
\??\c:\bbtnhh.exec:\bbtnhh.exe81⤵
-
\??\c:\vvpjd.exec:\vvpjd.exe82⤵
-
\??\c:\9llrlxr.exec:\9llrlxr.exe83⤵
-
\??\c:\rffrllr.exec:\rffrllr.exe84⤵
-
\??\c:\bthbhb.exec:\bthbhb.exe85⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe86⤵
-
\??\c:\jdjpj.exec:\jdjpj.exe87⤵
-
\??\c:\lflffff.exec:\lflffff.exe88⤵
-
\??\c:\rfrrrrl.exec:\rfrrrrl.exe89⤵
-
\??\c:\nntnbb.exec:\nntnbb.exe90⤵
-
\??\c:\nthbtt.exec:\nthbtt.exe91⤵
-
\??\c:\9jddv.exec:\9jddv.exe92⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe93⤵
-
\??\c:\llfrlfx.exec:\llfrlfx.exe94⤵
-
\??\c:\9htnnn.exec:\9htnnn.exe95⤵
-
\??\c:\vvjdv.exec:\vvjdv.exe96⤵
-
\??\c:\vpjdj.exec:\vpjdj.exe97⤵
-
\??\c:\9lxllxl.exec:\9lxllxl.exe98⤵
-
\??\c:\hhnnhh.exec:\hhnnhh.exe99⤵
-
\??\c:\htbttt.exec:\htbttt.exe100⤵
-
\??\c:\vvdvj.exec:\vvdvj.exe101⤵
-
\??\c:\dvpjp.exec:\dvpjp.exe102⤵
-
\??\c:\fxlfxfx.exec:\fxlfxfx.exe103⤵
-
\??\c:\lxrllll.exec:\lxrllll.exe104⤵
-
\??\c:\nhnttt.exec:\nhnttt.exe105⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe106⤵
-
\??\c:\djppv.exec:\djppv.exe107⤵
-
\??\c:\lxxxrrr.exec:\lxxxrrr.exe108⤵
-
\??\c:\lrrrrrx.exec:\lrrrrrx.exe109⤵
-
\??\c:\hbhbbb.exec:\hbhbbb.exe110⤵
-
\??\c:\hbnhtb.exec:\hbnhtb.exe111⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe112⤵
-
\??\c:\lfrlrrx.exec:\lfrlrrx.exe113⤵
-
\??\c:\fxlfllr.exec:\fxlfllr.exe114⤵
-
\??\c:\htbbbb.exec:\htbbbb.exe115⤵
-
\??\c:\pjdvd.exec:\pjdvd.exe116⤵
-
\??\c:\dpppv.exec:\dpppv.exe117⤵
-
\??\c:\frrxrfr.exec:\frrxrfr.exe118⤵
-
\??\c:\nttnht.exec:\nttnht.exe119⤵
-
\??\c:\tnhbnt.exec:\tnhbnt.exe120⤵
-
\??\c:\jvdjj.exec:\jvdjj.exe121⤵
-
\??\c:\lrxxlfx.exec:\lrxxlfx.exe122⤵
-
\??\c:\fflrxfl.exec:\fflrxfl.exe123⤵
-
\??\c:\btbtbb.exec:\btbtbb.exe124⤵
-
\??\c:\tttttt.exec:\tttttt.exe125⤵
-
\??\c:\jjddv.exec:\jjddv.exe126⤵
-
\??\c:\frlfrrr.exec:\frlfrrr.exe127⤵
-
\??\c:\nbbbhh.exec:\nbbbhh.exe128⤵
-
\??\c:\3nnnnt.exec:\3nnnnt.exe129⤵
-
\??\c:\1pjdv.exec:\1pjdv.exe130⤵
-
\??\c:\vdpjv.exec:\vdpjv.exe131⤵
-
\??\c:\fxlllll.exec:\fxlllll.exe132⤵
-
\??\c:\7rffxxl.exec:\7rffxxl.exe133⤵
-
\??\c:\7hnhhh.exec:\7hnhhh.exe134⤵
-
\??\c:\ntbttt.exec:\ntbttt.exe135⤵
-
\??\c:\3vdvd.exec:\3vdvd.exe136⤵
- System Location Discovery: System Language Discovery
-
\??\c:\fxxrlll.exec:\fxxrlll.exe137⤵
-
\??\c:\ffrrxxl.exec:\ffrrxxl.exe138⤵
-
\??\c:\ttnhhh.exec:\ttnhhh.exe139⤵
-
\??\c:\pvdvp.exec:\pvdvp.exe140⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe141⤵
-
\??\c:\frxrfff.exec:\frxrfff.exe142⤵
-
\??\c:\frrrrxx.exec:\frrrrxx.exe143⤵
-
\??\c:\3pvpd.exec:\3pvpd.exe144⤵
-
\??\c:\pdvdv.exec:\pdvdv.exe145⤵
-
\??\c:\lfxxllx.exec:\lfxxllx.exe146⤵
-
\??\c:\thnhhh.exec:\thnhhh.exe147⤵
-
\??\c:\1hhbtt.exec:\1hhbtt.exe148⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe149⤵
-
\??\c:\3rxrrll.exec:\3rxrrll.exe150⤵
-
\??\c:\1rrlffx.exec:\1rrlffx.exe151⤵
-
\??\c:\bnbttt.exec:\bnbttt.exe152⤵
-
\??\c:\ppjjj.exec:\ppjjj.exe153⤵
-
\??\c:\rlxlrlr.exec:\rlxlrlr.exe154⤵
-
\??\c:\rxxffll.exec:\rxxffll.exe155⤵
-
\??\c:\hbnnhh.exec:\hbnnhh.exe156⤵
-
\??\c:\xxrlffx.exec:\xxrlffx.exe157⤵
-
\??\c:\bnbnnn.exec:\bnbnnn.exe158⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe159⤵
-
\??\c:\djvpj.exec:\djvpj.exe160⤵
-
\??\c:\hbbttt.exec:\hbbttt.exe161⤵
-
\??\c:\dpjdv.exec:\dpjdv.exe162⤵
-
\??\c:\vvpjd.exec:\vvpjd.exe163⤵
-
\??\c:\9rrlllf.exec:\9rrlllf.exe164⤵
-
\??\c:\hbhhhh.exec:\hbhhhh.exe165⤵
-
\??\c:\tbhnhh.exec:\tbhnhh.exe166⤵
-
\??\c:\vjdvp.exec:\vjdvp.exe167⤵
-
\??\c:\5rffxll.exec:\5rffxll.exe168⤵
-
\??\c:\lfrrxxf.exec:\lfrrxxf.exe169⤵
-
\??\c:\hntbtb.exec:\hntbtb.exe170⤵
-
\??\c:\jpvvv.exec:\jpvvv.exe171⤵
-
\??\c:\pdppd.exec:\pdppd.exe172⤵
-
\??\c:\7lrllrl.exec:\7lrllrl.exe173⤵
-
\??\c:\btthhh.exec:\btthhh.exe174⤵
-
\??\c:\7bbtnn.exec:\7bbtnn.exe175⤵
-
\??\c:\1djdd.exec:\1djdd.exe176⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rxxxxxx.exec:\rxxxxxx.exe177⤵
-
\??\c:\rxlrrrr.exec:\rxlrrrr.exe178⤵
-
\??\c:\9nhbbb.exec:\9nhbbb.exe179⤵
-
\??\c:\3bbbhn.exec:\3bbbhn.exe180⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe181⤵
-
\??\c:\5xfffll.exec:\5xfffll.exe182⤵
-
\??\c:\rxlrxfl.exec:\rxlrxfl.exe183⤵
-
\??\c:\bbntbb.exec:\bbntbb.exe184⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe185⤵
-
\??\c:\lfrlxrx.exec:\lfrlxrx.exe186⤵
-
\??\c:\hhttnn.exec:\hhttnn.exe187⤵
-
\??\c:\btnnhh.exec:\btnnhh.exe188⤵
-
\??\c:\vdjjv.exec:\vdjjv.exe189⤵
-
\??\c:\rllxxxx.exec:\rllxxxx.exe190⤵
-
\??\c:\bbnbhh.exec:\bbnbhh.exe191⤵
-
\??\c:\hhhnnn.exec:\hhhnnn.exe192⤵
-
\??\c:\vjpdd.exec:\vjpdd.exe193⤵
-
\??\c:\xxrllll.exec:\xxrllll.exe194⤵
- System Location Discovery: System Language Discovery
-
\??\c:\1thtbb.exec:\1thtbb.exe195⤵
-
\??\c:\ntnhtt.exec:\ntnhtt.exe196⤵
-
\??\c:\1ppvd.exec:\1ppvd.exe197⤵
-
\??\c:\fxlllll.exec:\fxlllll.exe198⤵
-
\??\c:\ffffxxx.exec:\ffffxxx.exe199⤵
-
\??\c:\thnnhh.exec:\thnnhh.exe200⤵
-
\??\c:\vjddj.exec:\vjddj.exe201⤵
-
\??\c:\pvpjd.exec:\pvpjd.exe202⤵
-
\??\c:\lxxxxxx.exec:\lxxxxxx.exe203⤵
-
\??\c:\tnhtth.exec:\tnhtth.exe204⤵
-
\??\c:\nthbhb.exec:\nthbhb.exe205⤵
- System Location Discovery: System Language Discovery
-
\??\c:\djpjv.exec:\djpjv.exe206⤵
-
\??\c:\lflxfxx.exec:\lflxfxx.exe207⤵
-
\??\c:\hhnnbb.exec:\hhnnbb.exe208⤵
-
\??\c:\5ttttn.exec:\5ttttn.exe209⤵
-
\??\c:\dvddv.exec:\dvddv.exe210⤵
-
\??\c:\rlllxrf.exec:\rlllxrf.exe211⤵
-
\??\c:\7lxrlxx.exec:\7lxrlxx.exe212⤵
-
\??\c:\hnhhhh.exec:\hnhhhh.exe213⤵
-
\??\c:\vvdpp.exec:\vvdpp.exe214⤵
-
\??\c:\pdppp.exec:\pdppp.exe215⤵
-
\??\c:\llflffr.exec:\llflffr.exe216⤵
-
\??\c:\1htnhn.exec:\1htnhn.exe217⤵
-
\??\c:\hhnbbh.exec:\hhnbbh.exe218⤵
-
\??\c:\dpdpj.exec:\dpdpj.exe219⤵
-
\??\c:\1vjdj.exec:\1vjdj.exe220⤵
-
\??\c:\xflrllf.exec:\xflrllf.exe221⤵
-
\??\c:\htbbbb.exec:\htbbbb.exe222⤵
-
\??\c:\nthhhh.exec:\nthhhh.exe223⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe224⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe225⤵
-
\??\c:\lrllffx.exec:\lrllffx.exe226⤵
-
\??\c:\flfrfrf.exec:\flfrfrf.exe227⤵
-
\??\c:\5nbbtt.exec:\5nbbtt.exe228⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe229⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe230⤵
-
\??\c:\lxfffff.exec:\lxfffff.exe231⤵
-
\??\c:\tntbbb.exec:\tntbbb.exe232⤵
-
\??\c:\5tttnn.exec:\5tttnn.exe233⤵
-
\??\c:\jpvvj.exec:\jpvvj.exe234⤵
-
\??\c:\jddvd.exec:\jddvd.exe235⤵
-
\??\c:\rfxlfxx.exec:\rfxlfxx.exe236⤵
-
\??\c:\ttthth.exec:\ttthth.exe237⤵
-
\??\c:\5bbthh.exec:\5bbthh.exe238⤵
-
\??\c:\lfrlrrr.exec:\lfrlrrr.exe239⤵
-
\??\c:\bhtntt.exec:\bhtntt.exe240⤵
-
\??\c:\jpdvv.exec:\jpdvv.exe241⤵
- System Location Discovery: System Language Discovery