Analysis
-
max time kernel
120s -
max time network
116s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
26-07-2024 10:46
General
-
Target
c62fd7c770e5e19479b6ea513e4da000N.exe
-
Size
111KB
-
MD5
c62fd7c770e5e19479b6ea513e4da000
-
SHA1
ec445ed37a47e1955640c56a6617c1aacc7d209a
-
SHA256
0973c43da1880d33b2366002954a3aa6c32a7bd6755432644b509d1065144bc3
-
SHA512
a0b8aca9faed6b6d0601135a0001d2dc6fa8f6a1b22ecc4dfc138278641d6e32f9693418350bb879a99e9a6b3d3efb11f41ac58521f2233f5df6ca1f5951c17c
-
SSDEEP
3072:/hOmTsF93UYfwC6GIout3Hlsdbmsu5xwD:/cm4FmowdHoS3e9ms2xwD
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c62fd7c770e5e19479b6ea513e4da000N.exe"C:\Users\Admin\AppData\Local\Temp\c62fd7c770e5e19479b6ea513e4da000N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdjv.exec:\dvdjv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ffxrxr.exec:\9ffxrxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnbth.exec:\hnnbth.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvvv.exec:\pdvvv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xfxrlf.exec:\7xfxrlf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhbtn.exec:\bbhbtn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pvjd.exec:\3pvjd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xfrllf.exec:\1xfrllf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhhhh.exec:\hnhhhh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1djpj.exec:\1djpj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdp.exec:\pjvdp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlxlfl.exec:\xxlxlfl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhhn.exec:\hbhhhn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjpj.exec:\djjpj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfxlfx.exec:\xlfxlfx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thttnh.exec:\thttnh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpvv.exec:\pdpvv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frflllf.exec:\frflllf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhntnn.exec:\nhntnn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjvd.exec:\vdjvd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xlxxxr.exec:\7xlxxxr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnbbb.exec:\nhnbbb.exe23⤵
- Executes dropped EXE
-
\??\c:\thbhtn.exec:\thbhtn.exe24⤵
- Executes dropped EXE
-
\??\c:\pjpjv.exec:\pjpjv.exe25⤵
- Executes dropped EXE
-
\??\c:\rrrrrxx.exec:\rrrrrxx.exe26⤵
- Executes dropped EXE
-
\??\c:\rfxxrrl.exec:\rfxxrrl.exe27⤵
- Executes dropped EXE
-
\??\c:\hbbbnn.exec:\hbbbnn.exe28⤵
- Executes dropped EXE
-
\??\c:\7dvpj.exec:\7dvpj.exe29⤵
- Executes dropped EXE
-
\??\c:\lrflrff.exec:\lrflrff.exe30⤵
- Executes dropped EXE
-
\??\c:\ntnhhn.exec:\ntnhhn.exe31⤵
- Executes dropped EXE
-
\??\c:\7djdp.exec:\7djdp.exe32⤵
- Executes dropped EXE
-
\??\c:\xxrffrr.exec:\xxrffrr.exe33⤵
- Executes dropped EXE
-
\??\c:\rrflffx.exec:\rrflffx.exe34⤵
- Executes dropped EXE
-
\??\c:\7nttnh.exec:\7nttnh.exe35⤵
- Executes dropped EXE
-
\??\c:\1bbthh.exec:\1bbthh.exe36⤵
- Executes dropped EXE
-
\??\c:\vjpjv.exec:\vjpjv.exe37⤵
- Executes dropped EXE
-
\??\c:\dpvpd.exec:\dpvpd.exe38⤵
- Executes dropped EXE
-
\??\c:\9fffrll.exec:\9fffrll.exe39⤵
- Executes dropped EXE
-
\??\c:\bhntbt.exec:\bhntbt.exe40⤵
- Executes dropped EXE
-
\??\c:\5tbnbb.exec:\5tbnbb.exe41⤵
- Executes dropped EXE
-
\??\c:\dppjd.exec:\dppjd.exe42⤵
- Executes dropped EXE
-
\??\c:\fxfxlfr.exec:\fxfxlfr.exe43⤵
-
\??\c:\5ffxrrl.exec:\5ffxrrl.exe44⤵
- Executes dropped EXE
-
\??\c:\rxfrfxl.exec:\rxfrfxl.exe45⤵
- Executes dropped EXE
-
\??\c:\thnttt.exec:\thnttt.exe46⤵
- Executes dropped EXE
-
\??\c:\jjpjj.exec:\jjpjj.exe47⤵
- Executes dropped EXE
-
\??\c:\jddjj.exec:\jddjj.exe48⤵
- Executes dropped EXE
-
\??\c:\llrllll.exec:\llrllll.exe49⤵
- Executes dropped EXE
-
\??\c:\fxlrrrx.exec:\fxlrrrx.exe50⤵
- Executes dropped EXE
-
\??\c:\nntbbt.exec:\nntbbt.exe51⤵
- Executes dropped EXE
-
\??\c:\jppjp.exec:\jppjp.exe52⤵
- Executes dropped EXE
-
\??\c:\ppvpd.exec:\ppvpd.exe53⤵
- Executes dropped EXE
-
\??\c:\flxxxff.exec:\flxxxff.exe54⤵
- Executes dropped EXE
-
\??\c:\ffxlxrf.exec:\ffxlxrf.exe55⤵
- Executes dropped EXE
-
\??\c:\ththtn.exec:\ththtn.exe56⤵
- Executes dropped EXE
-
\??\c:\tbtbnb.exec:\tbtbnb.exe57⤵
- Executes dropped EXE
-
\??\c:\vjvvp.exec:\vjvvp.exe58⤵
- Executes dropped EXE
-
\??\c:\llflfxl.exec:\llflfxl.exe59⤵
- Executes dropped EXE
-
\??\c:\ffxlrfr.exec:\ffxlrfr.exe60⤵
- Executes dropped EXE
-
\??\c:\bnnnbn.exec:\bnnnbn.exe61⤵
- Executes dropped EXE
-
\??\c:\bhhbtt.exec:\bhhbtt.exe62⤵
- Executes dropped EXE
-
\??\c:\vdpdv.exec:\vdpdv.exe63⤵
- Executes dropped EXE
-
\??\c:\ppjdv.exec:\ppjdv.exe64⤵
- Executes dropped EXE
-
\??\c:\fflxxrx.exec:\fflxxrx.exe65⤵
- Executes dropped EXE
-
\??\c:\hhtnbt.exec:\hhtnbt.exe66⤵
- Executes dropped EXE
-
\??\c:\ttttnn.exec:\ttttnn.exe67⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe68⤵
-
\??\c:\ppvpd.exec:\ppvpd.exe69⤵
-
\??\c:\rfrlxxr.exec:\rfrlxxr.exe70⤵
-
\??\c:\1rrlfff.exec:\1rrlfff.exe71⤵
-
\??\c:\5ntbnn.exec:\5ntbnn.exe72⤵
-
\??\c:\9nhtnn.exec:\9nhtnn.exe73⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe74⤵
-
\??\c:\fxrrrrl.exec:\fxrrrrl.exe75⤵
-
\??\c:\nnhhhh.exec:\nnhhhh.exe76⤵
-
\??\c:\bbbbtb.exec:\bbbbtb.exe77⤵
-
\??\c:\lxxllxf.exec:\lxxllxf.exe78⤵
-
\??\c:\lrrrxfx.exec:\lrrrxfx.exe79⤵
-
\??\c:\hnnhnn.exec:\hnnhnn.exe80⤵
-
\??\c:\pvjdv.exec:\pvjdv.exe81⤵
-
\??\c:\vdjvv.exec:\vdjvv.exe82⤵
-
\??\c:\xrxxxff.exec:\xrxxxff.exe83⤵
-
\??\c:\ttttnn.exec:\ttttnn.exe84⤵
-
\??\c:\bnhhnh.exec:\bnhhnh.exe85⤵
-
\??\c:\jdvjv.exec:\jdvjv.exe86⤵
-
\??\c:\lrlxrfx.exec:\lrlxrfx.exe87⤵
-
\??\c:\flfrfxl.exec:\flfrfxl.exe88⤵
-
\??\c:\hnbnbb.exec:\hnbnbb.exe89⤵
-
\??\c:\pvvvv.exec:\pvvvv.exe90⤵
-
\??\c:\jddpj.exec:\jddpj.exe91⤵
-
\??\c:\5rlxrxl.exec:\5rlxrxl.exe92⤵
-
\??\c:\htttnh.exec:\htttnh.exe93⤵
-
\??\c:\nbbbbb.exec:\nbbbbb.exe94⤵
-
\??\c:\9pvjj.exec:\9pvjj.exe95⤵
-
\??\c:\fxflfll.exec:\fxflfll.exe96⤵
-
\??\c:\xxfffff.exec:\xxfffff.exe97⤵
-
\??\c:\bbtnbt.exec:\bbtnbt.exe98⤵
-
\??\c:\vpjvv.exec:\vpjvv.exe99⤵
-
\??\c:\pppjv.exec:\pppjv.exe100⤵
-
\??\c:\fxrlfxr.exec:\fxrlfxr.exe101⤵
-
\??\c:\xrrlfxx.exec:\xrrlfxx.exe102⤵
-
\??\c:\3ttnhh.exec:\3ttnhh.exe103⤵
-
\??\c:\3vvpp.exec:\3vvpp.exe104⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe105⤵
-
\??\c:\lrrrllf.exec:\lrrrllf.exe106⤵
-
\??\c:\ttbnhb.exec:\ttbnhb.exe107⤵
-
\??\c:\jjddp.exec:\jjddp.exe108⤵
-
\??\c:\1djvp.exec:\1djvp.exe109⤵
-
\??\c:\flrlrfr.exec:\flrlrfr.exe110⤵
-
\??\c:\9tbnht.exec:\9tbnht.exe111⤵
-
\??\c:\vdpdp.exec:\vdpdp.exe112⤵
-
\??\c:\vpppj.exec:\vpppj.exe113⤵
-
\??\c:\lxfxllr.exec:\lxfxllr.exe114⤵
-
\??\c:\frlxffx.exec:\frlxffx.exe115⤵
-
\??\c:\tbnhbh.exec:\tbnhbh.exe116⤵
-
\??\c:\vpjdj.exec:\vpjdj.exe117⤵
-
\??\c:\pvvjd.exec:\pvvjd.exe118⤵
-
\??\c:\lfxrlxl.exec:\lfxrlxl.exe119⤵
-
\??\c:\frfrfxl.exec:\frfrfxl.exe120⤵
-
\??\c:\nnhbhb.exec:\nnhbhb.exe121⤵
-
\??\c:\ddvjd.exec:\ddvjd.exe122⤵
-
\??\c:\3rrfxlf.exec:\3rrfxlf.exe123⤵
-
\??\c:\1ttnhh.exec:\1ttnhh.exe124⤵
-
\??\c:\htnhth.exec:\htnhth.exe125⤵
-
\??\c:\jddvp.exec:\jddvp.exe126⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe127⤵
-
\??\c:\fxrlfff.exec:\fxrlfff.exe128⤵
-
\??\c:\1bbtnn.exec:\1bbtnn.exe129⤵
-
\??\c:\hnhhbh.exec:\hnhhbh.exe130⤵
-
\??\c:\vpjvp.exec:\vpjvp.exe131⤵
-
\??\c:\vjddv.exec:\vjddv.exe132⤵
-
\??\c:\xrxlxrl.exec:\xrxlxrl.exe133⤵
-
\??\c:\lxxxrll.exec:\lxxxrll.exe134⤵
-
\??\c:\tnnbtt.exec:\tnnbtt.exe135⤵
-
\??\c:\jvpjd.exec:\jvpjd.exe136⤵
-
\??\c:\pvvjd.exec:\pvvjd.exe137⤵
-
\??\c:\fxfxrrx.exec:\fxfxrrx.exe138⤵
-
\??\c:\lxllxrr.exec:\lxllxrr.exe139⤵
-
\??\c:\hhttnn.exec:\hhttnn.exe140⤵
-
\??\c:\ttbttt.exec:\ttbttt.exe141⤵
-
\??\c:\3jjjv.exec:\3jjjv.exe142⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe143⤵
-
\??\c:\9lrfrrl.exec:\9lrfrrl.exe144⤵
-
\??\c:\7bnhbb.exec:\7bnhbb.exe145⤵
-
\??\c:\bhbtnn.exec:\bhbtnn.exe146⤵
-
\??\c:\ddpjd.exec:\ddpjd.exe147⤵
-
\??\c:\5rrxllf.exec:\5rrxllf.exe148⤵
-
\??\c:\fffrlfl.exec:\fffrlfl.exe149⤵
-
\??\c:\xrrlfxr.exec:\xrrlfxr.exe150⤵
-
\??\c:\nnbhnh.exec:\nnbhnh.exe151⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe152⤵
-
\??\c:\xrflfff.exec:\xrflfff.exe153⤵
-
\??\c:\frrrrxl.exec:\frrrrxl.exe154⤵
-
\??\c:\htbnnt.exec:\htbnnt.exe155⤵
-
\??\c:\btnhnn.exec:\btnhnn.exe156⤵
-
\??\c:\jdppd.exec:\jdppd.exe157⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe158⤵
-
\??\c:\lffxflx.exec:\lffxflx.exe159⤵
-
\??\c:\lffxrrl.exec:\lffxrrl.exe160⤵
-
\??\c:\bnttnt.exec:\bnttnt.exe161⤵
-
\??\c:\bhhtht.exec:\bhhtht.exe162⤵
-
\??\c:\pvvdp.exec:\pvvdp.exe163⤵
-
\??\c:\ddvvp.exec:\ddvvp.exe164⤵
-
\??\c:\frxrffl.exec:\frxrffl.exe165⤵
-
\??\c:\rlflxlx.exec:\rlflxlx.exe166⤵
-
\??\c:\thtbtb.exec:\thtbtb.exe167⤵
-
\??\c:\nbbthh.exec:\nbbthh.exe168⤵
-
\??\c:\ddddv.exec:\ddddv.exe169⤵
-
\??\c:\fflflfr.exec:\fflflfr.exe170⤵
-
\??\c:\9nthbn.exec:\9nthbn.exe171⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe172⤵
-
\??\c:\vppdp.exec:\vppdp.exe173⤵
-
\??\c:\lfxlllx.exec:\lfxlllx.exe174⤵
-
\??\c:\thhbbt.exec:\thhbbt.exe175⤵
-
\??\c:\hbbthh.exec:\hbbthh.exe176⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe177⤵
-
\??\c:\vpvjj.exec:\vpvjj.exe178⤵
-
\??\c:\lrrrlfx.exec:\lrrrlfx.exe179⤵
-
\??\c:\bbhtbn.exec:\bbhtbn.exe180⤵
-
\??\c:\tntnbb.exec:\tntnbb.exe181⤵
-
\??\c:\3djvp.exec:\3djvp.exe182⤵
-
\??\c:\xfxrflx.exec:\xfxrflx.exe183⤵
-
\??\c:\lflfffx.exec:\lflfffx.exe184⤵
-
\??\c:\bhbbtt.exec:\bhbbtt.exe185⤵
-
\??\c:\nhnbbt.exec:\nhnbbt.exe186⤵
-
\??\c:\jpdpp.exec:\jpdpp.exe187⤵
-
\??\c:\vdjjj.exec:\vdjjj.exe188⤵
-
\??\c:\lllxrfl.exec:\lllxrfl.exe189⤵
-
\??\c:\frxrllf.exec:\frxrllf.exe190⤵
-
\??\c:\nbtnbb.exec:\nbtnbb.exe191⤵
-
\??\c:\5vdvp.exec:\5vdvp.exe192⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe193⤵
-
\??\c:\3rrrxlx.exec:\3rrrxlx.exe194⤵
-
\??\c:\lrffxxr.exec:\lrffxxr.exe195⤵
-
\??\c:\nntbtt.exec:\nntbtt.exe196⤵
-
\??\c:\hthbtn.exec:\hthbtn.exe197⤵
-
\??\c:\pppjj.exec:\pppjj.exe198⤵
-
\??\c:\vddvp.exec:\vddvp.exe199⤵
-
\??\c:\rlxfxxr.exec:\rlxfxxr.exe200⤵
-
\??\c:\nhtntn.exec:\nhtntn.exe201⤵
-
\??\c:\bhhbnn.exec:\bhhbnn.exe202⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe203⤵
-
\??\c:\ddvpv.exec:\ddvpv.exe204⤵
-
\??\c:\rlrlffl.exec:\rlrlffl.exe205⤵
-
\??\c:\ttnnhb.exec:\ttnnhb.exe206⤵
-
\??\c:\thhbbt.exec:\thhbbt.exe207⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe208⤵
-
\??\c:\xllrxlx.exec:\xllrxlx.exe209⤵
-
\??\c:\hntttt.exec:\hntttt.exe210⤵
-
\??\c:\3hhttn.exec:\3hhttn.exe211⤵
-
\??\c:\vjppp.exec:\vjppp.exe212⤵
-
\??\c:\fxxlxxr.exec:\fxxlxxr.exe213⤵
-
\??\c:\xlxrxrx.exec:\xlxrxrx.exe214⤵
-
\??\c:\hbnnbb.exec:\hbnnbb.exe215⤵
-
\??\c:\jppjv.exec:\jppjv.exe216⤵
-
\??\c:\lfxxlll.exec:\lfxxlll.exe217⤵
-
\??\c:\rxfxrlf.exec:\rxfxrlf.exe218⤵
-
\??\c:\ntnbhn.exec:\ntnbhn.exe219⤵
-
\??\c:\ppddv.exec:\ppddv.exe220⤵
-
\??\c:\jvpjd.exec:\jvpjd.exe221⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe222⤵
-
\??\c:\3rxrffx.exec:\3rxrffx.exe223⤵
-
\??\c:\tbhbtt.exec:\tbhbtt.exe224⤵
-
\??\c:\hntnhh.exec:\hntnhh.exe225⤵
-
\??\c:\pvpvv.exec:\pvpvv.exe226⤵
-
\??\c:\pvdpd.exec:\pvdpd.exe227⤵
-
\??\c:\xflxxfl.exec:\xflxxfl.exe228⤵
-
\??\c:\fxxxrrl.exec:\fxxxrrl.exe229⤵
-
\??\c:\htntbb.exec:\htntbb.exe230⤵
-
\??\c:\thbnhb.exec:\thbnhb.exe231⤵
-
\??\c:\7vjdv.exec:\7vjdv.exe232⤵
-
\??\c:\xrxrflx.exec:\xrxrflx.exe233⤵
-
\??\c:\btbbtt.exec:\btbbtt.exe234⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe235⤵
-
\??\c:\1flfrfx.exec:\1flfrfx.exe236⤵
-
\??\c:\tbbtnn.exec:\tbbtnn.exe237⤵
-
\??\c:\htttnn.exec:\htttnn.exe238⤵
-
\??\c:\dpdvp.exec:\dpdvp.exe239⤵
-
\??\c:\btbbnn.exec:\btbbnn.exe240⤵
-
\??\c:\ppjjd.exec:\ppjjd.exe241⤵