Analysis
-
max time kernel
55s -
max time network
135s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
27-07-2024 10:51
General
-
Target
b95ebc1b86cb45a213fbbe9f78281de0N.exe
-
Size
63KB
-
MD5
b95ebc1b86cb45a213fbbe9f78281de0
-
SHA1
239fc0b394a7b583540630faac0e90790baae6b8
-
SHA256
dd2d000dda50545eff0d74159bf1506917ea19173b11184abe4140050881e083
-
SHA512
f01fe2150d01f390fbb081a8550b8bbb75383c9f9d85f11d160b1d1401f18cde4464824b4fcbc4407ff69913c9911462308b998d14c2132d9115140499a0c389
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzkzN+:ymb3NkkiQ3mdBjFIvlp+
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b95ebc1b86cb45a213fbbe9f78281de0N.exe"C:\Users\Admin\AppData\Local\Temp\b95ebc1b86cb45a213fbbe9f78281de0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrlff.exec:\xrrrlff.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdjp.exec:\ppdjp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllrxxf.exec:\lllrxxf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllxlrf.exec:\xllxlrf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlllxl.exec:\fxlllxl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfxxxx.exec:\llfxxxx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrxxlr.exec:\rxrxxlr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrrlfr.exec:\rfrrlfr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvjd.exec:\dpvjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5fxrffx.exec:\5fxrffx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpppp.exec:\dpppp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdpp.exec:\jvdpp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrffxll.exec:\lrffxll.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbttb.exec:\hnbttb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdjp.exec:\jvdjp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhnbn.exec:\hhhnbn.exe17⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\ppddj.exec:\ppddj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htttbn.exec:\htttbn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xxrfrf.exec:\1xxrfrf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflllff.exec:\rflllff.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvjj.exec:\djvjj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthnbh.exec:\nthnbh.exe23⤵
- Executes dropped EXE
-
\??\c:\hhtthh.exec:\hhtthh.exe24⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\nbthhn.exec:\nbthhn.exe25⤵
- Executes dropped EXE
-
\??\c:\jjddp.exec:\jjddp.exe26⤵
- Executes dropped EXE
-
\??\c:\tbnbtb.exec:\tbnbtb.exe27⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\tbtttb.exec:\tbtttb.exe28⤵
- Executes dropped EXE
-
\??\c:\tbhbtb.exec:\tbhbtb.exe29⤵
- Executes dropped EXE
-
\??\c:\bbnbbh.exec:\bbnbbh.exe30⤵
- Executes dropped EXE
-
\??\c:\htntth.exec:\htntth.exe31⤵
- Executes dropped EXE
-
\??\c:\tbnbhh.exec:\tbnbhh.exe32⤵
- Executes dropped EXE
-
\??\c:\nhhhhn.exec:\nhhhhn.exe33⤵
- Executes dropped EXE
-
\??\c:\pvvjd.exec:\pvvjd.exe34⤵
- Executes dropped EXE
-
\??\c:\pjpdd.exec:\pjpdd.exe35⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\ntnbhb.exec:\ntnbhb.exe36⤵
- Executes dropped EXE
-
\??\c:\nttttb.exec:\nttttb.exe37⤵
- Executes dropped EXE
-
\??\c:\jpvdv.exec:\jpvdv.exe38⤵
- Executes dropped EXE
-
\??\c:\xfrllrf.exec:\xfrllrf.exe39⤵
- Executes dropped EXE
-
\??\c:\flxlrxl.exec:\flxlrxl.exe40⤵
- Executes dropped EXE
-
\??\c:\pjppp.exec:\pjppp.exe41⤵
- Executes dropped EXE
-
\??\c:\1nhnth.exec:\1nhnth.exe42⤵
- Executes dropped EXE
-
\??\c:\pvvdd.exec:\pvvdd.exe43⤵
- Executes dropped EXE
-
\??\c:\jvjpd.exec:\jvjpd.exe44⤵
- Executes dropped EXE
-
\??\c:\bhtthh.exec:\bhtthh.exe45⤵
- Executes dropped EXE
-
\??\c:\5bhhbb.exec:\5bhhbb.exe46⤵
- Executes dropped EXE
-
\??\c:\thbbnt.exec:\thbbnt.exe47⤵
- Executes dropped EXE
-
\??\c:\xxflrlf.exec:\xxflrlf.exe48⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\7lxxrxl.exec:\7lxxrxl.exe49⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe50⤵
- Executes dropped EXE
-
\??\c:\dddjd.exec:\dddjd.exe51⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\nthnbh.exec:\nthnbh.exe52⤵
- Executes dropped EXE
-
\??\c:\lllxfxx.exec:\lllxfxx.exe53⤵
- Executes dropped EXE
-
\??\c:\jvjjj.exec:\jvjjj.exe54⤵
- Executes dropped EXE
-
\??\c:\xxfrlff.exec:\xxfrlff.exe55⤵
- Executes dropped EXE
-
\??\c:\9vpdd.exec:\9vpdd.exe56⤵
- Executes dropped EXE
-
\??\c:\nbhnth.exec:\nbhnth.exe57⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\jpvjp.exec:\jpvjp.exe58⤵
- Executes dropped EXE
-
\??\c:\thnhth.exec:\thnhth.exe59⤵
- Executes dropped EXE
-
\??\c:\ppppj.exec:\ppppj.exe60⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\hhntnh.exec:\hhntnh.exe61⤵
- Executes dropped EXE
-
\??\c:\xrfxlxl.exec:\xrfxlxl.exe62⤵
- Executes dropped EXE
-
\??\c:\ppvpp.exec:\ppvpp.exe63⤵
- Executes dropped EXE
-
\??\c:\llxllxl.exec:\llxllxl.exe64⤵
- Executes dropped EXE
-
\??\c:\dvdvv.exec:\dvdvv.exe65⤵
- Executes dropped EXE
-
\??\c:\hhnhtn.exec:\hhnhtn.exe66⤵
-
\??\c:\dpjvv.exec:\dpjvv.exe67⤵
-
\??\c:\tntnth.exec:\tntnth.exe68⤵
-
\??\c:\lfxxxxl.exec:\lfxxxxl.exe69⤵
-
\??\c:\dppjj.exec:\dppjj.exe70⤵
-
\??\c:\xlllrxx.exec:\xlllrxx.exe71⤵
-
\??\c:\djpjp.exec:\djpjp.exe72⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jjdpj.exec:\jjdpj.exe73⤵
-
\??\c:\llllflx.exec:\llllflx.exe74⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ppppv.exec:\ppppv.exe75⤵
-
\??\c:\lxrllfx.exec:\lxrllfx.exe76⤵
-
\??\c:\jjdjd.exec:\jjdjd.exe77⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vvppv.exec:\vvppv.exe78⤵
-
\??\c:\3bbbht.exec:\3bbbht.exe79⤵
-
\??\c:\tthhnb.exec:\tthhnb.exe80⤵
-
\??\c:\tnbnnb.exec:\tnbnnb.exe81⤵
-
\??\c:\lxllrrx.exec:\lxllrrx.exe82⤵
-
\??\c:\pjvpj.exec:\pjvpj.exe83⤵
-
\??\c:\hbhhhb.exec:\hbhhhb.exe84⤵
-
\??\c:\ffxllxf.exec:\ffxllxf.exe85⤵
- System Location Discovery: System Language Discovery
-
\??\c:\djdpp.exec:\djdpp.exe86⤵
-
\??\c:\lxlflxr.exec:\lxlflxr.exe87⤵
-
\??\c:\nthbbt.exec:\nthbbt.exe88⤵
-
\??\c:\fxlfxfx.exec:\fxlfxfx.exe89⤵
-
\??\c:\xxxffrr.exec:\xxxffrr.exe90⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe91⤵
- System Location Discovery: System Language Discovery
-
\??\c:\dddvv.exec:\dddvv.exe92⤵
-
\??\c:\rxxxfxf.exec:\rxxxfxf.exe93⤵
-
\??\c:\3jvjv.exec:\3jvjv.exe94⤵
- System Location Discovery: System Language Discovery
-
\??\c:\1vvpd.exec:\1vvpd.exe95⤵
-
\??\c:\9nnntn.exec:\9nnntn.exe96⤵
-
\??\c:\fxrllfr.exec:\fxrllfr.exe97⤵
-
\??\c:\pjppd.exec:\pjppd.exe98⤵
-
\??\c:\jvvdj.exec:\jvvdj.exe99⤵
-
\??\c:\ntntnb.exec:\ntntnb.exe100⤵
- System Location Discovery: System Language Discovery
-
\??\c:\nhnbht.exec:\nhnbht.exe101⤵
-
\??\c:\pvddj.exec:\pvddj.exe102⤵
-
\??\c:\jdpdj.exec:\jdpdj.exe103⤵
-
\??\c:\lllxrlf.exec:\lllxrlf.exe104⤵
-
\??\c:\ppvdd.exec:\ppvdd.exe105⤵
-
\??\c:\httbnt.exec:\httbnt.exe106⤵
-
\??\c:\xlrllfr.exec:\xlrllfr.exe107⤵
-
\??\c:\tbnhth.exec:\tbnhth.exe108⤵
-
\??\c:\rxrfllr.exec:\rxrfllr.exe109⤵
-
\??\c:\dppvj.exec:\dppvj.exe110⤵
-
\??\c:\tthhnt.exec:\tthhnt.exe111⤵
- System Location Discovery: System Language Discovery
-
\??\c:\3ppvv.exec:\3ppvv.exe112⤵
-
\??\c:\nbttth.exec:\nbttth.exe113⤵
-
\??\c:\dppdv.exec:\dppdv.exe114⤵
-
\??\c:\rxxllfl.exec:\rxxllfl.exe115⤵
-
\??\c:\bnhhtn.exec:\bnhhtn.exe116⤵
-
\??\c:\llxffrf.exec:\llxffrf.exe117⤵
-
\??\c:\ttbbtt.exec:\ttbbtt.exe118⤵
-
\??\c:\hbhnhb.exec:\hbhnhb.exe119⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hbttnn.exec:\hbttnn.exe120⤵
-
\??\c:\vvjdv.exec:\vvjdv.exe121⤵
- System Location Discovery: System Language Discovery
-
\??\c:\flxlrlx.exec:\flxlrlx.exe122⤵
-
\??\c:\frrfxrl.exec:\frrfxrl.exe123⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rrlxfrr.exec:\rrlxfrr.exe124⤵
-
\??\c:\bhbhbn.exec:\bhbhbn.exe125⤵
-
\??\c:\lxfxrrr.exec:\lxfxrrr.exe126⤵
-
\??\c:\llxfrrl.exec:\llxfrrl.exe127⤵
-
\??\c:\nnbbhh.exec:\nnbbhh.exe128⤵
-
\??\c:\xlfllrr.exec:\xlfllrr.exe129⤵
-
\??\c:\pjdpp.exec:\pjdpp.exe130⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pdpjp.exec:\pdpjp.exe131⤵
-
\??\c:\bbnhnb.exec:\bbnhnb.exe132⤵
-
\??\c:\xrllrll.exec:\xrllrll.exe133⤵
-
\??\c:\nbbbnt.exec:\nbbbnt.exe134⤵
-
\??\c:\tnnbhn.exec:\tnnbhn.exe135⤵
-
\??\c:\ppdjj.exec:\ppdjj.exe136⤵
-
\??\c:\djjpp.exec:\djjpp.exe137⤵
-
\??\c:\tbnbhn.exec:\tbnbhn.exe138⤵
-
\??\c:\llfrxfr.exec:\llfrxfr.exe139⤵
-
\??\c:\vvppv.exec:\vvppv.exe140⤵
-
\??\c:\btbnnn.exec:\btbnnn.exe141⤵
-
\??\c:\flllrll.exec:\flllrll.exe142⤵
-
\??\c:\lfrxffr.exec:\lfrxffr.exe143⤵
-
\??\c:\9nthhn.exec:\9nthhn.exe144⤵
-
\??\c:\nnttnn.exec:\nnttnn.exe145⤵
-
\??\c:\pjppp.exec:\pjppp.exe146⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe147⤵
-
\??\c:\xffxxrl.exec:\xffxxrl.exe148⤵
-
\??\c:\dppdd.exec:\dppdd.exe149⤵
-
\??\c:\9rffllr.exec:\9rffllr.exe150⤵
-
\??\c:\bnnnhh.exec:\bnnnhh.exe151⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pjpjj.exec:\pjpjj.exe152⤵
-
\??\c:\flflllf.exec:\flflllf.exe153⤵
-
\??\c:\lxllfrx.exec:\lxllfrx.exe154⤵
-
\??\c:\bhbhbt.exec:\bhbhbt.exe155⤵
-
\??\c:\ffrrrrr.exec:\ffrrrrr.exe156⤵
-
\??\c:\hbnhhh.exec:\hbnhhh.exe157⤵
- System Location Discovery: System Language Discovery
-
\??\c:\7frxxrr.exec:\7frxxrr.exe158⤵
-
\??\c:\ntbnnn.exec:\ntbnnn.exe159⤵
-
\??\c:\rxfxxfx.exec:\rxfxxfx.exe160⤵
-
\??\c:\bnthhn.exec:\bnthhn.exe161⤵
-
\??\c:\nhnnbn.exec:\nhnnbn.exe162⤵
-
\??\c:\jvvvp.exec:\jvvvp.exe163⤵
-
\??\c:\hbhntt.exec:\hbhntt.exe164⤵
-
\??\c:\fffrxfl.exec:\fffrxfl.exe165⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe166⤵
-
\??\c:\rrxrxxf.exec:\rrxrxxf.exe167⤵
-
\??\c:\vvvjj.exec:\vvvjj.exe168⤵
-
\??\c:\rfxflrf.exec:\rfxflrf.exe169⤵
-
\??\c:\jvvjj.exec:\jvvjj.exe170⤵
-
\??\c:\hhntbn.exec:\hhntbn.exe171⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe172⤵
-
\??\c:\thttbh.exec:\thttbh.exe173⤵
-
\??\c:\rffrffr.exec:\rffrffr.exe174⤵
-
\??\c:\7jvdd.exec:\7jvdd.exe175⤵
-
\??\c:\tthttb.exec:\tthttb.exe176⤵
-
\??\c:\5frfrxf.exec:\5frfrxf.exe177⤵
-
\??\c:\nhtbht.exec:\nhtbht.exe178⤵
-
\??\c:\pdddp.exec:\pdddp.exe179⤵
-
\??\c:\nbbhbb.exec:\nbbhbb.exe180⤵
-
\??\c:\pdvvj.exec:\pdvvj.exe181⤵
-
\??\c:\bbnhtb.exec:\bbnhtb.exe182⤵
-
\??\c:\fllffrx.exec:\fllffrx.exe183⤵
-
\??\c:\thhbth.exec:\thhbth.exe184⤵
-
\??\c:\rrrrrxr.exec:\rrrrrxr.exe185⤵
-
\??\c:\dpdvv.exec:\dpdvv.exe186⤵
-
\??\c:\ththnt.exec:\ththnt.exe187⤵
-
\??\c:\vvdpv.exec:\vvdpv.exe188⤵
-
\??\c:\hhntbn.exec:\hhntbn.exe189⤵
-
\??\c:\frfllxl.exec:\frfllxl.exe190⤵
-
\??\c:\ddjdd.exec:\ddjdd.exe191⤵
-
\??\c:\rfrxrff.exec:\rfrxrff.exe192⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe193⤵
- System Location Discovery: System Language Discovery
-
\??\c:\bbbnbh.exec:\bbbnbh.exe194⤵
-
\??\c:\flrrllx.exec:\flrrllx.exe195⤵
-
\??\c:\hbhthb.exec:\hbhthb.exe196⤵
-
\??\c:\dpppv.exec:\dpppv.exe197⤵
-
\??\c:\1bbbbn.exec:\1bbbbn.exe198⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe199⤵
-
\??\c:\xxrxrxx.exec:\xxrxrxx.exe200⤵
-
\??\c:\vvjpj.exec:\vvjpj.exe201⤵
- System Location Discovery: System Language Discovery
-
\??\c:\tnnbnb.exec:\tnnbnb.exe202⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xrxxrlr.exec:\xrxxrlr.exe203⤵
-
\??\c:\nnbtbb.exec:\nnbtbb.exe204⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ffxxrxx.exec:\ffxxrxx.exe205⤵
-
\??\c:\1bnbbh.exec:\1bnbbh.exe206⤵
-
\??\c:\pvdvd.exec:\pvdvd.exe207⤵
-
\??\c:\rfxfrlr.exec:\rfxfrlr.exe208⤵
-
\??\c:\httnnt.exec:\httnnt.exe209⤵
-
\??\c:\rxxllxr.exec:\rxxllxr.exe210⤵
-
\??\c:\5xfxxlr.exec:\5xfxxlr.exe211⤵
-
\??\c:\ddppd.exec:\ddppd.exe212⤵
-
\??\c:\7nnnhh.exec:\7nnnhh.exe213⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe214⤵
-
\??\c:\5hthnb.exec:\5hthnb.exe215⤵
-
\??\c:\lrrfxfl.exec:\lrrfxfl.exe216⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vvvvv.exec:\vvvvv.exe217⤵
-
\??\c:\hhbbbt.exec:\hhbbbt.exe218⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe219⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ntntnb.exec:\ntntnb.exe220⤵
-
\??\c:\frlffrl.exec:\frlffrl.exe221⤵
-
\??\c:\ttbbht.exec:\ttbbht.exe222⤵
-
\??\c:\pdvvj.exec:\pdvvj.exe223⤵
-
\??\c:\nnbthh.exec:\nnbthh.exe224⤵
-
\??\c:\pddpv.exec:\pddpv.exe225⤵
-
\??\c:\nnhtbt.exec:\nnhtbt.exe226⤵
-
\??\c:\djppp.exec:\djppp.exe227⤵
- System Location Discovery: System Language Discovery
-
\??\c:\thtbbb.exec:\thtbbb.exe228⤵
-
\??\c:\xlxxllx.exec:\xlxxllx.exe229⤵
-
\??\c:\htbnbn.exec:\htbnbn.exe230⤵
-
\??\c:\hhtbbb.exec:\hhtbbb.exe231⤵
-
\??\c:\rfxfrfr.exec:\rfxfrfr.exe232⤵
-
\??\c:\pppdj.exec:\pppdj.exe233⤵
-
\??\c:\bhthbb.exec:\bhthbb.exe234⤵
-
\??\c:\rxxfflf.exec:\rxxfflf.exe235⤵
-
\??\c:\bhtbnb.exec:\bhtbnb.exe236⤵
-
\??\c:\rxfrrrr.exec:\rxfrrrr.exe237⤵
-
\??\c:\vvdvj.exec:\vvdvj.exe238⤵
-
\??\c:\lfrfffx.exec:\lfrfffx.exe239⤵
-
\??\c:\5hbtht.exec:\5hbtht.exe240⤵
-
\??\c:\pjvpd.exec:\pjvpd.exe241⤵