Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240730-en -
resource tags
-
submitted
02-08-2024 10:52
General
-
Target
936906fa2a8175ef38863c74f9adc340N.exe
-
Size
75KB
-
MD5
936906fa2a8175ef38863c74f9adc340
-
SHA1
d4be1951014fc9889a424732c0ce02e2860ced20
-
SHA256
223760ba2802f9e5d4cff76fb5663492b0b7a2444883de6b20ff88f9b39bfe15
-
SHA512
6ffe3ca13ac44dd4ff6f9bb7159938a406eb2de58c77cc20eaa7063af8ee900f279310c4b2599ae122f3babe3c14aacd9b6e5c75dda94b36220788f13393cb0a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIfv7+afCD+QsQbKQPESBV:ymb3NkkiQ3mdBjFIfvTfCD+HlQcY
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\936906fa2a8175ef38863c74f9adc340N.exe"C:\Users\Admin\AppData\Local\Temp\936906fa2a8175ef38863c74f9adc340N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnnbb.exec:\nhnnbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjdd.exec:\jvjdd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjv.exec:\vppjv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbttt.exec:\nbbttt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ddvp.exec:\1ddvp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfflfxx.exec:\lfflfxx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ttttt.exec:\5ttttt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpdj.exec:\jvpdj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvp.exec:\dvdvp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lfxxxr.exec:\9lfxxxr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnhhh.exec:\hhnhhh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvvj.exec:\pvvvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xfrxff.exec:\1xfrxff.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tnnhh.exec:\7tnnhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbhbb.exec:\hbbhbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrrxfx.exec:\lfrrxfx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rlflll.exec:\1rlflll.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbttn.exec:\tbbttn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjdd.exec:\jpjdd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvvv.exec:\jpvvv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrlflr.exec:\frrlflr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfllllf.exec:\rfllllf.exe23⤵
- Executes dropped EXE
-
\??\c:\hnhhbt.exec:\hnhhbt.exe24⤵
- Executes dropped EXE
-
\??\c:\5vdvv.exec:\5vdvv.exe25⤵
- Executes dropped EXE
-
\??\c:\xrxrlll.exec:\xrxrlll.exe26⤵
- Executes dropped EXE
-
\??\c:\bnnhhh.exec:\bnnhhh.exe27⤵
- Executes dropped EXE
-
\??\c:\bhhntt.exec:\bhhntt.exe28⤵
- Executes dropped EXE
-
\??\c:\djvvv.exec:\djvvv.exe29⤵
- Executes dropped EXE
-
\??\c:\xlrfxrx.exec:\xlrfxrx.exe30⤵
- Executes dropped EXE
-
\??\c:\hhtbhn.exec:\hhtbhn.exe31⤵
- Executes dropped EXE
-
\??\c:\1hbntt.exec:\1hbntt.exe32⤵
- Executes dropped EXE
-
\??\c:\dpdpd.exec:\dpdpd.exe33⤵
- Executes dropped EXE
-
\??\c:\frrlffx.exec:\frrlffx.exe34⤵
- Executes dropped EXE
-
\??\c:\5tbbtt.exec:\5tbbtt.exe35⤵
- Executes dropped EXE
-
\??\c:\tnnnhn.exec:\tnnnhn.exe36⤵
- Executes dropped EXE
-
\??\c:\vpdvd.exec:\vpdvd.exe37⤵
- Executes dropped EXE
-
\??\c:\rfllxxx.exec:\rfllxxx.exe38⤵
- Executes dropped EXE
-
\??\c:\rxrrxll.exec:\rxrrxll.exe39⤵
- Executes dropped EXE
-
\??\c:\ttbbht.exec:\ttbbht.exe40⤵
- Executes dropped EXE
-
\??\c:\dpjvv.exec:\dpjvv.exe41⤵
- Executes dropped EXE
-
\??\c:\7vvdv.exec:\7vvdv.exe42⤵
- Executes dropped EXE
-
\??\c:\xflxxxx.exec:\xflxxxx.exe43⤵
- Executes dropped EXE
-
\??\c:\nhnhhh.exec:\nhnhhh.exe44⤵
- Executes dropped EXE
-
\??\c:\ddvpv.exec:\ddvpv.exe45⤵
- Executes dropped EXE
-
\??\c:\jvvjd.exec:\jvvjd.exe46⤵
- Executes dropped EXE
-
\??\c:\xrrxrxx.exec:\xrrxrxx.exe47⤵
- Executes dropped EXE
-
\??\c:\5flfxxx.exec:\5flfxxx.exe48⤵
- Executes dropped EXE
-
\??\c:\ttnnhh.exec:\ttnnhh.exe49⤵
- Executes dropped EXE
-
\??\c:\9dvjv.exec:\9dvjv.exe50⤵
- Executes dropped EXE
-
\??\c:\xxflfff.exec:\xxflfff.exe51⤵
- Executes dropped EXE
-
\??\c:\nbttnt.exec:\nbttnt.exe52⤵
- Executes dropped EXE
-
\??\c:\tnnnnn.exec:\tnnnnn.exe53⤵
- Executes dropped EXE
-
\??\c:\ddvvj.exec:\ddvvj.exe54⤵
- Executes dropped EXE
-
\??\c:\9rxrfxr.exec:\9rxrfxr.exe55⤵
- Executes dropped EXE
-
\??\c:\rflllrl.exec:\rflllrl.exe56⤵
- Executes dropped EXE
-
\??\c:\nhtnht.exec:\nhtnht.exe57⤵
- Executes dropped EXE
-
\??\c:\7pvpp.exec:\7pvpp.exe58⤵
- Executes dropped EXE
-
\??\c:\3jjvp.exec:\3jjvp.exe59⤵
- Executes dropped EXE
-
\??\c:\frlfffx.exec:\frlfffx.exe60⤵
- Executes dropped EXE
-
\??\c:\1nnbbn.exec:\1nnbbn.exe61⤵
- Executes dropped EXE
-
\??\c:\nhbtbh.exec:\nhbtbh.exe62⤵
- Executes dropped EXE
-
\??\c:\jvvpj.exec:\jvvpj.exe63⤵
- Executes dropped EXE
-
\??\c:\lfxxrrl.exec:\lfxxrrl.exe64⤵
- Executes dropped EXE
-
\??\c:\rflxrrx.exec:\rflxrrx.exe65⤵
- Executes dropped EXE
-
\??\c:\7nttth.exec:\7nttth.exe66⤵
-
\??\c:\xrlxrxf.exec:\xrlxrxf.exe67⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe68⤵
-
\??\c:\fflxrlf.exec:\fflxrlf.exe69⤵
-
\??\c:\btnnnn.exec:\btnnnn.exe70⤵
-
\??\c:\tbhntn.exec:\tbhntn.exe71⤵
-
\??\c:\ddpjd.exec:\ddpjd.exe72⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe73⤵
-
\??\c:\rxllrff.exec:\rxllrff.exe74⤵
-
\??\c:\frfllrr.exec:\frfllrr.exe75⤵
-
\??\c:\bnbhhh.exec:\bnbhhh.exe76⤵
-
\??\c:\5ntnbh.exec:\5ntnbh.exe77⤵
-
\??\c:\jpppj.exec:\jpppj.exe78⤵
-
\??\c:\3jppd.exec:\3jppd.exe79⤵
-
\??\c:\rrxxlrl.exec:\rrxxlrl.exe80⤵
-
\??\c:\hhbnhh.exec:\hhbnhh.exe81⤵
-
\??\c:\nhhthh.exec:\nhhthh.exe82⤵
-
\??\c:\ddjjd.exec:\ddjjd.exe83⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe84⤵
-
\??\c:\xrxxrrr.exec:\xrxxrrr.exe85⤵
-
\??\c:\lxrffff.exec:\lxrffff.exe86⤵
-
\??\c:\tbhhhn.exec:\tbhhhn.exe87⤵
-
\??\c:\7htnhh.exec:\7htnhh.exe88⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe89⤵
-
\??\c:\pvvvd.exec:\pvvvd.exe90⤵
-
\??\c:\fxrlxfl.exec:\fxrlxfl.exe91⤵
-
\??\c:\tnnnnn.exec:\tnnnnn.exe92⤵
-
\??\c:\bhhhbb.exec:\bhhhbb.exe93⤵
-
\??\c:\ddjjj.exec:\ddjjj.exe94⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe95⤵
-
\??\c:\5fllrrx.exec:\5fllrrx.exe96⤵
-
\??\c:\5lxxflr.exec:\5lxxflr.exe97⤵
-
\??\c:\hbbtbb.exec:\hbbtbb.exe98⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe99⤵
-
\??\c:\5jjdv.exec:\5jjdv.exe100⤵
-
\??\c:\fllfxxx.exec:\fllfxxx.exe101⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xrrlflf.exec:\xrrlflf.exe102⤵
-
\??\c:\httnnn.exec:\httnnn.exe103⤵
-
\??\c:\1httbh.exec:\1httbh.exe104⤵
-
\??\c:\1djjj.exec:\1djjj.exe105⤵
-
\??\c:\jpppp.exec:\jpppp.exe106⤵
-
\??\c:\rxfxrll.exec:\rxfxrll.exe107⤵
-
\??\c:\lxxxrrr.exec:\lxxxrrr.exe108⤵
-
\??\c:\bhttnn.exec:\bhttnn.exe109⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe110⤵
-
\??\c:\jvddp.exec:\jvddp.exe111⤵
-
\??\c:\fxlfxff.exec:\fxlfxff.exe112⤵
-
\??\c:\lxxrrrl.exec:\lxxrrrl.exe113⤵
-
\??\c:\hbbttt.exec:\hbbttt.exe114⤵
-
\??\c:\hbtnnt.exec:\hbtnnt.exe115⤵
-
\??\c:\bntbbh.exec:\bntbbh.exe116⤵
-
\??\c:\pdpvp.exec:\pdpvp.exe117⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe118⤵
-
\??\c:\ffffxxr.exec:\ffffxxr.exe119⤵
-
\??\c:\fxfxxxx.exec:\fxfxxxx.exe120⤵
-
\??\c:\7llffff.exec:\7llffff.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-