Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
02/08/2024, 18:50
General
-
Target
13406d30efa6b2bb979f03e0a037158b896d2c93bb7f1885e62a03620d5cdf1d.exe
-
Size
147KB
-
MD5
ca091f138741abc09133751a54234a27
-
SHA1
01f1e7c3c2c5a834f4e4b4ce25b65d39f303c838
-
SHA256
13406d30efa6b2bb979f03e0a037158b896d2c93bb7f1885e62a03620d5cdf1d
-
SHA512
4ae8198f551989832d4f8a39291bbd05e262869ee9513db06f640381549988610385f39bb7876910cfbc5c42c1cfef8f8a46a9bff6a5a2c541c9b499136b8618
-
SSDEEP
3072:ymb3NkkiQ3mdBjFIY7is8URxQkwco8rIr5nhkEFIsSy5x0i5beF:n3C9BRIgis8lmZO5hVS4leF
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\13406d30efa6b2bb979f03e0a037158b896d2c93bb7f1885e62a03620d5cdf1d.exe"C:\Users\Admin\AppData\Local\Temp\13406d30efa6b2bb979f03e0a037158b896d2c93bb7f1885e62a03620d5cdf1d.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9ffxlfx.exec:\9ffxlfx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbntbh.exec:\hbntbh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvjv.exec:\dvvjv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllxxlf.exec:\lllxxlf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhbtt.exec:\thhbtt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrfxrf.exec:\fxrfxrf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrfxxr.exec:\flrfxxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ntnbn.exec:\5ntnbn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjdp.exec:\djjdp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xrlfxr.exec:\9xrlfxr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnnh.exec:\bttnnh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdd.exec:\vjjdd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdpd.exec:\vvdpd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrfxrl.exec:\flrfxrl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bnhhb.exec:\9bnhhb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpppd.exec:\dpppd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfrlrl.exec:\llfrlrl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnhh.exec:\bntnhh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhhb.exec:\hbhhhb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddjj.exec:\jddjj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rxlffr.exec:\5rxlffr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ddvp.exec:\9ddvp.exe23⤵
- Executes dropped EXE
-
\??\c:\rflxlfr.exec:\rflxlfr.exe24⤵
- Executes dropped EXE
-
\??\c:\htnnbt.exec:\htnnbt.exe25⤵
- Executes dropped EXE
-
\??\c:\ddvvp.exec:\ddvvp.exe26⤵
- Executes dropped EXE
-
\??\c:\rlrrllf.exec:\rlrrllf.exe27⤵
- Executes dropped EXE
-
\??\c:\nbbthh.exec:\nbbthh.exe28⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe29⤵
- Executes dropped EXE
-
\??\c:\5rfxrrl.exec:\5rfxrrl.exe30⤵
- Executes dropped EXE
-
\??\c:\xxrlllf.exec:\xxrlllf.exe31⤵
- Executes dropped EXE
-
\??\c:\nhhnnb.exec:\nhhnnb.exe32⤵
- Executes dropped EXE
-
\??\c:\5hhtnn.exec:\5hhtnn.exe33⤵
- Executes dropped EXE
-
\??\c:\jdjvp.exec:\jdjvp.exe34⤵
- Executes dropped EXE
-
\??\c:\lxxrfxr.exec:\lxxrfxr.exe35⤵
- Executes dropped EXE
-
\??\c:\tnttbb.exec:\tnttbb.exe36⤵
- Executes dropped EXE
-
\??\c:\hthbtt.exec:\hthbtt.exe37⤵
- Executes dropped EXE
-
\??\c:\vpjdd.exec:\vpjdd.exe38⤵
- Executes dropped EXE
-
\??\c:\dvvpv.exec:\dvvpv.exe39⤵
- Executes dropped EXE
-
\??\c:\1xfrlxr.exec:\1xfrlxr.exe40⤵
- Executes dropped EXE
-
\??\c:\nhnnbt.exec:\nhnnbt.exe41⤵
- Executes dropped EXE
-
\??\c:\bnnhhh.exec:\bnnhhh.exe42⤵
- Executes dropped EXE
-
\??\c:\vvjdv.exec:\vvjdv.exe43⤵
- Executes dropped EXE
-
\??\c:\vpjdd.exec:\vpjdd.exe44⤵
- Executes dropped EXE
-
\??\c:\rlrlfxr.exec:\rlrlfxr.exe45⤵
- Executes dropped EXE
-
\??\c:\thnnnn.exec:\thnnnn.exe46⤵
- Executes dropped EXE
-
\??\c:\hbhhbb.exec:\hbhhbb.exe47⤵
- Executes dropped EXE
-
\??\c:\1xrlxxx.exec:\1xrlxxx.exe48⤵
- Executes dropped EXE
-
\??\c:\ffrllxl.exec:\ffrllxl.exe49⤵
- Executes dropped EXE
-
\??\c:\bnbttt.exec:\bnbttt.exe50⤵
- Executes dropped EXE
-
\??\c:\hnbtnh.exec:\hnbtnh.exe51⤵
- Executes dropped EXE
-
\??\c:\ddddv.exec:\ddddv.exe52⤵
- Executes dropped EXE
-
\??\c:\fxxlxxx.exec:\fxxlxxx.exe53⤵
- Executes dropped EXE
-
\??\c:\1fxrlll.exec:\1fxrlll.exe54⤵
- Executes dropped EXE
-
\??\c:\nnnnhn.exec:\nnnnhn.exe55⤵
- Executes dropped EXE
-
\??\c:\3hnhbb.exec:\3hnhbb.exe56⤵
- Executes dropped EXE
-
\??\c:\7jjdp.exec:\7jjdp.exe57⤵
- Executes dropped EXE
-
\??\c:\dvdvv.exec:\dvdvv.exe58⤵
- Executes dropped EXE
-
\??\c:\xxxlffr.exec:\xxxlffr.exe59⤵
- Executes dropped EXE
-
\??\c:\xlxlllr.exec:\xlxlllr.exe60⤵
- Executes dropped EXE
-
\??\c:\hbnntb.exec:\hbnntb.exe61⤵
- Executes dropped EXE
-
\??\c:\nhnntn.exec:\nhnntn.exe62⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe63⤵
- Executes dropped EXE
-
\??\c:\fxfxxxl.exec:\fxfxxxl.exe64⤵
- Executes dropped EXE
-
\??\c:\lrxlflf.exec:\lrxlflf.exe65⤵
- Executes dropped EXE
-
\??\c:\hhnnhh.exec:\hhnnhh.exe66⤵
-
\??\c:\jjpjj.exec:\jjpjj.exe67⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe68⤵
-
\??\c:\rffxlfx.exec:\rffxlfx.exe69⤵
-
\??\c:\frrrrll.exec:\frrrrll.exe70⤵
-
\??\c:\tbbbtt.exec:\tbbbtt.exe71⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe72⤵
-
\??\c:\lrxfffr.exec:\lrxfffr.exe73⤵
-
\??\c:\5bbtnh.exec:\5bbtnh.exe74⤵
-
\??\c:\jddvj.exec:\jddvj.exe75⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe76⤵
-
\??\c:\frlfxxr.exec:\frlfxxr.exe77⤵
-
\??\c:\1xfxxxr.exec:\1xfxxxr.exe78⤵
-
\??\c:\3bbttt.exec:\3bbttt.exe79⤵
-
\??\c:\jvjjd.exec:\jvjjd.exe80⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe81⤵
-
\??\c:\1lfrlll.exec:\1lfrlll.exe82⤵
-
\??\c:\nhnbtn.exec:\nhnbtn.exe83⤵
-
\??\c:\hhbhtt.exec:\hhbhtt.exe84⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vppjd.exec:\vppjd.exe85⤵
-
\??\c:\lflfffl.exec:\lflfffl.exe86⤵
-
\??\c:\rrfxrrl.exec:\rrfxrrl.exe87⤵
-
\??\c:\nbnnnn.exec:\nbnnnn.exe88⤵
- System Location Discovery: System Language Discovery
-
\??\c:\5ppdv.exec:\5ppdv.exe89⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe90⤵
-
\??\c:\vjvvj.exec:\vjvvj.exe91⤵
-
\??\c:\xrrfrlf.exec:\xrrfrlf.exe92⤵
-
\??\c:\nhthht.exec:\nhthht.exe93⤵
-
\??\c:\ppvpd.exec:\ppvpd.exe94⤵
-
\??\c:\xxxrlll.exec:\xxxrlll.exe95⤵
-
\??\c:\btbtth.exec:\btbtth.exe96⤵
-
\??\c:\bttntt.exec:\bttntt.exe97⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe98⤵
-
\??\c:\lfxrxrx.exec:\lfxrxrx.exe99⤵
-
\??\c:\hhnhbb.exec:\hhnhbb.exe100⤵
-
\??\c:\dvvdj.exec:\dvvdj.exe101⤵
-
\??\c:\xrfxfrx.exec:\xrfxfrx.exe102⤵
-
\??\c:\7ntttt.exec:\7ntttt.exe103⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe104⤵
-
\??\c:\1xxrrrl.exec:\1xxrrrl.exe105⤵
-
\??\c:\bnnnbb.exec:\bnnnbb.exe106⤵
-
\??\c:\3nnhhh.exec:\3nnhhh.exe107⤵
-
\??\c:\dddvj.exec:\dddvj.exe108⤵
-
\??\c:\fxxrlxr.exec:\fxxrlxr.exe109⤵
-
\??\c:\rllfxrr.exec:\rllfxrr.exe110⤵
-
\??\c:\9nttnb.exec:\9nttnb.exe111⤵
-
\??\c:\jpjdd.exec:\jpjdd.exe112⤵
-
\??\c:\dvpdv.exec:\dvpdv.exe113⤵
-
\??\c:\rlfrlff.exec:\rlfrlff.exe114⤵
-
\??\c:\nbnnnn.exec:\nbnnnn.exe115⤵
-
\??\c:\ddvpv.exec:\ddvpv.exe116⤵
-
\??\c:\pdjvd.exec:\pdjvd.exe117⤵
-
\??\c:\rfllxxx.exec:\rfllxxx.exe118⤵
-
\??\c:\htbtnn.exec:\htbtnn.exe119⤵
-
\??\c:\bhnhbb.exec:\bhnhbb.exe120⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-