Analysis
-
max time kernel
120s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
05/08/2024, 11:08
General
-
Target
84662193a084a8a84001e14c27b1a600N.exe
-
Size
123KB
-
MD5
84662193a084a8a84001e14c27b1a600
-
SHA1
8f8e0bd0cb951d025dea233a5a318c5eee82811d
-
SHA256
1356da78c06b99468c12625e9468784239787fd3194914ae2448c40cd38f51ab
-
SHA512
77770188215e978842e7cfdd8e82b81092f705d0c6563a01e6b07c731eaf2c4a4fa010c5ca17dad93d21d1aaf07d470ef7c895e41e65a4171d0a7390a4d797ca
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73oYUCD7R2F2UVbyy0NgVyFsJJ:ymb3NkkiQ3mdBjFo73HUoMsAbrxVbV
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\84662193a084a8a84001e14c27b1a600N.exe"C:\Users\Admin\AppData\Local\Temp\84662193a084a8a84001e14c27b1a600N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rflffll.exec:\rflffll.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ttnhh.exec:\3ttnhh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdd.exec:\vvjdd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jjpv.exec:\3jjpv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlfrrl.exec:\xrlfrrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhnn.exec:\nhhhnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhbbb.exec:\tbhbbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlxxx.exec:\fxrlxxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbthh.exec:\nbbthh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnbnn.exec:\bnnbnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpdv.exec:\pdpdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffffff.exec:\rffffff.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlxxxl.exec:\lrlxxxl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbtnn.exec:\bnbtnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvpj.exec:\pvvpj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lfxrrl.exec:\1lfxrrl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbhh.exec:\btbbhh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpjd.exec:\djpjd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrfrlf.exec:\ffrfrlf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhbtn.exec:\bbhbtn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httnnn.exec:\httnnn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jpjj.exec:\1jpjj.exe23⤵
- Executes dropped EXE
-
\??\c:\rfrllll.exec:\rfrllll.exe24⤵
- Executes dropped EXE
-
\??\c:\rlxxrlf.exec:\rlxxrlf.exe25⤵
- Executes dropped EXE
-
\??\c:\5hbtnh.exec:\5hbtnh.exe26⤵
- Executes dropped EXE
-
\??\c:\jpvvv.exec:\jpvvv.exe27⤵
- Executes dropped EXE
-
\??\c:\rlrrffx.exec:\rlrrffx.exe28⤵
- Executes dropped EXE
-
\??\c:\tnbtbb.exec:\tnbtbb.exe29⤵
- Executes dropped EXE
-
\??\c:\nbnhbb.exec:\nbnhbb.exe30⤵
- Executes dropped EXE
-
\??\c:\dvjvv.exec:\dvjvv.exe31⤵
- Executes dropped EXE
-
\??\c:\lxxfxxf.exec:\lxxfxxf.exe32⤵
- Executes dropped EXE
-
\??\c:\nhtthb.exec:\nhtthb.exe33⤵
- Executes dropped EXE
-
\??\c:\jjpjd.exec:\jjpjd.exe34⤵
- Executes dropped EXE
-
\??\c:\xrfffxx.exec:\xrfffxx.exe35⤵
- Executes dropped EXE
-
\??\c:\bthbbt.exec:\bthbbt.exe36⤵
- Executes dropped EXE
-
\??\c:\jvpjd.exec:\jvpjd.exe37⤵
- Executes dropped EXE
-
\??\c:\lxxxrfr.exec:\lxxxrfr.exe38⤵
- Executes dropped EXE
-
\??\c:\nhbthh.exec:\nhbthh.exe39⤵
- Executes dropped EXE
-
\??\c:\hnnbtn.exec:\hnnbtn.exe40⤵
- Executes dropped EXE
-
\??\c:\dvjjd.exec:\dvjjd.exe41⤵
- Executes dropped EXE
-
\??\c:\9vvpj.exec:\9vvpj.exe42⤵
- Executes dropped EXE
-
\??\c:\htbttt.exec:\htbttt.exe43⤵
- Executes dropped EXE
-
\??\c:\pdjjd.exec:\pdjjd.exe44⤵
- Executes dropped EXE
-
\??\c:\lflrlll.exec:\lflrlll.exe45⤵
- Executes dropped EXE
-
\??\c:\fxlfrrl.exec:\fxlfrrl.exe46⤵
- Executes dropped EXE
-
\??\c:\dvddd.exec:\dvddd.exe47⤵
- Executes dropped EXE
-
\??\c:\vpvpd.exec:\vpvpd.exe48⤵
- Executes dropped EXE
-
\??\c:\fffxllf.exec:\fffxllf.exe49⤵
- Executes dropped EXE
-
\??\c:\1llfxrl.exec:\1llfxrl.exe50⤵
- Executes dropped EXE
-
\??\c:\3ntnnh.exec:\3ntnnh.exe51⤵
- Executes dropped EXE
-
\??\c:\thnhhh.exec:\thnhhh.exe52⤵
- Executes dropped EXE
-
\??\c:\pjvjj.exec:\pjvjj.exe53⤵
- Executes dropped EXE
-
\??\c:\7pppj.exec:\7pppj.exe54⤵
- Executes dropped EXE
-
\??\c:\fxrrrrl.exec:\fxrrrrl.exe55⤵
- Executes dropped EXE
-
\??\c:\fxfxxrf.exec:\fxfxxrf.exe56⤵
- Executes dropped EXE
-
\??\c:\bbhbbn.exec:\bbhbbn.exe57⤵
- Executes dropped EXE
-
\??\c:\bbnbtn.exec:\bbnbtn.exe58⤵
- Executes dropped EXE
-
\??\c:\vpdpp.exec:\vpdpp.exe59⤵
- Executes dropped EXE
-
\??\c:\dvpjp.exec:\dvpjp.exe60⤵
- Executes dropped EXE
-
\??\c:\xrffxff.exec:\xrffxff.exe61⤵
- Executes dropped EXE
-
\??\c:\1xffxxr.exec:\1xffxxr.exe62⤵
- Executes dropped EXE
-
\??\c:\bnttnn.exec:\bnttnn.exe63⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\dpvpd.exec:\dpvpd.exe64⤵
- Executes dropped EXE
-
\??\c:\3frlllr.exec:\3frlllr.exe65⤵
- Executes dropped EXE
-
\??\c:\rllxrrl.exec:\rllxrrl.exe66⤵
-
\??\c:\bhhbbb.exec:\bhhbbb.exe67⤵
-
\??\c:\nbbtnn.exec:\nbbtnn.exe68⤵
-
\??\c:\pvpjd.exec:\pvpjd.exe69⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rxfxrrl.exec:\rxfxrrl.exe70⤵
-
\??\c:\9rllllf.exec:\9rllllf.exe71⤵
-
\??\c:\5hhhbt.exec:\5hhhbt.exe72⤵
-
\??\c:\jpvjj.exec:\jpvjj.exe73⤵
-
\??\c:\nhhtbt.exec:\nhhtbt.exe74⤵
-
\??\c:\tnnhtt.exec:\tnnhtt.exe75⤵
-
\??\c:\djvvp.exec:\djvvp.exe76⤵
-
\??\c:\ppppj.exec:\ppppj.exe77⤵
-
\??\c:\xrxrrll.exec:\xrxrrll.exe78⤵
-
\??\c:\7hnnbh.exec:\7hnnbh.exe79⤵
-
\??\c:\thnhbt.exec:\thnhbt.exe80⤵
-
\??\c:\xlffxxx.exec:\xlffxxx.exe81⤵
-
\??\c:\nnhtht.exec:\nnhtht.exe82⤵
-
\??\c:\pdvpd.exec:\pdvpd.exe83⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe84⤵
-
\??\c:\lxfxrrl.exec:\lxfxrrl.exe85⤵
-
\??\c:\bnnhhb.exec:\bnnhhb.exe86⤵
-
\??\c:\jddvp.exec:\jddvp.exe87⤵
-
\??\c:\lfrllrl.exec:\lfrllrl.exe88⤵
-
\??\c:\bbhhbh.exec:\bbhhbh.exe89⤵
- System Location Discovery: System Language Discovery
-
\??\c:\dvvvd.exec:\dvvvd.exe90⤵
-
\??\c:\llrlxxr.exec:\llrlxxr.exe91⤵
-
\??\c:\9thbbb.exec:\9thbbb.exe92⤵
-
\??\c:\7nnhbt.exec:\7nnhbt.exe93⤵
-
\??\c:\dvddp.exec:\dvddp.exe94⤵
-
\??\c:\rlffxxx.exec:\rlffxxx.exe95⤵
-
\??\c:\xrlffrf.exec:\xrlffrf.exe96⤵
-
\??\c:\bbhbtt.exec:\bbhbtt.exe97⤵
-
\??\c:\hhtnbt.exec:\hhtnbt.exe98⤵
-
\??\c:\vvjdd.exec:\vvjdd.exe99⤵
-
\??\c:\5fllxxx.exec:\5fllxxx.exe100⤵
-
\??\c:\llrlffr.exec:\llrlffr.exe101⤵
-
\??\c:\9tnhbt.exec:\9tnhbt.exe102⤵
-
\??\c:\djpjd.exec:\djpjd.exe103⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe104⤵
-
\??\c:\frffrrl.exec:\frffrrl.exe105⤵
-
\??\c:\9tbthh.exec:\9tbthh.exe106⤵
-
\??\c:\tnhhbb.exec:\tnhhbb.exe107⤵
-
\??\c:\vvddd.exec:\vvddd.exe108⤵
-
\??\c:\rrrlffx.exec:\rrrlffx.exe109⤵
-
\??\c:\rlfxllf.exec:\rlfxllf.exe110⤵
-
\??\c:\tbtthb.exec:\tbtthb.exe111⤵
-
\??\c:\ttnnhh.exec:\ttnnhh.exe112⤵
-
\??\c:\9djjv.exec:\9djjv.exe113⤵
-
\??\c:\fxfrlll.exec:\fxfrlll.exe114⤵
-
\??\c:\nbbhnh.exec:\nbbhnh.exe115⤵
-
\??\c:\pjppd.exec:\pjppd.exe116⤵
-
\??\c:\fxllxfx.exec:\fxllxfx.exe117⤵
-
\??\c:\rffxrrl.exec:\rffxrrl.exe118⤵
-
\??\c:\btbhtb.exec:\btbhtb.exe119⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe120⤵
-
\??\c:\vvppd.exec:\vvppd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-