Analysis
-
max time kernel
120s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
06-08-2024 06:39
General
-
Target
70f755519abfcc428a7f683731952ce0N.exe
-
Size
59KB
-
MD5
70f755519abfcc428a7f683731952ce0
-
SHA1
6ae39ee07e1b2e0c3334f71adeb86d8d510c5424
-
SHA256
ccc4a2857e6e4aa78beef83bd2271ad0d473cd92d703868f3b852495e35892ca
-
SHA512
7bb57e8ff496c448f0b0c7ed13da349b6e3fb8627aecac380da47b6e24c25f8a920d43fac9e54671d6fe17edf6055477087a334139f8b43d4c35c9b5fe71242a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0chVn9PG:ymb3NkkiQ3mdBjF0crg
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\70f755519abfcc428a7f683731952ce0N.exe"C:\Users\Admin\AppData\Local\Temp\70f755519abfcc428a7f683731952ce0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlffff.exec:\rrlffff.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthhnn.exec:\tthhnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnttnt.exec:\bnttnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpp.exec:\jdvpp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxrlll.exec:\flxrlll.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrrlll.exec:\flrrlll.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbtnb.exec:\hhbtnb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhhhh.exec:\bbhhhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdvd.exec:\vvdvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xfxrrr.exec:\1xfxrrr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhbtt.exec:\hnhbtt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvpp.exec:\pjvpp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpv.exec:\jdvpv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffrllf.exec:\fffrllf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttntnh.exec:\ttntnh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddpj.exec:\jddpj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjv.exec:\vjpjv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxrlll.exec:\xxxrlll.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thttnn.exec:\thttnn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpppp.exec:\vpppp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddd.exec:\vpddd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflrxrr.exec:\rflrxrr.exe23⤵
- Executes dropped EXE
-
\??\c:\llllffl.exec:\llllffl.exe24⤵
- Executes dropped EXE
-
\??\c:\thtnth.exec:\thtnth.exe25⤵
- Executes dropped EXE
-
\??\c:\7pvpj.exec:\7pvpj.exe26⤵
- Executes dropped EXE
-
\??\c:\lfrrffr.exec:\lfrrffr.exe27⤵
- Executes dropped EXE
-
\??\c:\rlffxxx.exec:\rlffxxx.exe28⤵
- Executes dropped EXE
-
\??\c:\1ththh.exec:\1ththh.exe29⤵
- Executes dropped EXE
-
\??\c:\vpvpp.exec:\vpvpp.exe30⤵
- Executes dropped EXE
-
\??\c:\rflfxrl.exec:\rflfxrl.exe31⤵
- Executes dropped EXE
-
\??\c:\hnbtnh.exec:\hnbtnh.exe32⤵
- Executes dropped EXE
-
\??\c:\jvdvv.exec:\jvdvv.exe33⤵
- Executes dropped EXE
-
\??\c:\rllffff.exec:\rllffff.exe34⤵
- Executes dropped EXE
-
\??\c:\lxllxrr.exec:\lxllxrr.exe35⤵
- Executes dropped EXE
-
\??\c:\bnbbhh.exec:\bnbbhh.exe36⤵
- Executes dropped EXE
-
\??\c:\dvvjv.exec:\dvvjv.exe37⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe38⤵
- Executes dropped EXE
-
\??\c:\pdjdj.exec:\pdjdj.exe39⤵
- Executes dropped EXE
-
\??\c:\rllxrrl.exec:\rllxrrl.exe40⤵
- Executes dropped EXE
-
\??\c:\tttnhh.exec:\tttnhh.exe41⤵
- Executes dropped EXE
-
\??\c:\nbhbtb.exec:\nbhbtb.exe42⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rlxxfrr.exec:\rlxxfrr.exe43⤵
- Executes dropped EXE
-
\??\c:\xlxxxxx.exec:\xlxxxxx.exe44⤵
- Executes dropped EXE
-
\??\c:\btttnb.exec:\btttnb.exe45⤵
- Executes dropped EXE
-
\??\c:\tnbbbb.exec:\tnbbbb.exe46⤵
- Executes dropped EXE
-
\??\c:\bbbbtn.exec:\bbbbtn.exe47⤵
- Executes dropped EXE
-
\??\c:\vvdvd.exec:\vvdvd.exe48⤵
- Executes dropped EXE
-
\??\c:\vvvpj.exec:\vvvpj.exe49⤵
- Executes dropped EXE
-
\??\c:\lllfrrx.exec:\lllfrrx.exe50⤵
- Executes dropped EXE
-
\??\c:\nbbbnn.exec:\nbbbnn.exe51⤵
- Executes dropped EXE
-
\??\c:\pjjjv.exec:\pjjjv.exe52⤵
- Executes dropped EXE
-
\??\c:\pjjjd.exec:\pjjjd.exe53⤵
- Executes dropped EXE
-
\??\c:\flrrrxx.exec:\flrrrxx.exe54⤵
- Executes dropped EXE
-
\??\c:\hhhbbt.exec:\hhhbbt.exe55⤵
- Executes dropped EXE
-
\??\c:\1nnnhh.exec:\1nnnhh.exe56⤵
- Executes dropped EXE
-
\??\c:\pdvdv.exec:\pdvdv.exe57⤵
- Executes dropped EXE
-
\??\c:\dpvpj.exec:\dpvpj.exe58⤵
- Executes dropped EXE
-
\??\c:\lrrlfff.exec:\lrrlfff.exe59⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\7nbbbb.exec:\7nbbbb.exe60⤵
- Executes dropped EXE
-
\??\c:\3bbtnn.exec:\3bbtnn.exe61⤵
- Executes dropped EXE
-
\??\c:\ppddd.exec:\ppddd.exe62⤵
- Executes dropped EXE
-
\??\c:\9rxrlff.exec:\9rxrlff.exe63⤵
- Executes dropped EXE
-
\??\c:\xlxfflf.exec:\xlxfflf.exe64⤵
- Executes dropped EXE
-
\??\c:\htbbbb.exec:\htbbbb.exe65⤵
- Executes dropped EXE
-
\??\c:\5jddv.exec:\5jddv.exe66⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe67⤵
-
\??\c:\xxfxlff.exec:\xxfxlff.exe68⤵
-
\??\c:\ttnhbn.exec:\ttnhbn.exe69⤵
-
\??\c:\tttnht.exec:\tttnht.exe70⤵
-
\??\c:\dppjv.exec:\dppjv.exe71⤵
-
\??\c:\rllfrrl.exec:\rllfrrl.exe72⤵
-
\??\c:\xxlflfl.exec:\xxlflfl.exe73⤵
-
\??\c:\btbhtb.exec:\btbhtb.exe74⤵
-
\??\c:\nhhhhh.exec:\nhhhhh.exe75⤵
-
\??\c:\9pjjv.exec:\9pjjv.exe76⤵
-
\??\c:\dvppj.exec:\dvppj.exe77⤵
-
\??\c:\rlxrxrx.exec:\rlxrxrx.exe78⤵
-
\??\c:\5fflrxf.exec:\5fflrxf.exe79⤵
-
\??\c:\htbhtb.exec:\htbhtb.exe80⤵
-
\??\c:\tnhbtt.exec:\tnhbtt.exe81⤵
-
\??\c:\dvddd.exec:\dvddd.exe82⤵
-
\??\c:\3ntnhh.exec:\3ntnhh.exe83⤵
-
\??\c:\9hnhth.exec:\9hnhth.exe84⤵
-
\??\c:\3dpdd.exec:\3dpdd.exe85⤵
-
\??\c:\jvvvp.exec:\jvvvp.exe86⤵
-
\??\c:\xrfxllr.exec:\xrfxllr.exe87⤵
-
\??\c:\xrrrrrr.exec:\xrrrrrr.exe88⤵
-
\??\c:\1ntnnn.exec:\1ntnnn.exe89⤵
-
\??\c:\bbhbtt.exec:\bbhbtt.exe90⤵
-
\??\c:\vppjj.exec:\vppjj.exe91⤵
-
\??\c:\pppjd.exec:\pppjd.exe92⤵
-
\??\c:\lffxllr.exec:\lffxllr.exe93⤵
-
\??\c:\rrxrrrr.exec:\rrxrrrr.exe94⤵
-
\??\c:\5bbbtn.exec:\5bbbtn.exe95⤵
-
\??\c:\btbtbt.exec:\btbtbt.exe96⤵
-
\??\c:\9pppd.exec:\9pppd.exe97⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe98⤵
-
\??\c:\xrxrfff.exec:\xrxrfff.exe99⤵
-
\??\c:\1lfffff.exec:\1lfffff.exe100⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe101⤵
-
\??\c:\nbtnnb.exec:\nbtnnb.exe102⤵
-
\??\c:\1vdjd.exec:\1vdjd.exe103⤵
-
\??\c:\rrrxxxx.exec:\rrrxxxx.exe104⤵
-
\??\c:\xxffxxx.exec:\xxffxxx.exe105⤵
-
\??\c:\hhhhhb.exec:\hhhhhb.exe106⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe107⤵
-
\??\c:\ppppj.exec:\ppppj.exe108⤵
-
\??\c:\5rfxlxx.exec:\5rfxlxx.exe109⤵
-
\??\c:\xlfxxxx.exec:\xlfxxxx.exe110⤵
-
\??\c:\nbbttt.exec:\nbbttt.exe111⤵
-
\??\c:\btttnh.exec:\btttnh.exe112⤵
-
\??\c:\vjvvp.exec:\vjvvp.exe113⤵
-
\??\c:\xrrlffx.exec:\xrrlffx.exe114⤵
-
\??\c:\llrrxxl.exec:\llrrxxl.exe115⤵
-
\??\c:\nhbbbt.exec:\nhbbbt.exe116⤵
-
\??\c:\jppjd.exec:\jppjd.exe117⤵
-
\??\c:\5pvpj.exec:\5pvpj.exe118⤵
-
\??\c:\ffrlffx.exec:\ffrlffx.exe119⤵
-
\??\c:\lfllrrl.exec:\lfllrrl.exe120⤵
-
\??\c:\frxxxxr.exec:\frxxxxr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-