Analysis
-
max time kernel
150s -
max time network
116s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
11/08/2024, 01:07
General
-
Target
aaf786d94ac82c5999fd5ba39dfc5fe0a3e02bdd27fd11923fd1d28d604d9ff3.exe
-
Size
64KB
-
MD5
8c328ee1dddcce2c7094af0eba20086d
-
SHA1
5bb74244e96434b8604937e5b416b0d42cc92d7a
-
SHA256
aaf786d94ac82c5999fd5ba39dfc5fe0a3e02bdd27fd11923fd1d28d604d9ff3
-
SHA512
359a6053d4b68f85b056cf4c73b1991d1cd45dc8116fcaa88ce1410441cdd203dad8ff776535e6d00516424498ed9dc62cd4cc85c45d136edc3645c331ef0e22
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIkpi+qPte:ymb3NkkiQ3mdBjFIj+qA
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\aaf786d94ac82c5999fd5ba39dfc5fe0a3e02bdd27fd11923fd1d28d604d9ff3.exe"C:\Users\Admin\AppData\Local\Temp\aaf786d94ac82c5999fd5ba39dfc5fe0a3e02bdd27fd11923fd1d28d604d9ff3.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\frflxfx.exec:\frflxfx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbttt.exec:\btbttt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpjd.exec:\ddpjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxxxr.exec:\lffxxxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlxxr.exec:\fxrlxxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtthn.exec:\hhtthn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nnnnn.exec:\3nnnnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpdp.exec:\jvpdp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffxlrl.exec:\rffxlrl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fffxxx.exec:\9fffxxx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhhbb.exec:\hhhhbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bhbhh.exec:\1bhbhh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vvpd.exec:\9vvpd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlxxr.exec:\xrrlxxr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffffflf.exec:\ffffflf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hnntt.exec:\3hnntt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtnhh.exec:\nbtnhh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppj.exec:\pjppj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffllrf.exec:\lffllrf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxxxxx.exec:\fxxxxxx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnhbh.exec:\hnnhbh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpppp.exec:\vpppp.exe23⤵
- Executes dropped EXE
-
\??\c:\7xxxlff.exec:\7xxxlff.exe24⤵
- Executes dropped EXE
-
\??\c:\llrrlll.exec:\llrrlll.exe25⤵
- Executes dropped EXE
-
\??\c:\bnhhbb.exec:\bnhhbb.exe26⤵
- Executes dropped EXE
-
\??\c:\hnbtnn.exec:\hnbtnn.exe27⤵
- Executes dropped EXE
-
\??\c:\jpvpj.exec:\jpvpj.exe28⤵
- Executes dropped EXE
-
\??\c:\rflllrr.exec:\rflllrr.exe29⤵
- Executes dropped EXE
-
\??\c:\nhnnnn.exec:\nhnnnn.exe30⤵
- Executes dropped EXE
-
\??\c:\nntnnn.exec:\nntnnn.exe31⤵
- Executes dropped EXE
-
\??\c:\hnnhhh.exec:\hnnhhh.exe32⤵
- Executes dropped EXE
-
\??\c:\3vdvp.exec:\3vdvp.exe33⤵
- Executes dropped EXE
-
\??\c:\1rxrllf.exec:\1rxrllf.exe34⤵
- Executes dropped EXE
-
\??\c:\5htbtt.exec:\5htbtt.exe35⤵
- Executes dropped EXE
-
\??\c:\7ttnbh.exec:\7ttnbh.exe36⤵
- Executes dropped EXE
-
\??\c:\dddpj.exec:\dddpj.exe37⤵
- Executes dropped EXE
-
\??\c:\pvvjd.exec:\pvvjd.exe38⤵
- Executes dropped EXE
-
\??\c:\lffxllf.exec:\lffxllf.exe39⤵
- Executes dropped EXE
-
\??\c:\hnnnhh.exec:\hnnnhh.exe40⤵
- Executes dropped EXE
-
\??\c:\3bbnhh.exec:\3bbnhh.exe41⤵
- Executes dropped EXE
-
\??\c:\vvvpd.exec:\vvvpd.exe42⤵
- Executes dropped EXE
-
\??\c:\rxlxlfx.exec:\rxlxlfx.exe43⤵
- Executes dropped EXE
-
\??\c:\lxrlfxr.exec:\lxrlfxr.exe44⤵
- Executes dropped EXE
-
\??\c:\bbnnhh.exec:\bbnnhh.exe45⤵
- Executes dropped EXE
-
\??\c:\tnttnb.exec:\tnttnb.exe46⤵
- Executes dropped EXE
-
\??\c:\vjjdv.exec:\vjjdv.exe47⤵
- Executes dropped EXE
-
\??\c:\jdvpj.exec:\jdvpj.exe48⤵
- Executes dropped EXE
-
\??\c:\xxrlffx.exec:\xxrlffx.exe49⤵
- Executes dropped EXE
-
\??\c:\xrrrxxf.exec:\xrrrxxf.exe50⤵
- Executes dropped EXE
-
\??\c:\tnnhht.exec:\tnnhht.exe51⤵
- Executes dropped EXE
-
\??\c:\1vppj.exec:\1vppj.exe52⤵
- Executes dropped EXE
-
\??\c:\pjdvp.exec:\pjdvp.exe53⤵
- Executes dropped EXE
-
\??\c:\7xrlllf.exec:\7xrlllf.exe54⤵
- Executes dropped EXE
-
\??\c:\ddjdd.exec:\ddjdd.exe55⤵
- Executes dropped EXE
-
\??\c:\ddjpd.exec:\ddjpd.exe56⤵
- Executes dropped EXE
-
\??\c:\3lxlrrr.exec:\3lxlrrr.exe57⤵
- Executes dropped EXE
-
\??\c:\xlffxxr.exec:\xlffxxr.exe58⤵
- Executes dropped EXE
-
\??\c:\5bhbtn.exec:\5bhbtn.exe59⤵
- Executes dropped EXE
-
\??\c:\pdpdd.exec:\pdpdd.exe60⤵
- Executes dropped EXE
-
\??\c:\frxfxxr.exec:\frxfxxr.exe61⤵
- Executes dropped EXE
-
\??\c:\hhhhbb.exec:\hhhhbb.exe62⤵
- Executes dropped EXE
-
\??\c:\5htbnh.exec:\5htbnh.exe63⤵
- Executes dropped EXE
-
\??\c:\vddvd.exec:\vddvd.exe64⤵
- Executes dropped EXE
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe65⤵
- Executes dropped EXE
-
\??\c:\lfrlrrf.exec:\lfrlrrf.exe66⤵
-
\??\c:\nnhbtn.exec:\nnhbtn.exe67⤵
-
\??\c:\tttntn.exec:\tttntn.exe68⤵
-
\??\c:\djvvd.exec:\djvvd.exe69⤵
-
\??\c:\lfxrrrl.exec:\lfxrrrl.exe70⤵
-
\??\c:\5flfxrl.exec:\5flfxrl.exe71⤵
-
\??\c:\5ttthh.exec:\5ttthh.exe72⤵
-
\??\c:\hhbtnh.exec:\hhbtnh.exe73⤵
-
\??\c:\1dpdv.exec:\1dpdv.exe74⤵
-
\??\c:\3xfxfxr.exec:\3xfxfxr.exe75⤵
-
\??\c:\fffxrrl.exec:\fffxrrl.exe76⤵
-
\??\c:\bnnnhh.exec:\bnnnhh.exe77⤵
-
\??\c:\7ddpd.exec:\7ddpd.exe78⤵
-
\??\c:\5jpjj.exec:\5jpjj.exe79⤵
-
\??\c:\rrrrfxr.exec:\rrrrfxr.exe80⤵
-
\??\c:\tnhbnn.exec:\tnhbnn.exe81⤵
-
\??\c:\nbbtnh.exec:\nbbtnh.exe82⤵
-
\??\c:\5pjdp.exec:\5pjdp.exe83⤵
-
\??\c:\9jjdd.exec:\9jjdd.exe84⤵
-
\??\c:\9lxlxfx.exec:\9lxlxfx.exe85⤵
-
\??\c:\nntbhb.exec:\nntbhb.exe86⤵
-
\??\c:\thhnht.exec:\thhnht.exe87⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe88⤵
-
\??\c:\1vvpd.exec:\1vvpd.exe89⤵
-
\??\c:\5xxrfxr.exec:\5xxrfxr.exe90⤵
-
\??\c:\3nnbtt.exec:\3nnbtt.exe91⤵
-
\??\c:\9hbtnn.exec:\9hbtnn.exe92⤵
-
\??\c:\jjdpd.exec:\jjdpd.exe93⤵
-
\??\c:\1fxrfxr.exec:\1fxrfxr.exe94⤵
-
\??\c:\xffxrrf.exec:\xffxrrf.exe95⤵
-
\??\c:\btbtbt.exec:\btbtbt.exe96⤵
-
\??\c:\btthtn.exec:\btthtn.exe97⤵
-
\??\c:\jpvjv.exec:\jpvjv.exe98⤵
-
\??\c:\lffxlfr.exec:\lffxlfr.exe99⤵
-
\??\c:\nbtbnn.exec:\nbtbnn.exe100⤵
-
\??\c:\nnnbht.exec:\nnnbht.exe101⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe102⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe103⤵
-
\??\c:\xrxllff.exec:\xrxllff.exe104⤵
-
\??\c:\htntnb.exec:\htntnb.exe105⤵
-
\??\c:\tthbbb.exec:\tthbbb.exe106⤵
-
\??\c:\pdjvd.exec:\pdjvd.exe107⤵
-
\??\c:\lfxlffx.exec:\lfxlffx.exe108⤵
-
\??\c:\lrxlxrf.exec:\lrxlxrf.exe109⤵
-
\??\c:\nhtbtb.exec:\nhtbtb.exe110⤵
-
\??\c:\tbhnnb.exec:\tbhnnb.exe111⤵
-
\??\c:\vddvv.exec:\vddvv.exe112⤵
-
\??\c:\lfxxfrx.exec:\lfxxfrx.exe113⤵
-
\??\c:\rrxrlfx.exec:\rrxrlfx.exe114⤵
-
\??\c:\9bbbtt.exec:\9bbbtt.exe115⤵
-
\??\c:\jdddv.exec:\jdddv.exe116⤵
-
\??\c:\5djvj.exec:\5djvj.exe117⤵
-
\??\c:\9xlfxlf.exec:\9xlfxlf.exe118⤵
-
\??\c:\ffrlllx.exec:\ffrlllx.exe119⤵
-
\??\c:\btnhbb.exec:\btnhbb.exe120⤵
-
\??\c:\tbbthh.exec:\tbbthh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-