Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
17/08/2024, 02:24
General
-
Target
4df053f3f442e606571bc49c6e6df030N.exe
-
Size
91KB
-
MD5
4df053f3f442e606571bc49c6e6df030
-
SHA1
9281627b280953325ab141d4420d3023761f8ac3
-
SHA256
82359b024bcebbf41b4e1a5109ecef6f171588c0c79a868a02cd1c62b9ce1072
-
SHA512
aadd71e6f216c0703352b44963721827bb90fc702e6000df21e07ea9022a307f76a379f7751afcd7455cb38ff8fa5db0271ffeebd0f9dfe0893ebfdfd639d01c
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIQIDyviFxx2hCtgIMLP9rBZaRBv:ymb3NkkiQ3mdBjFIVLd2hWZGreRCYBVl
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4df053f3f442e606571bc49c6e6df030N.exe"C:\Users\Admin\AppData\Local\Temp\4df053f3f442e606571bc49c6e6df030N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbnhb.exec:\ttbnhb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\48486.exec:\48486.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i226004.exec:\i226004.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0004606.exec:\0004606.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\082426.exec:\082426.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhbt.exec:\btnhbt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppjv.exec:\pppjv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a8004.exec:\a8004.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvjj.exec:\dpvjj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjv.exec:\vppjv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6428666.exec:\6428666.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8682660.exec:\8682660.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\26466.exec:\26466.exe14⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpdv.exec:\dvpdv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhtn.exec:\btnhtn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdp.exec:\vpjdp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrllxxr.exec:\xrllxxr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbht.exec:\hhhbht.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthnbh.exec:\nthnbh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\240280.exec:\240280.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\424448.exec:\424448.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httttt.exec:\httttt.exe23⤵
- Executes dropped EXE
-
\??\c:\rxfffff.exec:\rxfffff.exe24⤵
- Executes dropped EXE
-
\??\c:\jjddj.exec:\jjddj.exe25⤵
- Executes dropped EXE
-
\??\c:\842822.exec:\842822.exe26⤵
- Executes dropped EXE
-
\??\c:\m4262.exec:\m4262.exe27⤵
- Executes dropped EXE
-
\??\c:\g0044.exec:\g0044.exe28⤵
- Executes dropped EXE
-
\??\c:\bnnhbt.exec:\bnnhbt.exe29⤵
- Executes dropped EXE
-
\??\c:\40042.exec:\40042.exe30⤵
- Executes dropped EXE
-
\??\c:\xlfxfxr.exec:\xlfxfxr.exe31⤵
- Executes dropped EXE
-
\??\c:\1rrffxx.exec:\1rrffxx.exe32⤵
- Executes dropped EXE
-
\??\c:\68426.exec:\68426.exe33⤵
- Executes dropped EXE
-
\??\c:\vjjjj.exec:\vjjjj.exe34⤵
- Executes dropped EXE
-
\??\c:\42268.exec:\42268.exe35⤵
- Executes dropped EXE
-
\??\c:\hbbnth.exec:\hbbnth.exe36⤵
- Executes dropped EXE
-
\??\c:\488628.exec:\488628.exe37⤵
- Executes dropped EXE
-
\??\c:\pjpjd.exec:\pjpjd.exe38⤵
- Executes dropped EXE
-
\??\c:\o448606.exec:\o448606.exe39⤵
- Executes dropped EXE
-
\??\c:\602622.exec:\602622.exe40⤵
- Executes dropped EXE
-
\??\c:\0084002.exec:\0084002.exe41⤵
- Executes dropped EXE
-
\??\c:\9nhbtt.exec:\9nhbtt.exe42⤵
- Executes dropped EXE
-
\??\c:\fllxrlf.exec:\fllxrlf.exe43⤵
- Executes dropped EXE
-
\??\c:\02042.exec:\02042.exe44⤵
- Executes dropped EXE
-
\??\c:\8028660.exec:\8028660.exe45⤵
- Executes dropped EXE
-
\??\c:\dvvpp.exec:\dvvpp.exe46⤵
- Executes dropped EXE
-
\??\c:\822422.exec:\822422.exe47⤵
- Executes dropped EXE
-
\??\c:\8804826.exec:\8804826.exe48⤵
- Executes dropped EXE
-
\??\c:\pjpjd.exec:\pjpjd.exe49⤵
- Executes dropped EXE
-
\??\c:\22884.exec:\22884.exe50⤵
- Executes dropped EXE
-
\??\c:\2428604.exec:\2428604.exe51⤵
- Executes dropped EXE
-
\??\c:\o282604.exec:\o282604.exe52⤵
- Executes dropped EXE
-
\??\c:\8804266.exec:\8804266.exe53⤵
- Executes dropped EXE
-
\??\c:\646846.exec:\646846.exe54⤵
- Executes dropped EXE
-
\??\c:\vpvdj.exec:\vpvdj.exe55⤵
- Executes dropped EXE
-
\??\c:\5rlfrxx.exec:\5rlfrxx.exe56⤵
- Executes dropped EXE
-
\??\c:\662020.exec:\662020.exe57⤵
- Executes dropped EXE
-
\??\c:\5vpdv.exec:\5vpdv.exe58⤵
- Executes dropped EXE
-
\??\c:\tbbttb.exec:\tbbttb.exe59⤵
- Executes dropped EXE
-
\??\c:\68242.exec:\68242.exe60⤵
- Executes dropped EXE
-
\??\c:\xxlrlrl.exec:\xxlrlrl.exe61⤵
- Executes dropped EXE
-
\??\c:\bnnnbt.exec:\bnnnbt.exe62⤵
- Executes dropped EXE
-
\??\c:\2886426.exec:\2886426.exe63⤵
- Executes dropped EXE
-
\??\c:\ddjdv.exec:\ddjdv.exe64⤵
- Executes dropped EXE
-
\??\c:\86866.exec:\86866.exe65⤵
- Executes dropped EXE
-
\??\c:\040848.exec:\040848.exe66⤵
-
\??\c:\80602.exec:\80602.exe67⤵
-
\??\c:\o886608.exec:\o886608.exe68⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe69⤵
-
\??\c:\66604.exec:\66604.exe70⤵
-
\??\c:\88486.exec:\88486.exe71⤵
-
\??\c:\08000.exec:\08000.exe72⤵
-
\??\c:\48260.exec:\48260.exe73⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe74⤵
-
\??\c:\6622222.exec:\6622222.exe75⤵
-
\??\c:\tttttt.exec:\tttttt.exe76⤵
-
\??\c:\i068888.exec:\i068888.exe77⤵
-
\??\c:\e68406.exec:\e68406.exe78⤵
-
\??\c:\462448.exec:\462448.exe79⤵
-
\??\c:\vdvpj.exec:\vdvpj.exe80⤵
-
\??\c:\djdvv.exec:\djdvv.exe81⤵
-
\??\c:\4422880.exec:\4422880.exe82⤵
-
\??\c:\rllllll.exec:\rllllll.exe83⤵
-
\??\c:\llffrfl.exec:\llffrfl.exe84⤵
-
\??\c:\vpdvd.exec:\vpdvd.exe85⤵
-
\??\c:\7lrlxxf.exec:\7lrlxxf.exe86⤵
-
\??\c:\424820.exec:\424820.exe87⤵
-
\??\c:\8262604.exec:\8262604.exe88⤵
-
\??\c:\0022602.exec:\0022602.exe89⤵
-
\??\c:\fxxrlrl.exec:\fxxrlrl.exe90⤵
-
\??\c:\628264.exec:\628264.exe91⤵
-
\??\c:\3rlrxrx.exec:\3rlrxrx.exe92⤵
-
\??\c:\66604.exec:\66604.exe93⤵
-
\??\c:\jvpjv.exec:\jvpjv.exe94⤵
-
\??\c:\htbbtb.exec:\htbbtb.exe95⤵
- System Location Discovery: System Language Discovery
-
\??\c:\nnbnhb.exec:\nnbnhb.exe96⤵
-
\??\c:\08426.exec:\08426.exe97⤵
-
\??\c:\s2422.exec:\s2422.exe98⤵
-
\??\c:\5xfrrlr.exec:\5xfrrlr.exe99⤵
-
\??\c:\k04646.exec:\k04646.exe100⤵
-
\??\c:\840480.exec:\840480.exe101⤵
-
\??\c:\9vvpv.exec:\9vvpv.exe102⤵
-
\??\c:\624866.exec:\624866.exe103⤵
-
\??\c:\vpvjd.exec:\vpvjd.exe104⤵
-
\??\c:\nnnntb.exec:\nnnntb.exe105⤵
-
\??\c:\lflrfll.exec:\lflrfll.exe106⤵
-
\??\c:\jpppj.exec:\jpppj.exe107⤵
-
\??\c:\1rrlxrl.exec:\1rrlxrl.exe108⤵
-
\??\c:\ppjvp.exec:\ppjvp.exe109⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe110⤵
-
\??\c:\04048.exec:\04048.exe111⤵
-
\??\c:\9hbthb.exec:\9hbthb.exe112⤵
-
\??\c:\c482008.exec:\c482008.exe113⤵
-
\??\c:\pddvv.exec:\pddvv.exe114⤵
-
\??\c:\5jvjj.exec:\5jvjj.exe115⤵
-
\??\c:\2220826.exec:\2220826.exe116⤵
-
\??\c:\6866246.exec:\6866246.exe117⤵
-
\??\c:\5tnhtb.exec:\5tnhtb.exe118⤵
-
\??\c:\1jdvj.exec:\1jdvj.exe119⤵
-
\??\c:\2660000.exec:\2660000.exe120⤵
-
\??\c:\k28626.exec:\k28626.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-