Analysis
-
max time kernel
120s -
max time network
114s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
17-08-2024 15:00
General
-
Target
85b079444830291d05cee2f07303fcb0N.exe
-
Size
94KB
-
MD5
85b079444830291d05cee2f07303fcb0
-
SHA1
09c73299b8d3dfd0ad4ae34c2e129d08c54b18ed
-
SHA256
f18474547c14b5bfb35a63a3b33f62f2eaf59d9753941f7f34ee9f15b537185a
-
SHA512
89737d9d4cc6ac0663f49ffda9e8196507636cce65c19d82810bfda305ab6f9d0229a74bf80c03efdef381fcbe8988f9e5344aad0b76998b547834458b5df38b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxS1rj/2C1:ymb3NkkiQ3mdBjFo73PYP1lri3K8Gwr
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\85b079444830291d05cee2f07303fcb0N.exe"C:\Users\Admin\AppData\Local\Temp\85b079444830291d05cee2f07303fcb0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnhh.exec:\bntnhh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvpd.exec:\jpvpd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflfxrl.exec:\xflfxrl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbthh.exec:\hhbthh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvpj.exec:\vvvpj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrllrfl.exec:\rrllrfl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nttnn.exec:\1nttnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbthh.exec:\tnbthh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pvpv.exec:\7pvpv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lllfff.exec:\3lllfff.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntbbb.exec:\tntbbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvj.exec:\jvdvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfxrlf.exec:\xxfxrlf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbnh.exec:\nhhbnh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnhhb.exec:\htnhhb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vdvp.exec:\1vdvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllflrr.exec:\xllflrr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflfxlf.exec:\xflfxlf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hnhbb.exec:\9hnhbb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvj.exec:\pjdvj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjvp.exec:\pdjvp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfxllf.exec:\xxfxllf.exe23⤵
- Executes dropped EXE
-
\??\c:\vpdpj.exec:\vpdpj.exe24⤵
- Executes dropped EXE
-
\??\c:\vvjdj.exec:\vvjdj.exe25⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\lffxfff.exec:\lffxfff.exe26⤵
- Executes dropped EXE
-
\??\c:\bthbtt.exec:\bthbtt.exe27⤵
- Executes dropped EXE
-
\??\c:\5nhbtt.exec:\5nhbtt.exe28⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe29⤵
- Executes dropped EXE
-
\??\c:\lrxxrrl.exec:\lrxxrrl.exe30⤵
- Executes dropped EXE
-
\??\c:\bttbnt.exec:\bttbnt.exe31⤵
- Executes dropped EXE
-
\??\c:\ppjdv.exec:\ppjdv.exe32⤵
- Executes dropped EXE
-
\??\c:\jvvjv.exec:\jvvjv.exe33⤵
- Executes dropped EXE
-
\??\c:\fflflff.exec:\fflflff.exe34⤵
- Executes dropped EXE
-
\??\c:\tnnntn.exec:\tnnntn.exe35⤵
- Executes dropped EXE
-
\??\c:\bbhtnh.exec:\bbhtnh.exe36⤵
- Executes dropped EXE
-
\??\c:\pddpd.exec:\pddpd.exe37⤵
- Executes dropped EXE
-
\??\c:\jdpjv.exec:\jdpjv.exe38⤵
- Executes dropped EXE
-
\??\c:\lllfrrl.exec:\lllfrrl.exe39⤵
- Executes dropped EXE
-
\??\c:\lxxrffx.exec:\lxxrffx.exe40⤵
- Executes dropped EXE
-
\??\c:\nnbbnh.exec:\nnbbnh.exe41⤵
- Executes dropped EXE
-
\??\c:\vvjjp.exec:\vvjjp.exe42⤵
- Executes dropped EXE
-
\??\c:\5pvvd.exec:\5pvvd.exe43⤵
- Executes dropped EXE
-
\??\c:\hhhhbt.exec:\hhhhbt.exe44⤵
- Executes dropped EXE
-
\??\c:\ppjjv.exec:\ppjjv.exe45⤵
- Executes dropped EXE
-
\??\c:\ddvpj.exec:\ddvpj.exe46⤵
- Executes dropped EXE
-
\??\c:\lxxrllf.exec:\lxxrllf.exe47⤵
- Executes dropped EXE
-
\??\c:\nhhbtt.exec:\nhhbtt.exe48⤵
- Executes dropped EXE
-
\??\c:\bhnhbb.exec:\bhnhbb.exe49⤵
- Executes dropped EXE
-
\??\c:\pjdvv.exec:\pjdvv.exe50⤵
- Executes dropped EXE
-
\??\c:\3ppjv.exec:\3ppjv.exe51⤵
- Executes dropped EXE
-
\??\c:\rlffllr.exec:\rlffllr.exe52⤵
- Executes dropped EXE
-
\??\c:\fflffxl.exec:\fflffxl.exe53⤵
- Executes dropped EXE
-
\??\c:\nhtntt.exec:\nhtntt.exe54⤵
- Executes dropped EXE
-
\??\c:\7bbthh.exec:\7bbthh.exe55⤵
- Executes dropped EXE
-
\??\c:\ppdvv.exec:\ppdvv.exe56⤵
- Executes dropped EXE
-
\??\c:\dpvdv.exec:\dpvdv.exe57⤵
- Executes dropped EXE
-
\??\c:\1ffxrrl.exec:\1ffxrrl.exe58⤵
- Executes dropped EXE
-
\??\c:\1hbbhh.exec:\1hbbhh.exe59⤵
- Executes dropped EXE
-
\??\c:\ntbttt.exec:\ntbttt.exe60⤵
- Executes dropped EXE
-
\??\c:\1vvpj.exec:\1vvpj.exe61⤵
- Executes dropped EXE
-
\??\c:\9ppdv.exec:\9ppdv.exe62⤵
- Executes dropped EXE
-
\??\c:\lxrlfrx.exec:\lxrlfrx.exe63⤵
- Executes dropped EXE
-
\??\c:\lllfxxr.exec:\lllfxxr.exe64⤵
- Executes dropped EXE
-
\??\c:\5btnnt.exec:\5btnnt.exe65⤵
- Executes dropped EXE
-
\??\c:\hthbnn.exec:\hthbnn.exe66⤵
-
\??\c:\3jjjv.exec:\3jjjv.exe67⤵
-
\??\c:\vppdp.exec:\vppdp.exe68⤵
- System Location Discovery: System Language Discovery
-
\??\c:\3rfxrrf.exec:\3rfxrrf.exe69⤵
-
\??\c:\rfxxxlr.exec:\rfxxxlr.exe70⤵
-
\??\c:\bnnhbt.exec:\bnnhbt.exe71⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe72⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe73⤵
-
\??\c:\rfxrxrr.exec:\rfxrxrr.exe74⤵
-
\??\c:\xlllrrf.exec:\xlllrrf.exe75⤵
-
\??\c:\thhtnh.exec:\thhtnh.exe76⤵
-
\??\c:\bbtttt.exec:\bbtttt.exe77⤵
-
\??\c:\dpvvj.exec:\dpvvj.exe78⤵
-
\??\c:\lrfrffx.exec:\lrfrffx.exe79⤵
-
\??\c:\fxrrxxl.exec:\fxrrxxl.exe80⤵
-
\??\c:\thhhbb.exec:\thhhbb.exe81⤵
-
\??\c:\nntthh.exec:\nntthh.exe82⤵
-
\??\c:\ppvpj.exec:\ppvpj.exe83⤵
-
\??\c:\jppdp.exec:\jppdp.exe84⤵
-
\??\c:\rllfxrl.exec:\rllfxrl.exe85⤵
-
\??\c:\5lfxrxr.exec:\5lfxrxr.exe86⤵
-
\??\c:\tnhbbb.exec:\tnhbbb.exe87⤵
-
\??\c:\hhnhbb.exec:\hhnhbb.exe88⤵
-
\??\c:\pvdvj.exec:\pvdvj.exe89⤵
-
\??\c:\9rrrfff.exec:\9rrrfff.exe90⤵
-
\??\c:\rxfxrrl.exec:\rxfxrrl.exe91⤵
-
\??\c:\bntthh.exec:\bntthh.exe92⤵
-
\??\c:\bnnhbt.exec:\bnnhbt.exe93⤵
-
\??\c:\jpppp.exec:\jpppp.exe94⤵
-
\??\c:\jvdpj.exec:\jvdpj.exe95⤵
-
\??\c:\xrffrrr.exec:\xrffrrr.exe96⤵
-
\??\c:\5hhnhn.exec:\5hhnhn.exe97⤵
-
\??\c:\pvdvj.exec:\pvdvj.exe98⤵
-
\??\c:\rlxfxrr.exec:\rlxfxrr.exe99⤵
-
\??\c:\hhhhhh.exec:\hhhhhh.exe100⤵
-
\??\c:\5btnbb.exec:\5btnbb.exe101⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe102⤵
-
\??\c:\lfxrlll.exec:\lfxrlll.exe103⤵
-
\??\c:\rlffrrx.exec:\rlffrrx.exe104⤵
-
\??\c:\1tbbbb.exec:\1tbbbb.exe105⤵
-
\??\c:\tntnnh.exec:\tntnnh.exe106⤵
-
\??\c:\jddvv.exec:\jddvv.exe107⤵
-
\??\c:\dppvj.exec:\dppvj.exe108⤵
-
\??\c:\rfxrxrl.exec:\rfxrxrl.exe109⤵
-
\??\c:\bbbtnt.exec:\bbbtnt.exe110⤵
-
\??\c:\nhhbnn.exec:\nhhbnn.exe111⤵
-
\??\c:\dpdvp.exec:\dpdvp.exe112⤵
-
\??\c:\fxfxrlr.exec:\fxfxrlr.exe113⤵
-
\??\c:\tnbhhb.exec:\tnbhhb.exe114⤵
-
\??\c:\5djvj.exec:\5djvj.exe115⤵
-
\??\c:\jddvp.exec:\jddvp.exe116⤵
-
\??\c:\rrxrfxr.exec:\rrxrfxr.exe117⤵
-
\??\c:\lxrlllf.exec:\lxrlllf.exe118⤵
-
\??\c:\tthbhb.exec:\tthbhb.exe119⤵
-
\??\c:\jdvpv.exec:\jdvpv.exe120⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-