Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
18/08/2024, 01:34
General
-
Target
1664e44118fc4de20b92e2ef0369aea0N.exe
-
Size
64KB
-
MD5
1664e44118fc4de20b92e2ef0369aea0
-
SHA1
73ce4e425a322f483aca437eb22c9a23cbb6027a
-
SHA256
871d914e10373c9ad2b0c827d66a10621da58ef5ce451396ba026f6d6c011ce2
-
SHA512
6d81f84e505a686d39d26db75307155aa7b54d058108a418324bd148225d45979daf48deeef81833f514b3aadc3707ee4d103d0a7f73c8eb31ffed0092080775
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzkzNh:ymb3NkkiQ3mdBjFIvlph
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 30 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 38 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1664e44118fc4de20b92e2ef0369aea0N.exe"C:\Users\Admin\AppData\Local\Temp\1664e44118fc4de20b92e2ef0369aea0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1ppdv.exec:\1ppdv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrlfxr.exec:\rxrlfxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hbnbt.exec:\1hbnbt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntbbn.exec:\nntbbn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjd.exec:\vppjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5htnhb.exec:\5htnhb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbbnh.exec:\tbbbnh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdvp.exec:\djdvp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrllrl.exec:\flrllrl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrfxrf.exec:\fxrfxrf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthbth.exec:\bthbth.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvddp.exec:\pvddp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjdp.exec:\dpjdp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntnnh.exec:\nntnnh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbbtn.exec:\nbbbtn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxxlff.exec:\frxxlff.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfffxrx.exec:\rfffxrx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhhhh.exec:\thhhhh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpjd.exec:\djpjd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpvp.exec:\ddpvp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrfxxx.exec:\lfrfxxx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvjj.exec:\vpvjj.exe23⤵
- Executes dropped EXE
-
\??\c:\jdpdv.exec:\jdpdv.exe24⤵
- Executes dropped EXE
-
\??\c:\rfxrrxr.exec:\rfxrrxr.exe25⤵
- Executes dropped EXE
-
\??\c:\nhtthn.exec:\nhtthn.exe26⤵
- Executes dropped EXE
-
\??\c:\hhtnhb.exec:\hhtnhb.exe27⤵
- Executes dropped EXE
-
\??\c:\dvpjd.exec:\dvpjd.exe28⤵
- Executes dropped EXE
-
\??\c:\xxxrffx.exec:\xxxrffx.exe29⤵
- Executes dropped EXE
-
\??\c:\nnttbt.exec:\nnttbt.exe30⤵
- Executes dropped EXE
-
\??\c:\nnnbbt.exec:\nnnbbt.exe31⤵
- Executes dropped EXE
-
\??\c:\vvvjv.exec:\vvvjv.exe32⤵
- Executes dropped EXE
-
\??\c:\fxxfrrr.exec:\fxxfrrr.exe33⤵
- Executes dropped EXE
-
\??\c:\ntnnnn.exec:\ntnnnn.exe34⤵
- Executes dropped EXE
-
\??\c:\vjjpv.exec:\vjjpv.exe35⤵
- Executes dropped EXE
-
\??\c:\vddpj.exec:\vddpj.exe36⤵
- Executes dropped EXE
-
\??\c:\rlfxrrl.exec:\rlfxrrl.exe37⤵
- Executes dropped EXE
-
\??\c:\9rlfffx.exec:\9rlfffx.exe38⤵
- Executes dropped EXE
-
\??\c:\bnnnbh.exec:\bnnnbh.exe39⤵
- Executes dropped EXE
-
\??\c:\jpvpd.exec:\jpvpd.exe40⤵
- Executes dropped EXE
-
\??\c:\7dvjv.exec:\7dvjv.exe41⤵
- Executes dropped EXE
-
\??\c:\frfrffr.exec:\frfrffr.exe42⤵
- Executes dropped EXE
-
\??\c:\rxrxrff.exec:\rxrxrff.exe43⤵
- Executes dropped EXE
-
\??\c:\htnhbb.exec:\htnhbb.exe44⤵
- Executes dropped EXE
-
\??\c:\hhnbtn.exec:\hhnbtn.exe45⤵
- Executes dropped EXE
-
\??\c:\1jvpp.exec:\1jvpp.exe46⤵
- Executes dropped EXE
-
\??\c:\pdjvj.exec:\pdjvj.exe47⤵
- Executes dropped EXE
-
\??\c:\flfrxrl.exec:\flfrxrl.exe48⤵
- Executes dropped EXE
-
\??\c:\frxxxff.exec:\frxxxff.exe49⤵
- Executes dropped EXE
-
\??\c:\btbntt.exec:\btbntt.exe50⤵
- Executes dropped EXE
-
\??\c:\5htnbt.exec:\5htnbt.exe51⤵
- Executes dropped EXE
-
\??\c:\ppvjd.exec:\ppvjd.exe52⤵
- Executes dropped EXE
-
\??\c:\ppdjj.exec:\ppdjj.exe53⤵
- Executes dropped EXE
-
\??\c:\1xxrffx.exec:\1xxrffx.exe54⤵
- Executes dropped EXE
-
\??\c:\nhnhhh.exec:\nhnhhh.exe55⤵
- Executes dropped EXE
-
\??\c:\5jjjv.exec:\5jjjv.exe56⤵
- Executes dropped EXE
-
\??\c:\jppjj.exec:\jppjj.exe57⤵
- Executes dropped EXE
-
\??\c:\xllxrlf.exec:\xllxrlf.exe58⤵
- Executes dropped EXE
-
\??\c:\rlfrfrf.exec:\rlfrfrf.exe59⤵
- Executes dropped EXE
-
\??\c:\5bnnnb.exec:\5bnnnb.exe60⤵
- Executes dropped EXE
-
\??\c:\5ttnbt.exec:\5ttnbt.exe61⤵
- Executes dropped EXE
-
\??\c:\jpppj.exec:\jpppj.exe62⤵
- Executes dropped EXE
-
\??\c:\vvpvp.exec:\vvpvp.exe63⤵
- Executes dropped EXE
-
\??\c:\lffrfxr.exec:\lffrfxr.exe64⤵
- Executes dropped EXE
-
\??\c:\tnbtbb.exec:\tnbtbb.exe65⤵
- Executes dropped EXE
-
\??\c:\thtnhb.exec:\thtnhb.exe66⤵
-
\??\c:\jvvjp.exec:\jvvjp.exe67⤵
-
\??\c:\dpdjp.exec:\dpdjp.exe68⤵
-
\??\c:\3llxrlx.exec:\3llxrlx.exe69⤵
-
\??\c:\lfxrllx.exec:\lfxrllx.exe70⤵
-
\??\c:\5btnhb.exec:\5btnhb.exe71⤵
-
\??\c:\tnbnbt.exec:\tnbnbt.exe72⤵
-
\??\c:\vdvvp.exec:\vdvvp.exe73⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vpvpd.exec:\vpvpd.exe74⤵
-
\??\c:\5lxllff.exec:\5lxllff.exe75⤵
-
\??\c:\xxrxrrl.exec:\xxrxrrl.exe76⤵
-
\??\c:\5ffxrlf.exec:\5ffxrlf.exe77⤵
-
\??\c:\ntbtnn.exec:\ntbtnn.exe78⤵
-
\??\c:\bbhbnh.exec:\bbhbnh.exe79⤵
-
\??\c:\1vvjj.exec:\1vvjj.exe80⤵
-
\??\c:\lxfrllx.exec:\lxfrllx.exe81⤵
-
\??\c:\7dpdp.exec:\7dpdp.exe82⤵
-
\??\c:\1dvjv.exec:\1dvjv.exe83⤵
-
\??\c:\lrrfxlf.exec:\lrrfxlf.exe84⤵
-
\??\c:\rllfxrl.exec:\rllfxrl.exe85⤵
-
\??\c:\tthhbt.exec:\tthhbt.exe86⤵
-
\??\c:\hnthtt.exec:\hnthtt.exe87⤵
-
\??\c:\ddpjp.exec:\ddpjp.exe88⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe89⤵
-
\??\c:\lxrrfll.exec:\lxrrfll.exe90⤵
-
\??\c:\lrlxfxx.exec:\lrlxfxx.exe91⤵
-
\??\c:\htnbnh.exec:\htnbnh.exe92⤵
-
\??\c:\tbttnh.exec:\tbttnh.exe93⤵
-
\??\c:\vjpdj.exec:\vjpdj.exe94⤵
-
\??\c:\pjjjp.exec:\pjjjp.exe95⤵
-
\??\c:\fxxrllf.exec:\fxxrllf.exe96⤵
-
\??\c:\bnhtbn.exec:\bnhtbn.exe97⤵
-
\??\c:\hbbnbt.exec:\hbbnbt.exe98⤵
-
\??\c:\7vdpp.exec:\7vdpp.exe99⤵
-
\??\c:\ffllxfr.exec:\ffllxfr.exe100⤵
-
\??\c:\rfxfxlr.exec:\rfxfxlr.exe101⤵
-
\??\c:\tntthh.exec:\tntthh.exe102⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe103⤵
-
\??\c:\3jjdp.exec:\3jjdp.exe104⤵
-
\??\c:\9ffrxrl.exec:\9ffrxrl.exe105⤵
-
\??\c:\tbttnh.exec:\tbttnh.exe106⤵
-
\??\c:\btnhnh.exec:\btnhnh.exe107⤵
- System Location Discovery: System Language Discovery
-
\??\c:\dpjdj.exec:\dpjdj.exe108⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe109⤵
-
\??\c:\rffrrlf.exec:\rffrrlf.exe110⤵
-
\??\c:\btbbnh.exec:\btbbnh.exe111⤵
-
\??\c:\ttbtnh.exec:\ttbtnh.exe112⤵
-
\??\c:\jvdvd.exec:\jvdvd.exe113⤵
-
\??\c:\xffrllf.exec:\xffrllf.exe114⤵
-
\??\c:\fxxrlfx.exec:\fxxrlfx.exe115⤵
-
\??\c:\tttbtn.exec:\tttbtn.exe116⤵
-
\??\c:\bbbnhb.exec:\bbbnhb.exe117⤵
-
\??\c:\5jjdj.exec:\5jjdj.exe118⤵
-
\??\c:\pjpdv.exec:\pjpdv.exe119⤵
-
\??\c:\rlrfrlx.exec:\rlrfrlx.exe120⤵
-
\??\c:\lfxlxxr.exec:\lfxlxxr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-