Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
20/08/2024, 15:29
General
-
Target
70e7a051757034b3c306a5eac4858aa0N.exe
-
Size
65KB
-
MD5
70e7a051757034b3c306a5eac4858aa0
-
SHA1
85f0a36298adf7791ab821bd209f2ba7a8dc7d73
-
SHA256
35755f7890b5df86fa3c9e0faa2114fd5e1820fc13e62939e5d8799cac7f7eb0
-
SHA512
2d1ec7ae16eb49ebc56a242bb87241664931568b7a2144785013afe7ccad78f983781873ee5701fbd9aa9db7a03917c787c3387efe1faad940f5f4c43938b310
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI9L27Bqf1:ymb3NkkiQ3mdBjFI9cqf1
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 36 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\70e7a051757034b3c306a5eac4858aa0N.exe"C:\Users\Admin\AppData\Local\Temp\70e7a051757034b3c306a5eac4858aa0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdj.exec:\jdjdj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nbbtt.exec:\9nbbtt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntntbh.exec:\ntntbh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvvv.exec:\vpvvv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlrlrx.exec:\rrlrlrx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbhtn.exec:\htbhtn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffllll.exec:\fffllll.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxfxff.exec:\rxxfxff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnntt.exec:\bhnntt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppppp.exec:\ppppp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrxfr.exec:\rrrrxfr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrfffl.exec:\lfrfffl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhtbn.exec:\thhtbn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvvj.exec:\ddvvj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrlrxx.exec:\ffrlrxx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrllf.exec:\rxxrllf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhttb.exec:\hnhttb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjjv.exec:\pvjjv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pppp.exec:\1pppp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxflrx.exec:\xxxflrx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5llxxxf.exec:\5llxxxf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nhtbt.exec:\7nhtbt.exe23⤵
- Executes dropped EXE
-
\??\c:\pjvpj.exec:\pjvpj.exe24⤵
- Executes dropped EXE
-
\??\c:\fffffrr.exec:\fffffrr.exe25⤵
- Executes dropped EXE
-
\??\c:\rfrxlrl.exec:\rfrxlrl.exe26⤵
- Executes dropped EXE
-
\??\c:\ntnnhn.exec:\ntnnhn.exe27⤵
- Executes dropped EXE
-
\??\c:\1vddv.exec:\1vddv.exe28⤵
- Executes dropped EXE
-
\??\c:\vvjjp.exec:\vvjjp.exe29⤵
- Executes dropped EXE
-
\??\c:\xrflrlr.exec:\xrflrlr.exe30⤵
- Executes dropped EXE
-
\??\c:\7ttnnn.exec:\7ttnnn.exe31⤵
- Executes dropped EXE
-
\??\c:\pjjjj.exec:\pjjjj.exe32⤵
- Executes dropped EXE
-
\??\c:\fxllllr.exec:\fxllllr.exe33⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\bbhnnt.exec:\bbhnnt.exe34⤵
- Executes dropped EXE
-
\??\c:\hntbtb.exec:\hntbtb.exe35⤵
- Executes dropped EXE
-
\??\c:\bnbbhh.exec:\bnbbhh.exe36⤵
- Executes dropped EXE
-
\??\c:\jvpjp.exec:\jvpjp.exe37⤵
- Executes dropped EXE
-
\??\c:\ddvdj.exec:\ddvdj.exe38⤵
- Executes dropped EXE
-
\??\c:\3frxxfx.exec:\3frxxfx.exe39⤵
- Executes dropped EXE
-
\??\c:\frllxff.exec:\frllxff.exe40⤵
- Executes dropped EXE
-
\??\c:\bhhhhb.exec:\bhhhhb.exe41⤵
- Executes dropped EXE
-
\??\c:\bbbnhb.exec:\bbbnhb.exe42⤵
- Executes dropped EXE
-
\??\c:\htbbtb.exec:\htbbtb.exe43⤵
- Executes dropped EXE
-
\??\c:\3jvvp.exec:\3jvvp.exe44⤵
- Executes dropped EXE
-
\??\c:\djvdd.exec:\djvdd.exe45⤵
- Executes dropped EXE
-
\??\c:\1lxxrxf.exec:\1lxxrxf.exe46⤵
- Executes dropped EXE
-
\??\c:\llflrfl.exec:\llflrfl.exe47⤵
- Executes dropped EXE
-
\??\c:\htttbh.exec:\htttbh.exe48⤵
- Executes dropped EXE
-
\??\c:\3bhnth.exec:\3bhnth.exe49⤵
- Executes dropped EXE
-
\??\c:\vdpvd.exec:\vdpvd.exe50⤵
- Executes dropped EXE
-
\??\c:\vvjjj.exec:\vvjjj.exe51⤵
- Executes dropped EXE
-
\??\c:\1xxrrrf.exec:\1xxrrrf.exe52⤵
- Executes dropped EXE
-
\??\c:\xlxxxfl.exec:\xlxxxfl.exe53⤵
- Executes dropped EXE
-
\??\c:\hbbhnb.exec:\hbbhnb.exe54⤵
- Executes dropped EXE
-
\??\c:\7hbbth.exec:\7hbbth.exe55⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe56⤵
- Executes dropped EXE
-
\??\c:\djppp.exec:\djppp.exe57⤵
- Executes dropped EXE
-
\??\c:\rxffflr.exec:\rxffflr.exe58⤵
- Executes dropped EXE
-
\??\c:\rlxxxff.exec:\rlxxxff.exe59⤵
- Executes dropped EXE
-
\??\c:\nbhbhn.exec:\nbhbhn.exe60⤵
- Executes dropped EXE
-
\??\c:\tbtnhb.exec:\tbtnhb.exe61⤵
- Executes dropped EXE
-
\??\c:\hbtnhh.exec:\hbtnhh.exe62⤵
- Executes dropped EXE
-
\??\c:\pdvvp.exec:\pdvvp.exe63⤵
- Executes dropped EXE
-
\??\c:\pvdjd.exec:\pvdjd.exe64⤵
- Executes dropped EXE
-
\??\c:\flxfrfr.exec:\flxfrfr.exe65⤵
- Executes dropped EXE
-
\??\c:\rxxfflr.exec:\rxxfflr.exe66⤵
-
\??\c:\nnttth.exec:\nnttth.exe67⤵
-
\??\c:\7httnt.exec:\7httnt.exe68⤵
-
\??\c:\vdvvv.exec:\vdvvv.exe69⤵
-
\??\c:\vvdvp.exec:\vvdvp.exe70⤵
-
\??\c:\xlxxxff.exec:\xlxxxff.exe71⤵
-
\??\c:\rrflrxf.exec:\rrflrxf.exe72⤵
-
\??\c:\hbnttb.exec:\hbnttb.exe73⤵
-
\??\c:\tbhbhh.exec:\tbhbhh.exe74⤵
-
\??\c:\ddvvv.exec:\ddvvv.exe75⤵
-
\??\c:\9ppvv.exec:\9ppvv.exe76⤵
-
\??\c:\lxfflxl.exec:\lxfflxl.exe77⤵
-
\??\c:\xlffllx.exec:\xlffllx.exe78⤵
-
\??\c:\tthhhh.exec:\tthhhh.exe79⤵
-
\??\c:\jddvd.exec:\jddvd.exe80⤵
-
\??\c:\jjpjv.exec:\jjpjv.exe81⤵
-
\??\c:\xlxxlll.exec:\xlxxlll.exe82⤵
-
\??\c:\rxxrlfx.exec:\rxxrlfx.exe83⤵
-
\??\c:\hbhhhn.exec:\hbhhhn.exe84⤵
-
\??\c:\dvjpj.exec:\dvjpj.exe85⤵
-
\??\c:\lllrlll.exec:\lllrlll.exe86⤵
-
\??\c:\lflfxxr.exec:\lflfxxr.exe87⤵
-
\??\c:\nnhhbh.exec:\nnhhbh.exe88⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe89⤵
-
\??\c:\pvppp.exec:\pvppp.exe90⤵
-
\??\c:\ffrfflr.exec:\ffrfflr.exe91⤵
-
\??\c:\rlrrrxx.exec:\rlrrrxx.exe92⤵
-
\??\c:\bhbnbt.exec:\bhbnbt.exe93⤵
-
\??\c:\tntnbb.exec:\tntnbb.exe94⤵
-
\??\c:\vpppp.exec:\vpppp.exe95⤵
-
\??\c:\vdjjj.exec:\vdjjj.exe96⤵
-
\??\c:\3xfxxxx.exec:\3xfxxxx.exe97⤵
-
\??\c:\9tnhbh.exec:\9tnhbh.exe98⤵
-
\??\c:\thhtth.exec:\thhtth.exe99⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe100⤵
-
\??\c:\3jppv.exec:\3jppv.exe101⤵
-
\??\c:\rrxfffl.exec:\rrxfffl.exe102⤵
-
\??\c:\rrxxflx.exec:\rrxxflx.exe103⤵
-
\??\c:\hnhbbn.exec:\hnhbbn.exe104⤵
-
\??\c:\btttbb.exec:\btttbb.exe105⤵
-
\??\c:\pdvdj.exec:\pdvdj.exe106⤵
-
\??\c:\pjddv.exec:\pjddv.exe107⤵
-
\??\c:\frffffr.exec:\frffffr.exe108⤵
-
\??\c:\fffxxll.exec:\fffxxll.exe109⤵
-
\??\c:\thttbh.exec:\thttbh.exe110⤵
-
\??\c:\jjpdd.exec:\jjpdd.exe111⤵
-
\??\c:\xxrlxff.exec:\xxrlxff.exe112⤵
-
\??\c:\btnbbt.exec:\btnbbt.exe113⤵
-
\??\c:\jjjjv.exec:\jjjjv.exe114⤵
-
\??\c:\jpvdj.exec:\jpvdj.exe115⤵
-
\??\c:\rxffrrl.exec:\rxffrrl.exe116⤵
-
\??\c:\fxlrxfl.exec:\fxlrxfl.exe117⤵
-
\??\c:\hbbtbb.exec:\hbbtbb.exe118⤵
-
\??\c:\hhnnnn.exec:\hhnnnn.exe119⤵
-
\??\c:\ppdjd.exec:\ppdjd.exe120⤵
-
\??\c:\pvpdv.exec:\pvpdv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-