Analysis
-
max time kernel
119s -
max time network
116s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
21-08-2024 11:09
General
-
Target
8ac1ad16495beda8738c4b9a5938e2a0N.exe
-
Size
58KB
-
MD5
8ac1ad16495beda8738c4b9a5938e2a0
-
SHA1
4e95a7e3bdc33b21b3bffe176e31dea163f26b29
-
SHA256
f6dde091806c8e2c73bd1fb198615c6cb9fb1ab46668d9f4147d2256baa0eace
-
SHA512
2c313950783354f30399e3151949a22711981d9ffee467a530ade6de35351339b9cf6201830b97605e3948de1a984bd95912fb38eb19f5cac6e8f415ef9ef22e
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoAw:ymb3NkkiQ3mdBjFoh
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8ac1ad16495beda8738c4b9a5938e2a0N.exe"C:\Users\Admin\AppData\Local\Temp\8ac1ad16495beda8738c4b9a5938e2a0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdd.exec:\vvjdd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrfrl.exec:\ffrrfrl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxxxx.exec:\xrxxxxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnbhh.exec:\ntnbhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnhtb.exec:\hnnhtb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjpj.exec:\dvjpj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxxfxf.exec:\flxxfxf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjppp.exec:\vjppp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpjj.exec:\jjpjj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfflrx.exec:\frfflrx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthnnt.exec:\tthnnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttbbh.exec:\bttbbh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdjp.exec:\ppdjp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfffll.exec:\xxfffll.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3thntt.exec:\3thntt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7httbh.exec:\7httbh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jvvd.exec:\1jvvd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlllrr.exec:\xxlllrr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhnbh.exec:\hhhnbh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnntb.exec:\ttnntb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddpv.exec:\dddpv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxllffl.exec:\lxllffl.exe23⤵
- Executes dropped EXE
-
\??\c:\9bbbbh.exec:\9bbbbh.exe24⤵
- Executes dropped EXE
-
\??\c:\bnbbhn.exec:\bnbbhn.exe25⤵
- Executes dropped EXE
-
\??\c:\ppddv.exec:\ppddv.exe26⤵
- Executes dropped EXE
-
\??\c:\xfffrxx.exec:\xfffrxx.exe27⤵
- Executes dropped EXE
-
\??\c:\hnhhhh.exec:\hnhhhh.exe28⤵
- Executes dropped EXE
-
\??\c:\nhnnhb.exec:\nhnnhb.exe29⤵
- Executes dropped EXE
-
\??\c:\ppdpd.exec:\ppdpd.exe30⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rfrxfrr.exec:\rfrxfrr.exe31⤵
- Executes dropped EXE
-
\??\c:\lrxlrff.exec:\lrxlrff.exe32⤵
- Executes dropped EXE
-
\??\c:\nhthnb.exec:\nhthnb.exe33⤵
- Executes dropped EXE
-
\??\c:\ppjvv.exec:\ppjvv.exe34⤵
- Executes dropped EXE
-
\??\c:\xxxflxr.exec:\xxxflxr.exe35⤵
- Executes dropped EXE
-
\??\c:\lllflll.exec:\lllflll.exe36⤵
- Executes dropped EXE
-
\??\c:\btnnnt.exec:\btnnnt.exe37⤵
- Executes dropped EXE
-
\??\c:\hhbbtt.exec:\hhbbtt.exe38⤵
- Executes dropped EXE
-
\??\c:\jpddj.exec:\jpddj.exe39⤵
- Executes dropped EXE
-
\??\c:\fxlffll.exec:\fxlffll.exe40⤵
- Executes dropped EXE
-
\??\c:\rrxflrr.exec:\rrxflrr.exe41⤵
- Executes dropped EXE
-
\??\c:\nthtbh.exec:\nthtbh.exe42⤵
- Executes dropped EXE
-
\??\c:\jpvdd.exec:\jpvdd.exe43⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\jvddd.exec:\jvddd.exe44⤵
- Executes dropped EXE
-
\??\c:\9xffllf.exec:\9xffllf.exe45⤵
- Executes dropped EXE
-
\??\c:\rfllrxx.exec:\rfllrxx.exe46⤵
- Executes dropped EXE
-
\??\c:\ttbntb.exec:\ttbntb.exe47⤵
- Executes dropped EXE
-
\??\c:\jpjjj.exec:\jpjjj.exe48⤵
- Executes dropped EXE
-
\??\c:\ddjdv.exec:\ddjdv.exe49⤵
- Executes dropped EXE
-
\??\c:\rrxxfrr.exec:\rrxxfrr.exe50⤵
- Executes dropped EXE
-
\??\c:\frxflxf.exec:\frxflxf.exe51⤵
- Executes dropped EXE
-
\??\c:\bhhnhn.exec:\bhhnhn.exe52⤵
- Executes dropped EXE
-
\??\c:\pjvdd.exec:\pjvdd.exe53⤵
- Executes dropped EXE
-
\??\c:\3dppv.exec:\3dppv.exe54⤵
- Executes dropped EXE
-
\??\c:\rfxrrxr.exec:\rfxrrxr.exe55⤵
- Executes dropped EXE
-
\??\c:\hhnhbb.exec:\hhnhbb.exe56⤵
- Executes dropped EXE
-
\??\c:\hntbhn.exec:\hntbhn.exe57⤵
- Executes dropped EXE
-
\??\c:\pjjvj.exec:\pjjvj.exe58⤵
- Executes dropped EXE
-
\??\c:\pjppp.exec:\pjppp.exe59⤵
- Executes dropped EXE
-
\??\c:\flrxfrf.exec:\flrxfrf.exe60⤵
- Executes dropped EXE
-
\??\c:\1lfllrr.exec:\1lfllrr.exe61⤵
- Executes dropped EXE
-
\??\c:\hbhntb.exec:\hbhntb.exe62⤵
- Executes dropped EXE
-
\??\c:\bbtnht.exec:\bbtnht.exe63⤵
- Executes dropped EXE
-
\??\c:\ppddd.exec:\ppddd.exe64⤵
- Executes dropped EXE
-
\??\c:\ppjvd.exec:\ppjvd.exe65⤵
- Executes dropped EXE
-
\??\c:\llffxff.exec:\llffxff.exe66⤵
-
\??\c:\xfrrlrr.exec:\xfrrlrr.exe67⤵
-
\??\c:\nntttn.exec:\nntttn.exe68⤵
-
\??\c:\bnntnn.exec:\bnntnn.exe69⤵
-
\??\c:\ddddj.exec:\ddddj.exe70⤵
-
\??\c:\ppppd.exec:\ppppd.exe71⤵
-
\??\c:\flrfrfr.exec:\flrfrfr.exe72⤵
-
\??\c:\lrffrff.exec:\lrffrff.exe73⤵
-
\??\c:\bhbbbb.exec:\bhbbbb.exe74⤵
-
\??\c:\ttttbb.exec:\ttttbb.exe75⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe76⤵
-
\??\c:\vjpvv.exec:\vjpvv.exe77⤵
-
\??\c:\rlrrrll.exec:\rlrrrll.exe78⤵
-
\??\c:\fffxxxx.exec:\fffxxxx.exe79⤵
-
\??\c:\hbhbbb.exec:\hbhbbb.exe80⤵
-
\??\c:\nhnttt.exec:\nhnttt.exe81⤵
-
\??\c:\jdppp.exec:\jdppp.exe82⤵
-
\??\c:\vvjjp.exec:\vvjjp.exe83⤵
-
\??\c:\xfxxxfx.exec:\xfxxxfx.exe84⤵
-
\??\c:\fxllllr.exec:\fxllllr.exe85⤵
-
\??\c:\nbhbbb.exec:\nbhbbb.exe86⤵
-
\??\c:\nnbtbb.exec:\nnbtbb.exe87⤵
-
\??\c:\1rllrxl.exec:\1rllrxl.exe88⤵
-
\??\c:\xrrfxll.exec:\xrrfxll.exe89⤵
-
\??\c:\lrrxrxl.exec:\lrrxrxl.exe90⤵
-
\??\c:\nthnbb.exec:\nthnbb.exe91⤵
-
\??\c:\htnhhb.exec:\htnhhb.exe92⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe93⤵
-
\??\c:\lfrrxrx.exec:\lfrrxrx.exe94⤵
-
\??\c:\llllxxl.exec:\llllxxl.exe95⤵
-
\??\c:\bbbnhn.exec:\bbbnhn.exe96⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe97⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe98⤵
-
\??\c:\rrlfxrx.exec:\rrlfxrx.exe99⤵
-
\??\c:\ntnthn.exec:\ntnthn.exe100⤵
-
\??\c:\bnttth.exec:\bnttth.exe101⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe102⤵
-
\??\c:\vdjvv.exec:\vdjvv.exe103⤵
-
\??\c:\xxflrff.exec:\xxflrff.exe104⤵
-
\??\c:\hnntbh.exec:\hnntbh.exe105⤵
-
\??\c:\vdjvv.exec:\vdjvv.exe106⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xflrflr.exec:\xflrflr.exe107⤵
-
\??\c:\rrxlxxx.exec:\rrxlxxx.exe108⤵
-
\??\c:\ntbttt.exec:\ntbttt.exe109⤵
-
\??\c:\3pjdp.exec:\3pjdp.exe110⤵
-
\??\c:\vvvjv.exec:\vvvjv.exe111⤵
-
\??\c:\rrfrxff.exec:\rrfrxff.exe112⤵
-
\??\c:\hhnnhn.exec:\hhnnhn.exe113⤵
-
\??\c:\hthbtb.exec:\hthbtb.exe114⤵
-
\??\c:\vvdvv.exec:\vvdvv.exe115⤵
-
\??\c:\jpvvv.exec:\jpvvv.exe116⤵
-
\??\c:\fffffff.exec:\fffffff.exe117⤵
-
\??\c:\llxxllf.exec:\llxxllf.exe118⤵
-
\??\c:\3ttttb.exec:\3ttttb.exe119⤵
-
\??\c:\tthhhn.exec:\tthhhn.exe120⤵
-
\??\c:\thbbhh.exec:\thbbhh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-