Analysis
-
max time kernel
120s -
max time network
114s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
21/08/2024, 14:21
General
-
Target
daa38c5425a152ed2629c15d7d8a0620N.exe
-
Size
123KB
-
MD5
daa38c5425a152ed2629c15d7d8a0620
-
SHA1
2ea2d0b8ebfa7f66992faba82abec3b7e5ff4e4b
-
SHA256
4d75e56cf9ee9cf345ba509f02d9f8b1ce381f235028f25d94721acfbf8f82fb
-
SHA512
b6980345a8d86298c656a01701bdf1e507b6b208d8aeddbbcaf887a22734ae8e9d034d15214524372126c0000257cfead9253c125eec70dfb38f8fa797809e12
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDomRGApSuLAR2yPBCQ1nDFu1Q8so:ymb3NkkiQ3mdBjFomR7UsyJC+n0Gsgcb
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\daa38c5425a152ed2629c15d7d8a0620N.exe"C:\Users\Admin\AppData\Local\Temp\daa38c5425a152ed2629c15d7d8a0620N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdvp.exec:\pvdvp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrlffx.exec:\rlrlffx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbntn.exec:\nhbntn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbtnn.exec:\htbtnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjj.exec:\dvpjj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffrxxf.exec:\rffrxxf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbhtt.exec:\nbbhtt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttbhn.exec:\bttbhn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxllxll.exec:\lxllxll.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrxrfl.exec:\ffrxrfl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhntn.exec:\tbhntn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpj.exec:\jvvpj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrllll.exec:\xlrllll.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbtbh.exec:\htbtbh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnhbt.exec:\ttnhbt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjj.exec:\vjpjj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlfxlf.exec:\frlfxlf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnhnh.exec:\ttnhnh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pjdd.exec:\3pjdd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpjv.exec:\jvpjv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrffxr.exec:\ffrffxr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbtbb.exec:\ntbtbb.exe23⤵
- Executes dropped EXE
-
\??\c:\jpjjp.exec:\jpjjp.exe24⤵
- Executes dropped EXE
-
\??\c:\fllfxxx.exec:\fllfxxx.exe25⤵
- Executes dropped EXE
-
\??\c:\thhthh.exec:\thhthh.exe26⤵
- Executes dropped EXE
-
\??\c:\pvvpj.exec:\pvvpj.exe27⤵
- Executes dropped EXE
-
\??\c:\llxrrxf.exec:\llxrrxf.exe28⤵
- Executes dropped EXE
-
\??\c:\htbhtb.exec:\htbhtb.exe29⤵
- Executes dropped EXE
-
\??\c:\vpppj.exec:\vpppj.exe30⤵
- Executes dropped EXE
-
\??\c:\1xllflr.exec:\1xllflr.exe31⤵
- Executes dropped EXE
-
\??\c:\frllflr.exec:\frllflr.exe32⤵
- Executes dropped EXE
-
\??\c:\tnnhnn.exec:\tnnhnn.exe33⤵
- Executes dropped EXE
-
\??\c:\jjvpv.exec:\jjvpv.exe34⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe35⤵
- Executes dropped EXE
-
\??\c:\xlxrllx.exec:\xlxrllx.exe36⤵
- Executes dropped EXE
-
\??\c:\xlrffrr.exec:\xlrffrr.exe37⤵
- Executes dropped EXE
-
\??\c:\hhhnnb.exec:\hhhnnb.exe38⤵
- Executes dropped EXE
-
\??\c:\btnhbb.exec:\btnhbb.exe39⤵
- Executes dropped EXE
-
\??\c:\pjppd.exec:\pjppd.exe40⤵
- Executes dropped EXE
-
\??\c:\xrflllf.exec:\xrflllf.exe41⤵
- Executes dropped EXE
-
\??\c:\xrfrllf.exec:\xrfrllf.exe42⤵
- Executes dropped EXE
-
\??\c:\bttnhn.exec:\bttnhn.exe43⤵
- Executes dropped EXE
-
\??\c:\nbbnbt.exec:\nbbnbt.exe44⤵
- Executes dropped EXE
-
\??\c:\jpppp.exec:\jpppp.exe45⤵
- Executes dropped EXE
-
\??\c:\rffxxxr.exec:\rffxxxr.exe46⤵
- Executes dropped EXE
-
\??\c:\fxrxrff.exec:\fxrxrff.exe47⤵
- Executes dropped EXE
-
\??\c:\5bhbhh.exec:\5bhbhh.exe48⤵
- Executes dropped EXE
-
\??\c:\bntntn.exec:\bntntn.exe49⤵
- Executes dropped EXE
-
\??\c:\jvddv.exec:\jvddv.exe50⤵
- Executes dropped EXE
-
\??\c:\ppdvj.exec:\ppdvj.exe51⤵
- Executes dropped EXE
-
\??\c:\llfxllf.exec:\llfxllf.exe52⤵
- Executes dropped EXE
-
\??\c:\xfxrllf.exec:\xfxrllf.exe53⤵
- Executes dropped EXE
-
\??\c:\bttnht.exec:\bttnht.exe54⤵
- Executes dropped EXE
-
\??\c:\hbnhbb.exec:\hbnhbb.exe55⤵
- Executes dropped EXE
-
\??\c:\jddpd.exec:\jddpd.exe56⤵
- Executes dropped EXE
-
\??\c:\rrrlfll.exec:\rrrlfll.exe57⤵
- Executes dropped EXE
-
\??\c:\rxllffx.exec:\rxllffx.exe58⤵
- Executes dropped EXE
-
\??\c:\hhbbtt.exec:\hhbbtt.exe59⤵
- Executes dropped EXE
-
\??\c:\hhttbb.exec:\hhttbb.exe60⤵
- Executes dropped EXE
-
\??\c:\jjjdd.exec:\jjjdd.exe61⤵
- Executes dropped EXE
-
\??\c:\djjdd.exec:\djjdd.exe62⤵
- Executes dropped EXE
-
\??\c:\llrlfxr.exec:\llrlfxr.exe63⤵
- Executes dropped EXE
-
\??\c:\lffrllf.exec:\lffrllf.exe64⤵
- Executes dropped EXE
-
\??\c:\hntnhb.exec:\hntnhb.exe65⤵
- Executes dropped EXE
-
\??\c:\7tbthh.exec:\7tbthh.exe66⤵
-
\??\c:\vjvjj.exec:\vjvjj.exe67⤵
-
\??\c:\xllfxxr.exec:\xllfxxr.exe68⤵
-
\??\c:\flllffr.exec:\flllffr.exe69⤵
-
\??\c:\bbhbtn.exec:\bbhbtn.exe70⤵
-
\??\c:\tntnhb.exec:\tntnhb.exe71⤵
-
\??\c:\9dpdv.exec:\9dpdv.exe72⤵
-
\??\c:\xflfrrl.exec:\xflfrrl.exe73⤵
-
\??\c:\rfrlffx.exec:\rfrlffx.exe74⤵
-
\??\c:\1bhtnt.exec:\1bhtnt.exe75⤵
-
\??\c:\dpdvp.exec:\dpdvp.exe76⤵
-
\??\c:\jjppj.exec:\jjppj.exe77⤵
-
\??\c:\xrrlllx.exec:\xrrlllx.exe78⤵
-
\??\c:\ttntnt.exec:\ttntnt.exe79⤵
-
\??\c:\pvvpp.exec:\pvvpp.exe80⤵
-
\??\c:\5pjjj.exec:\5pjjj.exe81⤵
-
\??\c:\xxrxrff.exec:\xxrxrff.exe82⤵
-
\??\c:\btbnnh.exec:\btbnnh.exe83⤵
-
\??\c:\pvjdv.exec:\pvjdv.exe84⤵
-
\??\c:\jjpvv.exec:\jjpvv.exe85⤵
-
\??\c:\rrllxxx.exec:\rrllxxx.exe86⤵
-
\??\c:\rxllffx.exec:\rxllffx.exe87⤵
-
\??\c:\nhbbtt.exec:\nhbbtt.exe88⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe89⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe90⤵
-
\??\c:\xxrlxxr.exec:\xxrlxxr.exe91⤵
-
\??\c:\nbttnn.exec:\nbttnn.exe92⤵
-
\??\c:\ntbtnn.exec:\ntbtnn.exe93⤵
-
\??\c:\dvpvp.exec:\dvpvp.exe94⤵
-
\??\c:\jpddd.exec:\jpddd.exe95⤵
-
\??\c:\xlrllrl.exec:\xlrllrl.exe96⤵
-
\??\c:\tnnntt.exec:\tnnntt.exe97⤵
-
\??\c:\bnnbbt.exec:\bnnbbt.exe98⤵
-
\??\c:\djjdv.exec:\djjdv.exe99⤵
-
\??\c:\vdpdd.exec:\vdpdd.exe100⤵
-
\??\c:\lflfrrl.exec:\lflfrrl.exe101⤵
-
\??\c:\ffflfrx.exec:\ffflfrx.exe102⤵
-
\??\c:\thtntt.exec:\thtntt.exe103⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe104⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jjjdp.exec:\jjjdp.exe105⤵
-
\??\c:\rfxrlfx.exec:\rfxrlfx.exe106⤵
-
\??\c:\lrfrrll.exec:\lrfrrll.exe107⤵
-
\??\c:\5bbtnb.exec:\5bbtnb.exe108⤵
-
\??\c:\btbhbb.exec:\btbhbb.exe109⤵
-
\??\c:\ppjvv.exec:\ppjvv.exe110⤵
-
\??\c:\lfxxrrl.exec:\lfxxrrl.exe111⤵
-
\??\c:\lfxxlfx.exec:\lfxxlfx.exe112⤵
-
\??\c:\tntntn.exec:\tntntn.exe113⤵
- System Location Discovery: System Language Discovery
-
\??\c:\bthbnn.exec:\bthbnn.exe114⤵
-
\??\c:\7vpjv.exec:\7vpjv.exe115⤵
-
\??\c:\pvdvj.exec:\pvdvj.exe116⤵
-
\??\c:\xlrxllf.exec:\xlrxllf.exe117⤵
-
\??\c:\rlrlrlr.exec:\rlrlrlr.exe118⤵
-
\??\c:\nhhhhb.exec:\nhhhhb.exe119⤵
-
\??\c:\3vdvj.exec:\3vdvj.exe120⤵
-
\??\c:\5vdvv.exec:\5vdvv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-