Analysis
-
max time kernel
120s -
max time network
118s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
23-08-2024 14:25
General
-
Target
ac7ae3832310c0ff5c45491ca38510d0N.exe
-
Size
309KB
-
MD5
ac7ae3832310c0ff5c45491ca38510d0
-
SHA1
2c0e4d51fb03ad5423ec2e858ec001ac4733ee10
-
SHA256
a668c97e8f3aa090553597fa234d4074eee4094f7597ebe1497ff921ab6fdb61
-
SHA512
ca844f2f5fa269ea98e0755ddd8e9da6293d95c55d12a106e5507aa8c7d6422adcfd54e5dd4364ecd91b34a9bef009a693735c18123d6e5a175bc70b7c5e3c25
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo7LAIRUohDLS0k+sLiiBVS0ILlMcGGW7sRCl9eMMV:n3C9BRo/AIuunS3+sOiBVSXxMxTsm9ex
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ac7ae3832310c0ff5c45491ca38510d0N.exe"C:\Users\Admin\AppData\Local\Temp\ac7ae3832310c0ff5c45491ca38510d0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtnnh.exec:\bbtnnh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllxflf.exec:\rllxflf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjdv.exec:\ppjdv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlflfx.exec:\xxlflfx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7frfrxx.exec:\7frfrxx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhhnn.exec:\bnhhnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxllllr.exec:\lxllllr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhbb.exec:\tnhhbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfrll.exec:\lflfrll.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffffxrr.exec:\ffffxrr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnnhn.exec:\hnnnhn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpvd.exec:\ddpvd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnnnt.exec:\hbnnnt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpjd.exec:\vdpjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnbtb.exec:\bnnbtb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntttbh.exec:\ntttbh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjv.exec:\jdpjv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppvv.exec:\pppvv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttnbn.exec:\nttnbn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvppd.exec:\vvppd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrxfxl.exec:\xfrxfxl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jvvp.exec:\7jvvp.exe23⤵
- Executes dropped EXE
-
\??\c:\rfllrxx.exec:\rfllrxx.exe24⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\ddvpd.exec:\ddvpd.exe25⤵
- Executes dropped EXE
-
\??\c:\thhhbh.exec:\thhhbh.exe26⤵
- Executes dropped EXE
-
\??\c:\frrlrxf.exec:\frrlrxf.exe27⤵
- Executes dropped EXE
-
\??\c:\lxfffll.exec:\lxfffll.exe28⤵
- Executes dropped EXE
-
\??\c:\tnbbhn.exec:\tnbbhn.exe29⤵
- Executes dropped EXE
-
\??\c:\djvdv.exec:\djvdv.exe30⤵
- Executes dropped EXE
-
\??\c:\nhtbbh.exec:\nhtbbh.exe31⤵
- Executes dropped EXE
-
\??\c:\rrlfrfr.exec:\rrlfrfr.exe32⤵
- Executes dropped EXE
-
\??\c:\xrlflfx.exec:\xrlflfx.exe33⤵
- Executes dropped EXE
-
\??\c:\jpjpj.exec:\jpjpj.exe34⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\lffxfxx.exec:\lffxfxx.exe35⤵
- Executes dropped EXE
-
\??\c:\hhbtnt.exec:\hhbtnt.exe36⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\jdjjj.exec:\jdjjj.exe37⤵
- Executes dropped EXE
-
\??\c:\lxlxfrl.exec:\lxlxfrl.exe38⤵
- Executes dropped EXE
-
\??\c:\bnnhbb.exec:\bnnhbb.exe39⤵
- Executes dropped EXE
-
\??\c:\jdjvv.exec:\jdjvv.exe40⤵
- Executes dropped EXE
-
\??\c:\lrrrlxr.exec:\lrrrlxr.exe41⤵
- Executes dropped EXE
-
\??\c:\nnbhhn.exec:\nnbhhn.exe42⤵
- Executes dropped EXE
-
\??\c:\xxlxxxl.exec:\xxlxxxl.exe43⤵
- Executes dropped EXE
-
\??\c:\tnbbbh.exec:\tnbbbh.exe44⤵
- Executes dropped EXE
-
\??\c:\djvjp.exec:\djvjp.exe45⤵
- Executes dropped EXE
-
\??\c:\ffrrrxx.exec:\ffrrrxx.exe46⤵
- Executes dropped EXE
-
\??\c:\bbntnn.exec:\bbntnn.exe47⤵
- Executes dropped EXE
-
\??\c:\pvdvv.exec:\pvdvv.exe48⤵
- Executes dropped EXE
-
\??\c:\lrrllrx.exec:\lrrllrx.exe49⤵
- Executes dropped EXE
-
\??\c:\jjpvv.exec:\jjpvv.exe50⤵
- Executes dropped EXE
-
\??\c:\fxlxxrl.exec:\fxlxxrl.exe51⤵
- Executes dropped EXE
-
\??\c:\dvvpp.exec:\dvvpp.exe52⤵
- Executes dropped EXE
-
\??\c:\lfrlrxr.exec:\lfrlrxr.exe53⤵
- Executes dropped EXE
-
\??\c:\hnttth.exec:\hnttth.exe54⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe55⤵
- Executes dropped EXE
-
\??\c:\rxfxxlf.exec:\rxfxxlf.exe56⤵
- Executes dropped EXE
-
\??\c:\ntnnnh.exec:\ntnnnh.exe57⤵
- Executes dropped EXE
-
\??\c:\ppvvv.exec:\ppvvv.exe58⤵
- Executes dropped EXE
-
\??\c:\rffxffx.exec:\rffxffx.exe59⤵
- Executes dropped EXE
-
\??\c:\ttnbnb.exec:\ttnbnb.exe60⤵
- Executes dropped EXE
-
\??\c:\pvpjj.exec:\pvpjj.exe61⤵
- Executes dropped EXE
-
\??\c:\lxflllr.exec:\lxflllr.exe62⤵
- Executes dropped EXE
-
\??\c:\bnthhh.exec:\bnthhh.exe63⤵
- Executes dropped EXE
-
\??\c:\pdpvp.exec:\pdpvp.exe64⤵
- Executes dropped EXE
-
\??\c:\ffrrflf.exec:\ffrrflf.exe65⤵
- Executes dropped EXE
-
\??\c:\bnhbth.exec:\bnhbth.exe66⤵
-
\??\c:\vvdpp.exec:\vvdpp.exe67⤵
-
\??\c:\ffllrrf.exec:\ffllrrf.exe68⤵
-
\??\c:\btbtth.exec:\btbtth.exe69⤵
-
\??\c:\ththtn.exec:\ththtn.exe70⤵
-
\??\c:\dvdpv.exec:\dvdpv.exe71⤵
-
\??\c:\fllrrxl.exec:\fllrrxl.exe72⤵
-
\??\c:\hnhbbb.exec:\hnhbbb.exe73⤵
-
\??\c:\nttbhh.exec:\nttbhh.exe74⤵
-
\??\c:\jppdd.exec:\jppdd.exe75⤵
-
\??\c:\fxfxxfx.exec:\fxfxxfx.exe76⤵
-
\??\c:\xrlllrx.exec:\xrlllrx.exe77⤵
-
\??\c:\nbhnnb.exec:\nbhnnb.exe78⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe79⤵
-
\??\c:\lrrrfrr.exec:\lrrrfrr.exe80⤵
-
\??\c:\thnhbh.exec:\thnhbh.exe81⤵
-
\??\c:\vjjpd.exec:\vjjpd.exe82⤵
-
\??\c:\lfxrllf.exec:\lfxrllf.exe83⤵
-
\??\c:\thbttb.exec:\thbttb.exe84⤵
-
\??\c:\htnnbh.exec:\htnnbh.exe85⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe86⤵
-
\??\c:\rlxrfxf.exec:\rlxrfxf.exe87⤵
-
\??\c:\nttttn.exec:\nttttn.exe88⤵
-
\??\c:\pddvp.exec:\pddvp.exe89⤵
-
\??\c:\rfxlfll.exec:\rfxlfll.exe90⤵
-
\??\c:\nbhhhh.exec:\nbhhhh.exe91⤵
-
\??\c:\djppp.exec:\djppp.exe92⤵
-
\??\c:\ffrrlff.exec:\ffrrlff.exe93⤵
-
\??\c:\nhhhbh.exec:\nhhhbh.exe94⤵
-
\??\c:\tnntht.exec:\tnntht.exe95⤵
-
\??\c:\vdpvj.exec:\vdpvj.exe96⤵
-
\??\c:\xfrxfxf.exec:\xfrxfxf.exe97⤵
-
\??\c:\ntbttb.exec:\ntbttb.exe98⤵
-
\??\c:\tttbtt.exec:\tttbtt.exe99⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe100⤵
-
\??\c:\ffrrrxf.exec:\ffrrrxf.exe101⤵
-
\??\c:\tntbbh.exec:\tntbbh.exe102⤵
-
\??\c:\jjddv.exec:\jjddv.exe103⤵
-
\??\c:\djvdv.exec:\djvdv.exe104⤵
-
\??\c:\xllxxfl.exec:\xllxxfl.exe105⤵
-
\??\c:\tbtbbh.exec:\tbtbbh.exe106⤵
-
\??\c:\jjvvd.exec:\jjvvd.exe107⤵
-
\??\c:\llrxlrr.exec:\llrxlrr.exe108⤵
-
\??\c:\nbtbtt.exec:\nbtbtt.exe109⤵
-
\??\c:\bbnhnh.exec:\bbnhnh.exe110⤵
-
\??\c:\fxxxrrr.exec:\fxxxrrr.exe111⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe112⤵
-
\??\c:\rxxllrx.exec:\rxxllrx.exe113⤵
-
\??\c:\btbtbb.exec:\btbtbb.exe114⤵
-
\??\c:\jjvpv.exec:\jjvpv.exe115⤵
-
\??\c:\fffffll.exec:\fffffll.exe116⤵
-
\??\c:\bnnbtt.exec:\bnnbtt.exe117⤵
-
\??\c:\vdppp.exec:\vdppp.exe118⤵
-
\??\c:\xlllflx.exec:\xlllflx.exe119⤵
-
\??\c:\hnttth.exec:\hnttth.exe120⤵
-
\??\c:\djvjp.exec:\djvjp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-