Analysis
-
max time kernel
103s -
max time network
106s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
24/08/2024, 09:23
General
-
Target
2da5132e12616704799ce0f75738bd90N.exe
-
Size
68KB
-
MD5
2da5132e12616704799ce0f75738bd90
-
SHA1
d8ca261a6fdc4679213c84e71991cd92d5fa98dc
-
SHA256
0b5cc57cf9510d0b50f33f146347242cbfe8ad47c27850ffca64590657e8e931
-
SHA512
e503e8a441dbfe1e4fcde746c6137ccd78b11be1612a4ab71194ada0476a76bf9c542fcea8c11d906364bdf801a5f646d960d91ef2fecb3912f07258578129dd
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUuYp+5C8+LuvdI:ymb3NkkiQ3mdBjF0yMliI
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2da5132e12616704799ce0f75738bd90N.exe"C:\Users\Admin\AppData\Local\Temp\2da5132e12616704799ce0f75738bd90N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlxllx.exec:\lxlxllx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnhtt.exec:\bhnhtt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvpj.exec:\pjvpj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpdv.exec:\jdpdv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfxxxr.exec:\llfxxxr.exe6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\frffflr.exec:\frffflr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnhtn.exec:\bbnhtn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvpj.exec:\djvpj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdvj.exec:\ppdvj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllxlrl.exec:\rllxlrl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnbb.exec:\hbtnbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ddvd.exec:\3ddvd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ppdp.exec:\1ppdp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfxlxl.exec:\xlfxlxl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhhb.exec:\btnhhb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbnhb.exec:\tbbnhb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jvpd.exec:\1jvpd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppdv.exec:\vppdv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rlfxxl.exec:\7rlfxxl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbbbt.exec:\ttbbbt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdj.exec:\jdjdj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdvd.exec:\pvdvd.exe23⤵
- Executes dropped EXE
-
\??\c:\fxrfrrl.exec:\fxrfrrl.exe24⤵
- Executes dropped EXE
-
\??\c:\nhbnhb.exec:\nhbnhb.exe25⤵
- Executes dropped EXE
-
\??\c:\pjvjv.exec:\pjvjv.exe26⤵
- Executes dropped EXE
-
\??\c:\xlfrlfr.exec:\xlfrlfr.exe27⤵
- Executes dropped EXE
-
\??\c:\1xrrlxr.exec:\1xrrlxr.exe28⤵
- Executes dropped EXE
-
\??\c:\fllxrlf.exec:\fllxrlf.exe29⤵
- Executes dropped EXE
-
\??\c:\thhnnn.exec:\thhnnn.exe30⤵
- Executes dropped EXE
-
\??\c:\pjdvp.exec:\pjdvp.exe31⤵
- Executes dropped EXE
-
\??\c:\jdvjv.exec:\jdvjv.exe32⤵
- Executes dropped EXE
-
\??\c:\7flllfl.exec:\7flllfl.exe33⤵
- Executes dropped EXE
-
\??\c:\5bnnnn.exec:\5bnnnn.exe34⤵
- Executes dropped EXE
-
\??\c:\pvjvp.exec:\pvjvp.exe35⤵
- Executes dropped EXE
-
\??\c:\jjpdj.exec:\jjpdj.exe36⤵
- Executes dropped EXE
-
\??\c:\1xrrlfr.exec:\1xrrlfr.exe37⤵
- Executes dropped EXE
-
\??\c:\fxrlffx.exec:\fxrlffx.exe38⤵
- Executes dropped EXE
-
\??\c:\hbbnhb.exec:\hbbnhb.exe39⤵
- Executes dropped EXE
-
\??\c:\1jppj.exec:\1jppj.exe40⤵
- Executes dropped EXE
-
\??\c:\dpjdj.exec:\dpjdj.exe41⤵
- Executes dropped EXE
-
\??\c:\rrxrxrr.exec:\rrxrxrr.exe42⤵
- Executes dropped EXE
-
\??\c:\nttttt.exec:\nttttt.exe43⤵
- Executes dropped EXE
-
\??\c:\5hhhtt.exec:\5hhhtt.exe44⤵
- Executes dropped EXE
-
\??\c:\9hhbhh.exec:\9hhbhh.exe45⤵
- Executes dropped EXE
-
\??\c:\jvpdp.exec:\jvpdp.exe46⤵
- Executes dropped EXE
-
\??\c:\xfrlfrf.exec:\xfrlfrf.exe47⤵
- Executes dropped EXE
-
\??\c:\3flxxrf.exec:\3flxxrf.exe48⤵
- Executes dropped EXE
-
\??\c:\ntnnnn.exec:\ntnnnn.exe49⤵
- Executes dropped EXE
-
\??\c:\nhnbhb.exec:\nhnbhb.exe50⤵
- Executes dropped EXE
-
\??\c:\vdvpd.exec:\vdvpd.exe51⤵
- Executes dropped EXE
-
\??\c:\jpvpj.exec:\jpvpj.exe52⤵
- Executes dropped EXE
-
\??\c:\1rrfrll.exec:\1rrfrll.exe53⤵
- Executes dropped EXE
-
\??\c:\lxfxxrx.exec:\lxfxxrx.exe54⤵
- Executes dropped EXE
-
\??\c:\3lrfrrf.exec:\3lrfrrf.exe55⤵
- Executes dropped EXE
-
\??\c:\tttnbt.exec:\tttnbt.exe56⤵
- Executes dropped EXE
-
\??\c:\bntthb.exec:\bntthb.exe57⤵
- Executes dropped EXE
-
\??\c:\pjjdd.exec:\pjjdd.exe58⤵
- Executes dropped EXE
-
\??\c:\pjvjj.exec:\pjvjj.exe59⤵
- Executes dropped EXE
-
\??\c:\xxflfxx.exec:\xxflfxx.exe60⤵
- Executes dropped EXE
-
\??\c:\ttnhtt.exec:\ttnhtt.exe61⤵
- Executes dropped EXE
-
\??\c:\ntbbtt.exec:\ntbbtt.exe62⤵
- Executes dropped EXE
-
\??\c:\7bthbb.exec:\7bthbb.exe63⤵
- Executes dropped EXE
-
\??\c:\frrllll.exec:\frrllll.exe64⤵
- Executes dropped EXE
-
\??\c:\rffxrrf.exec:\rffxrrf.exe65⤵
- Executes dropped EXE
-
\??\c:\thtnhh.exec:\thtnhh.exe66⤵
-
\??\c:\thttnh.exec:\thttnh.exe67⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe68⤵
-
\??\c:\vppdp.exec:\vppdp.exe69⤵
-
\??\c:\5djvv.exec:\5djvv.exe70⤵
-
\??\c:\7lxxllf.exec:\7lxxllf.exe71⤵
-
\??\c:\5hhbtn.exec:\5hhbtn.exe72⤵
-
\??\c:\hbtnhh.exec:\hbtnhh.exe73⤵
-
\??\c:\vvvpv.exec:\vvvpv.exe74⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe75⤵
-
\??\c:\rffxllx.exec:\rffxllx.exe76⤵
-
\??\c:\flrrlfx.exec:\flrrlfx.exe77⤵
-
\??\c:\btnhnh.exec:\btnhnh.exe78⤵
-
\??\c:\nhbthb.exec:\nhbthb.exe79⤵
-
\??\c:\bhhbtt.exec:\bhhbtt.exe80⤵
-
\??\c:\djjdp.exec:\djjdp.exe81⤵
-
\??\c:\rrlxrlf.exec:\rrlxrlf.exe82⤵
-
\??\c:\xrlxrlf.exec:\xrlxrlf.exe83⤵
-
\??\c:\3bbthn.exec:\3bbthn.exe84⤵
-
\??\c:\hntnth.exec:\hntnth.exe85⤵
-
\??\c:\pjvpd.exec:\pjvpd.exe86⤵
-
\??\c:\jjjvj.exec:\jjjvj.exe87⤵
-
\??\c:\7pdvj.exec:\7pdvj.exe88⤵
-
\??\c:\lxxrllf.exec:\lxxrllf.exe89⤵
-
\??\c:\xfxrlfx.exec:\xfxrlfx.exe90⤵
-
\??\c:\hbtnhh.exec:\hbtnhh.exe91⤵
-
\??\c:\nbhbhb.exec:\nbhbhb.exe92⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe93⤵
-
\??\c:\vjddp.exec:\vjddp.exe94⤵
-
\??\c:\rfxrlff.exec:\rfxrlff.exe95⤵
-
\??\c:\9rllfxr.exec:\9rllfxr.exe96⤵
-
\??\c:\bttbbn.exec:\bttbbn.exe97⤵
-
\??\c:\9bthbn.exec:\9bthbn.exe98⤵
-
\??\c:\jddvp.exec:\jddvp.exe99⤵
-
\??\c:\jpjpv.exec:\jpjpv.exe100⤵
-
\??\c:\9lrflfr.exec:\9lrflfr.exe101⤵
-
\??\c:\rllfrrl.exec:\rllfrrl.exe102⤵
-
\??\c:\5thhbt.exec:\5thhbt.exe103⤵
-
\??\c:\jddpp.exec:\jddpp.exe104⤵
-
\??\c:\3ppjd.exec:\3ppjd.exe105⤵
-
\??\c:\xrxxlxr.exec:\xrxxlxr.exe106⤵
-
\??\c:\rlfxfxx.exec:\rlfxfxx.exe107⤵
-
\??\c:\xxrlfff.exec:\xxrlfff.exe108⤵
-
\??\c:\htbthh.exec:\htbthh.exe109⤵
-
\??\c:\9jddp.exec:\9jddp.exe110⤵
-
\??\c:\lfrlxrl.exec:\lfrlxrl.exe111⤵
-
\??\c:\3rlfffx.exec:\3rlfffx.exe112⤵
-
\??\c:\7tbhhh.exec:\7tbhhh.exe113⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe114⤵
-
\??\c:\pvpvp.exec:\pvpvp.exe115⤵
-
\??\c:\xrfxfrl.exec:\xrfxfrl.exe116⤵
-
\??\c:\lffxrrf.exec:\lffxrrf.exe117⤵
-
\??\c:\nhnhhh.exec:\nhnhhh.exe118⤵
-
\??\c:\tttbht.exec:\tttbht.exe119⤵
-
\??\c:\3vdvp.exec:\3vdvp.exe120⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-