Analysis
-
max time kernel
119s -
max time network
115s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
25/08/2024, 11:04
General
-
Target
0fd8c69187cc7095f286c7423339c040N.exe
-
Size
67KB
-
MD5
0fd8c69187cc7095f286c7423339c040
-
SHA1
8478b9b7edf5d3187bd6d49cb1a143c81c863fb8
-
SHA256
3950c9f3a1a1323881693cc7219c987477cc53858c1ded958ceae81585c0bb90
-
SHA512
edfa1ed87e042316fb8bce89d9b79faedea5335d54b8baa16e84df53065a5c81a29e742dab9b0458c99e44bcc59fb3c1056ceedc4046447b973f3671b609e48f
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIoAcu:ymb3NkkiQ3mdBjFIsIVcu
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0fd8c69187cc7095f286c7423339c040N.exe"C:\Users\Admin\AppData\Local\Temp\0fd8c69187cc7095f286c7423339c040N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhhbb.exec:\bnhhbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpjd.exec:\djpjd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjdv.exec:\ppjdv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrlrrx.exec:\lfrlrrx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nttnt.exec:\3nttnt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjppp.exec:\jjppp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvd.exec:\vpdvd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lllxxr.exec:\5lllxxr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfllrrx.exec:\lfllrrx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbbhh.exec:\nnbbhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ththbb.exec:\ththbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vvpd.exec:\7vvpd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlllffx.exec:\rlllffx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1btnnn.exec:\1btnnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttntn.exec:\tttntn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjdp.exec:\dvjdp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpd.exec:\jvvpd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfffff.exec:\rrfffff.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfxrf.exec:\xllfxrf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbtbb.exec:\nbbtbb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnnhh.exec:\hnnnhh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjpj.exec:\dvjpj.exe23⤵
- Executes dropped EXE
-
\??\c:\lxfxxxr.exec:\lxfxxxr.exe24⤵
- Executes dropped EXE
-
\??\c:\frrlffx.exec:\frrlffx.exe25⤵
- Executes dropped EXE
-
\??\c:\nbtnhb.exec:\nbtnhb.exe26⤵
- Executes dropped EXE
-
\??\c:\vpdjj.exec:\vpdjj.exe27⤵
- Executes dropped EXE
-
\??\c:\vpvpj.exec:\vpvpj.exe28⤵
- Executes dropped EXE
-
\??\c:\fllxrlf.exec:\fllxrlf.exe29⤵
- Executes dropped EXE
-
\??\c:\xxrlflf.exec:\xxrlflf.exe30⤵
- Executes dropped EXE
-
\??\c:\bnhhnn.exec:\bnhhnn.exe31⤵
- Executes dropped EXE
-
\??\c:\7hnhbb.exec:\7hnhbb.exe32⤵
- Executes dropped EXE
-
\??\c:\vjppj.exec:\vjppj.exe33⤵
- Executes dropped EXE
-
\??\c:\xlxrrlf.exec:\xlxrrlf.exe34⤵
- Executes dropped EXE
-
\??\c:\rxxrrfl.exec:\rxxrrfl.exe35⤵
- Executes dropped EXE
-
\??\c:\lrrlrrl.exec:\lrrlrrl.exe36⤵
- Executes dropped EXE
-
\??\c:\1tnhbt.exec:\1tnhbt.exe37⤵
- Executes dropped EXE
-
\??\c:\hntnhh.exec:\hntnhh.exe38⤵
- Executes dropped EXE
-
\??\c:\3jdvv.exec:\3jdvv.exe39⤵
- Executes dropped EXE
-
\??\c:\vvpjj.exec:\vvpjj.exe40⤵
- Executes dropped EXE
-
\??\c:\fxlxlfx.exec:\fxlxlfx.exe41⤵
- Executes dropped EXE
-
\??\c:\ntnhtt.exec:\ntnhtt.exe42⤵
- Executes dropped EXE
-
\??\c:\hnnbbb.exec:\hnnbbb.exe43⤵
- Executes dropped EXE
-
\??\c:\pjjdp.exec:\pjjdp.exe44⤵
- Executes dropped EXE
-
\??\c:\vpppj.exec:\vpppj.exe45⤵
- Executes dropped EXE
-
\??\c:\rfrlxxx.exec:\rfrlxxx.exe46⤵
- Executes dropped EXE
-
\??\c:\fffxffr.exec:\fffxffr.exe47⤵
- Executes dropped EXE
-
\??\c:\hbnhth.exec:\hbnhth.exe48⤵
- Executes dropped EXE
-
\??\c:\thhnnn.exec:\thhnnn.exe49⤵
- Executes dropped EXE
-
\??\c:\jvdvp.exec:\jvdvp.exe50⤵
- Executes dropped EXE
-
\??\c:\1dpjp.exec:\1dpjp.exe51⤵
- Executes dropped EXE
-
\??\c:\7rxxrxl.exec:\7rxxrxl.exe52⤵
- Executes dropped EXE
-
\??\c:\fxrlxlx.exec:\fxrlxlx.exe53⤵
- Executes dropped EXE
-
\??\c:\bhttnh.exec:\bhttnh.exe54⤵
- Executes dropped EXE
-
\??\c:\htttnn.exec:\htttnn.exe55⤵
- Executes dropped EXE
-
\??\c:\ddvvp.exec:\ddvvp.exe56⤵
- Executes dropped EXE
-
\??\c:\fxlfxxf.exec:\fxlfxxf.exe57⤵
- Executes dropped EXE
-
\??\c:\9ttbtt.exec:\9ttbtt.exe58⤵
- Executes dropped EXE
-
\??\c:\tnbtbb.exec:\tnbtbb.exe59⤵
- Executes dropped EXE
-
\??\c:\jppjd.exec:\jppjd.exe60⤵
- Executes dropped EXE
-
\??\c:\fllxxfr.exec:\fllxxfr.exe61⤵
- Executes dropped EXE
-
\??\c:\lxflffx.exec:\lxflffx.exe62⤵
- Executes dropped EXE
-
\??\c:\ttttnt.exec:\ttttnt.exe63⤵
- Executes dropped EXE
-
\??\c:\jdpjd.exec:\jdpjd.exe64⤵
- Executes dropped EXE
-
\??\c:\pvdvv.exec:\pvdvv.exe65⤵
- Executes dropped EXE
-
\??\c:\rfllllf.exec:\rfllllf.exe66⤵
-
\??\c:\llrrfxx.exec:\llrrfxx.exe67⤵
-
\??\c:\nhhbhh.exec:\nhhbhh.exe68⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe69⤵
- System Location Discovery: System Language Discovery
-
\??\c:\7djdp.exec:\7djdp.exe70⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe71⤵
-
\??\c:\xrxrxxr.exec:\xrxrxxr.exe72⤵
-
\??\c:\xxlxlfl.exec:\xxlxlfl.exe73⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe74⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe75⤵
-
\??\c:\3jdvv.exec:\3jdvv.exe76⤵
-
\??\c:\lfrlxrr.exec:\lfrlxrr.exe77⤵
-
\??\c:\3flfffx.exec:\3flfffx.exe78⤵
-
\??\c:\bbbnht.exec:\bbbnht.exe79⤵
-
\??\c:\bnnhtt.exec:\bnnhtt.exe80⤵
-
\??\c:\jjpjv.exec:\jjpjv.exe81⤵
-
\??\c:\frrlfff.exec:\frrlfff.exe82⤵
-
\??\c:\rxxxrrl.exec:\rxxxrrl.exe83⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe84⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe85⤵
-
\??\c:\3pvpd.exec:\3pvpd.exe86⤵
-
\??\c:\djvpj.exec:\djvpj.exe87⤵
-
\??\c:\llrlxrr.exec:\llrlxrr.exe88⤵
-
\??\c:\9xrxlll.exec:\9xrxlll.exe89⤵
-
\??\c:\nbbttt.exec:\nbbttt.exe90⤵
-
\??\c:\bttnhb.exec:\bttnhb.exe91⤵
-
\??\c:\vjpjv.exec:\vjpjv.exe92⤵
-
\??\c:\xflfxxr.exec:\xflfxxr.exe93⤵
-
\??\c:\rfrrllf.exec:\rfrrllf.exe94⤵
-
\??\c:\bnbbnn.exec:\bnbbnn.exe95⤵
-
\??\c:\tbthtt.exec:\tbthtt.exe96⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe97⤵
-
\??\c:\vdvjd.exec:\vdvjd.exe98⤵
-
\??\c:\lxfxfxr.exec:\lxfxfxr.exe99⤵
-
\??\c:\fxlllll.exec:\fxlllll.exe100⤵
-
\??\c:\hhhbnn.exec:\hhhbnn.exe101⤵
-
\??\c:\nhhbnh.exec:\nhhbnh.exe102⤵
-
\??\c:\djvjd.exec:\djvjd.exe103⤵
-
\??\c:\7vppd.exec:\7vppd.exe104⤵
-
\??\c:\7flxllr.exec:\7flxllr.exe105⤵
-
\??\c:\xffxrll.exec:\xffxrll.exe106⤵
-
\??\c:\nnthbt.exec:\nnthbt.exe107⤵
-
\??\c:\tnnhtn.exec:\tnnhtn.exe108⤵
-
\??\c:\vjpjv.exec:\vjpjv.exe109⤵
-
\??\c:\1xxrlff.exec:\1xxrlff.exe110⤵
-
\??\c:\nhbbbb.exec:\nhbbbb.exe111⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe112⤵
-
\??\c:\llxrlff.exec:\llxrlff.exe113⤵
-
\??\c:\nbhhbt.exec:\nbhhbt.exe114⤵
-
\??\c:\dpjdp.exec:\dpjdp.exe115⤵
-
\??\c:\rfrflff.exec:\rfrflff.exe116⤵
-
\??\c:\ttnbhb.exec:\ttnbhb.exe117⤵
-
\??\c:\bttnhb.exec:\bttnhb.exe118⤵
-
\??\c:\ddddv.exec:\ddddv.exe119⤵
-
\??\c:\jpjvp.exec:\jpjvp.exe120⤵
-
\??\c:\lfrfrlf.exec:\lfrfrlf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-