Analysis
-
max time kernel
150s -
max time network
115s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
25-08-2024 19:18
General
-
Target
192a878f4c5354a6e99045e71380f8b632f63df32f5973a5b198ad7c3ecfa95f.exe
-
Size
56KB
-
MD5
2b61bddc27abfd9f5f94e0187881f47f
-
SHA1
188e85435737d7f91ac3357e591b5281d6d40b13
-
SHA256
192a878f4c5354a6e99045e71380f8b632f63df32f5973a5b198ad7c3ecfa95f
-
SHA512
9dd609a28898720bb16786cafa7e5c6bea6e16b0f3b9cd4bd9aa18e814122e0189808ffae991cf2de6b869451aac9d03564edd79c1c03cecfd5cd10b28cd6e0b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIYgEWX:ymb3NkkiQ3mdBjFI3EWX
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\192a878f4c5354a6e99045e71380f8b632f63df32f5973a5b198ad7c3ecfa95f.exe"C:\Users\Admin\AppData\Local\Temp\192a878f4c5354a6e99045e71380f8b632f63df32f5973a5b198ad7c3ecfa95f.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7nnnhh.exec:\7nnnhh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhnhh.exec:\nbhnhh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvj.exec:\dvdvj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddd.exec:\jdddd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfffxff.exec:\rfffxff.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7htntb.exec:\7htntb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttnnn.exec:\nttnnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdp.exec:\jdjdp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvd.exec:\vpdvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxllrr.exec:\xxxllrr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhthbh.exec:\nhthbh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vjjp.exec:\3vjjp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jpjj.exec:\7jpjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfxxxx.exec:\xxfxxxx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3thhbb.exec:\3thhbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbthh.exec:\bhbthh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdvd.exec:\jjdvd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxfffx.exec:\rrxfffx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llllfff.exec:\llllfff.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhhb.exec:\bthhhb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjjd.exec:\pdjjd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpd.exec:\jvvpd.exe23⤵
- Executes dropped EXE
-
\??\c:\lrfxrrl.exec:\lrfxrrl.exe24⤵
- Executes dropped EXE
-
\??\c:\nbhnnn.exec:\nbhnnn.exe25⤵
- Executes dropped EXE
-
\??\c:\nnnnnt.exec:\nnnnnt.exe26⤵
- Executes dropped EXE
-
\??\c:\vdjjp.exec:\vdjjp.exe27⤵
- Executes dropped EXE
-
\??\c:\9djpj.exec:\9djpj.exe28⤵
- Executes dropped EXE
-
\??\c:\xfffxxr.exec:\xfffxxr.exe29⤵
- Executes dropped EXE
-
\??\c:\1nhthb.exec:\1nhthb.exe30⤵
- Executes dropped EXE
-
\??\c:\5pvvd.exec:\5pvvd.exe31⤵
- Executes dropped EXE
-
\??\c:\jjjpp.exec:\jjjpp.exe32⤵
- Executes dropped EXE
-
\??\c:\rrrlffx.exec:\rrrlffx.exe33⤵
- Executes dropped EXE
-
\??\c:\fllfffx.exec:\fllfffx.exe34⤵
- Executes dropped EXE
-
\??\c:\nhntbh.exec:\nhntbh.exe35⤵
- Executes dropped EXE
-
\??\c:\tttbtt.exec:\tttbtt.exe36⤵
- Executes dropped EXE
-
\??\c:\nnnttb.exec:\nnnttb.exe37⤵
- Executes dropped EXE
-
\??\c:\dvppp.exec:\dvppp.exe38⤵
- Executes dropped EXE
-
\??\c:\pdjpd.exec:\pdjpd.exe39⤵
- Executes dropped EXE
-
\??\c:\lxxrffr.exec:\lxxrffr.exe40⤵
- Executes dropped EXE
-
\??\c:\lxxxlfx.exec:\lxxxlfx.exe41⤵
- Executes dropped EXE
-
\??\c:\3nnhhb.exec:\3nnhhb.exe42⤵
- Executes dropped EXE
-
\??\c:\dvddv.exec:\dvddv.exe43⤵
- Executes dropped EXE
-
\??\c:\jjddd.exec:\jjddd.exe44⤵
- Executes dropped EXE
-
\??\c:\rlrxrlr.exec:\rlrxrlr.exe45⤵
- Executes dropped EXE
-
\??\c:\frxrxxr.exec:\frxrxxr.exe46⤵
- Executes dropped EXE
-
\??\c:\nhtnhb.exec:\nhtnhb.exe47⤵
- Executes dropped EXE
-
\??\c:\vjppp.exec:\vjppp.exe48⤵
- Executes dropped EXE
-
\??\c:\1pvvj.exec:\1pvvj.exe49⤵
- Executes dropped EXE
-
\??\c:\rlrfffx.exec:\rlrfffx.exe50⤵
- Executes dropped EXE
-
\??\c:\lffxfff.exec:\lffxfff.exe51⤵
- Executes dropped EXE
-
\??\c:\bhhbtt.exec:\bhhbtt.exe52⤵
- Executes dropped EXE
-
\??\c:\pvvvp.exec:\pvvvp.exe53⤵
- Executes dropped EXE
-
\??\c:\3jppd.exec:\3jppd.exe54⤵
- Executes dropped EXE
-
\??\c:\5lrlfff.exec:\5lrlfff.exe55⤵
- Executes dropped EXE
-
\??\c:\nttnhh.exec:\nttnhh.exe56⤵
- Executes dropped EXE
-
\??\c:\jdppj.exec:\jdppj.exe57⤵
- Executes dropped EXE
-
\??\c:\rxxxrxr.exec:\rxxxrxr.exe58⤵
- Executes dropped EXE
-
\??\c:\5rrrlxr.exec:\5rrrlxr.exe59⤵
- Executes dropped EXE
-
\??\c:\hbhhbb.exec:\hbhhbb.exe60⤵
- Executes dropped EXE
-
\??\c:\btnhbb.exec:\btnhbb.exe61⤵
- Executes dropped EXE
-
\??\c:\ddvpj.exec:\ddvpj.exe62⤵
- Executes dropped EXE
-
\??\c:\1fffrrl.exec:\1fffrrl.exe63⤵
- Executes dropped EXE
-
\??\c:\rlfrfxl.exec:\rlfrfxl.exe64⤵
- Executes dropped EXE
-
\??\c:\htbtnh.exec:\htbtnh.exe65⤵
- Executes dropped EXE
-
\??\c:\5vvpj.exec:\5vvpj.exe66⤵
-
\??\c:\9ffxrll.exec:\9ffxrll.exe67⤵
-
\??\c:\btnbbb.exec:\btnbbb.exe68⤵
-
\??\c:\bbnnbb.exec:\bbnnbb.exe69⤵
-
\??\c:\lxlffrl.exec:\lxlffrl.exe70⤵
-
\??\c:\7rrrllf.exec:\7rrrllf.exe71⤵
-
\??\c:\hhhbtt.exec:\hhhbtt.exe72⤵
-
\??\c:\bntnbh.exec:\bntnbh.exe73⤵
-
\??\c:\vvpjp.exec:\vvpjp.exe74⤵
-
\??\c:\3pvpp.exec:\3pvpp.exe75⤵
-
\??\c:\lffxflr.exec:\lffxflr.exe76⤵
-
\??\c:\xxfxrlf.exec:\xxfxrlf.exe77⤵
-
\??\c:\nhtnhh.exec:\nhtnhh.exe78⤵
-
\??\c:\9btbtt.exec:\9btbtt.exe79⤵
-
\??\c:\5ppjv.exec:\5ppjv.exe80⤵
-
\??\c:\jvpjv.exec:\jvpjv.exe81⤵
-
\??\c:\9rllxlx.exec:\9rllxlx.exe82⤵
-
\??\c:\rrfxrlr.exec:\rrfxrlr.exe83⤵
-
\??\c:\7nntnn.exec:\7nntnn.exe84⤵
-
\??\c:\5dddp.exec:\5dddp.exe85⤵
-
\??\c:\ddjdj.exec:\ddjdj.exe86⤵
-
\??\c:\dvpvp.exec:\dvpvp.exe87⤵
-
\??\c:\5bhbnt.exec:\5bhbnt.exe88⤵
-
\??\c:\btbthh.exec:\btbthh.exe89⤵
- System Location Discovery: System Language Discovery
-
\??\c:\dddvd.exec:\dddvd.exe90⤵
-
\??\c:\rrffrlf.exec:\rrffrlf.exe91⤵
-
\??\c:\nhntnt.exec:\nhntnt.exe92⤵
-
\??\c:\hbbbnb.exec:\hbbbnb.exe93⤵
-
\??\c:\7dppj.exec:\7dppj.exe94⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe95⤵
-
\??\c:\9rxfxrx.exec:\9rxfxrx.exe96⤵
-
\??\c:\hthbtb.exec:\hthbtb.exe97⤵
-
\??\c:\thhbtn.exec:\thhbtn.exe98⤵
-
\??\c:\jpdvd.exec:\jpdvd.exe99⤵
-
\??\c:\lrrlffl.exec:\lrrlffl.exe100⤵
-
\??\c:\5xxrrrf.exec:\5xxrrrf.exe101⤵
-
\??\c:\btbnbb.exec:\btbnbb.exe102⤵
-
\??\c:\pppjd.exec:\pppjd.exe103⤵
-
\??\c:\3vpjv.exec:\3vpjv.exe104⤵
-
\??\c:\5rrfxxr.exec:\5rrfxxr.exe105⤵
-
\??\c:\nnhbnh.exec:\nnhbnh.exe106⤵
-
\??\c:\7nnhbb.exec:\7nnhbb.exe107⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe108⤵
-
\??\c:\jddvp.exec:\jddvp.exe109⤵
-
\??\c:\rlrlrll.exec:\rlrlrll.exe110⤵
-
\??\c:\xxrlxff.exec:\xxrlxff.exe111⤵
-
\??\c:\flrffff.exec:\flrffff.exe112⤵
-
\??\c:\5btttt.exec:\5btttt.exe113⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe114⤵
-
\??\c:\7dvpj.exec:\7dvpj.exe115⤵
-
\??\c:\1jjdd.exec:\1jjdd.exe116⤵
-
\??\c:\ffllrll.exec:\ffllrll.exe117⤵
-
\??\c:\lflfllr.exec:\lflfllr.exe118⤵
-
\??\c:\bbhbhh.exec:\bbhbhh.exe119⤵
-
\??\c:\ntbhtn.exec:\ntbhtn.exe120⤵
-
\??\c:\jddvp.exec:\jddvp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-