Analysis
-
max time kernel
150s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
26-08-2024 03:32
General
-
Target
d30bceb876f5e4697d5a6300a330f2774fe7d5509f1d2cbd846cc3691fb31c24.exe
-
Size
963KB
-
MD5
07612bfccc863ae2d0f84dd4f1a85453
-
SHA1
0d3969ce5680da5ec475348e196e5d7cdafe826d
-
SHA256
d30bceb876f5e4697d5a6300a330f2774fe7d5509f1d2cbd846cc3691fb31c24
-
SHA512
052956c3e744f0ce0f13e6a4d08e4c1f2390de9f986891847001cb88eebac459c2728574a37850ddf24f28c8a66a74739ad6c4dc2fd23605362bf722e34b624a
-
SSDEEP
12288:n3C9yMo+S0L9xRnoq7H9xqYL04iVypNKvzcMwdBS3b3aoqYveXVadBlHD+CURPO6:SgD4bhoqLDqYLagB6Wj1+CyU
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d30bceb876f5e4697d5a6300a330f2774fe7d5509f1d2cbd846cc3691fb31c24.exe"C:\Users\Admin\AppData\Local\Temp\d30bceb876f5e4697d5a6300a330f2774fe7d5509f1d2cbd846cc3691fb31c24.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\6422604.exec:\6422604.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvpj.exec:\vdvpj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnhnh.exec:\bhnhnh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\88486.exec:\88486.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0844226.exec:\0844226.exe6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\m6008.exec:\m6008.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\402048.exec:\402048.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfxrlx.exec:\lxfxrlx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbtth.exec:\nnbtth.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\00446.exec:\00446.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\26840.exec:\26840.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vvpp.exec:\3vvpp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpj.exec:\vpvpj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8246660.exec:\8246660.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dvvd.exec:\1dvvd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\24266.exec:\24266.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0626660.exec:\0626660.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflxlxf.exec:\lflxlxf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbbbb.exec:\bbbbbb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhntbh.exec:\bhntbh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnnn.exec:\hbtnnn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\g8604.exec:\g8604.exe23⤵
- Executes dropped EXE
-
\??\c:\60648.exec:\60648.exe24⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\ppjjd.exec:\ppjjd.exe25⤵
- Executes dropped EXE
-
\??\c:\s6264.exec:\s6264.exe26⤵
-
\??\c:\1rlxlfr.exec:\1rlxlfr.exe27⤵
- Executes dropped EXE
-
\??\c:\402260.exec:\402260.exe28⤵
- Executes dropped EXE
-
\??\c:\5hbthh.exec:\5hbthh.exe29⤵
- Executes dropped EXE
-
\??\c:\bhhnhb.exec:\bhhnhb.exe30⤵
- Executes dropped EXE
-
\??\c:\066082.exec:\066082.exe31⤵
- Executes dropped EXE
-
\??\c:\5lrfrlr.exec:\5lrfrlr.exe32⤵
- Executes dropped EXE
-
\??\c:\e40444.exec:\e40444.exe33⤵
- Executes dropped EXE
-
\??\c:\842860.exec:\842860.exe34⤵
- Executes dropped EXE
-
\??\c:\20260.exec:\20260.exe35⤵
- Executes dropped EXE
-
\??\c:\bthtbn.exec:\bthtbn.exe36⤵
- Executes dropped EXE
-
\??\c:\fxlfrrl.exec:\fxlfrrl.exe37⤵
- Executes dropped EXE
-
\??\c:\7frlllx.exec:\7frlllx.exe38⤵
- Executes dropped EXE
-
\??\c:\20420.exec:\20420.exe39⤵
- Executes dropped EXE
-
\??\c:\bbbnbt.exec:\bbbnbt.exe40⤵
- Executes dropped EXE
-
\??\c:\jvpdp.exec:\jvpdp.exe41⤵
- Executes dropped EXE
-
\??\c:\jdvpj.exec:\jdvpj.exe42⤵
- Executes dropped EXE
-
\??\c:\frrfrlx.exec:\frrfrlx.exe43⤵
- Executes dropped EXE
-
\??\c:\7rrlxxl.exec:\7rrlxxl.exe44⤵
- Executes dropped EXE
-
\??\c:\c248608.exec:\c248608.exe45⤵
- Executes dropped EXE
-
\??\c:\088206.exec:\088206.exe46⤵
- Executes dropped EXE
-
\??\c:\488282.exec:\488282.exe47⤵
- Executes dropped EXE
-
\??\c:\66642.exec:\66642.exe48⤵
- Executes dropped EXE
-
\??\c:\frxrlfl.exec:\frxrlfl.exe49⤵
- Executes dropped EXE
-
\??\c:\fxllffr.exec:\fxllffr.exe50⤵
- Executes dropped EXE
-
\??\c:\440488.exec:\440488.exe51⤵
- Executes dropped EXE
-
\??\c:\7lrlffr.exec:\7lrlffr.exe52⤵
- Executes dropped EXE
-
\??\c:\022666.exec:\022666.exe53⤵
- Executes dropped EXE
-
\??\c:\1djdv.exec:\1djdv.exe54⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rlfxrlf.exec:\rlfxrlf.exe55⤵
- Executes dropped EXE
-
\??\c:\3xxrlfx.exec:\3xxrlfx.exe56⤵
- Executes dropped EXE
-
\??\c:\00482.exec:\00482.exe57⤵
- Executes dropped EXE
-
\??\c:\1dppp.exec:\1dppp.exe58⤵
- Executes dropped EXE
-
\??\c:\268888.exec:\268888.exe59⤵
- Executes dropped EXE
-
\??\c:\c080222.exec:\c080222.exe60⤵
- Executes dropped EXE
-
\??\c:\lfrllff.exec:\lfrllff.exe61⤵
- Executes dropped EXE
-
\??\c:\bnbtnn.exec:\bnbtnn.exe62⤵
- Executes dropped EXE
-
\??\c:\c848248.exec:\c848248.exe63⤵
- Executes dropped EXE
-
\??\c:\0028244.exec:\0028244.exe64⤵
- Executes dropped EXE
-
\??\c:\w80444.exec:\w80444.exe65⤵
- Executes dropped EXE
-
\??\c:\1ddvv.exec:\1ddvv.exe66⤵
- Executes dropped EXE
-
\??\c:\lrffxxr.exec:\lrffxxr.exe67⤵
-
\??\c:\086600.exec:\086600.exe68⤵
-
\??\c:\g2040.exec:\g2040.exe69⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jpvvp.exec:\jpvvp.exe70⤵
- System Location Discovery: System Language Discovery
-
\??\c:\24604.exec:\24604.exe71⤵
-
\??\c:\ppjvv.exec:\ppjvv.exe72⤵
-
\??\c:\bttnnb.exec:\bttnnb.exe73⤵
-
\??\c:\g8626.exec:\g8626.exe74⤵
-
\??\c:\080488.exec:\080488.exe75⤵
-
\??\c:\htbhht.exec:\htbhht.exe76⤵
-
\??\c:\6800448.exec:\6800448.exe77⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe78⤵
-
\??\c:\468666.exec:\468666.exe79⤵
-
\??\c:\rffxxxx.exec:\rffxxxx.exe80⤵
-
\??\c:\3vvvp.exec:\3vvvp.exe81⤵
-
\??\c:\m4884.exec:\m4884.exe82⤵
-
\??\c:\tbhnhh.exec:\tbhnhh.exe83⤵
-
\??\c:\680822.exec:\680822.exe84⤵
-
\??\c:\60284.exec:\60284.exe85⤵
-
\??\c:\pjppd.exec:\pjppd.exe86⤵
-
\??\c:\266600.exec:\266600.exe87⤵
-
\??\c:\5ttnhh.exec:\5ttnhh.exe88⤵
-
\??\c:\jdddd.exec:\jdddd.exe89⤵
-
\??\c:\1pvpp.exec:\1pvpp.exe90⤵
-
\??\c:\pdvpj.exec:\pdvpj.exe91⤵
-
\??\c:\288482.exec:\288482.exe92⤵
-
\??\c:\c222026.exec:\c222026.exe93⤵
-
\??\c:\e62604.exec:\e62604.exe94⤵
-
\??\c:\6282666.exec:\6282666.exe95⤵
-
\??\c:\5flfrxr.exec:\5flfrxr.exe96⤵
-
\??\c:\622082.exec:\622082.exe97⤵
-
\??\c:\28628.exec:\28628.exe98⤵
-
\??\c:\pjjvd.exec:\pjjvd.exe99⤵
-
\??\c:\04280.exec:\04280.exe100⤵
-
\??\c:\7xfxfff.exec:\7xfxfff.exe101⤵
-
\??\c:\hhtnhb.exec:\hhtnhb.exe102⤵
-
\??\c:\82426.exec:\82426.exe103⤵
-
\??\c:\480066.exec:\480066.exe104⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe105⤵
-
\??\c:\1rrrllf.exec:\1rrrllf.exe106⤵
-
\??\c:\4042604.exec:\4042604.exe107⤵
-
\??\c:\842468.exec:\842468.exe108⤵
-
\??\c:\22264.exec:\22264.exe109⤵
-
\??\c:\66286.exec:\66286.exe110⤵
-
\??\c:\2208484.exec:\2208484.exe111⤵
-
\??\c:\nhhhbh.exec:\nhhhbh.exe112⤵
-
\??\c:\lrlxlxl.exec:\lrlxlxl.exe113⤵
-
\??\c:\u008604.exec:\u008604.exe114⤵
-
\??\c:\ffxrxxx.exec:\ffxrxxx.exe115⤵
-
\??\c:\u602420.exec:\u602420.exe116⤵
-
\??\c:\bnhtnh.exec:\bnhtnh.exe117⤵
- System Location Discovery: System Language Discovery
-
\??\c:\lfrllll.exec:\lfrllll.exe118⤵
-
\??\c:\ffxrrxr.exec:\ffxrrxr.exe119⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ffflfrr.exec:\ffflfrr.exe120⤵
-
\??\c:\88820.exec:\88820.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-