Analysis
-
max time kernel
120s -
max time network
111s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
26/08/2024, 03:52
General
-
Target
1f7363470c3bce86c3f463a3d1d0f980N.exe
-
Size
85KB
-
MD5
1f7363470c3bce86c3f463a3d1d0f980
-
SHA1
f7fefeafbad453a4e25372b7fccbd774497c76be
-
SHA256
c69851805e7a1e39b43576404553a57958a5ae08921d46e6094695735983cfcf
-
SHA512
3c3e54cc32a2a5d62bd4b69c9ba642a9869c6ba85d1b05e4e9e71d328897b50ae1f2f44c0c26f15c301776747ac22090bb9a68eace5d3d69f4a4db103ff64678
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoAXPfgr2hKmdbcPi2vzK:ymb3NkkiQ3mdBjFo6Pfgy3dbc/zK
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1f7363470c3bce86c3f463a3d1d0f980N.exe"C:\Users\Admin\AppData\Local\Temp\1f7363470c3bce86c3f463a3d1d0f980N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5jppp.exec:\5jppp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlfffl.exec:\rrlfffl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhhb.exec:\nhnhhb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjjj.exec:\vdjjj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjp.exec:\dvjjp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrllrr.exec:\rrrllrr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbhbt.exec:\btbhbt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jvpj.exec:\7jvpj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xrxlrr.exec:\3xrxlrr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrlfff.exec:\flrlfff.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbbb.exec:\hhhbbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpddv.exec:\jpddv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxrlll.exec:\rlxrlll.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnnn.exec:\bntnnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjddv.exec:\jjddv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlfxfx.exec:\frlfxfx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ffxrll.exec:\1ffxrll.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhttnb.exec:\nhttnb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjvp.exec:\vjjvp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrlrlr.exec:\lrrlrlr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbtt.exec:\hbhbtt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthhbb.exec:\hthhbb.exe23⤵
- Executes dropped EXE
-
\??\c:\9djvp.exec:\9djvp.exe24⤵
- Executes dropped EXE
-
\??\c:\7rrxrxr.exec:\7rrxrxr.exe25⤵
- Executes dropped EXE
-
\??\c:\tnhthh.exec:\tnhthh.exe26⤵
- Executes dropped EXE
-
\??\c:\5ddvj.exec:\5ddvj.exe27⤵
- Executes dropped EXE
-
\??\c:\djppv.exec:\djppv.exe28⤵
- Executes dropped EXE
-
\??\c:\7rffrrr.exec:\7rffrrr.exe29⤵
- Executes dropped EXE
-
\??\c:\xfxfxll.exec:\xfxfxll.exe30⤵
- Executes dropped EXE
-
\??\c:\nhtnbt.exec:\nhtnbt.exe31⤵
- Executes dropped EXE
-
\??\c:\vpjvv.exec:\vpjvv.exe32⤵
- Executes dropped EXE
-
\??\c:\5llfrfx.exec:\5llfrfx.exe33⤵
- Executes dropped EXE
-
\??\c:\xxxrlrl.exec:\xxxrlrl.exe34⤵
- Executes dropped EXE
-
\??\c:\9tbtnb.exec:\9tbtnb.exe35⤵
- Executes dropped EXE
-
\??\c:\nnhhhb.exec:\nnhhhb.exe36⤵
- Executes dropped EXE
-
\??\c:\vdjdv.exec:\vdjdv.exe37⤵
- Executes dropped EXE
-
\??\c:\dvjdd.exec:\dvjdd.exe38⤵
- Executes dropped EXE
-
\??\c:\1frlfxx.exec:\1frlfxx.exe39⤵
- Executes dropped EXE
-
\??\c:\1ffffll.exec:\1ffffll.exe40⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\ttbtbt.exec:\ttbtbt.exe41⤵
- Executes dropped EXE
-
\??\c:\pjpjd.exec:\pjpjd.exe42⤵
- Executes dropped EXE
-
\??\c:\9djdv.exec:\9djdv.exe43⤵
- Executes dropped EXE
-
\??\c:\dpjdp.exec:\dpjdp.exe44⤵
- Executes dropped EXE
-
\??\c:\bttnhb.exec:\bttnhb.exe45⤵
- Executes dropped EXE
-
\??\c:\pjppd.exec:\pjppd.exe46⤵
- Executes dropped EXE
-
\??\c:\5vvvv.exec:\5vvvv.exe47⤵
- Executes dropped EXE
-
\??\c:\ffllrrl.exec:\ffllrrl.exe48⤵
- Executes dropped EXE
-
\??\c:\fxfxfff.exec:\fxfxfff.exe49⤵
- Executes dropped EXE
-
\??\c:\thbtnn.exec:\thbtnn.exe50⤵
- Executes dropped EXE
-
\??\c:\hhnhhh.exec:\hhnhhh.exe51⤵
- Executes dropped EXE
-
\??\c:\pjvpp.exec:\pjvpp.exe52⤵
- Executes dropped EXE
-
\??\c:\9flfrrl.exec:\9flfrrl.exe53⤵
- Executes dropped EXE
-
\??\c:\tnbtnn.exec:\tnbtnn.exe54⤵
- Executes dropped EXE
-
\??\c:\nbhbtt.exec:\nbhbtt.exe55⤵
- Executes dropped EXE
-
\??\c:\dvpjj.exec:\dvpjj.exe56⤵
- Executes dropped EXE
-
\??\c:\frxlxxx.exec:\frxlxxx.exe57⤵
- Executes dropped EXE
-
\??\c:\lffxxxr.exec:\lffxxxr.exe58⤵
- Executes dropped EXE
-
\??\c:\fxxrxxf.exec:\fxxrxxf.exe59⤵
- Executes dropped EXE
-
\??\c:\bbbtnn.exec:\bbbtnn.exe60⤵
- Executes dropped EXE
-
\??\c:\bbbbnn.exec:\bbbbnn.exe61⤵
- Executes dropped EXE
-
\??\c:\5djjj.exec:\5djjj.exe62⤵
- Executes dropped EXE
-
\??\c:\rlxrrlr.exec:\rlxrrlr.exe63⤵
- Executes dropped EXE
-
\??\c:\5rlxrff.exec:\5rlxrff.exe64⤵
- Executes dropped EXE
-
\??\c:\7tnhhh.exec:\7tnhhh.exe65⤵
- Executes dropped EXE
-
\??\c:\hbtnnh.exec:\hbtnnh.exe66⤵
-
\??\c:\vvdvv.exec:\vvdvv.exe67⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe68⤵
-
\??\c:\xxrlxlf.exec:\xxrlxlf.exe69⤵
-
\??\c:\rfrlffx.exec:\rfrlffx.exe70⤵
-
\??\c:\thhbbh.exec:\thhbbh.exe71⤵
-
\??\c:\nnhtnn.exec:\nnhtnn.exe72⤵
-
\??\c:\7bbbtb.exec:\7bbbtb.exe73⤵
-
\??\c:\vdjjv.exec:\vdjjv.exe74⤵
-
\??\c:\7pppd.exec:\7pppd.exe75⤵
-
\??\c:\rlffllf.exec:\rlffllf.exe76⤵
-
\??\c:\rxrrrxr.exec:\rxrrrxr.exe77⤵
-
\??\c:\bhbthb.exec:\bhbthb.exe78⤵
-
\??\c:\5hhbtt.exec:\5hhbtt.exe79⤵
-
\??\c:\7pdvv.exec:\7pdvv.exe80⤵
-
\??\c:\pdjjp.exec:\pdjjp.exe81⤵
-
\??\c:\7rfxffl.exec:\7rfxffl.exe82⤵
-
\??\c:\fxlllfr.exec:\fxlllfr.exe83⤵
-
\??\c:\7btntn.exec:\7btntn.exe84⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe85⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe86⤵
-
\??\c:\rxxxxxr.exec:\rxxxxxr.exe87⤵
-
\??\c:\3lllllr.exec:\3lllllr.exe88⤵
-
\??\c:\nhbtnn.exec:\nhbtnn.exe89⤵
-
\??\c:\hbbbtb.exec:\hbbbtb.exe90⤵
-
\??\c:\ddvdv.exec:\ddvdv.exe91⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe92⤵
-
\??\c:\xxxxrrr.exec:\xxxxrrr.exe93⤵
-
\??\c:\xfxxrrl.exec:\xfxxrrl.exe94⤵
-
\??\c:\9rxxllr.exec:\9rxxllr.exe95⤵
-
\??\c:\bnhbtt.exec:\bnhbtt.exe96⤵
-
\??\c:\ntnnhn.exec:\ntnnhn.exe97⤵
-
\??\c:\dpvvj.exec:\dpvvj.exe98⤵
-
\??\c:\jpdvv.exec:\jpdvv.exe99⤵
-
\??\c:\lfxrffx.exec:\lfxrffx.exe100⤵
-
\??\c:\xxxrrrr.exec:\xxxrrrr.exe101⤵
-
\??\c:\htntnt.exec:\htntnt.exe102⤵
-
\??\c:\bbttht.exec:\bbttht.exe103⤵
-
\??\c:\vpppj.exec:\vpppj.exe104⤵
-
\??\c:\jdppj.exec:\jdppj.exe105⤵
-
\??\c:\lxxrllf.exec:\lxxrllf.exe106⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe107⤵
-
\??\c:\dpjdd.exec:\dpjdd.exe108⤵
-
\??\c:\djddd.exec:\djddd.exe109⤵
-
\??\c:\rlxxlll.exec:\rlxxlll.exe110⤵
-
\??\c:\rrffxxx.exec:\rrffxxx.exe111⤵
-
\??\c:\nbnnnn.exec:\nbnnnn.exe112⤵
-
\??\c:\thbbtt.exec:\thbbtt.exe113⤵
-
\??\c:\3dvpd.exec:\3dvpd.exe114⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe115⤵
-
\??\c:\3flfrrl.exec:\3flfrrl.exe116⤵
-
\??\c:\frllffx.exec:\frllffx.exe117⤵
-
\??\c:\9hhbbb.exec:\9hhbbb.exe118⤵
-
\??\c:\7vpvv.exec:\7vpvv.exe119⤵
-
\??\c:\ppddj.exec:\ppddj.exe120⤵
-
\??\c:\xfxxxfx.exec:\xfxxxfx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-