Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
01-09-2024 03:49
General
-
Target
dcebb2e1ea4c0d7c5bb706d6120f27089f8e9318fe3a7aedf603d5bef0a43420.exe
-
Size
82KB
-
MD5
bea7a34f32f0930bcff895e355cd3431
-
SHA1
cff2023cbcc339b57ff92ab146f5b2987b504aed
-
SHA256
dcebb2e1ea4c0d7c5bb706d6120f27089f8e9318fe3a7aedf603d5bef0a43420
-
SHA512
1f7bc16379384148e99bb69abf8ea0da60ee9d815e551f1c95740bfe3b05313488b0369df0992379708c4069a39c880b8f1ee4e9145e682ae88274ec61226351
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA89Q3:ymb3NkkiQ3mdBjFIIp9L9QrrA8e
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\dcebb2e1ea4c0d7c5bb706d6120f27089f8e9318fe3a7aedf603d5bef0a43420.exe"C:\Users\Admin\AppData\Local\Temp\dcebb2e1ea4c0d7c5bb706d6120f27089f8e9318fe3a7aedf603d5bef0a43420.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvvj.exec:\jjvvj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxrflf.exec:\rfxrflf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnbnb.exec:\ntnbnb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bnbtn.exec:\7bnbtn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jjvv.exec:\3jjvv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfxrrl.exec:\llfxrrl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nnhbt.exec:\9nnhbt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnhth.exec:\tbnhth.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdvj.exec:\vjdvj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxrlr.exec:\rlfxrlr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tnbnb.exec:\5tnbnb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpppd.exec:\jpppd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xfrffr.exec:\7xfrffr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxrff.exec:\rlfxrff.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7btnhh.exec:\7btnhh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdjd.exec:\vjdjd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxffl.exec:\xrxxffl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthhnb.exec:\nthhnb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpppd.exec:\vpppd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlxlrf.exec:\frlxlrf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnntn.exec:\hhnntn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpdv.exec:\vvpdv.exe23⤵
- Executes dropped EXE
-
\??\c:\rxfrxrl.exec:\rxfrxrl.exe24⤵
- Executes dropped EXE
-
\??\c:\xrrfrlx.exec:\xrrfrlx.exe25⤵
- Executes dropped EXE
-
\??\c:\fxlfrfx.exec:\fxlfrfx.exe26⤵
- Executes dropped EXE
-
\??\c:\htbtnt.exec:\htbtnt.exe27⤵
- Executes dropped EXE
-
\??\c:\djpjd.exec:\djpjd.exe28⤵
- Executes dropped EXE
-
\??\c:\5lfrfxl.exec:\5lfrfxl.exe29⤵
- Executes dropped EXE
-
\??\c:\3lfrfrf.exec:\3lfrfrf.exe30⤵
- Executes dropped EXE
-
\??\c:\nntttb.exec:\nntttb.exe31⤵
- Executes dropped EXE
-
\??\c:\thnhth.exec:\thnhth.exe32⤵
- Executes dropped EXE
-
\??\c:\vvvpp.exec:\vvvpp.exe33⤵
- Executes dropped EXE
-
\??\c:\lxfrlfl.exec:\lxfrlfl.exe34⤵
- Executes dropped EXE
-
\??\c:\thbnbt.exec:\thbnbt.exe35⤵
- Executes dropped EXE
-
\??\c:\bbbbbb.exec:\bbbbbb.exe36⤵
- Executes dropped EXE
-
\??\c:\9hthnn.exec:\9hthnn.exe37⤵
- Executes dropped EXE
-
\??\c:\3dpjj.exec:\3dpjj.exe38⤵
- Executes dropped EXE
-
\??\c:\5jjdp.exec:\5jjdp.exe39⤵
- Executes dropped EXE
-
\??\c:\fxrxlfl.exec:\fxrxlfl.exe40⤵
- Executes dropped EXE
-
\??\c:\hnthth.exec:\hnthth.exe41⤵
- Executes dropped EXE
-
\??\c:\7tthht.exec:\7tthht.exe42⤵
- Executes dropped EXE
-
\??\c:\djjdv.exec:\djjdv.exe43⤵
- Executes dropped EXE
-
\??\c:\lfxlxrf.exec:\lfxlxrf.exe44⤵
- Executes dropped EXE
-
\??\c:\xllxlxl.exec:\xllxlxl.exe45⤵
- Executes dropped EXE
-
\??\c:\bbhtnh.exec:\bbhtnh.exe46⤵
- Executes dropped EXE
-
\??\c:\nbhtnn.exec:\nbhtnn.exe47⤵
- Executes dropped EXE
-
\??\c:\vjdvd.exec:\vjdvd.exe48⤵
- Executes dropped EXE
-
\??\c:\vvjdd.exec:\vvjdd.exe49⤵
- Executes dropped EXE
-
\??\c:\rflfrll.exec:\rflfrll.exe50⤵
- Executes dropped EXE
-
\??\c:\bnnbnh.exec:\bnnbnh.exe51⤵
- Executes dropped EXE
-
\??\c:\btnhhh.exec:\btnhhh.exe52⤵
- Executes dropped EXE
-
\??\c:\jjvpj.exec:\jjvpj.exe53⤵
- Executes dropped EXE
-
\??\c:\xrlrlfx.exec:\xrlrlfx.exe54⤵
- Executes dropped EXE
-
\??\c:\flrrlll.exec:\flrrlll.exe55⤵
- Executes dropped EXE
-
\??\c:\nbtnbb.exec:\nbtnbb.exe56⤵
- Executes dropped EXE
-
\??\c:\tnbbbt.exec:\tnbbbt.exe57⤵
- Executes dropped EXE
-
\??\c:\vvpjd.exec:\vvpjd.exe58⤵
- Executes dropped EXE
-
\??\c:\jpvvp.exec:\jpvvp.exe59⤵
- Executes dropped EXE
-
\??\c:\rxxrrlf.exec:\rxxrrlf.exe60⤵
- Executes dropped EXE
-
\??\c:\xxxrfxf.exec:\xxxrfxf.exe61⤵
- Executes dropped EXE
-
\??\c:\nttbnh.exec:\nttbnh.exe62⤵
- Executes dropped EXE
-
\??\c:\bntbnt.exec:\bntbnt.exe63⤵
- Executes dropped EXE
-
\??\c:\ddpjv.exec:\ddpjv.exe64⤵
- Executes dropped EXE
-
\??\c:\jpvvj.exec:\jpvvj.exe65⤵
- Executes dropped EXE
-
\??\c:\xrxrlrx.exec:\xrxrlrx.exe66⤵
-
\??\c:\9bbbtt.exec:\9bbbtt.exe67⤵
-
\??\c:\bhhhbb.exec:\bhhhbb.exe68⤵
-
\??\c:\jpvdd.exec:\jpvdd.exe69⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe70⤵
-
\??\c:\fxllllx.exec:\fxllllx.exe71⤵
-
\??\c:\bbhhbb.exec:\bbhhbb.exe72⤵
-
\??\c:\thhnnh.exec:\thhnnh.exe73⤵
-
\??\c:\9dddd.exec:\9dddd.exe74⤵
-
\??\c:\dvppj.exec:\dvppj.exe75⤵
-
\??\c:\5rlxllf.exec:\5rlxllf.exe76⤵
-
\??\c:\frfrxlx.exec:\frfrxlx.exe77⤵
-
\??\c:\bhtnhh.exec:\bhtnhh.exe78⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe79⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe80⤵
-
\??\c:\nhhhnn.exec:\nhhhnn.exe81⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe82⤵
-
\??\c:\ppdvj.exec:\ppdvj.exe83⤵
-
\??\c:\rfffrxr.exec:\rfffrxr.exe84⤵
-
\??\c:\5rrfrlx.exec:\5rrfrlx.exe85⤵
-
\??\c:\tttnbt.exec:\tttnbt.exe86⤵
-
\??\c:\7pjdj.exec:\7pjdj.exe87⤵
-
\??\c:\1rrxllf.exec:\1rrxllf.exe88⤵
-
\??\c:\rlllffx.exec:\rlllffx.exe89⤵
-
\??\c:\9thhbb.exec:\9thhbb.exe90⤵
-
\??\c:\dvvjd.exec:\dvvjd.exe91⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe92⤵
-
\??\c:\fxxrfff.exec:\fxxrfff.exe93⤵
-
\??\c:\rlffxxr.exec:\rlffxxr.exe94⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe95⤵
-
\??\c:\3bhbnn.exec:\3bhbnn.exe96⤵
-
\??\c:\ddddp.exec:\ddddp.exe97⤵
-
\??\c:\vjppj.exec:\vjppj.exe98⤵
-
\??\c:\fxxrffr.exec:\fxxrffr.exe99⤵
-
\??\c:\fxxxrrr.exec:\fxxxrrr.exe100⤵
-
\??\c:\rfrxlxx.exec:\rfrxlxx.exe101⤵
-
\??\c:\nnhhbb.exec:\nnhhbb.exe102⤵
-
\??\c:\nhnhbt.exec:\nhnhbt.exe103⤵
-
\??\c:\jppjd.exec:\jppjd.exe104⤵
-
\??\c:\vdjpp.exec:\vdjpp.exe105⤵
-
\??\c:\frrrrrl.exec:\frrrrrl.exe106⤵
-
\??\c:\hhhtht.exec:\hhhtht.exe107⤵
-
\??\c:\btbttt.exec:\btbttt.exe108⤵
-
\??\c:\7nhhbb.exec:\7nhhbb.exe109⤵
-
\??\c:\1djdp.exec:\1djdp.exe110⤵
-
\??\c:\frlxlxl.exec:\frlxlxl.exe111⤵
-
\??\c:\bttbtb.exec:\bttbtb.exe112⤵
-
\??\c:\hhnthh.exec:\hhnthh.exe113⤵
-
\??\c:\jdvdv.exec:\jdvdv.exe114⤵
-
\??\c:\1vjvv.exec:\1vjvv.exe115⤵
-
\??\c:\lffxxxr.exec:\lffxxxr.exe116⤵
-
\??\c:\lxxxxfr.exec:\lxxxxfr.exe117⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe118⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe119⤵
-
\??\c:\dvdpd.exec:\dvdpd.exe120⤵
-
\??\c:\lfllfff.exec:\lfllfff.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-