Analysis
-
max time kernel
150s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
01/09/2024, 17:13
General
-
Target
ddc275d87548e5d4a283832799a2754ed32045ca97b608a8c476da6e7900869f.exe
-
Size
78KB
-
MD5
e24afa077e062b61829880d7b23a16a4
-
SHA1
a10fd446d8496c4696a98f206852b5ff2e6a3575
-
SHA256
ddc275d87548e5d4a283832799a2754ed32045ca97b608a8c476da6e7900869f
-
SHA512
e559586ef94c5130b8a19815c77d7412117fd72e61e3c81a0cb6eccede170d4fab22662ac18f60f9eab1948b547bd7ea0da1c2927ca596975f6501250b61b772
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIkpi+qPtOKLjF9QW:ymb3NkkiQ3mdBjFIj+qcKLjF9P
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ddc275d87548e5d4a283832799a2754ed32045ca97b608a8c476da6e7900869f.exe"C:\Users\Admin\AppData\Local\Temp\ddc275d87548e5d4a283832799a2754ed32045ca97b608a8c476da6e7900869f.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxlfrl.exec:\rxxlfrl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhhtn.exec:\bnhhtn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1btnbt.exec:\1btnbt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvpv.exec:\vdvpv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ppjd.exec:\9ppjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlxlfx.exec:\rrlxlfx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbttb.exec:\nnbttb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdvp.exec:\vvdvp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjdv.exec:\dvjdv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxflfx.exec:\rfxflfx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjdv.exec:\dpjdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlfrfr.exec:\lxlfrfr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxlfxr.exec:\rxxlfxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hhbbt.exec:\1hhbbt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjvv.exec:\vpjvv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xffrlfx.exec:\xffrlfx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbtntn.exec:\tbtntn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjvp.exec:\pjjvp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjdj.exec:\dpjdj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xlxrlx.exec:\3xlxrlx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhbt.exec:\nhnhbt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjjj.exec:\vvjjj.exe23⤵
- Executes dropped EXE
-
\??\c:\vdpjp.exec:\vdpjp.exe24⤵
- Executes dropped EXE
-
\??\c:\rfxlxrl.exec:\rfxlxrl.exe25⤵
- Executes dropped EXE
-
\??\c:\xxxrlfx.exec:\xxxrlfx.exe26⤵
- Executes dropped EXE
-
\??\c:\hhnhtn.exec:\hhnhtn.exe27⤵
- Executes dropped EXE
-
\??\c:\tbhbnh.exec:\tbhbnh.exe28⤵
- Executes dropped EXE
-
\??\c:\dppdj.exec:\dppdj.exe29⤵
- Executes dropped EXE
-
\??\c:\vjpjd.exec:\vjpjd.exe30⤵
- Executes dropped EXE
-
\??\c:\rflxrlf.exec:\rflxrlf.exe31⤵
- Executes dropped EXE
-
\??\c:\thhbnh.exec:\thhbnh.exe32⤵
- Executes dropped EXE
-
\??\c:\5dvpj.exec:\5dvpj.exe33⤵
- Executes dropped EXE
-
\??\c:\vdpdp.exec:\vdpdp.exe34⤵
-
\??\c:\rxfrfxr.exec:\rxfrfxr.exe35⤵
- Executes dropped EXE
-
\??\c:\frrlfxr.exec:\frrlfxr.exe36⤵
- Executes dropped EXE
-
\??\c:\tttnhb.exec:\tttnhb.exe37⤵
- Executes dropped EXE
-
\??\c:\hhhthn.exec:\hhhthn.exe38⤵
- Executes dropped EXE
-
\??\c:\5vvdj.exec:\5vvdj.exe39⤵
- Executes dropped EXE
-
\??\c:\9fxrlll.exec:\9fxrlll.exe40⤵
- Executes dropped EXE
-
\??\c:\9tnhbt.exec:\9tnhbt.exe41⤵
- Executes dropped EXE
-
\??\c:\btbttn.exec:\btbttn.exe42⤵
- Executes dropped EXE
-
\??\c:\pjdvp.exec:\pjdvp.exe43⤵
- Executes dropped EXE
-
\??\c:\jpjvd.exec:\jpjvd.exe44⤵
- Executes dropped EXE
-
\??\c:\xlrfrlx.exec:\xlrfrlx.exe45⤵
- Executes dropped EXE
-
\??\c:\lxlxflr.exec:\lxlxflr.exe46⤵
- Executes dropped EXE
-
\??\c:\tnnhhn.exec:\tnnhhn.exe47⤵
- Executes dropped EXE
-
\??\c:\bhbtnb.exec:\bhbtnb.exe48⤵
- Executes dropped EXE
-
\??\c:\pddjv.exec:\pddjv.exe49⤵
- Executes dropped EXE
-
\??\c:\jdjdp.exec:\jdjdp.exe50⤵
- Executes dropped EXE
-
\??\c:\lfxrfxl.exec:\lfxrfxl.exe51⤵
- Executes dropped EXE
-
\??\c:\ffxrfxr.exec:\ffxrfxr.exe52⤵
- Executes dropped EXE
-
\??\c:\nbnhtt.exec:\nbnhtt.exe53⤵
- Executes dropped EXE
-
\??\c:\hbbtnh.exec:\hbbtnh.exe54⤵
- Executes dropped EXE
-
\??\c:\1dddp.exec:\1dddp.exe55⤵
- Executes dropped EXE
-
\??\c:\ppvpv.exec:\ppvpv.exe56⤵
- Executes dropped EXE
-
\??\c:\rflxrfr.exec:\rflxrfr.exe57⤵
- Executes dropped EXE
-
\??\c:\lrlfxfx.exec:\lrlfxfx.exe58⤵
- Executes dropped EXE
-
\??\c:\ntthhb.exec:\ntthhb.exe59⤵
- Executes dropped EXE
-
\??\c:\hhtnhh.exec:\hhtnhh.exe60⤵
- Executes dropped EXE
-
\??\c:\ppjdj.exec:\ppjdj.exe61⤵
- Executes dropped EXE
-
\??\c:\pjdvj.exec:\pjdvj.exe62⤵
- Executes dropped EXE
-
\??\c:\lrrllrl.exec:\lrrllrl.exe63⤵
- Executes dropped EXE
-
\??\c:\rxrlxrl.exec:\rxrlxrl.exe64⤵
- Executes dropped EXE
-
\??\c:\3nnhhb.exec:\3nnhhb.exe65⤵
- Executes dropped EXE
-
\??\c:\hhhbhh.exec:\hhhbhh.exe66⤵
- Executes dropped EXE
-
\??\c:\pdjdv.exec:\pdjdv.exe67⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe68⤵
-
\??\c:\frrlrrl.exec:\frrlrrl.exe69⤵
-
\??\c:\lxxrlxx.exec:\lxxrlxx.exe70⤵
-
\??\c:\thhbnh.exec:\thhbnh.exe71⤵
-
\??\c:\hbtnhb.exec:\hbtnhb.exe72⤵
-
\??\c:\ppjdp.exec:\ppjdp.exe73⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe74⤵
-
\??\c:\lxxxrlr.exec:\lxxxrlr.exe75⤵
-
\??\c:\9lfxxxx.exec:\9lfxxxx.exe76⤵
-
\??\c:\nnntbb.exec:\nnntbb.exe77⤵
-
\??\c:\jdvjv.exec:\jdvjv.exe78⤵
-
\??\c:\dddvp.exec:\dddvp.exe79⤵
-
\??\c:\xxrlxrl.exec:\xxrlxrl.exe80⤵
-
\??\c:\nntbbb.exec:\nntbbb.exe81⤵
-
\??\c:\tntnbb.exec:\tntnbb.exe82⤵
-
\??\c:\ppvvj.exec:\ppvvj.exe83⤵
-
\??\c:\pdvpv.exec:\pdvpv.exe84⤵
-
\??\c:\rflffxx.exec:\rflffxx.exe85⤵
-
\??\c:\xfflffx.exec:\xfflffx.exe86⤵
-
\??\c:\btnnbb.exec:\btnnbb.exe87⤵
-
\??\c:\3ttnbb.exec:\3ttnbb.exe88⤵
-
\??\c:\dpjvj.exec:\dpjvj.exe89⤵
-
\??\c:\dvppp.exec:\dvppp.exe90⤵
-
\??\c:\3nntnh.exec:\3nntnh.exe91⤵
-
\??\c:\pdvpj.exec:\pdvpj.exe92⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe93⤵
-
\??\c:\lxxxlfx.exec:\lxxxlfx.exe94⤵
-
\??\c:\rfrlfxr.exec:\rfrlfxr.exe95⤵
-
\??\c:\bhbtnt.exec:\bhbtnt.exe96⤵
-
\??\c:\htnbnh.exec:\htnbnh.exe97⤵
-
\??\c:\vpddp.exec:\vpddp.exe98⤵
-
\??\c:\9jdpd.exec:\9jdpd.exe99⤵
-
\??\c:\lflfllx.exec:\lflfllx.exe100⤵
-
\??\c:\hbbnth.exec:\hbbnth.exe101⤵
-
\??\c:\bhtnhh.exec:\bhtnhh.exe102⤵
-
\??\c:\dpjdd.exec:\dpjdd.exe103⤵
-
\??\c:\dvpdp.exec:\dvpdp.exe104⤵
-
\??\c:\rflxlfx.exec:\rflxlfx.exe105⤵
-
\??\c:\9rxrrrl.exec:\9rxrrrl.exe106⤵
-
\??\c:\7hbthb.exec:\7hbthb.exe107⤵
-
\??\c:\htttnb.exec:\htttnb.exe108⤵
-
\??\c:\ddddj.exec:\ddddj.exe109⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe110⤵
-
\??\c:\xffxllr.exec:\xffxllr.exe111⤵
-
\??\c:\5htbtn.exec:\5htbtn.exe112⤵
-
\??\c:\3ppdp.exec:\3ppdp.exe113⤵
-
\??\c:\jvvvj.exec:\jvvvj.exe114⤵
-
\??\c:\5xrfflf.exec:\5xrfflf.exe115⤵
-
\??\c:\3xxlxrf.exec:\3xxlxrf.exe116⤵
-
\??\c:\nnhhhb.exec:\nnhhhb.exe117⤵
-
\??\c:\bthnht.exec:\bthnht.exe118⤵
-
\??\c:\vdvpp.exec:\vdvpp.exe119⤵
-
\??\c:\xxfxrlf.exec:\xxfxrlf.exe120⤵
-
\??\c:\frfxllf.exec:\frfxllf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-