Analysis
-
max time kernel
120s -
max time network
116s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
02/09/2024, 00:07
General
-
Target
a44ca23e6c32e757a8af9f62724c82e0N.exe
-
Size
82KB
-
MD5
a44ca23e6c32e757a8af9f62724c82e0
-
SHA1
8e0d4426e69ca6586ec08d62b9df2a4c3c38599d
-
SHA256
16de9be2dd30e941db7dbcab10a105cb4eae972b9547dc6130b8e3ce0ae9ed12
-
SHA512
1b2ebb464d5269e48d2593234f6c32c8aef37afc1654ecee9f28e39712294e47e0c9cce204e53013dab85384aaecdeae07f394ab30d3551ebc23318007edd59a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo7xCkTsIwtOa2dYSePfg:ymb3NkkiQ3mdBjFo7LAIbTePfg
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a44ca23e6c32e757a8af9f62724c82e0N.exe"C:\Users\Admin\AppData\Local\Temp\a44ca23e6c32e757a8af9f62724c82e0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlffff.exec:\lxlffff.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbbbb.exec:\hhbbbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddddd.exec:\ddddd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvdp.exec:\ppvdp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhbtt.exec:\tbhbtt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dpvj.exec:\9dpvj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xlfrrl.exec:\1xlfrrl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlllff.exec:\xrlllff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhnhn.exec:\tnhnhn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3djjj.exec:\3djjj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflrrxr.exec:\lflrrxr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrrllf.exec:\xlrrllf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnttnn.exec:\hnttnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjd.exec:\ppjjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3frlffx.exec:\3frlffx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrrlll.exec:\flrrlll.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnhnh.exec:\nbnhnh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnhnh.exec:\ntnhnh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjjd.exec:\jjjjd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rxrlrl.exec:\3rxrlrl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxffxxf.exec:\rxffxxf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bhbhn.exec:\1bhbhn.exe23⤵
- Executes dropped EXE
-
\??\c:\dpvpd.exec:\dpvpd.exe24⤵
- Executes dropped EXE
-
\??\c:\rlxrrrl.exec:\rlxrrrl.exe25⤵
- Executes dropped EXE
-
\??\c:\bnhbhh.exec:\bnhbhh.exe26⤵
- Executes dropped EXE
-
\??\c:\nbnhbt.exec:\nbnhbt.exe27⤵
- Executes dropped EXE
-
\??\c:\dvpjp.exec:\dvpjp.exe28⤵
- Executes dropped EXE
-
\??\c:\fllfxrl.exec:\fllfxrl.exe29⤵
- Executes dropped EXE
-
\??\c:\lfxxxxr.exec:\lfxxxxr.exe30⤵
- Executes dropped EXE
-
\??\c:\nhtthh.exec:\nhtthh.exe31⤵
- Executes dropped EXE
-
\??\c:\dpvpj.exec:\dpvpj.exe32⤵
- Executes dropped EXE
-
\??\c:\5frrxxf.exec:\5frrxxf.exe33⤵
- Executes dropped EXE
-
\??\c:\xrfxxxf.exec:\xrfxxxf.exe34⤵
- Executes dropped EXE
-
\??\c:\tbbtnh.exec:\tbbtnh.exe35⤵
- Executes dropped EXE
-
\??\c:\dvvvj.exec:\dvvvj.exe36⤵
- Executes dropped EXE
-
\??\c:\fflrlrr.exec:\fflrlrr.exe37⤵
- Executes dropped EXE
-
\??\c:\3rxxxxf.exec:\3rxxxxf.exe38⤵
- Executes dropped EXE
-
\??\c:\httbbt.exec:\httbbt.exe39⤵
- Executes dropped EXE
-
\??\c:\7thbtb.exec:\7thbtb.exe40⤵
- Executes dropped EXE
-
\??\c:\vdjdv.exec:\vdjdv.exe41⤵
-
\??\c:\rxlrxlf.exec:\rxlrxlf.exe42⤵
- Executes dropped EXE
-
\??\c:\1rlllll.exec:\1rlllll.exe43⤵
- Executes dropped EXE
-
\??\c:\bbbttt.exec:\bbbttt.exe44⤵
- Executes dropped EXE
-
\??\c:\pjjjj.exec:\pjjjj.exe45⤵
- Executes dropped EXE
-
\??\c:\xrrllff.exec:\xrrllff.exe46⤵
- Executes dropped EXE
-
\??\c:\lrxrrrl.exec:\lrxrrrl.exe47⤵
- Executes dropped EXE
-
\??\c:\tbhhhh.exec:\tbhhhh.exe48⤵
- Executes dropped EXE
-
\??\c:\nnbthn.exec:\nnbthn.exe49⤵
- Executes dropped EXE
-
\??\c:\vvdvv.exec:\vvdvv.exe50⤵
- Executes dropped EXE
-
\??\c:\xrlxrrl.exec:\xrlxrrl.exe51⤵
- Executes dropped EXE
-
\??\c:\fxrfxfx.exec:\fxrfxfx.exe52⤵
- Executes dropped EXE
-
\??\c:\btnhhb.exec:\btnhhb.exe53⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\5nhbnn.exec:\5nhbnn.exe54⤵
- Executes dropped EXE
-
\??\c:\pjpjd.exec:\pjpjd.exe55⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe56⤵
- Executes dropped EXE
-
\??\c:\llllxxx.exec:\llllxxx.exe57⤵
- Executes dropped EXE
-
\??\c:\frlfxfl.exec:\frlfxfl.exe58⤵
- Executes dropped EXE
-
\??\c:\ttnhbb.exec:\ttnhbb.exe59⤵
- Executes dropped EXE
-
\??\c:\btnhtt.exec:\btnhtt.exe60⤵
- Executes dropped EXE
-
\??\c:\jvdvv.exec:\jvdvv.exe61⤵
- Executes dropped EXE
-
\??\c:\7vvvj.exec:\7vvvj.exe62⤵
- Executes dropped EXE
-
\??\c:\rxrrlrr.exec:\rxrrlrr.exe63⤵
- Executes dropped EXE
-
\??\c:\ffxllll.exec:\ffxllll.exe64⤵
- Executes dropped EXE
-
\??\c:\bnbnth.exec:\bnbnth.exe65⤵
- Executes dropped EXE
-
\??\c:\ttbttt.exec:\ttbttt.exe66⤵
- Executes dropped EXE
-
\??\c:\pvjpd.exec:\pvjpd.exe67⤵
-
\??\c:\xxlllrr.exec:\xxlllrr.exe68⤵
-
\??\c:\rxxrxxl.exec:\rxxrxxl.exe69⤵
-
\??\c:\nnbbbh.exec:\nnbbbh.exe70⤵
-
\??\c:\ntnnhb.exec:\ntnnhb.exe71⤵
-
\??\c:\dpvjv.exec:\dpvjv.exe72⤵
-
\??\c:\ffrlfxf.exec:\ffrlfxf.exe73⤵
-
\??\c:\1thbbb.exec:\1thbbb.exe74⤵
-
\??\c:\tbnhbh.exec:\tbnhbh.exe75⤵
-
\??\c:\5jpvj.exec:\5jpvj.exe76⤵
-
\??\c:\pvppp.exec:\pvppp.exe77⤵
-
\??\c:\fllfllf.exec:\fllfllf.exe78⤵
-
\??\c:\hthhbh.exec:\hthhbh.exe79⤵
-
\??\c:\ntbttn.exec:\ntbttn.exe80⤵
-
\??\c:\9ddvv.exec:\9ddvv.exe81⤵
-
\??\c:\pvpdd.exec:\pvpdd.exe82⤵
-
\??\c:\frfffxr.exec:\frfffxr.exe83⤵
-
\??\c:\7nhhbh.exec:\7nhhbh.exe84⤵
-
\??\c:\thtnbb.exec:\thtnbb.exe85⤵
-
\??\c:\bbnhnh.exec:\bbnhnh.exe86⤵
-
\??\c:\ppdvv.exec:\ppdvv.exe87⤵
-
\??\c:\vdvdd.exec:\vdvdd.exe88⤵
-
\??\c:\lllfxff.exec:\lllfxff.exe89⤵
-
\??\c:\tbhhnb.exec:\tbhhnb.exe90⤵
-
\??\c:\jvppj.exec:\jvppj.exe91⤵
-
\??\c:\5ppjd.exec:\5ppjd.exe92⤵
-
\??\c:\1fxrxrl.exec:\1fxrxrl.exe93⤵
-
\??\c:\1lrlxxf.exec:\1lrlxxf.exe94⤵
-
\??\c:\xxxxlll.exec:\xxxxlll.exe95⤵
-
\??\c:\1hnnhh.exec:\1hnnhh.exe96⤵
-
\??\c:\9bhbbh.exec:\9bhbbh.exe97⤵
-
\??\c:\vvjjj.exec:\vvjjj.exe98⤵
-
\??\c:\rxlxfrl.exec:\rxlxfrl.exe99⤵
-
\??\c:\7rrrllf.exec:\7rrrllf.exe100⤵
-
\??\c:\lllllll.exec:\lllllll.exe101⤵
-
\??\c:\3bhttt.exec:\3bhttt.exe102⤵
-
\??\c:\jjpjp.exec:\jjpjp.exe103⤵
-
\??\c:\pppvp.exec:\pppvp.exe104⤵
-
\??\c:\xffrrrx.exec:\xffrrrx.exe105⤵
-
\??\c:\xlfxxrr.exec:\xlfxxrr.exe106⤵
-
\??\c:\nbtnhh.exec:\nbtnhh.exe107⤵
-
\??\c:\bbhhtt.exec:\bbhhtt.exe108⤵
-
\??\c:\vppjv.exec:\vppjv.exe109⤵
-
\??\c:\jdppd.exec:\jdppd.exe110⤵
-
\??\c:\xrxflrf.exec:\xrxflrf.exe111⤵
-
\??\c:\rlxxlrf.exec:\rlxxlrf.exe112⤵
-
\??\c:\5ntntt.exec:\5ntntt.exe113⤵
-
\??\c:\bhnnnn.exec:\bhnnnn.exe114⤵
-
\??\c:\dppdp.exec:\dppdp.exe115⤵
-
\??\c:\fxfxrrl.exec:\fxfxrrl.exe116⤵
-
\??\c:\xllffff.exec:\xllffff.exe117⤵
-
\??\c:\hhhttn.exec:\hhhttn.exe118⤵
-
\??\c:\ppjjd.exec:\ppjjd.exe119⤵
-
\??\c:\jppjv.exec:\jppjv.exe120⤵
-
\??\c:\fffxxll.exec:\fffxxll.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-