Analysis
-
max time kernel
148s -
max time network
122s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
03/09/2024, 23:10
General
-
Target
7007ac6de02096b69a75fa2255f0e0f00d3b70c9d0c4122da2a3f81737cc9bac.exe
-
Size
82KB
-
MD5
0321db85b2e98db7f8c799fc1da15fce
-
SHA1
4df5c51ead9f140bbf826a83a07d09686b136110
-
SHA256
7007ac6de02096b69a75fa2255f0e0f00d3b70c9d0c4122da2a3f81737cc9bac
-
SHA512
e3ff7a9356f87faf78aa6910d7230829036a212ab9189c6cfb6119443425fd41ba52a5d39326140f845716731b89be4f3d824fe808c9c22ed4b3c894abde49bc
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA89QP:ymb3NkkiQ3mdBjFIIp9L9QrrA8Y
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7007ac6de02096b69a75fa2255f0e0f00d3b70c9d0c4122da2a3f81737cc9bac.exe"C:\Users\Admin\AppData\Local\Temp\7007ac6de02096b69a75fa2255f0e0f00d3b70c9d0c4122da2a3f81737cc9bac.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpp.exec:\ppvpp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxxxfx.exec:\xxxxxfx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxffllx.exec:\fxffllx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrlfrl.exec:\rfrlfrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tnhhh.exec:\9tnhhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbtbt.exec:\tbbtbt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrrfl.exec:\rlrrrfl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rxxrxr.exec:\3rxxrxr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvddd.exec:\jvddd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3fxrxxx.exec:\3fxrxxx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jpvv.exec:\7jpvv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xrlffx.exec:\1xrlffx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbbtt.exec:\ntbbtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvp.exec:\dvdvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdddd.exec:\vdddd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrllfxx.exec:\xrllfxx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btthbn.exec:\btthbn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddjp.exec:\jddjp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lffxrr.exec:\1lffxrr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbhhn.exec:\bbbhhn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pvpj.exec:\9pvpj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvppj.exec:\vvppj.exe23⤵
- Executes dropped EXE
-
\??\c:\xxfxrlf.exec:\xxfxrlf.exe24⤵
- Executes dropped EXE
-
\??\c:\hhhhtt.exec:\hhhhtt.exe25⤵
- Executes dropped EXE
-
\??\c:\nbnnhn.exec:\nbnnhn.exe26⤵
- Executes dropped EXE
-
\??\c:\dvpjv.exec:\dvpjv.exe27⤵
- Executes dropped EXE
-
\??\c:\dddvp.exec:\dddvp.exe28⤵
- Executes dropped EXE
-
\??\c:\llrrflf.exec:\llrrflf.exe29⤵
- Executes dropped EXE
-
\??\c:\tbnbbb.exec:\tbnbbb.exe30⤵
- Executes dropped EXE
-
\??\c:\jpjpd.exec:\jpjpd.exe31⤵
- Executes dropped EXE
-
\??\c:\lxxrrxl.exec:\lxxrrxl.exe32⤵
- Executes dropped EXE
-
\??\c:\fxxxlrr.exec:\fxxxlrr.exe33⤵
- Executes dropped EXE
-
\??\c:\hbbhhh.exec:\hbbhhh.exe34⤵
-
\??\c:\ddvdj.exec:\ddvdj.exe35⤵
- Executes dropped EXE
-
\??\c:\jvdjd.exec:\jvdjd.exe36⤵
- Executes dropped EXE
-
\??\c:\lxfxlxx.exec:\lxfxlxx.exe37⤵
- Executes dropped EXE
-
\??\c:\bthhtt.exec:\bthhtt.exe38⤵
- Executes dropped EXE
-
\??\c:\vvjjp.exec:\vvjjp.exe39⤵
- Executes dropped EXE
-
\??\c:\1vdpp.exec:\1vdpp.exe40⤵
- Executes dropped EXE
-
\??\c:\9rxrlll.exec:\9rxrlll.exe41⤵
- Executes dropped EXE
-
\??\c:\tbhtbn.exec:\tbhtbn.exe42⤵
- Executes dropped EXE
-
\??\c:\tbtbtb.exec:\tbtbtb.exe43⤵
- Executes dropped EXE
-
\??\c:\ppppp.exec:\ppppp.exe44⤵
- Executes dropped EXE
-
\??\c:\ddvjp.exec:\ddvjp.exe45⤵
- Executes dropped EXE
-
\??\c:\rxxrllf.exec:\rxxrllf.exe46⤵
- Executes dropped EXE
-
\??\c:\xrrrrrr.exec:\xrrrrrr.exe47⤵
- Executes dropped EXE
-
\??\c:\3hbbbb.exec:\3hbbbb.exe48⤵
- Executes dropped EXE
-
\??\c:\hntttt.exec:\hntttt.exe49⤵
- Executes dropped EXE
-
\??\c:\vvjjv.exec:\vvjjv.exe50⤵
- Executes dropped EXE
-
\??\c:\jpddd.exec:\jpddd.exe51⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rfflfll.exec:\rfflfll.exe52⤵
- Executes dropped EXE
-
\??\c:\9rrrllf.exec:\9rrrllf.exe53⤵
- Executes dropped EXE
-
\??\c:\tbnnnb.exec:\tbnnnb.exe54⤵
- Executes dropped EXE
-
\??\c:\htnhtt.exec:\htnhtt.exe55⤵
- Executes dropped EXE
-
\??\c:\dpppd.exec:\dpppd.exe56⤵
- Executes dropped EXE
-
\??\c:\jjjdd.exec:\jjjdd.exe57⤵
- Executes dropped EXE
-
\??\c:\rrfxrff.exec:\rrfxrff.exe58⤵
- Executes dropped EXE
-
\??\c:\9nnnhn.exec:\9nnnhn.exe59⤵
- Executes dropped EXE
-
\??\c:\hbtttt.exec:\hbtttt.exe60⤵
- Executes dropped EXE
-
\??\c:\djjjv.exec:\djjjv.exe61⤵
- Executes dropped EXE
-
\??\c:\pvppd.exec:\pvppd.exe62⤵
- Executes dropped EXE
-
\??\c:\lflfffl.exec:\lflfffl.exe63⤵
- Executes dropped EXE
-
\??\c:\frrrlff.exec:\frrrlff.exe64⤵
- Executes dropped EXE
-
\??\c:\hhnnnn.exec:\hhnnnn.exe65⤵
- Executes dropped EXE
-
\??\c:\vppvd.exec:\vppvd.exe66⤵
- Executes dropped EXE
-
\??\c:\jpppp.exec:\jpppp.exe67⤵
-
\??\c:\jddvp.exec:\jddvp.exe68⤵
-
\??\c:\xllfxxr.exec:\xllfxxr.exe69⤵
-
\??\c:\tttnhh.exec:\tttnhh.exe70⤵
-
\??\c:\nhhhtt.exec:\nhhhtt.exe71⤵
-
\??\c:\vvjdj.exec:\vvjdj.exe72⤵
-
\??\c:\jvpjj.exec:\jvpjj.exe73⤵
-
\??\c:\xfllffr.exec:\xfllffr.exe74⤵
-
\??\c:\xfxxrlx.exec:\xfxxrlx.exe75⤵
-
\??\c:\btnnbb.exec:\btnnbb.exe76⤵
-
\??\c:\ntttnn.exec:\ntttnn.exe77⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe78⤵
-
\??\c:\dpjdj.exec:\dpjdj.exe79⤵
-
\??\c:\5llflrr.exec:\5llflrr.exe80⤵
-
\??\c:\bbthhn.exec:\bbthhn.exe81⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe82⤵
-
\??\c:\djdjv.exec:\djdjv.exe83⤵
-
\??\c:\lfllfff.exec:\lfllfff.exe84⤵
-
\??\c:\rlxrrxx.exec:\rlxrrxx.exe85⤵
-
\??\c:\hhhhhh.exec:\hhhhhh.exe86⤵
-
\??\c:\ppvjd.exec:\ppvjd.exe87⤵
-
\??\c:\vdppp.exec:\vdppp.exe88⤵
-
\??\c:\fxrrxxx.exec:\fxrrxxx.exe89⤵
-
\??\c:\bbbbbb.exec:\bbbbbb.exe90⤵
-
\??\c:\nhhhbt.exec:\nhhhbt.exe91⤵
-
\??\c:\vpppj.exec:\vpppj.exe92⤵
-
\??\c:\pdddj.exec:\pdddj.exe93⤵
-
\??\c:\fllllrr.exec:\fllllrr.exe94⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe95⤵
-
\??\c:\hhnnhh.exec:\hhnnhh.exe96⤵
-
\??\c:\vdjjd.exec:\vdjjd.exe97⤵
-
\??\c:\fxffxxl.exec:\fxffxxl.exe98⤵
-
\??\c:\vpppp.exec:\vpppp.exe99⤵
-
\??\c:\vjjvp.exec:\vjjvp.exe100⤵
-
\??\c:\ffxxxff.exec:\ffxxxff.exe101⤵
-
\??\c:\tntnth.exec:\tntnth.exe102⤵
-
\??\c:\bttntt.exec:\bttntt.exe103⤵
-
\??\c:\dpjjj.exec:\dpjjj.exe104⤵
-
\??\c:\5fxlfxx.exec:\5fxlfxx.exe105⤵
-
\??\c:\tntnnn.exec:\tntnnn.exe106⤵
-
\??\c:\dpddv.exec:\dpddv.exe107⤵
-
\??\c:\jppjd.exec:\jppjd.exe108⤵
-
\??\c:\5rffxxx.exec:\5rffxxx.exe109⤵
-
\??\c:\ntttbb.exec:\ntttbb.exe110⤵
-
\??\c:\nhtnth.exec:\nhtnth.exe111⤵
-
\??\c:\jdvjd.exec:\jdvjd.exe112⤵
-
\??\c:\3rfxllf.exec:\3rfxllf.exe113⤵
-
\??\c:\xxxxrxf.exec:\xxxxrxf.exe114⤵
-
\??\c:\nnntnn.exec:\nnntnn.exe115⤵
-
\??\c:\tbbtbb.exec:\tbbtbb.exe116⤵
-
\??\c:\jpjpp.exec:\jpjpp.exe117⤵
-
\??\c:\vvjjp.exec:\vvjjp.exe118⤵
-
\??\c:\llrlffr.exec:\llrlffr.exe119⤵
-
\??\c:\3hhhbb.exec:\3hhhbb.exe120⤵
-
\??\c:\htbtnh.exec:\htbtnh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-