Analysis
-
max time kernel
120s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
05-09-2024 12:34
General
-
Target
3cc0161c3315a0543ab5e41115c04350N.exe
-
Size
95KB
-
MD5
3cc0161c3315a0543ab5e41115c04350
-
SHA1
9ee499677f85d00e0447928b32b25b39d52ea693
-
SHA256
4dd5ea80d4a250be080593e7b76e4b6a8e747a62f824a740694122614c4ced32
-
SHA512
b8e2bbd07dff358eb8715d4d3ad244fba3c511adf16a3e1f9b920b99154bb955e935865e18a9260f38ce02e2d9e408d971b51a7727e6d8312762d2741181392c
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoLuePjDYlZMzcLF:ymb3NkkiQ3mdBjFoLucjD7cp
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3cc0161c3315a0543ab5e41115c04350N.exe"C:\Users\Admin\AppData\Local\Temp\3cc0161c3315a0543ab5e41115c04350N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vppvp.exec:\vppvp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xrlfff.exec:\3xrlfff.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flllffx.exec:\flllffx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhht.exec:\bthhht.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvpp.exec:\dpvpp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxlll.exec:\xrxxlll.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnhbh.exec:\hhnhbh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjjj.exec:\djjjj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrffll.exec:\llrffll.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrrxrr.exec:\lfrrxrr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppp.exec:\dvppp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlfxff.exec:\fxlfxff.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthbtt.exec:\tthbtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjpj.exec:\vdjpj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrlllx.exec:\llrlllx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnntnn.exec:\nnntnn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhhbb.exec:\nbhhbb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvvp.exec:\vpvvp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjdp.exec:\jvjdp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfxrrl.exec:\xxfxrrl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hnnnn.exec:\7hnnnn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbtnn.exec:\bbbtnn.exe23⤵
- Executes dropped EXE
-
\??\c:\jdpvp.exec:\jdpvp.exe24⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe25⤵
- Executes dropped EXE
-
\??\c:\xrxrllf.exec:\xrxrllf.exe26⤵
- Executes dropped EXE
-
\??\c:\hhtnbb.exec:\hhtnbb.exe27⤵
- Executes dropped EXE
-
\??\c:\pppjj.exec:\pppjj.exe28⤵
- Executes dropped EXE
-
\??\c:\3vjvp.exec:\3vjvp.exe29⤵
- Executes dropped EXE
-
\??\c:\lrffrrl.exec:\lrffrrl.exe30⤵
- Executes dropped EXE
-
\??\c:\ntbtnn.exec:\ntbtnn.exe31⤵
- Executes dropped EXE
-
\??\c:\pdjdd.exec:\pdjdd.exe32⤵
- Executes dropped EXE
-
\??\c:\lfrxlxx.exec:\lfrxlxx.exe33⤵
- Executes dropped EXE
-
\??\c:\3hnhbb.exec:\3hnhbb.exe34⤵
- Executes dropped EXE
-
\??\c:\tnhbtt.exec:\tnhbtt.exe35⤵
- Executes dropped EXE
-
\??\c:\ttttnn.exec:\ttttnn.exe36⤵
- Executes dropped EXE
-
\??\c:\vdpjp.exec:\vdpjp.exe37⤵
- Executes dropped EXE
-
\??\c:\lrrfllr.exec:\lrrfllr.exe38⤵
- Executes dropped EXE
-
\??\c:\xxrlrrx.exec:\xxrlrrx.exe39⤵
- Executes dropped EXE
-
\??\c:\nhtntt.exec:\nhtntt.exe40⤵
- Executes dropped EXE
-
\??\c:\9bhnbh.exec:\9bhnbh.exe41⤵
- Executes dropped EXE
-
\??\c:\3ddjj.exec:\3ddjj.exe42⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe43⤵
- Executes dropped EXE
-
\??\c:\frxrfxr.exec:\frxrfxr.exe44⤵
- Executes dropped EXE
-
\??\c:\htnbbt.exec:\htnbbt.exe45⤵
- Executes dropped EXE
-
\??\c:\thnnhh.exec:\thnnhh.exe46⤵
- Executes dropped EXE
-
\??\c:\vjvvv.exec:\vjvvv.exe47⤵
- Executes dropped EXE
-
\??\c:\dddvv.exec:\dddvv.exe48⤵
- Executes dropped EXE
-
\??\c:\frrrlrl.exec:\frrrlrl.exe49⤵
- Executes dropped EXE
-
\??\c:\bnhbbb.exec:\bnhbbb.exe50⤵
- Executes dropped EXE
-
\??\c:\5pppj.exec:\5pppj.exe51⤵
- Executes dropped EXE
-
\??\c:\xlrxxff.exec:\xlrxxff.exe52⤵
- Executes dropped EXE
-
\??\c:\rlxxxxr.exec:\rlxxxxr.exe53⤵
- Executes dropped EXE
-
\??\c:\bbbbtt.exec:\bbbbtt.exe54⤵
- Executes dropped EXE
-
\??\c:\nhhbnb.exec:\nhhbnb.exe55⤵
- Executes dropped EXE
-
\??\c:\1ppvp.exec:\1ppvp.exe56⤵
- Executes dropped EXE
-
\??\c:\jpvpj.exec:\jpvpj.exe57⤵
- Executes dropped EXE
-
\??\c:\xflfxff.exec:\xflfxff.exe58⤵
- Executes dropped EXE
-
\??\c:\5fffxxx.exec:\5fffxxx.exe59⤵
- Executes dropped EXE
-
\??\c:\hbnnhh.exec:\hbnnhh.exe60⤵
- Executes dropped EXE
-
\??\c:\tnbbbb.exec:\tnbbbb.exe61⤵
- Executes dropped EXE
-
\??\c:\pdjpd.exec:\pdjpd.exe62⤵
- Executes dropped EXE
-
\??\c:\pddvp.exec:\pddvp.exe63⤵
- Executes dropped EXE
-
\??\c:\fxlfffr.exec:\fxlfffr.exe64⤵
- Executes dropped EXE
-
\??\c:\frxxrrl.exec:\frxxrrl.exe65⤵
- Executes dropped EXE
-
\??\c:\hhbhhn.exec:\hhbhhn.exe66⤵
-
\??\c:\nnbbbh.exec:\nnbbbh.exe67⤵
-
\??\c:\dppjd.exec:\dppjd.exe68⤵
-
\??\c:\1jpjp.exec:\1jpjp.exe69⤵
-
\??\c:\xxlfllr.exec:\xxlfllr.exe70⤵
-
\??\c:\flfffff.exec:\flfffff.exe71⤵
-
\??\c:\bbttth.exec:\bbttth.exe72⤵
-
\??\c:\btnhtt.exec:\btnhtt.exe73⤵
-
\??\c:\jvpvp.exec:\jvpvp.exe74⤵
- System Location Discovery: System Language Discovery
-
\??\c:\3djdv.exec:\3djdv.exe75⤵
-
\??\c:\lxxrffl.exec:\lxxrffl.exe76⤵
-
\??\c:\1rrlfrl.exec:\1rrlfrl.exe77⤵
-
\??\c:\tnnnhb.exec:\tnnnhb.exe78⤵
-
\??\c:\bthbtb.exec:\bthbtb.exe79⤵
-
\??\c:\rrrlfff.exec:\rrrlfff.exe80⤵
-
\??\c:\9httnb.exec:\9httnb.exe81⤵
-
\??\c:\tthbbb.exec:\tthbbb.exe82⤵
-
\??\c:\nbnhbb.exec:\nbnhbb.exe83⤵
-
\??\c:\ppjjp.exec:\ppjjp.exe84⤵
-
\??\c:\xrlfxxx.exec:\xrlfxxx.exe85⤵
-
\??\c:\nhhhtt.exec:\nhhhtt.exe86⤵
-
\??\c:\htbtbt.exec:\htbtbt.exe87⤵
-
\??\c:\jppjd.exec:\jppjd.exe88⤵
-
\??\c:\xxlfxfx.exec:\xxlfxfx.exe89⤵
-
\??\c:\xlrxxxx.exec:\xlrxxxx.exe90⤵
-
\??\c:\btttnn.exec:\btttnn.exe91⤵
-
\??\c:\bbbnnh.exec:\bbbnnh.exe92⤵
-
\??\c:\9pjjv.exec:\9pjjv.exe93⤵
-
\??\c:\3vpjd.exec:\3vpjd.exe94⤵
-
\??\c:\rlrrrrf.exec:\rlrrrrf.exe95⤵
-
\??\c:\1rrrlrr.exec:\1rrrlrr.exe96⤵
-
\??\c:\tbbtnn.exec:\tbbtnn.exe97⤵
-
\??\c:\pvdpj.exec:\pvdpj.exe98⤵
-
\??\c:\jdvpv.exec:\jdvpv.exe99⤵
-
\??\c:\rxfxrrr.exec:\rxfxrrr.exe100⤵
-
\??\c:\7xlfllr.exec:\7xlfllr.exe101⤵
-
\??\c:\tnttnn.exec:\tnttnn.exe102⤵
-
\??\c:\tthbbb.exec:\tthbbb.exe103⤵
-
\??\c:\vdjjd.exec:\vdjjd.exe104⤵
-
\??\c:\ddpjd.exec:\ddpjd.exe105⤵
-
\??\c:\flfxrxr.exec:\flfxrxr.exe106⤵
-
\??\c:\xxffxxx.exec:\xxffxxx.exe107⤵
-
\??\c:\bthtnt.exec:\bthtnt.exe108⤵
-
\??\c:\bhbnhh.exec:\bhbnhh.exe109⤵
-
\??\c:\pdvpd.exec:\pdvpd.exe110⤵
-
\??\c:\djvpj.exec:\djvpj.exe111⤵
-
\??\c:\llfrlfr.exec:\llfrlfr.exe112⤵
-
\??\c:\bbbttn.exec:\bbbttn.exe113⤵
-
\??\c:\1ntnhn.exec:\1ntnhn.exe114⤵
-
\??\c:\5vvvv.exec:\5vvvv.exe115⤵
-
\??\c:\dvdjd.exec:\dvdjd.exe116⤵
-
\??\c:\rllxrrr.exec:\rllxrrr.exe117⤵
-
\??\c:\9htnhh.exec:\9htnhh.exe118⤵
-
\??\c:\3hnhbb.exec:\3hnhbb.exe119⤵
-
\??\c:\dddvv.exec:\dddvv.exe120⤵
-
\??\c:\rrxrffl.exec:\rrxrffl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-