Analysis
-
max time kernel
120s -
max time network
107s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
05/09/2024, 13:10
General
-
Target
95cc35dc4b0467c6803c09f0511bff20N.exe
-
Size
82KB
-
MD5
95cc35dc4b0467c6803c09f0511bff20
-
SHA1
7e450267b168828cf70dc957c9df1ebdec08a9a0
-
SHA256
8112ff3c2918f04c162df37fc1fc7026d0512e321659e4568319d7149d266d2f
-
SHA512
ca2b556b396e40a26bccd22497ff62d9e8f6094dcd7181bac713ead18186cf6eda30328c6a4aa926a70e1ecfc40aa2eb1b39bafcbfa2af69ac4a2196a273b45e
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA89QD:ymb3NkkiQ3mdBjFIIp9L9QrrA8S
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\95cc35dc4b0467c6803c09f0511bff20N.exe"C:\Users\Admin\AppData\Local\Temp\95cc35dc4b0467c6803c09f0511bff20N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1pjjd.exec:\1pjjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffflxx.exec:\fffflxx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthhht.exec:\tthhht.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddd.exec:\vvddd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rxrlrr.exec:\7rxrlrr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnnhh.exec:\hhnnhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjjp.exec:\vvjjp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrlffx.exec:\xfrlffx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbbhn.exec:\htbbhn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnttt.exec:\nhnttt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xxrllf.exec:\9xxrllf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflrllr.exec:\xflrllr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhnn.exec:\hbhhnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntthn.exec:\tntthn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xffxxx.exec:\7xffxxx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrxxfx.exec:\rxrxxfx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpjp.exec:\jjpjp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rrlrrl.exec:\5rrlrrl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5fxrrrr.exec:\5fxrrrr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhbbb.exec:\tbhbbb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vdvp.exec:\9vdvp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxrrlf.exec:\xfxrrlf.exe23⤵
- Executes dropped EXE
-
\??\c:\btbttt.exec:\btbttt.exe24⤵
- Executes dropped EXE
-
\??\c:\9btnnn.exec:\9btnnn.exe25⤵
- Executes dropped EXE
-
\??\c:\rllfllf.exec:\rllfllf.exe26⤵
- Executes dropped EXE
-
\??\c:\bthhbh.exec:\bthhbh.exe27⤵
- Executes dropped EXE
-
\??\c:\5bhhtb.exec:\5bhhtb.exe28⤵
- Executes dropped EXE
-
\??\c:\ddddv.exec:\ddddv.exe29⤵
- Executes dropped EXE
-
\??\c:\vjddv.exec:\vjddv.exe30⤵
- Executes dropped EXE
-
\??\c:\xrfrllf.exec:\xrfrllf.exe31⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\hhtnnn.exec:\hhtnnn.exe32⤵
- Executes dropped EXE
-
\??\c:\jvpvp.exec:\jvpvp.exe33⤵
- Executes dropped EXE
-
\??\c:\lflfxxf.exec:\lflfxxf.exe34⤵
- Executes dropped EXE
-
\??\c:\btttnn.exec:\btttnn.exe35⤵
- Executes dropped EXE
-
\??\c:\3vpjd.exec:\3vpjd.exe36⤵
- Executes dropped EXE
-
\??\c:\9fxrllf.exec:\9fxrllf.exe37⤵
- Executes dropped EXE
-
\??\c:\3fxrfxr.exec:\3fxrfxr.exe38⤵
- Executes dropped EXE
-
\??\c:\hbnhbh.exec:\hbnhbh.exe39⤵
- Executes dropped EXE
-
\??\c:\tbhhtb.exec:\tbhhtb.exe40⤵
- Executes dropped EXE
-
\??\c:\jvdpj.exec:\jvdpj.exe41⤵
- Executes dropped EXE
-
\??\c:\frxrrrr.exec:\frxrrrr.exe42⤵
- Executes dropped EXE
-
\??\c:\rlllffx.exec:\rlllffx.exe43⤵
- Executes dropped EXE
-
\??\c:\lflflfx.exec:\lflflfx.exe44⤵
- Executes dropped EXE
-
\??\c:\nhnnbb.exec:\nhnnbb.exe45⤵
- Executes dropped EXE
-
\??\c:\1ttthh.exec:\1ttthh.exe46⤵
- Executes dropped EXE
-
\??\c:\djjjj.exec:\djjjj.exe47⤵
- Executes dropped EXE
-
\??\c:\vdvpj.exec:\vdvpj.exe48⤵
- Executes dropped EXE
-
\??\c:\frffrxx.exec:\frffrxx.exe49⤵
- Executes dropped EXE
-
\??\c:\ffxrlll.exec:\ffxrlll.exe50⤵
- Executes dropped EXE
-
\??\c:\bbtnnn.exec:\bbtnnn.exe51⤵
- Executes dropped EXE
-
\??\c:\nhhhbt.exec:\nhhhbt.exe52⤵
- Executes dropped EXE
-
\??\c:\9jddv.exec:\9jddv.exe53⤵
- Executes dropped EXE
-
\??\c:\fxrrffx.exec:\fxrrffx.exe54⤵
- Executes dropped EXE
-
\??\c:\xrrlxxx.exec:\xrrlxxx.exe55⤵
- Executes dropped EXE
-
\??\c:\bnnhhh.exec:\bnnhhh.exe56⤵
- Executes dropped EXE
-
\??\c:\tntnnn.exec:\tntnnn.exe57⤵
- Executes dropped EXE
-
\??\c:\vjddj.exec:\vjddj.exe58⤵
- Executes dropped EXE
-
\??\c:\jvjjv.exec:\jvjjv.exe59⤵
- Executes dropped EXE
-
\??\c:\lfllxxr.exec:\lfllxxr.exe60⤵
- Executes dropped EXE
-
\??\c:\nhbbtn.exec:\nhbbtn.exe61⤵
- Executes dropped EXE
-
\??\c:\7nhhtb.exec:\7nhhtb.exe62⤵
- Executes dropped EXE
-
\??\c:\ppvpj.exec:\ppvpj.exe63⤵
- Executes dropped EXE
-
\??\c:\dpjdv.exec:\dpjdv.exe64⤵
- Executes dropped EXE
-
\??\c:\rxfrllf.exec:\rxfrllf.exe65⤵
- Executes dropped EXE
-
\??\c:\7bbbbb.exec:\7bbbbb.exe66⤵
-
\??\c:\nhnhbh.exec:\nhnhbh.exe67⤵
-
\??\c:\llrxrlr.exec:\llrxrlr.exe68⤵
-
\??\c:\7tbthn.exec:\7tbthn.exe69⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe70⤵
-
\??\c:\7vvvp.exec:\7vvvp.exe71⤵
-
\??\c:\1rxrrrr.exec:\1rxrrrr.exe72⤵
-
\??\c:\hhhbnn.exec:\hhhbnn.exe73⤵
-
\??\c:\7djdj.exec:\7djdj.exe74⤵
-
\??\c:\rxrlffl.exec:\rxrlffl.exe75⤵
-
\??\c:\lrrrllr.exec:\lrrrllr.exe76⤵
-
\??\c:\bnhbbb.exec:\bnhbbb.exe77⤵
-
\??\c:\bnnbnn.exec:\bnnbnn.exe78⤵
-
\??\c:\jjjdp.exec:\jjjdp.exe79⤵
-
\??\c:\frfrrlf.exec:\frfrrlf.exe80⤵
-
\??\c:\rllfxxl.exec:\rllfxxl.exe81⤵
-
\??\c:\hbntht.exec:\hbntht.exe82⤵
-
\??\c:\pjppd.exec:\pjppd.exe83⤵
-
\??\c:\1ffxrrl.exec:\1ffxrrl.exe84⤵
-
\??\c:\xxxrlfx.exec:\xxxrlfx.exe85⤵
-
\??\c:\tntthb.exec:\tntthb.exe86⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe87⤵
-
\??\c:\1pvpp.exec:\1pvpp.exe88⤵
-
\??\c:\fxffllx.exec:\fxffllx.exe89⤵
-
\??\c:\9llffxx.exec:\9llffxx.exe90⤵
-
\??\c:\7nnnnn.exec:\7nnnnn.exe91⤵
-
\??\c:\jjjjp.exec:\jjjjp.exe92⤵
-
\??\c:\frrrrrr.exec:\frrrrrr.exe93⤵
-
\??\c:\1rfxxfx.exec:\1rfxxfx.exe94⤵
-
\??\c:\btbtht.exec:\btbtht.exe95⤵
-
\??\c:\hbhbtt.exec:\hbhbtt.exe96⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe97⤵
-
\??\c:\vppdp.exec:\vppdp.exe98⤵
-
\??\c:\rxlfrrl.exec:\rxlfrrl.exe99⤵
-
\??\c:\ffrlffx.exec:\ffrlffx.exe100⤵
-
\??\c:\hhnhhh.exec:\hhnhhh.exe101⤵
-
\??\c:\tbbtnn.exec:\tbbtnn.exe102⤵
-
\??\c:\pdvpp.exec:\pdvpp.exe103⤵
-
\??\c:\1djjv.exec:\1djjv.exe104⤵
-
\??\c:\llrrlll.exec:\llrrlll.exe105⤵
-
\??\c:\xrffffx.exec:\xrffffx.exe106⤵
-
\??\c:\btnhth.exec:\btnhth.exe107⤵
-
\??\c:\hhbthh.exec:\hhbthh.exe108⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe109⤵
-
\??\c:\5djdp.exec:\5djdp.exe110⤵
-
\??\c:\flfrlfr.exec:\flfrlfr.exe111⤵
-
\??\c:\btbtnn.exec:\btbtnn.exe112⤵
-
\??\c:\3tnnnn.exec:\3tnnnn.exe113⤵
-
\??\c:\pvdvv.exec:\pvdvv.exe114⤵
-
\??\c:\vvvpv.exec:\vvvpv.exe115⤵
-
\??\c:\fffxrlf.exec:\fffxrlf.exe116⤵
-
\??\c:\fffxrrl.exec:\fffxrrl.exe117⤵
-
\??\c:\nhbhnb.exec:\nhbhnb.exe118⤵
-
\??\c:\ffflflf.exec:\ffflflf.exe119⤵
-
\??\c:\nnnnnh.exec:\nnnnnh.exe120⤵
-
\??\c:\bbbtnn.exec:\bbbtnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-