Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
06/09/2024, 06:01
General
-
Target
2264689478909fe19136fcee06585a80N.exe
-
Size
71KB
-
MD5
2264689478909fe19136fcee06585a80
-
SHA1
3a910179d0a034840b040e65264b2ab677272200
-
SHA256
85d6998f66fac1aca2d5c9be257970adf1f08ccb13a06bd9f2fdffcec4e304a1
-
SHA512
5de2df35ce447b9523d061da2cf86c9699ae0dec3b84fb293c4723da7256e57163d87392af1448216b410dbcd970693db02c7840e251871bd77862fae8f8fb41
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfj6:ymb3NkkiQ3mdBjFI4Vq
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2264689478909fe19136fcee06585a80N.exe"C:\Users\Admin\AppData\Local\Temp\2264689478909fe19136fcee06585a80N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pvddd.exec:\pvddd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlllfrx.exec:\xlllfrx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbnn.exec:\hthbnn.exe4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\vdppd.exec:\vdppd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxllfl.exec:\rlxllfl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbnbn.exec:\ttbnbn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jpjj.exec:\1jpjj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpp.exec:\ppvpp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbhhn.exec:\nnbhhn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hbbtt.exec:\7hbbtt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpjv.exec:\jvpjv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlllrll.exec:\rlllrll.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttnhb.exec:\nttnhb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdvp.exec:\jjdvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpj.exec:\jvvpj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflrxxf.exec:\lflrxxf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrllll.exec:\ffrllll.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthhnh.exec:\nthhnh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjv.exec:\vpjjv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxrlfx.exec:\xlxrlfx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhttbt.exec:\hhttbt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhbt.exec:\btnhbt.exe23⤵
- Executes dropped EXE
-
\??\c:\pjvpp.exec:\pjvpp.exe24⤵
- Executes dropped EXE
-
\??\c:\llrrrrx.exec:\llrrrrx.exe25⤵
- Executes dropped EXE
-
\??\c:\btbtbb.exec:\btbtbb.exe26⤵
- Executes dropped EXE
-
\??\c:\3hhbtt.exec:\3hhbtt.exe27⤵
- Executes dropped EXE
-
\??\c:\pvjjd.exec:\pvjjd.exe28⤵
- Executes dropped EXE
-
\??\c:\fffxllf.exec:\fffxllf.exe29⤵
- Executes dropped EXE
-
\??\c:\1xxxrlf.exec:\1xxxrlf.exe30⤵
- Executes dropped EXE
-
\??\c:\5nnhbt.exec:\5nnhbt.exe31⤵
- Executes dropped EXE
-
\??\c:\vvpdp.exec:\vvpdp.exe32⤵
- Executes dropped EXE
-
\??\c:\9xrlrrf.exec:\9xrlrrf.exe33⤵
- Executes dropped EXE
-
\??\c:\lfffxxl.exec:\lfffxxl.exe34⤵
- Executes dropped EXE
-
\??\c:\ntthbn.exec:\ntthbn.exe35⤵
- Executes dropped EXE
-
\??\c:\9bhtbb.exec:\9bhtbb.exe36⤵
- Executes dropped EXE
-
\??\c:\xfrlxxr.exec:\xfrlxxr.exe37⤵
- Executes dropped EXE
-
\??\c:\nhnhhb.exec:\nhnhhb.exe38⤵
- Executes dropped EXE
-
\??\c:\nhnhbt.exec:\nhnhbt.exe39⤵
- Executes dropped EXE
-
\??\c:\5jpjd.exec:\5jpjd.exe40⤵
- Executes dropped EXE
-
\??\c:\lflfxxr.exec:\lflfxxr.exe41⤵
- Executes dropped EXE
-
\??\c:\ffffxxx.exec:\ffffxxx.exe42⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\ttnnnh.exec:\ttnnnh.exe43⤵
- Executes dropped EXE
-
\??\c:\nbhtnn.exec:\nbhtnn.exe44⤵
- Executes dropped EXE
-
\??\c:\9pvpd.exec:\9pvpd.exe45⤵
- Executes dropped EXE
-
\??\c:\7jvjd.exec:\7jvjd.exe46⤵
- Executes dropped EXE
-
\??\c:\lrrxlll.exec:\lrrxlll.exe47⤵
- Executes dropped EXE
-
\??\c:\fffxfff.exec:\fffxfff.exe48⤵
- Executes dropped EXE
-
\??\c:\nnnnhh.exec:\nnnnhh.exe49⤵
- Executes dropped EXE
-
\??\c:\tbtbtt.exec:\tbtbtt.exe50⤵
- Executes dropped EXE
-
\??\c:\dpjvv.exec:\dpjvv.exe51⤵
- Executes dropped EXE
-
\??\c:\ppjdv.exec:\ppjdv.exe52⤵
- Executes dropped EXE
-
\??\c:\3rrlxxr.exec:\3rrlxxr.exe53⤵
- Executes dropped EXE
-
\??\c:\1rxlxxr.exec:\1rxlxxr.exe54⤵
- Executes dropped EXE
-
\??\c:\ntnnnh.exec:\ntnnnh.exe55⤵
- Executes dropped EXE
-
\??\c:\9bbbbb.exec:\9bbbbb.exe56⤵
- Executes dropped EXE
-
\??\c:\ttnbtt.exec:\ttnbtt.exe57⤵
- Executes dropped EXE
-
\??\c:\vjjdv.exec:\vjjdv.exe58⤵
- Executes dropped EXE
-
\??\c:\rrxrlff.exec:\rrxrlff.exe59⤵
- Executes dropped EXE
-
\??\c:\flllffr.exec:\flllffr.exe60⤵
- Executes dropped EXE
-
\??\c:\ntnnhb.exec:\ntnnhb.exe61⤵
- Executes dropped EXE
-
\??\c:\7htbnn.exec:\7htbnn.exe62⤵
- Executes dropped EXE
-
\??\c:\1ddvp.exec:\1ddvp.exe63⤵
- Executes dropped EXE
-
\??\c:\3djdj.exec:\3djdj.exe64⤵
- Executes dropped EXE
-
\??\c:\fflxxrx.exec:\fflxxrx.exe65⤵
- Executes dropped EXE
-
\??\c:\1xfxllx.exec:\1xfxllx.exe66⤵
-
\??\c:\tttnhn.exec:\tttnhn.exe67⤵
-
\??\c:\rllfxxx.exec:\rllfxxx.exe68⤵
-
\??\c:\llxxffl.exec:\llxxffl.exe69⤵
-
\??\c:\nbbttt.exec:\nbbttt.exe70⤵
-
\??\c:\3hnhhn.exec:\3hnhhn.exe71⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe72⤵
-
\??\c:\ppppj.exec:\ppppj.exe73⤵
-
\??\c:\lfrlflf.exec:\lfrlflf.exe74⤵
-
\??\c:\rlxffrr.exec:\rlxffrr.exe75⤵
-
\??\c:\nbnnnn.exec:\nbnnnn.exe76⤵
-
\??\c:\vjpvv.exec:\vjpvv.exe77⤵
-
\??\c:\jvjdp.exec:\jvjdp.exe78⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe79⤵
-
\??\c:\lrrlrlr.exec:\lrrlrlr.exe80⤵
-
\??\c:\ffrrrrl.exec:\ffrrrrl.exe81⤵
-
\??\c:\5tnnnn.exec:\5tnnnn.exe82⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe83⤵
-
\??\c:\djjjv.exec:\djjjv.exe84⤵
-
\??\c:\lfrrrrl.exec:\lfrrrrl.exe85⤵
-
\??\c:\flrlfff.exec:\flrlfff.exe86⤵
-
\??\c:\thtthb.exec:\thtthb.exe87⤵
-
\??\c:\tnnnhb.exec:\tnnnhb.exe88⤵
-
\??\c:\tnnnbb.exec:\tnnnbb.exe89⤵
-
\??\c:\pddpd.exec:\pddpd.exe90⤵
-
\??\c:\3ddvj.exec:\3ddvj.exe91⤵
-
\??\c:\ffxlffx.exec:\ffxlffx.exe92⤵
-
\??\c:\nnhhnt.exec:\nnhhnt.exe93⤵
-
\??\c:\btnhbb.exec:\btnhbb.exe94⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe95⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe96⤵
-
\??\c:\lrffxrr.exec:\lrffxrr.exe97⤵
-
\??\c:\bhhhbh.exec:\bhhhbh.exe98⤵
-
\??\c:\htnthn.exec:\htnthn.exe99⤵
-
\??\c:\jvjjv.exec:\jvjjv.exe100⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe101⤵
-
\??\c:\lflllll.exec:\lflllll.exe102⤵
-
\??\c:\xxfxxrl.exec:\xxfxxrl.exe103⤵
-
\??\c:\9thnnh.exec:\9thnnh.exe104⤵
-
\??\c:\ttbbtb.exec:\ttbbtb.exe105⤵
-
\??\c:\thtnnn.exec:\thtnnn.exe106⤵
-
\??\c:\ddjdp.exec:\ddjdp.exe107⤵
-
\??\c:\jppvp.exec:\jppvp.exe108⤵
-
\??\c:\rlxlfxl.exec:\rlxlfxl.exe109⤵
-
\??\c:\5rlllll.exec:\5rlllll.exe110⤵
-
\??\c:\1ttnhh.exec:\1ttnhh.exe111⤵
-
\??\c:\tbnnhh.exec:\tbnnhh.exe112⤵
-
\??\c:\1jvvd.exec:\1jvvd.exe113⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe114⤵
-
\??\c:\lrfxrrr.exec:\lrfxrrr.exe115⤵
-
\??\c:\xrfxllf.exec:\xrfxllf.exe116⤵
-
\??\c:\5tbbbb.exec:\5tbbbb.exe117⤵
-
\??\c:\9nnhbt.exec:\9nnhbt.exe118⤵
-
\??\c:\jddvp.exec:\jddvp.exe119⤵
-
\??\c:\xrffxxf.exec:\xrffxxf.exe120⤵
-
\??\c:\xxlllxx.exec:\xxlllxx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-