Analysis
-
max time kernel
120s -
max time network
122s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
08/09/2024, 13:29
General
-
Target
a142998fca9c12f4160eb2e36e2f5f10N.exe
-
Size
80KB
-
MD5
a142998fca9c12f4160eb2e36e2f5f10
-
SHA1
16734c7c7c1df4c5fdab6271ae99675f85796566
-
SHA256
a7015d10f6b924f00acac405507a811ed462ecf4348cd37478f90e18185aa66b
-
SHA512
6da9003e499e9d93ac8f9b33d4c1c547c53210fb4b13709ad6dbe755c8c1f554adb12bdf20e1f0cd6c0b6ef6a1577509d681aadba023d0111ed99c2449d3052d
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqC52v:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqCm
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 39 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a142998fca9c12f4160eb2e36e2f5f10N.exe"C:\Users\Admin\AppData\Local\Temp\a142998fca9c12f4160eb2e36e2f5f10N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhnnt.exec:\bbhnnt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjvp.exec:\vjjvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbnnn.exec:\btbnnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjdv.exec:\vdjdv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnnnn.exec:\nhnnnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnhb.exec:\bntnhb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvvj.exec:\dpvvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrfxxr.exec:\xrrfxxr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hnbtt.exec:\3hnbtt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddj.exec:\vpddj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrfxrl.exec:\frrfxrl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3thbnn.exec:\3thbnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbttb.exec:\ntbttb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdjd.exec:\dpdjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lrrfff.exec:\5lrrfff.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbtbb.exec:\ttbtbb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjj.exec:\jdpjj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddv.exec:\vpddv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxrrfx.exec:\rlxrrfx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlfxxr.exec:\frlfxxr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbtb.exec:\nhbbtb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpj.exec:\vpvpj.exe23⤵
- Executes dropped EXE
-
\??\c:\pjpjd.exec:\pjpjd.exe24⤵
- Executes dropped EXE
-
\??\c:\xlrxrxx.exec:\xlrxrxx.exe25⤵
- Executes dropped EXE
-
\??\c:\tbnhnh.exec:\tbnhnh.exe26⤵
- Executes dropped EXE
-
\??\c:\tnhhtt.exec:\tnhhtt.exe27⤵
- Executes dropped EXE
-
\??\c:\ddvpv.exec:\ddvpv.exe28⤵
- Executes dropped EXE
-
\??\c:\fxffxxr.exec:\fxffxxr.exe29⤵
- Executes dropped EXE
-
\??\c:\tnhbnn.exec:\tnhbnn.exe30⤵
- Executes dropped EXE
-
\??\c:\bnnnnn.exec:\bnnnnn.exe31⤵
- Executes dropped EXE
-
\??\c:\jvjdv.exec:\jvjdv.exe32⤵
- Executes dropped EXE
-
\??\c:\lfxlflf.exec:\lfxlflf.exe33⤵
- Executes dropped EXE
-
\??\c:\frrlrlf.exec:\frrlrlf.exe34⤵
- Executes dropped EXE
-
\??\c:\hnnntt.exec:\hnnntt.exe35⤵
- Executes dropped EXE
-
\??\c:\nbbhtb.exec:\nbbhtb.exe36⤵
- Executes dropped EXE
-
\??\c:\ppvvp.exec:\ppvvp.exe37⤵
- Executes dropped EXE
-
\??\c:\rlfxrrl.exec:\rlfxrrl.exe38⤵
- Executes dropped EXE
-
\??\c:\lfffxxf.exec:\lfffxxf.exe39⤵
- Executes dropped EXE
-
\??\c:\3bhhbb.exec:\3bhhbb.exe40⤵
- Executes dropped EXE
-
\??\c:\hnbtnt.exec:\hnbtnt.exe41⤵
- Executes dropped EXE
-
\??\c:\vdvjp.exec:\vdvjp.exe42⤵
- Executes dropped EXE
-
\??\c:\rllflfr.exec:\rllflfr.exe43⤵
- Executes dropped EXE
-
\??\c:\fxxrllf.exec:\fxxrllf.exe44⤵
- Executes dropped EXE
-
\??\c:\ttbhhh.exec:\ttbhhh.exe45⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe46⤵
- Executes dropped EXE
-
\??\c:\pjpvv.exec:\pjpvv.exe47⤵
- Executes dropped EXE
-
\??\c:\llffrxx.exec:\llffrxx.exe48⤵
- Executes dropped EXE
-
\??\c:\9lxfxff.exec:\9lxfxff.exe49⤵
- Executes dropped EXE
-
\??\c:\ttbbtb.exec:\ttbbtb.exe50⤵
- Executes dropped EXE
-
\??\c:\hbnhth.exec:\hbnhth.exe51⤵
- Executes dropped EXE
-
\??\c:\vjddj.exec:\vjddj.exe52⤵
- Executes dropped EXE
-
\??\c:\xrrlffx.exec:\xrrlffx.exe53⤵
- Executes dropped EXE
-
\??\c:\rxxrrrr.exec:\rxxrrrr.exe54⤵
- Executes dropped EXE
-
\??\c:\tthbbb.exec:\tthbbb.exe55⤵
- Executes dropped EXE
-
\??\c:\bhnhbb.exec:\bhnhbb.exe56⤵
- Executes dropped EXE
-
\??\c:\pdvjd.exec:\pdvjd.exe57⤵
- Executes dropped EXE
-
\??\c:\lxlrfxx.exec:\lxlrfxx.exe58⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\1flfxxr.exec:\1flfxxr.exe59⤵
- Executes dropped EXE
-
\??\c:\nhtnbb.exec:\nhtnbb.exe60⤵
- Executes dropped EXE
-
\??\c:\3tnhbb.exec:\3tnhbb.exe61⤵
- Executes dropped EXE
-
\??\c:\pjpjv.exec:\pjpjv.exe62⤵
- Executes dropped EXE
-
\??\c:\pvppj.exec:\pvppj.exe63⤵
- Executes dropped EXE
-
\??\c:\rllrllf.exec:\rllrllf.exe64⤵
- Executes dropped EXE
-
\??\c:\lffxrrr.exec:\lffxrrr.exe65⤵
- Executes dropped EXE
-
\??\c:\hbnhbt.exec:\hbnhbt.exe66⤵
-
\??\c:\vddvp.exec:\vddvp.exe67⤵
-
\??\c:\7jpjv.exec:\7jpjv.exe68⤵
-
\??\c:\xrlfllf.exec:\xrlfllf.exe69⤵
-
\??\c:\nnnhhh.exec:\nnnhhh.exe70⤵
-
\??\c:\1nbbbb.exec:\1nbbbb.exe71⤵
-
\??\c:\pjddv.exec:\pjddv.exe72⤵
-
\??\c:\ffxxlll.exec:\ffxxlll.exe73⤵
-
\??\c:\frlfrlf.exec:\frlfrlf.exe74⤵
-
\??\c:\nnhbnn.exec:\nnhbnn.exe75⤵
-
\??\c:\9ntnbb.exec:\9ntnbb.exe76⤵
-
\??\c:\5vvvj.exec:\5vvvj.exe77⤵
-
\??\c:\lllffff.exec:\lllffff.exe78⤵
-
\??\c:\nnhntb.exec:\nnhntb.exe79⤵
-
\??\c:\hnnhbb.exec:\hnnhbb.exe80⤵
-
\??\c:\frxxrrl.exec:\frxxrrl.exe81⤵
-
\??\c:\xrffxfr.exec:\xrffxfr.exe82⤵
-
\??\c:\nttttt.exec:\nttttt.exe83⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe84⤵
-
\??\c:\ppddd.exec:\ppddd.exe85⤵
-
\??\c:\rlrllll.exec:\rlrllll.exe86⤵
-
\??\c:\7bhbnn.exec:\7bhbnn.exe87⤵
-
\??\c:\7bbtnh.exec:\7bbtnh.exe88⤵
-
\??\c:\jvjvj.exec:\jvjvj.exe89⤵
-
\??\c:\xllxxrx.exec:\xllxxrx.exe90⤵
-
\??\c:\xrrlfff.exec:\xrrlfff.exe91⤵
-
\??\c:\bbnbht.exec:\bbnbht.exe92⤵
-
\??\c:\thnttt.exec:\thnttt.exe93⤵
-
\??\c:\dvpdp.exec:\dvpdp.exe94⤵
-
\??\c:\9dvpj.exec:\9dvpj.exe95⤵
-
\??\c:\fffrllf.exec:\fffrllf.exe96⤵
-
\??\c:\9bbbbb.exec:\9bbbbb.exe97⤵
-
\??\c:\btbbnh.exec:\btbbnh.exe98⤵
-
\??\c:\ddvjv.exec:\ddvjv.exe99⤵
-
\??\c:\1jjvd.exec:\1jjvd.exe100⤵
-
\??\c:\lffxllf.exec:\lffxllf.exe101⤵
-
\??\c:\thbthh.exec:\thbthh.exe102⤵
-
\??\c:\bnnbth.exec:\bnnbth.exe103⤵
-
\??\c:\vvjdp.exec:\vvjdp.exe104⤵
-
\??\c:\vvddv.exec:\vvddv.exe105⤵
-
\??\c:\lffxlrl.exec:\lffxlrl.exe106⤵
-
\??\c:\thhbnh.exec:\thhbnh.exe107⤵
-
\??\c:\1vpvj.exec:\1vpvj.exe108⤵
-
\??\c:\9fxlrrr.exec:\9fxlrrr.exe109⤵
-
\??\c:\1ttnhb.exec:\1ttnhb.exe110⤵
-
\??\c:\bnnhhh.exec:\bnnhhh.exe111⤵
-
\??\c:\djdpj.exec:\djdpj.exe112⤵
-
\??\c:\rrxlrrx.exec:\rrxlrrx.exe113⤵
-
\??\c:\thnnhb.exec:\thnnhb.exe114⤵
-
\??\c:\7bbttn.exec:\7bbttn.exe115⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe116⤵
-
\??\c:\5vvpd.exec:\5vvpd.exe117⤵
-
\??\c:\1flfllf.exec:\1flfllf.exe118⤵
-
\??\c:\1btnnh.exec:\1btnnh.exe119⤵
-
\??\c:\pjvjj.exec:\pjvjj.exe120⤵
-
\??\c:\7vdvj.exec:\7vdvj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-