Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
08/09/2024, 14:31
General
-
Target
4eced1cab94f0fe4e430eedc93d42e80N.exe
-
Size
90KB
-
MD5
4eced1cab94f0fe4e430eedc93d42e80
-
SHA1
68273cf409d7dd70148b217a7e810179e0284436
-
SHA256
1febd05af56d54a73ec7b8353ca1e0c39c2c6c72efb8022e435aaa3022126d48
-
SHA512
c746a1ee2cb765070efdc7f6b562a5c471d210c313ed82bf73dbdb49f5ac5558c9cc79cbd0d13b4c85a1ed0f7fc9ee429a744efa5fbb4761bb709b29fa2070f1
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND+3T4+mzv7oEzN/8wNXj:ymb3NkkiQ3mdBjF+3TYzvTFD1
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 39 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\MusNotification.exeC:\Windows\system32\MusNotification.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\4eced1cab94f0fe4e430eedc93d42e80N.exe"C:\Users\Admin\AppData\Local\Temp\4eced1cab94f0fe4e430eedc93d42e80N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbbhh.exec:\nnbbhh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjj.exec:\pjpjj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlffll.exec:\fxlffll.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xfffll.exec:\5xfffll.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhhhh.exec:\bbhhhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjjd.exec:\djjjd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdpp.exec:\jpdpp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrfxx.exec:\xrrrfxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhttbb.exec:\hhttbb.exe10⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\nhttnt.exec:\nhttnt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjvp.exec:\vvjvp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjdd.exec:\ddjdd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlrxfl.exec:\xxlrxfl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnnbb.exec:\hhnnbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnttbh.exec:\nnttbh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ddvp.exec:\3ddvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlllxxr.exec:\rlllxxr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rxxxff.exec:\5rxxxff.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnnhh.exec:\bbnnhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjvp.exec:\djjvp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjjv.exec:\ddjjv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rfrrrf.exec:\7rfrrrf.exe23⤵
- Executes dropped EXE
-
\??\c:\lfxlfrl.exec:\lfxlfrl.exe24⤵
- Executes dropped EXE
-
\??\c:\hbnhnn.exec:\hbnhnn.exe25⤵
- Executes dropped EXE
-
\??\c:\jpppj.exec:\jpppj.exe26⤵
- Executes dropped EXE
-
\??\c:\9jjjd.exec:\9jjjd.exe27⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\llfflll.exec:\llfflll.exe28⤵
- Executes dropped EXE
-
\??\c:\flrllrr.exec:\flrllrr.exe29⤵
- Executes dropped EXE
-
\??\c:\hbnhhh.exec:\hbnhhh.exe30⤵
- Executes dropped EXE
-
\??\c:\bnttnn.exec:\bnttnn.exe31⤵
- Executes dropped EXE
-
\??\c:\pdjjv.exec:\pdjjv.exe32⤵
- Executes dropped EXE
-
\??\c:\5lllfff.exec:\5lllfff.exe33⤵
- Executes dropped EXE
-
\??\c:\fxrrrrr.exec:\fxrrrrr.exe34⤵
- Executes dropped EXE
-
\??\c:\7tbtnn.exec:\7tbtnn.exe35⤵
- Executes dropped EXE
-
\??\c:\1tttnb.exec:\1tttnb.exe36⤵
- Executes dropped EXE
-
\??\c:\dpvjp.exec:\dpvjp.exe37⤵
- Executes dropped EXE
-
\??\c:\ppdvd.exec:\ppdvd.exe38⤵
- Executes dropped EXE
-
\??\c:\vdjjv.exec:\vdjjv.exe39⤵
- Executes dropped EXE
-
\??\c:\xrfrllf.exec:\xrfrllf.exe40⤵
- Executes dropped EXE
-
\??\c:\xrlllll.exec:\xrlllll.exe41⤵
- Executes dropped EXE
-
\??\c:\ntntnt.exec:\ntntnt.exe42⤵
- Executes dropped EXE
-
\??\c:\hbnnhh.exec:\hbnnhh.exe43⤵
- Executes dropped EXE
-
\??\c:\jdvjp.exec:\jdvjp.exe44⤵
- Executes dropped EXE
-
\??\c:\ffrrrrl.exec:\ffrrrrl.exe45⤵
- Executes dropped EXE
-
\??\c:\flrrllf.exec:\flrrllf.exe46⤵
- Executes dropped EXE
-
\??\c:\fllfxxr.exec:\fllfxxr.exe47⤵
- Executes dropped EXE
-
\??\c:\nntnbb.exec:\nntnbb.exe48⤵
- Executes dropped EXE
-
\??\c:\jppjd.exec:\jppjd.exe49⤵
- Executes dropped EXE
-
\??\c:\vpjdd.exec:\vpjdd.exe50⤵
- Executes dropped EXE
-
\??\c:\xxffxll.exec:\xxffxll.exe51⤵
- Executes dropped EXE
-
\??\c:\frxffll.exec:\frxffll.exe52⤵
- Executes dropped EXE
-
\??\c:\ffrxlll.exec:\ffrxlll.exe53⤵
- Executes dropped EXE
-
\??\c:\tttttb.exec:\tttttb.exe54⤵
- Executes dropped EXE
-
\??\c:\tbhtnh.exec:\tbhtnh.exe55⤵
- Executes dropped EXE
-
\??\c:\dpvdv.exec:\dpvdv.exe56⤵
- Executes dropped EXE
-
\??\c:\7pdjp.exec:\7pdjp.exe57⤵
- Executes dropped EXE
-
\??\c:\1lrlffx.exec:\1lrlffx.exe58⤵
- Executes dropped EXE
-
\??\c:\rfxflrf.exec:\rfxflrf.exe59⤵
- Executes dropped EXE
-
\??\c:\tntttb.exec:\tntttb.exe60⤵
- Executes dropped EXE
-
\??\c:\hnbhnh.exec:\hnbhnh.exe61⤵
- Executes dropped EXE
-
\??\c:\vvvvv.exec:\vvvvv.exe62⤵
- Executes dropped EXE
-
\??\c:\pjvvv.exec:\pjvvv.exe63⤵
- Executes dropped EXE
-
\??\c:\lllfflf.exec:\lllfflf.exe64⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\lxxxrxr.exec:\lxxxrxr.exe65⤵
- Executes dropped EXE
-
\??\c:\ttttbn.exec:\ttttbn.exe66⤵
-
\??\c:\tntnnn.exec:\tntnnn.exe67⤵
-
\??\c:\pvdvp.exec:\pvdvp.exe68⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe69⤵
-
\??\c:\lfxllxr.exec:\lfxllxr.exe70⤵
-
\??\c:\fxxrfxf.exec:\fxxrfxf.exe71⤵
-
\??\c:\bbbbbb.exec:\bbbbbb.exe72⤵
-
\??\c:\7hnnnn.exec:\7hnnnn.exe73⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe74⤵
-
\??\c:\pddvd.exec:\pddvd.exe75⤵
-
\??\c:\xllfxxr.exec:\xllfxxr.exe76⤵
-
\??\c:\lllllrr.exec:\lllllrr.exe77⤵
-
\??\c:\nhnnhh.exec:\nhnnhh.exe78⤵
-
\??\c:\9ntttb.exec:\9ntttb.exe79⤵
- System Location Discovery: System Language Discovery
-
\??\c:\9btbnb.exec:\9btbnb.exe80⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe81⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe82⤵
-
\??\c:\llffxxx.exec:\llffxxx.exe83⤵
-
\??\c:\rxlrrxx.exec:\rxlrrxx.exe84⤵
-
\??\c:\thnnnn.exec:\thnnnn.exe85⤵
-
\??\c:\tthbht.exec:\tthbht.exe86⤵
-
\??\c:\htbbtt.exec:\htbbtt.exe87⤵
-
\??\c:\jddpp.exec:\jddpp.exe88⤵
-
\??\c:\vpddj.exec:\vpddj.exe89⤵
-
\??\c:\frrxfll.exec:\frrxfll.exe90⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xlxrrll.exec:\xlxrrll.exe91⤵
-
\??\c:\tbtnnn.exec:\tbtnnn.exe92⤵
-
\??\c:\hhhbbh.exec:\hhhbbh.exe93⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe94⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe95⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe96⤵
-
\??\c:\rrxrxxl.exec:\rrxrxxl.exe97⤵
-
\??\c:\lrrrlrl.exec:\lrrrlrl.exe98⤵
-
\??\c:\7lxxffl.exec:\7lxxffl.exe99⤵
-
\??\c:\btnnnn.exec:\btnnnn.exe100⤵
-
\??\c:\bthntb.exec:\bthntb.exe101⤵
-
\??\c:\vvpjp.exec:\vvpjp.exe102⤵
-
\??\c:\ppjjd.exec:\ppjjd.exe103⤵
-
\??\c:\rrxxrrf.exec:\rrxxrrf.exe104⤵
-
\??\c:\vvpjd.exec:\vvpjd.exe105⤵
-
\??\c:\ddjpj.exec:\ddjpj.exe106⤵
-
\??\c:\djpjv.exec:\djpjv.exe107⤵
-
\??\c:\5lrllrr.exec:\5lrllrr.exe108⤵
-
\??\c:\llrrllf.exec:\llrrllf.exe109⤵
-
\??\c:\3btnnh.exec:\3btnnh.exe110⤵
-
\??\c:\vdppv.exec:\vdppv.exe111⤵
-
\??\c:\ppvpp.exec:\ppvpp.exe112⤵
-
\??\c:\dvddd.exec:\dvddd.exe113⤵
-
\??\c:\lfrlrrf.exec:\lfrlrrf.exe114⤵
-
\??\c:\hnbbbb.exec:\hnbbbb.exe115⤵
-
\??\c:\ttnhnn.exec:\ttnhnn.exe116⤵
-
\??\c:\jpdjp.exec:\jpdjp.exe117⤵
-
\??\c:\ffffrll.exec:\ffffrll.exe118⤵
-
\??\c:\btbbtb.exec:\btbbtb.exe119⤵
-
\??\c:\jdvjj.exec:\jdvjj.exe120⤵
-
\??\c:\llrllll.exec:\llrllll.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-