Analysis
-
max time kernel
150s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
09/09/2024, 18:56
General
-
Target
140338db2d66aa80f69d73ee491134dc8e28c0656ae2a9886c201825f9fc5a68.exe
-
Size
375KB
-
MD5
23779c20238caef25c751a6277600f23
-
SHA1
e6900bfbd1d4154d0360b132ee8286b1370fe61a
-
SHA256
140338db2d66aa80f69d73ee491134dc8e28c0656ae2a9886c201825f9fc5a68
-
SHA512
e389a23037aa6f4f710786f82dac53fd3f5c65ea2fb650ef979622ba81fef8c15ea1cd3efe9e3c89aa47151f209bab0330129fc98dc43644f338678735c037ec
-
SSDEEP
6144:n3C9BRIG0asYFm71mJl3/X8mak5gNv9rC8IwLaYNUvtTxTKMM3:n3C9uYA7i3/stR9HGYyvtTxTKMU
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\140338db2d66aa80f69d73ee491134dc8e28c0656ae2a9886c201825f9fc5a68.exe"C:\Users\Admin\AppData\Local\Temp\140338db2d66aa80f69d73ee491134dc8e28c0656ae2a9886c201825f9fc5a68.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvjd.exec:\vvvjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxlfxr.exec:\ffxlfxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hnbth.exec:\7hnbth.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1djdv.exec:\1djdv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvv.exec:\jddvv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dvpj.exec:\7dvpj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrlfx.exec:\xrlrlfx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btthtn.exec:\btthtn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ppdv.exec:\3ppdv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnbnn.exec:\bnnbnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdvp.exec:\djdvp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnhnt.exec:\bhnhnt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbthb.exec:\nbbthb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxrfxx.exec:\frxrfxx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xxlxxl.exec:\9xxlxxl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhnhb.exec:\hhhnhb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xlfrlf.exec:\3xlfrlf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttnbh.exec:\nttnbh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlfxrl.exec:\lrlfxrl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxrlx.exec:\rlfxrlx.exe21⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvjj.exec:\dpvjj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xlxllf.exec:\5xlxllf.exe23⤵
- Executes dropped EXE
-
\??\c:\rfxrffx.exec:\rfxrffx.exe24⤵
- Executes dropped EXE
-
\??\c:\ddpdv.exec:\ddpdv.exe25⤵
- Executes dropped EXE
-
\??\c:\rflflfr.exec:\rflflfr.exe26⤵
- Executes dropped EXE
-
\??\c:\hbbttn.exec:\hbbttn.exe27⤵
- Executes dropped EXE
-
\??\c:\pdpdp.exec:\pdpdp.exe28⤵
- Executes dropped EXE
-
\??\c:\xlrfllx.exec:\xlrfllx.exe29⤵
- Executes dropped EXE
-
\??\c:\rrrxfll.exec:\rrrxfll.exe30⤵
- Executes dropped EXE
-
\??\c:\frfxxrf.exec:\frfxxrf.exe31⤵
- Executes dropped EXE
-
\??\c:\jjjdd.exec:\jjjdd.exe32⤵
- Executes dropped EXE
-
\??\c:\rfflxlx.exec:\rfflxlx.exe33⤵
- Executes dropped EXE
-
\??\c:\hhbthb.exec:\hhbthb.exe34⤵
- Executes dropped EXE
-
\??\c:\bthnhn.exec:\bthnhn.exe35⤵
- Executes dropped EXE
-
\??\c:\jvvpj.exec:\jvvpj.exe36⤵
- Executes dropped EXE
-
\??\c:\xrxfrxl.exec:\xrxfrxl.exe37⤵
- Executes dropped EXE
-
\??\c:\thhhbb.exec:\thhhbb.exe38⤵
- Executes dropped EXE
-
\??\c:\jpddv.exec:\jpddv.exe39⤵
- Executes dropped EXE
-
\??\c:\3lxffrx.exec:\3lxffrx.exe40⤵
- Executes dropped EXE
-
\??\c:\7ttnbh.exec:\7ttnbh.exe41⤵
- Executes dropped EXE
-
\??\c:\hnthtt.exec:\hnthtt.exe42⤵
- Executes dropped EXE
-
\??\c:\vpppp.exec:\vpppp.exe43⤵
- Executes dropped EXE
-
\??\c:\ffxxflr.exec:\ffxxflr.exe44⤵
- Executes dropped EXE
-
\??\c:\hbntbn.exec:\hbntbn.exe45⤵
- Executes dropped EXE
-
\??\c:\5nnbth.exec:\5nnbth.exe46⤵
- Executes dropped EXE
-
\??\c:\vpvjj.exec:\vpvjj.exe47⤵
- Executes dropped EXE
-
\??\c:\lxfrfxr.exec:\lxfrfxr.exe48⤵
- Executes dropped EXE
-
\??\c:\9llfrrr.exec:\9llfrrr.exe49⤵
- Executes dropped EXE
-
\??\c:\nbtnhh.exec:\nbtnhh.exe50⤵
- Executes dropped EXE
-
\??\c:\pjjjv.exec:\pjjjv.exe51⤵
- Executes dropped EXE
-
\??\c:\fxrfrlf.exec:\fxrfrlf.exe52⤵
- Executes dropped EXE
-
\??\c:\nthhnh.exec:\nthhnh.exe53⤵
- Executes dropped EXE
-
\??\c:\pvjdd.exec:\pvjdd.exe54⤵
- Executes dropped EXE
-
\??\c:\vpjjp.exec:\vpjjp.exe55⤵
- Executes dropped EXE
-
\??\c:\lffxxrl.exec:\lffxxrl.exe56⤵
- Executes dropped EXE
-
\??\c:\bttnnn.exec:\bttnnn.exe57⤵
- Executes dropped EXE
-
\??\c:\7pvvp.exec:\7pvvp.exe58⤵
- Executes dropped EXE
-
\??\c:\pppjj.exec:\pppjj.exe59⤵
- Executes dropped EXE
-
\??\c:\xffxfff.exec:\xffxfff.exe60⤵
- Executes dropped EXE
-
\??\c:\3hhbhh.exec:\3hhbhh.exe61⤵
- Executes dropped EXE
-
\??\c:\hhnhhh.exec:\hhnhhh.exe62⤵
- Executes dropped EXE
-
\??\c:\pdjjd.exec:\pdjjd.exe63⤵
- Executes dropped EXE
-
\??\c:\xxlffll.exec:\xxlffll.exe64⤵
- Executes dropped EXE
-
\??\c:\rlxrlrr.exec:\rlxrlrr.exe65⤵
- Executes dropped EXE
-
\??\c:\9hnhbt.exec:\9hnhbt.exe66⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe67⤵
-
\??\c:\ppppp.exec:\ppppp.exe68⤵
-
\??\c:\3fxrlfx.exec:\3fxrlfx.exe69⤵
-
\??\c:\hnttbb.exec:\hnttbb.exe70⤵
-
\??\c:\tbhhbt.exec:\tbhhbt.exe71⤵
-
\??\c:\pppvp.exec:\pppvp.exe72⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe73⤵
-
\??\c:\xlllfff.exec:\xlllfff.exe74⤵
-
\??\c:\nnnhbb.exec:\nnnhbb.exe75⤵
-
\??\c:\hbnhbn.exec:\hbnhbn.exe76⤵
-
\??\c:\pvddj.exec:\pvddj.exe77⤵
-
\??\c:\3lfrllf.exec:\3lfrllf.exe78⤵
-
\??\c:\tntnnn.exec:\tntnnn.exe79⤵
-
\??\c:\3nhhnn.exec:\3nhhnn.exe80⤵
-
\??\c:\7pjdd.exec:\7pjdd.exe81⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe82⤵
-
\??\c:\rlllffx.exec:\rlllffx.exe83⤵
-
\??\c:\hthbbt.exec:\hthbbt.exe84⤵
-
\??\c:\5vpjd.exec:\5vpjd.exe85⤵
-
\??\c:\ffrrxff.exec:\ffrrxff.exe86⤵
-
\??\c:\5llllrr.exec:\5llllrr.exe87⤵
-
\??\c:\3ttnnb.exec:\3ttnnb.exe88⤵
-
\??\c:\jvvdv.exec:\jvvdv.exe89⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe90⤵
-
\??\c:\xfrfrrr.exec:\xfrfrrr.exe91⤵
-
\??\c:\1hnnnn.exec:\1hnnnn.exe92⤵
-
\??\c:\nnhbtt.exec:\nnhbtt.exe93⤵
-
\??\c:\7vddd.exec:\7vddd.exe94⤵
-
\??\c:\3bbtnn.exec:\3bbtnn.exe95⤵
-
\??\c:\btnnhb.exec:\btnnhb.exe96⤵
-
\??\c:\1pvpd.exec:\1pvpd.exe97⤵
-
\??\c:\rxxflrf.exec:\rxxflrf.exe98⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe99⤵
-
\??\c:\tnthth.exec:\tnthth.exe100⤵
-
\??\c:\pdjjp.exec:\pdjjp.exe101⤵
-
\??\c:\xlllffx.exec:\xlllffx.exe102⤵
-
\??\c:\nbbtnn.exec:\nbbtnn.exe103⤵
-
\??\c:\htbtnn.exec:\htbtnn.exe104⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe105⤵
-
\??\c:\9xxrrll.exec:\9xxrrll.exe106⤵
-
\??\c:\rfrlrrx.exec:\rfrlrrx.exe107⤵
-
\??\c:\hbbttt.exec:\hbbttt.exe108⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe109⤵
-
\??\c:\xffxffx.exec:\xffxffx.exe110⤵
-
\??\c:\rlrrrrl.exec:\rlrrrrl.exe111⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe112⤵
-
\??\c:\jjvpv.exec:\jjvpv.exe113⤵
-
\??\c:\vvppp.exec:\vvppp.exe114⤵
-
\??\c:\flfrllx.exec:\flfrllx.exe115⤵
-
\??\c:\7tbttt.exec:\7tbttt.exe116⤵
-
\??\c:\ntbttt.exec:\ntbttt.exe117⤵
-
\??\c:\jpdvj.exec:\jpdvj.exe118⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe119⤵
-
\??\c:\lffxrlf.exec:\lffxrlf.exe120⤵
-
\??\c:\thhhbt.exec:\thhhbt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-