Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
09/09/2024, 20:16
General
-
Target
32f49c7d08217d05c5d4513d290f787276095989e0e0821266a60953d6ad1b3e.exe
-
Size
64KB
-
MD5
b3507b8acd0b882e68cc1290e74357f2
-
SHA1
3dd44315942758c2510b2b77670a5009e37b15ad
-
SHA256
32f49c7d08217d05c5d4513d290f787276095989e0e0821266a60953d6ad1b3e
-
SHA512
4a337dfb8d6f6b509de5d2c2bc35ccec670faa232d459be68278f8f87e3230f85e18a8817f2ab7923b1aacfe24f7a57332723754149fcf2fd1186fe2700a9602
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI9L27T:ymb3NkkiQ3mdBjFI9O
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\32f49c7d08217d05c5d4513d290f787276095989e0e0821266a60953d6ad1b3e.exe"C:\Users\Admin\AppData\Local\Temp\32f49c7d08217d05c5d4513d290f787276095989e0e0821266a60953d6ad1b3e.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1pddj.exec:\1pddj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxllxl.exec:\lrxllxl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbtht.exec:\ntbtht.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhtn.exec:\btnhtn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvdv.exec:\dpvdv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdddd.exec:\pdddd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflrrxl.exec:\rflrrxl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flfxrfx.exec:\flfxrfx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhbtt.exec:\bhhbtt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvjj.exec:\ddvjj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrfrfx.exec:\ffrfrfx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hhthb.exec:\9hhthb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnbnb.exec:\nbnbnb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjd.exec:\jdpjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxllxf.exec:\flxllxf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llflfxr.exec:\llflfxr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbhnn.exec:\tbbhnn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hnhtn.exec:\5hnhtn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ppdp.exec:\5ppdp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3fxlxrl.exec:\3fxlxrl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtntn.exec:\nhtntn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnthbh.exec:\hnthbh.exe23⤵
- Executes dropped EXE
-
\??\c:\vjjdp.exec:\vjjdp.exe24⤵
- Executes dropped EXE
-
\??\c:\3xxrfxf.exec:\3xxrfxf.exe25⤵
- Executes dropped EXE
-
\??\c:\7ffrfxr.exec:\7ffrfxr.exe26⤵
- Executes dropped EXE
-
\??\c:\tntttn.exec:\tntttn.exe27⤵
- Executes dropped EXE
-
\??\c:\dvdpp.exec:\dvdpp.exe28⤵
- Executes dropped EXE
-
\??\c:\lffxrlr.exec:\lffxrlr.exe29⤵
- Executes dropped EXE
-
\??\c:\1xxrfxr.exec:\1xxrfxr.exe30⤵
- Executes dropped EXE
-
\??\c:\9hbtnh.exec:\9hbtnh.exe31⤵
- Executes dropped EXE
-
\??\c:\hnbbhb.exec:\hnbbhb.exe32⤵
- Executes dropped EXE
-
\??\c:\5vvvp.exec:\5vvvp.exe33⤵
- Executes dropped EXE
-
\??\c:\rxrlxrl.exec:\rxrlxrl.exe34⤵
- Executes dropped EXE
-
\??\c:\7rxlrlr.exec:\7rxlrlr.exe35⤵
- Executes dropped EXE
-
\??\c:\tthbnh.exec:\tthbnh.exe36⤵
- Executes dropped EXE
-
\??\c:\thtnbt.exec:\thtnbt.exe37⤵
- Executes dropped EXE
-
\??\c:\pdvdj.exec:\pdvdj.exe38⤵
- Executes dropped EXE
-
\??\c:\dpdpd.exec:\dpdpd.exe39⤵
- Executes dropped EXE
-
\??\c:\flfrfxr.exec:\flfrfxr.exe40⤵
- Executes dropped EXE
-
\??\c:\frffxll.exec:\frffxll.exe41⤵
- Executes dropped EXE
-
\??\c:\5flffff.exec:\5flffff.exe42⤵
- Executes dropped EXE
-
\??\c:\7nhbnb.exec:\7nhbnb.exe43⤵
- Executes dropped EXE
-
\??\c:\5nhthb.exec:\5nhthb.exe44⤵
- Executes dropped EXE
-
\??\c:\9vpjd.exec:\9vpjd.exe45⤵
- Executes dropped EXE
-
\??\c:\ppppd.exec:\ppppd.exe46⤵
- Executes dropped EXE
-
\??\c:\jvpdj.exec:\jvpdj.exe47⤵
- Executes dropped EXE
-
\??\c:\llfrlxr.exec:\llfrlxr.exe48⤵
- Executes dropped EXE
-
\??\c:\rlrrrrl.exec:\rlrrrrl.exe49⤵
- Executes dropped EXE
-
\??\c:\5btbnh.exec:\5btbnh.exe50⤵
- Executes dropped EXE
-
\??\c:\tbnhtn.exec:\tbnhtn.exe51⤵
- Executes dropped EXE
-
\??\c:\9vpjv.exec:\9vpjv.exe52⤵
- Executes dropped EXE
-
\??\c:\ddvjv.exec:\ddvjv.exe53⤵
- Executes dropped EXE
-
\??\c:\lrrfrll.exec:\lrrfrll.exe54⤵
- Executes dropped EXE
-
\??\c:\9xrlxrx.exec:\9xrlxrx.exe55⤵
- Executes dropped EXE
-
\??\c:\tttthh.exec:\tttthh.exe56⤵
- Executes dropped EXE
-
\??\c:\9bbtnn.exec:\9bbtnn.exe57⤵
- Executes dropped EXE
-
\??\c:\nhhthb.exec:\nhhthb.exe58⤵
- Executes dropped EXE
-
\??\c:\vpppp.exec:\vpppp.exe59⤵
- Executes dropped EXE
-
\??\c:\pdvpd.exec:\pdvpd.exe60⤵
- Executes dropped EXE
-
\??\c:\lxrfrll.exec:\lxrfrll.exe61⤵
- Executes dropped EXE
-
\??\c:\fxxrrll.exec:\fxxrrll.exe62⤵
- Executes dropped EXE
-
\??\c:\nttnbt.exec:\nttnbt.exe63⤵
- Executes dropped EXE
-
\??\c:\hnhhth.exec:\hnhhth.exe64⤵
- Executes dropped EXE
-
\??\c:\pvdpp.exec:\pvdpp.exe65⤵
- Executes dropped EXE
-
\??\c:\9fffffx.exec:\9fffffx.exe66⤵
-
\??\c:\5flffxf.exec:\5flffxf.exe67⤵
-
\??\c:\nhhhbb.exec:\nhhhbb.exe68⤵
-
\??\c:\nbbtnn.exec:\nbbtnn.exe69⤵
-
\??\c:\9pjdj.exec:\9pjdj.exe70⤵
-
\??\c:\lxlxfrl.exec:\lxlxfrl.exe71⤵
-
\??\c:\rfrlfxr.exec:\rfrlfxr.exe72⤵
-
\??\c:\ttnnbb.exec:\ttnnbb.exe73⤵
-
\??\c:\9vvdp.exec:\9vvdp.exe74⤵
-
\??\c:\7vdvv.exec:\7vdvv.exe75⤵
-
\??\c:\5ffxlfx.exec:\5ffxlfx.exe76⤵
-
\??\c:\lfxfrrr.exec:\lfxfrrr.exe77⤵
-
\??\c:\tnnhhb.exec:\tnnhhb.exe78⤵
-
\??\c:\3nthhb.exec:\3nthhb.exe79⤵
-
\??\c:\djdpd.exec:\djdpd.exe80⤵
-
\??\c:\dpdpd.exec:\dpdpd.exe81⤵
-
\??\c:\lffllxr.exec:\lffllxr.exe82⤵
-
\??\c:\lrrrfxr.exec:\lrrrfxr.exe83⤵
-
\??\c:\bhnhbt.exec:\bhnhbt.exe84⤵
-
\??\c:\9tbnnh.exec:\9tbnnh.exe85⤵
-
\??\c:\jvpdp.exec:\jvpdp.exe86⤵
-
\??\c:\jdjdj.exec:\jdjdj.exe87⤵
-
\??\c:\flfrfxx.exec:\flfrfxx.exe88⤵
-
\??\c:\rxrlfxl.exec:\rxrlfxl.exe89⤵
-
\??\c:\nhbnhb.exec:\nhbnhb.exe90⤵
-
\??\c:\tnttbn.exec:\tnttbn.exe91⤵
-
\??\c:\vdjvp.exec:\vdjvp.exe92⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe93⤵
-
\??\c:\xxrflfx.exec:\xxrflfx.exe94⤵
-
\??\c:\fllxlfx.exec:\fllxlfx.exe95⤵
-
\??\c:\htbtbb.exec:\htbtbb.exe96⤵
-
\??\c:\lxlflfx.exec:\lxlflfx.exe97⤵
-
\??\c:\nhtbnn.exec:\nhtbnn.exe98⤵
-
\??\c:\nhbtnb.exec:\nhbtnb.exe99⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe100⤵
-
\??\c:\jvjpv.exec:\jvjpv.exe101⤵
-
\??\c:\lffrxrr.exec:\lffrxrr.exe102⤵
-
\??\c:\5lxrrll.exec:\5lxrrll.exe103⤵
-
\??\c:\3nhbnh.exec:\3nhbnh.exe104⤵
-
\??\c:\3jdvj.exec:\3jdvj.exe105⤵
-
\??\c:\pddpj.exec:\pddpj.exe106⤵
-
\??\c:\fffxlff.exec:\fffxlff.exe107⤵
-
\??\c:\lrrfxrf.exec:\lrrfxrf.exe108⤵
-
\??\c:\fxrrrlr.exec:\fxrrrlr.exe109⤵
-
\??\c:\3bbtnn.exec:\3bbtnn.exe110⤵
-
\??\c:\nhhbhb.exec:\nhhbhb.exe111⤵
-
\??\c:\pdvpd.exec:\pdvpd.exe112⤵
-
\??\c:\dpvpd.exec:\dpvpd.exe113⤵
-
\??\c:\9lfrrll.exec:\9lfrrll.exe114⤵
-
\??\c:\xffxfxf.exec:\xffxfxf.exe115⤵
-
\??\c:\hbnhhh.exec:\hbnhhh.exe116⤵
-
\??\c:\9bbttt.exec:\9bbttt.exe117⤵
-
\??\c:\ttbbtt.exec:\ttbbtt.exe118⤵
-
\??\c:\jvvjd.exec:\jvvjd.exe119⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe120⤵
-
\??\c:\xrffxrl.exec:\xrffxrl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-