Analysis
-
max time kernel
120s -
max time network
111s -
platform
windows10-2004_x64 -
resource
win10v2004-20240910-en -
resource tags
-
submitted
11-09-2024 21:41
General
-
Target
c3f32f78534112015cf4d699f5b04710N.exe
-
Size
70KB
-
MD5
c3f32f78534112015cf4d699f5b04710
-
SHA1
4a74121c472eef06276f865230593a02beb0fc96
-
SHA256
6429b64f6c646bd62be3c16f90547fd09697f52db30ba13ba606592e01660af8
-
SHA512
bd16b68dbf9d8301aaf05da86da21f10daad4d3b7520a0bae4ebc3e4642c5d015156b9cef41e2a62eedcf4ec33cebe091d309d16f138ecf8bdbaa7d737029453
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfjR:ymb3NkkiQ3mdBjFI4Vh
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 30 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 44 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c3f32f78534112015cf4d699f5b04710N.exe"C:\Users\Admin\AppData\Local\Temp\c3f32f78534112015cf4d699f5b04710N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrllff.exec:\xlrllff.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bnhhh.exec:\1bnhhh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbnnb.exec:\nnbnnb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvpj.exec:\pdvpj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflffxx.exec:\fflffxx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrxfff.exec:\llrxfff.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbbnn.exec:\hnbbnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbtnh.exec:\ttbtnh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpppp.exec:\vpppp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxrlff.exec:\llxrlff.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlfxxr.exec:\frlfxxr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tnnhb.exec:\7tnnhb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddvp.exec:\pddvp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xffxrlf.exec:\xffxrlf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhtbb.exec:\thhtbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htttnn.exec:\htttnn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdvp.exec:\ppdvp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdd.exec:\vpjdd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llllfll.exec:\llllfll.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxrff.exec:\rlxxrff.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhbt.exec:\bnnhbt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhbb.exec:\btnhbb.exe23⤵
- Executes dropped EXE
-
\??\c:\vjjdp.exec:\vjjdp.exe24⤵
- Executes dropped EXE
-
\??\c:\pvpdd.exec:\pvpdd.exe25⤵
- Executes dropped EXE
-
\??\c:\ffrrxxf.exec:\ffrrxxf.exe26⤵
- Executes dropped EXE
-
\??\c:\3bbtnh.exec:\3bbtnh.exe27⤵
- Executes dropped EXE
-
\??\c:\nhbbtb.exec:\nhbbtb.exe28⤵
- Executes dropped EXE
-
\??\c:\vpdjd.exec:\vpdjd.exe29⤵
- Executes dropped EXE
-
\??\c:\pjpvj.exec:\pjpvj.exe30⤵
- Executes dropped EXE
-
\??\c:\xxrlxxr.exec:\xxrlxxr.exe31⤵
- Executes dropped EXE
-
\??\c:\rrxrfff.exec:\rrxrfff.exe32⤵
- Executes dropped EXE
-
\??\c:\nnnhbb.exec:\nnnhbb.exe33⤵
- Executes dropped EXE
-
\??\c:\nnhhtn.exec:\nnhhtn.exe34⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\pddpd.exec:\pddpd.exe35⤵
- Executes dropped EXE
-
\??\c:\vvvpj.exec:\vvvpj.exe36⤵
- Executes dropped EXE
-
\??\c:\rfrffff.exec:\rfrffff.exe37⤵
- Executes dropped EXE
-
\??\c:\7tnnnh.exec:\7tnnnh.exe38⤵
-
\??\c:\nnhhtb.exec:\nnhhtb.exe39⤵
- Executes dropped EXE
-
\??\c:\5vpjp.exec:\5vpjp.exe40⤵
- Executes dropped EXE
-
\??\c:\vdppj.exec:\vdppj.exe41⤵
- Executes dropped EXE
-
\??\c:\vpjjd.exec:\vpjjd.exe42⤵
- Executes dropped EXE
-
\??\c:\lfrrffl.exec:\lfrrffl.exe43⤵
- Executes dropped EXE
-
\??\c:\xffxrrl.exec:\xffxrrl.exe44⤵
- Executes dropped EXE
-
\??\c:\nnhntt.exec:\nnhntt.exe45⤵
- Executes dropped EXE
-
\??\c:\nhbttt.exec:\nhbttt.exe46⤵
- Executes dropped EXE
-
\??\c:\jdpjp.exec:\jdpjp.exe47⤵
- Executes dropped EXE
-
\??\c:\jdpdv.exec:\jdpdv.exe48⤵
- Executes dropped EXE
-
\??\c:\9lrfrll.exec:\9lrfrll.exe49⤵
- Executes dropped EXE
-
\??\c:\7lrllfx.exec:\7lrllfx.exe50⤵
- Executes dropped EXE
-
\??\c:\tnhnbh.exec:\tnhnbh.exe51⤵
- Executes dropped EXE
-
\??\c:\nntttt.exec:\nntttt.exe52⤵
- Executes dropped EXE
-
\??\c:\pjdvv.exec:\pjdvv.exe53⤵
- Executes dropped EXE
-
\??\c:\pddvp.exec:\pddvp.exe54⤵
- Executes dropped EXE
-
\??\c:\pjpvv.exec:\pjpvv.exe55⤵
- Executes dropped EXE
-
\??\c:\xxxfrfx.exec:\xxxfrfx.exe56⤵
- Executes dropped EXE
-
\??\c:\lrxrlll.exec:\lrxrlll.exe57⤵
- Executes dropped EXE
-
\??\c:\bththb.exec:\bththb.exe58⤵
- Executes dropped EXE
-
\??\c:\tnbbnn.exec:\tnbbnn.exe59⤵
- Executes dropped EXE
-
\??\c:\7jppj.exec:\7jppj.exe60⤵
- Executes dropped EXE
-
\??\c:\dpdjd.exec:\dpdjd.exe61⤵
- Executes dropped EXE
-
\??\c:\vddvd.exec:\vddvd.exe62⤵
- Executes dropped EXE
-
\??\c:\xlxlrll.exec:\xlxlrll.exe63⤵
- Executes dropped EXE
-
\??\c:\rxxrllf.exec:\rxxrllf.exe64⤵
- Executes dropped EXE
-
\??\c:\tnttnn.exec:\tnttnn.exe65⤵
- Executes dropped EXE
-
\??\c:\hntnhn.exec:\hntnhn.exe66⤵
- Executes dropped EXE
-
\??\c:\vpvvj.exec:\vpvvj.exe67⤵
-
\??\c:\jppdp.exec:\jppdp.exe68⤵
-
\??\c:\xlxrlfl.exec:\xlxrlfl.exe69⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xxlffxf.exec:\xxlffxf.exe70⤵
-
\??\c:\xrrfxrl.exec:\xrrfxrl.exe71⤵
-
\??\c:\9bbttn.exec:\9bbttn.exe72⤵
-
\??\c:\hbhbnn.exec:\hbhbnn.exe73⤵
-
\??\c:\djjdv.exec:\djjdv.exe74⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe75⤵
-
\??\c:\vppdp.exec:\vppdp.exe76⤵
-
\??\c:\1xxrfxr.exec:\1xxrfxr.exe77⤵
-
\??\c:\lxrlffx.exec:\lxrlffx.exe78⤵
-
\??\c:\nbbhbh.exec:\nbbhbh.exe79⤵
-
\??\c:\1nbtbt.exec:\1nbtbt.exe80⤵
-
\??\c:\dpddv.exec:\dpddv.exe81⤵
-
\??\c:\dvpvp.exec:\dvpvp.exe82⤵
- System Location Discovery: System Language Discovery
-
\??\c:\7fxrlxr.exec:\7fxrlxr.exe83⤵
-
\??\c:\lllxrlx.exec:\lllxrlx.exe84⤵
-
\??\c:\rflffxx.exec:\rflffxx.exe85⤵
-
\??\c:\thbnhh.exec:\thbnhh.exe86⤵
-
\??\c:\bbtnnn.exec:\bbtnnn.exe87⤵
-
\??\c:\5tbtnn.exec:\5tbtnn.exe88⤵
-
\??\c:\dvdpp.exec:\dvdpp.exe89⤵
-
\??\c:\vvvpp.exec:\vvvpp.exe90⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe91⤵
-
\??\c:\rxfrlfx.exec:\rxfrlfx.exe92⤵
-
\??\c:\xxxrffx.exec:\xxxrffx.exe93⤵
-
\??\c:\9rxrffx.exec:\9rxrffx.exe94⤵
-
\??\c:\bnntnt.exec:\bnntnt.exe95⤵
-
\??\c:\hhtbnb.exec:\hhtbnb.exe96⤵
-
\??\c:\ppddv.exec:\ppddv.exe97⤵
-
\??\c:\dvdpj.exec:\dvdpj.exe98⤵
-
\??\c:\vdpjp.exec:\vdpjp.exe99⤵
-
\??\c:\9rrlxrr.exec:\9rrlxrr.exe100⤵
-
\??\c:\rxxxrrx.exec:\rxxxrrx.exe101⤵
-
\??\c:\7tnhhn.exec:\7tnhhn.exe102⤵
-
\??\c:\9bnhtt.exec:\9bnhtt.exe103⤵
-
\??\c:\bhnhhh.exec:\bhnhhh.exe104⤵
-
\??\c:\tbbntn.exec:\tbbntn.exe105⤵
-
\??\c:\tnhhtt.exec:\tnhhtt.exe106⤵
-
\??\c:\jpvjv.exec:\jpvjv.exe107⤵
-
\??\c:\ddpdp.exec:\ddpdp.exe108⤵
-
\??\c:\vvjdv.exec:\vvjdv.exe109⤵
-
\??\c:\9flrrrl.exec:\9flrrrl.exe110⤵
- System Location Discovery: System Language Discovery
-
\??\c:\fllxrrl.exec:\fllxrrl.exe111⤵
-
\??\c:\hbtnbb.exec:\hbtnbb.exe112⤵
-
\??\c:\bbbnbb.exec:\bbbnbb.exe113⤵
-
\??\c:\ppdpd.exec:\ppdpd.exe114⤵
-
\??\c:\vjdpj.exec:\vjdpj.exe115⤵
-
\??\c:\3jjdp.exec:\3jjdp.exe116⤵
-
\??\c:\frlfrfl.exec:\frlfrfl.exe117⤵
-
\??\c:\xxlfxxr.exec:\xxlfxxr.exe118⤵
-
\??\c:\ntttnn.exec:\ntttnn.exe119⤵
-
\??\c:\7bbthh.exec:\7bbthh.exe120⤵
-
\??\c:\9bnhhh.exec:\9bnhhh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-