Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
11-09-2024 21:54
General
-
Target
5b60838c6380a4c6cc3a503e84ff4ec0N.exe
-
Size
74KB
-
MD5
5b60838c6380a4c6cc3a503e84ff4ec0
-
SHA1
3f876b2adb4a2911a9e46f1c37367bc90e776b76
-
SHA256
63ba6d3e08dfd15f19d6555ca2b75e86feb817fd16ebf77ff98c611ba91bcb54
-
SHA512
660cfd7cbcaaaeadbc768e2bffb8fac3815ac5b28e6a671bce8aeb3a19d63ef28809e48d29ed20a3c05db0a8efa3e7f3e07027160bb44b9684ea6f13e862f685
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzk358nLA89OGvrFVHmsu:ymb3NkkiQ3mdBjFIvl358nLA89OMFVHk
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5b60838c6380a4c6cc3a503e84ff4ec0N.exe"C:\Users\Admin\AppData\Local\Temp\5b60838c6380a4c6cc3a503e84ff4ec0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bntttt.exec:\bntttt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntttb.exec:\tntttb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjp.exec:\ppjjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbttnn.exec:\hbttnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ddjp.exec:\5ddjp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntntb.exec:\tntntb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnnn.exec:\hbtnnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjdd.exec:\ddjdd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnbtn.exec:\bnnbtn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjdd.exec:\ddjdd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxlrl.exec:\fxfxlrl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbtnn.exec:\nnbtnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbnt.exec:\hbhbnt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjdv.exec:\ppjdv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpdd.exec:\ddpdd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnbbt.exec:\bbnbbt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhtt.exec:\tnnhtt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddjd.exec:\pddjd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllflfl.exec:\rllflfl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttttbb.exec:\ttttbb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhhh.exec:\hbhhhh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddvj.exec:\dddvj.exe23⤵
- Executes dropped EXE
-
\??\c:\rfrrllf.exec:\rfrrllf.exe24⤵
- Executes dropped EXE
-
\??\c:\hhnbtn.exec:\hhnbtn.exe25⤵
- Executes dropped EXE
-
\??\c:\tnntth.exec:\tnntth.exe26⤵
- Executes dropped EXE
-
\??\c:\dpvdv.exec:\dpvdv.exe27⤵
- Executes dropped EXE
-
\??\c:\llfrxxf.exec:\llfrxxf.exe28⤵
- Executes dropped EXE
-
\??\c:\tnbnhh.exec:\tnbnhh.exe29⤵
- Executes dropped EXE
-
\??\c:\hnbtnn.exec:\hnbtnn.exe30⤵
- Executes dropped EXE
-
\??\c:\vjpdv.exec:\vjpdv.exe31⤵
- Executes dropped EXE
-
\??\c:\llllffl.exec:\llllffl.exe32⤵
- Executes dropped EXE
-
\??\c:\hnhhhh.exec:\hnhhhh.exe33⤵
- Executes dropped EXE
-
\??\c:\jpvpp.exec:\jpvpp.exe34⤵
- Executes dropped EXE
-
\??\c:\dpvvd.exec:\dpvvd.exe35⤵
- Executes dropped EXE
-
\??\c:\rllfrrl.exec:\rllfrrl.exe36⤵
- Executes dropped EXE
-
\??\c:\xfffxxx.exec:\xfffxxx.exe37⤵
- Executes dropped EXE
-
\??\c:\btnbtn.exec:\btnbtn.exe38⤵
- Executes dropped EXE
-
\??\c:\tbhnhb.exec:\tbhnhb.exe39⤵
- Executes dropped EXE
-
\??\c:\ddjjd.exec:\ddjjd.exe40⤵
- Executes dropped EXE
-
\??\c:\jdjjj.exec:\jdjjj.exe41⤵
- Executes dropped EXE
-
\??\c:\ffffrxx.exec:\ffffrxx.exe42⤵
- Executes dropped EXE
-
\??\c:\fxrxxff.exec:\fxrxxff.exe43⤵
- Executes dropped EXE
-
\??\c:\5thhtb.exec:\5thhtb.exe44⤵
- Executes dropped EXE
-
\??\c:\ntbnnh.exec:\ntbnnh.exe45⤵
- Executes dropped EXE
-
\??\c:\vjpjj.exec:\vjpjj.exe46⤵
- Executes dropped EXE
-
\??\c:\ppppj.exec:\ppppj.exe47⤵
- Executes dropped EXE
-
\??\c:\flrllrr.exec:\flrllrr.exe48⤵
- Executes dropped EXE
-
\??\c:\9rrrrrr.exec:\9rrrrrr.exe49⤵
- Executes dropped EXE
-
\??\c:\hbbbbb.exec:\hbbbbb.exe50⤵
- Executes dropped EXE
-
\??\c:\nnbbth.exec:\nnbbth.exe51⤵
- Executes dropped EXE
-
\??\c:\7pvpp.exec:\7pvpp.exe52⤵
- Executes dropped EXE
-
\??\c:\pddpv.exec:\pddpv.exe53⤵
- Executes dropped EXE
-
\??\c:\xrlxrrr.exec:\xrlxrrr.exe54⤵
- Executes dropped EXE
-
\??\c:\xlffrfx.exec:\xlffrfx.exe55⤵
- Executes dropped EXE
-
\??\c:\hhhhnn.exec:\hhhhnn.exe56⤵
- Executes dropped EXE
-
\??\c:\bhttnn.exec:\bhttnn.exe57⤵
- Executes dropped EXE
-
\??\c:\1jpjd.exec:\1jpjd.exe58⤵
- Executes dropped EXE
-
\??\c:\7pdpj.exec:\7pdpj.exe59⤵
- Executes dropped EXE
-
\??\c:\lflfrrl.exec:\lflfrrl.exe60⤵
- Executes dropped EXE
-
\??\c:\fxflrxx.exec:\fxflrxx.exe61⤵
- Executes dropped EXE
-
\??\c:\nntthn.exec:\nntthn.exe62⤵
- Executes dropped EXE
-
\??\c:\htbhhn.exec:\htbhhn.exe63⤵
- Executes dropped EXE
-
\??\c:\vpppp.exec:\vpppp.exe64⤵
- Executes dropped EXE
-
\??\c:\xllrxrf.exec:\xllrxrf.exe65⤵
- Executes dropped EXE
-
\??\c:\frrlffx.exec:\frrlffx.exe66⤵
-
\??\c:\pvdpj.exec:\pvdpj.exe67⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe68⤵
-
\??\c:\ffrxxlx.exec:\ffrxxlx.exe69⤵
-
\??\c:\tbthnb.exec:\tbthnb.exe70⤵
-
\??\c:\hbbttn.exec:\hbbttn.exe71⤵
-
\??\c:\jjvvv.exec:\jjvvv.exe72⤵
-
\??\c:\fxlxrrr.exec:\fxlxrrr.exe73⤵
-
\??\c:\xxfffll.exec:\xxfffll.exe74⤵
-
\??\c:\thtttb.exec:\thtttb.exe75⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe76⤵
-
\??\c:\jjpjj.exec:\jjpjj.exe77⤵
-
\??\c:\xlfxxxr.exec:\xlfxxxr.exe78⤵
-
\??\c:\xrflfff.exec:\xrflfff.exe79⤵
-
\??\c:\nntbnn.exec:\nntbnn.exe80⤵
-
\??\c:\jjddp.exec:\jjddp.exe81⤵
-
\??\c:\jjpdj.exec:\jjpdj.exe82⤵
-
\??\c:\rrxxrxr.exec:\rrxxrxr.exe83⤵
-
\??\c:\lfffxxx.exec:\lfffxxx.exe84⤵
-
\??\c:\bttttt.exec:\bttttt.exe85⤵
-
\??\c:\nhtbth.exec:\nhtbth.exe86⤵
-
\??\c:\ddddp.exec:\ddddp.exe87⤵
-
\??\c:\vpvdd.exec:\vpvdd.exe88⤵
-
\??\c:\xxlllll.exec:\xxlllll.exe89⤵
-
\??\c:\nbhhbb.exec:\nbhhbb.exe90⤵
-
\??\c:\tthbhh.exec:\tthbhh.exe91⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe92⤵
-
\??\c:\pppjj.exec:\pppjj.exe93⤵
- System Location Discovery: System Language Discovery
-
\??\c:\lfrlxll.exec:\lfrlxll.exe94⤵
-
\??\c:\xxffrxf.exec:\xxffrxf.exe95⤵
-
\??\c:\hhtttt.exec:\hhtttt.exe96⤵
-
\??\c:\nnbttt.exec:\nnbttt.exe97⤵
-
\??\c:\1jjdv.exec:\1jjdv.exe98⤵
-
\??\c:\vvddv.exec:\vvddv.exe99⤵
-
\??\c:\xlxxxxf.exec:\xlxxxxf.exe100⤵
-
\??\c:\3rxxxxx.exec:\3rxxxxx.exe101⤵
-
\??\c:\hhnhhh.exec:\hhnhhh.exe102⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe103⤵
-
\??\c:\pdjdj.exec:\pdjdj.exe104⤵
-
\??\c:\frxfxxx.exec:\frxfxxx.exe105⤵
- System Location Discovery: System Language Discovery
-
\??\c:\lxffffl.exec:\lxffffl.exe106⤵
-
\??\c:\hnnnhn.exec:\hnnnhn.exe107⤵
-
\??\c:\hhnhhh.exec:\hhnhhh.exe108⤵
-
\??\c:\ddddd.exec:\ddddd.exe109⤵
-
\??\c:\dvjvv.exec:\dvjvv.exe110⤵
-
\??\c:\xrrfxxx.exec:\xrrfxxx.exe111⤵
-
\??\c:\xrxrrrr.exec:\xrxrrrr.exe112⤵
-
\??\c:\hbttnb.exec:\hbttnb.exe113⤵
-
\??\c:\7bnhnn.exec:\7bnhnn.exe114⤵
-
\??\c:\jjvdv.exec:\jjvdv.exe115⤵
-
\??\c:\vvdvd.exec:\vvdvd.exe116⤵
-
\??\c:\rrlrlfr.exec:\rrlrlfr.exe117⤵
-
\??\c:\btttnn.exec:\btttnn.exe118⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe119⤵
-
\??\c:\pjjjj.exec:\pjjjj.exe120⤵
-
\??\c:\lrxxrfx.exec:\lrxxrfx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-