Analysis
-
max time kernel
120s -
max time network
98s -
platform
windows10-2004_x64 -
resource
win10v2004-20240910-en -
resource tags
-
submitted
11/09/2024, 13:50
General
-
Target
637d90a79bcf421348e02d8abe5e5200N.exe
-
Size
71KB
-
MD5
637d90a79bcf421348e02d8abe5e5200
-
SHA1
34fae86eba14be7a4a4fd54379998e98a6d1dfda
-
SHA256
3eddd37a7962fb6d4e6ab24d84a80e81ad2559cee743a97e1c77fcf6c13be6ae
-
SHA512
cceced0e43da9e74d3c2d449c9c8ff05205c13913a6ed7ad998d6cd8c493edbbf47957b1d44e33d465079a342a024aa01f42fdca89f54fb9c8a56ddd773474c2
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfjp:ymb3NkkiQ3mdBjFI4VZ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\637d90a79bcf421348e02d8abe5e5200N.exe"C:\Users\Admin\AppData\Local\Temp\637d90a79bcf421348e02d8abe5e5200N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhnhn.exec:\hbhnhn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnthtn.exec:\hnthtn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddvj.exec:\dddvj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvpj.exec:\jpvpj.exe5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtnbt.exec:\hhtnbt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntbnn.exec:\tntbnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvj.exec:\pjdvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrlfx.exec:\fxxrlfx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rxxxxf.exec:\9rxxxxf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nhbtn.exec:\5nhbtn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nnbtn.exec:\7nnbtn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdvp.exec:\djdvp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddpd.exec:\jddpd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrlfxl.exec:\frrlfxl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbth.exec:\tnhbth.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhtnh.exec:\hhhtnh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjdp.exec:\jvjdp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djddp.exec:\djddp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrfrlf.exec:\frrfrlf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbnbt.exec:\ttbnbt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtthh.exec:\hbtthh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nhthb.exec:\9nhthb.exe23⤵
- Executes dropped EXE
-
\??\c:\1jjdj.exec:\1jjdj.exe24⤵
- Executes dropped EXE
-
\??\c:\rffrlfx.exec:\rffrlfx.exe25⤵
- Executes dropped EXE
-
\??\c:\fxrrxrx.exec:\fxrrxrx.exe26⤵
- Executes dropped EXE
-
\??\c:\bnnhbt.exec:\bnnhbt.exe27⤵
- Executes dropped EXE
-
\??\c:\nthbnn.exec:\nthbnn.exe28⤵
- Executes dropped EXE
-
\??\c:\djvpp.exec:\djvpp.exe29⤵
- Executes dropped EXE
-
\??\c:\vvddp.exec:\vvddp.exe30⤵
- Executes dropped EXE
-
\??\c:\xfllxrf.exec:\xfllxrf.exe31⤵
- Executes dropped EXE
-
\??\c:\fllxrlf.exec:\fllxrlf.exe32⤵
- Executes dropped EXE
-
\??\c:\rllfxfx.exec:\rllfxfx.exe33⤵
- Executes dropped EXE
-
\??\c:\hhbthb.exec:\hhbthb.exe34⤵
- Executes dropped EXE
-
\??\c:\7hhthh.exec:\7hhthh.exe35⤵
- Executes dropped EXE
-
\??\c:\vvjvv.exec:\vvjvv.exe36⤵
- Executes dropped EXE
-
\??\c:\vdjvd.exec:\vdjvd.exe37⤵
- Executes dropped EXE
-
\??\c:\rfrlfxl.exec:\rfrlfxl.exe38⤵
- Executes dropped EXE
-
\??\c:\xlxrrll.exec:\xlxrrll.exe39⤵
- Executes dropped EXE
-
\??\c:\ntnnhb.exec:\ntnnhb.exe40⤵
- Executes dropped EXE
-
\??\c:\nhhbnh.exec:\nhhbnh.exe41⤵
- Executes dropped EXE
-
\??\c:\vdjdj.exec:\vdjdj.exe42⤵
- Executes dropped EXE
-
\??\c:\jdvvj.exec:\jdvvj.exe43⤵
- Executes dropped EXE
-
\??\c:\rrlrxxr.exec:\rrlrxxr.exe44⤵
- Executes dropped EXE
-
\??\c:\bhbbth.exec:\bhbbth.exe45⤵
- Executes dropped EXE
-
\??\c:\5jvpj.exec:\5jvpj.exe46⤵
- Executes dropped EXE
-
\??\c:\ppdjv.exec:\ppdjv.exe47⤵
- Executes dropped EXE
-
\??\c:\rrflxfx.exec:\rrflxfx.exe48⤵
- Executes dropped EXE
-
\??\c:\bhnhbt.exec:\bhnhbt.exe49⤵
- Executes dropped EXE
-
\??\c:\bnhthb.exec:\bnhthb.exe50⤵
- Executes dropped EXE
-
\??\c:\dvjdj.exec:\dvjdj.exe51⤵
- Executes dropped EXE
-
\??\c:\9fffxxr.exec:\9fffxxr.exe52⤵
- Executes dropped EXE
-
\??\c:\5ppjd.exec:\5ppjd.exe53⤵
- Executes dropped EXE
-
\??\c:\fllfrrf.exec:\fllfrrf.exe54⤵
- Executes dropped EXE
-
\??\c:\rxxlxrl.exec:\rxxlxrl.exe55⤵
- Executes dropped EXE
-
\??\c:\1jjdv.exec:\1jjdv.exe56⤵
- Executes dropped EXE
-
\??\c:\lxfxlff.exec:\lxfxlff.exe57⤵
- Executes dropped EXE
-
\??\c:\1btnhn.exec:\1btnhn.exe58⤵
- Executes dropped EXE
-
\??\c:\9btntn.exec:\9btntn.exe59⤵
- Executes dropped EXE
-
\??\c:\bnnhtn.exec:\bnnhtn.exe60⤵
- Executes dropped EXE
-
\??\c:\hntbtt.exec:\hntbtt.exe61⤵
- Executes dropped EXE
-
\??\c:\htbtht.exec:\htbtht.exe62⤵
- Executes dropped EXE
-
\??\c:\1bhbnb.exec:\1bhbnb.exe63⤵
- Executes dropped EXE
-
\??\c:\pjvjd.exec:\pjvjd.exe64⤵
- Executes dropped EXE
-
\??\c:\thhhbb.exec:\thhhbb.exe65⤵
- Executes dropped EXE
-
\??\c:\pjjdp.exec:\pjjdp.exe66⤵
-
\??\c:\rllfffx.exec:\rllfffx.exe67⤵
-
\??\c:\xxfxrlf.exec:\xxfxrlf.exe68⤵
-
\??\c:\9xrlfxr.exec:\9xrlfxr.exe69⤵
-
\??\c:\bthhth.exec:\bthhth.exe70⤵
-
\??\c:\dppjv.exec:\dppjv.exe71⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe72⤵
-
\??\c:\5rxlflx.exec:\5rxlflx.exe73⤵
-
\??\c:\lflffxf.exec:\lflffxf.exe74⤵
-
\??\c:\tbhbtn.exec:\tbhbtn.exe75⤵
-
\??\c:\5jjdp.exec:\5jjdp.exe76⤵
-
\??\c:\jvvvj.exec:\jvvvj.exe77⤵
-
\??\c:\lflxxrl.exec:\lflxxrl.exe78⤵
-
\??\c:\xlxlfxl.exec:\xlxlfxl.exe79⤵
-
\??\c:\nthnbb.exec:\nthnbb.exe80⤵
-
\??\c:\nbbbhh.exec:\nbbbhh.exe81⤵
-
\??\c:\5pjvp.exec:\5pjvp.exe82⤵
-
\??\c:\pdpdd.exec:\pdpdd.exe83⤵
-
\??\c:\vjdvj.exec:\vjdvj.exe84⤵
-
\??\c:\lxlxlfr.exec:\lxlxlfr.exe85⤵
-
\??\c:\xrfffrf.exec:\xrfffrf.exe86⤵
-
\??\c:\7nnhhb.exec:\7nnhhb.exe87⤵
-
\??\c:\hbtnhb.exec:\hbtnhb.exe88⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe89⤵
-
\??\c:\jpvjv.exec:\jpvjv.exe90⤵
-
\??\c:\jppjj.exec:\jppjj.exe91⤵
-
\??\c:\rflffxf.exec:\rflffxf.exe92⤵
-
\??\c:\fxlxxrr.exec:\fxlxxrr.exe93⤵
-
\??\c:\thhbnn.exec:\thhbnn.exe94⤵
-
\??\c:\1tbttn.exec:\1tbttn.exe95⤵
-
\??\c:\htnnbh.exec:\htnnbh.exe96⤵
-
\??\c:\ppjjd.exec:\ppjjd.exe97⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vpvjv.exec:\vpvjv.exe98⤵
-
\??\c:\fffrffx.exec:\fffrffx.exe99⤵
-
\??\c:\lrrrfxr.exec:\lrrrfxr.exe100⤵
-
\??\c:\7jppj.exec:\7jppj.exe101⤵
-
\??\c:\dpjvv.exec:\dpjvv.exe102⤵
-
\??\c:\fflxxlf.exec:\fflxxlf.exe103⤵
-
\??\c:\pdppd.exec:\pdppd.exe104⤵
-
\??\c:\xllxxxr.exec:\xllxxxr.exe105⤵
-
\??\c:\1xflfxr.exec:\1xflfxr.exe106⤵
-
\??\c:\hntthb.exec:\hntthb.exe107⤵
-
\??\c:\7dpjp.exec:\7dpjp.exe108⤵
-
\??\c:\fxxlxxx.exec:\fxxlxxx.exe109⤵
-
\??\c:\fxxrxrx.exec:\fxxrxrx.exe110⤵
-
\??\c:\tbhhbh.exec:\tbhhbh.exe111⤵
-
\??\c:\ffxrxxl.exec:\ffxrxxl.exe112⤵
-
\??\c:\bnnhtn.exec:\bnnhtn.exe113⤵
-
\??\c:\nhbnbt.exec:\nhbnbt.exe114⤵
-
\??\c:\pvvvv.exec:\pvvvv.exe115⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe116⤵
-
\??\c:\xxxxrfx.exec:\xxxxrfx.exe117⤵
-
\??\c:\1nnnnn.exec:\1nnnnn.exe118⤵
-
\??\c:\5hhnnb.exec:\5hhnnb.exe119⤵
-
\??\c:\1dvpd.exec:\1dvpd.exe120⤵
-
\??\c:\rrrrllf.exec:\rrrrllf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-