Analysis
-
max time kernel
120s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
12-09-2024 10:04
General
-
Target
8369597aaeb4f20987229c901e124280N.exe
-
Size
75KB
-
MD5
8369597aaeb4f20987229c901e124280
-
SHA1
3d0df5b1a1ea8af70cbec9215080f3b4a80665ae
-
SHA256
b4dd576cb8f3d90fcb0232943c96f0905cff35804fd9cee5b88034cfd316e372
-
SHA512
8e0d640004bd171a4463b204e58e608eb2f0aae194b079846418908d10cf705e89f595aa7ac94f0836bcbc90232ee7c526377bd5f4aea9bba41d09037168dc3f
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzk358nLA89OGvrFVHmP1:ymb3NkkiQ3mdBjFIvl358nLA89OMFVHk
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8369597aaeb4f20987229c901e124280N.exe"C:\Users\Admin\AppData\Local\Temp\8369597aaeb4f20987229c901e124280N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvv.exec:\jvdvv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jvjp.exec:\9jvjp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxrfff.exec:\rrxrfff.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tbbbh.exec:\3tbbbh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvjd.exec:\jpvjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdvp.exec:\ppdvp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxxxxf.exec:\fxxxxxf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvdd.exec:\pvvdd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpjd.exec:\djpjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnnhn.exec:\bhnnhn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjj.exec:\dvpjj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfllfff.exec:\xfllfff.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbtbtb.exec:\tbtbtb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttnhh.exec:\nttnhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjvj.exec:\pdjvj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflxxfx.exec:\fflxxfx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttttn.exec:\nttttn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnttnn.exec:\tnttnn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjj.exec:\pjpjj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrlll.exec:\rxxrlll.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxfxfx.exec:\rlxfxfx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhntnn.exec:\bhntnn.exe23⤵
- Executes dropped EXE
-
\??\c:\jdjjj.exec:\jdjjj.exe24⤵
- Executes dropped EXE
-
\??\c:\xrrrrrr.exec:\xrrrrrr.exe25⤵
- Executes dropped EXE
-
\??\c:\xrllrrr.exec:\xrllrrr.exe26⤵
- Executes dropped EXE
-
\??\c:\nhnhhh.exec:\nhnhhh.exe27⤵
- Executes dropped EXE
-
\??\c:\pddjj.exec:\pddjj.exe28⤵
- Executes dropped EXE
-
\??\c:\pjdvp.exec:\pjdvp.exe29⤵
- Executes dropped EXE
-
\??\c:\xlxxxfx.exec:\xlxxxfx.exe30⤵
- Executes dropped EXE
-
\??\c:\frrxxxr.exec:\frrxxxr.exe31⤵
- Executes dropped EXE
-
\??\c:\3bnnnn.exec:\3bnnnn.exe32⤵
- Executes dropped EXE
-
\??\c:\ppjpj.exec:\ppjpj.exe33⤵
- Executes dropped EXE
-
\??\c:\flllflr.exec:\flllflr.exe34⤵
- Executes dropped EXE
-
\??\c:\tbbbnt.exec:\tbbbnt.exe35⤵
- Executes dropped EXE
-
\??\c:\bhhhbt.exec:\bhhhbt.exe36⤵
- Executes dropped EXE
-
\??\c:\jdvpp.exec:\jdvpp.exe37⤵
- Executes dropped EXE
-
\??\c:\9pvpj.exec:\9pvpj.exe38⤵
- Executes dropped EXE
-
\??\c:\frrrrxx.exec:\frrrrxx.exe39⤵
- Executes dropped EXE
-
\??\c:\llrfxxx.exec:\llrfxxx.exe40⤵
- Executes dropped EXE
-
\??\c:\thbnbb.exec:\thbnbb.exe41⤵
- Executes dropped EXE
-
\??\c:\nhhbtn.exec:\nhhbtn.exe42⤵
- Executes dropped EXE
-
\??\c:\vpvpj.exec:\vpvpj.exe43⤵
- Executes dropped EXE
-
\??\c:\xxllfff.exec:\xxllfff.exe44⤵
- Executes dropped EXE
-
\??\c:\nnntnn.exec:\nnntnn.exe45⤵
- Executes dropped EXE
-
\??\c:\nhhbtt.exec:\nhhbtt.exe46⤵
- Executes dropped EXE
-
\??\c:\jdpjd.exec:\jdpjd.exe47⤵
- Executes dropped EXE
-
\??\c:\dvpjj.exec:\dvpjj.exe48⤵
- Executes dropped EXE
-
\??\c:\fxfxxxr.exec:\fxfxxxr.exe49⤵
- Executes dropped EXE
-
\??\c:\5xxlxll.exec:\5xxlxll.exe50⤵
- Executes dropped EXE
-
\??\c:\hhhhhh.exec:\hhhhhh.exe51⤵
- Executes dropped EXE
-
\??\c:\btttnn.exec:\btttnn.exe52⤵
- Executes dropped EXE
-
\??\c:\5pvvv.exec:\5pvvv.exe53⤵
- Executes dropped EXE
-
\??\c:\pjdjv.exec:\pjdjv.exe54⤵
- Executes dropped EXE
-
\??\c:\xllrlll.exec:\xllrlll.exe55⤵
- Executes dropped EXE
-
\??\c:\htttnn.exec:\htttnn.exe56⤵
- Executes dropped EXE
-
\??\c:\hnbbhh.exec:\hnbbhh.exe57⤵
- Executes dropped EXE
-
\??\c:\xrlfxfx.exec:\xrlfxfx.exe58⤵
- Executes dropped EXE
-
\??\c:\lfllxrf.exec:\lfllxrf.exe59⤵
- Executes dropped EXE
-
\??\c:\9bhhbb.exec:\9bhhbb.exe60⤵
- Executes dropped EXE
-
\??\c:\ddvvj.exec:\ddvvj.exe61⤵
- Executes dropped EXE
-
\??\c:\7vvvd.exec:\7vvvd.exe62⤵
- Executes dropped EXE
-
\??\c:\flfflll.exec:\flfflll.exe63⤵
- Executes dropped EXE
-
\??\c:\fxrrxxr.exec:\fxrrxxr.exe64⤵
- Executes dropped EXE
-
\??\c:\ttbhtb.exec:\ttbhtb.exe65⤵
- Executes dropped EXE
-
\??\c:\nthnbb.exec:\nthnbb.exe66⤵
-
\??\c:\vjdvp.exec:\vjdvp.exe67⤵
-
\??\c:\jvvdd.exec:\jvvdd.exe68⤵
-
\??\c:\lfrfrlr.exec:\lfrfrlr.exe69⤵
-
\??\c:\7llrllf.exec:\7llrllf.exe70⤵
-
\??\c:\bbbbbb.exec:\bbbbbb.exe71⤵
-
\??\c:\thtbth.exec:\thtbth.exe72⤵
-
\??\c:\djvpj.exec:\djvpj.exe73⤵
-
\??\c:\dpvdd.exec:\dpvdd.exe74⤵
-
\??\c:\xfxfrfr.exec:\xfxfrfr.exe75⤵
-
\??\c:\lxlfrrl.exec:\lxlfrrl.exe76⤵
-
\??\c:\nttbbh.exec:\nttbbh.exe77⤵
-
\??\c:\jddvj.exec:\jddvj.exe78⤵
-
\??\c:\ppvdj.exec:\ppvdj.exe79⤵
-
\??\c:\ppdvj.exec:\ppdvj.exe80⤵
-
\??\c:\rlrlrrr.exec:\rlrlrrr.exe81⤵
-
\??\c:\rlxrllf.exec:\rlxrllf.exe82⤵
-
\??\c:\nhhntt.exec:\nhhntt.exe83⤵
-
\??\c:\pvvvd.exec:\pvvvd.exe84⤵
-
\??\c:\lxxxrrr.exec:\lxxxrrr.exe85⤵
-
\??\c:\lxrrrll.exec:\lxrrrll.exe86⤵
-
\??\c:\hhbbtt.exec:\hhbbtt.exe87⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe88⤵
-
\??\c:\7vjpj.exec:\7vjpj.exe89⤵
-
\??\c:\fflrlxr.exec:\fflrlxr.exe90⤵
-
\??\c:\xfflxlr.exec:\xfflxlr.exe91⤵
-
\??\c:\tbbnhh.exec:\tbbnhh.exe92⤵
-
\??\c:\1hnnhh.exec:\1hnnhh.exe93⤵
-
\??\c:\vvdvv.exec:\vvdvv.exe94⤵
-
\??\c:\pdvjp.exec:\pdvjp.exe95⤵
-
\??\c:\fxfxxxx.exec:\fxfxxxx.exe96⤵
-
\??\c:\nbnntt.exec:\nbnntt.exe97⤵
-
\??\c:\5nhnnn.exec:\5nhnnn.exe98⤵
-
\??\c:\dpdvv.exec:\dpdvv.exe99⤵
-
\??\c:\rrllxll.exec:\rrllxll.exe100⤵
-
\??\c:\rxfxxfx.exec:\rxfxxfx.exe101⤵
-
\??\c:\7tbbtb.exec:\7tbbtb.exe102⤵
-
\??\c:\nbttbn.exec:\nbttbn.exe103⤵
-
\??\c:\jpjjv.exec:\jpjjv.exe104⤵
-
\??\c:\xxxxxxx.exec:\xxxxxxx.exe105⤵
-
\??\c:\fxfxxxr.exec:\fxfxxxr.exe106⤵
-
\??\c:\tbbbtb.exec:\tbbbtb.exe107⤵
-
\??\c:\pvvvj.exec:\pvvvj.exe108⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pjpjj.exec:\pjpjj.exe109⤵
-
\??\c:\9fflffx.exec:\9fflffx.exe110⤵
-
\??\c:\tnthbn.exec:\tnthbn.exe111⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe112⤵
-
\??\c:\7pvdp.exec:\7pvdp.exe113⤵
-
\??\c:\ttttbb.exec:\ttttbb.exe114⤵
-
\??\c:\tbbttt.exec:\tbbttt.exe115⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe116⤵
-
\??\c:\xffllxx.exec:\xffllxx.exe117⤵
-
\??\c:\bttnhn.exec:\bttnhn.exe118⤵
-
\??\c:\1bhbbb.exec:\1bhbbb.exe119⤵
-
\??\c:\pjjpj.exec:\pjjpj.exe120⤵
-
\??\c:\5lffxxx.exec:\5lffxxx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-