Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
13/09/2024, 21:08
General
-
Target
116e4bf631367e89e40071cb22a98a7fd4f63f27bbc7ab550e94f9f05db94a3e.exe
-
Size
71KB
-
MD5
3debd701d84403eb3db51dae47662d70
-
SHA1
7553ccb5d652a8a0784620ace4f246c69eec68eb
-
SHA256
116e4bf631367e89e40071cb22a98a7fd4f63f27bbc7ab550e94f9f05db94a3e
-
SHA512
130ec0149cf118b972b23b40db0bb7522281f5d9cc507c8e844b648de68c6122a909bb08210dfd77331953d8d54bcddea196f0a747ce8e26a777ed6bcc755371
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfjl:ymb3NkkiQ3mdBjFI4V1
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\116e4bf631367e89e40071cb22a98a7fd4f63f27bbc7ab550e94f9f05db94a3e.exe"C:\Users\Admin\AppData\Local\Temp\116e4bf631367e89e40071cb22a98a7fd4f63f27bbc7ab550e94f9f05db94a3e.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpvv.exec:\pvpvv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflxxxf.exec:\lflxxxf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbttn.exec:\hbbttn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpjj.exec:\djpjj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppv.exec:\pjppv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfffx.exec:\lflfffx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tttnh.exec:\3tttnh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvv.exec:\dvdvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddp.exec:\jdddp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrlffl.exec:\frrlffl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbttt.exec:\btbttt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ntnhh.exec:\3ntnhh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jpjv.exec:\1jpjv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffrllf.exec:\rffrllf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbbtn.exec:\nbbbtn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tbthh.exec:\9tbthh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddd.exec:\vvddd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fxlllf.exec:\9fxlllf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nnnhh.exec:\1nnnhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdj.exec:\pdjdj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlfrrl.exec:\rrlfrrl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfxflr.exec:\frfxflr.exe23⤵
- Executes dropped EXE
-
\??\c:\9lffxxf.exec:\9lffxxf.exe24⤵
- Executes dropped EXE
-
\??\c:\htbtnh.exec:\htbtnh.exe25⤵
- Executes dropped EXE
-
\??\c:\nbhbnn.exec:\nbhbnn.exe26⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe27⤵
- Executes dropped EXE
-
\??\c:\jdjvv.exec:\jdjvv.exe28⤵
- Executes dropped EXE
-
\??\c:\5rrfxlf.exec:\5rrfxlf.exe29⤵
- Executes dropped EXE
-
\??\c:\3bbthh.exec:\3bbthh.exe30⤵
- Executes dropped EXE
-
\??\c:\dppjd.exec:\dppjd.exe31⤵
- Executes dropped EXE
-
\??\c:\jvpjd.exec:\jvpjd.exe32⤵
- Executes dropped EXE
-
\??\c:\xlxrfxx.exec:\xlxrfxx.exe33⤵
- Executes dropped EXE
-
\??\c:\hhtnhh.exec:\hhtnhh.exe34⤵
- Executes dropped EXE
-
\??\c:\ddpdv.exec:\ddpdv.exe35⤵
- Executes dropped EXE
-
\??\c:\pddvj.exec:\pddvj.exe36⤵
- Executes dropped EXE
-
\??\c:\frrlxxr.exec:\frrlxxr.exe37⤵
- Executes dropped EXE
-
\??\c:\7lxrlxr.exec:\7lxrlxr.exe38⤵
- Executes dropped EXE
-
\??\c:\tbbbnn.exec:\tbbbnn.exe39⤵
- Executes dropped EXE
-
\??\c:\dvjvp.exec:\dvjvp.exe40⤵
- Executes dropped EXE
-
\??\c:\9jpvp.exec:\9jpvp.exe41⤵
- Executes dropped EXE
-
\??\c:\1jpjd.exec:\1jpjd.exe42⤵
- Executes dropped EXE
-
\??\c:\xllfrrr.exec:\xllfrrr.exe43⤵
- Executes dropped EXE
-
\??\c:\xrlrlff.exec:\xrlrlff.exe44⤵
- Executes dropped EXE
-
\??\c:\nhbbnn.exec:\nhbbnn.exe45⤵
- Executes dropped EXE
-
\??\c:\jvpjv.exec:\jvpjv.exe46⤵
- Executes dropped EXE
-
\??\c:\xffrfxf.exec:\xffrfxf.exe47⤵
- Executes dropped EXE
-
\??\c:\nbtntt.exec:\nbtntt.exe48⤵
- Executes dropped EXE
-
\??\c:\pjjdd.exec:\pjjdd.exe49⤵
- Executes dropped EXE
-
\??\c:\9jjdp.exec:\9jjdp.exe50⤵
- Executes dropped EXE
-
\??\c:\fllfxll.exec:\fllfxll.exe51⤵
- Executes dropped EXE
-
\??\c:\5fllrrr.exec:\5fllrrr.exe52⤵
- Executes dropped EXE
-
\??\c:\thhbtn.exec:\thhbtn.exe53⤵
- Executes dropped EXE
-
\??\c:\ttbthh.exec:\ttbthh.exe54⤵
- Executes dropped EXE
-
\??\c:\jddvv.exec:\jddvv.exe55⤵
- Executes dropped EXE
-
\??\c:\pjpjp.exec:\pjpjp.exe56⤵
- Executes dropped EXE
-
\??\c:\9rlfffl.exec:\9rlfffl.exe57⤵
- Executes dropped EXE
-
\??\c:\xlfxrlf.exec:\xlfxrlf.exe58⤵
- Executes dropped EXE
-
\??\c:\hbtnhh.exec:\hbtnhh.exe59⤵
- Executes dropped EXE
-
\??\c:\1nnbbh.exec:\1nnbbh.exe60⤵
- Executes dropped EXE
-
\??\c:\vdvdv.exec:\vdvdv.exe61⤵
- Executes dropped EXE
-
\??\c:\vpjvj.exec:\vpjvj.exe62⤵
- Executes dropped EXE
-
\??\c:\3frlrlr.exec:\3frlrlr.exe63⤵
- Executes dropped EXE
-
\??\c:\fffxffx.exec:\fffxffx.exe64⤵
- Executes dropped EXE
-
\??\c:\hhhthh.exec:\hhhthh.exe65⤵
- Executes dropped EXE
-
\??\c:\1pvjd.exec:\1pvjd.exe66⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe67⤵
-
\??\c:\5ffxllf.exec:\5ffxllf.exe68⤵
-
\??\c:\bhnttt.exec:\bhnttt.exe69⤵
-
\??\c:\9httnb.exec:\9httnb.exe70⤵
-
\??\c:\vvdvp.exec:\vvdvp.exe71⤵
-
\??\c:\jddvp.exec:\jddvp.exe72⤵
-
\??\c:\9frlxxr.exec:\9frlxxr.exe73⤵
-
\??\c:\lfflllr.exec:\lfflllr.exe74⤵
-
\??\c:\thtntn.exec:\thtntn.exe75⤵
-
\??\c:\tbhbnh.exec:\tbhbnh.exe76⤵
-
\??\c:\dppjv.exec:\dppjv.exe77⤵
-
\??\c:\1djdp.exec:\1djdp.exe78⤵
-
\??\c:\frrlxxr.exec:\frrlxxr.exe79⤵
-
\??\c:\xrxrlll.exec:\xrxrlll.exe80⤵
-
\??\c:\7bnbtb.exec:\7bnbtb.exe81⤵
-
\??\c:\btthtt.exec:\btthtt.exe82⤵
-
\??\c:\pjpjv.exec:\pjpjv.exe83⤵
-
\??\c:\vjvdd.exec:\vjvdd.exe84⤵
-
\??\c:\frlfffx.exec:\frlfffx.exe85⤵
-
\??\c:\frxrllf.exec:\frxrllf.exe86⤵
-
\??\c:\bbnhnh.exec:\bbnhnh.exe87⤵
-
\??\c:\7dvvp.exec:\7dvvp.exe88⤵
-
\??\c:\rlfxrrl.exec:\rlfxrrl.exe89⤵
-
\??\c:\lffxrrr.exec:\lffxrrr.exe90⤵
-
\??\c:\bbtnht.exec:\bbtnht.exe91⤵
-
\??\c:\jpjdv.exec:\jpjdv.exe92⤵
-
\??\c:\jjpjv.exec:\jjpjv.exe93⤵
-
\??\c:\llxfxfx.exec:\llxfxfx.exe94⤵
-
\??\c:\lxrlfxr.exec:\lxrlfxr.exe95⤵
-
\??\c:\rrrlffx.exec:\rrrlffx.exe96⤵
-
\??\c:\hbtnhh.exec:\hbtnhh.exe97⤵
-
\??\c:\1ntnnn.exec:\1ntnnn.exe98⤵
-
\??\c:\pjdjd.exec:\pjdjd.exe99⤵
-
\??\c:\5djdv.exec:\5djdv.exe100⤵
-
\??\c:\xlrxlrr.exec:\xlrxlrr.exe101⤵
-
\??\c:\frlfrrl.exec:\frlfrrl.exe102⤵
-
\??\c:\htnhbb.exec:\htnhbb.exe103⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe104⤵
-
\??\c:\5ffrllf.exec:\5ffrllf.exe105⤵
-
\??\c:\lfllfxx.exec:\lfllfxx.exe106⤵
-
\??\c:\tbbtnn.exec:\tbbtnn.exe107⤵
-
\??\c:\hnbttn.exec:\hnbttn.exe108⤵
-
\??\c:\pddvv.exec:\pddvv.exe109⤵
-
\??\c:\jjpjv.exec:\jjpjv.exe110⤵
-
\??\c:\7lrrllf.exec:\7lrrllf.exe111⤵
-
\??\c:\3lrrlrr.exec:\3lrrlrr.exe112⤵
-
\??\c:\btbtbb.exec:\btbtbb.exe113⤵
-
\??\c:\hbbtnh.exec:\hbbtnh.exe114⤵
-
\??\c:\7pjdv.exec:\7pjdv.exe115⤵
-
\??\c:\3jjdv.exec:\3jjdv.exe116⤵
-
\??\c:\5rrrlll.exec:\5rrrlll.exe117⤵
-
\??\c:\3rlfrrf.exec:\3rlfrrf.exe118⤵
-
\??\c:\bbtbht.exec:\bbtbht.exe119⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe120⤵
-
\??\c:\dddpv.exec:\dddpv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-