Analysis
-
max time kernel
150s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
14/09/2024, 23:57
General
-
Target
97236effe0ba091fe2415d628070874ad7358ad06254c5072efa2c648d9fb83b.exe
-
Size
71KB
-
MD5
3c687c9e6027f523f3566aafd37a3b4d
-
SHA1
9b404be7c0c4b5a2c81f41f35a4905e0907973c9
-
SHA256
97236effe0ba091fe2415d628070874ad7358ad06254c5072efa2c648d9fb83b
-
SHA512
c6504e32f1c6107e97072e25a9ceec38ce0ebe0e384cf6cc2f7575cab6c2eeec89602d90e059471751b6ab2cb1a7fdbf673f63cd812962bc1c3a29da05ac5419
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfjW:ymb3NkkiQ3mdBjFI4Vm
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 39 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\97236effe0ba091fe2415d628070874ad7358ad06254c5072efa2c648d9fb83b.exe"C:\Users\Admin\AppData\Local\Temp\97236effe0ba091fe2415d628070874ad7358ad06254c5072efa2c648d9fb83b.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5nnbbb.exec:\5nnbbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjj.exec:\ppjjj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfrlll.exec:\rxfrlll.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlllrxx.exec:\rlllrxx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbbtn.exec:\hhbbtn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbttbb.exec:\hbttbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpppp.exec:\dpppp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdjv.exec:\dvdjv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrrll.exec:\rrrrrll.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fffxxx.exec:\1fffxxx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbttnt.exec:\hbttnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjjj.exec:\pjjjj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xxrllf.exec:\7xxrllf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flllffx.exec:\flllffx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbbbb.exec:\tbbbbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbtth.exec:\bnbtth.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjjv.exec:\ddjjv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvvp.exec:\dvvvp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxxrxr.exec:\xfxxrxr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrllff.exec:\xlrllff.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnnhn.exec:\ttnnhn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhtb.exec:\nhhhtb.exe23⤵
- Executes dropped EXE
-
\??\c:\dddpp.exec:\dddpp.exe24⤵
- Executes dropped EXE
-
\??\c:\jjppv.exec:\jjppv.exe25⤵
- Executes dropped EXE
-
\??\c:\lrxxxfx.exec:\lrxxxfx.exe26⤵
- Executes dropped EXE
-
\??\c:\lllrllx.exec:\lllrllx.exe27⤵
- Executes dropped EXE
-
\??\c:\5thbhb.exec:\5thbhb.exe28⤵
- Executes dropped EXE
-
\??\c:\nhhnnn.exec:\nhhnnn.exe29⤵
- Executes dropped EXE
-
\??\c:\pddvv.exec:\pddvv.exe30⤵
- Executes dropped EXE
-
\??\c:\jvppj.exec:\jvppj.exe31⤵
- Executes dropped EXE
-
\??\c:\9fllfrr.exec:\9fllfrr.exe32⤵
- Executes dropped EXE
-
\??\c:\7rffxll.exec:\7rffxll.exe33⤵
- Executes dropped EXE
-
\??\c:\bhhhbb.exec:\bhhhbb.exe34⤵
- Executes dropped EXE
-
\??\c:\thhbtt.exec:\thhbtt.exe35⤵
- Executes dropped EXE
-
\??\c:\vdpjd.exec:\vdpjd.exe36⤵
- Executes dropped EXE
-
\??\c:\dppjv.exec:\dppjv.exe37⤵
- Executes dropped EXE
-
\??\c:\3xxxxff.exec:\3xxxxff.exe38⤵
- Executes dropped EXE
-
\??\c:\ffrlfxx.exec:\ffrlfxx.exe39⤵
- Executes dropped EXE
-
\??\c:\1xlxxxr.exec:\1xlxxxr.exe40⤵
- Executes dropped EXE
-
\??\c:\tthhhh.exec:\tthhhh.exe41⤵
- Executes dropped EXE
-
\??\c:\htnnnn.exec:\htnnnn.exe42⤵
- Executes dropped EXE
-
\??\c:\5pppp.exec:\5pppp.exe43⤵
- Executes dropped EXE
-
\??\c:\vpvpp.exec:\vpvpp.exe44⤵
- Executes dropped EXE
-
\??\c:\jjjdp.exec:\jjjdp.exe45⤵
- Executes dropped EXE
-
\??\c:\frxrrrx.exec:\frxrrrx.exe46⤵
- Executes dropped EXE
-
\??\c:\fxfxfff.exec:\fxfxfff.exe47⤵
- Executes dropped EXE
-
\??\c:\bbhhhh.exec:\bbhhhh.exe48⤵
- Executes dropped EXE
-
\??\c:\bbhhbh.exec:\bbhhbh.exe49⤵
- Executes dropped EXE
-
\??\c:\hthntn.exec:\hthntn.exe50⤵
- Executes dropped EXE
-
\??\c:\djppv.exec:\djppv.exe51⤵
- Executes dropped EXE
-
\??\c:\7ppvj.exec:\7ppvj.exe52⤵
- Executes dropped EXE
-
\??\c:\1xffflx.exec:\1xffflx.exe53⤵
- Executes dropped EXE
-
\??\c:\rlfffll.exec:\rlfffll.exe54⤵
- Executes dropped EXE
-
\??\c:\3xxfflr.exec:\3xxfflr.exe55⤵
- Executes dropped EXE
-
\??\c:\thtnnn.exec:\thtnnn.exe56⤵
- Executes dropped EXE
-
\??\c:\nhtttb.exec:\nhtttb.exe57⤵
- Executes dropped EXE
-
\??\c:\5tbnnn.exec:\5tbnnn.exe58⤵
- Executes dropped EXE
-
\??\c:\ddjdd.exec:\ddjdd.exe59⤵
- Executes dropped EXE
-
\??\c:\vpvpv.exec:\vpvpv.exe60⤵
- Executes dropped EXE
-
\??\c:\3xffflf.exec:\3xffflf.exe61⤵
- Executes dropped EXE
-
\??\c:\lrxxffx.exec:\lrxxffx.exe62⤵
- Executes dropped EXE
-
\??\c:\lfrflrx.exec:\lfrflrx.exe63⤵
- Executes dropped EXE
-
\??\c:\nhbbtn.exec:\nhbbtn.exe64⤵
- Executes dropped EXE
-
\??\c:\bbbbbh.exec:\bbbbbh.exe65⤵
- Executes dropped EXE
-
\??\c:\vdjjp.exec:\vdjjp.exe66⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe67⤵
-
\??\c:\7ffxrrl.exec:\7ffxrrl.exe68⤵
-
\??\c:\rrxxllx.exec:\rrxxllx.exe69⤵
-
\??\c:\frfrlll.exec:\frfrlll.exe70⤵
-
\??\c:\1tbbtt.exec:\1tbbtt.exe71⤵
-
\??\c:\nbhhhh.exec:\nbhhhh.exe72⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe73⤵
-
\??\c:\llxflxl.exec:\llxflxl.exe74⤵
-
\??\c:\xxfffff.exec:\xxfffff.exe75⤵
-
\??\c:\tbttnt.exec:\tbttnt.exe76⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe77⤵
-
\??\c:\vpjjd.exec:\vpjjd.exe78⤵
-
\??\c:\pdppp.exec:\pdppp.exe79⤵
-
\??\c:\xrlrlxx.exec:\xrlrlxx.exe80⤵
-
\??\c:\1lrlfxr.exec:\1lrlfxr.exe81⤵
-
\??\c:\tbhhhb.exec:\tbhhhb.exe82⤵
-
\??\c:\9djjj.exec:\9djjj.exe83⤵
-
\??\c:\1jjdp.exec:\1jjdp.exe84⤵
-
\??\c:\9pppj.exec:\9pppj.exe85⤵
-
\??\c:\1rlrlll.exec:\1rlrlll.exe86⤵
-
\??\c:\fxxrrrr.exec:\fxxrrrr.exe87⤵
-
\??\c:\thbtnn.exec:\thbtnn.exe88⤵
-
\??\c:\ttnnnt.exec:\ttnnnt.exe89⤵
-
\??\c:\3vvvv.exec:\3vvvv.exe90⤵
-
\??\c:\7vdvv.exec:\7vdvv.exe91⤵
-
\??\c:\dpvjd.exec:\dpvjd.exe92⤵
-
\??\c:\rffxxxr.exec:\rffxxxr.exe93⤵
-
\??\c:\hntbtt.exec:\hntbtt.exe94⤵
-
\??\c:\ntbhbb.exec:\ntbhbb.exe95⤵
-
\??\c:\jddvp.exec:\jddvp.exe96⤵
-
\??\c:\ddjdj.exec:\ddjdj.exe97⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe98⤵
-
\??\c:\flrllff.exec:\flrllff.exe99⤵
-
\??\c:\1lfffff.exec:\1lfffff.exe100⤵
-
\??\c:\1rrxxrl.exec:\1rrxxrl.exe101⤵
-
\??\c:\nnnnnn.exec:\nnnnnn.exe102⤵
-
\??\c:\3nbtht.exec:\3nbtht.exe103⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe104⤵
-
\??\c:\jddvv.exec:\jddvv.exe105⤵
-
\??\c:\rxffffx.exec:\rxffffx.exe106⤵
-
\??\c:\ffrllrr.exec:\ffrllrr.exe107⤵
-
\??\c:\tnnnth.exec:\tnnnth.exe108⤵
-
\??\c:\hbtnnt.exec:\hbtnnt.exe109⤵
-
\??\c:\7tbbhh.exec:\7tbbhh.exe110⤵
-
\??\c:\1dppv.exec:\1dppv.exe111⤵
-
\??\c:\bhtnnn.exec:\bhtnnn.exe112⤵
-
\??\c:\9djjd.exec:\9djjd.exe113⤵
-
\??\c:\fxrlfff.exec:\fxrlfff.exe114⤵
-
\??\c:\1rxrrlx.exec:\1rxrrlx.exe115⤵
-
\??\c:\hbhttt.exec:\hbhttt.exe116⤵
-
\??\c:\dvvjd.exec:\dvvjd.exe117⤵
-
\??\c:\ppjdp.exec:\ppjdp.exe118⤵
-
\??\c:\jjvvd.exec:\jjvvd.exe119⤵
-
\??\c:\flxrfxx.exec:\flxrfxx.exe120⤵
-
\??\c:\tttttn.exec:\tttttn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-