Analysis
-
max time kernel
120s -
max time network
98s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
14/09/2024, 00:45
General
-
Target
a35864cb42194101f992262cf7498280N.exe
-
Size
75KB
-
MD5
a35864cb42194101f992262cf7498280
-
SHA1
a35188aaf9c9611fcc441dd3026879f481f78e1a
-
SHA256
3fa71f662646bc7ecc2241af7b44678f9b6fa952e97d6ec5364a0fddf502b5c0
-
SHA512
292be8498e186316095b6feada43d99e5a68de2c4b52eb8f1aed771f52890357ca7caafb6a089abcae6d1fce39c4450403b252cbe60b52f5c901d1e9c57c72ad
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzk358nLA89OGvrFVHmPaZ:ymb3NkkiQ3mdBjFIvl358nLA89OMFVHL
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a35864cb42194101f992262cf7498280N.exe"C:\Users\Admin\AppData\Local\Temp\a35864cb42194101f992262cf7498280N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\btbttt.exec:\btbttt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvddv.exec:\jvddv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrffxl.exec:\xlrffxl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthbtt.exec:\bthbtt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrlll.exec:\fxxrlll.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthnnn.exec:\hthnnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjd.exec:\pjpjd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvjd.exec:\ddvjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbtb.exec:\hbhbtb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvppj.exec:\jvppj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrfxx.exec:\fxxrfxx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bbtnn.exec:\7bbtnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvj.exec:\jvdvj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrlflf.exec:\llrlflf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnhtn.exec:\bhnhtn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjvv.exec:\dpjvv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lrrxfl.exec:\3lrrxfl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfllx.exec:\lflfllx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hnhnn.exec:\5hnhnn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvjd.exec:\pjvjd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxxxlx.exec:\llxxxlx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7thbhh.exec:\7thbhh.exe23⤵
- Executes dropped EXE
-
\??\c:\pvjdp.exec:\pvjdp.exe24⤵
- Executes dropped EXE
-
\??\c:\rlrrrff.exec:\rlrrrff.exe25⤵
- Executes dropped EXE
-
\??\c:\xxxrrrl.exec:\xxxrrrl.exe26⤵
- Executes dropped EXE
-
\??\c:\9hbbth.exec:\9hbbth.exe27⤵
- Executes dropped EXE
-
\??\c:\dvddd.exec:\dvddd.exe28⤵
- Executes dropped EXE
-
\??\c:\ddvpp.exec:\ddvpp.exe29⤵
- Executes dropped EXE
-
\??\c:\fxrxxlr.exec:\fxrxxlr.exe30⤵
- Executes dropped EXE
-
\??\c:\tttbbb.exec:\tttbbb.exe31⤵
- Executes dropped EXE
-
\??\c:\9rfffff.exec:\9rfffff.exe32⤵
- Executes dropped EXE
-
\??\c:\xxxrlll.exec:\xxxrlll.exe33⤵
- Executes dropped EXE
-
\??\c:\ntbtbh.exec:\ntbtbh.exe34⤵
- Executes dropped EXE
-
\??\c:\pvjjv.exec:\pvjjv.exe35⤵
- Executes dropped EXE
-
\??\c:\frrfrfr.exec:\frrfrfr.exe36⤵
- Executes dropped EXE
-
\??\c:\hhbhbn.exec:\hhbhbn.exe37⤵
- Executes dropped EXE
-
\??\c:\ddddj.exec:\ddddj.exe38⤵
- Executes dropped EXE
-
\??\c:\vjddv.exec:\vjddv.exe39⤵
- Executes dropped EXE
-
\??\c:\lfxrllr.exec:\lfxrllr.exe40⤵
- Executes dropped EXE
-
\??\c:\bhnnth.exec:\bhnnth.exe41⤵
- Executes dropped EXE
-
\??\c:\nnbbnn.exec:\nnbbnn.exe42⤵
- Executes dropped EXE
-
\??\c:\lrrrlll.exec:\lrrrlll.exe43⤵
- Executes dropped EXE
-
\??\c:\frlxlxx.exec:\frlxlxx.exe44⤵
- Executes dropped EXE
-
\??\c:\btbhbn.exec:\btbhbn.exe45⤵
- Executes dropped EXE
-
\??\c:\3jvdp.exec:\3jvdp.exe46⤵
- Executes dropped EXE
-
\??\c:\lfflllf.exec:\lfflllf.exe47⤵
- Executes dropped EXE
-
\??\c:\lxlffxx.exec:\lxlffxx.exe48⤵
- Executes dropped EXE
-
\??\c:\9bbttt.exec:\9bbttt.exe49⤵
- Executes dropped EXE
-
\??\c:\9ttbtt.exec:\9ttbtt.exe50⤵
- Executes dropped EXE
-
\??\c:\jdjdv.exec:\jdjdv.exe51⤵
- Executes dropped EXE
-
\??\c:\lffflrr.exec:\lffflrr.exe52⤵
- Executes dropped EXE
-
\??\c:\ttbthh.exec:\ttbthh.exe53⤵
- Executes dropped EXE
-
\??\c:\btbbhh.exec:\btbbhh.exe54⤵
- Executes dropped EXE
-
\??\c:\pvdvv.exec:\pvdvv.exe55⤵
- Executes dropped EXE
-
\??\c:\pdjdv.exec:\pdjdv.exe56⤵
- Executes dropped EXE
-
\??\c:\rxxxrxx.exec:\rxxxrxx.exe57⤵
- Executes dropped EXE
-
\??\c:\flxlrrl.exec:\flxlrrl.exe58⤵
- Executes dropped EXE
-
\??\c:\bnhtbh.exec:\bnhtbh.exe59⤵
- Executes dropped EXE
-
\??\c:\jpddp.exec:\jpddp.exe60⤵
- Executes dropped EXE
-
\??\c:\ppjpj.exec:\ppjpj.exe61⤵
- Executes dropped EXE
-
\??\c:\xrllflr.exec:\xrllflr.exe62⤵
- Executes dropped EXE
-
\??\c:\lfxxfrx.exec:\lfxxfrx.exe63⤵
- Executes dropped EXE
-
\??\c:\bhnhhb.exec:\bhnhhb.exe64⤵
- Executes dropped EXE
-
\??\c:\jvddj.exec:\jvddj.exe65⤵
- Executes dropped EXE
-
\??\c:\ppjpj.exec:\ppjpj.exe66⤵
-
\??\c:\xrfllll.exec:\xrfllll.exe67⤵
-
\??\c:\tthnbt.exec:\tthnbt.exe68⤵
-
\??\c:\ttnhbt.exec:\ttnhbt.exe69⤵
-
\??\c:\ppvdp.exec:\ppvdp.exe70⤵
-
\??\c:\jjpvp.exec:\jjpvp.exe71⤵
-
\??\c:\xxxxxxf.exec:\xxxxxxf.exe72⤵
-
\??\c:\rffffff.exec:\rffffff.exe73⤵
-
\??\c:\btbttb.exec:\btbttb.exe74⤵
-
\??\c:\vvppj.exec:\vvppj.exe75⤵
-
\??\c:\9ppjj.exec:\9ppjj.exe76⤵
-
\??\c:\fxllfff.exec:\fxllfff.exe77⤵
-
\??\c:\fflfrrl.exec:\fflfrrl.exe78⤵
- System Location Discovery: System Language Discovery
-
\??\c:\1ntnnb.exec:\1ntnnb.exe79⤵
-
\??\c:\djjjj.exec:\djjjj.exe80⤵
-
\??\c:\xlxrlxx.exec:\xlxrlxx.exe81⤵
-
\??\c:\3xxlffx.exec:\3xxlffx.exe82⤵
-
\??\c:\hhbnth.exec:\hhbnth.exe83⤵
-
\??\c:\hnhtht.exec:\hnhtht.exe84⤵
-
\??\c:\pppjd.exec:\pppjd.exe85⤵
-
\??\c:\vvvvp.exec:\vvvvp.exe86⤵
-
\??\c:\xxfflff.exec:\xxfflff.exe87⤵
-
\??\c:\hhbhbh.exec:\hhbhbh.exe88⤵
-
\??\c:\tbtnbh.exec:\tbtnbh.exe89⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe90⤵
-
\??\c:\xrrlllx.exec:\xrrlllx.exe91⤵
-
\??\c:\lrxxxxf.exec:\lrxxxxf.exe92⤵
-
\??\c:\7bnhhn.exec:\7bnhhn.exe93⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe94⤵
-
\??\c:\jdvdv.exec:\jdvdv.exe95⤵
-
\??\c:\9rrrfll.exec:\9rrrfll.exe96⤵
- System Location Discovery: System Language Discovery
-
\??\c:\1nhhbt.exec:\1nhhbt.exe97⤵
-
\??\c:\bbttnt.exec:\bbttnt.exe98⤵
-
\??\c:\dpddv.exec:\dpddv.exe99⤵
-
\??\c:\9xrlllf.exec:\9xrlllf.exe100⤵
-
\??\c:\fffffrx.exec:\fffffrx.exe101⤵
-
\??\c:\1hhhbh.exec:\1hhhbh.exe102⤵
-
\??\c:\jjvvv.exec:\jjvvv.exe103⤵
-
\??\c:\xrlffff.exec:\xrlffff.exe104⤵
-
\??\c:\bbhhnn.exec:\bbhhnn.exe105⤵
-
\??\c:\pdjjv.exec:\pdjjv.exe106⤵
-
\??\c:\flffxxx.exec:\flffxxx.exe107⤵
-
\??\c:\thnbbh.exec:\thnbbh.exe108⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe109⤵
-
\??\c:\rfrrxlr.exec:\rfrrxlr.exe110⤵
-
\??\c:\nhnhhh.exec:\nhnhhh.exe111⤵
-
\??\c:\nnbnnt.exec:\nnbnnt.exe112⤵
-
\??\c:\jddvv.exec:\jddvv.exe113⤵
-
\??\c:\1pjdv.exec:\1pjdv.exe114⤵
-
\??\c:\llffllx.exec:\llffllx.exe115⤵
-
\??\c:\hhhbtt.exec:\hhhbtt.exe116⤵
-
\??\c:\5tnhhh.exec:\5tnhhh.exe117⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe118⤵
-
\??\c:\xrxrrxf.exec:\xrxrrxf.exe119⤵
-
\??\c:\1rrfffx.exec:\1rrfffx.exe120⤵
-
\??\c:\btbttt.exec:\btbttt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-