Analysis
-
max time kernel
150s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
14/09/2024, 02:17
General
-
Target
d9aec05d623bb6ffb81286d7f88e0396f0f561816c4e9f6220a5dc1f2e036279.exe
-
Size
76KB
-
MD5
76fc9680c506c6291b48291a08ae8508
-
SHA1
020fcbf433f0e329475c08520cb0a98e133d96ba
-
SHA256
d9aec05d623bb6ffb81286d7f88e0396f0f561816c4e9f6220a5dc1f2e036279
-
SHA512
1426705a2f123c402bb4b731f41acc6669a4c132985875ffd2d799783418858e96ea94e9ac61b794a69c95a6fa7cca03088d0d36e4b2bd432c733ec03d5b52e2
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzk358nLA89OGvrFVHmP7w:ymb3NkkiQ3mdBjFIvl358nLA89OMFVHH
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d9aec05d623bb6ffb81286d7f88e0396f0f561816c4e9f6220a5dc1f2e036279.exe"C:\Users\Admin\AppData\Local\Temp\d9aec05d623bb6ffb81286d7f88e0396f0f561816c4e9f6220a5dc1f2e036279.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\frxxffx.exec:\frxxffx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvvv.exec:\jdvvv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvjd.exec:\jvvjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2802060.exec:\2802060.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\846084.exec:\846084.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w84422.exec:\w84422.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0200448.exec:\0200448.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhnnn.exec:\tnhnnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2444468.exec:\2444468.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdv.exec:\pdjdv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\668260.exec:\668260.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjjv.exec:\vdjjv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhthbb.exec:\hhthbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\264fxx.exec:\264fxx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlxlxf.exec:\rrlxlxf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1djjd.exec:\1djjd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttttb.exec:\bttttb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k40088.exec:\k40088.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjdd.exec:\djjdd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hhhhb.exec:\5hhhhb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjdv.exec:\vdjdv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\84428.exec:\84428.exe23⤵
- Executes dropped EXE
-
\??\c:\0220462.exec:\0220462.exe24⤵
- Executes dropped EXE
-
\??\c:\m0262.exec:\m0262.exe25⤵
- Executes dropped EXE
-
\??\c:\4024422.exec:\4024422.exe26⤵
- Executes dropped EXE
-
\??\c:\nhbhnh.exec:\nhbhnh.exe27⤵
- Executes dropped EXE
-
\??\c:\e62600.exec:\e62600.exe28⤵
- Executes dropped EXE
-
\??\c:\thtnbn.exec:\thtnbn.exe29⤵
- Executes dropped EXE
-
\??\c:\jppdp.exec:\jppdp.exe30⤵
- Executes dropped EXE
-
\??\c:\7bhnhh.exec:\7bhnhh.exe31⤵
- Executes dropped EXE
-
\??\c:\hbnnbt.exec:\hbnnbt.exe32⤵
- Executes dropped EXE
-
\??\c:\nbhbtt.exec:\nbhbtt.exe33⤵
- Executes dropped EXE
-
\??\c:\tntnbt.exec:\tntnbt.exe34⤵
- Executes dropped EXE
-
\??\c:\44648.exec:\44648.exe35⤵
- Executes dropped EXE
-
\??\c:\rfxlfxr.exec:\rfxlfxr.exe36⤵
- Executes dropped EXE
-
\??\c:\jdjjj.exec:\jdjjj.exe37⤵
- Executes dropped EXE
-
\??\c:\82640.exec:\82640.exe38⤵
- Executes dropped EXE
-
\??\c:\9xlfffl.exec:\9xlfffl.exe39⤵
- Executes dropped EXE
-
\??\c:\rlxxrlf.exec:\rlxxrlf.exe40⤵
- Executes dropped EXE
-
\??\c:\60022.exec:\60022.exe41⤵
- Executes dropped EXE
-
\??\c:\xxxxffl.exec:\xxxxffl.exe42⤵
- Executes dropped EXE
-
\??\c:\8468262.exec:\8468262.exe43⤵
- Executes dropped EXE
-
\??\c:\6846046.exec:\6846046.exe44⤵
- Executes dropped EXE
-
\??\c:\pjjjv.exec:\pjjjv.exe45⤵
- Executes dropped EXE
-
\??\c:\rffrxrf.exec:\rffrxrf.exe46⤵
- Executes dropped EXE
-
\??\c:\2668664.exec:\2668664.exe47⤵
- Executes dropped EXE
-
\??\c:\9hhhbb.exec:\9hhhbb.exe48⤵
- Executes dropped EXE
-
\??\c:\g4684.exec:\g4684.exe49⤵
- Executes dropped EXE
-
\??\c:\7vddj.exec:\7vddj.exe50⤵
- Executes dropped EXE
-
\??\c:\hbhbbh.exec:\hbhbbh.exe51⤵
- Executes dropped EXE
-
\??\c:\26828.exec:\26828.exe52⤵
- Executes dropped EXE
-
\??\c:\8444448.exec:\8444448.exe53⤵
- Executes dropped EXE
-
\??\c:\3tbbhh.exec:\3tbbhh.exe54⤵
- Executes dropped EXE
-
\??\c:\jpjjp.exec:\jpjjp.exe55⤵
- Executes dropped EXE
-
\??\c:\rrfxxfr.exec:\rrfxxfr.exe56⤵
- Executes dropped EXE
-
\??\c:\hbbbbb.exec:\hbbbbb.exe57⤵
- Executes dropped EXE
-
\??\c:\04266.exec:\04266.exe58⤵
- Executes dropped EXE
-
\??\c:\886600.exec:\886600.exe59⤵
- Executes dropped EXE
-
\??\c:\ttntnh.exec:\ttntnh.exe60⤵
- Executes dropped EXE
-
\??\c:\468866.exec:\468866.exe61⤵
- Executes dropped EXE
-
\??\c:\9jdvj.exec:\9jdvj.exe62⤵
- Executes dropped EXE
-
\??\c:\280822.exec:\280822.exe63⤵
- Executes dropped EXE
-
\??\c:\ntnhtb.exec:\ntnhtb.exe64⤵
- Executes dropped EXE
-
\??\c:\426828.exec:\426828.exe65⤵
- Executes dropped EXE
-
\??\c:\vpddp.exec:\vpddp.exe66⤵
-
\??\c:\thhhnn.exec:\thhhnn.exe67⤵
-
\??\c:\282408.exec:\282408.exe68⤵
-
\??\c:\02088.exec:\02088.exe69⤵
-
\??\c:\rlfxffr.exec:\rlfxffr.exe70⤵
-
\??\c:\pjjvd.exec:\pjjvd.exe71⤵
-
\??\c:\hhbttt.exec:\hhbttt.exe72⤵
-
\??\c:\dvppp.exec:\dvppp.exe73⤵
-
\??\c:\xxllxll.exec:\xxllxll.exe74⤵
-
\??\c:\pdppd.exec:\pdppd.exe75⤵
-
\??\c:\44220.exec:\44220.exe76⤵
-
\??\c:\fxlllrr.exec:\fxlllrr.exe77⤵
-
\??\c:\9rxrllf.exec:\9rxrllf.exe78⤵
-
\??\c:\9bbbbh.exec:\9bbbbh.exe79⤵
-
\??\c:\tbbbtt.exec:\tbbbtt.exe80⤵
-
\??\c:\thhhhh.exec:\thhhhh.exe81⤵
-
\??\c:\i248046.exec:\i248046.exe82⤵
-
\??\c:\ppvvv.exec:\ppvvv.exe83⤵
-
\??\c:\202483b.exec:\202483b.exe84⤵
-
\??\c:\thbtbb.exec:\thbtbb.exe85⤵
-
\??\c:\ntbtnn.exec:\ntbtnn.exe86⤵
-
\??\c:\86604.exec:\86604.exe87⤵
-
\??\c:\8262260.exec:\8262260.exe88⤵
-
\??\c:\frfrllr.exec:\frfrllr.exe89⤵
-
\??\c:\nbbthh.exec:\nbbthh.exe90⤵
-
\??\c:\3flfxxr.exec:\3flfxxr.exe91⤵
-
\??\c:\4466228.exec:\4466228.exe92⤵
-
\??\c:\6288882.exec:\6288882.exe93⤵
-
\??\c:\lfrxxrr.exec:\lfrxxrr.exe94⤵
-
\??\c:\8862286.exec:\8862286.exe95⤵
-
\??\c:\20266.exec:\20266.exe96⤵
-
\??\c:\1lxxflx.exec:\1lxxflx.exe97⤵
-
\??\c:\u622008.exec:\u622008.exe98⤵
-
\??\c:\bhnhhb.exec:\bhnhhb.exe99⤵
-
\??\c:\6026224.exec:\6026224.exe100⤵
-
\??\c:\a2482.exec:\a2482.exe101⤵
- System Location Discovery: System Language Discovery
-
\??\c:\dpvpd.exec:\dpvpd.exe102⤵
-
\??\c:\flflffx.exec:\flflffx.exe103⤵
-
\??\c:\pjpvp.exec:\pjpvp.exe104⤵
-
\??\c:\c622000.exec:\c622000.exe105⤵
-
\??\c:\9ttnnn.exec:\9ttnnn.exe106⤵
-
\??\c:\dpvdv.exec:\dpvdv.exe107⤵
-
\??\c:\1vvjv.exec:\1vvjv.exe108⤵
-
\??\c:\thhhtn.exec:\thhhtn.exe109⤵
-
\??\c:\vjppd.exec:\vjppd.exe110⤵
-
\??\c:\6404662.exec:\6404662.exe111⤵
-
\??\c:\4688228.exec:\4688228.exe112⤵
-
\??\c:\xrfxrlf.exec:\xrfxrlf.exe113⤵
-
\??\c:\lffxxrr.exec:\lffxxrr.exe114⤵
-
\??\c:\nbbttn.exec:\nbbttn.exe115⤵
-
\??\c:\202266.exec:\202266.exe116⤵
-
\??\c:\bhhbhh.exec:\bhhbhh.exe117⤵
-
\??\c:\84662.exec:\84662.exe118⤵
-
\??\c:\xrfxlfx.exec:\xrfxlfx.exe119⤵
-
\??\c:\fflflff.exec:\fflflff.exe120⤵
-
\??\c:\9dvvp.exec:\9dvvp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-