Analysis
-
max time kernel
120s -
max time network
92s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
14/09/2024, 20:25
General
-
Target
e62493d8d5956aa18ba9beb262a4f940N.exe
-
Size
82KB
-
MD5
e62493d8d5956aa18ba9beb262a4f940
-
SHA1
1f12cf9711fe1b8dd3df072ac3262072e21a2de7
-
SHA256
e5845b89a61117a091f7773254c2f4506f5d2a7860a5e82864f5582552780663
-
SHA512
b3e778e782f17490dc26e738c17208a5cf797b1683519674e9906303514633394218a64974cad473d3c23daa43a64e86fced7461934eed095d6e22022b58ae71
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA89QQ3:ymb3NkkiQ3mdBjFIIp9L9QrrA8B3
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e62493d8d5956aa18ba9beb262a4f940N.exe"C:\Users\Admin\AppData\Local\Temp\e62493d8d5956aa18ba9beb262a4f940N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7jjjd.exec:\7jjjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdp.exec:\pdjdp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllfxxx.exec:\lllfxxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxrrrl.exec:\lxxrrrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhbbt.exec:\nnhbbt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxlfxr.exec:\xxxlfxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnntt.exec:\bhnntt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhbb.exec:\bnnhbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppjp.exec:\pppjp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxffffx.exec:\lxffffx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbbtt.exec:\bnbbtt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjvp.exec:\vdjvp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlllxxr.exec:\xlllxxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnnhh.exec:\btnnhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvvv.exec:\vdvvv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pjdv.exec:\9pjdv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfxllx.exec:\llfxllx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httbht.exec:\httbht.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpj.exec:\jvvpj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxfxff.exec:\rlxfxff.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbttt.exec:\nhbttt.exe22⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnhbb.exec:\hhnhbb.exe23⤵
- Executes dropped EXE
-
\??\c:\djvdv.exec:\djvdv.exe24⤵
- Executes dropped EXE
-
\??\c:\rflflrx.exec:\rflflrx.exe25⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\ntbttt.exec:\ntbttt.exe26⤵
- Executes dropped EXE
-
\??\c:\bbttnb.exec:\bbttnb.exe27⤵
- Executes dropped EXE
-
\??\c:\pdvpv.exec:\pdvpv.exe28⤵
- Executes dropped EXE
-
\??\c:\jpvpd.exec:\jpvpd.exe29⤵
- Executes dropped EXE
-
\??\c:\xfxlffx.exec:\xfxlffx.exe30⤵
- Executes dropped EXE
-
\??\c:\nhhbtn.exec:\nhhbtn.exe31⤵
- Executes dropped EXE
-
\??\c:\htbtnt.exec:\htbtnt.exe32⤵
- Executes dropped EXE
-
\??\c:\ddvpj.exec:\ddvpj.exe33⤵
- Executes dropped EXE
-
\??\c:\rflxlll.exec:\rflxlll.exe34⤵
- Executes dropped EXE
-
\??\c:\fxffxxr.exec:\fxffxxr.exe35⤵
- Executes dropped EXE
-
\??\c:\tnhbnn.exec:\tnhbnn.exe36⤵
- Executes dropped EXE
-
\??\c:\nbnhhb.exec:\nbnhhb.exe37⤵
- Executes dropped EXE
-
\??\c:\pjdpp.exec:\pjdpp.exe38⤵
- Executes dropped EXE
-
\??\c:\5vvvv.exec:\5vvvv.exe39⤵
- Executes dropped EXE
-
\??\c:\lllfxrr.exec:\lllfxrr.exe40⤵
- Executes dropped EXE
-
\??\c:\hhbbtt.exec:\hhbbtt.exe41⤵
- Executes dropped EXE
-
\??\c:\thhthn.exec:\thhthn.exe42⤵
- Executes dropped EXE
-
\??\c:\jdvpd.exec:\jdvpd.exe43⤵
- Executes dropped EXE
-
\??\c:\dpvjd.exec:\dpvjd.exe44⤵
- Executes dropped EXE
-
\??\c:\xllfrrl.exec:\xllfrrl.exe45⤵
- Executes dropped EXE
-
\??\c:\xflfffx.exec:\xflfffx.exe46⤵
- Executes dropped EXE
-
\??\c:\hhbthb.exec:\hhbthb.exe47⤵
- Executes dropped EXE
-
\??\c:\bnnbtt.exec:\bnnbtt.exe48⤵
- Executes dropped EXE
-
\??\c:\vvpjd.exec:\vvpjd.exe49⤵
- Executes dropped EXE
-
\??\c:\dvddp.exec:\dvddp.exe50⤵
- Executes dropped EXE
-
\??\c:\rrrlffx.exec:\rrrlffx.exe51⤵
- Executes dropped EXE
-
\??\c:\lrxrrll.exec:\lrxrrll.exe52⤵
- Executes dropped EXE
-
\??\c:\thttbb.exec:\thttbb.exe53⤵
- Executes dropped EXE
-
\??\c:\bhnhbt.exec:\bhnhbt.exe54⤵
- Executes dropped EXE
-
\??\c:\dvjpj.exec:\dvjpj.exe55⤵
- Executes dropped EXE
-
\??\c:\dvvvv.exec:\dvvvv.exe56⤵
- Executes dropped EXE
-
\??\c:\rxrlfff.exec:\rxrlfff.exe57⤵
- Executes dropped EXE
-
\??\c:\rfllffx.exec:\rfllffx.exe58⤵
- Executes dropped EXE
-
\??\c:\nnhhbb.exec:\nnhhbb.exe59⤵
- Executes dropped EXE
-
\??\c:\hbtnhh.exec:\hbtnhh.exe60⤵
- Executes dropped EXE
-
\??\c:\pvjdd.exec:\pvjdd.exe61⤵
- Executes dropped EXE
-
\??\c:\pvvpj.exec:\pvvpj.exe62⤵
- Executes dropped EXE
-
\??\c:\xrrlffx.exec:\xrrlffx.exe63⤵
- Executes dropped EXE
-
\??\c:\7xxxrrr.exec:\7xxxrrr.exe64⤵
- Executes dropped EXE
-
\??\c:\nhhbtt.exec:\nhhbtt.exe65⤵
- Executes dropped EXE
-
\??\c:\btttnb.exec:\btttnb.exe66⤵
-
\??\c:\jjpdd.exec:\jjpdd.exe67⤵
-
\??\c:\vvjvv.exec:\vvjvv.exe68⤵
-
\??\c:\xrxxllf.exec:\xrxxllf.exe69⤵
-
\??\c:\7xxrllf.exec:\7xxrllf.exe70⤵
-
\??\c:\1nhhbh.exec:\1nhhbh.exe71⤵
-
\??\c:\tnnhhh.exec:\tnnhhh.exe72⤵
-
\??\c:\djddv.exec:\djddv.exe73⤵
-
\??\c:\jpvpp.exec:\jpvpp.exe74⤵
-
\??\c:\9fffxxx.exec:\9fffxxx.exe75⤵
-
\??\c:\rxffxxx.exec:\rxffxxx.exe76⤵
-
\??\c:\hnnhbt.exec:\hnnhbt.exe77⤵
-
\??\c:\5thbbn.exec:\5thbbn.exe78⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe79⤵
-
\??\c:\3vpjp.exec:\3vpjp.exe80⤵
-
\??\c:\rlxxrlr.exec:\rlxxrlr.exe81⤵
-
\??\c:\flfffxx.exec:\flfffxx.exe82⤵
-
\??\c:\nbbbtt.exec:\nbbbtt.exe83⤵
-
\??\c:\nhnhhh.exec:\nhnhhh.exe84⤵
-
\??\c:\ppdvp.exec:\ppdvp.exe85⤵
-
\??\c:\fxrrffx.exec:\fxrrffx.exe86⤵
-
\??\c:\lrffxxr.exec:\lrffxxr.exe87⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe88⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe89⤵
-
\??\c:\xxxrlll.exec:\xxxrlll.exe90⤵
-
\??\c:\lfrrlrl.exec:\lfrrlrl.exe91⤵
-
\??\c:\nhtnnn.exec:\nhtnnn.exe92⤵
-
\??\c:\pvddv.exec:\pvddv.exe93⤵
-
\??\c:\1jpjd.exec:\1jpjd.exe94⤵
-
\??\c:\flrrrfl.exec:\flrrrfl.exe95⤵
-
\??\c:\hthhhh.exec:\hthhhh.exe96⤵
-
\??\c:\httnhh.exec:\httnhh.exe97⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe98⤵
-
\??\c:\7xrlxrl.exec:\7xrlxrl.exe99⤵
-
\??\c:\flllxrl.exec:\flllxrl.exe100⤵
-
\??\c:\hnbbtt.exec:\hnbbtt.exe101⤵
-
\??\c:\dddvp.exec:\dddvp.exe102⤵
-
\??\c:\dpppj.exec:\dpppj.exe103⤵
-
\??\c:\frxxrrl.exec:\frxxrrl.exe104⤵
-
\??\c:\rlxrxxf.exec:\rlxrxxf.exe105⤵
-
\??\c:\btbbtt.exec:\btbbtt.exe106⤵
-
\??\c:\hbhhbn.exec:\hbhhbn.exe107⤵
-
\??\c:\pdvpv.exec:\pdvpv.exe108⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe109⤵
-
\??\c:\fxlllfl.exec:\fxlllfl.exe110⤵
-
\??\c:\7rxxfxl.exec:\7rxxfxl.exe111⤵
-
\??\c:\btttbh.exec:\btttbh.exe112⤵
-
\??\c:\3ttnnt.exec:\3ttnnt.exe113⤵
-
\??\c:\pvddd.exec:\pvddd.exe114⤵
-
\??\c:\1rlfxrl.exec:\1rlfxrl.exe115⤵
-
\??\c:\1lrrrrl.exec:\1lrrrrl.exe116⤵
-
\??\c:\thhbtt.exec:\thhbtt.exe117⤵
-
\??\c:\hbbnhb.exec:\hbbnhb.exe118⤵
-
\??\c:\pjpdv.exec:\pjpdv.exe119⤵
-
\??\c:\djdvp.exec:\djdvp.exe120⤵
-
\??\c:\rflfxrr.exec:\rflfxrr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-