Analysis
-
max time kernel
120s -
max time network
102s -
platform
windows10-2004_x64 -
resource
win10v2004-20240910-en -
resource tags
-
submitted
14/09/2024, 20:47
General
-
Target
1be8f5a2eac89f517bb65fdafa0c5ca0N.exe
-
Size
75KB
-
MD5
1be8f5a2eac89f517bb65fdafa0c5ca0
-
SHA1
2647a145e2510d69ca7f38c70170b71f7c79642c
-
SHA256
99614a00db9c0011ef6ab134a3d1f4114d45e020df191f89dcd7e66be710852e
-
SHA512
497c4d2510ae0444b6bf4bfcfc539d9c95de0f5bbb4217cd1816e50234433d3558a00bbbc9881e68c0868d64f10b65fc49d9e978b458a68cafa98cc6a9a1a285
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzk358nLA89OGvrFVHmPL:ymb3NkkiQ3mdBjFIvl358nLA89OMFVHg
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1be8f5a2eac89f517bb65fdafa0c5ca0N.exe"C:\Users\Admin\AppData\Local\Temp\1be8f5a2eac89f517bb65fdafa0c5ca0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3vvpp.exec:\3vvpp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlllllf.exec:\xlllllf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhnhh.exec:\hnhnhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddj.exec:\dvddj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjj.exec:\jdpjj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllflrl.exec:\lllflrl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnhnn.exec:\hbnhnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvpv.exec:\dpvpv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjj.exec:\pjpjj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhttt.exec:\bhhttt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppppj.exec:\ppppj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lxxrrr.exec:\7lxxrrr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbbbt.exec:\nnbbbt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nbbhn.exec:\1nbbhn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddv.exec:\vvddv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrlffx.exec:\frrlffx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthbtt.exec:\tthbtt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppjd.exec:\pppjd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlrrf.exec:\fxrlrrf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbtnn.exec:\ntbtnn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhbb.exec:\tnnhbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvjp.exec:\pvvjp.exe23⤵
- Executes dropped EXE
-
\??\c:\3xlxrrr.exec:\3xlxrrr.exe24⤵
- Executes dropped EXE
-
\??\c:\bntnhh.exec:\bntnhh.exe25⤵
- Executes dropped EXE
-
\??\c:\jjvvj.exec:\jjvvj.exe26⤵
- Executes dropped EXE
-
\??\c:\vvvdd.exec:\vvvdd.exe27⤵
- Executes dropped EXE
-
\??\c:\5lrfffx.exec:\5lrfffx.exe28⤵
- Executes dropped EXE
-
\??\c:\tbhttt.exec:\tbhttt.exe29⤵
- Executes dropped EXE
-
\??\c:\dddpj.exec:\dddpj.exe30⤵
- Executes dropped EXE
-
\??\c:\9djdv.exec:\9djdv.exe31⤵
- Executes dropped EXE
-
\??\c:\5rfxxxf.exec:\5rfxxxf.exe32⤵
- Executes dropped EXE
-
\??\c:\hhhthb.exec:\hhhthb.exe33⤵
- Executes dropped EXE
-
\??\c:\9vdvv.exec:\9vdvv.exe34⤵
- Executes dropped EXE
-
\??\c:\jdvvp.exec:\jdvvp.exe35⤵
- Executes dropped EXE
-
\??\c:\nbhbbb.exec:\nbhbbb.exe36⤵
- Executes dropped EXE
-
\??\c:\bbhbtb.exec:\bbhbtb.exe37⤵
- Executes dropped EXE
-
\??\c:\vpvjd.exec:\vpvjd.exe38⤵
- Executes dropped EXE
-
\??\c:\rrlxrfr.exec:\rrlxrfr.exe39⤵
- Executes dropped EXE
-
\??\c:\nhhbbn.exec:\nhhbbn.exe40⤵
- Executes dropped EXE
-
\??\c:\7btbtb.exec:\7btbtb.exe41⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\fxfrxfl.exec:\fxfrxfl.exe42⤵
- Executes dropped EXE
-
\??\c:\tnbtnn.exec:\tnbtnn.exe43⤵
- Executes dropped EXE
-
\??\c:\jjvpp.exec:\jjvpp.exe44⤵
- Executes dropped EXE
-
\??\c:\vpvvp.exec:\vpvvp.exe45⤵
- Executes dropped EXE
-
\??\c:\lxxlfxl.exec:\lxxlfxl.exe46⤵
- Executes dropped EXE
-
\??\c:\9nthbb.exec:\9nthbb.exe47⤵
- Executes dropped EXE
-
\??\c:\djddv.exec:\djddv.exe48⤵
- Executes dropped EXE
-
\??\c:\djdvd.exec:\djdvd.exe49⤵
- Executes dropped EXE
-
\??\c:\btntnh.exec:\btntnh.exe50⤵
- Executes dropped EXE
-
\??\c:\ppvpp.exec:\ppvpp.exe51⤵
- Executes dropped EXE
-
\??\c:\dvjjj.exec:\dvjjj.exe52⤵
- Executes dropped EXE
-
\??\c:\xfxrrff.exec:\xfxrrff.exe53⤵
- Executes dropped EXE
-
\??\c:\hbttnt.exec:\hbttnt.exe54⤵
- Executes dropped EXE
-
\??\c:\5dpvv.exec:\5dpvv.exe55⤵
- Executes dropped EXE
-
\??\c:\jvvdd.exec:\jvvdd.exe56⤵
- Executes dropped EXE
-
\??\c:\7frlxfr.exec:\7frlxfr.exe57⤵
- Executes dropped EXE
-
\??\c:\bnnnnh.exec:\bnnnnh.exe58⤵
- Executes dropped EXE
-
\??\c:\9jvpj.exec:\9jvpj.exe59⤵
- Executes dropped EXE
-
\??\c:\lrrllff.exec:\lrrllff.exe60⤵
- Executes dropped EXE
-
\??\c:\hhbtbb.exec:\hhbtbb.exe61⤵
- Executes dropped EXE
-
\??\c:\jpddp.exec:\jpddp.exe62⤵
- Executes dropped EXE
-
\??\c:\xrxrlll.exec:\xrxrlll.exe63⤵
- Executes dropped EXE
-
\??\c:\3rrlflf.exec:\3rrlflf.exe64⤵
- Executes dropped EXE
-
\??\c:\thbthn.exec:\thbthn.exe65⤵
- Executes dropped EXE
-
\??\c:\ddjdj.exec:\ddjdj.exe66⤵
-
\??\c:\1djdv.exec:\1djdv.exe67⤵
-
\??\c:\xlrlllx.exec:\xlrlllx.exe68⤵
-
\??\c:\tttnhh.exec:\tttnhh.exe69⤵
-
\??\c:\bnhhhh.exec:\bnhhhh.exe70⤵
-
\??\c:\jdjpj.exec:\jdjpj.exe71⤵
-
\??\c:\dppdv.exec:\dppdv.exe72⤵
-
\??\c:\xrfffll.exec:\xrfffll.exe73⤵
-
\??\c:\fllfrrf.exec:\fllfrrf.exe74⤵
- System Location Discovery: System Language Discovery
-
\??\c:\nbhhbb.exec:\nbhhbb.exe75⤵
-
\??\c:\dppjp.exec:\dppjp.exe76⤵
-
\??\c:\9ppjd.exec:\9ppjd.exe77⤵
-
\??\c:\xxrxlxf.exec:\xxrxlxf.exe78⤵
-
\??\c:\btbttb.exec:\btbttb.exe79⤵
-
\??\c:\hhhhbb.exec:\hhhhbb.exe80⤵
-
\??\c:\djjdj.exec:\djjdj.exe81⤵
-
\??\c:\xlllffx.exec:\xlllffx.exe82⤵
-
\??\c:\3xrffrl.exec:\3xrffrl.exe83⤵
-
\??\c:\nnbhnt.exec:\nnbhnt.exe84⤵
-
\??\c:\7hnnbb.exec:\7hnnbb.exe85⤵
-
\??\c:\jjddd.exec:\jjddd.exe86⤵
-
\??\c:\jdvjd.exec:\jdvjd.exe87⤵
-
\??\c:\rlffxxr.exec:\rlffxxr.exe88⤵
-
\??\c:\5lrxlxr.exec:\5lrxlxr.exe89⤵
-
\??\c:\bnttnn.exec:\bnttnn.exe90⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe91⤵
-
\??\c:\3vjdd.exec:\3vjdd.exe92⤵
-
\??\c:\frfllll.exec:\frfllll.exe93⤵
-
\??\c:\frffxxx.exec:\frffxxx.exe94⤵
-
\??\c:\hbnhbh.exec:\hbnhbh.exe95⤵
-
\??\c:\tthnnt.exec:\tthnnt.exe96⤵
-
\??\c:\5dddv.exec:\5dddv.exe97⤵
-
\??\c:\9jdvv.exec:\9jdvv.exe98⤵
-
\??\c:\1lrlllf.exec:\1lrlllf.exe99⤵
-
\??\c:\rrrlfff.exec:\rrrlfff.exe100⤵
-
\??\c:\btbbbb.exec:\btbbbb.exe101⤵
-
\??\c:\jjpjd.exec:\jjpjd.exe102⤵
-
\??\c:\vvppv.exec:\vvppv.exe103⤵
-
\??\c:\xxffffl.exec:\xxffffl.exe104⤵
-
\??\c:\ffxlfrl.exec:\ffxlfrl.exe105⤵
-
\??\c:\hbbttt.exec:\hbbttt.exe106⤵
-
\??\c:\nthhnt.exec:\nthhnt.exe107⤵
-
\??\c:\dpppj.exec:\dpppj.exe108⤵
-
\??\c:\3pvvp.exec:\3pvvp.exe109⤵
-
\??\c:\9rfxxxx.exec:\9rfxxxx.exe110⤵
-
\??\c:\bhnhbb.exec:\bhnhbb.exe111⤵
-
\??\c:\jddvv.exec:\jddvv.exe112⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe113⤵
-
\??\c:\5hbtnt.exec:\5hbtnt.exe114⤵
-
\??\c:\jppjd.exec:\jppjd.exe115⤵
-
\??\c:\xxxrrrr.exec:\xxxrrrr.exe116⤵
-
\??\c:\3flffff.exec:\3flffff.exe117⤵
-
\??\c:\bthnnn.exec:\bthnnn.exe118⤵
-
\??\c:\dvjpj.exec:\dvjpj.exe119⤵
-
\??\c:\llxrfxl.exec:\llxrfxl.exe120⤵
-
\??\c:\bnbbbb.exec:\bnbbbb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-