Analysis
-
max time kernel
120s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240910-en -
resource tags
-
submitted
15/09/2024, 08:07
General
-
Target
c9e7780cef3b232ce9d4ebf13bbc6f10N.exe
-
Size
63KB
-
MD5
c9e7780cef3b232ce9d4ebf13bbc6f10
-
SHA1
3b27de6970169396ad39d1552444ee632a308117
-
SHA256
4610b4a5b1c8426b11db18a751258992b3f4978706aaa81182637b6667e9e6c6
-
SHA512
d75477827677e8e07feb0ef4510b0c5dd2bafcb10d018373cb9b4ca852052d07788e4cff92d5f50702bb0ccf0f124224fdc6aec706617eda83cef65c475747cc
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIrmCeRT:ymb3NkkiQ3mdBjFIje5
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 35 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c9e7780cef3b232ce9d4ebf13bbc6f10N.exe"C:\Users\Admin\AppData\Local\Temp\c9e7780cef3b232ce9d4ebf13bbc6f10N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lfllrrx.exec:\lfllrrx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frffxxx.exec:\frffxxx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnhbb.exec:\hhnhbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbbbh.exec:\hhbbbh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lfxrlf.exec:\3lfxrlf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfffffx.exec:\lfffffx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntntt.exec:\tntntt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbtnn.exec:\bbbtnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxxrlf.exec:\lxxxrlf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfflffx.exec:\lfflffx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhttnt.exec:\hhttnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvv.exec:\pjvvv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdppd.exec:\vdppd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrlfx.exec:\xrxrlfx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbtbt.exec:\hbbtbt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdvj.exec:\djdvj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvvp.exec:\jjvvp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrllxx.exec:\xlrllxx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbbh.exec:\nbhbbh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbtbb.exec:\btbtbb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpjd.exec:\vvpjd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flllrxr.exec:\flllrxr.exe23⤵
- Executes dropped EXE
-
\??\c:\flxrlll.exec:\flxrlll.exe24⤵
- Executes dropped EXE
-
\??\c:\nnbhnn.exec:\nnbhnn.exe25⤵
- Executes dropped EXE
-
\??\c:\dddvv.exec:\dddvv.exe26⤵
- Executes dropped EXE
-
\??\c:\dvpjd.exec:\dvpjd.exe27⤵
- Executes dropped EXE
-
\??\c:\5lxrrrr.exec:\5lxrrrr.exe28⤵
- Executes dropped EXE
-
\??\c:\hbbbbb.exec:\hbbbbb.exe29⤵
- Executes dropped EXE
-
\??\c:\nbbbnn.exec:\nbbbnn.exe30⤵
- Executes dropped EXE
-
\??\c:\1ppjd.exec:\1ppjd.exe31⤵
- Executes dropped EXE
-
\??\c:\fflllll.exec:\fflllll.exe32⤵
- Executes dropped EXE
-
\??\c:\5flllll.exec:\5flllll.exe33⤵
- Executes dropped EXE
-
\??\c:\ntbtnn.exec:\ntbtnn.exe34⤵
- Executes dropped EXE
-
\??\c:\bnbtbb.exec:\bnbtbb.exe35⤵
- Executes dropped EXE
-
\??\c:\vdjjj.exec:\vdjjj.exe36⤵
- Executes dropped EXE
-
\??\c:\flxxrll.exec:\flxxrll.exe37⤵
- Executes dropped EXE
-
\??\c:\nhnhbb.exec:\nhnhbb.exe38⤵
- Executes dropped EXE
-
\??\c:\pvjdj.exec:\pvjdj.exe39⤵
- Executes dropped EXE
-
\??\c:\fxxrlll.exec:\fxxrlll.exe40⤵
- Executes dropped EXE
-
\??\c:\btttnn.exec:\btttnn.exe41⤵
- Executes dropped EXE
-
\??\c:\nbnttb.exec:\nbnttb.exe42⤵
- Executes dropped EXE
-
\??\c:\jjjjp.exec:\jjjjp.exe43⤵
- Executes dropped EXE
-
\??\c:\lllfrfx.exec:\lllfrfx.exe44⤵
- Executes dropped EXE
-
\??\c:\bhntnn.exec:\bhntnn.exe45⤵
- Executes dropped EXE
-
\??\c:\jddvv.exec:\jddvv.exe46⤵
- Executes dropped EXE
-
\??\c:\xrxrllf.exec:\xrxrllf.exe47⤵
- Executes dropped EXE
-
\??\c:\flllrll.exec:\flllrll.exe48⤵
- Executes dropped EXE
-
\??\c:\jppjd.exec:\jppjd.exe49⤵
- Executes dropped EXE
-
\??\c:\jpvpd.exec:\jpvpd.exe50⤵
- Executes dropped EXE
-
\??\c:\3frfffx.exec:\3frfffx.exe51⤵
- Executes dropped EXE
-
\??\c:\xrllfff.exec:\xrllfff.exe52⤵
- Executes dropped EXE
-
\??\c:\htnnhh.exec:\htnnhh.exe53⤵
- Executes dropped EXE
-
\??\c:\jdvdd.exec:\jdvdd.exe54⤵
- Executes dropped EXE
-
\??\c:\rlrxrrx.exec:\rlrxrrx.exe55⤵
- Executes dropped EXE
-
\??\c:\lxlfxxr.exec:\lxlfxxr.exe56⤵
- Executes dropped EXE
-
\??\c:\tbbbtb.exec:\tbbbtb.exe57⤵
- Executes dropped EXE
-
\??\c:\9nhhtt.exec:\9nhhtt.exe58⤵
- Executes dropped EXE
-
\??\c:\jddjd.exec:\jddjd.exe59⤵
- Executes dropped EXE
-
\??\c:\lrrrfxx.exec:\lrrrfxx.exe60⤵
- Executes dropped EXE
-
\??\c:\5hhhbt.exec:\5hhhbt.exe61⤵
- Executes dropped EXE
-
\??\c:\tnbthh.exec:\tnbthh.exe62⤵
- Executes dropped EXE
-
\??\c:\jvpjv.exec:\jvpjv.exe63⤵
- Executes dropped EXE
-
\??\c:\vjdvv.exec:\vjdvv.exe64⤵
- Executes dropped EXE
-
\??\c:\1xrlxrl.exec:\1xrlxrl.exe65⤵
- Executes dropped EXE
-
\??\c:\1rffffl.exec:\1rffffl.exe66⤵
-
\??\c:\thnhtt.exec:\thnhtt.exe67⤵
-
\??\c:\btbbnt.exec:\btbbnt.exe68⤵
-
\??\c:\vpppj.exec:\vpppj.exe69⤵
-
\??\c:\rxfrllf.exec:\rxfrllf.exe70⤵
-
\??\c:\hbbtnh.exec:\hbbtnh.exe71⤵
-
\??\c:\fxxrrrr.exec:\fxxrrrr.exe72⤵
-
\??\c:\hnnhbt.exec:\hnnhbt.exe73⤵
-
\??\c:\3vjdp.exec:\3vjdp.exe74⤵
-
\??\c:\fxrrffx.exec:\fxrrffx.exe75⤵
-
\??\c:\nthbtn.exec:\nthbtn.exe76⤵
-
\??\c:\bhhbtt.exec:\bhhbtt.exe77⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe78⤵
-
\??\c:\flrlxxr.exec:\flrlxxr.exe79⤵
-
\??\c:\xflfrlf.exec:\xflfrlf.exe80⤵
-
\??\c:\bbnnht.exec:\bbnnht.exe81⤵
-
\??\c:\djpjv.exec:\djpjv.exe82⤵
-
\??\c:\llxlxlr.exec:\llxlxlr.exe83⤵
-
\??\c:\nbtnhb.exec:\nbtnhb.exe84⤵
-
\??\c:\tthhhb.exec:\tthhhb.exe85⤵
-
\??\c:\1vvpd.exec:\1vvpd.exe86⤵
-
\??\c:\xrlfrlx.exec:\xrlfrlx.exe87⤵
-
\??\c:\5xxrxxl.exec:\5xxrxxl.exe88⤵
-
\??\c:\tbnbhh.exec:\tbnbhh.exe89⤵
-
\??\c:\jddvd.exec:\jddvd.exe90⤵
-
\??\c:\dpjvd.exec:\dpjvd.exe91⤵
-
\??\c:\5rlfrlf.exec:\5rlfrlf.exe92⤵
-
\??\c:\fffxrrf.exec:\fffxrrf.exe93⤵
-
\??\c:\ttnbtn.exec:\ttnbtn.exe94⤵
-
\??\c:\htbtnn.exec:\htbtnn.exe95⤵
-
\??\c:\djjjv.exec:\djjjv.exe96⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe97⤵
-
\??\c:\rffxrxr.exec:\rffxrxr.exe98⤵
-
\??\c:\bntnhh.exec:\bntnhh.exe99⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe100⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe101⤵
-
\??\c:\fxlfxxr.exec:\fxlfxxr.exe102⤵
-
\??\c:\tbhbtt.exec:\tbhbtt.exe103⤵
-
\??\c:\vjjjv.exec:\vjjjv.exe104⤵
-
\??\c:\djpjv.exec:\djpjv.exe105⤵
-
\??\c:\rrxfffx.exec:\rrxfffx.exe106⤵
-
\??\c:\flflffx.exec:\flflffx.exe107⤵
-
\??\c:\nbhhhh.exec:\nbhhhh.exe108⤵
-
\??\c:\nbnnhh.exec:\nbnnhh.exe109⤵
-
\??\c:\dvddj.exec:\dvddj.exe110⤵
-
\??\c:\xrfxxrx.exec:\xrfxxrx.exe111⤵
-
\??\c:\5fffxxx.exec:\5fffxxx.exe112⤵
-
\??\c:\tnbbbb.exec:\tnbbbb.exe113⤵
-
\??\c:\pjppp.exec:\pjppp.exe114⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe115⤵
-
\??\c:\fxffrrr.exec:\fxffrrr.exe116⤵
-
\??\c:\hhhbhh.exec:\hhhbhh.exe117⤵
-
\??\c:\rxrlllf.exec:\rxrlllf.exe118⤵
-
\??\c:\lxxrlxr.exec:\lxxrlxr.exe119⤵
-
\??\c:\nnbtbt.exec:\nnbtbt.exe120⤵
-
\??\c:\pdvpd.exec:\pdvpd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-