Analysis
-
max time kernel
150s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
19/09/2024, 03:09
General
-
Target
ed9947e6ec9324c8b0be31a6686b13f2571b518070df11cb92c4ed308f658869.exe
-
Size
65KB
-
MD5
7bb7e715ea25c8a1a922af47cfac55e9
-
SHA1
36e7d34a40e4ec9a683a16b1ac00b79f6661a932
-
SHA256
ed9947e6ec9324c8b0be31a6686b13f2571b518070df11cb92c4ed308f658869
-
SHA512
83fdb769e79e4b20ae49d4d459ce847e5e3565b4c6ad26267a1997142238dba7526c877052f00b06b0e08e7eae7d2cfeb41cb438ad4b00e68e46bb6102a7ee2a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI9L27Bqfl9:ymb3NkkiQ3mdBjFI9cqf7
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ed9947e6ec9324c8b0be31a6686b13f2571b518070df11cb92c4ed308f658869.exe"C:\Users\Admin\AppData\Local\Temp\ed9947e6ec9324c8b0be31a6686b13f2571b518070df11cb92c4ed308f658869.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9pvjd.exec:\9pvjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1llxrll.exec:\1llxrll.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbnn.exec:\bbtbnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntnhh.exec:\tntnhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvvd.exec:\dpvvd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhhht.exec:\nbhhht.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpjd.exec:\djpjd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jpdv.exec:\7jpdv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxxlxx.exec:\fxxxlxx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhhh.exec:\nhhhhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjd.exec:\dvjjd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxlll.exec:\xrxxlll.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrrffl.exec:\rfrrffl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btthbn.exec:\btthbn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvvp.exec:\pvvvp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfllxxl.exec:\rfllxxl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbbb.exec:\tnhbbb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pjvp.exec:\3pjvp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvj.exec:\jddvj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrflrlr.exec:\xrflrlr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnnnh.exec:\bnnnnh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxxxll.exec:\fxxxxll.exe23⤵
- Executes dropped EXE
-
\??\c:\frfxxrl.exec:\frfxxrl.exe24⤵
- Executes dropped EXE
-
\??\c:\nbhhbb.exec:\nbhhbb.exe25⤵
- Executes dropped EXE
-
\??\c:\dvpjv.exec:\dvpjv.exe26⤵
- Executes dropped EXE
-
\??\c:\rrrlxff.exec:\rrrlxff.exe27⤵
- Executes dropped EXE
-
\??\c:\hthhbb.exec:\hthhbb.exe28⤵
- Executes dropped EXE
-
\??\c:\3thbbt.exec:\3thbbt.exe29⤵
- Executes dropped EXE
-
\??\c:\djpdv.exec:\djpdv.exe30⤵
- Executes dropped EXE
-
\??\c:\jvdvj.exec:\jvdvj.exe31⤵
- Executes dropped EXE
-
\??\c:\3tthbb.exec:\3tthbb.exe32⤵
- Executes dropped EXE
-
\??\c:\pddvp.exec:\pddvp.exe33⤵
- Executes dropped EXE
-
\??\c:\lfxrfff.exec:\lfxrfff.exe34⤵
- Executes dropped EXE
-
\??\c:\fxllrrx.exec:\fxllrrx.exe35⤵
- Executes dropped EXE
-
\??\c:\5tbbbb.exec:\5tbbbb.exe36⤵
- Executes dropped EXE
-
\??\c:\1bttnn.exec:\1bttnn.exe37⤵
- Executes dropped EXE
-
\??\c:\pjdvv.exec:\pjdvv.exe38⤵
- Executes dropped EXE
-
\??\c:\lflfrlx.exec:\lflfrlx.exe39⤵
- Executes dropped EXE
-
\??\c:\rflfxxr.exec:\rflfxxr.exe40⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\bthtnn.exec:\bthtnn.exe41⤵
- Executes dropped EXE
-
\??\c:\vjjdv.exec:\vjjdv.exe42⤵
- Executes dropped EXE
-
\??\c:\frxrlll.exec:\frxrlll.exe43⤵
- Executes dropped EXE
-
\??\c:\bhnhbt.exec:\bhnhbt.exe44⤵
- Executes dropped EXE
-
\??\c:\vjdvj.exec:\vjdvj.exe45⤵
- Executes dropped EXE
-
\??\c:\fxrrrrf.exec:\fxrrrrf.exe46⤵
- Executes dropped EXE
-
\??\c:\bbbbtt.exec:\bbbbtt.exe47⤵
- Executes dropped EXE
-
\??\c:\nhnnnh.exec:\nhnnnh.exe48⤵
- Executes dropped EXE
-
\??\c:\dpppd.exec:\dpppd.exe49⤵
- Executes dropped EXE
-
\??\c:\7fxrlxx.exec:\7fxrlxx.exe50⤵
- Executes dropped EXE
-
\??\c:\lxrlffx.exec:\lxrlffx.exe51⤵
- Executes dropped EXE
-
\??\c:\3nhnnh.exec:\3nhnnh.exe52⤵
- Executes dropped EXE
-
\??\c:\jjddp.exec:\jjddp.exe53⤵
- Executes dropped EXE
-
\??\c:\fxlrlll.exec:\fxlrlll.exe54⤵
- Executes dropped EXE
-
\??\c:\lrllxrl.exec:\lrllxrl.exe55⤵
- Executes dropped EXE
-
\??\c:\hhttnn.exec:\hhttnn.exe56⤵
- Executes dropped EXE
-
\??\c:\thnhbb.exec:\thnhbb.exe57⤵
- Executes dropped EXE
-
\??\c:\vdjdv.exec:\vdjdv.exe58⤵
- Executes dropped EXE
-
\??\c:\fllfxxr.exec:\fllfxxr.exe59⤵
- Executes dropped EXE
-
\??\c:\bnhbtt.exec:\bnhbtt.exe60⤵
- Executes dropped EXE
-
\??\c:\bbnhtt.exec:\bbnhtt.exe61⤵
- Executes dropped EXE
-
\??\c:\vvvpj.exec:\vvvpj.exe62⤵
- Executes dropped EXE
-
\??\c:\ffxrxxr.exec:\ffxrxxr.exe63⤵
- Executes dropped EXE
-
\??\c:\ntnhnn.exec:\ntnhnn.exe64⤵
- Executes dropped EXE
-
\??\c:\dvjjj.exec:\dvjjj.exe65⤵
- Executes dropped EXE
-
\??\c:\9frlrrr.exec:\9frlrrr.exe66⤵
-
\??\c:\hthhbb.exec:\hthhbb.exe67⤵
-
\??\c:\9tttnb.exec:\9tttnb.exe68⤵
-
\??\c:\jpvpv.exec:\jpvpv.exe69⤵
-
\??\c:\lxlfrrf.exec:\lxlfrrf.exe70⤵
-
\??\c:\rlrrlrx.exec:\rlrrlrx.exe71⤵
-
\??\c:\nhtbbn.exec:\nhtbbn.exe72⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe73⤵
-
\??\c:\dpppj.exec:\dpppj.exe74⤵
-
\??\c:\lllxlrl.exec:\lllxlrl.exe75⤵
-
\??\c:\fffrlll.exec:\fffrlll.exe76⤵
-
\??\c:\tnbbbb.exec:\tnbbbb.exe77⤵
-
\??\c:\nnnhhb.exec:\nnnhhb.exe78⤵
-
\??\c:\djpjv.exec:\djpjv.exe79⤵
-
\??\c:\5rlxlrl.exec:\5rlxlrl.exe80⤵
-
\??\c:\xlxxfff.exec:\xlxxfff.exe81⤵
-
\??\c:\ntnttn.exec:\ntnttn.exe82⤵
-
\??\c:\bbhbtt.exec:\bbhbtt.exe83⤵
-
\??\c:\jdppp.exec:\jdppp.exe84⤵
-
\??\c:\rrxrrrx.exec:\rrxrrrx.exe85⤵
-
\??\c:\ntbbtn.exec:\ntbbtn.exe86⤵
-
\??\c:\tnhbnn.exec:\tnhbnn.exe87⤵
-
\??\c:\pjvdv.exec:\pjvdv.exe88⤵
-
\??\c:\jdddv.exec:\jdddv.exe89⤵
-
\??\c:\9ffxrrf.exec:\9ffxrrf.exe90⤵
-
\??\c:\tttbhh.exec:\tttbhh.exe91⤵
-
\??\c:\jvdvd.exec:\jvdvd.exe92⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe93⤵
-
\??\c:\rlllxxf.exec:\rlllxxf.exe94⤵
-
\??\c:\rlrxxfr.exec:\rlrxxfr.exe95⤵
-
\??\c:\bbbhbb.exec:\bbbhbb.exe96⤵
-
\??\c:\7pjdv.exec:\7pjdv.exe97⤵
-
\??\c:\jvvvj.exec:\jvvvj.exe98⤵
-
\??\c:\xxllllf.exec:\xxllllf.exe99⤵
-
\??\c:\3nbbbb.exec:\3nbbbb.exe100⤵
-
\??\c:\tbnhtt.exec:\tbnhtt.exe101⤵
-
\??\c:\3dppj.exec:\3dppj.exe102⤵
-
\??\c:\lxfxrxr.exec:\lxfxrxr.exe103⤵
-
\??\c:\hnhhbb.exec:\hnhhbb.exe104⤵
-
\??\c:\bbnnhn.exec:\bbnnhn.exe105⤵
-
\??\c:\ppdvp.exec:\ppdvp.exe106⤵
-
\??\c:\xlfrrlr.exec:\xlfrrlr.exe107⤵
-
\??\c:\lxffffx.exec:\lxffffx.exe108⤵
-
\??\c:\5dvdv.exec:\5dvdv.exe109⤵
- System Location Discovery: System Language Discovery
-
\??\c:\1vpjd.exec:\1vpjd.exe110⤵
-
\??\c:\xlrlxfx.exec:\xlrlxfx.exe111⤵
-
\??\c:\rlllffx.exec:\rlllffx.exe112⤵
-
\??\c:\bbhbnt.exec:\bbhbnt.exe113⤵
-
\??\c:\vpdvd.exec:\vpdvd.exe114⤵
-
\??\c:\rllfxlf.exec:\rllfxlf.exe115⤵
-
\??\c:\rrllxxf.exec:\rrllxxf.exe116⤵
-
\??\c:\bnnnhh.exec:\bnnnhh.exe117⤵
-
\??\c:\pppvp.exec:\pppvp.exe118⤵
-
\??\c:\lxxrrrl.exec:\lxxrrrl.exe119⤵
-
\??\c:\llffxxx.exec:\llffxxx.exe120⤵
-
\??\c:\bhhhbb.exec:\bhhhbb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-