Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
19-09-2024 06:08
General
-
Target
85a4a9178d988070f38d67bd4fd990e7432fc6dc261436c4b467a530df41a12eN.exe
-
Size
64KB
-
MD5
51ce8c0199e3cee240748ccaaa1af470
-
SHA1
1bad9e71a2e4aab4368f352568540c0b7706fe66
-
SHA256
85a4a9178d988070f38d67bd4fd990e7432fc6dc261436c4b467a530df41a12e
-
SHA512
445c2454e77cdb70e5a816d199ed0f7f7085238666442e4c0a27c90b519f730adda046c7f64be99999c5725fc1769323b942178d742478e971644fff710e3ba3
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI9L27U:ymb3NkkiQ3mdBjFI9l
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\85a4a9178d988070f38d67bd4fd990e7432fc6dc261436c4b467a530df41a12eN.exe"C:\Users\Admin\AppData\Local\Temp\85a4a9178d988070f38d67bd4fd990e7432fc6dc261436c4b467a530df41a12eN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7flfllr.exec:\7flfllr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flflxrf.exec:\flflxrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbbt.exec:\nhhbbt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnnnn.exec:\tnnnnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppjd.exec:\jppjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvpp.exec:\jjvpp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llffrff.exec:\llffrff.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1frfrlx.exec:\1frfrlx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pppp.exec:\9pppp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjdd.exec:\ddjdd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xfxxxf.exec:\7xfxxxf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3frrlll.exec:\3frrlll.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnnnn.exec:\ntnnnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjj.exec:\vppjj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxllrrx.exec:\fxllrrx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nnhhh.exec:\9nnhhh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntnnn.exec:\hntnnn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpjj.exec:\vdpjj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrrxx.exec:\xrrrrxx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhbh.exec:\nhhhbh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnttbb.exec:\nnttbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvj.exec:\jdpvj.exe23⤵
- Executes dropped EXE
-
\??\c:\dvdvp.exec:\dvdvp.exe24⤵
- Executes dropped EXE
-
\??\c:\rxrrlll.exec:\rxrrlll.exe25⤵
- Executes dropped EXE
-
\??\c:\hbtbtt.exec:\hbtbtt.exe26⤵
- Executes dropped EXE
-
\??\c:\pjdvp.exec:\pjdvp.exe27⤵
- Executes dropped EXE
-
\??\c:\xlrxlff.exec:\xlrxlff.exe28⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\jjvpj.exec:\jjvpj.exe29⤵
- Executes dropped EXE
-
\??\c:\hbttth.exec:\hbttth.exe30⤵
- Executes dropped EXE
-
\??\c:\pjppv.exec:\pjppv.exe31⤵
- Executes dropped EXE
-
\??\c:\fxfxfll.exec:\fxfxfll.exe32⤵
- Executes dropped EXE
-
\??\c:\thttnb.exec:\thttnb.exe33⤵
- Executes dropped EXE
-
\??\c:\thbhbn.exec:\thbhbn.exe34⤵
- Executes dropped EXE
-
\??\c:\3jvpp.exec:\3jvpp.exe35⤵
- Executes dropped EXE
-
\??\c:\rfxrlrr.exec:\rfxrlrr.exe36⤵
- Executes dropped EXE
-
\??\c:\ffffxxr.exec:\ffffxxr.exe37⤵
- Executes dropped EXE
-
\??\c:\5hbbtb.exec:\5hbbtb.exe38⤵
- Executes dropped EXE
-
\??\c:\bntbbn.exec:\bntbbn.exe39⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe40⤵
- Executes dropped EXE
-
\??\c:\1xflxff.exec:\1xflxff.exe41⤵
- Executes dropped EXE
-
\??\c:\btbbhh.exec:\btbbhh.exe42⤵
- Executes dropped EXE
-
\??\c:\1vdvp.exec:\1vdvp.exe43⤵
- Executes dropped EXE
-
\??\c:\pdvdp.exec:\pdvdp.exe44⤵
- Executes dropped EXE
-
\??\c:\jvpjd.exec:\jvpjd.exe45⤵
- Executes dropped EXE
-
\??\c:\xrxrrfx.exec:\xrxrrfx.exe46⤵
- Executes dropped EXE
-
\??\c:\rfrxrxr.exec:\rfrxrxr.exe47⤵
- Executes dropped EXE
-
\??\c:\pdpjj.exec:\pdpjj.exe48⤵
- Executes dropped EXE
-
\??\c:\lfllfxr.exec:\lfllfxr.exe49⤵
- Executes dropped EXE
-
\??\c:\rlrllll.exec:\rlrllll.exe50⤵
- Executes dropped EXE
-
\??\c:\hnbtnn.exec:\hnbtnn.exe51⤵
- Executes dropped EXE
-
\??\c:\jjpjd.exec:\jjpjd.exe52⤵
- Executes dropped EXE
-
\??\c:\lfrfrll.exec:\lfrfrll.exe53⤵
- Executes dropped EXE
-
\??\c:\5lffxff.exec:\5lffxff.exe54⤵
- Executes dropped EXE
-
\??\c:\djvpp.exec:\djvpp.exe55⤵
- Executes dropped EXE
-
\??\c:\ffflfxx.exec:\ffflfxx.exe56⤵
- Executes dropped EXE
-
\??\c:\tnbbtt.exec:\tnbbtt.exe57⤵
- Executes dropped EXE
-
\??\c:\hhhbtt.exec:\hhhbtt.exe58⤵
- Executes dropped EXE
-
\??\c:\7jpjj.exec:\7jpjj.exe59⤵
- Executes dropped EXE
-
\??\c:\rlrlffx.exec:\rlrlffx.exe60⤵
- Executes dropped EXE
-
\??\c:\bhnnbt.exec:\bhnnbt.exe61⤵
- Executes dropped EXE
-
\??\c:\dpvvj.exec:\dpvvj.exe62⤵
- Executes dropped EXE
-
\??\c:\jvpjv.exec:\jvpjv.exe63⤵
- Executes dropped EXE
-
\??\c:\fxfrrrx.exec:\fxfrrrx.exe64⤵
- Executes dropped EXE
-
\??\c:\bhnhnh.exec:\bhnhnh.exe65⤵
- Executes dropped EXE
-
\??\c:\ttbbtn.exec:\ttbbtn.exe66⤵
-
\??\c:\pjjpd.exec:\pjjpd.exe67⤵
-
\??\c:\xrrlflf.exec:\xrrlflf.exe68⤵
-
\??\c:\xrxlrll.exec:\xrxlrll.exe69⤵
-
\??\c:\nhbtnn.exec:\nhbtnn.exe70⤵
-
\??\c:\lfffxxx.exec:\lfffxxx.exe71⤵
-
\??\c:\tnhtnn.exec:\tnhtnn.exe72⤵
- System Location Discovery: System Language Discovery
-
\??\c:\btbbtt.exec:\btbbtt.exe73⤵
-
\??\c:\ddvvv.exec:\ddvvv.exe74⤵
-
\??\c:\fxrlfxx.exec:\fxrlfxx.exe75⤵
-
\??\c:\9lfxrrl.exec:\9lfxrrl.exe76⤵
-
\??\c:\nhbtnh.exec:\nhbtnh.exe77⤵
-
\??\c:\hbnntb.exec:\hbnntb.exe78⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe79⤵
-
\??\c:\rllfrrl.exec:\rllfrrl.exe80⤵
-
\??\c:\lffxlfx.exec:\lffxlfx.exe81⤵
-
\??\c:\tbnhbb.exec:\tbnhbb.exe82⤵
-
\??\c:\7ddvp.exec:\7ddvp.exe83⤵
-
\??\c:\1jdvj.exec:\1jdvj.exe84⤵
-
\??\c:\rlfxrrr.exec:\rlfxrrr.exe85⤵
-
\??\c:\7btnnh.exec:\7btnnh.exe86⤵
-
\??\c:\pjpjv.exec:\pjpjv.exe87⤵
-
\??\c:\vppjv.exec:\vppjv.exe88⤵
-
\??\c:\rfrlxxx.exec:\rfrlxxx.exe89⤵
-
\??\c:\rxxlxrf.exec:\rxxlxrf.exe90⤵
-
\??\c:\bnnhhb.exec:\bnnhhb.exe91⤵
-
\??\c:\5thbnn.exec:\5thbnn.exe92⤵
-
\??\c:\3djjv.exec:\3djjv.exe93⤵
-
\??\c:\rxxrffx.exec:\rxxrffx.exe94⤵
-
\??\c:\rffxrrr.exec:\rffxrrr.exe95⤵
-
\??\c:\hhhbnh.exec:\hhhbnh.exe96⤵
-
\??\c:\bbbnbb.exec:\bbbnbb.exe97⤵
-
\??\c:\jpvjd.exec:\jpvjd.exe98⤵
-
\??\c:\1xfxrxx.exec:\1xfxrxx.exe99⤵
-
\??\c:\htbttn.exec:\htbttn.exe100⤵
-
\??\c:\tbhbbh.exec:\tbhbbh.exe101⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe102⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe103⤵
-
\??\c:\rlfxlrl.exec:\rlfxlrl.exe104⤵
-
\??\c:\7xflfff.exec:\7xflfff.exe105⤵
-
\??\c:\9ttnnb.exec:\9ttnnb.exe106⤵
-
\??\c:\5jjdp.exec:\5jjdp.exe107⤵
-
\??\c:\7pvpd.exec:\7pvpd.exe108⤵
-
\??\c:\1flfrfx.exec:\1flfrfx.exe109⤵
-
\??\c:\tttbth.exec:\tttbth.exe110⤵
-
\??\c:\bnhbtn.exec:\bnhbtn.exe111⤵
-
\??\c:\vvjvd.exec:\vvjvd.exe112⤵
-
\??\c:\ddvpv.exec:\ddvpv.exe113⤵
-
\??\c:\lxllfxr.exec:\lxllfxr.exe114⤵
-
\??\c:\1flfxrf.exec:\1flfxrf.exe115⤵
-
\??\c:\rlfrlfx.exec:\rlfrlfx.exe116⤵
-
\??\c:\nntttb.exec:\nntttb.exe117⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe118⤵
-
\??\c:\lffxrlx.exec:\lffxrlx.exe119⤵
-
\??\c:\tntbbh.exec:\tntbbh.exe120⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-