Analysis
-
max time kernel
120s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
19-09-2024 06:38
General
-
Target
420ee04e303d000e1ea91aa9790aac6bef2e96ec7c6375d212f34cc7b4e57809N.exe
-
Size
58KB
-
MD5
67848d081fcd57a681130b7fc7895c40
-
SHA1
078724efa39319e70427adad39056f59b61396de
-
SHA256
420ee04e303d000e1ea91aa9790aac6bef2e96ec7c6375d212f34cc7b4e57809
-
SHA512
a8a285015904318a13a70298509cab798f79abe9d3d3649e2c9e2ca10cf5416615b2d37201bf018f7052931f2c175cfb8bc2f9bcbdfff9bc204ba89d86ab8ff7
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIfv781:ymb3NkkiQ3mdBjFIfvY1
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 37 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\420ee04e303d000e1ea91aa9790aac6bef2e96ec7c6375d212f34cc7b4e57809N.exe"C:\Users\Admin\AppData\Local\Temp\420ee04e303d000e1ea91aa9790aac6bef2e96ec7c6375d212f34cc7b4e57809N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxllfx.exec:\lxxllfx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7htnhb.exec:\7htnhb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjp.exec:\ppjjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvp.exec:\vpdvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffrrrl.exec:\lffrrrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hhhbb.exec:\7hhhbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pdvj.exec:\3pdvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfxrrl.exec:\frfxrrl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhhtt.exec:\hhhhtt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ppjv.exec:\5ppjv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3fxrlfx.exec:\3fxrlfx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbtbhh.exec:\tbtbhh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hntnt.exec:\7hntnt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrrll.exec:\xrrrrll.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlxxxx.exec:\rxlxxxx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbnnb.exec:\htbnnb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxllxl.exec:\lxxllxl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnnnn.exec:\hbnnnn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddv.exec:\vvddv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pvjv.exec:\5pvjv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfxxxf.exec:\rrfxxxf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlfxr.exec:\fxrlfxr.exe23⤵
- Executes dropped EXE
-
\??\c:\vvjpv.exec:\vvjpv.exe24⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe25⤵
- Executes dropped EXE
-
\??\c:\lrxrxrr.exec:\lrxrxrr.exe26⤵
- Executes dropped EXE
-
\??\c:\tthbnn.exec:\tthbnn.exe27⤵
- Executes dropped EXE
-
\??\c:\hnnnnb.exec:\hnnnnb.exe28⤵
- Executes dropped EXE
-
\??\c:\7jppd.exec:\7jppd.exe29⤵
- Executes dropped EXE
-
\??\c:\lfxrllf.exec:\lfxrllf.exe30⤵
- Executes dropped EXE
-
\??\c:\lrxxflr.exec:\lrxxflr.exe31⤵
- Executes dropped EXE
-
\??\c:\ttnhbt.exec:\ttnhbt.exe32⤵
- Executes dropped EXE
-
\??\c:\7dvpj.exec:\7dvpj.exe33⤵
- Executes dropped EXE
-
\??\c:\djvdv.exec:\djvdv.exe34⤵
- Executes dropped EXE
-
\??\c:\flxrllf.exec:\flxrllf.exe35⤵
- Executes dropped EXE
-
\??\c:\xfflrfl.exec:\xfflrfl.exe36⤵
- Executes dropped EXE
-
\??\c:\hbnhbn.exec:\hbnhbn.exe37⤵
- Executes dropped EXE
-
\??\c:\vpvvp.exec:\vpvvp.exe38⤵
- Executes dropped EXE
-
\??\c:\pjjdp.exec:\pjjdp.exe39⤵
- Executes dropped EXE
-
\??\c:\9rrxrll.exec:\9rrxrll.exe40⤵
- Executes dropped EXE
-
\??\c:\3xxxxrr.exec:\3xxxxrr.exe41⤵
- Executes dropped EXE
-
\??\c:\vvdvj.exec:\vvdvj.exe42⤵
- Executes dropped EXE
-
\??\c:\flrfxxx.exec:\flrfxxx.exe43⤵
- Executes dropped EXE
-
\??\c:\hbnntt.exec:\hbnntt.exe44⤵
-
\??\c:\vpppd.exec:\vpppd.exe45⤵
- Executes dropped EXE
-
\??\c:\9jpjv.exec:\9jpjv.exe46⤵
- Executes dropped EXE
-
\??\c:\frfxllf.exec:\frfxllf.exe47⤵
- Executes dropped EXE
-
\??\c:\rrlxlll.exec:\rrlxlll.exe48⤵
- Executes dropped EXE
-
\??\c:\btbhhb.exec:\btbhhb.exe49⤵
- Executes dropped EXE
-
\??\c:\djppv.exec:\djppv.exe50⤵
- Executes dropped EXE
-
\??\c:\1vpjv.exec:\1vpjv.exe51⤵
- Executes dropped EXE
-
\??\c:\jpddp.exec:\jpddp.exe52⤵
- Executes dropped EXE
-
\??\c:\llfxrxr.exec:\llfxrxr.exe53⤵
- Executes dropped EXE
-
\??\c:\bnbhnb.exec:\bnbhnb.exe54⤵
- Executes dropped EXE
-
\??\c:\1djdd.exec:\1djdd.exe55⤵
- Executes dropped EXE
-
\??\c:\1pvpd.exec:\1pvpd.exe56⤵
- Executes dropped EXE
-
\??\c:\rfxxrlf.exec:\rfxxrlf.exe57⤵
- Executes dropped EXE
-
\??\c:\rrxfrxx.exec:\rrxfrxx.exe58⤵
- Executes dropped EXE
-
\??\c:\tnhbbt.exec:\tnhbbt.exe59⤵
- Executes dropped EXE
-
\??\c:\3bnhbb.exec:\3bnhbb.exe60⤵
- Executes dropped EXE
-
\??\c:\vppvv.exec:\vppvv.exe61⤵
- Executes dropped EXE
-
\??\c:\3llfxrl.exec:\3llfxrl.exe62⤵
- Executes dropped EXE
-
\??\c:\fxxxxxf.exec:\fxxxxxf.exe63⤵
- Executes dropped EXE
-
\??\c:\lrlrxfr.exec:\lrlrxfr.exe64⤵
- Executes dropped EXE
-
\??\c:\9btnnh.exec:\9btnnh.exe65⤵
- Executes dropped EXE
-
\??\c:\tnbnnn.exec:\tnbnnn.exe66⤵
- Executes dropped EXE
-
\??\c:\vvpjj.exec:\vvpjj.exe67⤵
-
\??\c:\lrrrllf.exec:\lrrrllf.exe68⤵
-
\??\c:\lxflffx.exec:\lxflffx.exe69⤵
-
\??\c:\5bbttt.exec:\5bbttt.exe70⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe71⤵
-
\??\c:\jjjvd.exec:\jjjvd.exe72⤵
-
\??\c:\9xxlffx.exec:\9xxlffx.exe73⤵
-
\??\c:\lrrfxlf.exec:\lrrfxlf.exe74⤵
-
\??\c:\nbbhbt.exec:\nbbhbt.exe75⤵
-
\??\c:\pddvj.exec:\pddvj.exe76⤵
-
\??\c:\3djjj.exec:\3djjj.exe77⤵
-
\??\c:\bnhbnh.exec:\bnhbnh.exe78⤵
-
\??\c:\vvpvp.exec:\vvpvp.exe79⤵
-
\??\c:\rrffffl.exec:\rrffffl.exe80⤵
-
\??\c:\lflfllr.exec:\lflfllr.exe81⤵
-
\??\c:\btttnn.exec:\btttnn.exe82⤵
-
\??\c:\vjdvv.exec:\vjdvv.exe83⤵
-
\??\c:\jvpjd.exec:\jvpjd.exe84⤵
-
\??\c:\lrrlfxr.exec:\lrrlfxr.exe85⤵
-
\??\c:\ttbtth.exec:\ttbtth.exe86⤵
-
\??\c:\nhhbbb.exec:\nhhbbb.exe87⤵
-
\??\c:\jvvvp.exec:\jvvvp.exe88⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe89⤵
-
\??\c:\ffxlfxl.exec:\ffxlfxl.exe90⤵
-
\??\c:\llfxrrf.exec:\llfxrrf.exe91⤵
-
\??\c:\bnnhbt.exec:\bnnhbt.exe92⤵
-
\??\c:\htbhbb.exec:\htbhbb.exe93⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe94⤵
-
\??\c:\rfrfflr.exec:\rfrfflr.exe95⤵
-
\??\c:\btnhnt.exec:\btnhnt.exe96⤵
-
\??\c:\tnhthh.exec:\tnhthh.exe97⤵
-
\??\c:\ddjvj.exec:\ddjvj.exe98⤵
-
\??\c:\5djjv.exec:\5djjv.exe99⤵
-
\??\c:\9rlffxr.exec:\9rlffxr.exe100⤵
-
\??\c:\7rrlffx.exec:\7rrlffx.exe101⤵
-
\??\c:\nhtnnn.exec:\nhtnnn.exe102⤵
-
\??\c:\bttntt.exec:\bttntt.exe103⤵
-
\??\c:\ddvpd.exec:\ddvpd.exe104⤵
-
\??\c:\fllrfxl.exec:\fllrfxl.exe105⤵
-
\??\c:\1hbbtn.exec:\1hbbtn.exe106⤵
-
\??\c:\7nbnhn.exec:\7nbnhn.exe107⤵
-
\??\c:\1pddv.exec:\1pddv.exe108⤵
-
\??\c:\1ddvj.exec:\1ddvj.exe109⤵
-
\??\c:\xlfxlfx.exec:\xlfxlfx.exe110⤵
-
\??\c:\7flllfr.exec:\7flllfr.exe111⤵
-
\??\c:\hbtbbn.exec:\hbtbbn.exe112⤵
-
\??\c:\1vvvv.exec:\1vvvv.exe113⤵
-
\??\c:\vdjdp.exec:\vdjdp.exe114⤵
-
\??\c:\frlrlff.exec:\frlrlff.exe115⤵
-
\??\c:\bbbnbn.exec:\bbbnbn.exe116⤵
-
\??\c:\5tbbnn.exec:\5tbbnn.exe117⤵
-
\??\c:\vddjj.exec:\vddjj.exe118⤵
-
\??\c:\lfxxrff.exec:\lfxxrff.exe119⤵
-
\??\c:\nhnnhh.exec:\nhnnhh.exe120⤵
-
\??\c:\nnbthh.exec:\nnbthh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-