Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
19/09/2024, 16:59
General
-
Target
ccf3ce12f4536a6c7f818c8800ccb334f859ce737d2d7e12af1a3b34c3aca81cN.exe
-
Size
71KB
-
MD5
bce7b4173095aa26c22b6b7a4e5bf640
-
SHA1
9da5826a23f13ae2aaf22d19a55276efcb5b366a
-
SHA256
ccf3ce12f4536a6c7f818c8800ccb334f859ce737d2d7e12af1a3b34c3aca81c
-
SHA512
2263bb2a9e4c4d36f77dc14b6c5696eb98982cbbdeb963fc6ee2a9a7bfc11c595d1e675cffdadfda37f8f5089698894ad3b3b46ed657fba0c69723e0644293fd
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUPqrDZ5RxfVK5DIp:ymb3NkkiQ3mdBjF0yUmrfVce
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ccf3ce12f4536a6c7f818c8800ccb334f859ce737d2d7e12af1a3b34c3aca81cN.exe"C:\Users\Admin\AppData\Local\Temp\ccf3ce12f4536a6c7f818c8800ccb334f859ce737d2d7e12af1a3b34c3aca81cN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlfxx.exec:\xrrlfxx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnhbt.exec:\tbnhbt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jjdd.exec:\1jjdd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrlll.exec:\fxxrlll.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxffffx.exec:\fxffffx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nbtnn.exec:\3nbtnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntthh.exec:\nntthh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpjj.exec:\vvpjj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlllrfx.exec:\xlllrfx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhnnh.exec:\nnhnnh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dppp.exec:\3dppp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbbtt.exec:\nnbbtt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvpp.exec:\pdvpp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrfxxx.exec:\xrrfxxx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hbttt.exec:\5hbttt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntttt.exec:\nntttt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vvpj.exec:\1vvpj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfffrr.exec:\lxfffrr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnhhb.exec:\ntnhhb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djppd.exec:\djppd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djppj.exec:\djppj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlfxxr.exec:\lrlfxxr.exe23⤵
- Executes dropped EXE
-
\??\c:\thtnhh.exec:\thtnhh.exe24⤵
- Executes dropped EXE
-
\??\c:\vpvpj.exec:\vpvpj.exe25⤵
- Executes dropped EXE
-
\??\c:\vpvvd.exec:\vpvvd.exe26⤵
- Executes dropped EXE
-
\??\c:\dvppj.exec:\dvppj.exe27⤵
- Executes dropped EXE
-
\??\c:\fffxrlr.exec:\fffxrlr.exe28⤵
- Executes dropped EXE
-
\??\c:\nbbbbb.exec:\nbbbbb.exe29⤵
- Executes dropped EXE
-
\??\c:\5vjpv.exec:\5vjpv.exe30⤵
- Executes dropped EXE
-
\??\c:\hbbtht.exec:\hbbtht.exe31⤵
- Executes dropped EXE
-
\??\c:\bbtbtb.exec:\bbtbtb.exe32⤵
- Executes dropped EXE
-
\??\c:\ddjvp.exec:\ddjvp.exe33⤵
- Executes dropped EXE
-
\??\c:\llrffff.exec:\llrffff.exe34⤵
- Executes dropped EXE
-
\??\c:\bttttt.exec:\bttttt.exe35⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe36⤵
- Executes dropped EXE
-
\??\c:\3rlffff.exec:\3rlffff.exe37⤵
- Executes dropped EXE
-
\??\c:\djvpj.exec:\djvpj.exe38⤵
- Executes dropped EXE
-
\??\c:\9flrrrl.exec:\9flrrrl.exe39⤵
- Executes dropped EXE
-
\??\c:\xrxrrxx.exec:\xrxrrxx.exe40⤵
- Executes dropped EXE
-
\??\c:\xfrrllr.exec:\xfrrllr.exe41⤵
- Executes dropped EXE
-
\??\c:\bhhhhh.exec:\bhhhhh.exe42⤵
- Executes dropped EXE
-
\??\c:\dppjd.exec:\dppjd.exe43⤵
- Executes dropped EXE
-
\??\c:\vpdvd.exec:\vpdvd.exe44⤵
- Executes dropped EXE
-
\??\c:\tnhhbh.exec:\tnhhbh.exe45⤵
- Executes dropped EXE
-
\??\c:\tthbtt.exec:\tthbtt.exe46⤵
- Executes dropped EXE
-
\??\c:\jppjd.exec:\jppjd.exe47⤵
- Executes dropped EXE
-
\??\c:\xrrlffx.exec:\xrrlffx.exe48⤵
- Executes dropped EXE
-
\??\c:\bhtthh.exec:\bhtthh.exe49⤵
- Executes dropped EXE
-
\??\c:\ntbnhh.exec:\ntbnhh.exe50⤵
- Executes dropped EXE
-
\??\c:\1ddpj.exec:\1ddpj.exe51⤵
- Executes dropped EXE
-
\??\c:\dvvdv.exec:\dvvdv.exe52⤵
- Executes dropped EXE
-
\??\c:\fxllrxx.exec:\fxllrxx.exe53⤵
- Executes dropped EXE
-
\??\c:\3lrxffr.exec:\3lrxffr.exe54⤵
- Executes dropped EXE
-
\??\c:\hhnhnn.exec:\hhnhnn.exe55⤵
- Executes dropped EXE
-
\??\c:\vpvdv.exec:\vpvdv.exe56⤵
- Executes dropped EXE
-
\??\c:\pjpjp.exec:\pjpjp.exe57⤵
- Executes dropped EXE
-
\??\c:\xrxrlrr.exec:\xrxrlrr.exe58⤵
- Executes dropped EXE
-
\??\c:\rrxxfff.exec:\rrxxfff.exe59⤵
- Executes dropped EXE
-
\??\c:\bhnbhn.exec:\bhnbhn.exe60⤵
- Executes dropped EXE
-
\??\c:\pppjd.exec:\pppjd.exe61⤵
- Executes dropped EXE
-
\??\c:\vppvp.exec:\vppvp.exe62⤵
- Executes dropped EXE
-
\??\c:\frlfxxx.exec:\frlfxxx.exe63⤵
- Executes dropped EXE
-
\??\c:\tnnhnn.exec:\tnnhnn.exe64⤵
- Executes dropped EXE
-
\??\c:\vpjvv.exec:\vpjvv.exe65⤵
- Executes dropped EXE
-
\??\c:\dpvvj.exec:\dpvvj.exe66⤵
-
\??\c:\lrrrffx.exec:\lrrrffx.exe67⤵
-
\??\c:\bnnhtt.exec:\bnnhtt.exe68⤵
-
\??\c:\djdvj.exec:\djdvj.exe69⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe70⤵
-
\??\c:\7rrrlff.exec:\7rrrlff.exe71⤵
-
\??\c:\lfllrrf.exec:\lfllrrf.exe72⤵
-
\??\c:\9btthh.exec:\9btthh.exe73⤵
-
\??\c:\9bnbtn.exec:\9bnbtn.exe74⤵
-
\??\c:\jddvv.exec:\jddvv.exe75⤵
-
\??\c:\9rfxfff.exec:\9rfxfff.exe76⤵
-
\??\c:\7llfxxx.exec:\7llfxxx.exe77⤵
-
\??\c:\9hnnhh.exec:\9hnnhh.exe78⤵
-
\??\c:\nhbthb.exec:\nhbthb.exe79⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe80⤵
-
\??\c:\rlrlxrf.exec:\rlrlxrf.exe81⤵
-
\??\c:\3fxfxxr.exec:\3fxfxxr.exe82⤵
-
\??\c:\nhhnbn.exec:\nhhnbn.exe83⤵
-
\??\c:\3nhtnn.exec:\3nhtnn.exe84⤵
-
\??\c:\vjpjv.exec:\vjpjv.exe85⤵
-
\??\c:\lrlxrll.exec:\lrlxrll.exe86⤵
-
\??\c:\rffrllf.exec:\rffrllf.exe87⤵
-
\??\c:\xffxllx.exec:\xffxllx.exe88⤵
-
\??\c:\nhttnt.exec:\nhttnt.exe89⤵
-
\??\c:\tbbhbb.exec:\tbbhbb.exe90⤵
-
\??\c:\3ddvp.exec:\3ddvp.exe91⤵
-
\??\c:\ffflxrl.exec:\ffflxrl.exe92⤵
-
\??\c:\bhnhbb.exec:\bhnhbb.exe93⤵
-
\??\c:\tntbnt.exec:\tntbnt.exe94⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe95⤵
-
\??\c:\vddjd.exec:\vddjd.exe96⤵
-
\??\c:\lxlllfx.exec:\lxlllfx.exe97⤵
-
\??\c:\rrxxffl.exec:\rrxxffl.exe98⤵
-
\??\c:\tnbhtn.exec:\tnbhtn.exe99⤵
-
\??\c:\djjdp.exec:\djjdp.exe100⤵
-
\??\c:\rflrllf.exec:\rflrllf.exe101⤵
-
\??\c:\fxlfffl.exec:\fxlfffl.exe102⤵
-
\??\c:\bnbnhn.exec:\bnbnhn.exe103⤵
-
\??\c:\3jpdv.exec:\3jpdv.exe104⤵
-
\??\c:\pvvdj.exec:\pvvdj.exe105⤵
-
\??\c:\rfrfffx.exec:\rfrfffx.exe106⤵
-
\??\c:\ffxxllf.exec:\ffxxllf.exe107⤵
-
\??\c:\bnntnt.exec:\bnntnt.exe108⤵
-
\??\c:\7ddvj.exec:\7ddvj.exe109⤵
-
\??\c:\1ddpj.exec:\1ddpj.exe110⤵
-
\??\c:\dvppv.exec:\dvppv.exe111⤵
-
\??\c:\llllffr.exec:\llllffr.exe112⤵
-
\??\c:\bhtnhb.exec:\bhtnhb.exe113⤵
-
\??\c:\nbbtnn.exec:\nbbtnn.exe114⤵
-
\??\c:\xrxlrlr.exec:\xrxlrlr.exe115⤵
-
\??\c:\rfxxrrl.exec:\rfxxrrl.exe116⤵
-
\??\c:\tnnbtn.exec:\tnnbtn.exe117⤵
-
\??\c:\hnnbbb.exec:\hnnbbb.exe118⤵
-
\??\c:\7dpjd.exec:\7dpjd.exe119⤵
-
\??\c:\pjjvj.exec:\pjjvj.exe120⤵
-
\??\c:\9xxlfxl.exec:\9xxlfxl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-