Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
21/09/2024, 06:15
General
-
Target
d5b5b772ac88a4bc6a6b5a564e714bebd76f758e0bae2853695f5e63c219ded9N.exe
-
Size
114KB
-
MD5
afa8d4eed3c6d08a7965b2c5831f8800
-
SHA1
73b7a3abe76b1b6d2331cea87c9f66f18d5b3bd2
-
SHA256
d5b5b772ac88a4bc6a6b5a564e714bebd76f758e0bae2853695f5e63c219ded9
-
SHA512
91505cd5157738cfe6150cc0579c3a0ab654c3fafd4b2b4063c3d7513af3f94685aa5592910e62831e726a1eb4f73606156cbbe7acaae67fcadd1b60c7f53328
-
SSDEEP
3072:ymb3NkkiQ3mdBjFWXkj7afowpDyJo1ZFtq:n3C9BRW0j/wtyJQq
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d5b5b772ac88a4bc6a6b5a564e714bebd76f758e0bae2853695f5e63c219ded9N.exe"C:\Users\Admin\AppData\Local\Temp\d5b5b772ac88a4bc6a6b5a564e714bebd76f758e0bae2853695f5e63c219ded9N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxffl.exec:\xrxxffl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bhnnh.exec:\7bhnnh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddd.exec:\dvddd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxxfxf.exec:\lrxxfxf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxxrrl.exec:\lxxxrrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhhnt.exec:\bbhhnt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrlfr.exec:\fxxrlfr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ntnth.exec:\9ntnth.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdd.exec:\pjjdd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pjdv.exec:\5pjdv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffxfxf.exec:\fffxfxf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bhhhn.exec:\5bhhhn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvp.exec:\dvdvp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfrrf.exec:\rllfrrf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflllff.exec:\xflllff.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bhhhh.exec:\9bhhhh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddvv.exec:\pddvv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlffx.exec:\fxrlffx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbbbh.exec:\htbbbh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddv.exec:\vvddv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxxrrr.exec:\fxxxrrr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbtnt.exec:\hbbtnt.exe23⤵
- Executes dropped EXE
-
\??\c:\1dpjj.exec:\1dpjj.exe24⤵
- Executes dropped EXE
-
\??\c:\frxrllf.exec:\frxrllf.exe25⤵
- Executes dropped EXE
-
\??\c:\3hhbbb.exec:\3hhbbb.exe26⤵
- Executes dropped EXE
-
\??\c:\hbbtbb.exec:\hbbtbb.exe27⤵
- Executes dropped EXE
-
\??\c:\djppj.exec:\djppj.exe28⤵
- Executes dropped EXE
-
\??\c:\7vvpp.exec:\7vvpp.exe29⤵
- Executes dropped EXE
-
\??\c:\5flfffl.exec:\5flfffl.exe30⤵
- Executes dropped EXE
-
\??\c:\vjvdv.exec:\vjvdv.exe31⤵
- Executes dropped EXE
-
\??\c:\dvvjd.exec:\dvvjd.exe32⤵
- Executes dropped EXE
-
\??\c:\htbtbb.exec:\htbtbb.exe33⤵
- Executes dropped EXE
-
\??\c:\9bhhbb.exec:\9bhhbb.exe34⤵
- Executes dropped EXE
-
\??\c:\jpvjd.exec:\jpvjd.exe35⤵
- Executes dropped EXE
-
\??\c:\xlrffff.exec:\xlrffff.exe36⤵
- Executes dropped EXE
-
\??\c:\bbttnb.exec:\bbttnb.exe37⤵
- Executes dropped EXE
-
\??\c:\jpvvd.exec:\jpvvd.exe38⤵
- Executes dropped EXE
-
\??\c:\xlrrffx.exec:\xlrrffx.exe39⤵
- Executes dropped EXE
-
\??\c:\nnthbt.exec:\nnthbt.exe40⤵
- Executes dropped EXE
-
\??\c:\dvvdv.exec:\dvvdv.exe41⤵
- Executes dropped EXE
-
\??\c:\xlfffxf.exec:\xlfffxf.exe42⤵
- Executes dropped EXE
-
\??\c:\tnttnb.exec:\tnttnb.exe43⤵
- Executes dropped EXE
-
\??\c:\dvjjv.exec:\dvjjv.exe44⤵
- Executes dropped EXE
-
\??\c:\1frfxrl.exec:\1frfxrl.exe45⤵
- Executes dropped EXE
-
\??\c:\5ntttb.exec:\5ntttb.exe46⤵
- Executes dropped EXE
-
\??\c:\lxfxxxr.exec:\lxfxxxr.exe47⤵
- Executes dropped EXE
-
\??\c:\bnbbbt.exec:\bnbbbt.exe48⤵
- Executes dropped EXE
-
\??\c:\djpjj.exec:\djpjj.exe49⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe50⤵
- Executes dropped EXE
-
\??\c:\xxfxffl.exec:\xxfxffl.exe51⤵
- Executes dropped EXE
-
\??\c:\9hhhnb.exec:\9hhhnb.exe52⤵
- Executes dropped EXE
-
\??\c:\nthbbb.exec:\nthbbb.exe53⤵
- Executes dropped EXE
-
\??\c:\jdjdj.exec:\jdjdj.exe54⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rlllxxr.exec:\rlllxxr.exe55⤵
- Executes dropped EXE
-
\??\c:\lrrrrrr.exec:\lrrrrrr.exe56⤵
- Executes dropped EXE
-
\??\c:\9bhnhn.exec:\9bhnhn.exe57⤵
- Executes dropped EXE
-
\??\c:\pdpjj.exec:\pdpjj.exe58⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe59⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\lrlfffx.exec:\lrlfffx.exe60⤵
- Executes dropped EXE
-
\??\c:\tnntnn.exec:\tnntnn.exe61⤵
- Executes dropped EXE
-
\??\c:\jdpjj.exec:\jdpjj.exe62⤵
- Executes dropped EXE
-
\??\c:\hbhbtn.exec:\hbhbtn.exe63⤵
- Executes dropped EXE
-
\??\c:\tbhbtt.exec:\tbhbtt.exe64⤵
- Executes dropped EXE
-
\??\c:\jdvjd.exec:\jdvjd.exe65⤵
- Executes dropped EXE
-
\??\c:\3rfrrrr.exec:\3rfrrrr.exe66⤵
-
\??\c:\rlllrrx.exec:\rlllrrx.exe67⤵
-
\??\c:\7bhhhn.exec:\7bhhhn.exe68⤵
-
\??\c:\jjppj.exec:\jjppj.exe69⤵
-
\??\c:\dpjdv.exec:\dpjdv.exe70⤵
-
\??\c:\5rrrrxr.exec:\5rrrrxr.exe71⤵
-
\??\c:\ttbbht.exec:\ttbbht.exe72⤵
-
\??\c:\nhbtnn.exec:\nhbtnn.exe73⤵
-
\??\c:\fxfxxxr.exec:\fxfxxxr.exe74⤵
-
\??\c:\frrlfxr.exec:\frrlfxr.exe75⤵
-
\??\c:\9nbtbb.exec:\9nbtbb.exe76⤵
-
\??\c:\thnnnn.exec:\thnnnn.exe77⤵
-
\??\c:\rxffffx.exec:\rxffffx.exe78⤵
-
\??\c:\xlrlflf.exec:\xlrlflf.exe79⤵
-
\??\c:\1btnhh.exec:\1btnhh.exe80⤵
-
\??\c:\btbtnn.exec:\btbtnn.exe81⤵
-
\??\c:\vvdvp.exec:\vvdvp.exe82⤵
-
\??\c:\xlllrxr.exec:\xlllrxr.exe83⤵
-
\??\c:\5bhhbn.exec:\5bhhbn.exe84⤵
-
\??\c:\tnnhnt.exec:\tnnhnt.exe85⤵
-
\??\c:\jvvvv.exec:\jvvvv.exe86⤵
-
\??\c:\llrrxxx.exec:\llrrxxx.exe87⤵
-
\??\c:\5rfxllr.exec:\5rfxllr.exe88⤵
-
\??\c:\bntbtt.exec:\bntbtt.exe89⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe90⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe91⤵
-
\??\c:\lffxrrr.exec:\lffxrrr.exe92⤵
-
\??\c:\nhnnnn.exec:\nhnnnn.exe93⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe94⤵
-
\??\c:\jddvp.exec:\jddvp.exe95⤵
-
\??\c:\lflfxff.exec:\lflfxff.exe96⤵
-
\??\c:\7rrlrrl.exec:\7rrlrrl.exe97⤵
-
\??\c:\nbbnht.exec:\nbbnht.exe98⤵
-
\??\c:\djvpj.exec:\djvpj.exe99⤵
-
\??\c:\3pvvv.exec:\3pvvv.exe100⤵
-
\??\c:\rrxxrrl.exec:\rrxxrrl.exe101⤵
-
\??\c:\nhttnt.exec:\nhttnt.exe102⤵
-
\??\c:\nhhnhn.exec:\nhhnhn.exe103⤵
-
\??\c:\9vjdd.exec:\9vjdd.exe104⤵
-
\??\c:\thnthh.exec:\thnthh.exe105⤵
-
\??\c:\bnnhtt.exec:\bnnhtt.exe106⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe107⤵
-
\??\c:\1vddp.exec:\1vddp.exe108⤵
-
\??\c:\ffxlxrf.exec:\ffxlxrf.exe109⤵
-
\??\c:\9xxfxxr.exec:\9xxfxxr.exe110⤵
-
\??\c:\hntnnn.exec:\hntnnn.exe111⤵
-
\??\c:\jvddv.exec:\jvddv.exe112⤵
-
\??\c:\jdddv.exec:\jdddv.exe113⤵
-
\??\c:\fflfllr.exec:\fflfllr.exe114⤵
-
\??\c:\7rrlfll.exec:\7rrlfll.exe115⤵
-
\??\c:\1ttbbb.exec:\1ttbbb.exe116⤵
-
\??\c:\tbhbbb.exec:\tbhbbb.exe117⤵
-
\??\c:\5ppjj.exec:\5ppjj.exe118⤵
-
\??\c:\jppjd.exec:\jppjd.exe119⤵
-
\??\c:\lfrlxxr.exec:\lfrlxxr.exe120⤵
-
\??\c:\5fllffx.exec:\5fllffx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-