Analysis
-
max time kernel
120s -
max time network
97s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
27-09-2024 08:44
General
-
Target
9d4f60c2a85431e224da8876ef0c7947a057cb644bec2f8e9421c643a91d87b6N.exe
-
Size
71KB
-
MD5
3d4811b42888ac18bdeffe44eb497600
-
SHA1
c5908b0c3e417e082006f62202a19e2aedcf8c88
-
SHA256
9d4f60c2a85431e224da8876ef0c7947a057cb644bec2f8e9421c643a91d87b6
-
SHA512
ac4f87624d2d7a8ff92f0d287f93fe3762dc9da2de4b248df9e813545d2b14d2ded7d2c47802e3a9247b54c856d079bbfdc5f834f5a40f32afc0f662b5b6c4db
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfj1:ymb3NkkiQ3mdBjFI4VF
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9d4f60c2a85431e224da8876ef0c7947a057cb644bec2f8e9421c643a91d87b6N.exe"C:\Users\Admin\AppData\Local\Temp\9d4f60c2a85431e224da8876ef0c7947a057cb644bec2f8e9421c643a91d87b6N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbbb.exec:\hbhbbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnnbb.exec:\bhnnbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pvpd.exec:\7pvpd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlfxx.exec:\fxrlfxx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbbb.exec:\hbbbbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddvv.exec:\dddvv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrlllr.exec:\rfrlllr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhthbb.exec:\hhthbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjd.exec:\dppjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrllf.exec:\fxxrllf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnhtt.exec:\htnhtt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdp.exec:\pdjdp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjdj.exec:\ddjdj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlllrr.exec:\xrlllrr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtnnn.exec:\bbtnnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7djdv.exec:\7djdv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpppp.exec:\dpppp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhbb.exec:\bnnhbb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvjd.exec:\jpvjd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbthh.exec:\tbbthh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppppd.exec:\ppppd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllrxrf.exec:\xllrxrf.exe23⤵
- Executes dropped EXE
-
\??\c:\3flfxxr.exec:\3flfxxr.exe24⤵
- Executes dropped EXE
-
\??\c:\9hbbhn.exec:\9hbbhn.exe25⤵
- Executes dropped EXE
-
\??\c:\hbhthb.exec:\hbhthb.exe26⤵
- Executes dropped EXE
-
\??\c:\ppjjd.exec:\ppjjd.exe27⤵
- Executes dropped EXE
-
\??\c:\9flrrlx.exec:\9flrrlx.exe28⤵
- Executes dropped EXE
-
\??\c:\lxfxrlf.exec:\lxfxrlf.exe29⤵
- Executes dropped EXE
-
\??\c:\dvdpj.exec:\dvdpj.exe30⤵
- Executes dropped EXE
-
\??\c:\lxxrlff.exec:\lxxrlff.exe31⤵
- Executes dropped EXE
-
\??\c:\rllfxrl.exec:\rllfxrl.exe32⤵
- Executes dropped EXE
-
\??\c:\btnhtn.exec:\btnhtn.exe33⤵
- Executes dropped EXE
-
\??\c:\dppjv.exec:\dppjv.exe34⤵
- Executes dropped EXE
-
\??\c:\ppjdv.exec:\ppjdv.exe35⤵
- Executes dropped EXE
-
\??\c:\thnbtn.exec:\thnbtn.exe36⤵
- Executes dropped EXE
-
\??\c:\9pdvd.exec:\9pdvd.exe37⤵
- Executes dropped EXE
-
\??\c:\frlfxrl.exec:\frlfxrl.exe38⤵
- Executes dropped EXE
-
\??\c:\5hnhhh.exec:\5hnhhh.exe39⤵
- Executes dropped EXE
-
\??\c:\vvddp.exec:\vvddp.exe40⤵
- Executes dropped EXE
-
\??\c:\btthtt.exec:\btthtt.exe41⤵
- Executes dropped EXE
-
\??\c:\hthttn.exec:\hthttn.exe42⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\vjvpd.exec:\vjvpd.exe43⤵
- Executes dropped EXE
-
\??\c:\1jddp.exec:\1jddp.exe44⤵
- Executes dropped EXE
-
\??\c:\lfffrxl.exec:\lfffrxl.exe45⤵
- Executes dropped EXE
-
\??\c:\9tbtnb.exec:\9tbtnb.exe46⤵
- Executes dropped EXE
-
\??\c:\jvpjv.exec:\jvpjv.exe47⤵
- Executes dropped EXE
-
\??\c:\1xrfrfx.exec:\1xrfrfx.exe48⤵
- Executes dropped EXE
-
\??\c:\1fxxllf.exec:\1fxxllf.exe49⤵
- Executes dropped EXE
-
\??\c:\7btnbb.exec:\7btnbb.exe50⤵
- Executes dropped EXE
-
\??\c:\bntnhb.exec:\bntnhb.exe51⤵
- Executes dropped EXE
-
\??\c:\9pjdv.exec:\9pjdv.exe52⤵
- Executes dropped EXE
-
\??\c:\pdvjd.exec:\pdvjd.exe53⤵
- Executes dropped EXE
-
\??\c:\rrfflfx.exec:\rrfflfx.exe54⤵
- Executes dropped EXE
-
\??\c:\rflffxx.exec:\rflffxx.exe55⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\nnhbtn.exec:\nnhbtn.exe56⤵
- Executes dropped EXE
-
\??\c:\pddvj.exec:\pddvj.exe57⤵
- Executes dropped EXE
-
\??\c:\3jjdd.exec:\3jjdd.exe58⤵
- Executes dropped EXE
-
\??\c:\lffrxlf.exec:\lffrxlf.exe59⤵
- Executes dropped EXE
-
\??\c:\nhhhbt.exec:\nhhhbt.exe60⤵
- Executes dropped EXE
-
\??\c:\tnhbnn.exec:\tnhbnn.exe61⤵
- Executes dropped EXE
-
\??\c:\pddpd.exec:\pddpd.exe62⤵
- Executes dropped EXE
-
\??\c:\vdddp.exec:\vdddp.exe63⤵
- Executes dropped EXE
-
\??\c:\lfxlxxx.exec:\lfxlxxx.exe64⤵
- Executes dropped EXE
-
\??\c:\lllxrrl.exec:\lllxrrl.exe65⤵
- Executes dropped EXE
-
\??\c:\nthbtn.exec:\nthbtn.exe66⤵
-
\??\c:\ttnbtt.exec:\ttnbtt.exe67⤵
-
\??\c:\pjjvj.exec:\pjjvj.exe68⤵
-
\??\c:\vvjpp.exec:\vvjpp.exe69⤵
-
\??\c:\rfxlrlf.exec:\rfxlrlf.exe70⤵
-
\??\c:\3xrxrlx.exec:\3xrxrlx.exe71⤵
-
\??\c:\tbtbbt.exec:\tbtbbt.exe72⤵
-
\??\c:\thbnbb.exec:\thbnbb.exe73⤵
-
\??\c:\ddpdv.exec:\ddpdv.exe74⤵
-
\??\c:\vppdd.exec:\vppdd.exe75⤵
-
\??\c:\xlllxrl.exec:\xlllxrl.exe76⤵
-
\??\c:\7fxlxrl.exec:\7fxlxrl.exe77⤵
-
\??\c:\htnhbb.exec:\htnhbb.exe78⤵
-
\??\c:\9pjdp.exec:\9pjdp.exe79⤵
-
\??\c:\9jdvd.exec:\9jdvd.exe80⤵
-
\??\c:\9xlxrlx.exec:\9xlxrlx.exe81⤵
-
\??\c:\frxxfxf.exec:\frxxfxf.exe82⤵
-
\??\c:\hbbthb.exec:\hbbthb.exe83⤵
-
\??\c:\5ddpd.exec:\5ddpd.exe84⤵
-
\??\c:\pdvjv.exec:\pdvjv.exe85⤵
-
\??\c:\rrlfxrl.exec:\rrlfxrl.exe86⤵
-
\??\c:\frxlxfx.exec:\frxlxfx.exe87⤵
-
\??\c:\3bnnbt.exec:\3bnnbt.exe88⤵
-
\??\c:\3hbttn.exec:\3hbttn.exe89⤵
-
\??\c:\9pdvj.exec:\9pdvj.exe90⤵
-
\??\c:\5lrfxrf.exec:\5lrfxrf.exe91⤵
-
\??\c:\5rlfrlf.exec:\5rlfrlf.exe92⤵
-
\??\c:\9nbbtn.exec:\9nbbtn.exe93⤵
-
\??\c:\nbhnnh.exec:\nbhnnh.exe94⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe95⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe96⤵
-
\??\c:\lfffxrl.exec:\lfffxrl.exe97⤵
-
\??\c:\9nnhtb.exec:\9nnhtb.exe98⤵
-
\??\c:\nhnhtt.exec:\nhnhtt.exe99⤵
-
\??\c:\9jjdp.exec:\9jjdp.exe100⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe101⤵
-
\??\c:\xllxfxr.exec:\xllxfxr.exe102⤵
-
\??\c:\9ntntt.exec:\9ntntt.exe103⤵
-
\??\c:\httnhb.exec:\httnhb.exe104⤵
-
\??\c:\9jpjd.exec:\9jpjd.exe105⤵
-
\??\c:\vvpjd.exec:\vvpjd.exe106⤵
-
\??\c:\7lxxlfr.exec:\7lxxlfr.exe107⤵
-
\??\c:\frxrrrr.exec:\frxrrrr.exe108⤵
-
\??\c:\hnttnn.exec:\hnttnn.exe109⤵
-
\??\c:\vdjjj.exec:\vdjjj.exe110⤵
-
\??\c:\djjvj.exec:\djjvj.exe111⤵
-
\??\c:\rffxrrl.exec:\rffxrrl.exe112⤵
-
\??\c:\xffxllx.exec:\xffxllx.exe113⤵
-
\??\c:\5bbbtn.exec:\5bbbtn.exe114⤵
-
\??\c:\dppdp.exec:\dppdp.exe115⤵
-
\??\c:\pvpjv.exec:\pvpjv.exe116⤵
-
\??\c:\xrlfxrl.exec:\xrlfxrl.exe117⤵
-
\??\c:\lllfxxr.exec:\lllfxxr.exe118⤵
-
\??\c:\ttbbhn.exec:\ttbbhn.exe119⤵
-
\??\c:\jpdjd.exec:\jpdjd.exe120⤵
-
\??\c:\7fxrfff.exec:\7fxrfff.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-