Analysis
-
max time kernel
150s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
27/09/2024, 13:50
General
-
Target
f1978ba6de51a3170774d29352aeb6b34d8e5d6ad2f8fea3b8e7e54c93dbd543.exe
-
Size
63KB
-
MD5
c8ce151fa3fcd0b1c20882d3a9997df5
-
SHA1
c37d8301a59f9d77912c6eb1587cb7e2c367b57a
-
SHA256
f1978ba6de51a3170774d29352aeb6b34d8e5d6ad2f8fea3b8e7e54c93dbd543
-
SHA512
78a4ecfee64582cd9da0be6eaa9aba068e3273cb5e859fe50d626650fbc6084159ec63630cc288212c4379907bd86b4b9bd895f8c2a054f32af2551da10c52e1
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIrmCeRMBJ:ymb3NkkiQ3mdBjFIjeuv
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 30 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 38 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f1978ba6de51a3170774d29352aeb6b34d8e5d6ad2f8fea3b8e7e54c93dbd543.exe"C:\Users\Admin\AppData\Local\Temp\f1978ba6de51a3170774d29352aeb6b34d8e5d6ad2f8fea3b8e7e54c93dbd543.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\446600.exec:\446600.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e62606.exec:\e62606.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\42420.exec:\42420.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbtn.exec:\tnhbtn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ddjd.exec:\9ddjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxrfxl.exec:\llxrfxl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lffxxr.exec:\5lffxxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpvp.exec:\dvpvp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pdpj.exec:\9pdpj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\28266.exec:\28266.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2008280.exec:\2008280.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8688282.exec:\8688282.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xlxrll.exec:\7xlxrll.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xrllfx.exec:\5xrllfx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nhhnh.exec:\7nhhnh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ddjj.exec:\7ddjj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvv.exec:\pjdvv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\20222.exec:\20222.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtnbt.exec:\hhtnbt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\006088.exec:\006088.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lfrllf.exec:\9lfrllf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\246604.exec:\246604.exe23⤵
- Executes dropped EXE
-
\??\c:\5lfxlfx.exec:\5lfxlfx.exe24⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\pjpjd.exec:\pjpjd.exe25⤵
- Executes dropped EXE
-
\??\c:\g4004.exec:\g4004.exe26⤵
- Executes dropped EXE
-
\??\c:\pjjdp.exec:\pjjdp.exe27⤵
- Executes dropped EXE
-
\??\c:\s2482.exec:\s2482.exe28⤵
- Executes dropped EXE
-
\??\c:\3ntnhh.exec:\3ntnhh.exe29⤵
- Executes dropped EXE
-
\??\c:\nthbnn.exec:\nthbnn.exe30⤵
- Executes dropped EXE
-
\??\c:\hhnhbh.exec:\hhnhbh.exe31⤵
- Executes dropped EXE
-
\??\c:\ppdvd.exec:\ppdvd.exe32⤵
- Executes dropped EXE
-
\??\c:\rrllrrr.exec:\rrllrrr.exe33⤵
- Executes dropped EXE
-
\??\c:\8066622.exec:\8066622.exe34⤵
- Executes dropped EXE
-
\??\c:\28042.exec:\28042.exe35⤵
- Executes dropped EXE
-
\??\c:\q68266.exec:\q68266.exe36⤵
- Executes dropped EXE
-
\??\c:\662224.exec:\662224.exe37⤵
- Executes dropped EXE
-
\??\c:\3bbnhh.exec:\3bbnhh.exe38⤵
- Executes dropped EXE
-
\??\c:\rfllxxx.exec:\rfllxxx.exe39⤵
- Executes dropped EXE
-
\??\c:\lllrrlf.exec:\lllrrlf.exe40⤵
- Executes dropped EXE
-
\??\c:\7vdvd.exec:\7vdvd.exe41⤵
- Executes dropped EXE
-
\??\c:\408686.exec:\408686.exe42⤵
- Executes dropped EXE
-
\??\c:\lfllrfx.exec:\lfllrfx.exe43⤵
- Executes dropped EXE
-
\??\c:\a8600.exec:\a8600.exe44⤵
- Executes dropped EXE
-
\??\c:\llrfrlf.exec:\llrfrlf.exe45⤵
- Executes dropped EXE
-
\??\c:\i422226.exec:\i422226.exe46⤵
- Executes dropped EXE
-
\??\c:\8844266.exec:\8844266.exe47⤵
- Executes dropped EXE
-
\??\c:\xrfxxrr.exec:\xrfxxrr.exe48⤵
- Executes dropped EXE
-
\??\c:\frxxxxf.exec:\frxxxxf.exe49⤵
- Executes dropped EXE
-
\??\c:\tnnnnn.exec:\tnnnnn.exe50⤵
- Executes dropped EXE
-
\??\c:\o026066.exec:\o026066.exe51⤵
- Executes dropped EXE
-
\??\c:\0888664.exec:\0888664.exe52⤵
- Executes dropped EXE
-
\??\c:\ffxxrrr.exec:\ffxxrrr.exe53⤵
- Executes dropped EXE
-
\??\c:\pjvpj.exec:\pjvpj.exe54⤵
- Executes dropped EXE
-
\??\c:\nbnhbn.exec:\nbnhbn.exe55⤵
- Executes dropped EXE
-
\??\c:\e00482.exec:\e00482.exe56⤵
- Executes dropped EXE
-
\??\c:\ttnbbt.exec:\ttnbbt.exe57⤵
- Executes dropped EXE
-
\??\c:\m8240.exec:\m8240.exe58⤵
- Executes dropped EXE
-
\??\c:\0022008.exec:\0022008.exe59⤵
- Executes dropped EXE
-
\??\c:\846040.exec:\846040.exe60⤵
- Executes dropped EXE
-
\??\c:\fxrxlfr.exec:\fxrxlfr.exe61⤵
- Executes dropped EXE
-
\??\c:\42804.exec:\42804.exe62⤵
- Executes dropped EXE
-
\??\c:\8464264.exec:\8464264.exe63⤵
- Executes dropped EXE
-
\??\c:\c666048.exec:\c666048.exe64⤵
- Executes dropped EXE
-
\??\c:\nbhbtn.exec:\nbhbtn.exe65⤵
- Executes dropped EXE
-
\??\c:\6862666.exec:\6862666.exe66⤵
-
\??\c:\bbtbth.exec:\bbtbth.exe67⤵
-
\??\c:\bhhtnh.exec:\bhhtnh.exe68⤵
-
\??\c:\tnnhtn.exec:\tnnhtn.exe69⤵
-
\??\c:\1bnnbt.exec:\1bnnbt.exe70⤵
-
\??\c:\088648.exec:\088648.exe71⤵
-
\??\c:\rlxrlll.exec:\rlxrlll.exe72⤵
-
\??\c:\u664822.exec:\u664822.exe73⤵
-
\??\c:\lxxrlff.exec:\lxxrlff.exe74⤵
-
\??\c:\rxrrfxr.exec:\rxrrfxr.exe75⤵
-
\??\c:\288826.exec:\288826.exe76⤵
-
\??\c:\pvpjd.exec:\pvpjd.exe77⤵
-
\??\c:\nhnnhh.exec:\nhnnhh.exe78⤵
-
\??\c:\48426.exec:\48426.exe79⤵
-
\??\c:\bthttn.exec:\bthttn.exe80⤵
-
\??\c:\3flxfxr.exec:\3flxfxr.exe81⤵
-
\??\c:\440488.exec:\440488.exe82⤵
-
\??\c:\1rrlxxx.exec:\1rrlxxx.exe83⤵
-
\??\c:\48482.exec:\48482.exe84⤵
-
\??\c:\846206.exec:\846206.exe85⤵
-
\??\c:\48842.exec:\48842.exe86⤵
-
\??\c:\800484.exec:\800484.exe87⤵
-
\??\c:\606666.exec:\606666.exe88⤵
-
\??\c:\9jjvj.exec:\9jjvj.exe89⤵
-
\??\c:\k00424.exec:\k00424.exe90⤵
-
\??\c:\5dvpd.exec:\5dvpd.exe91⤵
-
\??\c:\604866.exec:\604866.exe92⤵
-
\??\c:\u424208.exec:\u424208.exe93⤵
-
\??\c:\c226626.exec:\c226626.exe94⤵
-
\??\c:\hhhhhh.exec:\hhhhhh.exe95⤵
-
\??\c:\7lfrfxx.exec:\7lfrfxx.exe96⤵
-
\??\c:\662688.exec:\662688.exe97⤵
-
\??\c:\djjvj.exec:\djjvj.exe98⤵
-
\??\c:\vppdd.exec:\vppdd.exe99⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe100⤵
-
\??\c:\1dddd.exec:\1dddd.exe101⤵
-
\??\c:\84080.exec:\84080.exe102⤵
-
\??\c:\868626.exec:\868626.exe103⤵
-
\??\c:\a4008.exec:\a4008.exe104⤵
-
\??\c:\0260260.exec:\0260260.exe105⤵
-
\??\c:\6842662.exec:\6842662.exe106⤵
-
\??\c:\fffxxxx.exec:\fffxxxx.exe107⤵
-
\??\c:\vppjd.exec:\vppjd.exe108⤵
-
\??\c:\9hhhnh.exec:\9hhhnh.exe109⤵
-
\??\c:\1pvjj.exec:\1pvjj.exe110⤵
-
\??\c:\rrrrffr.exec:\rrrrffr.exe111⤵
-
\??\c:\lfxrlfx.exec:\lfxrlfx.exe112⤵
-
\??\c:\s2260.exec:\s2260.exe113⤵
-
\??\c:\8660820.exec:\8660820.exe114⤵
-
\??\c:\w68248.exec:\w68248.exe115⤵
-
\??\c:\40480.exec:\40480.exe116⤵
-
\??\c:\flflxrx.exec:\flflxrx.exe117⤵
-
\??\c:\djvjd.exec:\djvjd.exe118⤵
-
\??\c:\vppdp.exec:\vppdp.exe119⤵
-
\??\c:\u408608.exec:\u408608.exe120⤵
-
\??\c:\680422.exec:\680422.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-