Analysis
-
max time kernel
150s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
28/09/2024, 04:18
General
-
Target
8f17241114bcc7750a42233942a7f9bfa6991ecf203edf496125403d7eac0958N.exe
-
Size
250KB
-
MD5
134fec82a29a7110d058e3bb058cf430
-
SHA1
2eff4898575b65da6aac0e451777b4442f450dd3
-
SHA256
8f17241114bcc7750a42233942a7f9bfa6991ecf203edf496125403d7eac0958
-
SHA512
d460a979d6544ae362e740907effca9252bd720076d9d21fb18a532cff63ff338f230cce130db2dcc4d357132087c0de98b9794170add6375c137a9ae144d0f9
-
SSDEEP
6144:n3C9BRo/AIX27NHWpU00VIxas1oa3YiFRlu:n3C9uD6AUDCa4NYmRU
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 35 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8f17241114bcc7750a42233942a7f9bfa6991ecf203edf496125403d7eac0958N.exe"C:\Users\Admin\AppData\Local\Temp\8f17241114bcc7750a42233942a7f9bfa6991ecf203edf496125403d7eac0958N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1frlxxr.exec:\1frlxxr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ppjd.exec:\9ppjd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jpvp.exec:\3jpvp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pvpd.exec:\1pvpd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthtnb.exec:\hthtnb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbbt.exec:\hthbbt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxxxll.exec:\llxxxll.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbhb.exec:\tnbbhb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pjvp.exec:\1pjvp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrlxrf.exec:\lfrlxrf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdjv.exec:\dvdjv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xxrfxr.exec:\9xxrfxr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhtnt.exec:\nnhtnt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnhbt.exec:\htnhbt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppj.exec:\pjppj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5flffff.exec:\5flffff.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bthtn.exec:\3bthtn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjdp.exec:\vdjdp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3fxrlll.exec:\3fxrlll.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbbn.exec:\hhhbbn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpp.exec:\jdvpp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlfrrl.exec:\xxlfrrl.exe23⤵
- Executes dropped EXE
-
\??\c:\nntnnn.exec:\nntnnn.exe24⤵
- Executes dropped EXE
-
\??\c:\nbbbtb.exec:\nbbbtb.exe25⤵
- Executes dropped EXE
-
\??\c:\1vdpp.exec:\1vdpp.exe26⤵
- Executes dropped EXE
-
\??\c:\3jpdd.exec:\3jpdd.exe27⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\bbnbtn.exec:\bbnbtn.exe28⤵
- Executes dropped EXE
-
\??\c:\jjdvp.exec:\jjdvp.exe29⤵
- Executes dropped EXE
-
\??\c:\rxxfrll.exec:\rxxfrll.exe30⤵
- Executes dropped EXE
-
\??\c:\9rlfxlf.exec:\9rlfxlf.exe31⤵
- Executes dropped EXE
-
\??\c:\hhnhnt.exec:\hhnhnt.exe32⤵
- Executes dropped EXE
-
\??\c:\hthbhn.exec:\hthbhn.exe33⤵
- Executes dropped EXE
-
\??\c:\jjpjv.exec:\jjpjv.exe34⤵
- Executes dropped EXE
-
\??\c:\xxfxllf.exec:\xxfxllf.exe35⤵
- Executes dropped EXE
-
\??\c:\tttttt.exec:\tttttt.exe36⤵
- Executes dropped EXE
-
\??\c:\vdpjj.exec:\vdpjj.exe37⤵
- Executes dropped EXE
-
\??\c:\lffrffx.exec:\lffrffx.exe38⤵
- Executes dropped EXE
-
\??\c:\rrrllrl.exec:\rrrllrl.exe39⤵
- Executes dropped EXE
-
\??\c:\hntnhb.exec:\hntnhb.exe40⤵
- Executes dropped EXE
-
\??\c:\tbtntt.exec:\tbtntt.exe41⤵
- Executes dropped EXE
-
\??\c:\ppjjd.exec:\ppjjd.exe42⤵
- Executes dropped EXE
-
\??\c:\rrlfxxr.exec:\rrlfxxr.exe43⤵
- Executes dropped EXE
-
\??\c:\nnnhhb.exec:\nnnhhb.exe44⤵
-
\??\c:\nbtnhh.exec:\nbtnhh.exe45⤵
- Executes dropped EXE
-
\??\c:\dvdvj.exec:\dvdvj.exe46⤵
- Executes dropped EXE
-
\??\c:\pjjvp.exec:\pjjvp.exe47⤵
- Executes dropped EXE
-
\??\c:\xrrlllx.exec:\xrrlllx.exe48⤵
- Executes dropped EXE
-
\??\c:\1hhtnn.exec:\1hhtnn.exe49⤵
- Executes dropped EXE
-
\??\c:\pvvpj.exec:\pvvpj.exe50⤵
- Executes dropped EXE
-
\??\c:\pjvvj.exec:\pjvvj.exe51⤵
- Executes dropped EXE
-
\??\c:\rxxlrlf.exec:\rxxlrlf.exe52⤵
- Executes dropped EXE
-
\??\c:\bntttt.exec:\bntttt.exe53⤵
- Executes dropped EXE
-
\??\c:\5nnnbt.exec:\5nnnbt.exe54⤵
- Executes dropped EXE
-
\??\c:\dvvpd.exec:\dvvpd.exe55⤵
- Executes dropped EXE
-
\??\c:\ddjdp.exec:\ddjdp.exe56⤵
- Executes dropped EXE
-
\??\c:\llrrrxr.exec:\llrrrxr.exe57⤵
- Executes dropped EXE
-
\??\c:\7hnhhh.exec:\7hnhhh.exe58⤵
- Executes dropped EXE
-
\??\c:\3btnbb.exec:\3btnbb.exe59⤵
- Executes dropped EXE
-
\??\c:\3ppdv.exec:\3ppdv.exe60⤵
- Executes dropped EXE
-
\??\c:\7bbthh.exec:\7bbthh.exe61⤵
- Executes dropped EXE
-
\??\c:\pppdv.exec:\pppdv.exe62⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\xxlfxxr.exec:\xxlfxxr.exe63⤵
- Executes dropped EXE
-
\??\c:\bbhbnh.exec:\bbhbnh.exe64⤵
- Executes dropped EXE
-
\??\c:\nhtthb.exec:\nhtthb.exe65⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe66⤵
- Executes dropped EXE
-
\??\c:\9vvvp.exec:\9vvvp.exe67⤵
-
\??\c:\xxfxrrl.exec:\xxfxrrl.exe68⤵
-
\??\c:\hbbhnn.exec:\hbbhnn.exe69⤵
-
\??\c:\vdpjv.exec:\vdpjv.exe70⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe71⤵
-
\??\c:\rrrrxxr.exec:\rrrrxxr.exe72⤵
-
\??\c:\bhnnnt.exec:\bhnnnt.exe73⤵
-
\??\c:\jjvpd.exec:\jjvpd.exe74⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe75⤵
-
\??\c:\1xfxrll.exec:\1xfxrll.exe76⤵
-
\??\c:\xlfxrrl.exec:\xlfxrrl.exe77⤵
-
\??\c:\9tnhbb.exec:\9tnhbb.exe78⤵
-
\??\c:\pjppd.exec:\pjppd.exe79⤵
-
\??\c:\xlxlxxl.exec:\xlxlxxl.exe80⤵
-
\??\c:\lrllfxx.exec:\lrllfxx.exe81⤵
-
\??\c:\hhhnnn.exec:\hhhnnn.exe82⤵
-
\??\c:\ppppv.exec:\ppppv.exe83⤵
-
\??\c:\ffxflxl.exec:\ffxflxl.exe84⤵
-
\??\c:\lfrfxrl.exec:\lfrfxrl.exe85⤵
-
\??\c:\3hnhnn.exec:\3hnhnn.exe86⤵
-
\??\c:\vdpdp.exec:\vdpdp.exe87⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe88⤵
-
\??\c:\9frlxlx.exec:\9frlxlx.exe89⤵
-
\??\c:\rfrrrrl.exec:\rfrrrrl.exe90⤵
-
\??\c:\nthhbh.exec:\nthhbh.exe91⤵
-
\??\c:\5vpjv.exec:\5vpjv.exe92⤵
-
\??\c:\vvjvp.exec:\vvjvp.exe93⤵
-
\??\c:\xxrlfxr.exec:\xxrlfxr.exe94⤵
-
\??\c:\hnhhbh.exec:\hnhhbh.exe95⤵
-
\??\c:\dpvjv.exec:\dpvjv.exe96⤵
-
\??\c:\vpppp.exec:\vpppp.exe97⤵
-
\??\c:\xlxxllf.exec:\xlxxllf.exe98⤵
-
\??\c:\3nhbbb.exec:\3nhbbb.exe99⤵
-
\??\c:\ddddp.exec:\ddddp.exe100⤵
-
\??\c:\ppvjd.exec:\ppvjd.exe101⤵
-
\??\c:\7tbttn.exec:\7tbttn.exe102⤵
-
\??\c:\pjdvd.exec:\pjdvd.exe103⤵
-
\??\c:\9dpvj.exec:\9dpvj.exe104⤵
-
\??\c:\7rxxrrx.exec:\7rxxrrx.exe105⤵
-
\??\c:\3nhnbh.exec:\3nhnbh.exe106⤵
-
\??\c:\1vvpj.exec:\1vvpj.exe107⤵
-
\??\c:\lxxxfff.exec:\lxxxfff.exe108⤵
-
\??\c:\lflrflf.exec:\lflrflf.exe109⤵
-
\??\c:\5tbbtt.exec:\5tbbtt.exe110⤵
-
\??\c:\3pjdj.exec:\3pjdj.exe111⤵
-
\??\c:\rllfrrl.exec:\rllfrrl.exe112⤵
-
\??\c:\xlrrffx.exec:\xlrrffx.exe113⤵
-
\??\c:\5hbthh.exec:\5hbthh.exe114⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe115⤵
-
\??\c:\frrlffx.exec:\frrlffx.exe116⤵
-
\??\c:\fxfflfr.exec:\fxfflfr.exe117⤵
-
\??\c:\bnnhbt.exec:\bnnhbt.exe118⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe119⤵
-
\??\c:\xfrrrll.exec:\xfrrrll.exe120⤵
-
\??\c:\tbbtnh.exec:\tbbtnh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-