Analysis
-
max time kernel
150s -
max time network
130s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
28-09-2024 19:38
General
-
Target
227ea0cb39c0026144cc0b82ddc9b9b754c339d11f4a8dbb0b85c6aa06673814.exe
-
Size
70KB
-
MD5
9f396473219c27d0707da9b33f7f042f
-
SHA1
bfbf0477561f22032289aa342fc96812f7479064
-
SHA256
227ea0cb39c0026144cc0b82ddc9b9b754c339d11f4a8dbb0b85c6aa06673814
-
SHA512
e4789626adcd99857c95dd40706b571dbf91f85dca91502dd3025d633be29ac8ca7e692496358a48899470fabb66e7046b9bc536b4c8e47a1758fd75410be9a7
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIJ/RWPqBr9:ymb3NkkiQ3mdBjFIqsr9
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 36 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\227ea0cb39c0026144cc0b82ddc9b9b754c339d11f4a8dbb0b85c6aa06673814.exe"C:\Users\Admin\AppData\Local\Temp\227ea0cb39c0026144cc0b82ddc9b9b754c339d11f4a8dbb0b85c6aa06673814.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxrxxr.exec:\xlxrxxr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1thbtb.exec:\1thbtb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjvj.exec:\pjjvj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrlrfl.exec:\llrlrfl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntbth.exec:\hntbth.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nnbtn.exec:\7nnbtn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdjd.exec:\dvdjd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nnhbt.exec:\3nnhbt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvd.exec:\jdpvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxxfx.exec:\lfxxxfx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnhbh.exec:\nbnhbh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddddd.exec:\ddddd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnbtt.exec:\nnnbtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdp.exec:\vpjdp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlrxlr.exec:\rxlrxlr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbtnn.exec:\btbtnn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpppv.exec:\dpppv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vvpd.exec:\3vvpd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7flfflr.exec:\7flfflr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rxxffl.exec:\5rxxffl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvppj.exec:\vvppj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrffx.exec:\rxxrffx.exe23⤵
- Executes dropped EXE
-
\??\c:\9nhbbb.exec:\9nhbbb.exe24⤵
- Executes dropped EXE
-
\??\c:\1hhthh.exec:\1hhthh.exe25⤵
- Executes dropped EXE
-
\??\c:\7jjdp.exec:\7jjdp.exe26⤵
- Executes dropped EXE
-
\??\c:\dppjd.exec:\dppjd.exe27⤵
- Executes dropped EXE
-
\??\c:\xfxrllf.exec:\xfxrllf.exe28⤵
- Executes dropped EXE
-
\??\c:\xfxlrxf.exec:\xfxlrxf.exe29⤵
- Executes dropped EXE
-
\??\c:\nhnntt.exec:\nhnntt.exe30⤵
- Executes dropped EXE
-
\??\c:\djddp.exec:\djddp.exe31⤵
- Executes dropped EXE
-
\??\c:\vjjdp.exec:\vjjdp.exe32⤵
- Executes dropped EXE
-
\??\c:\fxxrxfr.exec:\fxxrxfr.exe33⤵
- Executes dropped EXE
-
\??\c:\tnnhbt.exec:\tnnhbt.exe34⤵
- Executes dropped EXE
-
\??\c:\hnbtbb.exec:\hnbtbb.exe35⤵
- Executes dropped EXE
-
\??\c:\pdvdv.exec:\pdvdv.exe36⤵
- Executes dropped EXE
-
\??\c:\rfrxrrx.exec:\rfrxrrx.exe37⤵
- Executes dropped EXE
-
\??\c:\3rrrxff.exec:\3rrrxff.exe38⤵
- Executes dropped EXE
-
\??\c:\bthbhh.exec:\bthbhh.exe39⤵
- Executes dropped EXE
-
\??\c:\bttnhh.exec:\bttnhh.exe40⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe41⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe42⤵
- Executes dropped EXE
-
\??\c:\fxrfxlf.exec:\fxrfxlf.exe43⤵
- Executes dropped EXE
-
\??\c:\tntnhn.exec:\tntnhn.exe44⤵
- Executes dropped EXE
-
\??\c:\7jjvv.exec:\7jjvv.exe45⤵
- Executes dropped EXE
-
\??\c:\xfxlxlf.exec:\xfxlxlf.exe46⤵
- Executes dropped EXE
-
\??\c:\ttnhtb.exec:\ttnhtb.exe47⤵
- Executes dropped EXE
-
\??\c:\jppjd.exec:\jppjd.exe48⤵
- Executes dropped EXE
-
\??\c:\lrxllfr.exec:\lrxllfr.exe49⤵
- Executes dropped EXE
-
\??\c:\xflfffx.exec:\xflfffx.exe50⤵
- Executes dropped EXE
-
\??\c:\bttnhh.exec:\bttnhh.exe51⤵
- Executes dropped EXE
-
\??\c:\tttbnt.exec:\tttbnt.exe52⤵
- Executes dropped EXE
-
\??\c:\pjvjv.exec:\pjvjv.exe53⤵
- Executes dropped EXE
-
\??\c:\llxrflf.exec:\llxrflf.exe54⤵
- Executes dropped EXE
-
\??\c:\htbhbh.exec:\htbhbh.exe55⤵
- Executes dropped EXE
-
\??\c:\3bhhbt.exec:\3bhhbt.exe56⤵
- Executes dropped EXE
-
\??\c:\3jdvp.exec:\3jdvp.exe57⤵
- Executes dropped EXE
-
\??\c:\7rrffxf.exec:\7rrffxf.exe58⤵
- Executes dropped EXE
-
\??\c:\5rrlffx.exec:\5rrlffx.exe59⤵
- Executes dropped EXE
-
\??\c:\tbtbhh.exec:\tbtbhh.exe60⤵
- Executes dropped EXE
-
\??\c:\9pjpd.exec:\9pjpd.exe61⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe62⤵
- Executes dropped EXE
-
\??\c:\lflfllr.exec:\lflfllr.exe63⤵
- Executes dropped EXE
-
\??\c:\tbbthn.exec:\tbbthn.exe64⤵
- Executes dropped EXE
-
\??\c:\tbtbnn.exec:\tbtbnn.exe65⤵
- Executes dropped EXE
-
\??\c:\dppjp.exec:\dppjp.exe66⤵
-
\??\c:\rffxllf.exec:\rffxllf.exe67⤵
-
\??\c:\3xxrlfr.exec:\3xxrlfr.exe68⤵
-
\??\c:\9tbbbt.exec:\9tbbbt.exe69⤵
-
\??\c:\rrrlffx.exec:\rrrlffx.exe70⤵
-
\??\c:\htbttn.exec:\htbttn.exe71⤵
-
\??\c:\tnthhb.exec:\tnthhb.exe72⤵
-
\??\c:\pvvpp.exec:\pvvpp.exe73⤵
-
\??\c:\ffllrxf.exec:\ffllrxf.exe74⤵
-
\??\c:\tnhbbt.exec:\tnhbbt.exe75⤵
-
\??\c:\btthth.exec:\btthth.exe76⤵
-
\??\c:\dpvdp.exec:\dpvdp.exe77⤵
-
\??\c:\rrlfxxl.exec:\rrlfxxl.exe78⤵
-
\??\c:\xllfrrl.exec:\xllfrrl.exe79⤵
-
\??\c:\5hnhnn.exec:\5hnhnn.exe80⤵
-
\??\c:\bnbnht.exec:\bnbnht.exe81⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe82⤵
-
\??\c:\pvvpp.exec:\pvvpp.exe83⤵
-
\??\c:\lxfrrrx.exec:\lxfrrrx.exe84⤵
-
\??\c:\thbhbt.exec:\thbhbt.exe85⤵
-
\??\c:\7hhbnn.exec:\7hhbnn.exe86⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe87⤵
-
\??\c:\lxflxxx.exec:\lxflxxx.exe88⤵
-
\??\c:\fxxflxx.exec:\fxxflxx.exe89⤵
-
\??\c:\thhhbh.exec:\thhhbh.exe90⤵
-
\??\c:\hbtnbh.exec:\hbtnbh.exe91⤵
-
\??\c:\djjpd.exec:\djjpd.exe92⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe93⤵
-
\??\c:\fflfxxl.exec:\fflfxxl.exe94⤵
-
\??\c:\ffrlffx.exec:\ffrlffx.exe95⤵
-
\??\c:\9tnhhh.exec:\9tnhhh.exe96⤵
-
\??\c:\djpjp.exec:\djpjp.exe97⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe98⤵
-
\??\c:\xlxlxrx.exec:\xlxlxrx.exe99⤵
-
\??\c:\ffllffr.exec:\ffllffr.exe100⤵
-
\??\c:\hbnntt.exec:\hbnntt.exe101⤵
-
\??\c:\btnhbh.exec:\btnhbh.exe102⤵
-
\??\c:\jvppj.exec:\jvppj.exe103⤵
-
\??\c:\jvpvp.exec:\jvpvp.exe104⤵
-
\??\c:\frlrflf.exec:\frlrflf.exe105⤵
-
\??\c:\nbnnhh.exec:\nbnnhh.exe106⤵
-
\??\c:\pvppp.exec:\pvppp.exe107⤵
-
\??\c:\dvddv.exec:\dvddv.exe108⤵
-
\??\c:\frfxlrl.exec:\frfxlrl.exe109⤵
-
\??\c:\lxxflfl.exec:\lxxflfl.exe110⤵
-
\??\c:\thnhbt.exec:\thnhbt.exe111⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe112⤵
-
\??\c:\jjppv.exec:\jjppv.exe113⤵
-
\??\c:\rrrlrrl.exec:\rrrlrrl.exe114⤵
-
\??\c:\bttnhb.exec:\bttnhb.exe115⤵
-
\??\c:\ntnhnt.exec:\ntnhnt.exe116⤵
-
\??\c:\tnhthh.exec:\tnhthh.exe117⤵
-
\??\c:\1xfxrrr.exec:\1xfxrrr.exe118⤵
-
\??\c:\ntbnbt.exec:\ntbnbt.exe119⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe120⤵
-
\??\c:\7jjdj.exec:\7jjdj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-