Analysis
-
max time kernel
120s -
max time network
100s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
29/09/2024, 23:57
General
-
Target
dd10ad763665135b10f3ab207023d15a079f6aa35426ae4d86e0a7f91a3e20d1N.exe
-
Size
74KB
-
MD5
e7b7b20385117d468894cc6841e56b90
-
SHA1
0f4eec9b68da149dae012de798d1efdace685253
-
SHA256
dd10ad763665135b10f3ab207023d15a079f6aa35426ae4d86e0a7f91a3e20d1
-
SHA512
bf9dfa380bee5f61caff7c02caa6f059fbd2e726717234f641e62c014bd8d8a75f559eb44ae7f68e553b5f700fb2edc9fcd808dfbf5c6854da4a0e39f91d9693
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzk358nLA89OGvrFVHmPB:ymb3NkkiQ3mdBjFIvl358nLA89OMFVHC
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\dd10ad763665135b10f3ab207023d15a079f6aa35426ae4d86e0a7f91a3e20d1N.exe"C:\Users\Admin\AppData\Local\Temp\dd10ad763665135b10f3ab207023d15a079f6aa35426ae4d86e0a7f91a3e20d1N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9dvpd.exec:\9dvpd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfrfxl.exec:\frfrfxl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbbt.exec:\hthbbt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbnhb.exec:\tnbnhb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jdjv.exec:\7jdjv.exe6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrlxxr.exec:\rrrlxxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjvp.exec:\vpjvp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvvd.exec:\pdvvd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnbt.exec:\bntnbt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvjv.exec:\pdvjv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfrfx.exec:\xllfrfx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrfrlf.exec:\frrfrlf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjvj.exec:\dpjvj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpp.exec:\jvvpp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxlxrf.exec:\rfxlxrf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xrfrrl.exec:\1xrfrrl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbnh.exec:\hhhbnh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvvd.exec:\jdvvd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvvj.exec:\djvvj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxlxlf.exec:\xxxlxlf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfrlfr.exec:\llfrlfr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhbnh.exec:\thhbnh.exe23⤵
- Executes dropped EXE
-
\??\c:\nhtntn.exec:\nhtntn.exe24⤵
- Executes dropped EXE
-
\??\c:\vjpvd.exec:\vjpvd.exe25⤵
- Executes dropped EXE
-
\??\c:\xrlxlfr.exec:\xrlxlfr.exe26⤵
- Executes dropped EXE
-
\??\c:\frlrffr.exec:\frlrffr.exe27⤵
- Executes dropped EXE
-
\??\c:\hththh.exec:\hththh.exe28⤵
- Executes dropped EXE
-
\??\c:\dvjjd.exec:\dvjjd.exe29⤵
- Executes dropped EXE
-
\??\c:\xlrffrl.exec:\xlrffrl.exe30⤵
- Executes dropped EXE
-
\??\c:\7bbnhb.exec:\7bbnhb.exe31⤵
- Executes dropped EXE
-
\??\c:\7tthtn.exec:\7tthtn.exe32⤵
- Executes dropped EXE
-
\??\c:\pvjjd.exec:\pvjjd.exe33⤵
- Executes dropped EXE
-
\??\c:\rlrxfxx.exec:\rlrxfxx.exe34⤵
- Executes dropped EXE
-
\??\c:\rrxxxxf.exec:\rrxxxxf.exe35⤵
- Executes dropped EXE
-
\??\c:\bhbtnh.exec:\bhbtnh.exe36⤵
- Executes dropped EXE
-
\??\c:\3vpdv.exec:\3vpdv.exe37⤵
- Executes dropped EXE
-
\??\c:\rfxlxlf.exec:\rfxlxlf.exe38⤵
- Executes dropped EXE
-
\??\c:\lxlxlff.exec:\lxlxlff.exe39⤵
- Executes dropped EXE
-
\??\c:\nthtnh.exec:\nthtnh.exe40⤵
- Executes dropped EXE
-
\??\c:\pppdj.exec:\pppdj.exe41⤵
- Executes dropped EXE
-
\??\c:\lffxlfl.exec:\lffxlfl.exe42⤵
- Executes dropped EXE
-
\??\c:\ddvvv.exec:\ddvvv.exe43⤵
- Executes dropped EXE
-
\??\c:\pvpjj.exec:\pvpjj.exe44⤵
- Executes dropped EXE
-
\??\c:\btnhhh.exec:\btnhhh.exe45⤵
- Executes dropped EXE
-
\??\c:\pvvjv.exec:\pvvjv.exe46⤵
- Executes dropped EXE
-
\??\c:\lxfrfxr.exec:\lxfrfxr.exe47⤵
- Executes dropped EXE
-
\??\c:\htnhtn.exec:\htnhtn.exe48⤵
- Executes dropped EXE
-
\??\c:\pvddd.exec:\pvddd.exe49⤵
- Executes dropped EXE
-
\??\c:\xrrflfr.exec:\xrrflfr.exe50⤵
- Executes dropped EXE
-
\??\c:\xxxxrrl.exec:\xxxxrrl.exe51⤵
- Executes dropped EXE
-
\??\c:\hhhhnn.exec:\hhhhnn.exe52⤵
- Executes dropped EXE
-
\??\c:\vpjjv.exec:\vpjjv.exe53⤵
- Executes dropped EXE
-
\??\c:\vpjvj.exec:\vpjvj.exe54⤵
- Executes dropped EXE
-
\??\c:\3xxlxll.exec:\3xxlxll.exe55⤵
- Executes dropped EXE
-
\??\c:\xffrflf.exec:\xffrflf.exe56⤵
- Executes dropped EXE
-
\??\c:\hbnbnt.exec:\hbnbnt.exe57⤵
- Executes dropped EXE
-
\??\c:\nbthth.exec:\nbthth.exe58⤵
- Executes dropped EXE
-
\??\c:\vvvjv.exec:\vvvjv.exe59⤵
- Executes dropped EXE
-
\??\c:\vpdpj.exec:\vpdpj.exe60⤵
- Executes dropped EXE
-
\??\c:\lffxxrr.exec:\lffxxrr.exe61⤵
- Executes dropped EXE
-
\??\c:\7tnhbn.exec:\7tnhbn.exe62⤵
- Executes dropped EXE
-
\??\c:\hththb.exec:\hththb.exe63⤵
- Executes dropped EXE
-
\??\c:\pdvdv.exec:\pdvdv.exe64⤵
- Executes dropped EXE
-
\??\c:\jdpdp.exec:\jdpdp.exe65⤵
- Executes dropped EXE
-
\??\c:\rlfrfxl.exec:\rlfrfxl.exe66⤵
-
\??\c:\llrxrfx.exec:\llrxrfx.exe67⤵
-
\??\c:\hnbhnb.exec:\hnbhnb.exe68⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe69⤵
-
\??\c:\djjvj.exec:\djjvj.exe70⤵
-
\??\c:\lrrxxxf.exec:\lrrxxxf.exe71⤵
-
\??\c:\hbhhnt.exec:\hbhhnt.exe72⤵
-
\??\c:\hnttbt.exec:\hnttbt.exe73⤵
-
\??\c:\9jjvd.exec:\9jjvd.exe74⤵
-
\??\c:\7jjvj.exec:\7jjvj.exe75⤵
-
\??\c:\llfrfxr.exec:\llfrfxr.exe76⤵
-
\??\c:\nbbnnh.exec:\nbbnnh.exe77⤵
-
\??\c:\hnnbnh.exec:\hnnbnh.exe78⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe79⤵
-
\??\c:\jddjv.exec:\jddjv.exe80⤵
-
\??\c:\ppvpv.exec:\ppvpv.exe81⤵
-
\??\c:\fxlxxxf.exec:\fxlxxxf.exe82⤵
-
\??\c:\nbnnnn.exec:\nbnnnn.exe83⤵
-
\??\c:\pvvjv.exec:\pvvjv.exe84⤵
-
\??\c:\pjpjv.exec:\pjpjv.exe85⤵
-
\??\c:\dpjpd.exec:\dpjpd.exe86⤵
-
\??\c:\fffxrrl.exec:\fffxrrl.exe87⤵
-
\??\c:\tnhbbt.exec:\tnhbbt.exe88⤵
-
\??\c:\pdvvp.exec:\pdvvp.exe89⤵
-
\??\c:\pppdj.exec:\pppdj.exe90⤵
-
\??\c:\fxxrffx.exec:\fxxrffx.exe91⤵
-
\??\c:\5rxrrlf.exec:\5rxrrlf.exe92⤵
-
\??\c:\nttbtn.exec:\nttbtn.exe93⤵
-
\??\c:\nbnhnh.exec:\nbnhnh.exe94⤵
-
\??\c:\vjddp.exec:\vjddp.exe95⤵
-
\??\c:\lrfxxxx.exec:\lrfxxxx.exe96⤵
-
\??\c:\xlrrxrr.exec:\xlrrxrr.exe97⤵
-
\??\c:\tnnhtt.exec:\tnnhtt.exe98⤵
-
\??\c:\nbhnbb.exec:\nbhnbb.exe99⤵
-
\??\c:\jvjdp.exec:\jvjdp.exe100⤵
-
\??\c:\fllrfxl.exec:\fllrfxl.exe101⤵
-
\??\c:\rfxrfxr.exec:\rfxrfxr.exe102⤵
-
\??\c:\7ttnbb.exec:\7ttnbb.exe103⤵
-
\??\c:\bhnhhn.exec:\bhnhhn.exe104⤵
-
\??\c:\vjpdp.exec:\vjpdp.exe105⤵
-
\??\c:\9rlfffl.exec:\9rlfffl.exe106⤵
-
\??\c:\fxlflfl.exec:\fxlflfl.exe107⤵
-
\??\c:\bhnnhb.exec:\bhnnhb.exe108⤵
-
\??\c:\jppjd.exec:\jppjd.exe109⤵
-
\??\c:\pjvpd.exec:\pjvpd.exe110⤵
-
\??\c:\lxlxfxf.exec:\lxlxfxf.exe111⤵
-
\??\c:\frlxrlf.exec:\frlxrlf.exe112⤵
-
\??\c:\5nnbtn.exec:\5nnbtn.exe113⤵
-
\??\c:\bbnhnn.exec:\bbnhnn.exe114⤵
-
\??\c:\1jdvj.exec:\1jdvj.exe115⤵
-
\??\c:\pddpp.exec:\pddpp.exe116⤵
-
\??\c:\frllxrf.exec:\frllxrf.exe117⤵
-
\??\c:\9rlxlfx.exec:\9rlxlfx.exe118⤵
-
\??\c:\bhbthh.exec:\bhbthh.exe119⤵
-
\??\c:\pvpdv.exec:\pvpdv.exe120⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pjdpd.exec:\pjdpd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-