Analysis
-
max time kernel
150s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
30-09-2024 21:32
General
-
Target
4e26f38bbbf091fe002f258be4d65e670929c15fc6dd485be7bbb5c5727d2432N.exe
-
Size
82KB
-
MD5
cad9e2ef30454c6c517c644bc66b4890
-
SHA1
3ab06317d32cf3b122548bc0c4cf5f1486c7417c
-
SHA256
4e26f38bbbf091fe002f258be4d65e670929c15fc6dd485be7bbb5c5727d2432
-
SHA512
744b68fcd5ee17512e9f2fc6dacdc766c058dda6657b63f023dfdcd493b82eedd168943033166a9fcf8909b90bf4f35d134f9d7d95f4b4c85cb958c2cc3a1de3
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA89QIj:ymb3NkkiQ3mdBjFIIp9L9QrrA8rj
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 40 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4e26f38bbbf091fe002f258be4d65e670929c15fc6dd485be7bbb5c5727d2432N.exe"C:\Users\Admin\AppData\Local\Temp\4e26f38bbbf091fe002f258be4d65e670929c15fc6dd485be7bbb5c5727d2432N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdd.exec:\pdjdd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jpjd.exec:\1jpjd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlllrx.exec:\fxlllrx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrrrr.exec:\xrrrrrr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tbbbb.exec:\5tbbbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9frlffl.exec:\9frlffl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlxlfr.exec:\lrlxlfr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnhtn.exec:\ntnhtn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppdj.exec:\jppdj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrlxr.exec:\rxxrlxr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdppp.exec:\pdppp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jjvd.exec:\1jjvd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrllfx.exec:\xrrllfx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthnbh.exec:\hthnbh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhtnb.exec:\bnhtnb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jjdj.exec:\7jjdj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdvj.exec:\djdvj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrfxf.exec:\rxxrfxf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrllfx.exec:\frrllfx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pjdp.exec:\3pjdp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflfrrl.exec:\rflfrrl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tnhth.exec:\9tnhth.exe23⤵
- Executes dropped EXE
-
\??\c:\1vvjp.exec:\1vvjp.exe24⤵
- Executes dropped EXE
-
\??\c:\rfxrrlf.exec:\rfxrrlf.exe25⤵
- Executes dropped EXE
-
\??\c:\lffxxrx.exec:\lffxxrx.exe26⤵
- Executes dropped EXE
-
\??\c:\bththh.exec:\bththh.exe27⤵
- Executes dropped EXE
-
\??\c:\5pvjv.exec:\5pvjv.exe28⤵
- Executes dropped EXE
-
\??\c:\vjpjv.exec:\vjpjv.exe29⤵
- Executes dropped EXE
-
\??\c:\7rrfxrx.exec:\7rrfxrx.exe30⤵
- Executes dropped EXE
-
\??\c:\nbtttt.exec:\nbtttt.exe31⤵
- Executes dropped EXE
-
\??\c:\9nnhtt.exec:\9nnhtt.exe32⤵
- Executes dropped EXE
-
\??\c:\tnbthh.exec:\tnbthh.exe33⤵
- Executes dropped EXE
-
\??\c:\vjpjd.exec:\vjpjd.exe34⤵
- Executes dropped EXE
-
\??\c:\lrxlrlf.exec:\lrxlrlf.exe35⤵
- Executes dropped EXE
-
\??\c:\ttbtnh.exec:\ttbtnh.exe36⤵
- Executes dropped EXE
-
\??\c:\1nnhbt.exec:\1nnhbt.exe37⤵
- Executes dropped EXE
-
\??\c:\pjvpd.exec:\pjvpd.exe38⤵
- Executes dropped EXE
-
\??\c:\lfxlxlx.exec:\lfxlxlx.exe39⤵
- Executes dropped EXE
-
\??\c:\htntnh.exec:\htntnh.exe40⤵
- Executes dropped EXE
-
\??\c:\dpdpd.exec:\dpdpd.exe41⤵
- Executes dropped EXE
-
\??\c:\lxrlfxr.exec:\lxrlfxr.exe42⤵
- Executes dropped EXE
-
\??\c:\ttttnn.exec:\ttttnn.exe43⤵
- Executes dropped EXE
-
\??\c:\btbntn.exec:\btbntn.exe44⤵
- Executes dropped EXE
-
\??\c:\pjppd.exec:\pjppd.exe45⤵
- Executes dropped EXE
-
\??\c:\ffxrxxr.exec:\ffxrxxr.exe46⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\7xfflxr.exec:\7xfflxr.exe47⤵
- Executes dropped EXE
-
\??\c:\hnnhtn.exec:\hnnhtn.exe48⤵
- Executes dropped EXE
-
\??\c:\7vddp.exec:\7vddp.exe49⤵
- Executes dropped EXE
-
\??\c:\jdpdj.exec:\jdpdj.exe50⤵
- Executes dropped EXE
-
\??\c:\3frfrfr.exec:\3frfrfr.exe51⤵
- Executes dropped EXE
-
\??\c:\frrllff.exec:\frrllff.exe52⤵
- Executes dropped EXE
-
\??\c:\bttttn.exec:\bttttn.exe53⤵
- Executes dropped EXE
-
\??\c:\jdjvj.exec:\jdjvj.exe54⤵
- Executes dropped EXE
-
\??\c:\djpjd.exec:\djpjd.exe55⤵
- Executes dropped EXE
-
\??\c:\xlxfxff.exec:\xlxfxff.exe56⤵
- Executes dropped EXE
-
\??\c:\fxlfrlf.exec:\fxlfrlf.exe57⤵
- Executes dropped EXE
-
\??\c:\bhbtht.exec:\bhbtht.exe58⤵
- Executes dropped EXE
-
\??\c:\htnhnh.exec:\htnhnh.exe59⤵
- Executes dropped EXE
-
\??\c:\jvdvj.exec:\jvdvj.exe60⤵
- Executes dropped EXE
-
\??\c:\7lrlllx.exec:\7lrlllx.exe61⤵
- Executes dropped EXE
-
\??\c:\lrrfxrf.exec:\lrrfxrf.exe62⤵
- Executes dropped EXE
-
\??\c:\nhtnth.exec:\nhtnth.exe63⤵
- Executes dropped EXE
-
\??\c:\ntthnb.exec:\ntthnb.exe64⤵
- Executes dropped EXE
-
\??\c:\dpdvv.exec:\dpdvv.exe65⤵
- Executes dropped EXE
-
\??\c:\ddpdp.exec:\ddpdp.exe66⤵
-
\??\c:\xlfxrll.exec:\xlfxrll.exe67⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe68⤵
-
\??\c:\lfrlllr.exec:\lfrlllr.exe69⤵
-
\??\c:\rrrlxlf.exec:\rrrlxlf.exe70⤵
-
\??\c:\nbnbbt.exec:\nbnbbt.exe71⤵
-
\??\c:\htttnn.exec:\htttnn.exe72⤵
-
\??\c:\jvjvj.exec:\jvjvj.exe73⤵
-
\??\c:\1xxfrfr.exec:\1xxfrfr.exe74⤵
-
\??\c:\xrrlfxx.exec:\xrrlfxx.exe75⤵
-
\??\c:\thhhnh.exec:\thhhnh.exe76⤵
-
\??\c:\tnhtbt.exec:\tnhtbt.exe77⤵
-
\??\c:\pdjjv.exec:\pdjjv.exe78⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe79⤵
-
\??\c:\lfllllr.exec:\lfllllr.exe80⤵
-
\??\c:\1llfrlx.exec:\1llfrlx.exe81⤵
-
\??\c:\hbtbth.exec:\hbtbth.exe82⤵
-
\??\c:\vvdpd.exec:\vvdpd.exe83⤵
-
\??\c:\dppjp.exec:\dppjp.exe84⤵
-
\??\c:\1xrlrlf.exec:\1xrlrlf.exe85⤵
-
\??\c:\rfxxlrl.exec:\rfxxlrl.exe86⤵
-
\??\c:\ntbbnh.exec:\ntbbnh.exe87⤵
-
\??\c:\1btthh.exec:\1btthh.exe88⤵
-
\??\c:\vjvpv.exec:\vjvpv.exe89⤵
-
\??\c:\dppjp.exec:\dppjp.exe90⤵
-
\??\c:\lffxllf.exec:\lffxllf.exe91⤵
-
\??\c:\1xxlxxl.exec:\1xxlxxl.exe92⤵
-
\??\c:\tbbthb.exec:\tbbthb.exe93⤵
-
\??\c:\nbhhhh.exec:\nbhhhh.exe94⤵
-
\??\c:\vpjvp.exec:\vpjvp.exe95⤵
-
\??\c:\rfxlxlx.exec:\rfxlxlx.exe96⤵
-
\??\c:\fxxrrlr.exec:\fxxrrlr.exe97⤵
-
\??\c:\htnhtn.exec:\htnhtn.exe98⤵
-
\??\c:\bnnhbt.exec:\bnnhbt.exe99⤵
-
\??\c:\ddddj.exec:\ddddj.exe100⤵
-
\??\c:\1vjvj.exec:\1vjvj.exe101⤵
-
\??\c:\7lxrllf.exec:\7lxrllf.exe102⤵
-
\??\c:\lffrlfx.exec:\lffrlfx.exe103⤵
-
\??\c:\hbbbhh.exec:\hbbbhh.exe104⤵
-
\??\c:\jpvjd.exec:\jpvjd.exe105⤵
-
\??\c:\dpjdp.exec:\dpjdp.exe106⤵
-
\??\c:\9rxfxlf.exec:\9rxfxlf.exe107⤵
-
\??\c:\lrlxfxl.exec:\lrlxfxl.exe108⤵
-
\??\c:\tbbbtt.exec:\tbbbtt.exe109⤵
-
\??\c:\nttnbb.exec:\nttnbb.exe110⤵
-
\??\c:\vdvjp.exec:\vdvjp.exe111⤵
-
\??\c:\vjvjv.exec:\vjvjv.exe112⤵
-
\??\c:\xlfrfrf.exec:\xlfrfrf.exe113⤵
-
\??\c:\9xfxrlf.exec:\9xfxrlf.exe114⤵
-
\??\c:\9bbnbb.exec:\9bbnbb.exe115⤵
-
\??\c:\htbhbt.exec:\htbhbt.exe116⤵
-
\??\c:\pvvpv.exec:\pvvpv.exe117⤵
-
\??\c:\dppdj.exec:\dppdj.exe118⤵
-
\??\c:\lffxxrx.exec:\lffxxrx.exe119⤵
-
\??\c:\tntbtn.exec:\tntbtn.exe120⤵
-
\??\c:\xlxfxrf.exec:\xlxfxrf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-