Analysis
-
max time kernel
120s -
max time network
99s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
30/09/2024, 03:10
General
-
Target
9bb5071f2a1e80bcf20e755abd579bbcc20c9416521d201014f0863cb0b5132dN.exe
-
Size
365KB
-
MD5
10aa7bd1a363c8ac486edbf1c5bd7a10
-
SHA1
eeab7455518cc98a7a4d9a5690741e8b58fe5be0
-
SHA256
9bb5071f2a1e80bcf20e755abd579bbcc20c9416521d201014f0863cb0b5132d
-
SHA512
532cabb14f16da94856c783d4f1963fa093f948cffa5efacd73af55739d2b798dc6b17b67e9a636388e9ef22320589c53603bbded39e91455b54f1f77a25edc1
-
SSDEEP
6144:n3C9BRo7tvnJ99T/KZEL3RUXownfWQkyCpxwJz9e0pQowLh3EhToK9cT085mnFhG:n3C9ytvnVXFUXoSWlnwJv90aKToFqwfk
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9bb5071f2a1e80bcf20e755abd579bbcc20c9416521d201014f0863cb0b5132dN.exe"C:\Users\Admin\AppData\Local\Temp\9bb5071f2a1e80bcf20e755abd579bbcc20c9416521d201014f0863cb0b5132dN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpjj.exec:\pvpjj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvpd.exec:\jjvpd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxfff.exec:\rrxxfff.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrllff.exec:\frrllff.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvppp.exec:\vvppp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrlffx.exec:\frrlffx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhbt.exec:\nhnhbt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvvv.exec:\jdvvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpdv.exec:\dvpdv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhnhh.exec:\bbhnhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlllll.exec:\xxlllll.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbttt.exec:\bnbttt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvv.exec:\dvdvv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbthh.exec:\tbbthh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djppp.exec:\djppp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbhh.exec:\bbtbhh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvpd.exec:\vvvpd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxrrlf.exec:\rrxrrlf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdpj.exec:\pvdpj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrflfx.exec:\llrflfx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbntt.exec:\bhbntt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jpjp.exec:\9jpjp.exe23⤵
- Executes dropped EXE
-
\??\c:\frfrlxf.exec:\frfrlxf.exe24⤵
- Executes dropped EXE
-
\??\c:\tbnbtt.exec:\tbnbtt.exe25⤵
- Executes dropped EXE
-
\??\c:\jpvjj.exec:\jpvjj.exe26⤵
- Executes dropped EXE
-
\??\c:\flrrflx.exec:\flrrflx.exe27⤵
- Executes dropped EXE
-
\??\c:\jdddj.exec:\jdddj.exe28⤵
- Executes dropped EXE
-
\??\c:\xfrffff.exec:\xfrffff.exe29⤵
- Executes dropped EXE
-
\??\c:\bbtttn.exec:\bbtttn.exe30⤵
- Executes dropped EXE
-
\??\c:\jjddv.exec:\jjddv.exe31⤵
- Executes dropped EXE
-
\??\c:\xrfxrlf.exec:\xrfxrlf.exe32⤵
- Executes dropped EXE
-
\??\c:\djpjj.exec:\djpjj.exe33⤵
- Executes dropped EXE
-
\??\c:\djjdv.exec:\djjdv.exe34⤵
- Executes dropped EXE
-
\??\c:\rlllfff.exec:\rlllfff.exe35⤵
- Executes dropped EXE
-
\??\c:\fxrrllf.exec:\fxrrllf.exe36⤵
- Executes dropped EXE
-
\??\c:\ttnttt.exec:\ttnttt.exe37⤵
- Executes dropped EXE
-
\??\c:\9xfxrrl.exec:\9xfxrrl.exe38⤵
- Executes dropped EXE
-
\??\c:\frfxrrl.exec:\frfxrrl.exe39⤵
- Executes dropped EXE
-
\??\c:\nbnhhh.exec:\nbnhhh.exe40⤵
- Executes dropped EXE
-
\??\c:\dvjvj.exec:\dvjvj.exe41⤵
- Executes dropped EXE
-
\??\c:\xrxxrrr.exec:\xrxxrrr.exe42⤵
- Executes dropped EXE
-
\??\c:\dvdvv.exec:\dvdvv.exe43⤵
- Executes dropped EXE
-
\??\c:\1dvjj.exec:\1dvjj.exe44⤵
- Executes dropped EXE
-
\??\c:\lflfxxr.exec:\lflfxxr.exe45⤵
- Executes dropped EXE
-
\??\c:\nnnnhn.exec:\nnnnhn.exe46⤵
- Executes dropped EXE
-
\??\c:\jvvpj.exec:\jvvpj.exe47⤵
- Executes dropped EXE
-
\??\c:\lfllfff.exec:\lfllfff.exe48⤵
- Executes dropped EXE
-
\??\c:\hhtnhb.exec:\hhtnhb.exe49⤵
- Executes dropped EXE
-
\??\c:\bbnbhb.exec:\bbnbhb.exe50⤵
- Executes dropped EXE
-
\??\c:\jvjvv.exec:\jvjvv.exe51⤵
- Executes dropped EXE
-
\??\c:\1vdvj.exec:\1vdvj.exe52⤵
- Executes dropped EXE
-
\??\c:\xxrlxrr.exec:\xxrlxrr.exe53⤵
- Executes dropped EXE
-
\??\c:\btnbtn.exec:\btnbtn.exe54⤵
- Executes dropped EXE
-
\??\c:\thtnhh.exec:\thtnhh.exe55⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe56⤵
- Executes dropped EXE
-
\??\c:\rlfxxxr.exec:\rlfxxxr.exe57⤵
- Executes dropped EXE
-
\??\c:\5tbttt.exec:\5tbttt.exe58⤵
- Executes dropped EXE
-
\??\c:\1vdvd.exec:\1vdvd.exe59⤵
- Executes dropped EXE
-
\??\c:\dvvdd.exec:\dvvdd.exe60⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\lffxffl.exec:\lffxffl.exe61⤵
- Executes dropped EXE
-
\??\c:\tbnhht.exec:\tbnhht.exe62⤵
- Executes dropped EXE
-
\??\c:\dvdjv.exec:\dvdjv.exe63⤵
- Executes dropped EXE
-
\??\c:\jpddv.exec:\jpddv.exe64⤵
- Executes dropped EXE
-
\??\c:\rlrlllf.exec:\rlrlllf.exe65⤵
- Executes dropped EXE
-
\??\c:\hhhbbb.exec:\hhhbbb.exe66⤵
-
\??\c:\thnnhh.exec:\thnnhh.exe67⤵
-
\??\c:\ddpjv.exec:\ddpjv.exe68⤵
-
\??\c:\vppjv.exec:\vppjv.exe69⤵
-
\??\c:\rllflrl.exec:\rllflrl.exe70⤵
-
\??\c:\hbbbnn.exec:\hbbbnn.exe71⤵
-
\??\c:\dvdjp.exec:\dvdjp.exe72⤵
-
\??\c:\3xflflx.exec:\3xflflx.exe73⤵
-
\??\c:\tbbtbt.exec:\tbbtbt.exe74⤵
-
\??\c:\btnhtt.exec:\btnhtt.exe75⤵
-
\??\c:\pvjdd.exec:\pvjdd.exe76⤵
-
\??\c:\xlrffxf.exec:\xlrffxf.exe77⤵
-
\??\c:\tthbnn.exec:\tthbnn.exe78⤵
-
\??\c:\hbthbb.exec:\hbthbb.exe79⤵
-
\??\c:\vvpjp.exec:\vvpjp.exe80⤵
-
\??\c:\flffxxr.exec:\flffxxr.exe81⤵
-
\??\c:\hbbnhh.exec:\hbbnhh.exe82⤵
-
\??\c:\dppjj.exec:\dppjj.exe83⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe84⤵
-
\??\c:\rlrlfxx.exec:\rlrlfxx.exe85⤵
-
\??\c:\llxlxrf.exec:\llxlxrf.exe86⤵
-
\??\c:\htttht.exec:\htttht.exe87⤵
-
\??\c:\dpjpj.exec:\dpjpj.exe88⤵
-
\??\c:\fxfxrrx.exec:\fxfxrrx.exe89⤵
-
\??\c:\rlflrfx.exec:\rlflrfx.exe90⤵
-
\??\c:\bnhbtn.exec:\bnhbtn.exe91⤵
-
\??\c:\ddvpp.exec:\ddvpp.exe92⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe93⤵
-
\??\c:\9fllxrx.exec:\9fllxrx.exe94⤵
-
\??\c:\ttnnhh.exec:\ttnnhh.exe95⤵
-
\??\c:\htntnh.exec:\htntnh.exe96⤵
-
\??\c:\dpppj.exec:\dpppj.exe97⤵
-
\??\c:\lxfxlff.exec:\lxfxlff.exe98⤵
-
\??\c:\3nhhbt.exec:\3nhhbt.exe99⤵
-
\??\c:\ddjvp.exec:\ddjvp.exe100⤵
-
\??\c:\7vvdv.exec:\7vvdv.exe101⤵
-
\??\c:\xrlffff.exec:\xrlffff.exe102⤵
-
\??\c:\tnthnh.exec:\tnthnh.exe103⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe104⤵
-
\??\c:\5djdv.exec:\5djdv.exe105⤵
-
\??\c:\lxrlfxx.exec:\lxrlfxx.exe106⤵
-
\??\c:\nbntnh.exec:\nbntnh.exe107⤵
-
\??\c:\tttttn.exec:\tttttn.exe108⤵
-
\??\c:\ppjdv.exec:\ppjdv.exe109⤵
-
\??\c:\5vvpj.exec:\5vvpj.exe110⤵
-
\??\c:\rrxxxxf.exec:\rrxxxxf.exe111⤵
-
\??\c:\hbnnnn.exec:\hbnnnn.exe112⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe113⤵
-
\??\c:\1lrrlrl.exec:\1lrrlrl.exe114⤵
-
\??\c:\xfrlllx.exec:\xfrlllx.exe115⤵
-
\??\c:\nhnhhh.exec:\nhnhhh.exe116⤵
-
\??\c:\ththnb.exec:\ththnb.exe117⤵
-
\??\c:\pjjpj.exec:\pjjpj.exe118⤵
-
\??\c:\ffrlxlf.exec:\ffrlxlf.exe119⤵
-
\??\c:\nntbtn.exec:\nntbtn.exe120⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-