Analysis
-
max time kernel
120s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
01/10/2024, 19:26 UTC
General
-
Target
9d793484c34f3406c283ecfa25aaa1f160414f8f78f50874e58914271e4e5e56N.exe
-
Size
63KB
-
MD5
6a9b5806b1498d96e3312f0e3b145310
-
SHA1
408ee02773bfee08dac55cd60ce4523e5f375a75
-
SHA256
9d793484c34f3406c283ecfa25aaa1f160414f8f78f50874e58914271e4e5e56
-
SHA512
1914c64910635f31aab40ff23473e6141a196aaff40d7df7a51f3f31598a4119f3732fc0fa8779f9c471a51b5595711c1a77bbb8530f337f07e6772d3c1ce945
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yU+kbxi+:ymb3NkkiQ3mdBjF0y7kb/
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9d793484c34f3406c283ecfa25aaa1f160414f8f78f50874e58914271e4e5e56N.exe"C:\Users\Admin\AppData\Local\Temp\9d793484c34f3406c283ecfa25aaa1f160414f8f78f50874e58914271e4e5e56N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pjddd.exec:\pjddd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffxfff.exec:\rffxfff.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xffxrrl.exec:\xffxrrl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7htnhh.exec:\7htnhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnnhn.exec:\nnnnhn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlxxx.exec:\xrrlxxx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrrrx.exec:\rlrrrrx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btttbb.exec:\btttbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjdv.exec:\ppjdv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jvpj.exec:\5jvpj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrrrll.exec:\fxrrrll.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbttt.exec:\tbbttt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpppp.exec:\jpppp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpj.exec:\dvvpj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rxrffx.exec:\9rxrffx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfllfrr.exec:\xfllfrr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnnnt.exec:\htnnnt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdv.exec:\jdjdv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxfxr.exec:\rrxxfxr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfxff.exec:\xllfxff.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnntnt.exec:\tnntnt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hhntt.exec:\3hhntt.exe23⤵
- Executes dropped EXE
-
\??\c:\pjvpv.exec:\pjvpv.exe24⤵
- Executes dropped EXE
-
\??\c:\vvjdd.exec:\vvjdd.exe25⤵
- Executes dropped EXE
-
\??\c:\ttnntt.exec:\ttnntt.exe26⤵
- Executes dropped EXE
-
\??\c:\hbbtnn.exec:\hbbtnn.exe27⤵
- Executes dropped EXE
-
\??\c:\jdvvp.exec:\jdvvp.exe28⤵
- Executes dropped EXE
-
\??\c:\ddvpp.exec:\ddvpp.exe29⤵
- Executes dropped EXE
-
\??\c:\fxfxrrx.exec:\fxfxrrx.exe30⤵
- Executes dropped EXE
-
\??\c:\xflllff.exec:\xflllff.exe31⤵
- Executes dropped EXE
-
\??\c:\hbbnbt.exec:\hbbnbt.exe32⤵
- Executes dropped EXE
-
\??\c:\jdjpj.exec:\jdjpj.exe33⤵
- Executes dropped EXE
-
\??\c:\xlllrrr.exec:\xlllrrr.exe34⤵
- Executes dropped EXE
-
\??\c:\tbhhhn.exec:\tbhhhn.exe35⤵
- Executes dropped EXE
-
\??\c:\jjvpp.exec:\jjvpp.exe36⤵
- Executes dropped EXE
-
\??\c:\pdpjj.exec:\pdpjj.exe37⤵
- Executes dropped EXE
-
\??\c:\1jpjd.exec:\1jpjd.exe38⤵
- Executes dropped EXE
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe39⤵
- Executes dropped EXE
-
\??\c:\tnnhhb.exec:\tnnhhb.exe40⤵
- Executes dropped EXE
-
\??\c:\9ntnhh.exec:\9ntnhh.exe41⤵
- Executes dropped EXE
-
\??\c:\9dppj.exec:\9dppj.exe42⤵
- Executes dropped EXE
-
\??\c:\1xxfxxr.exec:\1xxfxxr.exe43⤵
- Executes dropped EXE
-
\??\c:\lfllfff.exec:\lfllfff.exe44⤵
- Executes dropped EXE
-
\??\c:\3tbnbn.exec:\3tbnbn.exe45⤵
- Executes dropped EXE
-
\??\c:\lfflxrf.exec:\lfflxrf.exe46⤵
- Executes dropped EXE
-
\??\c:\tnnhbb.exec:\tnnhbb.exe47⤵
- Executes dropped EXE
-
\??\c:\htttnn.exec:\htttnn.exe48⤵
- Executes dropped EXE
-
\??\c:\jvpvj.exec:\jvpvj.exe49⤵
- Executes dropped EXE
-
\??\c:\jdpjj.exec:\jdpjj.exe50⤵
- Executes dropped EXE
-
\??\c:\rrlfxxx.exec:\rrlfxxx.exe51⤵
- Executes dropped EXE
-
\??\c:\xrlffxx.exec:\xrlffxx.exe52⤵
- Executes dropped EXE
-
\??\c:\bbhbbb.exec:\bbhbbb.exe53⤵
- Executes dropped EXE
-
\??\c:\vvpjd.exec:\vvpjd.exe54⤵
- Executes dropped EXE
-
\??\c:\llflfrl.exec:\llflfrl.exe55⤵
- Executes dropped EXE
-
\??\c:\nhnbnh.exec:\nhnbnh.exe56⤵
- Executes dropped EXE
-
\??\c:\rlfxrrl.exec:\rlfxrrl.exe57⤵
- Executes dropped EXE
-
\??\c:\tthnbn.exec:\tthnbn.exe58⤵
- Executes dropped EXE
-
\??\c:\3hnnhn.exec:\3hnnhn.exe59⤵
- Executes dropped EXE
-
\??\c:\jvdvj.exec:\jvdvj.exe60⤵
- Executes dropped EXE
-
\??\c:\xrrlxfl.exec:\xrrlxfl.exe61⤵
- Executes dropped EXE
-
\??\c:\1tbttt.exec:\1tbttt.exe62⤵
- Executes dropped EXE
-
\??\c:\bbbtnn.exec:\bbbtnn.exe63⤵
- Executes dropped EXE
-
\??\c:\7ddvj.exec:\7ddvj.exe64⤵
- Executes dropped EXE
-
\??\c:\lrllflf.exec:\lrllflf.exe65⤵
- Executes dropped EXE
-
\??\c:\7flxrfx.exec:\7flxrfx.exe66⤵
-
\??\c:\7btttb.exec:\7btttb.exe67⤵
-
\??\c:\7vjvp.exec:\7vjvp.exe68⤵
-
\??\c:\7frlrrr.exec:\7frlrrr.exe69⤵
-
\??\c:\httnbb.exec:\httnbb.exe70⤵
-
\??\c:\nbbbbt.exec:\nbbbbt.exe71⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe72⤵
-
\??\c:\vvvdd.exec:\vvvdd.exe73⤵
-
\??\c:\flrrflf.exec:\flrrflf.exe74⤵
-
\??\c:\xfxfrlx.exec:\xfxfrlx.exe75⤵
-
\??\c:\bnnbbn.exec:\bnnbbn.exe76⤵
-
\??\c:\ddvvd.exec:\ddvvd.exe77⤵
-
\??\c:\3vdvj.exec:\3vdvj.exe78⤵
-
\??\c:\xffrffx.exec:\xffrffx.exe79⤵
-
\??\c:\nhbtnn.exec:\nhbtnn.exe80⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe81⤵
-
\??\c:\3ddvj.exec:\3ddvj.exe82⤵
-
\??\c:\lrfrxrf.exec:\lrfrxrf.exe83⤵
-
\??\c:\9bntnn.exec:\9bntnn.exe84⤵
-
\??\c:\nnhtnh.exec:\nnhtnh.exe85⤵
-
\??\c:\pvdvp.exec:\pvdvp.exe86⤵
-
\??\c:\5pvvj.exec:\5pvvj.exe87⤵
-
\??\c:\xffxllf.exec:\xffxllf.exe88⤵
-
\??\c:\rfrlrlx.exec:\rfrlrlx.exe89⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hhnbtt.exec:\hhnbtt.exe90⤵
-
\??\c:\pvdvj.exec:\pvdvj.exe91⤵
-
\??\c:\pvvpd.exec:\pvvpd.exe92⤵
-
\??\c:\xfxrllx.exec:\xfxrllx.exe93⤵
-
\??\c:\xxxrlfx.exec:\xxxrlfx.exe94⤵
-
\??\c:\9hhbtt.exec:\9hhbtt.exe95⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe96⤵
-
\??\c:\5pvpj.exec:\5pvpj.exe97⤵
-
\??\c:\dpjjd.exec:\dpjjd.exe98⤵
-
\??\c:\xxxflxf.exec:\xxxflxf.exe99⤵
-
\??\c:\xxrlffr.exec:\xxrlffr.exe100⤵
-
\??\c:\ntnbnb.exec:\ntnbnb.exe101⤵
-
\??\c:\nbbtnn.exec:\nbbtnn.exe102⤵
-
\??\c:\jvdvd.exec:\jvdvd.exe103⤵
-
\??\c:\dvpdd.exec:\dvpdd.exe104⤵
-
\??\c:\5xxrllf.exec:\5xxrllf.exe105⤵
-
\??\c:\7ttbtt.exec:\7ttbtt.exe106⤵
-
\??\c:\3pvpj.exec:\3pvpj.exe107⤵
-
\??\c:\jjvvv.exec:\jjvvv.exe108⤵
-
\??\c:\fxrlfff.exec:\fxrlfff.exe109⤵
-
\??\c:\fxrlfxr.exec:\fxrlfxr.exe110⤵
-
\??\c:\9hnhbt.exec:\9hnhbt.exe111⤵
-
\??\c:\7djvp.exec:\7djvp.exe112⤵
-
\??\c:\5frlxxr.exec:\5frlxxr.exe113⤵
-
\??\c:\frxrrrl.exec:\frxrrrl.exe114⤵
-
\??\c:\jjdpv.exec:\jjdpv.exe115⤵
-
\??\c:\frfxrrr.exec:\frfxrrr.exe116⤵
-
\??\c:\bnhbtn.exec:\bnhbtn.exe117⤵
-
\??\c:\nbtbnb.exec:\nbtbnb.exe118⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe119⤵
-
\??\c:\1jdvj.exec:\1jdvj.exe120⤵
-
\??\c:\7xxlflx.exec:\7xxlflx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-