Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
02-10-2024 01:32
General
-
Target
64206803c859af16df868b72eb623a2c1092bd2738ae791ea24121f0c498fde4N.exe
-
Size
70KB
-
MD5
914f08ccd73570414021b61fcdcf4e50
-
SHA1
a35c99bb16d40d96d4546d9a729ee68af3f68447
-
SHA256
64206803c859af16df868b72eb623a2c1092bd2738ae791ea24121f0c498fde4
-
SHA512
a2c6146b1f0244b5c7cc3aaa7a093a6ebf667fc8681e6c19553aef5c09b4281cf9ca8a9220c8046a583481770888cdd5e6f997402fc5539dea9600c5e452d7d8
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfjl:ymb3NkkiQ3mdBjFI4VV
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\64206803c859af16df868b72eb623a2c1092bd2738ae791ea24121f0c498fde4N.exe"C:\Users\Admin\AppData\Local\Temp\64206803c859af16df868b72eb623a2c1092bd2738ae791ea24121f0c498fde4N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdpd.exec:\jpdpd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjjv.exec:\pjjjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxrlll.exec:\xxxrlll.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5fxrxxx.exec:\5fxrxxx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbtnh.exec:\hhbtnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjvv.exec:\ppjvv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppjj.exec:\pppjj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ffxrrr.exec:\3ffxrrr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnnhb.exec:\btnnhb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppjv.exec:\jppjv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1llllll.exec:\1llllll.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhbtb.exec:\nnhbtb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjjv.exec:\vjjjv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxlxrl.exec:\rlxlxrl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhtnn.exec:\bnhtnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbbtt.exec:\bhbbtt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvpj.exec:\vdvpj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllxlfx.exec:\fllxlfx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9flfxrr.exec:\9flfxrr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthtnn.exec:\tthtnn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjdv.exec:\djjdv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrllrl.exec:\flrllrl.exe23⤵
- Executes dropped EXE
-
\??\c:\bbbhhn.exec:\bbbhhn.exe24⤵
- Executes dropped EXE
-
\??\c:\nbbthn.exec:\nbbthn.exe25⤵
- Executes dropped EXE
-
\??\c:\dvvvd.exec:\dvvvd.exe26⤵
- Executes dropped EXE
-
\??\c:\xrxlfll.exec:\xrxlfll.exe27⤵
- Executes dropped EXE
-
\??\c:\9bbtnn.exec:\9bbtnn.exe28⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\vvjdv.exec:\vvjdv.exe29⤵
- Executes dropped EXE
-
\??\c:\jvddv.exec:\jvddv.exe30⤵
- Executes dropped EXE
-
\??\c:\thbnbt.exec:\thbnbt.exe31⤵
- Executes dropped EXE
-
\??\c:\9bbtnn.exec:\9bbtnn.exe32⤵
- Executes dropped EXE
-
\??\c:\ddjjv.exec:\ddjjv.exe33⤵
- Executes dropped EXE
-
\??\c:\llllfff.exec:\llllfff.exe34⤵
- Executes dropped EXE
-
\??\c:\9rllrxl.exec:\9rllrxl.exe35⤵
- Executes dropped EXE
-
\??\c:\vjvjd.exec:\vjvjd.exe36⤵
- Executes dropped EXE
-
\??\c:\lffrlrr.exec:\lffrlrr.exe37⤵
- Executes dropped EXE
-
\??\c:\flrrxxx.exec:\flrrxxx.exe38⤵
- Executes dropped EXE
-
\??\c:\bntbbh.exec:\bntbbh.exe39⤵
- Executes dropped EXE
-
\??\c:\5jdvv.exec:\5jdvv.exe40⤵
- Executes dropped EXE
-
\??\c:\nbhbbt.exec:\nbhbbt.exe41⤵
- Executes dropped EXE
-
\??\c:\nnhntb.exec:\nnhntb.exe42⤵
- Executes dropped EXE
-
\??\c:\ddppj.exec:\ddppj.exe43⤵
- Executes dropped EXE
-
\??\c:\9xxlfll.exec:\9xxlfll.exe44⤵
- Executes dropped EXE
-
\??\c:\jppjv.exec:\jppjv.exe45⤵
- Executes dropped EXE
-
\??\c:\lrxxxxx.exec:\lrxxxxx.exe46⤵
- Executes dropped EXE
-
\??\c:\htbhht.exec:\htbhht.exe47⤵
- Executes dropped EXE
-
\??\c:\vjdvv.exec:\vjdvv.exe48⤵
- Executes dropped EXE
-
\??\c:\jvddv.exec:\jvddv.exe49⤵
- Executes dropped EXE
-
\??\c:\fxxxfff.exec:\fxxxfff.exe50⤵
- Executes dropped EXE
-
\??\c:\bhhthn.exec:\bhhthn.exe51⤵
- Executes dropped EXE
-
\??\c:\5vjjd.exec:\5vjjd.exe52⤵
- Executes dropped EXE
-
\??\c:\7lrlfrl.exec:\7lrlfrl.exe53⤵
- Executes dropped EXE
-
\??\c:\ntntnn.exec:\ntntnn.exe54⤵
- Executes dropped EXE
-
\??\c:\dvjjj.exec:\dvjjj.exe55⤵
- Executes dropped EXE
-
\??\c:\bbttnb.exec:\bbttnb.exe56⤵
- Executes dropped EXE
-
\??\c:\nhhhhh.exec:\nhhhhh.exe57⤵
- Executes dropped EXE
-
\??\c:\7ddpd.exec:\7ddpd.exe58⤵
- Executes dropped EXE
-
\??\c:\rlrlrrx.exec:\rlrlrrx.exe59⤵
- Executes dropped EXE
-
\??\c:\7rlfxrl.exec:\7rlfxrl.exe60⤵
- Executes dropped EXE
-
\??\c:\3tttnh.exec:\3tttnh.exe61⤵
- Executes dropped EXE
-
\??\c:\nntnhh.exec:\nntnhh.exe62⤵
- Executes dropped EXE
-
\??\c:\pjdvd.exec:\pjdvd.exe63⤵
- Executes dropped EXE
-
\??\c:\rllfrrl.exec:\rllfrrl.exe64⤵
- Executes dropped EXE
-
\??\c:\pvvvd.exec:\pvvvd.exe65⤵
- Executes dropped EXE
-
\??\c:\djjjd.exec:\djjjd.exe66⤵
-
\??\c:\lfrrllr.exec:\lfrrllr.exe67⤵
-
\??\c:\hbhhnn.exec:\hbhhnn.exe68⤵
-
\??\c:\nhhnhb.exec:\nhhnhb.exe69⤵
-
\??\c:\dppvj.exec:\dppvj.exe70⤵
-
\??\c:\7fxrlff.exec:\7fxrlff.exe71⤵
-
\??\c:\lxxrrlf.exec:\lxxrrlf.exe72⤵
-
\??\c:\7thbbt.exec:\7thbbt.exe73⤵
-
\??\c:\hbbbnn.exec:\hbbbnn.exe74⤵
-
\??\c:\djjjv.exec:\djjjv.exe75⤵
-
\??\c:\1frfxxr.exec:\1frfxxr.exe76⤵
-
\??\c:\fxrlffx.exec:\fxrlffx.exe77⤵
-
\??\c:\3xrrfrl.exec:\3xrrfrl.exe78⤵
-
\??\c:\tnnnhb.exec:\tnnnhb.exe79⤵
-
\??\c:\djvvp.exec:\djvvp.exe80⤵
-
\??\c:\jjpvj.exec:\jjpvj.exe81⤵
-
\??\c:\xxrlffx.exec:\xxrlffx.exe82⤵
-
\??\c:\hbbhnt.exec:\hbbhnt.exe83⤵
-
\??\c:\tnnntn.exec:\tnnntn.exe84⤵
-
\??\c:\vjdvd.exec:\vjdvd.exe85⤵
-
\??\c:\xxlffrr.exec:\xxlffrr.exe86⤵
-
\??\c:\xxrrllr.exec:\xxrrllr.exe87⤵
-
\??\c:\httnhh.exec:\httnhh.exe88⤵
-
\??\c:\thnnhh.exec:\thnnhh.exe89⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe90⤵
-
\??\c:\dppjv.exec:\dppjv.exe91⤵
-
\??\c:\5lrrxlf.exec:\5lrrxlf.exe92⤵
-
\??\c:\5llllff.exec:\5llllff.exe93⤵
-
\??\c:\5nttnn.exec:\5nttnn.exe94⤵
-
\??\c:\hnnhhb.exec:\hnnhhb.exe95⤵
-
\??\c:\dpppj.exec:\dpppj.exe96⤵
-
\??\c:\djjjd.exec:\djjjd.exe97⤵
-
\??\c:\rflxrrl.exec:\rflxrrl.exe98⤵
-
\??\c:\7xrrllf.exec:\7xrrllf.exe99⤵
-
\??\c:\hhhbtb.exec:\hhhbtb.exe100⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe101⤵
-
\??\c:\pdjjj.exec:\pdjjj.exe102⤵
-
\??\c:\frffxff.exec:\frffxff.exe103⤵
-
\??\c:\ffrxrxx.exec:\ffrxrxx.exe104⤵
-
\??\c:\nhnhhn.exec:\nhnhhn.exe105⤵
-
\??\c:\nnhhhn.exec:\nnhhhn.exe106⤵
-
\??\c:\vpdjd.exec:\vpdjd.exe107⤵
-
\??\c:\lrlrxlx.exec:\lrlrxlx.exe108⤵
-
\??\c:\rrxrrrx.exec:\rrxrrrx.exe109⤵
-
\??\c:\httbbn.exec:\httbbn.exe110⤵
-
\??\c:\htbhbh.exec:\htbhbh.exe111⤵
-
\??\c:\ppvpd.exec:\ppvpd.exe112⤵
-
\??\c:\fflllrr.exec:\fflllrr.exe113⤵
-
\??\c:\pvppp.exec:\pvppp.exe114⤵
-
\??\c:\jjvjd.exec:\jjvjd.exe115⤵
-
\??\c:\5frrrrx.exec:\5frrrrx.exe116⤵
-
\??\c:\nhnttb.exec:\nhnttb.exe117⤵
-
\??\c:\bbnnnt.exec:\bbnnnt.exe118⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe119⤵
-
\??\c:\rrlrrll.exec:\rrlrrll.exe120⤵
-
\??\c:\xrrrrrr.exec:\xrrrrrr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-