Analysis
-
max time kernel
150s -
max time network
110s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
02/10/2024, 11:50
General
-
Target
39410189091fa47569a8515ed44165ad132b6556fc98dd25ce3ae5ab2bdc1a96N.exe
-
Size
70KB
-
MD5
7e1892dcba2692b5898bcb66d7dfafe0
-
SHA1
373dcd6800af2cf82888e953ab343ec4d8188dd8
-
SHA256
39410189091fa47569a8515ed44165ad132b6556fc98dd25ce3ae5ab2bdc1a96
-
SHA512
77a82758e8304b154a6bf945771552d9dc683a340d207752273eb475a4bcb80c89253dddcf9512300b4e50b27a857216888e684bed4589c6740d4fdce8c1366a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfUcicvM:ymb3NkkiQ3mdBjFI4V4cit
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 36 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\39410189091fa47569a8515ed44165ad132b6556fc98dd25ce3ae5ab2bdc1a96N.exe"C:\Users\Admin\AppData\Local\Temp\39410189091fa47569a8515ed44165ad132b6556fc98dd25ce3ae5ab2bdc1a96N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxffrr.exec:\xxxffrr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbnnn.exec:\tbbnnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbhn.exec:\tnhbhn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjd.exec:\vpdjd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhnn.exec:\nhnhnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdvv.exec:\ppdvv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrrlf.exec:\xrxrrlf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbtt.exec:\tnhbtt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvpp.exec:\pvvpp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddddv.exec:\ddddv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffffff.exec:\fffffff.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnnht.exec:\ntnnht.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpppj.exec:\jpppj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpj.exec:\vpvpj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrlffx.exec:\xfrlffx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhthnb.exec:\hhthnb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hnhtt.exec:\1hnhtt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvpd.exec:\dpvpd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrlff.exec:\xrxrlff.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnnhh.exec:\nbnnhh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhhnn.exec:\tbhhnn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddp.exec:\dvddp.exe23⤵
- Executes dropped EXE
-
\??\c:\vjjdv.exec:\vjjdv.exe24⤵
- Executes dropped EXE
-
\??\c:\bttnhh.exec:\bttnhh.exe25⤵
- Executes dropped EXE
-
\??\c:\bttnbb.exec:\bttnbb.exe26⤵
- Executes dropped EXE
-
\??\c:\7pvpp.exec:\7pvpp.exe27⤵
- Executes dropped EXE
-
\??\c:\lfxrrrl.exec:\lfxrrrl.exe28⤵
- Executes dropped EXE
-
\??\c:\bhtnbb.exec:\bhtnbb.exe29⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\hhnhtn.exec:\hhnhtn.exe30⤵
- Executes dropped EXE
-
\??\c:\ppdjd.exec:\ppdjd.exe31⤵
- Executes dropped EXE
-
\??\c:\tnhbhh.exec:\tnhbhh.exe32⤵
- Executes dropped EXE
-
\??\c:\nhhbnn.exec:\nhhbnn.exe33⤵
- Executes dropped EXE
-
\??\c:\btthbb.exec:\btthbb.exe34⤵
- Executes dropped EXE
-
\??\c:\dpvpd.exec:\dpvpd.exe35⤵
- Executes dropped EXE
-
\??\c:\7bbtnb.exec:\7bbtnb.exe36⤵
- Executes dropped EXE
-
\??\c:\vvpjd.exec:\vvpjd.exe37⤵
- Executes dropped EXE
-
\??\c:\bbbtnn.exec:\bbbtnn.exe38⤵
- Executes dropped EXE
-
\??\c:\bbhbnh.exec:\bbhbnh.exe39⤵
- Executes dropped EXE
-
\??\c:\pppjd.exec:\pppjd.exe40⤵
- Executes dropped EXE
-
\??\c:\1lxrfxx.exec:\1lxrfxx.exe41⤵
- Executes dropped EXE
-
\??\c:\hhhhbb.exec:\hhhhbb.exe42⤵
- Executes dropped EXE
-
\??\c:\lxfxrlf.exec:\lxfxrlf.exe43⤵
- Executes dropped EXE
-
\??\c:\thhhbt.exec:\thhhbt.exe44⤵
- Executes dropped EXE
-
\??\c:\nhhhhn.exec:\nhhhhn.exe45⤵
- Executes dropped EXE
-
\??\c:\pvjdj.exec:\pvjdj.exe46⤵
- Executes dropped EXE
-
\??\c:\xrxxrxr.exec:\xrxxrxr.exe47⤵
- Executes dropped EXE
-
\??\c:\rxlffff.exec:\rxlffff.exe48⤵
- Executes dropped EXE
-
\??\c:\thhnnn.exec:\thhnnn.exe49⤵
- Executes dropped EXE
-
\??\c:\pjddd.exec:\pjddd.exe50⤵
- Executes dropped EXE
-
\??\c:\pjjjv.exec:\pjjjv.exe51⤵
- Executes dropped EXE
-
\??\c:\pdvvp.exec:\pdvvp.exe52⤵
- Executes dropped EXE
-
\??\c:\frffxll.exec:\frffxll.exe53⤵
- Executes dropped EXE
-
\??\c:\nnttnn.exec:\nnttnn.exe54⤵
- Executes dropped EXE
-
\??\c:\ddjdj.exec:\ddjdj.exe55⤵
- Executes dropped EXE
-
\??\c:\jjpvp.exec:\jjpvp.exe56⤵
- Executes dropped EXE
-
\??\c:\lflfxxl.exec:\lflfxxl.exe57⤵
- Executes dropped EXE
-
\??\c:\xxrxrrr.exec:\xxrxrrr.exe58⤵
- Executes dropped EXE
-
\??\c:\7hbtnn.exec:\7hbtnn.exe59⤵
- Executes dropped EXE
-
\??\c:\pvpdp.exec:\pvpdp.exe60⤵
- Executes dropped EXE
-
\??\c:\9dvdp.exec:\9dvdp.exe61⤵
- Executes dropped EXE
-
\??\c:\xxrlxrx.exec:\xxrlxrx.exe62⤵
- Executes dropped EXE
-
\??\c:\bnnhbt.exec:\bnnhbt.exe63⤵
- Executes dropped EXE
-
\??\c:\9hbthb.exec:\9hbthb.exe64⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe65⤵
- Executes dropped EXE
-
\??\c:\xxfrxxf.exec:\xxfrxxf.exe66⤵
-
\??\c:\frllfxl.exec:\frllfxl.exe67⤵
-
\??\c:\btnhbb.exec:\btnhbb.exe68⤵
-
\??\c:\nbbtnh.exec:\nbbtnh.exe69⤵
-
\??\c:\pvvvv.exec:\pvvvv.exe70⤵
-
\??\c:\rxffxxx.exec:\rxffxxx.exe71⤵
-
\??\c:\1lxrlxr.exec:\1lxrlxr.exe72⤵
-
\??\c:\nhhhbb.exec:\nhhhbb.exe73⤵
-
\??\c:\bbbbth.exec:\bbbbth.exe74⤵
-
\??\c:\jddvp.exec:\jddvp.exe75⤵
-
\??\c:\xrlrlll.exec:\xrlrlll.exe76⤵
-
\??\c:\7hhbtt.exec:\7hhbtt.exe77⤵
-
\??\c:\nbbnbt.exec:\nbbnbt.exe78⤵
-
\??\c:\7btnbb.exec:\7btnbb.exe79⤵
-
\??\c:\jvdpv.exec:\jvdpv.exe80⤵
-
\??\c:\fxxxffx.exec:\fxxxffx.exe81⤵
-
\??\c:\lflfrlx.exec:\lflfrlx.exe82⤵
-
\??\c:\hbnnnn.exec:\hbnnnn.exe83⤵
-
\??\c:\nnhbth.exec:\nnhbth.exe84⤵
-
\??\c:\pvvpd.exec:\pvvpd.exe85⤵
-
\??\c:\rrxlrlx.exec:\rrxlrlx.exe86⤵
-
\??\c:\fxfxxlf.exec:\fxfxxlf.exe87⤵
-
\??\c:\nhttnh.exec:\nhttnh.exe88⤵
-
\??\c:\htnhtn.exec:\htnhtn.exe89⤵
-
\??\c:\vvvpd.exec:\vvvpd.exe90⤵
-
\??\c:\jpjdv.exec:\jpjdv.exe91⤵
-
\??\c:\7xfxllf.exec:\7xfxllf.exe92⤵
-
\??\c:\nbnbhb.exec:\nbnbhb.exe93⤵
-
\??\c:\ddjdv.exec:\ddjdv.exe94⤵
-
\??\c:\rlllxff.exec:\rlllxff.exe95⤵
-
\??\c:\tbhnnb.exec:\tbhnnb.exe96⤵
-
\??\c:\httnnn.exec:\httnnn.exe97⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe98⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe99⤵
-
\??\c:\rxfxrrr.exec:\rxfxrrr.exe100⤵
-
\??\c:\lfrrrrl.exec:\lfrrrrl.exe101⤵
-
\??\c:\hbtnhh.exec:\hbtnhh.exe102⤵
-
\??\c:\tttthn.exec:\tttthn.exe103⤵
-
\??\c:\jjvvv.exec:\jjvvv.exe104⤵
-
\??\c:\dpddp.exec:\dpddp.exe105⤵
-
\??\c:\fxxrxxf.exec:\fxxrxxf.exe106⤵
-
\??\c:\lxxxrrx.exec:\lxxxrrx.exe107⤵
-
\??\c:\nbnhhh.exec:\nbnhhh.exe108⤵
- System Location Discovery: System Language Discovery
-
\??\c:\tttnhh.exec:\tttnhh.exe109⤵
-
\??\c:\ddvvv.exec:\ddvvv.exe110⤵
-
\??\c:\fflllfr.exec:\fflllfr.exe111⤵
-
\??\c:\5xxxrrr.exec:\5xxxrrr.exe112⤵
-
\??\c:\tnhhtt.exec:\tnhhtt.exe113⤵
-
\??\c:\5hbhbn.exec:\5hbhbn.exe114⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe115⤵
-
\??\c:\dvddv.exec:\dvddv.exe116⤵
-
\??\c:\rrlfxlf.exec:\rrlfxlf.exe117⤵
-
\??\c:\rlfxxxx.exec:\rlfxxxx.exe118⤵
-
\??\c:\nhbttt.exec:\nhbttt.exe119⤵
-
\??\c:\pdddj.exec:\pdddj.exe120⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-