Analysis
-
max time kernel
120s -
max time network
119s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
02-10-2024 12:44
General
-
Target
06dafb89c7781bafba0760ef997dae43551e78696e582ffad9d9f1e546b18563N.exe
-
Size
64KB
-
MD5
23babc5fb7485d6f4a539544582ac0a0
-
SHA1
47b4d56548cb50773d284411097776c544c27486
-
SHA256
06dafb89c7781bafba0760ef997dae43551e78696e582ffad9d9f1e546b18563
-
SHA512
2a680fd0be0ee2b0d766c684847c47fc28bb65d77e52f283c4b2db90ffd2654b351aaaf84f1bf32f849b889c0ba8e43d9abef0d275087adcd236c79aa6fd181b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI9L27B1R:ymb3NkkiQ3mdBjFI9cD
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\06dafb89c7781bafba0760ef997dae43551e78696e582ffad9d9f1e546b18563N.exe"C:\Users\Admin\AppData\Local\Temp\06dafb89c7781bafba0760ef997dae43551e78696e582ffad9d9f1e546b18563N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\242224.exec:\242224.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6262666.exec:\6262666.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhnt.exec:\bthhnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4482644.exec:\4482644.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdj.exec:\vpjdj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a6842.exec:\a6842.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\228822.exec:\228822.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2424640.exec:\2424640.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\628022.exec:\628022.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppp.exec:\pjppp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rffrrl.exec:\7rffrrl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnnnn.exec:\hnnnnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\60822.exec:\60822.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\46882.exec:\46882.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a8200.exec:\a8200.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvvj.exec:\vvvvj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbttt.exec:\hbbttt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnhnh.exec:\hhnhnh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxrrr.exec:\lfxxrrr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\608822.exec:\608822.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u022044.exec:\u022044.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\886288.exec:\886288.exe23⤵
- Executes dropped EXE
-
\??\c:\a8626.exec:\a8626.exe24⤵
- Executes dropped EXE
-
\??\c:\9bhtnn.exec:\9bhtnn.exe25⤵
- Executes dropped EXE
-
\??\c:\w20208.exec:\w20208.exe26⤵
- Executes dropped EXE
-
\??\c:\5llxrrl.exec:\5llxrrl.exe27⤵
- Executes dropped EXE
-
\??\c:\g8884.exec:\g8884.exe28⤵
- Executes dropped EXE
-
\??\c:\rrrlfff.exec:\rrrlfff.exe29⤵
- Executes dropped EXE
-
\??\c:\4600222.exec:\4600222.exe30⤵
- Executes dropped EXE
-
\??\c:\bhnnnb.exec:\bhnnnb.exe31⤵
- Executes dropped EXE
-
\??\c:\ppjjj.exec:\ppjjj.exe32⤵
- Executes dropped EXE
-
\??\c:\lrrlxxl.exec:\lrrlxxl.exe33⤵
- Executes dropped EXE
-
\??\c:\3hbbtt.exec:\3hbbtt.exe34⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe35⤵
- Executes dropped EXE
-
\??\c:\htbntt.exec:\htbntt.exe36⤵
- Executes dropped EXE
-
\??\c:\i286080.exec:\i286080.exe37⤵
- Executes dropped EXE
-
\??\c:\006666.exec:\006666.exe38⤵
- Executes dropped EXE
-
\??\c:\s2482.exec:\s2482.exe39⤵
- Executes dropped EXE
-
\??\c:\484822.exec:\484822.exe40⤵
- Executes dropped EXE
-
\??\c:\4482608.exec:\4482608.exe41⤵
- Executes dropped EXE
-
\??\c:\002666.exec:\002666.exe42⤵
- Executes dropped EXE
-
\??\c:\xxffxxr.exec:\xxffxxr.exe43⤵
- Executes dropped EXE
-
\??\c:\042644.exec:\042644.exe44⤵
- Executes dropped EXE
-
\??\c:\vpdvv.exec:\vpdvv.exe45⤵
- Executes dropped EXE
-
\??\c:\s4004.exec:\s4004.exe46⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\82006.exec:\82006.exe47⤵
- Executes dropped EXE
-
\??\c:\btbhht.exec:\btbhht.exe48⤵
- Executes dropped EXE
-
\??\c:\hnbttt.exec:\hnbttt.exe49⤵
- Executes dropped EXE
-
\??\c:\lllfrrx.exec:\lllfrrx.exe50⤵
- Executes dropped EXE
-
\??\c:\5hbhnn.exec:\5hbhnn.exe51⤵
- Executes dropped EXE
-
\??\c:\tnbtbb.exec:\tnbtbb.exe52⤵
- Executes dropped EXE
-
\??\c:\080488.exec:\080488.exe53⤵
- Executes dropped EXE
-
\??\c:\xrlrflx.exec:\xrlrflx.exe54⤵
- Executes dropped EXE
-
\??\c:\860222.exec:\860222.exe55⤵
- Executes dropped EXE
-
\??\c:\5nbthh.exec:\5nbthh.exe56⤵
- Executes dropped EXE
-
\??\c:\llxxfrr.exec:\llxxfrr.exe57⤵
- Executes dropped EXE
-
\??\c:\rlxfllf.exec:\rlxfllf.exe58⤵
- Executes dropped EXE
-
\??\c:\c824202.exec:\c824202.exe59⤵
- Executes dropped EXE
-
\??\c:\2022282.exec:\2022282.exe60⤵
- Executes dropped EXE
-
\??\c:\rxlxxff.exec:\rxlxxff.exe61⤵
- Executes dropped EXE
-
\??\c:\jjjjj.exec:\jjjjj.exe62⤵
- Executes dropped EXE
-
\??\c:\rfffxrr.exec:\rfffxrr.exe63⤵
- Executes dropped EXE
-
\??\c:\vjvdj.exec:\vjvdj.exe64⤵
- Executes dropped EXE
-
\??\c:\48066.exec:\48066.exe65⤵
- Executes dropped EXE
-
\??\c:\xrlxlfr.exec:\xrlxlfr.exe66⤵
-
\??\c:\2660826.exec:\2660826.exe67⤵
-
\??\c:\88048.exec:\88048.exe68⤵
-
\??\c:\vppjv.exec:\vppjv.exe69⤵
-
\??\c:\jddpd.exec:\jddpd.exe70⤵
-
\??\c:\a8680.exec:\a8680.exe71⤵
-
\??\c:\460248.exec:\460248.exe72⤵
-
\??\c:\0426066.exec:\0426066.exe73⤵
-
\??\c:\3ttthh.exec:\3ttthh.exe74⤵
-
\??\c:\jdvjp.exec:\jdvjp.exe75⤵
-
\??\c:\bhbthb.exec:\bhbthb.exe76⤵
-
\??\c:\1rrlfxr.exec:\1rrlfxr.exe77⤵
-
\??\c:\7ntntt.exec:\7ntntt.exe78⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe79⤵
-
\??\c:\frrlxrl.exec:\frrlxrl.exe80⤵
- System Location Discovery: System Language Discovery
-
\??\c:\llrrlll.exec:\llrrlll.exe81⤵
-
\??\c:\6848266.exec:\6848266.exe82⤵
-
\??\c:\22888.exec:\22888.exe83⤵
-
\??\c:\o466004.exec:\o466004.exe84⤵
-
\??\c:\080048.exec:\080048.exe85⤵
-
\??\c:\06222.exec:\06222.exe86⤵
-
\??\c:\7fxrxxr.exec:\7fxrxxr.exe87⤵
-
\??\c:\i806622.exec:\i806622.exe88⤵
-
\??\c:\dvpdj.exec:\dvpdj.exe89⤵
-
\??\c:\7rlfrrf.exec:\7rlfrrf.exe90⤵
-
\??\c:\1pdvp.exec:\1pdvp.exe91⤵
-
\??\c:\44048.exec:\44048.exe92⤵
-
\??\c:\k66222.exec:\k66222.exe93⤵
-
\??\c:\062646.exec:\062646.exe94⤵
-
\??\c:\jvdvj.exec:\jvdvj.exe95⤵
-
\??\c:\800040.exec:\800040.exe96⤵
-
\??\c:\7dvdp.exec:\7dvdp.exe97⤵
-
\??\c:\2026448.exec:\2026448.exe98⤵
-
\??\c:\llrrllr.exec:\llrrllr.exe99⤵
-
\??\c:\866408.exec:\866408.exe100⤵
-
\??\c:\g4008.exec:\g4008.exe101⤵
-
\??\c:\2848608.exec:\2848608.exe102⤵
-
\??\c:\1xxrllf.exec:\1xxrllf.exe103⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe104⤵
-
\??\c:\rxrlfxx.exec:\rxrlfxx.exe105⤵
-
\??\c:\rlrxrxx.exec:\rlrxrxx.exe106⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe107⤵
-
\??\c:\644828.exec:\644828.exe108⤵
-
\??\c:\408604.exec:\408604.exe109⤵
-
\??\c:\4806466.exec:\4806466.exe110⤵
-
\??\c:\0444288.exec:\0444288.exe111⤵
-
\??\c:\0622600.exec:\0622600.exe112⤵
-
\??\c:\ttbtnn.exec:\ttbtnn.exe113⤵
-
\??\c:\pppdd.exec:\pppdd.exe114⤵
-
\??\c:\hnthbh.exec:\hnthbh.exe115⤵
-
\??\c:\8442040.exec:\8442040.exe116⤵
-
\??\c:\vvjvj.exec:\vvjvj.exe117⤵
-
\??\c:\frlxfxf.exec:\frlxfxf.exe118⤵
-
\??\c:\46826.exec:\46826.exe119⤵
-
\??\c:\flfrfxx.exec:\flfrfxx.exe120⤵
-
\??\c:\1ffxxrx.exec:\1ffxxrx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-