Analysis
-
max time kernel
120s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
04/10/2024, 00:09
General
-
Target
9063fae6561fb7a36c58ff4cbeae9f8918e49b16b07d5c63fc604092aefc1a55N.exe
-
Size
67KB
-
MD5
b8df8ab5e74c7f3180a39bc20e494500
-
SHA1
7a9c37dd4101eefe5edc6af3555dec1a7e0fd23c
-
SHA256
9063fae6561fb7a36c58ff4cbeae9f8918e49b16b07d5c63fc604092aefc1a55
-
SHA512
52dce267475be44e7098478ebcfede3420646c780f02886edc5c9125f4e2af1ce919242616a9feef9756e0dbbd1e860a260a4f90c5304559fdf96595d6d94caa
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI9L27B5QcS:ymb3NkkiQ3mdBjFI9c+h
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 36 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9063fae6561fb7a36c58ff4cbeae9f8918e49b16b07d5c63fc604092aefc1a55N.exe"C:\Users\Admin\AppData\Local\Temp\9063fae6561fb7a36c58ff4cbeae9f8918e49b16b07d5c63fc604092aefc1a55N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\btthbt.exec:\btthbt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjp.exec:\dvjjp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjv.exec:\dppjv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxllf.exec:\fxfxllf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnhh.exec:\hbtnhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nnhbb.exec:\3nnhbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flllxxl.exec:\flllxxl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntnhh.exec:\tntnhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdp.exec:\pdjdp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxxrlf.exec:\fxxxrlf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3thbbt.exec:\3thbbt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbthh.exec:\hbbthh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dpvj.exec:\3dpvj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlfrxx.exec:\rrlfrxx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbtbt.exec:\btbtbt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxrll.exec:\lffxrll.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhtn.exec:\tnnhtn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vvdv.exec:\1vvdv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxrllf.exec:\lxxrllf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhbnn.exec:\nnhbnn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbthb.exec:\bhbthb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpppp.exec:\vpppp.exe23⤵
- Executes dropped EXE
-
\??\c:\rxxrfxr.exec:\rxxrfxr.exe24⤵
- Executes dropped EXE
-
\??\c:\nhtnnh.exec:\nhtnnh.exe25⤵
- Executes dropped EXE
-
\??\c:\vvdvj.exec:\vvdvj.exe26⤵
- Executes dropped EXE
-
\??\c:\lflxxrx.exec:\lflxxrx.exe27⤵
- Executes dropped EXE
-
\??\c:\xrxrfff.exec:\xrxrfff.exe28⤵
- Executes dropped EXE
-
\??\c:\ntnhbb.exec:\ntnhbb.exe29⤵
- Executes dropped EXE
-
\??\c:\7vdvv.exec:\7vdvv.exe30⤵
- Executes dropped EXE
-
\??\c:\pdvpd.exec:\pdvpd.exe31⤵
- Executes dropped EXE
-
\??\c:\frrlfxr.exec:\frrlfxr.exe32⤵
- Executes dropped EXE
-
\??\c:\xfrlffx.exec:\xfrlffx.exe33⤵
- Executes dropped EXE
-
\??\c:\bthhtt.exec:\bthhtt.exe34⤵
- Executes dropped EXE
-
\??\c:\vvvpj.exec:\vvvpj.exe35⤵
- Executes dropped EXE
-
\??\c:\rllfrrl.exec:\rllfrrl.exe36⤵
- Executes dropped EXE
-
\??\c:\hbbthh.exec:\hbbthh.exe37⤵
- Executes dropped EXE
-
\??\c:\btnthn.exec:\btnthn.exe38⤵
- Executes dropped EXE
-
\??\c:\pjvpj.exec:\pjvpj.exe39⤵
- Executes dropped EXE
-
\??\c:\vvjvp.exec:\vvjvp.exe40⤵
- Executes dropped EXE
-
\??\c:\rlfrlfr.exec:\rlfrlfr.exe41⤵
- Executes dropped EXE
-
\??\c:\rxffxxr.exec:\rxffxxr.exe42⤵
- Executes dropped EXE
-
\??\c:\nnnbtn.exec:\nnnbtn.exe43⤵
- Executes dropped EXE
-
\??\c:\7nnhtt.exec:\7nnhtt.exe44⤵
- Executes dropped EXE
-
\??\c:\vjjdp.exec:\vjjdp.exe45⤵
- Executes dropped EXE
-
\??\c:\ppvpv.exec:\ppvpv.exe46⤵
- Executes dropped EXE
-
\??\c:\rlrlfxx.exec:\rlrlfxx.exe47⤵
- Executes dropped EXE
-
\??\c:\hbhhbb.exec:\hbhhbb.exe48⤵
- Executes dropped EXE
-
\??\c:\1hnbnh.exec:\1hnbnh.exe49⤵
- Executes dropped EXE
-
\??\c:\bnnhbb.exec:\bnnhbb.exe50⤵
- Executes dropped EXE
-
\??\c:\pjdvp.exec:\pjdvp.exe51⤵
- Executes dropped EXE
-
\??\c:\dvjvd.exec:\dvjvd.exe52⤵
- Executes dropped EXE
-
\??\c:\fxrlllf.exec:\fxrlllf.exe53⤵
- Executes dropped EXE
-
\??\c:\rxxlflf.exec:\rxxlflf.exe54⤵
- Executes dropped EXE
-
\??\c:\hbnhbt.exec:\hbnhbt.exe55⤵
- Executes dropped EXE
-
\??\c:\9ttnbb.exec:\9ttnbb.exe56⤵
- Executes dropped EXE
-
\??\c:\3jpjj.exec:\3jpjj.exe57⤵
- Executes dropped EXE
-
\??\c:\jdjdd.exec:\jdjdd.exe58⤵
- Executes dropped EXE
-
\??\c:\lfxrxxx.exec:\lfxrxxx.exe59⤵
- Executes dropped EXE
-
\??\c:\tntnhh.exec:\tntnhh.exe60⤵
- Executes dropped EXE
-
\??\c:\hhhhtn.exec:\hhhhtn.exe61⤵
- Executes dropped EXE
-
\??\c:\7dpjd.exec:\7dpjd.exe62⤵
- Executes dropped EXE
-
\??\c:\9xfrxrx.exec:\9xfrxrx.exe63⤵
- Executes dropped EXE
-
\??\c:\nhhbtn.exec:\nhhbtn.exe64⤵
- Executes dropped EXE
-
\??\c:\tbbthh.exec:\tbbthh.exe65⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\jppjd.exec:\jppjd.exe66⤵
-
\??\c:\lrfxxff.exec:\lrfxxff.exe67⤵
-
\??\c:\xxlflff.exec:\xxlflff.exe68⤵
-
\??\c:\tbbtnh.exec:\tbbtnh.exe69⤵
-
\??\c:\5pddd.exec:\5pddd.exe70⤵
-
\??\c:\djdvv.exec:\djdvv.exe71⤵
-
\??\c:\xlrxrfx.exec:\xlrxrfx.exe72⤵
-
\??\c:\3llfxxx.exec:\3llfxxx.exe73⤵
-
\??\c:\1hnhbt.exec:\1hnhbt.exe74⤵
-
\??\c:\hhnhbt.exec:\hhnhbt.exe75⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe76⤵
-
\??\c:\ffrfffl.exec:\ffrfffl.exe77⤵
-
\??\c:\tnttnh.exec:\tnttnh.exe78⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe79⤵
-
\??\c:\rxrfrlf.exec:\rxrfrlf.exe80⤵
-
\??\c:\7xxrrxl.exec:\7xxrrxl.exe81⤵
-
\??\c:\bhbtnn.exec:\bhbtnn.exe82⤵
-
\??\c:\btthhh.exec:\btthhh.exe83⤵
-
\??\c:\dppjj.exec:\dppjj.exe84⤵
-
\??\c:\9ppjp.exec:\9ppjp.exe85⤵
-
\??\c:\lfrxrxl.exec:\lfrxrxl.exe86⤵
-
\??\c:\rxrlxrl.exec:\rxrlxrl.exe87⤵
-
\??\c:\thtnbb.exec:\thtnbb.exe88⤵
-
\??\c:\nhhbnn.exec:\nhhbnn.exe89⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe90⤵
-
\??\c:\ppddj.exec:\ppddj.exe91⤵
-
\??\c:\3frflfx.exec:\3frflfx.exe92⤵
-
\??\c:\nnttnn.exec:\nnttnn.exe93⤵
-
\??\c:\nbbthh.exec:\nbbthh.exe94⤵
-
\??\c:\7vvpj.exec:\7vvpj.exe95⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe96⤵
-
\??\c:\xrfxffx.exec:\xrfxffx.exe97⤵
-
\??\c:\nhnhhn.exec:\nhnhhn.exe98⤵
-
\??\c:\1nbttt.exec:\1nbttt.exe99⤵
-
\??\c:\ppjdv.exec:\ppjdv.exe100⤵
-
\??\c:\pjpdv.exec:\pjpdv.exe101⤵
-
\??\c:\7ddjv.exec:\7ddjv.exe102⤵
-
\??\c:\xrrlxff.exec:\xrrlxff.exe103⤵
-
\??\c:\xxrxxxl.exec:\xxrxxxl.exe104⤵
-
\??\c:\hhnhht.exec:\hhnhht.exe105⤵
-
\??\c:\5hbbbb.exec:\5hbbbb.exe106⤵
-
\??\c:\dppjj.exec:\dppjj.exe107⤵
-
\??\c:\xxrlxxx.exec:\xxrlxxx.exe108⤵
-
\??\c:\lflfffl.exec:\lflfffl.exe109⤵
-
\??\c:\hntnhh.exec:\hntnhh.exe110⤵
-
\??\c:\vvdvd.exec:\vvdvd.exe111⤵
-
\??\c:\vpvpv.exec:\vpvpv.exe112⤵
-
\??\c:\jddvd.exec:\jddvd.exe113⤵
-
\??\c:\5xxlfxr.exec:\5xxlfxr.exe114⤵
-
\??\c:\frxrrll.exec:\frxrrll.exe115⤵
-
\??\c:\hbbhhh.exec:\hbbhhh.exe116⤵
-
\??\c:\hnbbnh.exec:\hnbbnh.exe117⤵
-
\??\c:\1ddvp.exec:\1ddvp.exe118⤵
-
\??\c:\5jvpp.exec:\5jvpp.exe119⤵
-
\??\c:\rlfxrrl.exec:\rlfxrrl.exe120⤵
-
\??\c:\3ffxxxx.exec:\3ffxxxx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-