Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
04-10-2024 02:01
General
-
Target
2cfa313a9ea62d51c562de2100bdfa7f30fda5c9c3adb8048b6ef1a01b8a1720N.exe
-
Size
67KB
-
MD5
8f5fb2f2a612d6da00c99116d1233d20
-
SHA1
1466354ad79d4c1920cc770b5c36b5353e512b27
-
SHA256
2cfa313a9ea62d51c562de2100bdfa7f30fda5c9c3adb8048b6ef1a01b8a1720
-
SHA512
98793ebe279c89cc1ad9630fe896dcf457f8b21eb625b5e57be8362d4581030e20523f00041278ac89c48b433e46517e4080c8f2697cc77bc5694ee0f14f903d
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI9L27Bqfs:ymb3NkkiQ3mdBjFI9cqfs
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2cfa313a9ea62d51c562de2100bdfa7f30fda5c9c3adb8048b6ef1a01b8a1720N.exe"C:\Users\Admin\AppData\Local\Temp\2cfa313a9ea62d51c562de2100bdfa7f30fda5c9c3adb8048b6ef1a01b8a1720N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5jpjv.exec:\5jpjv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfxlfx.exec:\rxfxlfx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbthh.exec:\hbbthh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttbtn.exec:\bttbtn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvpp.exec:\vjvpp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllxrfx.exec:\fllxrfx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhbh.exec:\bthhbh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttttb.exec:\tttttb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjj.exec:\jdjjj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnnh.exec:\bntnnh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbntn.exec:\tbbntn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjjj.exec:\pjjjj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxffrx.exec:\fxxffrx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhnn.exec:\nhnhnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nnhbh.exec:\7nnhbh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpppp.exec:\dpppp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppppj.exec:\ppppj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lfxrll.exec:\7lfxrll.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ntnhh.exec:\9ntnhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppj.exec:\pjppj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjjp.exec:\vdjjp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllfxff.exec:\lllfxff.exe23⤵
- Executes dropped EXE
-
\??\c:\nntbbb.exec:\nntbbb.exe24⤵
- Executes dropped EXE
-
\??\c:\3tbthh.exec:\3tbthh.exe25⤵
- Executes dropped EXE
-
\??\c:\lffxrrr.exec:\lffxrrr.exe26⤵
- Executes dropped EXE
-
\??\c:\nhtbhh.exec:\nhtbhh.exe27⤵
- Executes dropped EXE
-
\??\c:\7dppd.exec:\7dppd.exe28⤵
- Executes dropped EXE
-
\??\c:\lxxrlfx.exec:\lxxrlfx.exe29⤵
- Executes dropped EXE
-
\??\c:\nnhbtt.exec:\nnhbtt.exe30⤵
- Executes dropped EXE
-
\??\c:\vpvpj.exec:\vpvpj.exe31⤵
- Executes dropped EXE
-
\??\c:\rrlllrr.exec:\rrlllrr.exe32⤵
- Executes dropped EXE
-
\??\c:\thnhth.exec:\thnhth.exe33⤵
- Executes dropped EXE
-
\??\c:\rlrrrrl.exec:\rlrrrrl.exe34⤵
- Executes dropped EXE
-
\??\c:\jvvpj.exec:\jvvpj.exe35⤵
- Executes dropped EXE
-
\??\c:\rlllrfx.exec:\rlllrfx.exe36⤵
- Executes dropped EXE
-
\??\c:\xlffxxx.exec:\xlffxxx.exe37⤵
- Executes dropped EXE
-
\??\c:\bbbtbb.exec:\bbbtbb.exe38⤵
- Executes dropped EXE
-
\??\c:\jpjjd.exec:\jpjjd.exe39⤵
- Executes dropped EXE
-
\??\c:\nbhhhn.exec:\nbhhhn.exe40⤵
- Executes dropped EXE
-
\??\c:\vvvvj.exec:\vvvvj.exe41⤵
- Executes dropped EXE
-
\??\c:\xxlrrlr.exec:\xxlrrlr.exe42⤵
- Executes dropped EXE
-
\??\c:\hnntnn.exec:\hnntnn.exe43⤵
- Executes dropped EXE
-
\??\c:\jvdvp.exec:\jvdvp.exe44⤵
- Executes dropped EXE
-
\??\c:\vvdpj.exec:\vvdpj.exe45⤵
- Executes dropped EXE
-
\??\c:\bnbbtn.exec:\bnbbtn.exe46⤵
- Executes dropped EXE
-
\??\c:\dppjj.exec:\dppjj.exe47⤵
- Executes dropped EXE
-
\??\c:\jvppd.exec:\jvppd.exe48⤵
- Executes dropped EXE
-
\??\c:\rfllrrr.exec:\rfllrrr.exe49⤵
- Executes dropped EXE
-
\??\c:\tbhnnt.exec:\tbhnnt.exe50⤵
- Executes dropped EXE
-
\??\c:\7dpvp.exec:\7dpvp.exe51⤵
- Executes dropped EXE
-
\??\c:\jjjjj.exec:\jjjjj.exe52⤵
- Executes dropped EXE
-
\??\c:\xrffllx.exec:\xrffllx.exe53⤵
- Executes dropped EXE
-
\??\c:\fxlrxff.exec:\fxlrxff.exe54⤵
- Executes dropped EXE
-
\??\c:\ppdvv.exec:\ppdvv.exe55⤵
- Executes dropped EXE
-
\??\c:\5vpvj.exec:\5vpvj.exe56⤵
- Executes dropped EXE
-
\??\c:\xlrlllr.exec:\xlrlllr.exe57⤵
- Executes dropped EXE
-
\??\c:\ffxlxrf.exec:\ffxlxrf.exe58⤵
- Executes dropped EXE
-
\??\c:\hhntbh.exec:\hhntbh.exe59⤵
- Executes dropped EXE
-
\??\c:\btbbbh.exec:\btbbbh.exe60⤵
- Executes dropped EXE
-
\??\c:\1dvdv.exec:\1dvdv.exe61⤵
- Executes dropped EXE
-
\??\c:\xrxfxrx.exec:\xrxfxrx.exe62⤵
- Executes dropped EXE
-
\??\c:\xffrrlf.exec:\xffrrlf.exe63⤵
- Executes dropped EXE
-
\??\c:\btbnbt.exec:\btbnbt.exe64⤵
- Executes dropped EXE
-
\??\c:\9rffxff.exec:\9rffxff.exe65⤵
- Executes dropped EXE
-
\??\c:\rxxfxrr.exec:\rxxfxrr.exe66⤵
-
\??\c:\bhtbbh.exec:\bhtbbh.exe67⤵
-
\??\c:\bbhbtt.exec:\bbhbtt.exe68⤵
-
\??\c:\djdjd.exec:\djdjd.exe69⤵
-
\??\c:\9fflflr.exec:\9fflflr.exe70⤵
-
\??\c:\llffflr.exec:\llffflr.exe71⤵
- System Location Discovery: System Language Discovery
-
\??\c:\1ttttt.exec:\1ttttt.exe72⤵
-
\??\c:\jjvpp.exec:\jjvpp.exe73⤵
-
\??\c:\pjddv.exec:\pjddv.exe74⤵
-
\??\c:\xrllxxl.exec:\xrllxxl.exe75⤵
-
\??\c:\hhtbhn.exec:\hhtbhn.exe76⤵
-
\??\c:\ttnnnt.exec:\ttnnnt.exe77⤵
-
\??\c:\9dpjd.exec:\9dpjd.exe78⤵
-
\??\c:\lxxrffx.exec:\lxxrffx.exe79⤵
-
\??\c:\xrffxrl.exec:\xrffxrl.exe80⤵
-
\??\c:\nhtttb.exec:\nhtttb.exe81⤵
-
\??\c:\dvddd.exec:\dvddd.exe82⤵
-
\??\c:\jjddj.exec:\jjddj.exe83⤵
-
\??\c:\rffxrrl.exec:\rffxrrl.exe84⤵
-
\??\c:\nnnnnt.exec:\nnnnnt.exe85⤵
-
\??\c:\5nhbtn.exec:\5nhbtn.exe86⤵
-
\??\c:\pjppj.exec:\pjppj.exe87⤵
-
\??\c:\ddddv.exec:\ddddv.exe88⤵
-
\??\c:\ffrrfll.exec:\ffrrfll.exe89⤵
-
\??\c:\3htbnn.exec:\3htbnn.exe90⤵
-
\??\c:\7thhbb.exec:\7thhbb.exe91⤵
-
\??\c:\vdvvp.exec:\vdvvp.exe92⤵
-
\??\c:\jjvvv.exec:\jjvvv.exe93⤵
-
\??\c:\flrrxxf.exec:\flrrxxf.exe94⤵
- System Location Discovery: System Language Discovery
-
\??\c:\thtbbb.exec:\thtbbb.exe95⤵
-
\??\c:\ththbh.exec:\ththbh.exe96⤵
-
\??\c:\djdjd.exec:\djdjd.exe97⤵
-
\??\c:\djddj.exec:\djddj.exe98⤵
-
\??\c:\rrflfll.exec:\rrflfll.exe99⤵
-
\??\c:\hnbhhn.exec:\hnbhhn.exe100⤵
-
\??\c:\bbttnt.exec:\bbttnt.exe101⤵
-
\??\c:\jpjjp.exec:\jpjjp.exe102⤵
-
\??\c:\jvvvp.exec:\jvvvp.exe103⤵
-
\??\c:\rfxxxxf.exec:\rfxxxxf.exe104⤵
-
\??\c:\hbhhht.exec:\hbhhht.exe105⤵
-
\??\c:\bbnbbb.exec:\bbnbbb.exe106⤵
-
\??\c:\pvdpj.exec:\pvdpj.exe107⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe108⤵
-
\??\c:\rrrrlrl.exec:\rrrrlrl.exe109⤵
-
\??\c:\9fffxxl.exec:\9fffxxl.exe110⤵
-
\??\c:\thnnbh.exec:\thnnbh.exe111⤵
-
\??\c:\pdddp.exec:\pdddp.exe112⤵
-
\??\c:\rlrrflf.exec:\rlrrflf.exe113⤵
-
\??\c:\ttnntt.exec:\ttnntt.exe114⤵
-
\??\c:\3thhht.exec:\3thhht.exe115⤵
-
\??\c:\jjppj.exec:\jjppj.exe116⤵
-
\??\c:\xxflrrl.exec:\xxflrrl.exe117⤵
-
\??\c:\flfffll.exec:\flfffll.exe118⤵
-
\??\c:\hhnnnt.exec:\hhnnnt.exe119⤵
-
\??\c:\bbthbt.exec:\bbthbt.exe120⤵
-
\??\c:\vvppd.exec:\vvppd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-