Analysis
-
max time kernel
120s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
04/10/2024, 07:42
General
-
Target
7dbafb393425a186561d04d49519e2dbac64af743875a78acdeee99d87fd5ab0N.exe
-
Size
65KB
-
MD5
cae1104739b55f2df4929732745e0d20
-
SHA1
f32b67c6da40c9f9792342a9b61f7ee08772adeb
-
SHA256
7dbafb393425a186561d04d49519e2dbac64af743875a78acdeee99d87fd5ab0
-
SHA512
4fbb7755f4e4ec83deb61f81ebac052a3d202697060634038d24df6c0e42fa76fed94dc1f89aa75e6c7691a6db6e0d803e78cd850a571a406ab9ba539b9d472b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI9L27Bq8Du:ymb3NkkiQ3mdBjFI9cqF
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 35 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7dbafb393425a186561d04d49519e2dbac64af743875a78acdeee99d87fd5ab0N.exe"C:\Users\Admin\AppData\Local\Temp\7dbafb393425a186561d04d49519e2dbac64af743875a78acdeee99d87fd5ab0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdj.exec:\pdjdj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfxll.exec:\rllfxll.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnbnh.exec:\thnbnh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdpp.exec:\dpdpp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfrfrf.exec:\xlfrfrf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnhhn.exec:\bhnhhn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnnbb.exec:\btnnbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdpj.exec:\ppdpj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbbbb.exec:\tbbbbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbhnh.exec:\tnbhnh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjvp.exec:\ddjvp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfxrrl.exec:\xxfxrrl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rxlfff.exec:\1rxlfff.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnttnt.exec:\tnttnt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvdd.exec:\jjvdd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjd.exec:\dppjd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flffffx.exec:\flffffx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrllxl.exec:\xrrllxl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttntt.exec:\bttntt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppdv.exec:\vppdv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rrlxxr.exec:\9rrlxxr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntnhh.exec:\hntnhh.exe23⤵
- Executes dropped EXE
-
\??\c:\hbnnnn.exec:\hbnnnn.exe24⤵
- Executes dropped EXE
-
\??\c:\vvvvp.exec:\vvvvp.exe25⤵
- Executes dropped EXE
-
\??\c:\lffxrll.exec:\lffxrll.exe26⤵
- Executes dropped EXE
-
\??\c:\hhhhbb.exec:\hhhhbb.exe27⤵
- Executes dropped EXE
-
\??\c:\pjpjj.exec:\pjpjj.exe28⤵
- Executes dropped EXE
-
\??\c:\fxllxrx.exec:\fxllxrx.exe29⤵
- Executes dropped EXE
-
\??\c:\bnhhbb.exec:\bnhhbb.exe30⤵
- Executes dropped EXE
-
\??\c:\ddddv.exec:\ddddv.exe31⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe32⤵
- Executes dropped EXE
-
\??\c:\pdvjd.exec:\pdvjd.exe33⤵
- Executes dropped EXE
-
\??\c:\ntnnhb.exec:\ntnnhb.exe34⤵
- Executes dropped EXE
-
\??\c:\tbhhht.exec:\tbhhht.exe35⤵
- Executes dropped EXE
-
\??\c:\vjvvp.exec:\vjvvp.exe36⤵
- Executes dropped EXE
-
\??\c:\1rxfrlf.exec:\1rxfrlf.exe37⤵
- Executes dropped EXE
-
\??\c:\xlxlxrl.exec:\xlxlxrl.exe38⤵
- Executes dropped EXE
-
\??\c:\httbtb.exec:\httbtb.exe39⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\nbtnbb.exec:\nbtnbb.exe40⤵
- Executes dropped EXE
-
\??\c:\9dvdp.exec:\9dvdp.exe41⤵
- Executes dropped EXE
-
\??\c:\vpvvp.exec:\vpvvp.exe42⤵
- Executes dropped EXE
-
\??\c:\vddpj.exec:\vddpj.exe43⤵
- Executes dropped EXE
-
\??\c:\fxlfffr.exec:\fxlfffr.exe44⤵
- Executes dropped EXE
-
\??\c:\rlxlffx.exec:\rlxlffx.exe45⤵
- Executes dropped EXE
-
\??\c:\hntnbt.exec:\hntnbt.exe46⤵
- Executes dropped EXE
-
\??\c:\bnnhhb.exec:\bnnhhb.exe47⤵
- Executes dropped EXE
-
\??\c:\rflxxrr.exec:\rflxxrr.exe48⤵
- Executes dropped EXE
-
\??\c:\5rlxxrl.exec:\5rlxxrl.exe49⤵
- Executes dropped EXE
-
\??\c:\nhhbbb.exec:\nhhbbb.exe50⤵
- Executes dropped EXE
-
\??\c:\vvdvd.exec:\vvdvd.exe51⤵
- Executes dropped EXE
-
\??\c:\pjvdv.exec:\pjvdv.exe52⤵
- Executes dropped EXE
-
\??\c:\9xxlfff.exec:\9xxlfff.exe53⤵
- Executes dropped EXE
-
\??\c:\bhhbnn.exec:\bhhbnn.exe54⤵
- Executes dropped EXE
-
\??\c:\dppjj.exec:\dppjj.exe55⤵
- Executes dropped EXE
-
\??\c:\llflxll.exec:\llflxll.exe56⤵
- Executes dropped EXE
-
\??\c:\9rllfxr.exec:\9rllfxr.exe57⤵
- Executes dropped EXE
-
\??\c:\thtnhn.exec:\thtnhn.exe58⤵
- Executes dropped EXE
-
\??\c:\tbhhhh.exec:\tbhhhh.exe59⤵
- Executes dropped EXE
-
\??\c:\pppjd.exec:\pppjd.exe60⤵
- Executes dropped EXE
-
\??\c:\dvdvj.exec:\dvdvj.exe61⤵
- Executes dropped EXE
-
\??\c:\fxxlffx.exec:\fxxlffx.exe62⤵
- Executes dropped EXE
-
\??\c:\hntttt.exec:\hntttt.exe63⤵
- Executes dropped EXE
-
\??\c:\hnhhhh.exec:\hnhhhh.exe64⤵
- Executes dropped EXE
-
\??\c:\pdjdd.exec:\pdjdd.exe65⤵
- Executes dropped EXE
-
\??\c:\pdjvj.exec:\pdjvj.exe66⤵
-
\??\c:\xlfrfxr.exec:\xlfrfxr.exe67⤵
-
\??\c:\1xxxrrr.exec:\1xxxrrr.exe68⤵
-
\??\c:\bthbtt.exec:\bthbtt.exe69⤵
-
\??\c:\5hnnnh.exec:\5hnnnh.exe70⤵
-
\??\c:\djjdp.exec:\djjdp.exe71⤵
-
\??\c:\rxrfrrl.exec:\rxrfrrl.exe72⤵
-
\??\c:\xlllfff.exec:\xlllfff.exe73⤵
-
\??\c:\tttnhb.exec:\tttnhb.exe74⤵
-
\??\c:\bnbhbb.exec:\bnbhbb.exe75⤵
-
\??\c:\pjdpj.exec:\pjdpj.exe76⤵
-
\??\c:\lllfrrr.exec:\lllfrrr.exe77⤵
-
\??\c:\rxlrxxx.exec:\rxlrxxx.exe78⤵
-
\??\c:\lfflrrl.exec:\lfflrrl.exe79⤵
-
\??\c:\nbhbtt.exec:\nbhbtt.exe80⤵
-
\??\c:\nhthtt.exec:\nhthtt.exe81⤵
-
\??\c:\vjdvd.exec:\vjdvd.exe82⤵
-
\??\c:\tbthnh.exec:\tbthnh.exe83⤵
-
\??\c:\vdvjd.exec:\vdvjd.exe84⤵
-
\??\c:\ffxlrlx.exec:\ffxlrlx.exe85⤵
-
\??\c:\frxllxf.exec:\frxllxf.exe86⤵
-
\??\c:\1hthth.exec:\1hthth.exe87⤵
-
\??\c:\bntnht.exec:\bntnht.exe88⤵
-
\??\c:\jdvjp.exec:\jdvjp.exe89⤵
-
\??\c:\3jdvj.exec:\3jdvj.exe90⤵
-
\??\c:\lrrlrff.exec:\lrrlrff.exe91⤵
-
\??\c:\rrlllrr.exec:\rrlllrr.exe92⤵
-
\??\c:\hhbbnh.exec:\hhbbnh.exe93⤵
-
\??\c:\bbbtnh.exec:\bbbtnh.exe94⤵
-
\??\c:\hhnbtn.exec:\hhnbtn.exe95⤵
-
\??\c:\pjdvd.exec:\pjdvd.exe96⤵
-
\??\c:\lxfllrf.exec:\lxfllrf.exe97⤵
-
\??\c:\xflllll.exec:\xflllll.exe98⤵
-
\??\c:\hnnbhn.exec:\hnnbhn.exe99⤵
-
\??\c:\3hnbnh.exec:\3hnbnh.exe100⤵
-
\??\c:\1jvvd.exec:\1jvvd.exe101⤵
-
\??\c:\pjjvp.exec:\pjjvp.exe102⤵
-
\??\c:\3xxlxxl.exec:\3xxlxxl.exe103⤵
-
\??\c:\lrlxlff.exec:\lrlxlff.exe104⤵
-
\??\c:\nntnnh.exec:\nntnnh.exe105⤵
-
\??\c:\7bbthh.exec:\7bbthh.exe106⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe107⤵
-
\??\c:\lrlxflx.exec:\lrlxflx.exe108⤵
-
\??\c:\xxlxfxx.exec:\xxlxfxx.exe109⤵
-
\??\c:\5thbnh.exec:\5thbnh.exe110⤵
-
\??\c:\nhbnbn.exec:\nhbnbn.exe111⤵
-
\??\c:\djddd.exec:\djddd.exe112⤵
-
\??\c:\lxxrlll.exec:\lxxrlll.exe113⤵
-
\??\c:\lflxrrr.exec:\lflxrrr.exe114⤵
-
\??\c:\rxlfllf.exec:\rxlfllf.exe115⤵
-
\??\c:\5bttnn.exec:\5bttnn.exe116⤵
-
\??\c:\1hhbtn.exec:\1hhbtn.exe117⤵
-
\??\c:\pjddj.exec:\pjddj.exe118⤵
-
\??\c:\1pvpd.exec:\1pvpd.exe119⤵
-
\??\c:\flrrffx.exec:\flrrffx.exe120⤵
-
\??\c:\lxxxrrf.exec:\lxxxrrf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-