Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
04-10-2024 15:04
General
-
Target
104b1d7e55616b109de0fcc807e40047b8b10110d1149cd64cb41c3f53f2cd37N.exe
-
Size
64KB
-
MD5
8932a19049f0559d5386b2ef63e9cdd0
-
SHA1
cd45050127d9ec1e809ecfb920612c33ce6e0286
-
SHA256
104b1d7e55616b109de0fcc807e40047b8b10110d1149cd64cb41c3f53f2cd37
-
SHA512
e6359b721b2f707da37b0ee804a77789f813978c345ad20a5517cf556f3aa596a4539dddb50eecb90959f008dd6bb4c54806530cbc3ced765101d6defdb62cb9
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yU+kbxiG:ymb3NkkiQ3mdBjF0y7kbh
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\104b1d7e55616b109de0fcc807e40047b8b10110d1149cd64cb41c3f53f2cd37N.exe"C:\Users\Admin\AppData\Local\Temp\104b1d7e55616b109de0fcc807e40047b8b10110d1149cd64cb41c3f53f2cd37N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1hbhbb.exec:\1hbhbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvpd.exec:\ddvpd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrfxr.exec:\fxxrfxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttbtn.exec:\nttbtn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvpv.exec:\pjvpv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfxrl.exec:\lflfxrl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtnhb.exec:\hhtnhb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpv.exec:\jdvpv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rrlxrl.exec:\1rrlxrl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rxrlfx.exec:\3rxrlfx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tttbb.exec:\7tttbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppp.exec:\jdppp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrlrrr.exec:\lrrlrrr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfxxrl.exec:\llfxxrl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbnnt.exec:\thbnnt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vvdv.exec:\9vvdv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxxrxx.exec:\flxxrxx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttnhh.exec:\tttnhh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpjd.exec:\ddpjd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxlfxr.exec:\fxxlfxr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnnhh.exec:\tnnnhh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpvv.exec:\pjpvv.exe23⤵
- Executes dropped EXE
-
\??\c:\xrrlllf.exec:\xrrlllf.exe24⤵
- Executes dropped EXE
-
\??\c:\3ttttb.exec:\3ttttb.exe25⤵
- Executes dropped EXE
-
\??\c:\7bhhht.exec:\7bhhht.exe26⤵
- Executes dropped EXE
-
\??\c:\5vjpd.exec:\5vjpd.exe27⤵
- Executes dropped EXE
-
\??\c:\lrrrlll.exec:\lrrrlll.exe28⤵
- Executes dropped EXE
-
\??\c:\7xxffrr.exec:\7xxffrr.exe29⤵
- Executes dropped EXE
-
\??\c:\hntnnb.exec:\hntnnb.exe30⤵
- Executes dropped EXE
-
\??\c:\jvddv.exec:\jvddv.exe31⤵
- Executes dropped EXE
-
\??\c:\rfrlllf.exec:\rfrlllf.exe32⤵
- Executes dropped EXE
-
\??\c:\3rrxrxl.exec:\3rrxrxl.exe33⤵
- Executes dropped EXE
-
\??\c:\9hhhtt.exec:\9hhhtt.exe34⤵
- Executes dropped EXE
-
\??\c:\lflffff.exec:\lflffff.exe35⤵
- Executes dropped EXE
-
\??\c:\3xxrfxr.exec:\3xxrfxr.exe36⤵
- Executes dropped EXE
-
\??\c:\pdjdv.exec:\pdjdv.exe37⤵
- Executes dropped EXE
-
\??\c:\vdvpj.exec:\vdvpj.exe38⤵
- Executes dropped EXE
-
\??\c:\xlfxxrl.exec:\xlfxxrl.exe39⤵
- Executes dropped EXE
-
\??\c:\nhhhbt.exec:\nhhhbt.exe40⤵
- Executes dropped EXE
-
\??\c:\pvdvv.exec:\pvdvv.exe41⤵
- Executes dropped EXE
-
\??\c:\xrxrllf.exec:\xrxrllf.exe42⤵
- Executes dropped EXE
-
\??\c:\9tbbhn.exec:\9tbbhn.exe43⤵
- Executes dropped EXE
-
\??\c:\pjjvp.exec:\pjjvp.exe44⤵
- Executes dropped EXE
-
\??\c:\vdvdv.exec:\vdvdv.exe45⤵
- Executes dropped EXE
-
\??\c:\fflffxr.exec:\fflffxr.exe46⤵
- Executes dropped EXE
-
\??\c:\hbbtnh.exec:\hbbtnh.exe47⤵
- Executes dropped EXE
-
\??\c:\pvvvp.exec:\pvvvp.exe48⤵
- Executes dropped EXE
-
\??\c:\1vvpd.exec:\1vvpd.exe49⤵
- Executes dropped EXE
-
\??\c:\fllxrrl.exec:\fllxrrl.exe50⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe51⤵
- Executes dropped EXE
-
\??\c:\7xxrflf.exec:\7xxrflf.exe52⤵
- Executes dropped EXE
-
\??\c:\hbbthh.exec:\hbbthh.exe53⤵
- Executes dropped EXE
-
\??\c:\hthbnn.exec:\hthbnn.exe54⤵
- Executes dropped EXE
-
\??\c:\jdjdd.exec:\jdjdd.exe55⤵
- Executes dropped EXE
-
\??\c:\1jdvj.exec:\1jdvj.exe56⤵
- Executes dropped EXE
-
\??\c:\7rllflf.exec:\7rllflf.exe57⤵
- Executes dropped EXE
-
\??\c:\3nhhbh.exec:\3nhhbh.exe58⤵
- Executes dropped EXE
-
\??\c:\pjpjj.exec:\pjpjj.exe59⤵
- Executes dropped EXE
-
\??\c:\jdjjd.exec:\jdjjd.exe60⤵
- Executes dropped EXE
-
\??\c:\7frfrxx.exec:\7frfrxx.exe61⤵
- Executes dropped EXE
-
\??\c:\ttttnn.exec:\ttttnn.exe62⤵
- Executes dropped EXE
-
\??\c:\jppjd.exec:\jppjd.exe63⤵
- Executes dropped EXE
-
\??\c:\dvppp.exec:\dvppp.exe64⤵
- Executes dropped EXE
-
\??\c:\lxfxfxx.exec:\lxfxfxx.exe65⤵
- Executes dropped EXE
-
\??\c:\lxrlfrl.exec:\lxrlfrl.exe66⤵
-
\??\c:\bhbtnn.exec:\bhbtnn.exe67⤵
-
\??\c:\xllffff.exec:\xllffff.exe68⤵
-
\??\c:\lrfxlff.exec:\lrfxlff.exe69⤵
-
\??\c:\thnbnh.exec:\thnbnh.exe70⤵
-
\??\c:\ddvvv.exec:\ddvvv.exe71⤵
-
\??\c:\vjjpj.exec:\vjjpj.exe72⤵
-
\??\c:\xrrrlff.exec:\xrrrlff.exe73⤵
-
\??\c:\ttbbhh.exec:\ttbbhh.exe74⤵
-
\??\c:\bhhbnn.exec:\bhhbnn.exe75⤵
-
\??\c:\7dddv.exec:\7dddv.exe76⤵
-
\??\c:\flxxxff.exec:\flxxxff.exe77⤵
-
\??\c:\ntnhbh.exec:\ntnhbh.exe78⤵
-
\??\c:\hhtntt.exec:\hhtntt.exe79⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe80⤵
-
\??\c:\dpjjv.exec:\dpjjv.exe81⤵
-
\??\c:\xlllfxr.exec:\xlllfxr.exe82⤵
-
\??\c:\hhnnnt.exec:\hhnnnt.exe83⤵
-
\??\c:\7bbbbb.exec:\7bbbbb.exe84⤵
-
\??\c:\pvvdd.exec:\pvvdd.exe85⤵
-
\??\c:\xlrlffx.exec:\xlrlffx.exe86⤵
-
\??\c:\rxxxxfx.exec:\rxxxxfx.exe87⤵
-
\??\c:\tnhhbn.exec:\tnhhbn.exe88⤵
-
\??\c:\bntnhh.exec:\bntnhh.exe89⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe90⤵
-
\??\c:\lllffff.exec:\lllffff.exe91⤵
-
\??\c:\xxrlllf.exec:\xxrlllf.exe92⤵
- System Location Discovery: System Language Discovery
-
\??\c:\5thbbb.exec:\5thbbb.exe93⤵
-
\??\c:\ppddv.exec:\ppddv.exe94⤵
-
\??\c:\jddvj.exec:\jddvj.exe95⤵
-
\??\c:\3rxrllr.exec:\3rxrllr.exe96⤵
-
\??\c:\nbtttt.exec:\nbtttt.exe97⤵
-
\??\c:\htbbtt.exec:\htbbtt.exe98⤵
-
\??\c:\7dvjd.exec:\7dvjd.exe99⤵
-
\??\c:\7vpdp.exec:\7vpdp.exe100⤵
-
\??\c:\rlfrffx.exec:\rlfrffx.exe101⤵
-
\??\c:\fxffllf.exec:\fxffllf.exe102⤵
-
\??\c:\htbtnh.exec:\htbtnh.exe103⤵
-
\??\c:\ppjdv.exec:\ppjdv.exe104⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe105⤵
-
\??\c:\fxfrfxx.exec:\fxfrfxx.exe106⤵
-
\??\c:\bnttnn.exec:\bnttnn.exe107⤵
-
\??\c:\hhhnhb.exec:\hhhnhb.exe108⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe109⤵
-
\??\c:\fxxrrrl.exec:\fxxrrrl.exe110⤵
- System Location Discovery: System Language Discovery
-
\??\c:\1rxrlxr.exec:\1rxrlxr.exe111⤵
-
\??\c:\bthbbb.exec:\bthbbb.exe112⤵
-
\??\c:\xrxflll.exec:\xrxflll.exe113⤵
-
\??\c:\xfxllff.exec:\xfxllff.exe114⤵
-
\??\c:\hhnbbh.exec:\hhnbbh.exe115⤵
-
\??\c:\djjdv.exec:\djjdv.exe116⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe117⤵
-
\??\c:\xfrrlfx.exec:\xfrrlfx.exe118⤵
-
\??\c:\nhtttb.exec:\nhtttb.exe119⤵
-
\??\c:\tnbbbh.exec:\tnbbbh.exe120⤵
-
\??\c:\dppjd.exec:\dppjd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-