Analysis
-
max time kernel
120s -
max time network
92s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
05/10/2024, 07:53
General
-
Target
f3050556116b8a99d1fbde889088978c47303b6e625d9c31cb22f1bcb4095615N.exe
-
Size
71KB
-
MD5
55096184828f3eed2f75fa05d41decd0
-
SHA1
a1ecd7da441e09e9ae04d933c32a6904f6143be9
-
SHA256
f3050556116b8a99d1fbde889088978c47303b6e625d9c31cb22f1bcb4095615
-
SHA512
7aaf51ebcb372889a80ad0d41d415294177a25814cd6baca5dbcdf960fe066e7f47f46c5584ce9c01d45a0dea3986119910e966b8d43ea494cb89c2fca4b567a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfjX:ymb3NkkiQ3mdBjFI4Vn
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 38 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f3050556116b8a99d1fbde889088978c47303b6e625d9c31cb22f1bcb4095615N.exe"C:\Users\Admin\AppData\Local\Temp\f3050556116b8a99d1fbde889088978c47303b6e625d9c31cb22f1bcb4095615N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnhbb.exec:\ntnhbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvdd.exec:\dpvdd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xrffxl.exec:\1xrffxl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbbt.exec:\nbhbbt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvvj.exec:\djvvj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlfxrl.exec:\lrlfxrl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhbn.exec:\tnhhbn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvpd.exec:\djvpd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxrxxl.exec:\rrxrxxl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlrlfr.exec:\rxlrlfr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbtht.exec:\ntbtht.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjpd.exec:\ppjpd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlfxrf.exec:\lxlfxrf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxlfxr.exec:\xrxlfxr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tnhtn.exec:\9tnhtn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvp.exec:\vpdvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjvp.exec:\jpjvp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrrxrx.exec:\flrrxrx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnbnh.exec:\nhnbnh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ffflfr.exec:\1ffflfr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnbtn.exec:\nbnbtn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjdv.exec:\dvjdv.exe23⤵
- Executes dropped EXE
-
\??\c:\frfxfxf.exec:\frfxfxf.exe24⤵
- Executes dropped EXE
-
\??\c:\9hhhnh.exec:\9hhhnh.exe25⤵
- Executes dropped EXE
-
\??\c:\hbhtbt.exec:\hbhtbt.exe26⤵
- Executes dropped EXE
-
\??\c:\dddpj.exec:\dddpj.exe27⤵
- Executes dropped EXE
-
\??\c:\rxxllfx.exec:\rxxllfx.exe28⤵
- Executes dropped EXE
-
\??\c:\rllfxrr.exec:\rllfxrr.exe29⤵
- Executes dropped EXE
-
\??\c:\nhhhbt.exec:\nhhhbt.exe30⤵
- Executes dropped EXE
-
\??\c:\hbnhtn.exec:\hbnhtn.exe31⤵
- Executes dropped EXE
-
\??\c:\jpdjp.exec:\jpdjp.exe32⤵
- Executes dropped EXE
-
\??\c:\dpppd.exec:\dpppd.exe33⤵
- Executes dropped EXE
-
\??\c:\xlfrfxr.exec:\xlfrfxr.exe34⤵
- Executes dropped EXE
-
\??\c:\tthhhb.exec:\tthhhb.exe35⤵
- Executes dropped EXE
-
\??\c:\jppdp.exec:\jppdp.exe36⤵
- Executes dropped EXE
-
\??\c:\vdjjj.exec:\vdjjj.exe37⤵
- Executes dropped EXE
-
\??\c:\fxfrffx.exec:\fxfrffx.exe38⤵
- Executes dropped EXE
-
\??\c:\fxlffxx.exec:\fxlffxx.exe39⤵
- Executes dropped EXE
-
\??\c:\pjddd.exec:\pjddd.exe40⤵
- Executes dropped EXE
-
\??\c:\dvdvp.exec:\dvdvp.exe41⤵
- Executes dropped EXE
-
\??\c:\5rrlffx.exec:\5rrlffx.exe42⤵
- Executes dropped EXE
-
\??\c:\nbhbbb.exec:\nbhbbb.exe43⤵
- Executes dropped EXE
-
\??\c:\hntnnn.exec:\hntnnn.exe44⤵
- Executes dropped EXE
-
\??\c:\ddpvv.exec:\ddpvv.exe45⤵
- Executes dropped EXE
-
\??\c:\pjvpj.exec:\pjvpj.exe46⤵
- Executes dropped EXE
-
\??\c:\xllflfl.exec:\xllflfl.exe47⤵
- Executes dropped EXE
-
\??\c:\hbnnhb.exec:\hbnnhb.exe48⤵
- Executes dropped EXE
-
\??\c:\htbttt.exec:\htbttt.exe49⤵
- Executes dropped EXE
-
\??\c:\dvdvp.exec:\dvdvp.exe50⤵
- Executes dropped EXE
-
\??\c:\vpjjd.exec:\vpjjd.exe51⤵
- Executes dropped EXE
-
\??\c:\flrlfff.exec:\flrlfff.exe52⤵
- Executes dropped EXE
-
\??\c:\lfxxllx.exec:\lfxxllx.exe53⤵
- Executes dropped EXE
-
\??\c:\bbnnhh.exec:\bbnnhh.exe54⤵
- Executes dropped EXE
-
\??\c:\dvvpp.exec:\dvvpp.exe55⤵
- Executes dropped EXE
-
\??\c:\vjjpj.exec:\vjjpj.exe56⤵
- Executes dropped EXE
-
\??\c:\5xrxlxr.exec:\5xrxlxr.exe57⤵
- Executes dropped EXE
-
\??\c:\xrxxxxr.exec:\xrxxxxr.exe58⤵
- Executes dropped EXE
-
\??\c:\hthbbt.exec:\hthbbt.exe59⤵
- Executes dropped EXE
-
\??\c:\hhhbtn.exec:\hhhbtn.exe60⤵
- Executes dropped EXE
-
\??\c:\djvdp.exec:\djvdp.exe61⤵
- Executes dropped EXE
-
\??\c:\dppdd.exec:\dppdd.exe62⤵
- Executes dropped EXE
-
\??\c:\xflfrrl.exec:\xflfrrl.exe63⤵
- Executes dropped EXE
-
\??\c:\lfllrxf.exec:\lfllrxf.exe64⤵
- Executes dropped EXE
-
\??\c:\ntnbtt.exec:\ntnbtt.exe65⤵
- Executes dropped EXE
-
\??\c:\nnhhbb.exec:\nnhhbb.exe66⤵
-
\??\c:\pvdvj.exec:\pvdvj.exe67⤵
-
\??\c:\9jpjp.exec:\9jpjp.exe68⤵
-
\??\c:\9xxlxrl.exec:\9xxlxrl.exe69⤵
-
\??\c:\3xrlrrl.exec:\3xrlrrl.exe70⤵
-
\??\c:\tntnbb.exec:\tntnbb.exe71⤵
-
\??\c:\tnbbbb.exec:\tnbbbb.exe72⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe73⤵
-
\??\c:\lrfffrx.exec:\lrfffrx.exe74⤵
-
\??\c:\3fllrrf.exec:\3fllrrf.exe75⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe76⤵
-
\??\c:\btbbhb.exec:\btbbhb.exe77⤵
-
\??\c:\9ppdp.exec:\9ppdp.exe78⤵
-
\??\c:\pjjvp.exec:\pjjvp.exe79⤵
-
\??\c:\flrlxxr.exec:\flrlxxr.exe80⤵
-
\??\c:\nbbtbn.exec:\nbbtbn.exe81⤵
-
\??\c:\hbhbnt.exec:\hbhbnt.exe82⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe83⤵
-
\??\c:\nhbthh.exec:\nhbthh.exe84⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe85⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe86⤵
-
\??\c:\lxxlxxr.exec:\lxxlxxr.exe87⤵
-
\??\c:\hnnnbn.exec:\hnnnbn.exe88⤵
-
\??\c:\9bttht.exec:\9bttht.exe89⤵
-
\??\c:\5djjp.exec:\5djjp.exe90⤵
-
\??\c:\llfxffl.exec:\llfxffl.exe91⤵
-
\??\c:\llfxrll.exec:\llfxrll.exe92⤵
-
\??\c:\ntbtnn.exec:\ntbtnn.exe93⤵
-
\??\c:\tnbthh.exec:\tnbthh.exe94⤵
-
\??\c:\9dvvp.exec:\9dvvp.exe95⤵
-
\??\c:\djvpd.exec:\djvpd.exe96⤵
-
\??\c:\xrxrflf.exec:\xrxrflf.exe97⤵
-
\??\c:\xffrrll.exec:\xffrrll.exe98⤵
-
\??\c:\tbhbtn.exec:\tbhbtn.exe99⤵
-
\??\c:\btnnbb.exec:\btnnbb.exe100⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe101⤵
-
\??\c:\jdddp.exec:\jdddp.exe102⤵
-
\??\c:\xrllxxf.exec:\xrllxxf.exe103⤵
-
\??\c:\tnbnbn.exec:\tnbnbn.exe104⤵
-
\??\c:\tntnbb.exec:\tntnbb.exe105⤵
-
\??\c:\jdddv.exec:\jdddv.exe106⤵
-
\??\c:\fxxrxxf.exec:\fxxrxxf.exe107⤵
-
\??\c:\rlfxrlf.exec:\rlfxrlf.exe108⤵
-
\??\c:\nbbnhn.exec:\nbbnhn.exe109⤵
-
\??\c:\vdpdv.exec:\vdpdv.exe110⤵
-
\??\c:\5pvvj.exec:\5pvvj.exe111⤵
-
\??\c:\frrrlff.exec:\frrrlff.exe112⤵
-
\??\c:\lfxrllf.exec:\lfxrllf.exe113⤵
-
\??\c:\bnttnn.exec:\bnttnn.exe114⤵
-
\??\c:\tbbnhh.exec:\tbbnhh.exe115⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe116⤵
-
\??\c:\1lrlxff.exec:\1lrlxff.exe117⤵
-
\??\c:\xrlrrrl.exec:\xrlrrrl.exe118⤵
-
\??\c:\tnhhbb.exec:\tnhhbb.exe119⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe120⤵
-
\??\c:\9pjjv.exec:\9pjjv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-