Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
06-10-2024 06:35
General
-
Target
820332fbbfb62b4c7fa29895df6832959fd1df74116c323c0e324aa89d9721f7N.exe
-
Size
65KB
-
MD5
35f7826585e5dac391a03cbc125178a0
-
SHA1
8ee4a34e43cab2f91c0213fde53a8bfc2c03ba20
-
SHA256
820332fbbfb62b4c7fa29895df6832959fd1df74116c323c0e324aa89d9721f7
-
SHA512
89fe6e2525a96a09db106e68ebb48a6ff2fc5bc64e76f3483540d24435a113d829670286f3a83df8a034016b11444ad8c085731e3eddcceb0708f12419ab9a17
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI9L27BqfB:ymb3NkkiQ3mdBjFI9cqfB
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 35 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\820332fbbfb62b4c7fa29895df6832959fd1df74116c323c0e324aa89d9721f7N.exe"C:\Users\Admin\AppData\Local\Temp\820332fbbfb62b4c7fa29895df6832959fd1df74116c323c0e324aa89d9721f7N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\btttnn.exec:\btttnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvd.exec:\jddvd.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrxlxr.exec:\xrrxlxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbbht.exec:\bhbbht.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntbtt.exec:\bntbtt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdd.exec:\vjjdd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxrlff.exec:\xfxrlff.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfflrf.exec:\xxfflrf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnhh.exec:\bntnhh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvpv.exec:\vjvpv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrxrrr.exec:\fxrxrrr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxflllr.exec:\xxflllr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnnt.exec:\hbtnnt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpjj.exec:\vvpjj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjp.exec:\vppjp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrrflr.exec:\rxrrflr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbttn.exec:\bbbttn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxrrl.exec:\lffxrrl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppdv.exec:\dppdv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjv.exec:\ppjjv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntthh.exec:\tntthh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnbth.exec:\hnnbth.exe23⤵
- Executes dropped EXE
-
\??\c:\djjdp.exec:\djjdp.exe24⤵
- Executes dropped EXE
-
\??\c:\frxxrrl.exec:\frxxrrl.exe25⤵
- Executes dropped EXE
-
\??\c:\hbbbhh.exec:\hbbbhh.exe26⤵
- Executes dropped EXE
-
\??\c:\pdvdp.exec:\pdvdp.exe27⤵
- Executes dropped EXE
-
\??\c:\dpdvj.exec:\dpdvj.exe28⤵
- Executes dropped EXE
-
\??\c:\5xfrlrl.exec:\5xfrlrl.exe29⤵
- Executes dropped EXE
-
\??\c:\5nbtbh.exec:\5nbtbh.exe30⤵
- Executes dropped EXE
-
\??\c:\7pppj.exec:\7pppj.exe31⤵
- Executes dropped EXE
-
\??\c:\pdpjd.exec:\pdpjd.exe32⤵
- Executes dropped EXE
-
\??\c:\rflfffl.exec:\rflfffl.exe33⤵
- Executes dropped EXE
-
\??\c:\hntnnn.exec:\hntnnn.exe34⤵
- Executes dropped EXE
-
\??\c:\dppdv.exec:\dppdv.exe35⤵
- Executes dropped EXE
-
\??\c:\vjpjv.exec:\vjpjv.exe36⤵
- Executes dropped EXE
-
\??\c:\frlxllx.exec:\frlxllx.exe37⤵
- Executes dropped EXE
-
\??\c:\nnhhbb.exec:\nnhhbb.exe38⤵
- Executes dropped EXE
-
\??\c:\1ttnhb.exec:\1ttnhb.exe39⤵
- Executes dropped EXE
-
\??\c:\pvjpd.exec:\pvjpd.exe40⤵
- Executes dropped EXE
-
\??\c:\jddjd.exec:\jddjd.exe41⤵
- Executes dropped EXE
-
\??\c:\rffffrf.exec:\rffffrf.exe42⤵
- Executes dropped EXE
-
\??\c:\xxlrxll.exec:\xxlrxll.exe43⤵
- Executes dropped EXE
-
\??\c:\nhbtnn.exec:\nhbtnn.exe44⤵
- Executes dropped EXE
-
\??\c:\vvvvj.exec:\vvvvj.exe45⤵
- Executes dropped EXE
-
\??\c:\pdpjj.exec:\pdpjj.exe46⤵
- Executes dropped EXE
-
\??\c:\frxxrxx.exec:\frxxrxx.exe47⤵
- Executes dropped EXE
-
\??\c:\fxlxxrr.exec:\fxlxxrr.exe48⤵
- Executes dropped EXE
-
\??\c:\nnnhbb.exec:\nnnhbb.exe49⤵
- Executes dropped EXE
-
\??\c:\ddjpd.exec:\ddjpd.exe50⤵
- Executes dropped EXE
-
\??\c:\lxrffxr.exec:\lxrffxr.exe51⤵
- Executes dropped EXE
-
\??\c:\lxfrlfr.exec:\lxfrlfr.exe52⤵
- Executes dropped EXE
-
\??\c:\nhnhhh.exec:\nhnhhh.exe53⤵
- Executes dropped EXE
-
\??\c:\nbthbt.exec:\nbthbt.exe54⤵
- Executes dropped EXE
-
\??\c:\1ppdv.exec:\1ppdv.exe55⤵
- Executes dropped EXE
-
\??\c:\fxrlxrr.exec:\fxrlxrr.exe56⤵
- Executes dropped EXE
-
\??\c:\1tntth.exec:\1tntth.exe57⤵
- Executes dropped EXE
-
\??\c:\jdpdv.exec:\jdpdv.exe58⤵
- Executes dropped EXE
-
\??\c:\7dvjp.exec:\7dvjp.exe59⤵
- Executes dropped EXE
-
\??\c:\xlxxfrf.exec:\xlxxfrf.exe60⤵
- Executes dropped EXE
-
\??\c:\rlrlfll.exec:\rlrlfll.exe61⤵
- Executes dropped EXE
-
\??\c:\hbbtnh.exec:\hbbtnh.exe62⤵
- Executes dropped EXE
-
\??\c:\bthhhb.exec:\bthhhb.exe63⤵
- Executes dropped EXE
-
\??\c:\vjpdv.exec:\vjpdv.exe64⤵
- Executes dropped EXE
-
\??\c:\jdvdj.exec:\jdvdj.exe65⤵
- Executes dropped EXE
-
\??\c:\lfxrffx.exec:\lfxrffx.exe66⤵
-
\??\c:\lfxrlfx.exec:\lfxrlfx.exe67⤵
- System Location Discovery: System Language Discovery
-
\??\c:\tnnnbb.exec:\tnnnbb.exe68⤵
-
\??\c:\thhtnt.exec:\thhtnt.exe69⤵
-
\??\c:\ppjvj.exec:\ppjvj.exe70⤵
-
\??\c:\rflrfxr.exec:\rflrfxr.exe71⤵
-
\??\c:\fllffrl.exec:\fllffrl.exe72⤵
-
\??\c:\1nbtnh.exec:\1nbtnh.exe73⤵
-
\??\c:\hbhttb.exec:\hbhttb.exe74⤵
-
\??\c:\1vdjv.exec:\1vdjv.exe75⤵
-
\??\c:\fllfrlf.exec:\fllfrlf.exe76⤵
-
\??\c:\xrlfrlf.exec:\xrlfrlf.exe77⤵
-
\??\c:\nbhntb.exec:\nbhntb.exe78⤵
-
\??\c:\fxxxrrr.exec:\fxxxrrr.exe79⤵
-
\??\c:\nbnhbn.exec:\nbnhbn.exe80⤵
-
\??\c:\nbtnbh.exec:\nbtnbh.exe81⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe82⤵
-
\??\c:\3rrlrrr.exec:\3rrlrrr.exe83⤵
-
\??\c:\xlllffx.exec:\xlllffx.exe84⤵
-
\??\c:\tthbth.exec:\tthbth.exe85⤵
-
\??\c:\hbbnbt.exec:\hbbnbt.exe86⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe87⤵
-
\??\c:\7ffrfrl.exec:\7ffrfrl.exe88⤵
-
\??\c:\rflfrlf.exec:\rflfrlf.exe89⤵
-
\??\c:\bttnbb.exec:\bttnbb.exe90⤵
-
\??\c:\jddvp.exec:\jddvp.exe91⤵
-
\??\c:\jdpdv.exec:\jdpdv.exe92⤵
-
\??\c:\lflfxfx.exec:\lflfxfx.exe93⤵
-
\??\c:\rlfxffx.exec:\rlfxffx.exe94⤵
-
\??\c:\nnbnhb.exec:\nnbnhb.exe95⤵
-
\??\c:\9ppjv.exec:\9ppjv.exe96⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe97⤵
-
\??\c:\llrlxxx.exec:\llrlxxx.exe98⤵
-
\??\c:\lfxrfxr.exec:\lfxrfxr.exe99⤵
-
\??\c:\hbnhhh.exec:\hbnhhh.exe100⤵
-
\??\c:\tnhthh.exec:\tnhthh.exe101⤵
-
\??\c:\pvvpp.exec:\pvvpp.exe102⤵
-
\??\c:\xrxlrxl.exec:\xrxlrxl.exe103⤵
-
\??\c:\llxlrlx.exec:\llxlrlx.exe104⤵
-
\??\c:\nbbtnn.exec:\nbbtnn.exe105⤵
-
\??\c:\nhbthb.exec:\nhbthb.exe106⤵
-
\??\c:\3dddv.exec:\3dddv.exe107⤵
-
\??\c:\lrflxfl.exec:\lrflxfl.exe108⤵
-
\??\c:\frfxlxf.exec:\frfxlxf.exe109⤵
-
\??\c:\1bbttt.exec:\1bbttt.exe110⤵
-
\??\c:\thhnhb.exec:\thhnhb.exe111⤵
-
\??\c:\pppdp.exec:\pppdp.exe112⤵
-
\??\c:\llrlxxl.exec:\llrlxxl.exe113⤵
-
\??\c:\btttbh.exec:\btttbh.exe114⤵
-
\??\c:\tnhbnn.exec:\tnhbnn.exe115⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe116⤵
-
\??\c:\pdvvp.exec:\pdvvp.exe117⤵
-
\??\c:\fxxrxrf.exec:\fxxrxrf.exe118⤵
-
\??\c:\httnbt.exec:\httnbt.exe119⤵
-
\??\c:\httnhb.exec:\httnhb.exe120⤵
-
\??\c:\vjpdv.exec:\vjpdv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-