Analysis
-
max time kernel
150s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
10/10/2024, 03:11
General
-
Target
f05aff09e6fff027539c99ddd676b97d14f35105da33846b94ebb15982d5cd5f.exe
-
Size
72KB
-
MD5
b29035d91da4f594db99b20c5d7ae300
-
SHA1
3189860d6452d208233e0e31e9f3c31f22c18c3a
-
SHA256
f05aff09e6fff027539c99ddd676b97d14f35105da33846b94ebb15982d5cd5f
-
SHA512
647edeaeb0e9d61238cb4dc28b503caab806d9d7348b25ad4c9b854a65bb7d7d5198a1f889ad8c194663c2a1a40449e2f80d81037ed242056ee30560413e4da1
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfjW3:ymb3NkkiQ3mdBjFI4Vi
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f05aff09e6fff027539c99ddd676b97d14f35105da33846b94ebb15982d5cd5f.exe"C:\Users\Admin\AppData\Local\Temp\f05aff09e6fff027539c99ddd676b97d14f35105da33846b94ebb15982d5cd5f.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxllxx.exec:\ffxllxx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbbbh.exec:\thbbbh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthnth.exec:\tthnth.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffllxxl.exec:\ffllxxl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrflrrf.exec:\rrflrrf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbbht.exec:\htbbht.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhnnn.exec:\nbhnnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1frrllf.exec:\1frrllf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrlll.exec:\rlrrlll.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httttb.exec:\httttb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpd.exec:\jvvpd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflllll.exec:\fflllll.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntttb.exec:\tntttb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjvj.exec:\vpjvj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfrrf.exec:\rllfrrf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxxllx.exec:\rxxxllx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthnnt.exec:\hthnnt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjv.exec:\vpjjv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dvdp.exec:\5dvdp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllrlfl.exec:\rllrlfl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhhb.exec:\nhnhhb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjv.exec:\pjpjv.exe23⤵
- Executes dropped EXE
-
\??\c:\ddjpv.exec:\ddjpv.exe24⤵
- Executes dropped EXE
-
\??\c:\rrfxlll.exec:\rrfxlll.exe25⤵
- Executes dropped EXE
-
\??\c:\bbhthb.exec:\bbhthb.exe26⤵
- Executes dropped EXE
-
\??\c:\htthbt.exec:\htthbt.exe27⤵
- Executes dropped EXE
-
\??\c:\pdvpp.exec:\pdvpp.exe28⤵
- Executes dropped EXE
-
\??\c:\lxrfxrl.exec:\lxrfxrl.exe29⤵
- Executes dropped EXE
-
\??\c:\lllfxrl.exec:\lllfxrl.exe30⤵
- Executes dropped EXE
-
\??\c:\pjddv.exec:\pjddv.exe31⤵
- Executes dropped EXE
-
\??\c:\btnbtn.exec:\btnbtn.exe32⤵
- Executes dropped EXE
-
\??\c:\9tthnn.exec:\9tthnn.exe33⤵
- Executes dropped EXE
-
\??\c:\5ddpv.exec:\5ddpv.exe34⤵
- Executes dropped EXE
-
\??\c:\rxrfxrl.exec:\rxrfxrl.exe35⤵
- Executes dropped EXE
-
\??\c:\3bbtnh.exec:\3bbtnh.exe36⤵
- Executes dropped EXE
-
\??\c:\7bbbnn.exec:\7bbbnn.exe37⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe38⤵
- Executes dropped EXE
-
\??\c:\lxlrflx.exec:\lxlrflx.exe39⤵
- Executes dropped EXE
-
\??\c:\xfxxrrf.exec:\xfxxrrf.exe40⤵
- Executes dropped EXE
-
\??\c:\nhhbbt.exec:\nhhbbt.exe41⤵
- Executes dropped EXE
-
\??\c:\pdpjp.exec:\pdpjp.exe42⤵
- Executes dropped EXE
-
\??\c:\jppdv.exec:\jppdv.exe43⤵
- Executes dropped EXE
-
\??\c:\xrxlrxf.exec:\xrxlrxf.exe44⤵
- Executes dropped EXE
-
\??\c:\fflfrrf.exec:\fflfrrf.exe45⤵
- Executes dropped EXE
-
\??\c:\5nttnh.exec:\5nttnh.exe46⤵
- Executes dropped EXE
-
\??\c:\5nhntb.exec:\5nhntb.exe47⤵
- Executes dropped EXE
-
\??\c:\vdjpj.exec:\vdjpj.exe48⤵
- Executes dropped EXE
-
\??\c:\rrxrfff.exec:\rrxrfff.exe49⤵
- Executes dropped EXE
-
\??\c:\hbtthn.exec:\hbtthn.exe50⤵
- Executes dropped EXE
-
\??\c:\1tthbb.exec:\1tthbb.exe51⤵
- Executes dropped EXE
-
\??\c:\vpdvp.exec:\vpdvp.exe52⤵
- Executes dropped EXE
-
\??\c:\5vvpd.exec:\5vvpd.exe53⤵
- Executes dropped EXE
-
\??\c:\xlrlffx.exec:\xlrlffx.exe54⤵
- Executes dropped EXE
-
\??\c:\3bbbtt.exec:\3bbbtt.exe55⤵
- Executes dropped EXE
-
\??\c:\btnnhh.exec:\btnnhh.exe56⤵
- Executes dropped EXE
-
\??\c:\dpjdp.exec:\dpjdp.exe57⤵
- Executes dropped EXE
-
\??\c:\1xrllfl.exec:\1xrllfl.exe58⤵
- Executes dropped EXE
-
\??\c:\rlfxfxr.exec:\rlfxfxr.exe59⤵
- Executes dropped EXE
-
\??\c:\5btntn.exec:\5btntn.exe60⤵
- Executes dropped EXE
-
\??\c:\dpvjp.exec:\dpvjp.exe61⤵
- Executes dropped EXE
-
\??\c:\dvpdp.exec:\dvpdp.exe62⤵
- Executes dropped EXE
-
\??\c:\fxrlxrl.exec:\fxrlxrl.exe63⤵
- Executes dropped EXE
-
\??\c:\lllllll.exec:\lllllll.exe64⤵
- Executes dropped EXE
-
\??\c:\hhnnhh.exec:\hhnnhh.exe65⤵
- Executes dropped EXE
-
\??\c:\nbhhbb.exec:\nbhhbb.exe66⤵
-
\??\c:\vvpvd.exec:\vvpvd.exe67⤵
-
\??\c:\lfllfll.exec:\lfllfll.exe68⤵
-
\??\c:\rffxfff.exec:\rffxfff.exe69⤵
-
\??\c:\thhhhh.exec:\thhhhh.exe70⤵
-
\??\c:\nnhbtt.exec:\nnhbtt.exe71⤵
-
\??\c:\vvvdp.exec:\vvvdp.exe72⤵
-
\??\c:\3pvvj.exec:\3pvvj.exe73⤵
-
\??\c:\lxrrlll.exec:\lxrrlll.exe74⤵
-
\??\c:\hhhhnn.exec:\hhhhnn.exe75⤵
-
\??\c:\nntnhh.exec:\nntnhh.exe76⤵
-
\??\c:\7dpdd.exec:\7dpdd.exe77⤵
-
\??\c:\rfflflf.exec:\rfflflf.exe78⤵
-
\??\c:\bhbbhn.exec:\bhbbhn.exe79⤵
-
\??\c:\nntnnb.exec:\nntnnb.exe80⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe81⤵
-
\??\c:\5dddd.exec:\5dddd.exe82⤵
-
\??\c:\lxlrfrr.exec:\lxlrfrr.exe83⤵
-
\??\c:\rxlrlll.exec:\rxlrlll.exe84⤵
-
\??\c:\7nbttt.exec:\7nbttt.exe85⤵
-
\??\c:\7vvvv.exec:\7vvvv.exe86⤵
-
\??\c:\9jpvp.exec:\9jpvp.exe87⤵
-
\??\c:\xxrlfff.exec:\xxrlfff.exe88⤵
-
\??\c:\nhbntn.exec:\nhbntn.exe89⤵
-
\??\c:\nthhnn.exec:\nthhnn.exe90⤵
-
\??\c:\jjjjj.exec:\jjjjj.exe91⤵
-
\??\c:\vppjd.exec:\vppjd.exe92⤵
-
\??\c:\xrrlffx.exec:\xrrlffx.exe93⤵
-
\??\c:\rfrffxf.exec:\rfrffxf.exe94⤵
-
\??\c:\hbbbtt.exec:\hbbbtt.exe95⤵
-
\??\c:\tthhtt.exec:\tthhtt.exe96⤵
-
\??\c:\pjpvp.exec:\pjpvp.exe97⤵
-
\??\c:\xlfxlll.exec:\xlfxlll.exe98⤵
-
\??\c:\rxxflrl.exec:\rxxflrl.exe99⤵
-
\??\c:\htbbtt.exec:\htbbtt.exe100⤵
-
\??\c:\5bbbtb.exec:\5bbbtb.exe101⤵
-
\??\c:\hbhbtt.exec:\hbhbtt.exe102⤵
-
\??\c:\vjppj.exec:\vjppj.exe103⤵
-
\??\c:\5vdvp.exec:\5vdvp.exe104⤵
-
\??\c:\3rrrlrl.exec:\3rrrlrl.exe105⤵
-
\??\c:\thhhhn.exec:\thhhhn.exe106⤵
-
\??\c:\bnnhhh.exec:\bnnhhh.exe107⤵
-
\??\c:\ppjjv.exec:\ppjjv.exe108⤵
-
\??\c:\7rlfxxr.exec:\7rlfxxr.exe109⤵
-
\??\c:\xrrxxll.exec:\xrrxxll.exe110⤵
-
\??\c:\nnhhtb.exec:\nnhhtb.exe111⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe112⤵
-
\??\c:\5jjjv.exec:\5jjjv.exe113⤵
-
\??\c:\lrrlfrl.exec:\lrrlfrl.exe114⤵
-
\??\c:\xxlrlll.exec:\xxlrlll.exe115⤵
-
\??\c:\3tnnnn.exec:\3tnnnn.exe116⤵
-
\??\c:\3ddvp.exec:\3ddvp.exe117⤵
-
\??\c:\jjddv.exec:\jjddv.exe118⤵
-
\??\c:\1lrlxlf.exec:\1lrlxlf.exe119⤵
-
\??\c:\rrrrllf.exec:\rrrrllf.exe120⤵
-
\??\c:\ttbttt.exec:\ttbttt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-