Analysis
-
max time kernel
150s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
13/10/2024, 20:57
General
-
Target
3a2d9c11440568096e6d1a4cbf6c3d688bbf5f8269c73bd388fe9e14be76d69c.exe
-
Size
65KB
-
MD5
a538f41008561df2b59b24db827ab9a4
-
SHA1
e760a9bdfcf7012517d23a80ed1d6f946687ac10
-
SHA256
3a2d9c11440568096e6d1a4cbf6c3d688bbf5f8269c73bd388fe9e14be76d69c
-
SHA512
5359e151dfdc776be21542d303a84333d7cbd5624d00730aff238cc152fda939901ad351ef95c53b4d88cc8cfa67457ec7110d8c49156ca31348f35e3fd00149
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yU+kbxeS:ymb3NkkiQ3mdBjF0y7kbUS
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3a2d9c11440568096e6d1a4cbf6c3d688bbf5f8269c73bd388fe9e14be76d69c.exe"C:\Users\Admin\AppData\Local\Temp\3a2d9c11440568096e6d1a4cbf6c3d688bbf5f8269c73bd388fe9e14be76d69c.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3xrxllr.exec:\3xrxllr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhbnn.exec:\bhhbnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ntbtb.exec:\9ntbtb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdvp.exec:\jjdvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrlfxr.exec:\frrlfxr.exe6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrlrrr.exec:\ffrlrrr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthhbt.exec:\hthhbt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjp.exec:\pjpjp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpvp.exec:\vvpvp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfrlx.exec:\xllfrlx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hhbbb.exec:\9hhbbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nhtnn.exec:\1nhtnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjddj.exec:\jjddj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfrrll.exec:\rrfrrll.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxflrfx.exec:\fxflrfx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbtnh.exec:\thbtnh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jpjd.exec:\3jpjd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jjdv.exec:\5jjdv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllxrrl.exec:\rllxrrl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnhh.exec:\bttnhh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9thttn.exec:\9thttn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvpp.exec:\vvvpp.exe23⤵
- Executes dropped EXE
-
\??\c:\dvdvd.exec:\dvdvd.exe24⤵
- Executes dropped EXE
-
\??\c:\xfllfrl.exec:\xfllfrl.exe25⤵
- Executes dropped EXE
-
\??\c:\vvdpv.exec:\vvdpv.exe26⤵
- Executes dropped EXE
-
\??\c:\pvvvv.exec:\pvvvv.exe27⤵
- Executes dropped EXE
-
\??\c:\9lfxlfx.exec:\9lfxlfx.exe28⤵
- Executes dropped EXE
-
\??\c:\7hnhhh.exec:\7hnhhh.exe29⤵
- Executes dropped EXE
-
\??\c:\5hbthb.exec:\5hbthb.exe30⤵
- Executes dropped EXE
-
\??\c:\jpjvj.exec:\jpjvj.exe31⤵
- Executes dropped EXE
-
\??\c:\rlfxllf.exec:\rlfxllf.exe32⤵
- Executes dropped EXE
-
\??\c:\ffrxlxr.exec:\ffrxlxr.exe33⤵
- Executes dropped EXE
-
\??\c:\9tttnn.exec:\9tttnn.exe34⤵
- Executes dropped EXE
-
\??\c:\7ntntt.exec:\7ntntt.exe35⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe36⤵
- Executes dropped EXE
-
\??\c:\jpjdp.exec:\jpjdp.exe37⤵
- Executes dropped EXE
-
\??\c:\xfxxrrl.exec:\xfxxrrl.exe38⤵
- Executes dropped EXE
-
\??\c:\3xxrlfr.exec:\3xxrlfr.exe39⤵
- Executes dropped EXE
-
\??\c:\5llfrlx.exec:\5llfrlx.exe40⤵
- Executes dropped EXE
-
\??\c:\hntthb.exec:\hntthb.exe41⤵
- Executes dropped EXE
-
\??\c:\hbhthb.exec:\hbhthb.exe42⤵
- Executes dropped EXE
-
\??\c:\pvpvp.exec:\pvpvp.exe43⤵
- Executes dropped EXE
-
\??\c:\5lrlffl.exec:\5lrlffl.exe44⤵
- Executes dropped EXE
-
\??\c:\fxxllfx.exec:\fxxllfx.exe45⤵
- Executes dropped EXE
-
\??\c:\bttnhb.exec:\bttnhb.exe46⤵
- Executes dropped EXE
-
\??\c:\nhhbnh.exec:\nhhbnh.exe47⤵
- Executes dropped EXE
-
\??\c:\vpdvv.exec:\vpdvv.exe48⤵
- Executes dropped EXE
-
\??\c:\vvdvj.exec:\vvdvj.exe49⤵
- Executes dropped EXE
-
\??\c:\lfrlxfx.exec:\lfrlxfx.exe50⤵
- Executes dropped EXE
-
\??\c:\rrrlfff.exec:\rrrlfff.exe51⤵
- Executes dropped EXE
-
\??\c:\ntttnn.exec:\ntttnn.exe52⤵
- Executes dropped EXE
-
\??\c:\bnbnhh.exec:\bnbnhh.exe53⤵
- Executes dropped EXE
-
\??\c:\vvjjp.exec:\vvjjp.exe54⤵
- Executes dropped EXE
-
\??\c:\pddvj.exec:\pddvj.exe55⤵
- Executes dropped EXE
-
\??\c:\9lxrxfr.exec:\9lxrxfr.exe56⤵
- Executes dropped EXE
-
\??\c:\xxrrffx.exec:\xxrrffx.exe57⤵
- Executes dropped EXE
-
\??\c:\hbbbtt.exec:\hbbbtt.exe58⤵
- Executes dropped EXE
-
\??\c:\hnnhtt.exec:\hnnhtt.exe59⤵
- Executes dropped EXE
-
\??\c:\vvpvj.exec:\vvpvj.exe60⤵
- Executes dropped EXE
-
\??\c:\vjdvv.exec:\vjdvv.exe61⤵
- Executes dropped EXE
-
\??\c:\jpvpj.exec:\jpvpj.exe62⤵
- Executes dropped EXE
-
\??\c:\fllfrrx.exec:\fllfrrx.exe63⤵
- Executes dropped EXE
-
\??\c:\ntthbt.exec:\ntthbt.exe64⤵
- Executes dropped EXE
-
\??\c:\nhbtbt.exec:\nhbtbt.exe65⤵
- Executes dropped EXE
-
\??\c:\dvdvj.exec:\dvdvj.exe66⤵
-
\??\c:\3pjdv.exec:\3pjdv.exe67⤵
-
\??\c:\7xrlxfx.exec:\7xrlxfx.exe68⤵
-
\??\c:\1nnbtb.exec:\1nnbtb.exe69⤵
-
\??\c:\lffrlfx.exec:\lffrlfx.exe70⤵
-
\??\c:\lllfxrl.exec:\lllfxrl.exe71⤵
-
\??\c:\vdjvp.exec:\vdjvp.exe72⤵
-
\??\c:\9jdvp.exec:\9jdvp.exe73⤵
-
\??\c:\xrlfrrl.exec:\xrlfrrl.exe74⤵
-
\??\c:\xxxxfxr.exec:\xxxxfxr.exe75⤵
-
\??\c:\tttnht.exec:\tttnht.exe76⤵
-
\??\c:\fxrffxx.exec:\fxrffxx.exe77⤵
-
\??\c:\lfxrllf.exec:\lfxrllf.exe78⤵
-
\??\c:\7bbthb.exec:\7bbthb.exe79⤵
-
\??\c:\nhhbtn.exec:\nhhbtn.exe80⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe81⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe82⤵
-
\??\c:\fffrfxr.exec:\fffrfxr.exe83⤵
-
\??\c:\xlfflll.exec:\xlfflll.exe84⤵
-
\??\c:\1hbthb.exec:\1hbthb.exe85⤵
-
\??\c:\3ttnbb.exec:\3ttnbb.exe86⤵
-
\??\c:\jpjvj.exec:\jpjvj.exe87⤵
-
\??\c:\7ppvj.exec:\7ppvj.exe88⤵
-
\??\c:\bbthbt.exec:\bbthbt.exe89⤵
-
\??\c:\jppjv.exec:\jppjv.exe90⤵
-
\??\c:\1dvpd.exec:\1dvpd.exe91⤵
-
\??\c:\xlxxlrx.exec:\xlxxlrx.exe92⤵
-
\??\c:\lfxrfxr.exec:\lfxrfxr.exe93⤵
-
\??\c:\nbnhtn.exec:\nbnhtn.exe94⤵
-
\??\c:\nbtnbb.exec:\nbtnbb.exe95⤵
-
\??\c:\dvppj.exec:\dvppj.exe96⤵
-
\??\c:\5jppd.exec:\5jppd.exe97⤵
-
\??\c:\xrxxrrr.exec:\xrxxrrr.exe98⤵
-
\??\c:\rlllfll.exec:\rlllfll.exe99⤵
-
\??\c:\3bbtbb.exec:\3bbtbb.exe100⤵
-
\??\c:\vdpdp.exec:\vdpdp.exe101⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe102⤵
-
\??\c:\llxxrxr.exec:\llxxrxr.exe103⤵
-
\??\c:\lrrrxxr.exec:\lrrrxxr.exe104⤵
-
\??\c:\rllfxxr.exec:\rllfxxr.exe105⤵
-
\??\c:\hnbtnt.exec:\hnbtnt.exe106⤵
-
\??\c:\1bbthb.exec:\1bbthb.exe107⤵
-
\??\c:\jjjvp.exec:\jjjvp.exe108⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe109⤵
-
\??\c:\7lffrlf.exec:\7lffrlf.exe110⤵
-
\??\c:\lrrlrlf.exec:\lrrlrlf.exe111⤵
-
\??\c:\thhbtt.exec:\thhbtt.exe112⤵
-
\??\c:\bhnbtn.exec:\bhnbtn.exe113⤵
-
\??\c:\jpdvp.exec:\jpdvp.exe114⤵
-
\??\c:\ddjdp.exec:\ddjdp.exe115⤵
-
\??\c:\9rxxxxx.exec:\9rxxxxx.exe116⤵
-
\??\c:\fxxrrlx.exec:\fxxrrlx.exe117⤵
-
\??\c:\3nnhbn.exec:\3nnhbn.exe118⤵
-
\??\c:\hhtttb.exec:\hhtttb.exe119⤵
-
\??\c:\jddvv.exec:\jddvv.exe120⤵
-
\??\c:\pddvj.exec:\pddvj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-