Analysis
-
max time kernel
120s -
max time network
108s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
14/10/2024, 22:50
General
-
Target
645f9fd79c2bcffdac630eb1d9f1ab3955dfc7c0ecf9d1e14b506622c14442c2N.exe
-
Size
82KB
-
MD5
e6a50d5a0ef287fccc1792637d6716c0
-
SHA1
e7d0ab9c150c116817af98b5973382c47f554f98
-
SHA256
645f9fd79c2bcffdac630eb1d9f1ab3955dfc7c0ecf9d1e14b506622c14442c2
-
SHA512
5ee6e7097dd71fb75f1d9d09b000e19ed92e03783fdabc884ff4bff576f70214d0f3c1df2803335b15b3edee18f7faccdadc9e5a5a902b63593de1be72bf9990
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA89Q9u:ymb3NkkiQ3mdBjFIIp9L9QrrA8Yu
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\645f9fd79c2bcffdac630eb1d9f1ab3955dfc7c0ecf9d1e14b506622c14442c2N.exe"C:\Users\Admin\AppData\Local\Temp\645f9fd79c2bcffdac630eb1d9f1ab3955dfc7c0ecf9d1e14b506622c14442c2N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvpp.exec:\vjvpp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrxxxf.exec:\llrxxxf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bttnb.exec:\7bttnb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjdv.exec:\vdjdv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlrxrx.exec:\rrlrxrx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhhbn.exec:\nnhhbn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpddd.exec:\dpddd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlfff.exec:\xrrlfff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrlfff.exec:\lfrlfff.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbtbt.exec:\hbbtbt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnbbn.exec:\nhnbbn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrlfxr.exec:\frrlfxr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnhhb.exec:\bbnhhb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbtnn.exec:\thbtnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdp.exec:\vjjdp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7djdd.exec:\7djdd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnbnh.exec:\bnnbnh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhbtt.exec:\bbhbtt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ppjv.exec:\5ppjv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrllf.exec:\fxxrllf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhnhh.exec:\hbhnhh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntthbb.exec:\ntthbb.exe23⤵
- Executes dropped EXE
-
\??\c:\vdvpp.exec:\vdvpp.exe24⤵
- Executes dropped EXE
-
\??\c:\1djvj.exec:\1djvj.exe25⤵
- Executes dropped EXE
-
\??\c:\rfffrrr.exec:\rfffrrr.exe26⤵
- Executes dropped EXE
-
\??\c:\jvjvp.exec:\jvjvp.exe27⤵
- Executes dropped EXE
-
\??\c:\lfrllll.exec:\lfrllll.exe28⤵
- Executes dropped EXE
-
\??\c:\nhttnn.exec:\nhttnn.exe29⤵
- Executes dropped EXE
-
\??\c:\thhhtt.exec:\thhhtt.exe30⤵
- Executes dropped EXE
-
\??\c:\jdddp.exec:\jdddp.exe31⤵
- Executes dropped EXE
-
\??\c:\1pdpj.exec:\1pdpj.exe32⤵
- Executes dropped EXE
-
\??\c:\1xlflfr.exec:\1xlflfr.exe33⤵
- Executes dropped EXE
-
\??\c:\thbtnn.exec:\thbtnn.exe34⤵
- Executes dropped EXE
-
\??\c:\bthtnn.exec:\bthtnn.exe35⤵
- Executes dropped EXE
-
\??\c:\jpjjv.exec:\jpjjv.exe36⤵
- Executes dropped EXE
-
\??\c:\lxrlffx.exec:\lxrlffx.exe37⤵
- Executes dropped EXE
-
\??\c:\7xlffxf.exec:\7xlffxf.exe38⤵
- Executes dropped EXE
-
\??\c:\xrrrlll.exec:\xrrrlll.exe39⤵
- Executes dropped EXE
-
\??\c:\nbbttn.exec:\nbbttn.exe40⤵
- Executes dropped EXE
-
\??\c:\7ddvj.exec:\7ddvj.exe41⤵
- Executes dropped EXE
-
\??\c:\fxrllll.exec:\fxrllll.exe42⤵
- Executes dropped EXE
-
\??\c:\llllfff.exec:\llllfff.exe43⤵
- Executes dropped EXE
-
\??\c:\nhhbbt.exec:\nhhbbt.exe44⤵
- Executes dropped EXE
-
\??\c:\7ppjd.exec:\7ppjd.exe45⤵
- Executes dropped EXE
-
\??\c:\9vpjv.exec:\9vpjv.exe46⤵
- Executes dropped EXE
-
\??\c:\3ppvj.exec:\3ppvj.exe47⤵
- Executes dropped EXE
-
\??\c:\3rllxxr.exec:\3rllxxr.exe48⤵
- Executes dropped EXE
-
\??\c:\pvjjd.exec:\pvjjd.exe49⤵
- Executes dropped EXE
-
\??\c:\vvjdp.exec:\vvjdp.exe50⤵
- Executes dropped EXE
-
\??\c:\rfrxrfr.exec:\rfrxrfr.exe51⤵
- Executes dropped EXE
-
\??\c:\thhbhb.exec:\thhbhb.exe52⤵
- Executes dropped EXE
-
\??\c:\hbtbtt.exec:\hbtbtt.exe53⤵
- Executes dropped EXE
-
\??\c:\dvdvd.exec:\dvdvd.exe54⤵
- Executes dropped EXE
-
\??\c:\5llxlfx.exec:\5llxlfx.exe55⤵
- Executes dropped EXE
-
\??\c:\lfxrlfx.exec:\lfxrlfx.exe56⤵
- Executes dropped EXE
-
\??\c:\bttnht.exec:\bttnht.exe57⤵
- Executes dropped EXE
-
\??\c:\1tnnht.exec:\1tnnht.exe58⤵
- Executes dropped EXE
-
\??\c:\vpdvj.exec:\vpdvj.exe59⤵
- Executes dropped EXE
-
\??\c:\jjjjv.exec:\jjjjv.exe60⤵
- Executes dropped EXE
-
\??\c:\lffxlll.exec:\lffxlll.exe61⤵
- Executes dropped EXE
-
\??\c:\rlllffx.exec:\rlllffx.exe62⤵
- Executes dropped EXE
-
\??\c:\9hnnhh.exec:\9hnnhh.exe63⤵
- Executes dropped EXE
-
\??\c:\5vdvj.exec:\5vdvj.exe64⤵
- Executes dropped EXE
-
\??\c:\vpjjv.exec:\vpjjv.exe65⤵
- Executes dropped EXE
-
\??\c:\7lfxrrl.exec:\7lfxrrl.exe66⤵
-
\??\c:\xxxxrlf.exec:\xxxxrlf.exe67⤵
-
\??\c:\1tnhhh.exec:\1tnhhh.exe68⤵
-
\??\c:\nhhbbb.exec:\nhhbbb.exe69⤵
-
\??\c:\vvddj.exec:\vvddj.exe70⤵
-
\??\c:\xffxllf.exec:\xffxllf.exe71⤵
-
\??\c:\ttttnb.exec:\ttttnb.exe72⤵
-
\??\c:\vjjvj.exec:\vjjvj.exe73⤵
-
\??\c:\pddvp.exec:\pddvp.exe74⤵
-
\??\c:\rlrlfff.exec:\rlrlfff.exe75⤵
-
\??\c:\rrfxllx.exec:\rrfxllx.exe76⤵
-
\??\c:\bbttnt.exec:\bbttnt.exe77⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe78⤵
-
\??\c:\vjpjv.exec:\vjpjv.exe79⤵
-
\??\c:\pjppj.exec:\pjppj.exe80⤵
-
\??\c:\rxflffr.exec:\rxflffr.exe81⤵
-
\??\c:\tbtbth.exec:\tbtbth.exe82⤵
-
\??\c:\1vvpd.exec:\1vvpd.exe83⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe84⤵
-
\??\c:\fxrlxxx.exec:\fxrlxxx.exe85⤵
-
\??\c:\5flfrrx.exec:\5flfrrx.exe86⤵
-
\??\c:\bthbtt.exec:\bthbtt.exe87⤵
-
\??\c:\bhbtbt.exec:\bhbtbt.exe88⤵
-
\??\c:\djvdv.exec:\djvdv.exe89⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe90⤵
-
\??\c:\rrfxllx.exec:\rrfxllx.exe91⤵
-
\??\c:\rlffxrr.exec:\rlffxrr.exe92⤵
-
\??\c:\nbnhbn.exec:\nbnhbn.exe93⤵
-
\??\c:\pdppd.exec:\pdppd.exe94⤵
-
\??\c:\fffxrrl.exec:\fffxrrl.exe95⤵
-
\??\c:\xrxrllf.exec:\xrxrllf.exe96⤵
-
\??\c:\nbbhhh.exec:\nbbhhh.exe97⤵
-
\??\c:\hbhbtt.exec:\hbhbtt.exe98⤵
-
\??\c:\1jjdv.exec:\1jjdv.exe99⤵
-
\??\c:\9jjdp.exec:\9jjdp.exe100⤵
-
\??\c:\lxxrffx.exec:\lxxrffx.exe101⤵
-
\??\c:\rrxrllf.exec:\rrxrllf.exe102⤵
-
\??\c:\bbtttn.exec:\bbtttn.exe103⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe104⤵
-
\??\c:\rllxfxl.exec:\rllxfxl.exe105⤵
-
\??\c:\rfxlfrr.exec:\rfxlfrr.exe106⤵
-
\??\c:\hbhbbb.exec:\hbhbbb.exe107⤵
-
\??\c:\dpppp.exec:\dpppp.exe108⤵
-
\??\c:\7pppp.exec:\7pppp.exe109⤵
-
\??\c:\frxxxxx.exec:\frxxxxx.exe110⤵
-
\??\c:\5xfllrr.exec:\5xfllrr.exe111⤵
-
\??\c:\hthttb.exec:\hthttb.exe112⤵
-
\??\c:\ttttnn.exec:\ttttnn.exe113⤵
-
\??\c:\3bnnhh.exec:\3bnnhh.exe114⤵
-
\??\c:\3pvpj.exec:\3pvpj.exe115⤵
-
\??\c:\ddjjj.exec:\ddjjj.exe116⤵
-
\??\c:\xrxrlll.exec:\xrxrlll.exe117⤵
-
\??\c:\xllrrxx.exec:\xllrrxx.exe118⤵
-
\??\c:\3ntbbh.exec:\3ntbbh.exe119⤵
-
\??\c:\bhtbbb.exec:\bhtbbb.exe120⤵
-
\??\c:\9vvdv.exec:\9vvdv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-