Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
01-11-2024 09:20
General
-
Target
665e2c1ba6da46930f6751a2c984dac5a83082e54efe5bd9f24fae53d082da48N.exe
-
Size
75KB
-
MD5
b7f69c53be6094db14af1ff834a1ae70
-
SHA1
e1ca6b42d31e6cbba701b12cc48ba599ce86246c
-
SHA256
665e2c1ba6da46930f6751a2c984dac5a83082e54efe5bd9f24fae53d082da48
-
SHA512
f2287ca08dcc70f7396a5665b09bd1a0ac78e5608a01d1ceb0ff349c4386e7f5f17f5b78ca534321041bf9016092f0283192a67054541658e0c61b70ea17aade
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzk358nLA89OGvrFVHmPi:ymb3NkkiQ3mdBjFIvl358nLA89OMFVHD
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 36 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\665e2c1ba6da46930f6751a2c984dac5a83082e54efe5bd9f24fae53d082da48N.exe"C:\Users\Admin\AppData\Local\Temp\665e2c1ba6da46930f6751a2c984dac5a83082e54efe5bd9f24fae53d082da48N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpdj.exec:\pjpdj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrfrrl.exec:\lrrfrrl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhhbn.exec:\bhhhbn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjd.exec:\jdpjd.exe5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\fllffxx.exec:\fllffxx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthbnt.exec:\bthbnt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvpv.exec:\dpvpv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxxfll.exec:\lrxxfll.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhbnt.exec:\bbhbnt.exe10⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjdv.exec:\jjjdv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxlfxx.exec:\llxlfxx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvvd.exec:\vpvvd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdpj.exec:\jvdpj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhhhn.exec:\bbhhhn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddvd.exec:\dddvd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rxxxlr.exec:\9rxxxlr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbntht.exec:\nbntht.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpppp.exec:\jpppp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrlxf.exec:\rxxrlxf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffllfr.exec:\rffllfr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhtbh.exec:\bbhtbh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdpp.exec:\jpdpp.exe23⤵
- Executes dropped EXE
-
\??\c:\rflffff.exec:\rflffff.exe24⤵
- Executes dropped EXE
-
\??\c:\bhbthn.exec:\bhbthn.exe25⤵
- Executes dropped EXE
-
\??\c:\dpvpp.exec:\dpvpp.exe26⤵
- Executes dropped EXE
-
\??\c:\fxfxlff.exec:\fxfxlff.exe27⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rxxffrf.exec:\rxxffrf.exe28⤵
- Executes dropped EXE
-
\??\c:\tthbbb.exec:\tthbbb.exe29⤵
- Executes dropped EXE
-
\??\c:\ddpvv.exec:\ddpvv.exe30⤵
- Executes dropped EXE
-
\??\c:\llfrrlx.exec:\llfrrlx.exe31⤵
- Executes dropped EXE
-
\??\c:\nhtnbb.exec:\nhtnbb.exe32⤵
- Executes dropped EXE
-
\??\c:\7dvpj.exec:\7dvpj.exe33⤵
- Executes dropped EXE
-
\??\c:\xfrlxxr.exec:\xfrlxxr.exe34⤵
- Executes dropped EXE
-
\??\c:\rxrflrr.exec:\rxrflrr.exe35⤵
- Executes dropped EXE
-
\??\c:\bttthn.exec:\bttthn.exe36⤵
- Executes dropped EXE
-
\??\c:\vdddp.exec:\vdddp.exe37⤵
- Executes dropped EXE
-
\??\c:\fxxxrrf.exec:\fxxxrrf.exe38⤵
- Executes dropped EXE
-
\??\c:\bbhhtb.exec:\bbhhtb.exe39⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\3nntbb.exec:\3nntbb.exe40⤵
- Executes dropped EXE
-
\??\c:\dvjjj.exec:\dvjjj.exe41⤵
- Executes dropped EXE
-
\??\c:\rrxxffr.exec:\rrxxffr.exe42⤵
- Executes dropped EXE
-
\??\c:\nhhbtt.exec:\nhhbtt.exe43⤵
- Executes dropped EXE
-
\??\c:\pvvdv.exec:\pvvdv.exe44⤵
- Executes dropped EXE
-
\??\c:\lxxrrlr.exec:\lxxrrlr.exe45⤵
- Executes dropped EXE
-
\??\c:\nhhhhh.exec:\nhhhhh.exe46⤵
- Executes dropped EXE
-
\??\c:\ntbttb.exec:\ntbttb.exe47⤵
- Executes dropped EXE
-
\??\c:\jjvpp.exec:\jjvpp.exe48⤵
- Executes dropped EXE
-
\??\c:\frlfrlf.exec:\frlfrlf.exe49⤵
- Executes dropped EXE
-
\??\c:\bnnhhh.exec:\bnnhhh.exe50⤵
- Executes dropped EXE
-
\??\c:\nnhbnn.exec:\nnhbnn.exe51⤵
- Executes dropped EXE
-
\??\c:\pvjdj.exec:\pvjdj.exe52⤵
- Executes dropped EXE
-
\??\c:\lrlxrlf.exec:\lrlxrlf.exe53⤵
- Executes dropped EXE
-
\??\c:\rfrxrfl.exec:\rfrxrfl.exe54⤵
- Executes dropped EXE
-
\??\c:\hbbbhh.exec:\hbbbhh.exe55⤵
- Executes dropped EXE
-
\??\c:\dvdpv.exec:\dvdpv.exe56⤵
- Executes dropped EXE
-
\??\c:\3vpjd.exec:\3vpjd.exe57⤵
- Executes dropped EXE
-
\??\c:\1frrrff.exec:\1frrrff.exe58⤵
- Executes dropped EXE
-
\??\c:\hhtttb.exec:\hhtttb.exe59⤵
- Executes dropped EXE
-
\??\c:\tbhhnn.exec:\tbhhnn.exe60⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\pvjjp.exec:\pvjjp.exe61⤵
- Executes dropped EXE
-
\??\c:\pdvvd.exec:\pdvvd.exe62⤵
- Executes dropped EXE
-
\??\c:\5rlrllf.exec:\5rlrllf.exe63⤵
- Executes dropped EXE
-
\??\c:\bhbnhn.exec:\bhbnhn.exe64⤵
- Executes dropped EXE
-
\??\c:\hhhhhb.exec:\hhhhhb.exe65⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\vddvp.exec:\vddvp.exe66⤵
-
\??\c:\vvdjj.exec:\vvdjj.exe67⤵
-
\??\c:\fxrrffl.exec:\fxrrffl.exe68⤵
-
\??\c:\hbtbhn.exec:\hbtbhn.exe69⤵
-
\??\c:\3dppv.exec:\3dppv.exe70⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pddvv.exec:\pddvv.exe71⤵
-
\??\c:\lrrxlrf.exec:\lrrxlrf.exe72⤵
-
\??\c:\xlfflxf.exec:\xlfflxf.exe73⤵
-
\??\c:\hbbhnn.exec:\hbbhnn.exe74⤵
-
\??\c:\ddjvd.exec:\ddjvd.exe75⤵
-
\??\c:\xlxfflr.exec:\xlxfflr.exe76⤵
- System Location Discovery: System Language Discovery
-
\??\c:\tnbbbb.exec:\tnbbbb.exe77⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe78⤵
-
\??\c:\ppvdd.exec:\ppvdd.exe79⤵
-
\??\c:\rflrrxf.exec:\rflrrxf.exe80⤵
-
\??\c:\hhbtbh.exec:\hhbtbh.exe81⤵
-
\??\c:\thbtbh.exec:\thbtbh.exe82⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe83⤵
-
\??\c:\lfllrrr.exec:\lfllrrr.exe84⤵
-
\??\c:\vdjvd.exec:\vdjvd.exe85⤵
- System Location Discovery: System Language Discovery
-
\??\c:\5rrrlrl.exec:\5rrrlrl.exe86⤵
-
\??\c:\bhtbht.exec:\bhtbht.exe87⤵
-
\??\c:\dvdjv.exec:\dvdjv.exe88⤵
-
\??\c:\jpddv.exec:\jpddv.exe89⤵
-
\??\c:\rffxrlr.exec:\rffxrlr.exe90⤵
-
\??\c:\rrflrxf.exec:\rrflrxf.exe91⤵
-
\??\c:\bnbhhn.exec:\bnbhhn.exe92⤵
-
\??\c:\3nhnnt.exec:\3nhnnt.exe93⤵
-
\??\c:\jjjvd.exec:\jjjvd.exe94⤵
-
\??\c:\vjvdp.exec:\vjvdp.exe95⤵
-
\??\c:\jvvvd.exec:\jvvvd.exe96⤵
-
\??\c:\xlflxxx.exec:\xlflxxx.exe97⤵
-
\??\c:\nnbnbn.exec:\nnbnbn.exe98⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe99⤵
-
\??\c:\fllxxff.exec:\fllxxff.exe100⤵
-
\??\c:\xrfffxf.exec:\xrfffxf.exe101⤵
-
\??\c:\tbhntb.exec:\tbhntb.exe102⤵
-
\??\c:\ttntth.exec:\ttntth.exe103⤵
-
\??\c:\pvjjv.exec:\pvjjv.exe104⤵
-
\??\c:\xxxlllf.exec:\xxxlllf.exe105⤵
-
\??\c:\flrrrxl.exec:\flrrrxl.exe106⤵
-
\??\c:\bbtbbh.exec:\bbtbbh.exe107⤵
-
\??\c:\vdpdj.exec:\vdpdj.exe108⤵
-
\??\c:\vddvv.exec:\vddvv.exe109⤵
-
\??\c:\xfrxfff.exec:\xfrxfff.exe110⤵
-
\??\c:\xlrrxff.exec:\xlrrxff.exe111⤵
-
\??\c:\nbthtt.exec:\nbthtt.exe112⤵
-
\??\c:\vvvpp.exec:\vvvpp.exe113⤵
-
\??\c:\xfrxxxf.exec:\xfrxxxf.exe114⤵
-
\??\c:\hbtbnb.exec:\hbtbnb.exe115⤵
-
\??\c:\tnntht.exec:\tnntht.exe116⤵
-
\??\c:\vjppj.exec:\vjppj.exe117⤵
-
\??\c:\pjddj.exec:\pjddj.exe118⤵
-
\??\c:\5xfflfx.exec:\5xfflfx.exe119⤵
-
\??\c:\nbnntn.exec:\nbnntn.exe120⤵
-
\??\c:\nhnnhn.exec:\nhnnhn.exe121⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe122⤵
-
\??\c:\9vvjd.exec:\9vvjd.exe123⤵
-
\??\c:\jjvpp.exec:\jjvpp.exe124⤵
-
\??\c:\rfxxfrl.exec:\rfxxfrl.exe125⤵
-
\??\c:\rxrrlll.exec:\rxrrlll.exe126⤵
-
\??\c:\httnht.exec:\httnht.exe127⤵
-
\??\c:\vddjd.exec:\vddjd.exe128⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe129⤵
-
\??\c:\xxxrxfx.exec:\xxxrxfx.exe130⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hbbtnn.exec:\hbbtnn.exe131⤵
-
\??\c:\hthbhh.exec:\hthbhh.exe132⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe133⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe134⤵
-
\??\c:\rlfflff.exec:\rlfflff.exe135⤵
-
\??\c:\xrxrffl.exec:\xrxrffl.exe136⤵
-
\??\c:\7tnnbt.exec:\7tnnbt.exe137⤵
-
\??\c:\ttnbhh.exec:\ttnbhh.exe138⤵
-
\??\c:\vvjpd.exec:\vvjpd.exe139⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe140⤵
- System Location Discovery: System Language Discovery
-
\??\c:\fxlrxxf.exec:\fxlrxxf.exe141⤵
-
\??\c:\nnbhhh.exec:\nnbhhh.exe142⤵
-
\??\c:\hhtnnb.exec:\hhtnnb.exe143⤵
-
\??\c:\pdvjp.exec:\pdvjp.exe144⤵
-
\??\c:\djjpv.exec:\djjpv.exe145⤵
-
\??\c:\5lxfrxx.exec:\5lxfrxx.exe146⤵
- System Location Discovery: System Language Discovery
-
\??\c:\bttnhn.exec:\bttnhn.exe147⤵
-
\??\c:\nhtbtn.exec:\nhtbtn.exe148⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe149⤵
-
\??\c:\fllllrx.exec:\fllllrx.exe150⤵
-
\??\c:\tbtttt.exec:\tbtttt.exe151⤵
-
\??\c:\hnhthn.exec:\hnhthn.exe152⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe153⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe154⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xxrxflr.exec:\xxrxflr.exe155⤵
-
\??\c:\7hbhhh.exec:\7hbhhh.exe156⤵
-
\??\c:\tbnnbn.exec:\tbnnbn.exe157⤵
-
\??\c:\jjvvp.exec:\jjvvp.exe158⤵
-
\??\c:\ppjjp.exec:\ppjjp.exe159⤵
-
\??\c:\1rfxxll.exec:\1rfxxll.exe160⤵
-
\??\c:\xllrxxr.exec:\xllrxxr.exe161⤵
-
\??\c:\bnbhbh.exec:\bnbhbh.exe162⤵
-
\??\c:\ttbtbh.exec:\ttbtbh.exe163⤵
-
\??\c:\pjppp.exec:\pjppp.exe164⤵
- System Location Discovery: System Language Discovery
-
\??\c:\fxffxll.exec:\fxffxll.exe165⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hhhthb.exec:\hhhthb.exe166⤵
-
\??\c:\hhhhtt.exec:\hhhhtt.exe167⤵
-
\??\c:\jvvpv.exec:\jvvpv.exe168⤵
-
\??\c:\ppvpp.exec:\ppvpp.exe169⤵
-
\??\c:\xllxllr.exec:\xllxllr.exe170⤵
-
\??\c:\xfxlfrf.exec:\xfxlfrf.exe171⤵
-
\??\c:\hbbnnt.exec:\hbbnnt.exe172⤵
-
\??\c:\xrfxrrf.exec:\xrfxrrf.exe173⤵
-
\??\c:\nnhtbn.exec:\nnhtbn.exe174⤵
-
\??\c:\bthhnn.exec:\bthhnn.exe175⤵
-
\??\c:\pdvjj.exec:\pdvjj.exe176⤵
-
\??\c:\xrxfllx.exec:\xrxfllx.exe177⤵
-
\??\c:\bhhhtb.exec:\bhhhtb.exe178⤵
-
\??\c:\bntnhh.exec:\bntnhh.exe179⤵
-
\??\c:\dpdjp.exec:\dpdjp.exe180⤵
- System Location Discovery: System Language Discovery
-
\??\c:\frffffl.exec:\frffffl.exe181⤵
-
\??\c:\xxflllr.exec:\xxflllr.exe182⤵
-
\??\c:\htbhnb.exec:\htbhnb.exe183⤵
-
\??\c:\httnnh.exec:\httnnh.exe184⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe185⤵
-
\??\c:\flxlrlf.exec:\flxlrlf.exe186⤵
-
\??\c:\rlfrrrr.exec:\rlfrrrr.exe187⤵
-
\??\c:\ntbnhb.exec:\ntbnhb.exe188⤵
-
\??\c:\hbhhnb.exec:\hbhhnb.exe189⤵
-
\??\c:\pddpp.exec:\pddpp.exe190⤵
-
\??\c:\9jjvp.exec:\9jjvp.exe191⤵
-
\??\c:\rfrrxxl.exec:\rfrrxxl.exe192⤵
-
\??\c:\rflllfr.exec:\rflllfr.exe193⤵
-
\??\c:\hhnntt.exec:\hhnntt.exe194⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vpjvv.exec:\vpjvv.exe195⤵
-
\??\c:\jdddp.exec:\jdddp.exe196⤵
-
\??\c:\xrxrlrl.exec:\xrxrlrl.exe197⤵
-
\??\c:\frlffxr.exec:\frlffxr.exe198⤵
-
\??\c:\9htnnn.exec:\9htnnn.exe199⤵
- System Location Discovery: System Language Discovery
-
\??\c:\7tbntb.exec:\7tbntb.exe200⤵
-
\??\c:\vvdvd.exec:\vvdvd.exe201⤵
-
\??\c:\jvpjd.exec:\jvpjd.exe202⤵
-
\??\c:\xxxrlll.exec:\xxxrlll.exe203⤵
-
\??\c:\bhhbtt.exec:\bhhbtt.exe204⤵
-
\??\c:\ntbbnn.exec:\ntbbnn.exe205⤵
-
\??\c:\vdddv.exec:\vdddv.exe206⤵
-
\??\c:\ddvdv.exec:\ddvdv.exe207⤵
-
\??\c:\rrfxrrl.exec:\rrfxrrl.exe208⤵
-
\??\c:\tbbttt.exec:\tbbttt.exe209⤵
-
\??\c:\btnhhn.exec:\btnhhn.exe210⤵
-
\??\c:\pvdpp.exec:\pvdpp.exe211⤵
-
\??\c:\9pppv.exec:\9pppv.exe212⤵
-
\??\c:\xrlfrll.exec:\xrlfrll.exe213⤵
-
\??\c:\lrxffrr.exec:\lrxffrr.exe214⤵
-
\??\c:\nbbnbb.exec:\nbbnbb.exe215⤵
-
\??\c:\nntbbt.exec:\nntbbt.exe216⤵
-
\??\c:\pjpvj.exec:\pjpvj.exe217⤵
-
\??\c:\jjdjj.exec:\jjdjj.exe218⤵
-
\??\c:\fxfxrxr.exec:\fxfxrxr.exe219⤵
-
\??\c:\xlrllrr.exec:\xlrllrr.exe220⤵
-
\??\c:\nnbbtt.exec:\nnbbtt.exe221⤵
-
\??\c:\pjdpj.exec:\pjdpj.exe222⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe223⤵
-
\??\c:\lxfllff.exec:\lxfllff.exe224⤵
-
\??\c:\rfrlfxr.exec:\rfrlfxr.exe225⤵
-
\??\c:\ttbnnn.exec:\ttbnnn.exe226⤵
-
\??\c:\hhhbtn.exec:\hhhbtn.exe227⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe228⤵
-
\??\c:\rlfxfrl.exec:\rlfxfrl.exe229⤵
-
\??\c:\5lflrxf.exec:\5lflrxf.exe230⤵
-
\??\c:\thbbtn.exec:\thbbtn.exe231⤵
-
\??\c:\tnbbtb.exec:\tnbbtb.exe232⤵
-
\??\c:\dpjjp.exec:\dpjjp.exe233⤵
-
\??\c:\fxxfrxx.exec:\fxxfrxx.exe234⤵
-
\??\c:\fllllrr.exec:\fllllrr.exe235⤵
-
\??\c:\hnthtn.exec:\hnthtn.exe236⤵
-
\??\c:\tntbhn.exec:\tntbhn.exe237⤵
-
\??\c:\djjdv.exec:\djjdv.exe238⤵
-
\??\c:\7ddvp.exec:\7ddvp.exe239⤵
-
\??\c:\xffrxxf.exec:\xffrxxf.exe240⤵
-
\??\c:\hnbnbn.exec:\hnbnbn.exe241⤵