Analysis
-
max time kernel
117s -
max time network
115s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
01-11-2024 12:56
General
-
Target
e4665c18ab034d9b52c69c94797fc0658026db3f2a5db61221e2c536ff694bbfN.exe
-
Size
80KB
-
MD5
8c912c3bd66714d2a81aa750edb65be0
-
SHA1
16d4982bdc8466b2986af09f010dfef45ac762c6
-
SHA256
e4665c18ab034d9b52c69c94797fc0658026db3f2a5db61221e2c536ff694bbf
-
SHA512
5f0419cd678fb98bd2684c8517bc30b81df0d157791091d4c24b44f9a5885cf59a770e562720c1e437ce3c5f9a338ed16bf6c93ebaebdffff0036d8833a6b8e4
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDInWeNCYGyA2R7JxJe:ymb3NkkiQ3mdBjFIWeFGyAsJe
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e4665c18ab034d9b52c69c94797fc0658026db3f2a5db61221e2c536ff694bbfN.exe"C:\Users\Admin\AppData\Local\Temp\e4665c18ab034d9b52c69c94797fc0658026db3f2a5db61221e2c536ff694bbfN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjjd.exec:\jvjjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrlffx.exec:\rrrlffx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbttt.exec:\tbbttt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ppjd.exec:\5ppjd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djppj.exec:\djppj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lffxrr.exec:\9lffxrr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbbnn.exec:\thbbnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvpj.exec:\dpvpj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflllll.exec:\xflllll.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhhhh.exec:\bbhhhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbttb.exec:\ntbttb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjjd.exec:\vdjjd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fffxxr.exec:\1fffxxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1htnhh.exec:\1htnhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdpj.exec:\pvdpj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxxrrr.exec:\fxxxrrr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbnbh.exec:\tnbnbh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthbbb.exec:\nthbbb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjjd.exec:\jjjjd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrfxrrl.exec:\lrfxrrl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlfrlr.exec:\xrlfrlr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnnht.exec:\btnnht.exe23⤵
- Executes dropped EXE
-
\??\c:\jvdpp.exec:\jvdpp.exe24⤵
- Executes dropped EXE
-
\??\c:\5fxlfxl.exec:\5fxlfxl.exe25⤵
- Executes dropped EXE
-
\??\c:\bnnhbt.exec:\bnnhbt.exe26⤵
- Executes dropped EXE
-
\??\c:\7bhbtn.exec:\7bhbtn.exe27⤵
- Executes dropped EXE
-
\??\c:\jdjjv.exec:\jdjjv.exe28⤵
- Executes dropped EXE
-
\??\c:\1xrxrxr.exec:\1xrxrxr.exe29⤵
- Executes dropped EXE
-
\??\c:\9flrlrl.exec:\9flrlrl.exe30⤵
- Executes dropped EXE
-
\??\c:\bbbttt.exec:\bbbttt.exe31⤵
- Executes dropped EXE
-
\??\c:\jdjvv.exec:\jdjvv.exe32⤵
- Executes dropped EXE
-
\??\c:\rxlxrff.exec:\rxlxrff.exe33⤵
- Executes dropped EXE
-
\??\c:\xffxxxr.exec:\xffxxxr.exe34⤵
- Executes dropped EXE
-
\??\c:\5nbbnn.exec:\5nbbnn.exe35⤵
- Executes dropped EXE
-
\??\c:\ppdvv.exec:\ppdvv.exe36⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\vddvv.exec:\vddvv.exe37⤵
- Executes dropped EXE
-
\??\c:\dvdvj.exec:\dvdvj.exe38⤵
- Executes dropped EXE
-
\??\c:\lffrlfr.exec:\lffrlfr.exe39⤵
- Executes dropped EXE
-
\??\c:\tnnhbt.exec:\tnnhbt.exe40⤵
- Executes dropped EXE
-
\??\c:\ddjjd.exec:\ddjjd.exe41⤵
- Executes dropped EXE
-
\??\c:\1xrxrfx.exec:\1xrxrfx.exe42⤵
- Executes dropped EXE
-
\??\c:\lfrlffx.exec:\lfrlffx.exe43⤵
- Executes dropped EXE
-
\??\c:\hbnhhh.exec:\hbnhhh.exe44⤵
- Executes dropped EXE
-
\??\c:\hnhtbt.exec:\hnhtbt.exe45⤵
- Executes dropped EXE
-
\??\c:\dpvvp.exec:\dpvvp.exe46⤵
- Executes dropped EXE
-
\??\c:\rxfxxrf.exec:\rxfxxrf.exe47⤵
- Executes dropped EXE
-
\??\c:\nntbtb.exec:\nntbtb.exe48⤵
- Executes dropped EXE
-
\??\c:\pvjjp.exec:\pvjjp.exe49⤵
- Executes dropped EXE
-
\??\c:\rrxrllr.exec:\rrxrllr.exe50⤵
- Executes dropped EXE
-
\??\c:\1frlxxx.exec:\1frlxxx.exe51⤵
- Executes dropped EXE
-
\??\c:\7tbtnn.exec:\7tbtnn.exe52⤵
- Executes dropped EXE
-
\??\c:\pdppv.exec:\pdppv.exe53⤵
- Executes dropped EXE
-
\??\c:\dpvpj.exec:\dpvpj.exe54⤵
- Executes dropped EXE
-
\??\c:\flfxxxr.exec:\flfxxxr.exe55⤵
- Executes dropped EXE
-
\??\c:\lxlrrrf.exec:\lxlrrrf.exe56⤵
- Executes dropped EXE
-
\??\c:\1tnntn.exec:\1tnntn.exe57⤵
- Executes dropped EXE
-
\??\c:\7vpdv.exec:\7vpdv.exe58⤵
- Executes dropped EXE
-
\??\c:\vvdvv.exec:\vvdvv.exe59⤵
- Executes dropped EXE
-
\??\c:\xrrllll.exec:\xrrllll.exe60⤵
- Executes dropped EXE
-
\??\c:\rlllfff.exec:\rlllfff.exe61⤵
- Executes dropped EXE
-
\??\c:\nnhhnn.exec:\nnhhnn.exe62⤵
- Executes dropped EXE
-
\??\c:\9djdv.exec:\9djdv.exe63⤵
- Executes dropped EXE
-
\??\c:\3djjd.exec:\3djjd.exe64⤵
- Executes dropped EXE
-
\??\c:\xxxrxxl.exec:\xxxrxxl.exe65⤵
- Executes dropped EXE
-
\??\c:\flfxxxx.exec:\flfxxxx.exe66⤵
-
\??\c:\bttbbb.exec:\bttbbb.exe67⤵
-
\??\c:\hnnnnn.exec:\hnnnnn.exe68⤵
-
\??\c:\nnhhbb.exec:\nnhhbb.exe69⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe70⤵
-
\??\c:\vjppj.exec:\vjppj.exe71⤵
-
\??\c:\5fffxxl.exec:\5fffxxl.exe72⤵
-
\??\c:\nttnbt.exec:\nttnbt.exe73⤵
-
\??\c:\hnnnbt.exec:\hnnnbt.exe74⤵
-
\??\c:\jjjjv.exec:\jjjjv.exe75⤵
-
\??\c:\5vjjd.exec:\5vjjd.exe76⤵
-
\??\c:\xrffxxx.exec:\xrffxxx.exe77⤵
-
\??\c:\rxlfrrf.exec:\rxlfrrf.exe78⤵
-
\??\c:\hntttt.exec:\hntttt.exe79⤵
-
\??\c:\hntnnn.exec:\hntnnn.exe80⤵
-
\??\c:\vjdpd.exec:\vjdpd.exe81⤵
-
\??\c:\llxrrrr.exec:\llxrrrr.exe82⤵
-
\??\c:\9rlfxxr.exec:\9rlfxxr.exe83⤵
-
\??\c:\bhhbtt.exec:\bhhbtt.exe84⤵
-
\??\c:\1nthhh.exec:\1nthhh.exe85⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe86⤵
-
\??\c:\frllrrx.exec:\frllrrx.exe87⤵
-
\??\c:\rxffxll.exec:\rxffxll.exe88⤵
-
\??\c:\hbhhbb.exec:\hbhhbb.exe89⤵
-
\??\c:\bbtthh.exec:\bbtthh.exe90⤵
-
\??\c:\1ppjd.exec:\1ppjd.exe91⤵
-
\??\c:\dvvjd.exec:\dvvjd.exe92⤵
-
\??\c:\frllfxr.exec:\frllfxr.exe93⤵
-
\??\c:\llxfxfr.exec:\llxfxfr.exe94⤵
-
\??\c:\fxxllrf.exec:\fxxllrf.exe95⤵
-
\??\c:\bhnbhb.exec:\bhnbhb.exe96⤵
-
\??\c:\ddjjj.exec:\ddjjj.exe97⤵
-
\??\c:\1vvvd.exec:\1vvvd.exe98⤵
-
\??\c:\fxffffr.exec:\fxffffr.exe99⤵
-
\??\c:\7rxxrxl.exec:\7rxxrxl.exe100⤵
-
\??\c:\htbbbh.exec:\htbbbh.exe101⤵
-
\??\c:\pdjpj.exec:\pdjpj.exe102⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe103⤵
-
\??\c:\3rxxxff.exec:\3rxxxff.exe104⤵
-
\??\c:\5vvvv.exec:\5vvvv.exe105⤵
-
\??\c:\5jdpj.exec:\5jdpj.exe106⤵
-
\??\c:\7fxlrlx.exec:\7fxlrlx.exe107⤵
-
\??\c:\rxxxxxf.exec:\rxxxxxf.exe108⤵
-
\??\c:\9hhtnn.exec:\9hhtnn.exe109⤵
-
\??\c:\bnnnht.exec:\bnnnht.exe110⤵
-
\??\c:\ddjjd.exec:\ddjjd.exe111⤵
-
\??\c:\lxrxlfr.exec:\lxrxlfr.exe112⤵
-
\??\c:\llffflf.exec:\llffflf.exe113⤵
-
\??\c:\tthhbt.exec:\tthhbt.exe114⤵
-
\??\c:\jddjj.exec:\jddjj.exe115⤵
-
\??\c:\ffxfxrf.exec:\ffxfxrf.exe116⤵
-
\??\c:\rxxxxxx.exec:\rxxxxxx.exe117⤵
-
\??\c:\tntnhh.exec:\tntnhh.exe118⤵
-
\??\c:\tnbtnt.exec:\tnbtnt.exe119⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe120⤵
-
\??\c:\jjppj.exec:\jjppj.exe121⤵
-
\??\c:\lrfxrrr.exec:\lrfxrrr.exe122⤵
-
\??\c:\3httbb.exec:\3httbb.exe123⤵
-
\??\c:\9hhbnn.exec:\9hhbnn.exe124⤵
-
\??\c:\nthbtt.exec:\nthbtt.exe125⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe126⤵
-
\??\c:\ppddj.exec:\ppddj.exe127⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xlfxllr.exec:\xlfxllr.exe128⤵
-
\??\c:\jjddj.exec:\jjddj.exe129⤵
-
\??\c:\vdpjj.exec:\vdpjj.exe130⤵
-
\??\c:\5flfxlf.exec:\5flfxlf.exe131⤵
-
\??\c:\3fxxxff.exec:\3fxxxff.exe132⤵
-
\??\c:\tthhhh.exec:\tthhhh.exe133⤵
-
\??\c:\pvjdj.exec:\pvjdj.exe134⤵
-
\??\c:\vppjj.exec:\vppjj.exe135⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rrrrllx.exec:\rrrrllx.exe136⤵
-
\??\c:\rlrrxff.exec:\rlrrxff.exe137⤵
-
\??\c:\5bnnnt.exec:\5bnnnt.exe138⤵
-
\??\c:\9nhhbb.exec:\9nhhbb.exe139⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe140⤵
-
\??\c:\jdjvp.exec:\jdjvp.exe141⤵
-
\??\c:\rxflrrf.exec:\rxflrrf.exe142⤵
-
\??\c:\lflrlrl.exec:\lflrlrl.exe143⤵
-
\??\c:\5htntn.exec:\5htntn.exe144⤵
-
\??\c:\bbbtnn.exec:\bbbtnn.exe145⤵
-
\??\c:\5vddv.exec:\5vddv.exe146⤵
-
\??\c:\djpjj.exec:\djpjj.exe147⤵
-
\??\c:\rrrffxf.exec:\rrrffxf.exe148⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe149⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe150⤵
-
\??\c:\vdvpj.exec:\vdvpj.exe151⤵
-
\??\c:\xrxrrrf.exec:\xrxrrrf.exe152⤵
-
\??\c:\xfrlffx.exec:\xfrlffx.exe153⤵
-
\??\c:\hhhnnt.exec:\hhhnnt.exe154⤵
-
\??\c:\tntttt.exec:\tntttt.exe155⤵
-
\??\c:\bhthth.exec:\bhthth.exe156⤵
-
\??\c:\ppdvp.exec:\ppdvp.exe157⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe158⤵
-
\??\c:\ffllfff.exec:\ffllfff.exe159⤵
-
\??\c:\lfflfff.exec:\lfflfff.exe160⤵
-
\??\c:\5tbbtb.exec:\5tbbtb.exe161⤵
-
\??\c:\nhhbbh.exec:\nhhbbh.exe162⤵
-
\??\c:\1dddd.exec:\1dddd.exe163⤵
-
\??\c:\rlrlffr.exec:\rlrlffr.exe164⤵
-
\??\c:\9xrlxxr.exec:\9xrlxxr.exe165⤵
-
\??\c:\bbtthb.exec:\bbtthb.exe166⤵
-
\??\c:\tttnnn.exec:\tttnnn.exe167⤵
-
\??\c:\3jjjd.exec:\3jjjd.exe168⤵
-
\??\c:\pddpj.exec:\pddpj.exe169⤵
-
\??\c:\lrxxxrx.exec:\lrxxxrx.exe170⤵
-
\??\c:\hntttb.exec:\hntttb.exe171⤵
-
\??\c:\jppjd.exec:\jppjd.exe172⤵
-
\??\c:\lllrrxr.exec:\lllrrxr.exe173⤵
-
\??\c:\hbntbh.exec:\hbntbh.exe174⤵
-
\??\c:\vpddd.exec:\vpddd.exe175⤵
-
\??\c:\llxxfrx.exec:\llxxfrx.exe176⤵
-
\??\c:\xrxrrxx.exec:\xrxrrxx.exe177⤵
-
\??\c:\htnhbt.exec:\htnhbt.exe178⤵
-
\??\c:\bthhbn.exec:\bthhbn.exe179⤵
-
\??\c:\7vdjv.exec:\7vdjv.exe180⤵
-
\??\c:\jpjpj.exec:\jpjpj.exe181⤵
-
\??\c:\pvvpd.exec:\pvvpd.exe182⤵
-
\??\c:\xfxfxlx.exec:\xfxfxlx.exe183⤵
-
\??\c:\9thhhh.exec:\9thhhh.exe184⤵
-
\??\c:\dppjj.exec:\dppjj.exe185⤵
-
\??\c:\3rrxllf.exec:\3rrxllf.exe186⤵
-
\??\c:\bhhhtt.exec:\bhhhtt.exe187⤵
-
\??\c:\vvvdd.exec:\vvvdd.exe188⤵
-
\??\c:\xxrlrrl.exec:\xxrlrrl.exe189⤵
-
\??\c:\pvjpv.exec:\pvjpv.exe190⤵
-
\??\c:\lflfffl.exec:\lflfffl.exe191⤵
-
\??\c:\tbbbtb.exec:\tbbbtb.exe192⤵
-
\??\c:\vjpvv.exec:\vjpvv.exe193⤵
-
\??\c:\vjpdd.exec:\vjpdd.exe194⤵
-
\??\c:\lllxxfl.exec:\lllxxfl.exe195⤵
-
\??\c:\hbtthn.exec:\hbtthn.exe196⤵
-
\??\c:\3hbhnt.exec:\3hbhnt.exe197⤵
-
\??\c:\jjvdp.exec:\jjvdp.exe198⤵
-
\??\c:\vjjpj.exec:\vjjpj.exe199⤵
-
\??\c:\rrrrlrr.exec:\rrrrlrr.exe200⤵
-
\??\c:\hbnhhn.exec:\hbnhhn.exe201⤵
-
\??\c:\1nbhtb.exec:\1nbhtb.exe202⤵
-
\??\c:\jvvdv.exec:\jvvdv.exe203⤵
-
\??\c:\ddjjv.exec:\ddjjv.exe204⤵
-
\??\c:\rrxxxff.exec:\rrxxxff.exe205⤵
-
\??\c:\5xllfll.exec:\5xllfll.exe206⤵
-
\??\c:\ttnnbn.exec:\ttnnbn.exe207⤵
-
\??\c:\thbnhh.exec:\thbnhh.exe208⤵
-
\??\c:\pjppj.exec:\pjppj.exe209⤵
-
\??\c:\1pppj.exec:\1pppj.exe210⤵
-
\??\c:\nhhntt.exec:\nhhntt.exe211⤵
-
\??\c:\dppvv.exec:\dppvv.exe212⤵
-
\??\c:\dpjjd.exec:\dpjjd.exe213⤵
-
\??\c:\9xxxrxx.exec:\9xxxrxx.exe214⤵
- System Location Discovery: System Language Discovery
-
\??\c:\tbhhhn.exec:\tbhhhn.exe215⤵
-
\??\c:\thttht.exec:\thttht.exe216⤵
-
\??\c:\3ppvv.exec:\3ppvv.exe217⤵
-
\??\c:\xxfxrrr.exec:\xxfxrrr.exe218⤵
-
\??\c:\llxxffl.exec:\llxxffl.exe219⤵
- System Location Discovery: System Language Discovery
-
\??\c:\bhttnn.exec:\bhttnn.exe220⤵
-
\??\c:\dpppj.exec:\dpppj.exe221⤵
-
\??\c:\rrrlflf.exec:\rrrlflf.exe222⤵
-
\??\c:\tttbbb.exec:\tttbbb.exe223⤵
-
\??\c:\nbnbbn.exec:\nbnbbn.exe224⤵
-
\??\c:\vvpjd.exec:\vvpjd.exe225⤵
-
\??\c:\9lxxfxf.exec:\9lxxfxf.exe226⤵
-
\??\c:\rrffrxr.exec:\rrffrxr.exe227⤵
-
\??\c:\hnntnb.exec:\hnntnb.exe228⤵
-
\??\c:\1nbhnt.exec:\1nbhnt.exe229⤵
-
\??\c:\nbhnhn.exec:\nbhnhn.exe230⤵
-
\??\c:\vvdvp.exec:\vvdvp.exe231⤵
-
\??\c:\vppjd.exec:\vppjd.exe232⤵
-
\??\c:\5lxlrxf.exec:\5lxlrxf.exe233⤵
-
\??\c:\ffxlrll.exec:\ffxlrll.exe234⤵
-
\??\c:\hhhhhb.exec:\hhhhhb.exe235⤵
-
\??\c:\1bnnnn.exec:\1bnnnn.exe236⤵
-
\??\c:\djjpj.exec:\djjpj.exe237⤵
-
\??\c:\pvvjp.exec:\pvvjp.exe238⤵
-
\??\c:\3fxrlrr.exec:\3fxrlrr.exe239⤵
-
\??\c:\rrrrxff.exec:\rrrrxff.exe240⤵
-
\??\c:\tthnbh.exec:\tthnbh.exe241⤵