Analysis
-
max time kernel
150s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
21-11-2024 19:43
General
-
Target
0e07450946f752516b4dc5143a3b4bf62d4e1a6dd38d65071c06b92d41ae5f55.exe
-
Size
83KB
-
MD5
dde42bb5a1d2c319d00552409377114f
-
SHA1
a4521c029656ccdc21173d2f3ab9eb6de23e0bb7
-
SHA256
0e07450946f752516b4dc5143a3b4bf62d4e1a6dd38d65071c06b92d41ae5f55
-
SHA512
8e449cd8d235c3cbf87aab4e0d3e74956be7e9b5d956dce0c1a879fec6ab12626123265b7cefd7b397b72edcaf0e07511394dd129791efeec1e8756da45983dd
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA89QJf:ymb3NkkiQ3mdBjFIIp9L9QrrA86
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0e07450946f752516b4dc5143a3b4bf62d4e1a6dd38d65071c06b92d41ae5f55.exe"C:\Users\Admin\AppData\Local\Temp\0e07450946f752516b4dc5143a3b4bf62d4e1a6dd38d65071c06b92d41ae5f55.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjpd.exec:\jpjpd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpjd.exec:\djpjd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\664644.exec:\664644.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\48888.exec:\48888.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\240040.exec:\240040.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrlfff.exec:\rxrlfff.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlllfx.exec:\xrlllfx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vddv.exec:\3vddv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnbbb.exec:\hhnbbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhthn.exec:\bhhthn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\26806.exec:\26806.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjd.exec:\jdjjd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\248660.exec:\248660.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\00426.exec:\00426.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\68068.exec:\68068.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bnttb.exec:\9bnttb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjpp.exec:\vvjpp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdddv.exec:\pdddv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbtnn.exec:\hnbtnn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0244888.exec:\0244888.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdjj.exec:\vvdjj.exe22⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhhhb.exec:\hhhhhb.exe23⤵
- Executes dropped EXE
-
\??\c:\882802.exec:\882802.exe24⤵
- Executes dropped EXE
-
\??\c:\2404486.exec:\2404486.exe25⤵
- Executes dropped EXE
-
\??\c:\w28822.exec:\w28822.exe26⤵
- Executes dropped EXE
-
\??\c:\vjjpd.exec:\vjjpd.exe27⤵
- Executes dropped EXE
-
\??\c:\m2464.exec:\m2464.exe28⤵
- Executes dropped EXE
-
\??\c:\q24444.exec:\q24444.exe29⤵
- Executes dropped EXE
-
\??\c:\5rffllx.exec:\5rffllx.exe30⤵
- Executes dropped EXE
-
\??\c:\jjjpj.exec:\jjjpj.exe31⤵
- Executes dropped EXE
-
\??\c:\66804.exec:\66804.exe32⤵
- Executes dropped EXE
-
\??\c:\thttth.exec:\thttth.exe33⤵
- Executes dropped EXE
-
\??\c:\64428.exec:\64428.exe34⤵
- Executes dropped EXE
-
\??\c:\286862.exec:\286862.exe35⤵
- Executes dropped EXE
-
\??\c:\228862.exec:\228862.exe36⤵
- Executes dropped EXE
-
\??\c:\thtnbb.exec:\thtnbb.exe37⤵
- Executes dropped EXE
-
\??\c:\8260826.exec:\8260826.exe38⤵
- Executes dropped EXE
-
\??\c:\002226.exec:\002226.exe39⤵
- Executes dropped EXE
-
\??\c:\lrxflrx.exec:\lrxflrx.exe40⤵
- Executes dropped EXE
-
\??\c:\608848.exec:\608848.exe41⤵
- Executes dropped EXE
-
\??\c:\ppvpj.exec:\ppvpj.exe42⤵
- Executes dropped EXE
-
\??\c:\8842284.exec:\8842284.exe43⤵
- Executes dropped EXE
-
\??\c:\5nnnnn.exec:\5nnnnn.exe44⤵
- Executes dropped EXE
-
\??\c:\6060444.exec:\6060444.exe45⤵
- Executes dropped EXE
-
\??\c:\2062288.exec:\2062288.exe46⤵
- Executes dropped EXE
-
\??\c:\flffffx.exec:\flffffx.exe47⤵
- Executes dropped EXE
-
\??\c:\82420.exec:\82420.exe48⤵
- Executes dropped EXE
-
\??\c:\44004.exec:\44004.exe49⤵
- Executes dropped EXE
-
\??\c:\1pvvp.exec:\1pvvp.exe50⤵
- Executes dropped EXE
-
\??\c:\0244888.exec:\0244888.exe51⤵
- Executes dropped EXE
-
\??\c:\6022440.exec:\6022440.exe52⤵
- Executes dropped EXE
-
\??\c:\828046.exec:\828046.exe53⤵
- Executes dropped EXE
-
\??\c:\thbtbn.exec:\thbtbn.exe54⤵
- Executes dropped EXE
-
\??\c:\xrlflxl.exec:\xrlflxl.exe55⤵
- Executes dropped EXE
-
\??\c:\hbhhbb.exec:\hbhhbb.exe56⤵
- Executes dropped EXE
-
\??\c:\ppddj.exec:\ppddj.exe57⤵
- Executes dropped EXE
-
\??\c:\tttntt.exec:\tttntt.exe58⤵
- Executes dropped EXE
-
\??\c:\w62266.exec:\w62266.exe59⤵
- Executes dropped EXE
-
\??\c:\btbbtb.exec:\btbbtb.exe60⤵
- Executes dropped EXE
-
\??\c:\620682.exec:\620682.exe61⤵
- Executes dropped EXE
-
\??\c:\ffrxffx.exec:\ffrxffx.exe62⤵
- Executes dropped EXE
-
\??\c:\ntntbh.exec:\ntntbh.exe63⤵
- Executes dropped EXE
-
\??\c:\vvvvp.exec:\vvvvp.exe64⤵
- Executes dropped EXE
-
\??\c:\80642.exec:\80642.exe65⤵
- Executes dropped EXE
-
\??\c:\60446.exec:\60446.exe66⤵
-
\??\c:\pjjjp.exec:\pjjjp.exe67⤵
-
\??\c:\fxfxrrr.exec:\fxfxrrr.exe68⤵
-
\??\c:\2688440.exec:\2688440.exe69⤵
- System Location Discovery: System Language Discovery
-
\??\c:\4886064.exec:\4886064.exe70⤵
-
\??\c:\2408226.exec:\2408226.exe71⤵
-
\??\c:\2400000.exec:\2400000.exe72⤵
-
\??\c:\w68804.exec:\w68804.exe73⤵
-
\??\c:\djppp.exec:\djppp.exe74⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe75⤵
-
\??\c:\thhbtn.exec:\thhbtn.exe76⤵
-
\??\c:\ntthnt.exec:\ntthnt.exe77⤵
-
\??\c:\ffrrllf.exec:\ffrrllf.exe78⤵
-
\??\c:\624000.exec:\624000.exe79⤵
-
\??\c:\3ntnhh.exec:\3ntnhh.exe80⤵
-
\??\c:\dpppp.exec:\dpppp.exe81⤵
-
\??\c:\bhhhbb.exec:\bhhhbb.exe82⤵
-
\??\c:\djjjj.exec:\djjjj.exe83⤵
-
\??\c:\fxxxfrl.exec:\fxxxfrl.exe84⤵
-
\??\c:\o422884.exec:\o422884.exe85⤵
-
\??\c:\68004.exec:\68004.exe86⤵
-
\??\c:\7xxxllr.exec:\7xxxllr.exe87⤵
-
\??\c:\6222666.exec:\6222666.exe88⤵
-
\??\c:\28604.exec:\28604.exe89⤵
-
\??\c:\djppp.exec:\djppp.exe90⤵
-
\??\c:\w68862.exec:\w68862.exe91⤵
-
\??\c:\4468246.exec:\4468246.exe92⤵
-
\??\c:\7rrfllx.exec:\7rrfllx.exe93⤵
-
\??\c:\c404488.exec:\c404488.exe94⤵
-
\??\c:\822828.exec:\822828.exe95⤵
-
\??\c:\rffxrxr.exec:\rffxrxr.exe96⤵
-
\??\c:\lxlxxrx.exec:\lxlxxrx.exe97⤵
-
\??\c:\426288.exec:\426288.exe98⤵
-
\??\c:\600082.exec:\600082.exe99⤵
-
\??\c:\480064.exec:\480064.exe100⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe101⤵
-
\??\c:\042886.exec:\042886.exe102⤵
-
\??\c:\60664.exec:\60664.exe103⤵
-
\??\c:\s0824.exec:\s0824.exe104⤵
-
\??\c:\hhhbtt.exec:\hhhbtt.exe105⤵
-
\??\c:\jdddv.exec:\jdddv.exe106⤵
-
\??\c:\u460448.exec:\u460448.exe107⤵
-
\??\c:\u022268.exec:\u022268.exe108⤵
-
\??\c:\62882.exec:\62882.exe109⤵
-
\??\c:\862206.exec:\862206.exe110⤵
-
\??\c:\rlfxrrl.exec:\rlfxrrl.exe111⤵
-
\??\c:\nbhtbt.exec:\nbhtbt.exe112⤵
-
\??\c:\24666.exec:\24666.exe113⤵
-
\??\c:\46886.exec:\46886.exe114⤵
-
\??\c:\hbnhtb.exec:\hbnhtb.exe115⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe116⤵
-
\??\c:\llxrrrx.exec:\llxrrrx.exe117⤵
-
\??\c:\202828.exec:\202828.exe118⤵
-
\??\c:\frrrfll.exec:\frrrfll.exe119⤵
-
\??\c:\400040.exec:\400040.exe120⤵
-
\??\c:\46222.exec:\46222.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-