Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
22-11-2024 22:46
General
-
Target
84d0f15d3fb2cb31e1c2b24712dcb5c9bd7c1d3231c4349955d1bf3a8c2b7538N.exe
-
Size
70KB
-
MD5
5460e8f86f5cb913e24c019de9eaefd0
-
SHA1
c869024f828b4f6a88b5a3199436f7e104a3d5ac
-
SHA256
84d0f15d3fb2cb31e1c2b24712dcb5c9bd7c1d3231c4349955d1bf3a8c2b7538
-
SHA512
75f0fa202907e462c4539e567db3d30d6086223c6a8d7e927cab0fcf2a3c39b5b28e8925bc1e6ff5b1dc5a4d45c3815619d04c963de1077da77ac7b5560104d6
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6Mu/ePS3Ag:ymb3NkkiQ3mdBjFI46TQg
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\84d0f15d3fb2cb31e1c2b24712dcb5c9bd7c1d3231c4349955d1bf3a8c2b7538N.exe"C:\Users\Admin\AppData\Local\Temp\84d0f15d3fb2cb31e1c2b24712dcb5c9bd7c1d3231c4349955d1bf3a8c2b7538N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbbbt.exec:\tbbbbt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhbnb.exec:\bhhbnb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vdvd.exec:\3vdvd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjdv.exec:\dpjdv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrxxr.exec:\xrxrxxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnnhh.exec:\bnnnhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjdv.exec:\ddjdv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rxrlrl.exec:\5rxrlrl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhhn.exec:\btnhhn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jvpj.exec:\1jvpj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlfxxr.exec:\rxlfxxr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnnh.exec:\hbtnnh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdp.exec:\jdjdp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxfff.exec:\fxfxfff.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnntnn.exec:\nnntnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbtn.exec:\tnhbtn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pvpd.exec:\5pvpd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fxrflx.exec:\9fxrflx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbtt.exec:\tnhbtt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjd.exec:\dppjd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlxxx.exec:\fxrlxxx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrrrlf.exec:\fxrrrlf.exe23⤵
- Executes dropped EXE
-
\??\c:\1bnnhh.exec:\1bnnhh.exe24⤵
- Executes dropped EXE
-
\??\c:\hhhhbn.exec:\hhhhbn.exe25⤵
- Executes dropped EXE
-
\??\c:\jdpjj.exec:\jdpjj.exe26⤵
- Executes dropped EXE
-
\??\c:\frfxxxf.exec:\frfxxxf.exe27⤵
- Executes dropped EXE
-
\??\c:\nhtnnn.exec:\nhtnnn.exe28⤵
- Executes dropped EXE
-
\??\c:\3hhhnh.exec:\3hhhnh.exe29⤵
- Executes dropped EXE
-
\??\c:\jpppj.exec:\jpppj.exe30⤵
- Executes dropped EXE
-
\??\c:\3fxrrlr.exec:\3fxrrlr.exe31⤵
- Executes dropped EXE
-
\??\c:\hbttnn.exec:\hbttnn.exe32⤵
- Executes dropped EXE
-
\??\c:\btbnnn.exec:\btbnnn.exe33⤵
- Executes dropped EXE
-
\??\c:\5jpvp.exec:\5jpvp.exe34⤵
- Executes dropped EXE
-
\??\c:\xrrrfxr.exec:\xrrrfxr.exe35⤵
- Executes dropped EXE
-
\??\c:\7nnnhb.exec:\7nnnhb.exe36⤵
- Executes dropped EXE
-
\??\c:\httnbb.exec:\httnbb.exe37⤵
- Executes dropped EXE
-
\??\c:\pjddd.exec:\pjddd.exe38⤵
- Executes dropped EXE
-
\??\c:\1flxxrx.exec:\1flxxrx.exe39⤵
- Executes dropped EXE
-
\??\c:\htbbhh.exec:\htbbhh.exe40⤵
- Executes dropped EXE
-
\??\c:\1jppj.exec:\1jppj.exe41⤵
- Executes dropped EXE
-
\??\c:\pjvpv.exec:\pjvpv.exe42⤵
- Executes dropped EXE
-
\??\c:\flxrrrx.exec:\flxrrrx.exe43⤵
- Executes dropped EXE
-
\??\c:\9xxrrxx.exec:\9xxrrxx.exe44⤵
- Executes dropped EXE
-
\??\c:\tnnhnt.exec:\tnnhnt.exe45⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe46⤵
- Executes dropped EXE
-
\??\c:\nbhnbh.exec:\nbhnbh.exe47⤵
- Executes dropped EXE
-
\??\c:\9vvpj.exec:\9vvpj.exe48⤵
- Executes dropped EXE
-
\??\c:\dddvp.exec:\dddvp.exe49⤵
- Executes dropped EXE
-
\??\c:\bnnhbb.exec:\bnnhbb.exe50⤵
- Executes dropped EXE
-
\??\c:\9hhbtt.exec:\9hhbtt.exe51⤵
- Executes dropped EXE
-
\??\c:\dvvvj.exec:\dvvvj.exe52⤵
- Executes dropped EXE
-
\??\c:\jvvpd.exec:\jvvpd.exe53⤵
- Executes dropped EXE
-
\??\c:\fxfrllx.exec:\fxfrllx.exe54⤵
- Executes dropped EXE
-
\??\c:\xlfxxrl.exec:\xlfxxrl.exe55⤵
- Executes dropped EXE
-
\??\c:\tnbbth.exec:\tnbbth.exe56⤵
- Executes dropped EXE
-
\??\c:\pvdvp.exec:\pvdvp.exe57⤵
- Executes dropped EXE
-
\??\c:\7pvpp.exec:\7pvpp.exe58⤵
- Executes dropped EXE
-
\??\c:\lxxlfxr.exec:\lxxlfxr.exe59⤵
- Executes dropped EXE
-
\??\c:\5frxxxr.exec:\5frxxxr.exe60⤵
- Executes dropped EXE
-
\??\c:\bnhhtn.exec:\bnhhtn.exe61⤵
- Executes dropped EXE
-
\??\c:\7nhbnn.exec:\7nhbnn.exe62⤵
- Executes dropped EXE
-
\??\c:\vjjjv.exec:\vjjjv.exe63⤵
- Executes dropped EXE
-
\??\c:\3xrlxxr.exec:\3xrlxxr.exe64⤵
- Executes dropped EXE
-
\??\c:\llxrffx.exec:\llxrffx.exe65⤵
- Executes dropped EXE
-
\??\c:\nnnhhh.exec:\nnnhhh.exe66⤵
-
\??\c:\nthhbb.exec:\nthhbb.exe67⤵
-
\??\c:\pjpdv.exec:\pjpdv.exe68⤵
-
\??\c:\pvvpd.exec:\pvvpd.exe69⤵
-
\??\c:\rxxxrrr.exec:\rxxxrrr.exe70⤵
-
\??\c:\rfffrrr.exec:\rfffrrr.exe71⤵
-
\??\c:\nnnnnn.exec:\nnnnnn.exe72⤵
-
\??\c:\rlrrlll.exec:\rlrrlll.exe73⤵
-
\??\c:\rflfxrl.exec:\rflfxrl.exe74⤵
-
\??\c:\tbhhhh.exec:\tbhhhh.exe75⤵
-
\??\c:\pjddp.exec:\pjddp.exe76⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe77⤵
-
\??\c:\rflrlrr.exec:\rflrlrr.exe78⤵
-
\??\c:\xrrrflf.exec:\xrrrflf.exe79⤵
-
\??\c:\nnnnnn.exec:\nnnnnn.exe80⤵
-
\??\c:\tnnhnn.exec:\tnnhnn.exe81⤵
-
\??\c:\dpdjv.exec:\dpdjv.exe82⤵
-
\??\c:\9xxlxxr.exec:\9xxlxxr.exe83⤵
-
\??\c:\fxxrllf.exec:\fxxrllf.exe84⤵
-
\??\c:\bnnhtt.exec:\bnnhtt.exe85⤵
-
\??\c:\nnnnnn.exec:\nnnnnn.exe86⤵
-
\??\c:\ppdjj.exec:\ppdjj.exe87⤵
-
\??\c:\xffxrxr.exec:\xffxrxr.exe88⤵
-
\??\c:\1llfxfx.exec:\1llfxfx.exe89⤵
-
\??\c:\7tnhhh.exec:\7tnhhh.exe90⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe91⤵
-
\??\c:\vpvjd.exec:\vpvjd.exe92⤵
-
\??\c:\flrfrfx.exec:\flrfrfx.exe93⤵
-
\??\c:\nhbtnh.exec:\nhbtnh.exe94⤵
-
\??\c:\9ddpj.exec:\9ddpj.exe95⤵
-
\??\c:\jjvvp.exec:\jjvvp.exe96⤵
-
\??\c:\tnnnhb.exec:\tnnnhb.exe97⤵
-
\??\c:\3tnhtn.exec:\3tnhtn.exe98⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe99⤵
-
\??\c:\ddddv.exec:\ddddv.exe100⤵
-
\??\c:\lrrlxlx.exec:\lrrlxlx.exe101⤵
-
\??\c:\llxrllx.exec:\llxrllx.exe102⤵
-
\??\c:\hntnhh.exec:\hntnhh.exe103⤵
-
\??\c:\1hnnhn.exec:\1hnnhn.exe104⤵
-
\??\c:\9bhhbh.exec:\9bhhbh.exe105⤵
-
\??\c:\dvdpj.exec:\dvdpj.exe106⤵
-
\??\c:\lfrlxxf.exec:\lfrlxxf.exe107⤵
-
\??\c:\flrxxxx.exec:\flrxxxx.exe108⤵
-
\??\c:\tnhnhn.exec:\tnhnhn.exe109⤵
- System Location Discovery: System Language Discovery
-
\??\c:\dppjd.exec:\dppjd.exe110⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe111⤵
-
\??\c:\jjpvp.exec:\jjpvp.exe112⤵
-
\??\c:\xlrfxxr.exec:\xlrfxxr.exe113⤵
-
\??\c:\hhhhhn.exec:\hhhhhn.exe114⤵
-
\??\c:\nnbtbb.exec:\nnbtbb.exe115⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe116⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe117⤵
-
\??\c:\lfxrfxf.exec:\lfxrfxf.exe118⤵
-
\??\c:\hnntnn.exec:\hnntnn.exe119⤵
-
\??\c:\9thbnn.exec:\9thbnn.exe120⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-