Analysis
-
max time kernel
150s -
max time network
135s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
22-11-2024 02:19
General
-
Target
98f6a9eb5af52fca53cceedf89688553b42758ea49e4b4a52d493ec5d0e20720.exe
-
Size
453KB
-
MD5
1ed920f9954d0971060e9a75577cd7ac
-
SHA1
16f3876f008c05239a2ea00423cda1762a2959ac
-
SHA256
98f6a9eb5af52fca53cceedf89688553b42758ea49e4b4a52d493ec5d0e20720
-
SHA512
66ac63cab28eeddc2b79905b29fc94fff96ca64956406ee7e3e8aa71ba9bf00420627f45bf904a8bedf43b31091af88bd20a40267f363ad97214333224cd69c8
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeW:q7Tc2NYHUrAwfMp3CDW
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 62 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\98f6a9eb5af52fca53cceedf89688553b42758ea49e4b4a52d493ec5d0e20720.exe"C:\Users\Admin\AppData\Local\Temp\98f6a9eb5af52fca53cceedf89688553b42758ea49e4b4a52d493ec5d0e20720.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3fxlffx.exec:\3fxlffx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhhb.exec:\nhnhhb.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\5jvpj.exec:\5jvpj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ppjv.exec:\9ppjv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllxrlx.exec:\fllxrlx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddvj.exec:\vddvj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbthh.exec:\thbthh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rrlxrl.exec:\7rrlxrl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvp.exec:\jddvp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbthb.exec:\nhbthb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bbnbt.exec:\5bbnbt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflrllf.exec:\rflrllf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dddp.exec:\9dddp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3frlrll.exec:\3frlrll.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthtbh.exec:\bthtbh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrxxf.exec:\rlrrxxf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rlfrrl.exec:\1rlfrrl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvp.exec:\pjdvp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtbtt.exec:\hhtbtt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdpj.exec:\dpdpj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhhh.exec:\tnnhhh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxrrl.exec:\lffxrrl.exe23⤵
- Executes dropped EXE
-
\??\c:\hhtnhh.exec:\hhtnhh.exe24⤵
- Executes dropped EXE
-
\??\c:\xrxxlfx.exec:\xrxxlfx.exe25⤵
- Executes dropped EXE
-
\??\c:\pvvjv.exec:\pvvjv.exe26⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\nbhbbt.exec:\nbhbbt.exe27⤵
- Executes dropped EXE
-
\??\c:\vvjdj.exec:\vvjdj.exe28⤵
- Executes dropped EXE
-
\??\c:\bnnbnh.exec:\bnnbnh.exe29⤵
- Executes dropped EXE
-
\??\c:\vvjvp.exec:\vvjvp.exe30⤵
- Executes dropped EXE
-
\??\c:\lflfrrl.exec:\lflfrrl.exe31⤵
- Executes dropped EXE
-
\??\c:\tnhbtt.exec:\tnhbtt.exe32⤵
- Executes dropped EXE
-
\??\c:\djddp.exec:\djddp.exe33⤵
- Executes dropped EXE
-
\??\c:\vddvj.exec:\vddvj.exe34⤵
- Executes dropped EXE
-
\??\c:\xfffffx.exec:\xfffffx.exe35⤵
- Executes dropped EXE
-
\??\c:\1bbtnn.exec:\1bbtnn.exe36⤵
- Executes dropped EXE
-
\??\c:\bthbnn.exec:\bthbnn.exe37⤵
- Executes dropped EXE
-
\??\c:\3pjvj.exec:\3pjvj.exe38⤵
- Executes dropped EXE
-
\??\c:\lfllrlx.exec:\lfllrlx.exe39⤵
- Executes dropped EXE
-
\??\c:\vjdpp.exec:\vjdpp.exe40⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\xxlffff.exec:\xxlffff.exe41⤵
- Executes dropped EXE
-
\??\c:\rrxlfxl.exec:\rrxlfxl.exe42⤵
- Executes dropped EXE
-
\??\c:\hthhnh.exec:\hthhnh.exe43⤵
- Executes dropped EXE
-
\??\c:\ddjdd.exec:\ddjdd.exe44⤵
- Executes dropped EXE
-
\??\c:\rlllxrx.exec:\rlllxrx.exe45⤵
- Executes dropped EXE
-
\??\c:\htbtnn.exec:\htbtnn.exe46⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\nbhbtt.exec:\nbhbtt.exe47⤵
- Executes dropped EXE
-
\??\c:\jppdp.exec:\jppdp.exe48⤵
- Executes dropped EXE
-
\??\c:\flrlfff.exec:\flrlfff.exe49⤵
- Executes dropped EXE
-
\??\c:\hhnnhh.exec:\hhnnhh.exe50⤵
- Executes dropped EXE
-
\??\c:\vdvdp.exec:\vdvdp.exe51⤵
- Executes dropped EXE
-
\??\c:\rllfrrl.exec:\rllfrrl.exe52⤵
- Executes dropped EXE
-
\??\c:\bnnhtn.exec:\bnnhtn.exe53⤵
- Executes dropped EXE
-
\??\c:\dpdvv.exec:\dpdvv.exe54⤵
- Executes dropped EXE
-
\??\c:\pvjdv.exec:\pvjdv.exe55⤵
- Executes dropped EXE
-
\??\c:\rflxrrl.exec:\rflxrrl.exe56⤵
- Executes dropped EXE
-
\??\c:\3bhntt.exec:\3bhntt.exe57⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe58⤵
- Executes dropped EXE
-
\??\c:\dpvpj.exec:\dpvpj.exe59⤵
- Executes dropped EXE
-
\??\c:\rrxrlxr.exec:\rrxrlxr.exe60⤵
- Executes dropped EXE
-
\??\c:\bhbbtt.exec:\bhbbtt.exe61⤵
- Executes dropped EXE
-
\??\c:\vvvpj.exec:\vvvpj.exe62⤵
- Executes dropped EXE
-
\??\c:\dpvvv.exec:\dpvvv.exe63⤵
- Executes dropped EXE
-
\??\c:\lrlxfrl.exec:\lrlxfrl.exe64⤵
- Executes dropped EXE
-
\??\c:\htbnnn.exec:\htbnnn.exe65⤵
- Executes dropped EXE
-
\??\c:\jvvjd.exec:\jvvjd.exe66⤵
-
\??\c:\xxfxrrr.exec:\xxfxrrr.exe67⤵
-
\??\c:\htnnhn.exec:\htnnhn.exe68⤵
-
\??\c:\jjdvj.exec:\jjdvj.exe69⤵
-
\??\c:\xrfrlfx.exec:\xrfrlfx.exe70⤵
-
\??\c:\9nhhbh.exec:\9nhhbh.exe71⤵
-
\??\c:\3ntnnn.exec:\3ntnnn.exe72⤵
-
\??\c:\9pvvp.exec:\9pvvp.exe73⤵
-
\??\c:\llllfxr.exec:\llllfxr.exe74⤵
-
\??\c:\hbhbtt.exec:\hbhbtt.exe75⤵
-
\??\c:\1vvpd.exec:\1vvpd.exe76⤵
-
\??\c:\rxxrrlf.exec:\rxxrrlf.exe77⤵
- System Location Discovery: System Language Discovery
-
\??\c:\lrffxxr.exec:\lrffxxr.exe78⤵
-
\??\c:\htbtnb.exec:\htbtnb.exe79⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe80⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe81⤵
-
\??\c:\lrffxxl.exec:\lrffxxl.exe82⤵
-
\??\c:\bttnhb.exec:\bttnhb.exe83⤵
-
\??\c:\vjjvj.exec:\vjjvj.exe84⤵
-
\??\c:\frxxrxr.exec:\frxxrxr.exe85⤵
-
\??\c:\hhbthb.exec:\hhbthb.exe86⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe87⤵
-
\??\c:\rllfrlf.exec:\rllfrlf.exe88⤵
-
\??\c:\xxlfxxr.exec:\xxlfxxr.exe89⤵
-
\??\c:\htbbtn.exec:\htbbtn.exe90⤵
-
\??\c:\vdpjd.exec:\vdpjd.exe91⤵
-
\??\c:\7jvvj.exec:\7jvvj.exe92⤵
-
\??\c:\xxfxllx.exec:\xxfxllx.exe93⤵
-
\??\c:\hntnhb.exec:\hntnhb.exe94⤵
-
\??\c:\3ddpd.exec:\3ddpd.exe95⤵
-
\??\c:\5xxrrfx.exec:\5xxrrfx.exe96⤵
-
\??\c:\hhnhbb.exec:\hhnhbb.exe97⤵
-
\??\c:\nhnnnn.exec:\nhnnnn.exe98⤵
-
\??\c:\djjdj.exec:\djjdj.exe99⤵
-
\??\c:\xrrlffx.exec:\xrrlffx.exe100⤵
-
\??\c:\ffrxrlf.exec:\ffrxrlf.exe101⤵
-
\??\c:\tbhtnn.exec:\tbhtnn.exe102⤵
-
\??\c:\9ppjv.exec:\9ppjv.exe103⤵
-
\??\c:\xlxrrrx.exec:\xlxrrrx.exe104⤵
-
\??\c:\xlxxrrr.exec:\xlxxrrr.exe105⤵
- System Location Discovery: System Language Discovery
-
\??\c:\nbhbbt.exec:\nbhbbt.exe106⤵
-
\??\c:\ppdpp.exec:\ppdpp.exe107⤵
-
\??\c:\rxlfflf.exec:\rxlfflf.exe108⤵
-
\??\c:\rrxffff.exec:\rrxffff.exe109⤵
-
\??\c:\bbhttn.exec:\bbhttn.exe110⤵
-
\??\c:\1djdp.exec:\1djdp.exe111⤵
-
\??\c:\7ffxllf.exec:\7ffxllf.exe112⤵
-
\??\c:\frlrfxf.exec:\frlrfxf.exe113⤵
-
\??\c:\tbhbtt.exec:\tbhbtt.exe114⤵
-
\??\c:\pvdvp.exec:\pvdvp.exe115⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jjpdv.exec:\jjpdv.exe116⤵
-
\??\c:\nnthtn.exec:\nnthtn.exe117⤵
-
\??\c:\nbnbtn.exec:\nbnbtn.exe118⤵
-
\??\c:\vjdvp.exec:\vjdvp.exe119⤵
-
\??\c:\llxllxr.exec:\llxllxr.exe120⤵
-
\??\c:\llrrrrr.exec:\llrrrrr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-