Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
22-11-2024 04:24
General
-
Target
cc69023d29f668e2275b551cb9396cce4353f0ca51f3ab8a3950af0c687df31b.exe
-
Size
59KB
-
MD5
c6b0004e44a84f3897464ef81e6b0964
-
SHA1
7e91a91f43e3f6b3b4cfb3b43a93012c480f4ed8
-
SHA256
cc69023d29f668e2275b551cb9396cce4353f0ca51f3ab8a3950af0c687df31b
-
SHA512
90cbcae3e89b6b6e9a82033f650433e71a1770ba62f3d1589b461df0da995d13ae0d399d83c31e24989698d9c981391483870977838ba2fe911580eb4547eeb0
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFYuS:ymb3NkkiQ3mdBjFIFnS
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cc69023d29f668e2275b551cb9396cce4353f0ca51f3ab8a3950af0c687df31b.exe"C:\Users\Admin\AppData\Local\Temp\cc69023d29f668e2275b551cb9396cce4353f0ca51f3ab8a3950af0c687df31b.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\8448282.exec:\8448282.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8448264.exec:\8448264.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxrxrr.exec:\lxxrxrr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ffxrll.exec:\5ffxrll.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9btnnn.exec:\9btnnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddppd.exec:\ddppd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6422000.exec:\6422000.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jvpj.exec:\3jvpj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrfxfr.exec:\rxrfxfr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\86006.exec:\86006.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppjd.exec:\jppjd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbttb.exec:\nhbttb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnnbh.exec:\ttnnbh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nhbtn.exec:\9nhbtn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfffrrl.exec:\rfffrrl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bhnhb.exec:\1bhnhb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvv.exec:\jvdvv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2608080.exec:\2608080.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjpj.exec:\vvjpj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i864006.exec:\i864006.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\04202.exec:\04202.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfflfl.exec:\xlfflfl.exe23⤵
- Executes dropped EXE
-
\??\c:\02080.exec:\02080.exe24⤵
- Executes dropped EXE
-
\??\c:\44604.exec:\44604.exe25⤵
- Executes dropped EXE
-
\??\c:\9tnhtt.exec:\9tnhtt.exe26⤵
- Executes dropped EXE
-
\??\c:\fxlrflr.exec:\fxlrflr.exe27⤵
- Executes dropped EXE
-
\??\c:\fxrlxrl.exec:\fxrlxrl.exe28⤵
- Executes dropped EXE
-
\??\c:\060804.exec:\060804.exe29⤵
- Executes dropped EXE
-
\??\c:\xrxrlll.exec:\xrxrlll.exe30⤵
- Executes dropped EXE
-
\??\c:\jvdvv.exec:\jvdvv.exe31⤵
- Executes dropped EXE
-
\??\c:\26806.exec:\26806.exe32⤵
- Executes dropped EXE
-
\??\c:\nhbthb.exec:\nhbthb.exe33⤵
- Executes dropped EXE
-
\??\c:\pjppj.exec:\pjppj.exe34⤵
- Executes dropped EXE
-
\??\c:\484006.exec:\484006.exe35⤵
- Executes dropped EXE
-
\??\c:\26626.exec:\26626.exe36⤵
- Executes dropped EXE
-
\??\c:\8000826.exec:\8000826.exe37⤵
- Executes dropped EXE
-
\??\c:\dpppj.exec:\dpppj.exe38⤵
- Executes dropped EXE
-
\??\c:\88460.exec:\88460.exe39⤵
- Executes dropped EXE
-
\??\c:\bnbhnt.exec:\bnbhnt.exe40⤵
- Executes dropped EXE
-
\??\c:\40604.exec:\40604.exe41⤵
- Executes dropped EXE
-
\??\c:\ppjdv.exec:\ppjdv.exe42⤵
- Executes dropped EXE
-
\??\c:\nnnhbt.exec:\nnnhbt.exe43⤵
- Executes dropped EXE
-
\??\c:\lfffxxx.exec:\lfffxxx.exe44⤵
- Executes dropped EXE
-
\??\c:\ttnnhh.exec:\ttnnhh.exe45⤵
- Executes dropped EXE
-
\??\c:\httbnn.exec:\httbnn.exe46⤵
- Executes dropped EXE
-
\??\c:\480484.exec:\480484.exe47⤵
- Executes dropped EXE
-
\??\c:\bttntb.exec:\bttntb.exe48⤵
- Executes dropped EXE
-
\??\c:\o444888.exec:\o444888.exe49⤵
- Executes dropped EXE
-
\??\c:\nhbhth.exec:\nhbhth.exe50⤵
- Executes dropped EXE
-
\??\c:\vpjjj.exec:\vpjjj.exe51⤵
- Executes dropped EXE
-
\??\c:\xrrfxxr.exec:\xrrfxxr.exe52⤵
- Executes dropped EXE
-
\??\c:\btbbbb.exec:\btbbbb.exe53⤵
- Executes dropped EXE
-
\??\c:\rrrfrrf.exec:\rrrfrrf.exe54⤵
- Executes dropped EXE
-
\??\c:\m4000.exec:\m4000.exe55⤵
- Executes dropped EXE
-
\??\c:\048284.exec:\048284.exe56⤵
- Executes dropped EXE
-
\??\c:\hbhtth.exec:\hbhtth.exe57⤵
- Executes dropped EXE
-
\??\c:\s4044.exec:\s4044.exe58⤵
- Executes dropped EXE
-
\??\c:\3pvvj.exec:\3pvvj.exe59⤵
- Executes dropped EXE
-
\??\c:\9bhbbh.exec:\9bhbbh.exe60⤵
- Executes dropped EXE
-
\??\c:\4806006.exec:\4806006.exe61⤵
- Executes dropped EXE
-
\??\c:\bhtnbb.exec:\bhtnbb.exe62⤵
- Executes dropped EXE
-
\??\c:\04222.exec:\04222.exe63⤵
- Executes dropped EXE
-
\??\c:\6284848.exec:\6284848.exe64⤵
- Executes dropped EXE
-
\??\c:\bnntnt.exec:\bnntnt.exe65⤵
- Executes dropped EXE
-
\??\c:\ddvvd.exec:\ddvvd.exe66⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe67⤵
-
\??\c:\60244.exec:\60244.exe68⤵
-
\??\c:\xxlfrlx.exec:\xxlfrlx.exe69⤵
-
\??\c:\8400866.exec:\8400866.exe70⤵
-
\??\c:\04428.exec:\04428.exe71⤵
-
\??\c:\0204226.exec:\0204226.exe72⤵
-
\??\c:\nhttnn.exec:\nhttnn.exe73⤵
-
\??\c:\xrfrrfl.exec:\xrfrrfl.exe74⤵
-
\??\c:\48822.exec:\48822.exe75⤵
-
\??\c:\6282046.exec:\6282046.exe76⤵
-
\??\c:\ppjdj.exec:\ppjdj.exe77⤵
-
\??\c:\i240684.exec:\i240684.exe78⤵
-
\??\c:\6448406.exec:\6448406.exe79⤵
-
\??\c:\88488.exec:\88488.exe80⤵
-
\??\c:\5djdv.exec:\5djdv.exe81⤵
-
\??\c:\fxllrrl.exec:\fxllrrl.exe82⤵
-
\??\c:\i060222.exec:\i060222.exe83⤵
-
\??\c:\60040.exec:\60040.exe84⤵
-
\??\c:\llffxfx.exec:\llffxfx.exe85⤵
-
\??\c:\s8444.exec:\s8444.exe86⤵
-
\??\c:\u406868.exec:\u406868.exe87⤵
-
\??\c:\ttntnn.exec:\ttntnn.exe88⤵
-
\??\c:\208262.exec:\208262.exe89⤵
-
\??\c:\7pvvp.exec:\7pvvp.exe90⤵
-
\??\c:\46826.exec:\46826.exe91⤵
-
\??\c:\vdpjd.exec:\vdpjd.exe92⤵
-
\??\c:\e06044.exec:\e06044.exe93⤵
-
\??\c:\4288280.exec:\4288280.exe94⤵
-
\??\c:\rxfffff.exec:\rxfffff.exe95⤵
-
\??\c:\btnhhh.exec:\btnhhh.exe96⤵
-
\??\c:\c400448.exec:\c400448.exe97⤵
-
\??\c:\nntttb.exec:\nntttb.exe98⤵
-
\??\c:\04468.exec:\04468.exe99⤵
-
\??\c:\nhnnnn.exec:\nhnnnn.exe100⤵
-
\??\c:\206606.exec:\206606.exe101⤵
-
\??\c:\nnnnhn.exec:\nnnnhn.exe102⤵
-
\??\c:\486066.exec:\486066.exe103⤵
-
\??\c:\88262.exec:\88262.exe104⤵
-
\??\c:\hntnhh.exec:\hntnhh.exe105⤵
-
\??\c:\3lxrxfl.exec:\3lxrxfl.exe106⤵
-
\??\c:\xxrllrr.exec:\xxrllrr.exe107⤵
-
\??\c:\vvvvv.exec:\vvvvv.exe108⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe109⤵
-
\??\c:\w22266.exec:\w22266.exe110⤵
-
\??\c:\00226.exec:\00226.exe111⤵
-
\??\c:\dpvpv.exec:\dpvpv.exe112⤵
-
\??\c:\o866000.exec:\o866000.exe113⤵
-
\??\c:\66400.exec:\66400.exe114⤵
-
\??\c:\5vjjd.exec:\5vjjd.exe115⤵
-
\??\c:\060462.exec:\060462.exe116⤵
-
\??\c:\42820.exec:\42820.exe117⤵
-
\??\c:\24266.exec:\24266.exe118⤵
-
\??\c:\0426220.exec:\0426220.exe119⤵
-
\??\c:\22222.exec:\22222.exe120⤵
-
\??\c:\22822.exec:\22822.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-