Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
22-11-2024 03:49
General
-
Target
c05f68db062e5fac78518762a9456b52f5f99365faaf51aee7f722587d1b539b.exe
-
Size
453KB
-
MD5
cc4d46815384798476dfe3a17633726f
-
SHA1
da32d8c42958b8c85cc8f98d8b67743c21ac1caa
-
SHA256
c05f68db062e5fac78518762a9456b52f5f99365faaf51aee7f722587d1b539b
-
SHA512
c8b147afac53acba404e8b00fd1c3a12881e65cbd8f4938b054878429598a7c5631efc758c98dd159728b63dbfd6ed45acd575fd2084324e350206fd08cc4b87
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeM:q7Tc2NYHUrAwfMp3CDM
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c05f68db062e5fac78518762a9456b52f5f99365faaf51aee7f722587d1b539b.exe"C:\Users\Admin\AppData\Local\Temp\c05f68db062e5fac78518762a9456b52f5f99365faaf51aee7f722587d1b539b.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\84224.exec:\84224.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\66204.exec:\66204.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vddv.exec:\5vddv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbttt.exec:\tbbttt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e28226.exec:\e28226.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\26048.exec:\26048.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxxxrx.exec:\lxxxxrx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\82848.exec:\82848.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhbh.exec:\nhhhbh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\022666.exec:\022666.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdddp.exec:\vdddp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6886866.exec:\6886866.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjp.exec:\dvjjp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfllllf.exec:\rfllllf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdv.exec:\vvjdv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjvv.exec:\djjvv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\462020.exec:\462020.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbhh.exec:\nbhbhh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0266606.exec:\0266606.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdp.exec:\pjjdp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xxlfrr.exec:\5xxlfrr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrrrff.exec:\lxrrrff.exe23⤵
- Executes dropped EXE
-
\??\c:\208800.exec:\208800.exe24⤵
- Executes dropped EXE
-
\??\c:\hhhhht.exec:\hhhhht.exe25⤵
- Executes dropped EXE
-
\??\c:\822660.exec:\822660.exe26⤵
- Executes dropped EXE
-
\??\c:\pjjvv.exec:\pjjvv.exe27⤵
- Executes dropped EXE
-
\??\c:\884864.exec:\884864.exe28⤵
- Executes dropped EXE
-
\??\c:\68260.exec:\68260.exe29⤵
- Executes dropped EXE
-
\??\c:\dvpjd.exec:\dvpjd.exe30⤵
- Executes dropped EXE
-
\??\c:\nhnhhh.exec:\nhnhhh.exe31⤵
- Executes dropped EXE
-
\??\c:\486202.exec:\486202.exe32⤵
- Executes dropped EXE
-
\??\c:\9rxlfxr.exec:\9rxlfxr.exe33⤵
- Executes dropped EXE
-
\??\c:\260060.exec:\260060.exe34⤵
- Executes dropped EXE
-
\??\c:\k08200.exec:\k08200.exe35⤵
- Executes dropped EXE
-
\??\c:\824622.exec:\824622.exe36⤵
- Executes dropped EXE
-
\??\c:\80264.exec:\80264.exe37⤵
- Executes dropped EXE
-
\??\c:\8660666.exec:\8660666.exe38⤵
- Executes dropped EXE
-
\??\c:\hbtnbb.exec:\hbtnbb.exe39⤵
- Executes dropped EXE
-
\??\c:\46600.exec:\46600.exe40⤵
- Executes dropped EXE
-
\??\c:\808442.exec:\808442.exe41⤵
- Executes dropped EXE
-
\??\c:\80860.exec:\80860.exe42⤵
- Executes dropped EXE
-
\??\c:\1vvvv.exec:\1vvvv.exe43⤵
- Executes dropped EXE
-
\??\c:\lffxxxf.exec:\lffxxxf.exe44⤵
- Executes dropped EXE
-
\??\c:\0444448.exec:\0444448.exe45⤵
- Executes dropped EXE
-
\??\c:\6464804.exec:\6464804.exe46⤵
- Executes dropped EXE
-
\??\c:\684484.exec:\684484.exe47⤵
- Executes dropped EXE
-
\??\c:\tbbbbt.exec:\tbbbbt.exe48⤵
- Executes dropped EXE
-
\??\c:\840000.exec:\840000.exe49⤵
- Executes dropped EXE
-
\??\c:\880224.exec:\880224.exe50⤵
- Executes dropped EXE
-
\??\c:\hhhhnb.exec:\hhhhnb.exe51⤵
- Executes dropped EXE
-
\??\c:\xxflrxf.exec:\xxflrxf.exe52⤵
- Executes dropped EXE
-
\??\c:\vjpjd.exec:\vjpjd.exe53⤵
- Executes dropped EXE
-
\??\c:\k02604.exec:\k02604.exe54⤵
- Executes dropped EXE
-
\??\c:\44606.exec:\44606.exe55⤵
- Executes dropped EXE
-
\??\c:\dppdp.exec:\dppdp.exe56⤵
- Executes dropped EXE
-
\??\c:\htnthn.exec:\htnthn.exe57⤵
- Executes dropped EXE
-
\??\c:\rlxflxf.exec:\rlxflxf.exe58⤵
- Executes dropped EXE
-
\??\c:\g4644.exec:\g4644.exe59⤵
- Executes dropped EXE
-
\??\c:\dvjvp.exec:\dvjvp.exe60⤵
- Executes dropped EXE
-
\??\c:\g6222.exec:\g6222.exe61⤵
- Executes dropped EXE
-
\??\c:\866682.exec:\866682.exe62⤵
- Executes dropped EXE
-
\??\c:\k46600.exec:\k46600.exe63⤵
- Executes dropped EXE
-
\??\c:\20604.exec:\20604.exe64⤵
- Executes dropped EXE
-
\??\c:\w08244.exec:\w08244.exe65⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\vjjdp.exec:\vjjdp.exe66⤵
-
\??\c:\jvdjv.exec:\jvdjv.exe67⤵
-
\??\c:\6288400.exec:\6288400.exe68⤵
-
\??\c:\o626666.exec:\o626666.exe69⤵
-
\??\c:\08266.exec:\08266.exe70⤵
-
\??\c:\bbhbnn.exec:\bbhbnn.exe71⤵
-
\??\c:\rfllfll.exec:\rfllfll.exe72⤵
-
\??\c:\624882.exec:\624882.exe73⤵
-
\??\c:\28822.exec:\28822.exe74⤵
-
\??\c:\c060000.exec:\c060000.exe75⤵
-
\??\c:\nttnhh.exec:\nttnhh.exe76⤵
-
\??\c:\k80480.exec:\k80480.exe77⤵
-
\??\c:\20604.exec:\20604.exe78⤵
-
\??\c:\9xxrfff.exec:\9xxrfff.exe79⤵
-
\??\c:\u626000.exec:\u626000.exe80⤵
-
\??\c:\862240.exec:\862240.exe81⤵
-
\??\c:\m2448.exec:\m2448.exe82⤵
-
\??\c:\ttnbtn.exec:\ttnbtn.exe83⤵
-
\??\c:\60802.exec:\60802.exe84⤵
-
\??\c:\8608604.exec:\8608604.exe85⤵
-
\??\c:\8264602.exec:\8264602.exe86⤵
-
\??\c:\228260.exec:\228260.exe87⤵
-
\??\c:\5ddvp.exec:\5ddvp.exe88⤵
-
\??\c:\hhhnhb.exec:\hhhnhb.exe89⤵
-
\??\c:\28426.exec:\28426.exe90⤵
-
\??\c:\428862.exec:\428862.exe91⤵
-
\??\c:\c628882.exec:\c628882.exe92⤵
-
\??\c:\64648.exec:\64648.exe93⤵
-
\??\c:\bbbntb.exec:\bbbntb.exe94⤵
-
\??\c:\886600.exec:\886600.exe95⤵
-
\??\c:\w80040.exec:\w80040.exe96⤵
-
\??\c:\nbbnhb.exec:\nbbnhb.exe97⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe98⤵
-
\??\c:\bbhhbb.exec:\bbhhbb.exe99⤵
-
\??\c:\s6042.exec:\s6042.exe100⤵
-
\??\c:\e24822.exec:\e24822.exe101⤵
-
\??\c:\42204.exec:\42204.exe102⤵
-
\??\c:\c000826.exec:\c000826.exe103⤵
-
\??\c:\dvvpv.exec:\dvvpv.exe104⤵
-
\??\c:\5pjvj.exec:\5pjvj.exe105⤵
-
\??\c:\nhbhbt.exec:\nhbhbt.exe106⤵
-
\??\c:\rrlffxr.exec:\rrlffxr.exe107⤵
-
\??\c:\628260.exec:\628260.exe108⤵
-
\??\c:\2048860.exec:\2048860.exe109⤵
-
\??\c:\84004.exec:\84004.exe110⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe111⤵
-
\??\c:\268288.exec:\268288.exe112⤵
-
\??\c:\tnnnnn.exec:\tnnnnn.exe113⤵
-
\??\c:\rfrxfxf.exec:\rfrxfxf.exe114⤵
-
\??\c:\flxrllf.exec:\flxrllf.exe115⤵
-
\??\c:\rrfxxxr.exec:\rrfxxxr.exe116⤵
-
\??\c:\tbtbtb.exec:\tbtbtb.exe117⤵
-
\??\c:\rfrlffx.exec:\rfrlffx.exe118⤵
-
\??\c:\2448624.exec:\2448624.exe119⤵
-
\??\c:\00420.exec:\00420.exe120⤵
-
\??\c:\9lxxxll.exec:\9lxxxll.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-