Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
22-11-2024 04:45
General
-
Target
da977cb1e3afd4d56f0e49ef978bfb02cda2fe9cee04b112d6e049acb6dc5f2b.exe
-
Size
455KB
-
MD5
baf0de87168f5f8e4372bcd13873d8bf
-
SHA1
42ff17385708196ce129cc9802157220a8a5cdd5
-
SHA256
da977cb1e3afd4d56f0e49ef978bfb02cda2fe9cee04b112d6e049acb6dc5f2b
-
SHA512
de818867d5b440aee664e80c1524ecb01942da951be3114d1de4a1fd793fdff3325407ccabcd057c6f0c2351b6e9a3548e9eba326a8f46bf8fef1c88b82fbfda
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeRy:q7Tc2NYHUrAwfMp3CDRy
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\da977cb1e3afd4d56f0e49ef978bfb02cda2fe9cee04b112d6e049acb6dc5f2b.exe"C:\Users\Admin\AppData\Local\Temp\da977cb1e3afd4d56f0e49ef978bfb02cda2fe9cee04b112d6e049acb6dc5f2b.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vddvp.exec:\vddvp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xxfxxr.exec:\1xxfxxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnntnt.exec:\bnntnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjjp.exec:\dpjjp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfrllf.exec:\xlfrllf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ntnnb.exec:\3ntnnb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jppp.exec:\7jppp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrfffx.exec:\rlrfffx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjjd.exec:\vvjjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flllflr.exec:\flllflr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jjjd.exec:\1jjjd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnntt.exec:\tbnntt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrrxrl.exec:\rxrrxrl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddd.exec:\jdddd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hnntb.exec:\7hnntb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjdd.exec:\vdjdd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9flfllr.exec:\9flfllr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhtttt.exec:\bhtttt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfrxlf.exec:\frfrxlf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpvj.exec:\vdpvj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrxffr.exec:\rrrxffr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbhtn.exec:\btbhtn.exe23⤵
- Executes dropped EXE
-
\??\c:\dddvp.exec:\dddvp.exe24⤵
- Executes dropped EXE
-
\??\c:\hhbnbn.exec:\hhbnbn.exe25⤵
- Executes dropped EXE
-
\??\c:\fllffxr.exec:\fllffxr.exe26⤵
- Executes dropped EXE
-
\??\c:\vjvvp.exec:\vjvvp.exe27⤵
- Executes dropped EXE
-
\??\c:\rflfxxr.exec:\rflfxxr.exe28⤵
- Executes dropped EXE
-
\??\c:\5vdvp.exec:\5vdvp.exe29⤵
- Executes dropped EXE
-
\??\c:\llxrxxx.exec:\llxrxxx.exe30⤵
- Executes dropped EXE
-
\??\c:\jvdvp.exec:\jvdvp.exe31⤵
- Executes dropped EXE
-
\??\c:\jpjvv.exec:\jpjvv.exe32⤵
- Executes dropped EXE
-
\??\c:\llrxrfr.exec:\llrxrfr.exe33⤵
- Executes dropped EXE
-
\??\c:\bbbnbb.exec:\bbbnbb.exe34⤵
- Executes dropped EXE
-
\??\c:\vpdvj.exec:\vpdvj.exe35⤵
- Executes dropped EXE
-
\??\c:\5jjjd.exec:\5jjjd.exe36⤵
- Executes dropped EXE
-
\??\c:\xlrlfxx.exec:\xlrlfxx.exe37⤵
- Executes dropped EXE
-
\??\c:\pdjjj.exec:\pdjjj.exe38⤵
- Executes dropped EXE
-
\??\c:\7vvpp.exec:\7vvpp.exe39⤵
- Executes dropped EXE
-
\??\c:\llrrlrr.exec:\llrrlrr.exe40⤵
- Executes dropped EXE
-
\??\c:\tnhbbn.exec:\tnhbbn.exe41⤵
- Executes dropped EXE
-
\??\c:\jjjpj.exec:\jjjpj.exe42⤵
- Executes dropped EXE
-
\??\c:\rflfxlf.exec:\rflfxlf.exe43⤵
- Executes dropped EXE
-
\??\c:\jdjdj.exec:\jdjdj.exe44⤵
- Executes dropped EXE
-
\??\c:\3frffrr.exec:\3frffrr.exe45⤵
- Executes dropped EXE
-
\??\c:\xxllfff.exec:\xxllfff.exe46⤵
- Executes dropped EXE
-
\??\c:\rlxfxxx.exec:\rlxfxxx.exe47⤵
- Executes dropped EXE
-
\??\c:\5bbbbh.exec:\5bbbbh.exe48⤵
- Executes dropped EXE
-
\??\c:\dpdvd.exec:\dpdvd.exe49⤵
- Executes dropped EXE
-
\??\c:\9xxrffx.exec:\9xxrffx.exe50⤵
- Executes dropped EXE
-
\??\c:\7lxlfxr.exec:\7lxlfxr.exe51⤵
- Executes dropped EXE
-
\??\c:\htnntt.exec:\htnntt.exe52⤵
- Executes dropped EXE
-
\??\c:\vvdvd.exec:\vvdvd.exe53⤵
- Executes dropped EXE
-
\??\c:\nnhtth.exec:\nnhtth.exe54⤵
- Executes dropped EXE
-
\??\c:\jdpjv.exec:\jdpjv.exe55⤵
- Executes dropped EXE
-
\??\c:\rllfxrl.exec:\rllfxrl.exe56⤵
- Executes dropped EXE
-
\??\c:\llffrlf.exec:\llffrlf.exe57⤵
- Executes dropped EXE
-
\??\c:\9ntnnn.exec:\9ntnnn.exe58⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe59⤵
- Executes dropped EXE
-
\??\c:\jvdvp.exec:\jvdvp.exe60⤵
- Executes dropped EXE
-
\??\c:\frxllxr.exec:\frxllxr.exe61⤵
- Executes dropped EXE
-
\??\c:\httnnh.exec:\httnnh.exe62⤵
- Executes dropped EXE
-
\??\c:\7jjvp.exec:\7jjvp.exe63⤵
- Executes dropped EXE
-
\??\c:\rrxlflf.exec:\rrxlflf.exe64⤵
- Executes dropped EXE
-
\??\c:\btnntt.exec:\btnntt.exe65⤵
- Executes dropped EXE
-
\??\c:\1vvdp.exec:\1vvdp.exe66⤵
-
\??\c:\dpdvd.exec:\dpdvd.exe67⤵
-
\??\c:\rflrrlf.exec:\rflrrlf.exe68⤵
-
\??\c:\bhtnnn.exec:\bhtnnn.exe69⤵
-
\??\c:\nbbbtt.exec:\nbbbtt.exe70⤵
-
\??\c:\vvjjd.exec:\vvjjd.exe71⤵
-
\??\c:\llfrfxf.exec:\llfrfxf.exe72⤵
-
\??\c:\btbbbb.exec:\btbbbb.exe73⤵
-
\??\c:\3vvjj.exec:\3vvjj.exe74⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xfrlfff.exec:\xfrlfff.exe75⤵
-
\??\c:\xrlfllr.exec:\xrlfllr.exe76⤵
-
\??\c:\tttnhh.exec:\tttnhh.exe77⤵
-
\??\c:\9ppjv.exec:\9ppjv.exe78⤵
- System Location Discovery: System Language Discovery
-
\??\c:\1rrfxrl.exec:\1rrfxrl.exe79⤵
-
\??\c:\hbhbtn.exec:\hbhbtn.exe80⤵
-
\??\c:\3bbbtt.exec:\3bbbtt.exe81⤵
-
\??\c:\5jjdj.exec:\5jjdj.exe82⤵
-
\??\c:\rflfxxx.exec:\rflfxxx.exe83⤵
-
\??\c:\nnthbt.exec:\nnthbt.exe84⤵
-
\??\c:\tttttt.exec:\tttttt.exe85⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe86⤵
-
\??\c:\lfrxrrx.exec:\lfrxrrx.exe87⤵
-
\??\c:\tbtbtt.exec:\tbtbtt.exe88⤵
-
\??\c:\btbnht.exec:\btbnht.exe89⤵
-
\??\c:\vvdvp.exec:\vvdvp.exe90⤵
-
\??\c:\flrrrff.exec:\flrrrff.exe91⤵
-
\??\c:\9bhbbb.exec:\9bhbbb.exe92⤵
-
\??\c:\ppdpp.exec:\ppdpp.exe93⤵
-
\??\c:\llllfll.exec:\llllfll.exe94⤵
-
\??\c:\lfllflf.exec:\lfllflf.exe95⤵
-
\??\c:\nnbttn.exec:\nnbttn.exe96⤵
-
\??\c:\vvvpd.exec:\vvvpd.exe97⤵
-
\??\c:\7xffxff.exec:\7xffxff.exe98⤵
-
\??\c:\bthtbh.exec:\bthtbh.exe99⤵
-
\??\c:\vdvvp.exec:\vdvvp.exe100⤵
-
\??\c:\rfffffx.exec:\rfffffx.exe101⤵
-
\??\c:\rffffff.exec:\rffffff.exe102⤵
-
\??\c:\bbnttb.exec:\bbnttb.exe103⤵
-
\??\c:\jpdvp.exec:\jpdvp.exe104⤵
-
\??\c:\fxxlllx.exec:\fxxlllx.exe105⤵
-
\??\c:\hhbttt.exec:\hhbttt.exe106⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe107⤵
-
\??\c:\vpjjd.exec:\vpjjd.exe108⤵
-
\??\c:\9xrxrlf.exec:\9xrxrlf.exe109⤵
-
\??\c:\thnhhh.exec:\thnhhh.exe110⤵
-
\??\c:\pppjj.exec:\pppjj.exe111⤵
-
\??\c:\1vpjd.exec:\1vpjd.exe112⤵
-
\??\c:\rxrrrrr.exec:\rxrrrrr.exe113⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe114⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe115⤵
-
\??\c:\1xxfxxx.exec:\1xxfxxx.exe116⤵
-
\??\c:\rlrxrfx.exec:\rlrxrfx.exe117⤵
-
\??\c:\3hhbtb.exec:\3hhbtb.exe118⤵
-
\??\c:\5dddj.exec:\5dddj.exe119⤵
-
\??\c:\ddppd.exec:\ddppd.exe120⤵
-
\??\c:\flrfxxr.exec:\flrfxxr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-