Analysis
-
max time kernel
120s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
22-11-2024 14:28
General
-
Target
d53e7791e8a7bba73cbbc2cb6377384e1d12df423a9527ed6ca8d205dbadea3cN.exe
-
Size
456KB
-
MD5
7c3a20d643b7797d5ab2d655627224f0
-
SHA1
674cb1d4fc82d94e6c4fbc5cd451f264b4904689
-
SHA256
d53e7791e8a7bba73cbbc2cb6377384e1d12df423a9527ed6ca8d205dbadea3c
-
SHA512
5674523a6cfde5042cab35d9f0faa90c0a17aa3b701cbdc25709487cb95b45a0c44818d29726eec73731d7a8f293a5460de1b3c1127c2d41d64ad984b6c623c1
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeR5:q7Tc2NYHUrAwfMp3CDR5
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 61 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d53e7791e8a7bba73cbbc2cb6377384e1d12df423a9527ed6ca8d205dbadea3cN.exe"C:\Users\Admin\AppData\Local\Temp\d53e7791e8a7bba73cbbc2cb6377384e1d12df423a9527ed6ca8d205dbadea3cN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hntnhb.exec:\hntnhb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlflfx.exec:\rxlflfx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbtnn.exec:\nnbtnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbttt.exec:\hbbttt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxlfrl.exec:\lxxlfrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflrlfx.exec:\fflrlfx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvv.exec:\jdpvv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9frlfrl.exec:\9frlfrl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdv.exec:\pdjdv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3frlrxf.exec:\3frlrxf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjjd.exec:\vdjjd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfffrlr.exec:\rfffrlr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjv.exec:\dppjv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xxrlff.exec:\1xxrlff.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxrfxl.exec:\llxrfxl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnhb.exec:\hbtnhb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxlxr.exec:\rlfxlxr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvv.exec:\vpdvv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppdp.exec:\vppdp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppdv.exec:\pppdv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlflfl.exec:\lrlflfl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ffrrll.exec:\1ffrrll.exe23⤵
- Executes dropped EXE
-
\??\c:\7pvpj.exec:\7pvpj.exe24⤵
- Executes dropped EXE
-
\??\c:\llfxlff.exec:\llfxlff.exe25⤵
- Executes dropped EXE
-
\??\c:\jvdvp.exec:\jvdvp.exe26⤵
- Executes dropped EXE
-
\??\c:\ttnhhb.exec:\ttnhhb.exe27⤵
- Executes dropped EXE
-
\??\c:\pjpdv.exec:\pjpdv.exe28⤵
- Executes dropped EXE
-
\??\c:\7thhtn.exec:\7thhtn.exe29⤵
- Executes dropped EXE
-
\??\c:\jdjjd.exec:\jdjjd.exe30⤵
- Executes dropped EXE
-
\??\c:\1btnbb.exec:\1btnbb.exe31⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe32⤵
- Executes dropped EXE
-
\??\c:\tnnhtt.exec:\tnnhtt.exe33⤵
- Executes dropped EXE
-
\??\c:\1vvpj.exec:\1vvpj.exe34⤵
- Executes dropped EXE
-
\??\c:\rxfrffx.exec:\rxfrffx.exe35⤵
- Executes dropped EXE
-
\??\c:\hntnbb.exec:\hntnbb.exe36⤵
- Executes dropped EXE
-
\??\c:\jvjdj.exec:\jvjdj.exe37⤵
- Executes dropped EXE
-
\??\c:\frxrllf.exec:\frxrllf.exe38⤵
- Executes dropped EXE
-
\??\c:\lxfxrrl.exec:\lxfxrrl.exe39⤵
- Executes dropped EXE
-
\??\c:\hhhhbb.exec:\hhhhbb.exe40⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe41⤵
- Executes dropped EXE
-
\??\c:\1flfrfx.exec:\1flfrfx.exe42⤵
- Executes dropped EXE
-
\??\c:\vvvvd.exec:\vvvvd.exe43⤵
- Executes dropped EXE
-
\??\c:\dppjv.exec:\dppjv.exe44⤵
- Executes dropped EXE
-
\??\c:\rllfflf.exec:\rllfflf.exe45⤵
- Executes dropped EXE
-
\??\c:\bbnbtt.exec:\bbnbtt.exe46⤵
- Executes dropped EXE
-
\??\c:\vvddj.exec:\vvddj.exe47⤵
- Executes dropped EXE
-
\??\c:\lrlflrr.exec:\lrlflrr.exe48⤵
- Executes dropped EXE
-
\??\c:\ntnbnh.exec:\ntnbnh.exe49⤵
- Executes dropped EXE
-
\??\c:\jjjdp.exec:\jjjdp.exe50⤵
- Executes dropped EXE
-
\??\c:\ppvpj.exec:\ppvpj.exe51⤵
- Executes dropped EXE
-
\??\c:\xfxrxlf.exec:\xfxrxlf.exe52⤵
- Executes dropped EXE
-
\??\c:\thhtnh.exec:\thhtnh.exe53⤵
- Executes dropped EXE
-
\??\c:\pjdpd.exec:\pjdpd.exe54⤵
- Executes dropped EXE
-
\??\c:\9vdpd.exec:\9vdpd.exe55⤵
- Executes dropped EXE
-
\??\c:\rlxrrlr.exec:\rlxrrlr.exe56⤵
- Executes dropped EXE
-
\??\c:\1tnhbh.exec:\1tnhbh.exe57⤵
- Executes dropped EXE
-
\??\c:\vvvvj.exec:\vvvvj.exe58⤵
- Executes dropped EXE
-
\??\c:\5vdvj.exec:\5vdvj.exe59⤵
- Executes dropped EXE
-
\??\c:\rrlxlfr.exec:\rrlxlfr.exe60⤵
- Executes dropped EXE
-
\??\c:\3hbttt.exec:\3hbttt.exe61⤵
- Executes dropped EXE
-
\??\c:\jdjpd.exec:\jdjpd.exe62⤵
- Executes dropped EXE
-
\??\c:\jdjdv.exec:\jdjdv.exe63⤵
- Executes dropped EXE
-
\??\c:\5xrlfff.exec:\5xrlfff.exe64⤵
- Executes dropped EXE
-
\??\c:\fxflflf.exec:\fxflflf.exe65⤵
- Executes dropped EXE
-
\??\c:\tbbnbt.exec:\tbbnbt.exe66⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe67⤵
-
\??\c:\7rxlfxx.exec:\7rxlfxx.exe68⤵
-
\??\c:\bttnht.exec:\bttnht.exe69⤵
-
\??\c:\btthhb.exec:\btthhb.exe70⤵
-
\??\c:\pvdvj.exec:\pvdvj.exe71⤵
-
\??\c:\xllxrll.exec:\xllxrll.exe72⤵
-
\??\c:\tttntn.exec:\tttntn.exe73⤵
-
\??\c:\ntbthb.exec:\ntbthb.exe74⤵
-
\??\c:\jvvjj.exec:\jvvjj.exe75⤵
-
\??\c:\llxrfff.exec:\llxrfff.exe76⤵
-
\??\c:\9flffff.exec:\9flffff.exe77⤵
-
\??\c:\thbtnn.exec:\thbtnn.exe78⤵
-
\??\c:\dpvpd.exec:\dpvpd.exe79⤵
-
\??\c:\5ddpj.exec:\5ddpj.exe80⤵
-
\??\c:\frfxffx.exec:\frfxffx.exe81⤵
-
\??\c:\tnhbht.exec:\tnhbht.exe82⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe83⤵
-
\??\c:\5fxxxxf.exec:\5fxxxxf.exe84⤵
-
\??\c:\bthnbt.exec:\bthnbt.exe85⤵
- System Location Discovery: System Language Discovery
-
\??\c:\9dvpv.exec:\9dvpv.exe86⤵
-
\??\c:\jddpd.exec:\jddpd.exe87⤵
-
\??\c:\xlxrrxr.exec:\xlxrrxr.exe88⤵
-
\??\c:\httntn.exec:\httntn.exe89⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe90⤵
-
\??\c:\vpdpj.exec:\vpdpj.exe91⤵
-
\??\c:\rxllffx.exec:\rxllffx.exe92⤵
-
\??\c:\btbtnn.exec:\btbtnn.exe93⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe94⤵
-
\??\c:\dvvdp.exec:\dvvdp.exe95⤵
-
\??\c:\frlxxrf.exec:\frlxxrf.exe96⤵
-
\??\c:\tttnhb.exec:\tttnhb.exe97⤵
-
\??\c:\vvjdp.exec:\vvjdp.exe98⤵
-
\??\c:\xrxrlxr.exec:\xrxrlxr.exe99⤵
-
\??\c:\bbbnbn.exec:\bbbnbn.exe100⤵
-
\??\c:\5nhbnn.exec:\5nhbnn.exe101⤵
-
\??\c:\djvpd.exec:\djvpd.exe102⤵
-
\??\c:\lflxfrf.exec:\lflxfrf.exe103⤵
-
\??\c:\nnthht.exec:\nnthht.exe104⤵
-
\??\c:\9tnhtt.exec:\9tnhtt.exe105⤵
-
\??\c:\pddjd.exec:\pddjd.exe106⤵
-
\??\c:\lxxrffx.exec:\lxxrffx.exe107⤵
-
\??\c:\nhtbbh.exec:\nhtbbh.exe108⤵
-
\??\c:\7nhtnn.exec:\7nhtnn.exe109⤵
-
\??\c:\jpvvj.exec:\jpvvj.exe110⤵
-
\??\c:\fxxrffx.exec:\fxxrffx.exe111⤵
-
\??\c:\7rfxrrr.exec:\7rfxrrr.exe112⤵
-
\??\c:\1vvjv.exec:\1vvjv.exe113⤵
-
\??\c:\pdjjv.exec:\pdjjv.exe114⤵
-
\??\c:\lrrlxxf.exec:\lrrlxxf.exe115⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe116⤵
-
\??\c:\pvdpd.exec:\pvdpd.exe117⤵
-
\??\c:\xrrfrrl.exec:\xrrfrrl.exe118⤵
-
\??\c:\bhbthb.exec:\bhbthb.exe119⤵
-
\??\c:\7jvpj.exec:\7jvpj.exe120⤵
-
\??\c:\7jdpd.exec:\7jdpd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-