Analysis
-
max time kernel
120s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
22-11-2024 14:37
General
-
Target
e410cd0189d8717eaceadd677ce79a8d8bdf68ae4ab865732858c677eac5f4ff.exe
-
Size
384KB
-
MD5
0ada576629d2a2c79ab1cafcf823718c
-
SHA1
6dde40cdbd6857ffc06569bdf9b9c8b5978c6046
-
SHA256
e410cd0189d8717eaceadd677ce79a8d8bdf68ae4ab865732858c677eac5f4ff
-
SHA512
9567227eb22f308cde4f42a5f6a271ea2ae314c4d6593fd436bd17a9039e9781041d68667eada4122431bff99364089c4efe0acfc4a662bc05d8476bdd763610
-
SSDEEP
3072:8hOm2sI93UufdC67cimD5t251UrRE9TTFw41/t49:8cm7ImGddXmNt251UriZFwkS
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 63 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e410cd0189d8717eaceadd677ce79a8d8bdf68ae4ab865732858c677eac5f4ff.exe"C:\Users\Admin\AppData\Local\Temp\e410cd0189d8717eaceadd677ce79a8d8bdf68ae4ab865732858c677eac5f4ff.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnnnn.exec:\hbnnnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxrrlr.exec:\rlxrrlr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlxlfr.exec:\lxlxlfr.exe4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxlfxx.exec:\xlxlfxx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjv.exec:\dppjv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfrffl.exec:\lxfrffl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvvd.exec:\pdvvd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfrlfr.exec:\fxfrlfr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrfrll.exec:\rlrfrll.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppjv.exec:\pppjv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hhhnh.exec:\5hhhnh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppv.exec:\jdppv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlxrl.exec:\fxrlxrl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tbnbt.exec:\7tbnbt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjjv.exec:\vdjjv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllxrlx.exec:\rllxrlx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnnht.exec:\thnnht.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjv.exec:\vpdjv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flfxllf.exec:\flfxllf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbttn.exec:\hbbttn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffrfxr.exec:\lffrfxr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnnnn.exec:\bbnnnn.exe23⤵
- Executes dropped EXE
-
\??\c:\pvdvd.exec:\pvdvd.exe24⤵
- Executes dropped EXE
-
\??\c:\xrxlfxx.exec:\xrxlfxx.exe25⤵
- Executes dropped EXE
-
\??\c:\9lxlfrl.exec:\9lxlfrl.exe26⤵
- Executes dropped EXE
-
\??\c:\5nnhtt.exec:\5nnhtt.exe27⤵
- Executes dropped EXE
-
\??\c:\vjpjv.exec:\vjpjv.exe28⤵
- Executes dropped EXE
-
\??\c:\ttthbt.exec:\ttthbt.exe29⤵
- Executes dropped EXE
-
\??\c:\nbbhbt.exec:\nbbhbt.exe30⤵
- Executes dropped EXE
-
\??\c:\fxlfrll.exec:\fxlfrll.exe31⤵
- Executes dropped EXE
-
\??\c:\vvjvj.exec:\vvjvj.exe32⤵
- Executes dropped EXE
-
\??\c:\lfxxfrl.exec:\lfxxfrl.exe33⤵
- Executes dropped EXE
-
\??\c:\bbnbnn.exec:\bbnbnn.exe34⤵
- Executes dropped EXE
-
\??\c:\lrfxfrl.exec:\lrfxfrl.exe35⤵
- Executes dropped EXE
-
\??\c:\bhhbtn.exec:\bhhbtn.exe36⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe37⤵
- Executes dropped EXE
-
\??\c:\7jdpp.exec:\7jdpp.exe38⤵
- Executes dropped EXE
-
\??\c:\llrlrfr.exec:\llrlrfr.exe39⤵
- Executes dropped EXE
-
\??\c:\tthbnh.exec:\tthbnh.exe40⤵
- Executes dropped EXE
-
\??\c:\vddvp.exec:\vddvp.exe41⤵
- Executes dropped EXE
-
\??\c:\lrxlxlf.exec:\lrxlxlf.exe42⤵
- Executes dropped EXE
-
\??\c:\hnnbtn.exec:\hnnbtn.exe43⤵
- Executes dropped EXE
-
\??\c:\pjvpp.exec:\pjvpp.exe44⤵
- Executes dropped EXE
-
\??\c:\pppdp.exec:\pppdp.exe45⤵
- Executes dropped EXE
-
\??\c:\fxxrlfr.exec:\fxxrlfr.exe46⤵
- Executes dropped EXE
-
\??\c:\7tbnbn.exec:\7tbnbn.exe47⤵
- Executes dropped EXE
-
\??\c:\nbbtnh.exec:\nbbtnh.exe48⤵
- Executes dropped EXE
-
\??\c:\3pvpp.exec:\3pvpp.exe49⤵
- Executes dropped EXE
-
\??\c:\lrllflx.exec:\lrllflx.exe50⤵
- Executes dropped EXE
-
\??\c:\nntnhh.exec:\nntnhh.exe51⤵
- Executes dropped EXE
-
\??\c:\3vpjd.exec:\3vpjd.exe52⤵
- Executes dropped EXE
-
\??\c:\lfrfrlf.exec:\lfrfrlf.exe53⤵
- Executes dropped EXE
-
\??\c:\1hhhbb.exec:\1hhhbb.exe54⤵
- Executes dropped EXE
-
\??\c:\hbbthb.exec:\hbbthb.exe55⤵
- Executes dropped EXE
-
\??\c:\5pvdd.exec:\5pvdd.exe56⤵
- Executes dropped EXE
-
\??\c:\xrrfrll.exec:\xrrfrll.exe57⤵
- Executes dropped EXE
-
\??\c:\hnthht.exec:\hnthht.exe58⤵
- Executes dropped EXE
-
\??\c:\tbbthh.exec:\tbbthh.exe59⤵
- Executes dropped EXE
-
\??\c:\ddpjd.exec:\ddpjd.exe60⤵
- Executes dropped EXE
-
\??\c:\3ttnbb.exec:\3ttnbb.exe61⤵
- Executes dropped EXE
-
\??\c:\9nnhnn.exec:\9nnhnn.exe62⤵
- Executes dropped EXE
-
\??\c:\jpjvp.exec:\jpjvp.exe63⤵
- Executes dropped EXE
-
\??\c:\9rrlxlf.exec:\9rrlxlf.exe64⤵
- Executes dropped EXE
-
\??\c:\lxrlffx.exec:\lxrlffx.exe65⤵
- Executes dropped EXE
-
\??\c:\nhthhh.exec:\nhthhh.exe66⤵
-
\??\c:\5pvjv.exec:\5pvjv.exe67⤵
-
\??\c:\rllfxxx.exec:\rllfxxx.exe68⤵
-
\??\c:\xrlfxrl.exec:\xrlfxrl.exe69⤵
-
\??\c:\hnhhbb.exec:\hnhhbb.exe70⤵
-
\??\c:\dppjj.exec:\dppjj.exe71⤵
-
\??\c:\vdvjv.exec:\vdvjv.exe72⤵
-
\??\c:\xxlxlrf.exec:\xxlxlrf.exe73⤵
-
\??\c:\hbhhbn.exec:\hbhhbn.exe74⤵
-
\??\c:\jjppd.exec:\jjppd.exe75⤵
-
\??\c:\pjdvd.exec:\pjdvd.exe76⤵
-
\??\c:\xxxlfxr.exec:\xxxlfxr.exe77⤵
-
\??\c:\btbbtt.exec:\btbbtt.exe78⤵
-
\??\c:\pddpj.exec:\pddpj.exe79⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe80⤵
-
\??\c:\lrfxrxr.exec:\lrfxrxr.exe81⤵
-
\??\c:\ntbbbt.exec:\ntbbbt.exe82⤵
-
\??\c:\5bbnbt.exec:\5bbnbt.exe83⤵
-
\??\c:\1pvpd.exec:\1pvpd.exe84⤵
-
\??\c:\rlrlfxx.exec:\rlrlfxx.exe85⤵
-
\??\c:\nbnhbb.exec:\nbnhbb.exe86⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe87⤵
-
\??\c:\dpdvj.exec:\dpdvj.exe88⤵
-
\??\c:\ffxxllx.exec:\ffxxllx.exe89⤵
-
\??\c:\bbhbtt.exec:\bbhbtt.exe90⤵
-
\??\c:\hbtnnh.exec:\hbtnnh.exe91⤵
-
\??\c:\jvdpd.exec:\jvdpd.exe92⤵
-
\??\c:\lrfrlrl.exec:\lrfrlrl.exe93⤵
-
\??\c:\tntbnn.exec:\tntbnn.exe94⤵
-
\??\c:\jjjvj.exec:\jjjvj.exe95⤵
-
\??\c:\rrrlfxx.exec:\rrrlfxx.exe96⤵
-
\??\c:\3hhbhb.exec:\3hhbhb.exe97⤵
-
\??\c:\bhbthh.exec:\bhbthh.exe98⤵
-
\??\c:\9vjdd.exec:\9vjdd.exe99⤵
-
\??\c:\rlfrxrr.exec:\rlfrxrr.exe100⤵
-
\??\c:\bbbtnn.exec:\bbbtnn.exe101⤵
-
\??\c:\hnbnbb.exec:\hnbnbb.exe102⤵
-
\??\c:\pppdp.exec:\pppdp.exe103⤵
-
\??\c:\pjppd.exec:\pjppd.exe104⤵
-
\??\c:\lrrlxrf.exec:\lrrlxrf.exe105⤵
-
\??\c:\hhbtnn.exec:\hhbtnn.exe106⤵
-
\??\c:\pdvpv.exec:\pdvpv.exe107⤵
-
\??\c:\ppjjp.exec:\ppjjp.exe108⤵
-
\??\c:\9xxlxrl.exec:\9xxlxrl.exe109⤵
-
\??\c:\thhbtn.exec:\thhbtn.exe110⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe111⤵
-
\??\c:\rxfrffr.exec:\rxfrffr.exe112⤵
-
\??\c:\btnhbb.exec:\btnhbb.exe113⤵
-
\??\c:\nbnhtt.exec:\nbnhtt.exe114⤵
-
\??\c:\dpvpd.exec:\dpvpd.exe115⤵
-
\??\c:\rxfxrrx.exec:\rxfxrrx.exe116⤵
-
\??\c:\7bhbtt.exec:\7bhbtt.exe117⤵
-
\??\c:\7vdvp.exec:\7vdvp.exe118⤵
-
\??\c:\ddpvp.exec:\ddpvp.exe119⤵
-
\??\c:\xfrrlll.exec:\xfrrlll.exe120⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-