Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
22-11-2024 18:19
General
-
Target
375bd19dc3703e65bf67bf9b3e0825f9599aaac92288a24addc691db5c008b38.exe
-
Size
61KB
-
MD5
a9b1f3ca5d3acddd7dde1424ac09bcfe
-
SHA1
8276bd88b686c54884ef5e9a5ae5dd132be0ef4b
-
SHA256
375bd19dc3703e65bf67bf9b3e0825f9599aaac92288a24addc691db5c008b38
-
SHA512
1f0c7e05152f929b79ae6475cba2b3de35df58d4d411ac84c27fc39ba5f442fd53326b207fb1d6174fbcbf7ec59547829d64c752b9de8b56f98717e103cec02a
-
SSDEEP
1536:kvQBeOGtrYS3srx93UBWfwC6Ggnouy8p5yAXNlIQldWAw:khOmTsF93UYfwC6GIoutpYcvldWAw
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\375bd19dc3703e65bf67bf9b3e0825f9599aaac92288a24addc691db5c008b38.exe"C:\Users\Admin\AppData\Local\Temp\375bd19dc3703e65bf67bf9b3e0825f9599aaac92288a24addc691db5c008b38.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1fxflrf.exec:\1fxflrf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bntbn.exec:\9bntbn.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnnbh.exec:\nnnnbh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pvpd.exec:\1pvpd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rxrffx.exec:\3rxrffx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxxrr.exec:\lffxxrr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hnhbb.exec:\9hnhbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhbt.exec:\bnnhbt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvvv.exec:\vvvvv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllfllf.exec:\fllfllf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bhbtt.exec:\5bhbtt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdvj.exec:\ppdvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5flfflr.exec:\5flfflr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bhntt.exec:\1bhntt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbhh.exec:\nbhbhh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvj.exec:\dvdvj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9llffxx.exec:\9llffxx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttthh.exec:\tttthh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tbthh.exec:\5tbthh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vddd.exec:\9vddd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrlxrl.exec:\rfrlxrl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tbtnh.exec:\3tbtnh.exe23⤵
- Executes dropped EXE
-
\??\c:\7jvpj.exec:\7jvpj.exe24⤵
- Executes dropped EXE
-
\??\c:\3rxrlfx.exec:\3rxrlfx.exe25⤵
- Executes dropped EXE
-
\??\c:\xxrxrrr.exec:\xxrxrrr.exe26⤵
- Executes dropped EXE
-
\??\c:\7hbbnn.exec:\7hbbnn.exe27⤵
- Executes dropped EXE
-
\??\c:\nhnntt.exec:\nhnntt.exe28⤵
- Executes dropped EXE
-
\??\c:\pvpjd.exec:\pvpjd.exe29⤵
- Executes dropped EXE
-
\??\c:\5rxrlll.exec:\5rxrlll.exe30⤵
- Executes dropped EXE
-
\??\c:\thnhbt.exec:\thnhbt.exe31⤵
- Executes dropped EXE
-
\??\c:\7jjdv.exec:\7jjdv.exe32⤵
- Executes dropped EXE
-
\??\c:\pjjdp.exec:\pjjdp.exe33⤵
- Executes dropped EXE
-
\??\c:\5fffrlf.exec:\5fffrlf.exe34⤵
- Executes dropped EXE
-
\??\c:\htnnhn.exec:\htnnhn.exe35⤵
- Executes dropped EXE
-
\??\c:\pvddd.exec:\pvddd.exe36⤵
- Executes dropped EXE
-
\??\c:\3pddd.exec:\3pddd.exe37⤵
- Executes dropped EXE
-
\??\c:\rfrlffr.exec:\rfrlffr.exe38⤵
- Executes dropped EXE
-
\??\c:\bbnhbb.exec:\bbnhbb.exe39⤵
- Executes dropped EXE
-
\??\c:\nhtttb.exec:\nhtttb.exe40⤵
- Executes dropped EXE
-
\??\c:\vdppj.exec:\vdppj.exe41⤵
- Executes dropped EXE
-
\??\c:\5vdvv.exec:\5vdvv.exe42⤵
- Executes dropped EXE
-
\??\c:\frxxxxx.exec:\frxxxxx.exe43⤵
- Executes dropped EXE
-
\??\c:\tbtnnn.exec:\tbtnnn.exe44⤵
- Executes dropped EXE
-
\??\c:\9thbbn.exec:\9thbbn.exe45⤵
-
\??\c:\dvdpj.exec:\dvdpj.exe46⤵
- Executes dropped EXE
-
\??\c:\pddvp.exec:\pddvp.exe47⤵
- Executes dropped EXE
-
\??\c:\9rxlrll.exec:\9rxlrll.exe48⤵
- Executes dropped EXE
-
\??\c:\9hhbbb.exec:\9hhbbb.exe49⤵
- Executes dropped EXE
-
\??\c:\bbtnhh.exec:\bbtnhh.exe50⤵
- Executes dropped EXE
-
\??\c:\pvjdj.exec:\pvjdj.exe51⤵
- Executes dropped EXE
-
\??\c:\jjpjd.exec:\jjpjd.exe52⤵
- Executes dropped EXE
-
\??\c:\lxlfxrx.exec:\lxlfxrx.exe53⤵
- Executes dropped EXE
-
\??\c:\9xxrlrx.exec:\9xxrlrx.exe54⤵
- Executes dropped EXE
-
\??\c:\nhbbbb.exec:\nhbbbb.exe55⤵
- Executes dropped EXE
-
\??\c:\tbnttb.exec:\tbnttb.exe56⤵
- Executes dropped EXE
-
\??\c:\dpdvj.exec:\dpdvj.exe57⤵
- Executes dropped EXE
-
\??\c:\vdjdv.exec:\vdjdv.exe58⤵
- Executes dropped EXE
-
\??\c:\9rxrlll.exec:\9rxrlll.exe59⤵
- Executes dropped EXE
-
\??\c:\9frlfxf.exec:\9frlfxf.exe60⤵
- Executes dropped EXE
-
\??\c:\btnhhh.exec:\btnhhh.exe61⤵
- Executes dropped EXE
-
\??\c:\dvvvv.exec:\dvvvv.exe62⤵
- Executes dropped EXE
-
\??\c:\1vdjj.exec:\1vdjj.exe63⤵
- Executes dropped EXE
-
\??\c:\xrlfxxf.exec:\xrlfxxf.exe64⤵
- Executes dropped EXE
-
\??\c:\nnhhbh.exec:\nnhhbh.exe65⤵
- Executes dropped EXE
-
\??\c:\jdjjd.exec:\jdjjd.exe66⤵
- Executes dropped EXE
-
\??\c:\7lrrllf.exec:\7lrrllf.exe67⤵
-
\??\c:\bbtbtt.exec:\bbtbtt.exe68⤵
-
\??\c:\tttttt.exec:\tttttt.exe69⤵
-
\??\c:\jvjjj.exec:\jvjjj.exe70⤵
-
\??\c:\3dpjp.exec:\3dpjp.exe71⤵
-
\??\c:\xflxxfl.exec:\xflxxfl.exe72⤵
-
\??\c:\5rrrlll.exec:\5rrrlll.exe73⤵
-
\??\c:\btbnnn.exec:\btbnnn.exe74⤵
-
\??\c:\vddvp.exec:\vddvp.exe75⤵
-
\??\c:\fxlfxxr.exec:\fxlfxxr.exe76⤵
-
\??\c:\lfflrrf.exec:\lfflrrf.exe77⤵
-
\??\c:\ttntnb.exec:\ttntnb.exe78⤵
-
\??\c:\vjdjd.exec:\vjdjd.exe79⤵
-
\??\c:\jjddj.exec:\jjddj.exe80⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe81⤵
-
\??\c:\jjpjd.exec:\jjpjd.exe82⤵
-
\??\c:\3xffllf.exec:\3xffllf.exe83⤵
-
\??\c:\bhhhnb.exec:\bhhhnb.exe84⤵
-
\??\c:\3jjjd.exec:\3jjjd.exe85⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe86⤵
-
\??\c:\rlxfxxx.exec:\rlxfxxx.exe87⤵
-
\??\c:\lflxxfx.exec:\lflxxfx.exe88⤵
-
\??\c:\tntbbh.exec:\tntbbh.exe89⤵
-
\??\c:\xrxrrxx.exec:\xrxrrxx.exe90⤵
-
\??\c:\nhnhbb.exec:\nhnhbb.exe91⤵
-
\??\c:\1vvvp.exec:\1vvvp.exe92⤵
-
\??\c:\xfxxxxx.exec:\xfxxxxx.exe93⤵
-
\??\c:\7xllrlr.exec:\7xllrlr.exe94⤵
-
\??\c:\btbnnn.exec:\btbnnn.exe95⤵
-
\??\c:\1jvvp.exec:\1jvvp.exe96⤵
-
\??\c:\dpjdd.exec:\dpjdd.exe97⤵
-
\??\c:\rrfllff.exec:\rrfllff.exe98⤵
-
\??\c:\rxrlffx.exec:\rxrlffx.exe99⤵
-
\??\c:\1tbhbh.exec:\1tbhbh.exe100⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe101⤵
-
\??\c:\vvpjj.exec:\vvpjj.exe102⤵
-
\??\c:\vpppv.exec:\vpppv.exe103⤵
-
\??\c:\rlffffl.exec:\rlffffl.exe104⤵
-
\??\c:\7rrrrrr.exec:\7rrrrrr.exe105⤵
-
\??\c:\bhbbbb.exec:\bhbbbb.exe106⤵
-
\??\c:\bnhhtt.exec:\bnhhtt.exe107⤵
-
\??\c:\pdvvv.exec:\pdvvv.exe108⤵
-
\??\c:\1vvvj.exec:\1vvvj.exe109⤵
-
\??\c:\rrfxrxr.exec:\rrfxrxr.exe110⤵
-
\??\c:\rxrrfxf.exec:\rxrrfxf.exe111⤵
-
\??\c:\nnbbbh.exec:\nnbbbh.exe112⤵
-
\??\c:\thttnn.exec:\thttnn.exe113⤵
-
\??\c:\7ddvp.exec:\7ddvp.exe114⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe115⤵
-
\??\c:\frllrxx.exec:\frllrxx.exe116⤵
-
\??\c:\hbbbbb.exec:\hbbbbb.exe117⤵
-
\??\c:\hbbbtt.exec:\hbbbtt.exe118⤵
-
\??\c:\vvvvv.exec:\vvvvv.exe119⤵
-
\??\c:\lfrlrfx.exec:\lfrlrfx.exe120⤵
-
\??\c:\tthhnn.exec:\tthhnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-