Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
22-11-2024 20:07
General
-
Target
13c96d1e32de79d2a280712f67183e62f8dfd1b18e2fc609ed8e9da9a0e556e1.exe
-
Size
332KB
-
MD5
f66e32ae53325232d1d14d721fbc2f6b
-
SHA1
0686dc81ac94ace7db64d89e7eff3c847f01f036
-
SHA256
13c96d1e32de79d2a280712f67183e62f8dfd1b18e2fc609ed8e9da9a0e556e1
-
SHA512
55cff182fdfcd5c58a40fb92fcd91f8a7f91f749c109e4e14a1e0ae39896ff236eb3c386b00acbf520be2ab9970be8c99cfbeaaa1e2c3572358193f4b7177fde
-
SSDEEP
6144:Lcm4FmowdHoSHt251UriZFwfsDX2UznsaFVNJCMKAbeR:R4wFHoSHYHUrAwfMp3CDR
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\13c96d1e32de79d2a280712f67183e62f8dfd1b18e2fc609ed8e9da9a0e556e1.exe"C:\Users\Admin\AppData\Local\Temp\13c96d1e32de79d2a280712f67183e62f8dfd1b18e2fc609ed8e9da9a0e556e1.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\djpdp.exec:\djpdp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vvpd.exec:\9vvpd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhbnh.exec:\nnhbnh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxlll.exec:\xrfxlll.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvjd.exec:\pvvjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfffxrf.exec:\rfffxrf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnbth.exec:\tnnbth.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvvp.exec:\vjvvp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpdp.exec:\vvpdp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxlxrl.exec:\frxlxrl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhntbn.exec:\bhntbn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nbtbt.exec:\7nbtbt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppdv.exec:\dppdv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rxlxrr.exec:\7rxlxrr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthtbb.exec:\hthtbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbnh.exec:\nhhbnh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjdj.exec:\dvjdj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlfrl.exec:\xrrlfrl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbnbb.exec:\ntbnbb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vvjv.exec:\7vvjv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrfrlx.exec:\lxrfrlx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthnnt.exec:\bthnnt.exe23⤵
- Executes dropped EXE
-
\??\c:\1vdvp.exec:\1vdvp.exe24⤵
- Executes dropped EXE
-
\??\c:\9xfrlfr.exec:\9xfrlfr.exe25⤵
- Executes dropped EXE
-
\??\c:\lrlfrlx.exec:\lrlfrlx.exe26⤵
- Executes dropped EXE
-
\??\c:\thhhbh.exec:\thhhbh.exe27⤵
- Executes dropped EXE
-
\??\c:\9ppjv.exec:\9ppjv.exe28⤵
- Executes dropped EXE
-
\??\c:\fflfxfx.exec:\fflfxfx.exe29⤵
- Executes dropped EXE
-
\??\c:\nnhbtn.exec:\nnhbtn.exe30⤵
- Executes dropped EXE
-
\??\c:\pvpvp.exec:\pvpvp.exe31⤵
- Executes dropped EXE
-
\??\c:\pppdv.exec:\pppdv.exe32⤵
- Executes dropped EXE
-
\??\c:\xfllxrf.exec:\xfllxrf.exe33⤵
- Executes dropped EXE
-
\??\c:\hbtnbt.exec:\hbtnbt.exe34⤵
- Executes dropped EXE
-
\??\c:\jjvjd.exec:\jjvjd.exe35⤵
- Executes dropped EXE
-
\??\c:\pppjd.exec:\pppjd.exe36⤵
- Executes dropped EXE
-
\??\c:\ffrlxfx.exec:\ffrlxfx.exe37⤵
- Executes dropped EXE
-
\??\c:\bhhbhb.exec:\bhhbhb.exe38⤵
- Executes dropped EXE
-
\??\c:\pjjpp.exec:\pjjpp.exe39⤵
- Executes dropped EXE
-
\??\c:\ppdvv.exec:\ppdvv.exe40⤵
- Executes dropped EXE
-
\??\c:\fxffxxx.exec:\fxffxxx.exe41⤵
- Executes dropped EXE
-
\??\c:\rrffllr.exec:\rrffllr.exe42⤵
- Executes dropped EXE
-
\??\c:\5bnhbb.exec:\5bnhbb.exe43⤵
- Executes dropped EXE
-
\??\c:\pdjdd.exec:\pdjdd.exe44⤵
- Executes dropped EXE
-
\??\c:\ddvjd.exec:\ddvjd.exe45⤵
- Executes dropped EXE
-
\??\c:\9pdvp.exec:\9pdvp.exe46⤵
- Executes dropped EXE
-
\??\c:\xxrxrlf.exec:\xxrxrlf.exe47⤵
- Executes dropped EXE
-
\??\c:\hbthth.exec:\hbthth.exe48⤵
- Executes dropped EXE
-
\??\c:\3bhbnn.exec:\3bhbnn.exe49⤵
- Executes dropped EXE
-
\??\c:\ddpjd.exec:\ddpjd.exe50⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\flxxlll.exec:\flxxlll.exe51⤵
- Executes dropped EXE
-
\??\c:\hbbttt.exec:\hbbttt.exe52⤵
- Executes dropped EXE
-
\??\c:\hbhnhn.exec:\hbhnhn.exe53⤵
- Executes dropped EXE
-
\??\c:\vvppj.exec:\vvppj.exe54⤵
- Executes dropped EXE
-
\??\c:\5jddv.exec:\5jddv.exe55⤵
- Executes dropped EXE
-
\??\c:\ffxrlfx.exec:\ffxrlfx.exe56⤵
- Executes dropped EXE
-
\??\c:\nbhntt.exec:\nbhntt.exe57⤵
- Executes dropped EXE
-
\??\c:\bhnbnh.exec:\bhnbnh.exe58⤵
- Executes dropped EXE
-
\??\c:\dvpdj.exec:\dvpdj.exe59⤵
- Executes dropped EXE
-
\??\c:\jppjd.exec:\jppjd.exe60⤵
- Executes dropped EXE
-
\??\c:\lrfllxl.exec:\lrfllxl.exe61⤵
- Executes dropped EXE
-
\??\c:\9flffrx.exec:\9flffrx.exe62⤵
- Executes dropped EXE
-
\??\c:\tbnhhn.exec:\tbnhhn.exe63⤵
- Executes dropped EXE
-
\??\c:\nhhnnn.exec:\nhhnnn.exe64⤵
- Executes dropped EXE
-
\??\c:\5pddv.exec:\5pddv.exe65⤵
- Executes dropped EXE
-
\??\c:\llrfrlf.exec:\llrfrlf.exe66⤵
-
\??\c:\fffflrx.exec:\fffflrx.exe67⤵
-
\??\c:\httnbt.exec:\httnbt.exe68⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe69⤵
-
\??\c:\pjppd.exec:\pjppd.exe70⤵
-
\??\c:\djvpj.exec:\djvpj.exe71⤵
-
\??\c:\9rlxrlf.exec:\9rlxrlf.exe72⤵
-
\??\c:\rxxrfxr.exec:\rxxrfxr.exe73⤵
-
\??\c:\tntnnh.exec:\tntnnh.exe74⤵
-
\??\c:\thnhnn.exec:\thnhnn.exe75⤵
-
\??\c:\rxxlfxl.exec:\rxxlfxl.exe76⤵
-
\??\c:\lrllfxr.exec:\lrllfxr.exe77⤵
-
\??\c:\3bhbnn.exec:\3bhbnn.exe78⤵
-
\??\c:\vdjdp.exec:\vdjdp.exe79⤵
-
\??\c:\fllxrrl.exec:\fllxrrl.exe80⤵
-
\??\c:\rlrrlxr.exec:\rlrrlxr.exe81⤵
-
\??\c:\nhbttt.exec:\nhbttt.exe82⤵
-
\??\c:\3djvd.exec:\3djvd.exe83⤵
-
\??\c:\rlxrllr.exec:\rlxrllr.exe84⤵
-
\??\c:\lfrllfl.exec:\lfrllfl.exe85⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jvdvp.exec:\jvdvp.exe86⤵
-
\??\c:\pjpjv.exec:\pjpjv.exe87⤵
-
\??\c:\lxfrxxl.exec:\lxfrxxl.exe88⤵
-
\??\c:\hnthbt.exec:\hnthbt.exe89⤵
-
\??\c:\vpjvp.exec:\vpjvp.exe90⤵
-
\??\c:\xlxxfxx.exec:\xlxxfxx.exe91⤵
-
\??\c:\xffxrlf.exec:\xffxrlf.exe92⤵
-
\??\c:\nbhbnt.exec:\nbhbnt.exe93⤵
-
\??\c:\hbbnnh.exec:\hbbnnh.exe94⤵
-
\??\c:\jvvjd.exec:\jvvjd.exe95⤵
-
\??\c:\xrrfrll.exec:\xrrfrll.exe96⤵
-
\??\c:\3xxxrrr.exec:\3xxxrrr.exe97⤵
-
\??\c:\thhhbt.exec:\thhhbt.exe98⤵
-
\??\c:\dppjv.exec:\dppjv.exe99⤵
-
\??\c:\xxlfrrr.exec:\xxlfrrr.exe100⤵
-
\??\c:\lxrxrxr.exec:\lxrxrxr.exe101⤵
-
\??\c:\nbbbtt.exec:\nbbbtt.exe102⤵
-
\??\c:\pdpjv.exec:\pdpjv.exe103⤵
-
\??\c:\dvvjp.exec:\dvvjp.exe104⤵
-
\??\c:\5xffrfx.exec:\5xffrfx.exe105⤵
-
\??\c:\hbbnhb.exec:\hbbnhb.exe106⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe107⤵
-
\??\c:\jjvpp.exec:\jjvpp.exe108⤵
-
\??\c:\xrffrll.exec:\xrffrll.exe109⤵
-
\??\c:\rxllffx.exec:\rxllffx.exe110⤵
-
\??\c:\tbhbth.exec:\tbhbth.exe111⤵
-
\??\c:\djppp.exec:\djppp.exe112⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe113⤵
-
\??\c:\xrxrxxx.exec:\xrxrxxx.exe114⤵
-
\??\c:\5btnhb.exec:\5btnhb.exe115⤵
-
\??\c:\9ttbnn.exec:\9ttbnn.exe116⤵
-
\??\c:\pvddp.exec:\pvddp.exe117⤵
-
\??\c:\flxlffx.exec:\flxlffx.exe118⤵
-
\??\c:\nnttnh.exec:\nnttnh.exe119⤵
-
\??\c:\vdvpv.exec:\vdvpv.exe120⤵
-
\??\c:\5vvpd.exec:\5vvpd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-