Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
22-11-2024 20:38
General
-
Target
23de7a760be2ed247bdfa849785acfe683552e69b0ef3a6166858eb15e566baa.exe
-
Size
61KB
-
MD5
84d82e678089ecf0ed6dd7a856c30058
-
SHA1
af7250d1bcae509be6cc7214d43dddcc3eef88ed
-
SHA256
23de7a760be2ed247bdfa849785acfe683552e69b0ef3a6166858eb15e566baa
-
SHA512
19a3b444a881dcb736a2b41f0aa3e1bd6b3a628958880f9fa3735e77eb614e7cf1173a7425d61928e77064febf58686835e6e6065cf47b5db44072105814727d
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND+3T4+byF:ymb3NkkiQ3mdBjF+3TpG
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 35 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\23de7a760be2ed247bdfa849785acfe683552e69b0ef3a6166858eb15e566baa.exe"C:\Users\Admin\AppData\Local\Temp\23de7a760be2ed247bdfa849785acfe683552e69b0ef3a6166858eb15e566baa.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpjj.exec:\pvpjj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbbb.exec:\bbtbbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nbttt.exec:\7nbttt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lxfflr.exec:\9lxfflr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrrlll.exec:\xlrrlll.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjd.exec:\jdjjd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ntttt.exec:\9ntttt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnnnt.exec:\nnnnnt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvv.exec:\vpdvv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfffff.exec:\xrfffff.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3htntt.exec:\3htntt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdj.exec:\pjjdj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxfflf.exec:\xxxfflf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxxll.exec:\xrxxxll.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhnth.exec:\hnhnth.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpjd.exec:\vvpjd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffxrxx.exec:\fffxrxx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhhn.exec:\bthhhn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppvd.exec:\pppvd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjj.exec:\vjpjj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthtnt.exec:\hthtnt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nthbn.exec:\1nthbn.exe23⤵
- Executes dropped EXE
-
\??\c:\jdvvp.exec:\jdvvp.exe24⤵
- Executes dropped EXE
-
\??\c:\1lrrllr.exec:\1lrrllr.exe25⤵
- Executes dropped EXE
-
\??\c:\tnbhhh.exec:\tnbhhh.exe26⤵
- Executes dropped EXE
-
\??\c:\7vvvj.exec:\7vvvj.exe27⤵
- Executes dropped EXE
-
\??\c:\llxxxxf.exec:\llxxxxf.exe28⤵
- Executes dropped EXE
-
\??\c:\bhhhth.exec:\bhhhth.exe29⤵
- Executes dropped EXE
-
\??\c:\jddpp.exec:\jddpp.exe30⤵
- Executes dropped EXE
-
\??\c:\5rxrlxl.exec:\5rxrlxl.exe31⤵
- Executes dropped EXE
-
\??\c:\hnhhhh.exec:\hnhhhh.exe32⤵
- Executes dropped EXE
-
\??\c:\nbhtth.exec:\nbhtth.exe33⤵
- Executes dropped EXE
-
\??\c:\vpppd.exec:\vpppd.exe34⤵
- Executes dropped EXE
-
\??\c:\xrrrxff.exec:\xrrrxff.exe35⤵
- Executes dropped EXE
-
\??\c:\flflfrx.exec:\flflfrx.exe36⤵
- Executes dropped EXE
-
\??\c:\nnthbt.exec:\nnthbt.exe37⤵
- Executes dropped EXE
-
\??\c:\pdjvv.exec:\pdjvv.exe38⤵
- Executes dropped EXE
-
\??\c:\dpvvd.exec:\dpvvd.exe39⤵
- Executes dropped EXE
-
\??\c:\rlrfllr.exec:\rlrfllr.exe40⤵
- Executes dropped EXE
-
\??\c:\nhbbbb.exec:\nhbbbb.exe41⤵
- Executes dropped EXE
-
\??\c:\pjdvd.exec:\pjdvd.exe42⤵
- Executes dropped EXE
-
\??\c:\jvjjd.exec:\jvjjd.exe43⤵
- Executes dropped EXE
-
\??\c:\lxlfxxx.exec:\lxlfxxx.exe44⤵
- Executes dropped EXE
-
\??\c:\hbhhbh.exec:\hbhhbh.exe45⤵
- Executes dropped EXE
-
\??\c:\hntbtb.exec:\hntbtb.exe46⤵
- Executes dropped EXE
-
\??\c:\1dpjp.exec:\1dpjp.exe47⤵
- Executes dropped EXE
-
\??\c:\lrlrrfr.exec:\lrlrrfr.exe48⤵
- Executes dropped EXE
-
\??\c:\7httbh.exec:\7httbh.exe49⤵
- Executes dropped EXE
-
\??\c:\jvddp.exec:\jvddp.exe50⤵
- Executes dropped EXE
-
\??\c:\thtttb.exec:\thtttb.exe51⤵
- Executes dropped EXE
-
\??\c:\jvdvv.exec:\jvdvv.exe52⤵
- Executes dropped EXE
-
\??\c:\5vppp.exec:\5vppp.exe53⤵
- Executes dropped EXE
-
\??\c:\rxlfxxx.exec:\rxlfxxx.exe54⤵
- Executes dropped EXE
-
\??\c:\btnnnn.exec:\btnnnn.exe55⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\bbhnbn.exec:\bbhnbn.exe56⤵
- Executes dropped EXE
-
\??\c:\3djvp.exec:\3djvp.exe57⤵
- Executes dropped EXE
-
\??\c:\htntbn.exec:\htntbn.exe58⤵
- Executes dropped EXE
-
\??\c:\ddddd.exec:\ddddd.exe59⤵
- Executes dropped EXE
-
\??\c:\flrrxrx.exec:\flrrxrx.exe60⤵
- Executes dropped EXE
-
\??\c:\nhtbhn.exec:\nhtbhn.exe61⤵
- Executes dropped EXE
-
\??\c:\vjpvp.exec:\vjpvp.exe62⤵
- Executes dropped EXE
-
\??\c:\7jpvv.exec:\7jpvv.exe63⤵
- Executes dropped EXE
-
\??\c:\xrrrlff.exec:\xrrrlff.exe64⤵
- Executes dropped EXE
-
\??\c:\bbnhnh.exec:\bbnhnh.exe65⤵
- Executes dropped EXE
-
\??\c:\jpddp.exec:\jpddp.exe66⤵
-
\??\c:\ffrrxfr.exec:\ffrrxfr.exe67⤵
-
\??\c:\tthnhn.exec:\tthnhn.exe68⤵
-
\??\c:\jpdvv.exec:\jpdvv.exe69⤵
-
\??\c:\3llrfrl.exec:\3llrfrl.exe70⤵
-
\??\c:\rflllll.exec:\rflllll.exe71⤵
-
\??\c:\nbhhhh.exec:\nbhhhh.exe72⤵
-
\??\c:\fxxxffr.exec:\fxxxffr.exe73⤵
-
\??\c:\bhtthh.exec:\bhtthh.exe74⤵
-
\??\c:\1vjjv.exec:\1vjjv.exe75⤵
-
\??\c:\ddvpd.exec:\ddvpd.exe76⤵
-
\??\c:\xxlrlxr.exec:\xxlrlxr.exe77⤵
-
\??\c:\nnnnhn.exec:\nnnnhn.exe78⤵
-
\??\c:\nnbhhh.exec:\nnbhhh.exe79⤵
-
\??\c:\3dvvv.exec:\3dvvv.exe80⤵
-
\??\c:\rlrrxff.exec:\rlrrxff.exe81⤵
-
\??\c:\nhhbbh.exec:\nhhbbh.exe82⤵
-
\??\c:\jjdjj.exec:\jjdjj.exe83⤵
-
\??\c:\rrlfrxr.exec:\rrlfrxr.exe84⤵
-
\??\c:\1tnbbh.exec:\1tnbbh.exe85⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe86⤵
-
\??\c:\xllllfl.exec:\xllllfl.exe87⤵
-
\??\c:\hthbtb.exec:\hthbtb.exe88⤵
-
\??\c:\nnnhbb.exec:\nnnhbb.exe89⤵
-
\??\c:\7pppj.exec:\7pppj.exe90⤵
-
\??\c:\ffxxllx.exec:\ffxxllx.exe91⤵
-
\??\c:\thnnhh.exec:\thnnhh.exe92⤵
-
\??\c:\bnhtnn.exec:\bnhtnn.exe93⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe94⤵
-
\??\c:\rflrxfl.exec:\rflrxfl.exe95⤵
-
\??\c:\tbhnnt.exec:\tbhnnt.exe96⤵
-
\??\c:\pvdjd.exec:\pvdjd.exe97⤵
-
\??\c:\xxlrxrx.exec:\xxlrxrx.exe98⤵
-
\??\c:\nhbbtb.exec:\nhbbtb.exe99⤵
-
\??\c:\htnbtb.exec:\htnbtb.exe100⤵
-
\??\c:\vdjpp.exec:\vdjpp.exe101⤵
-
\??\c:\frrfrlf.exec:\frrfrlf.exe102⤵
-
\??\c:\llfffff.exec:\llfffff.exe103⤵
-
\??\c:\9ttttb.exec:\9ttttb.exe104⤵
-
\??\c:\7nhbtt.exec:\7nhbtt.exe105⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe106⤵
-
\??\c:\ffrrxrf.exec:\ffrrxrf.exe107⤵
-
\??\c:\lflffll.exec:\lflffll.exe108⤵
-
\??\c:\nnhhbb.exec:\nnhhbb.exe109⤵
-
\??\c:\jvddd.exec:\jvddd.exe110⤵
-
\??\c:\rlxxrrl.exec:\rlxxrrl.exe111⤵
-
\??\c:\3rxrllf.exec:\3rxrllf.exe112⤵
-
\??\c:\bntnnh.exec:\bntnnh.exe113⤵
-
\??\c:\3djjj.exec:\3djjj.exe114⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe115⤵
-
\??\c:\rxxrxlr.exec:\rxxrxlr.exe116⤵
-
\??\c:\bbnnhb.exec:\bbnnhb.exe117⤵
-
\??\c:\ntttnt.exec:\ntttnt.exe118⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe119⤵
-
\??\c:\jvpvp.exec:\jvpvp.exe120⤵
-
\??\c:\llllfff.exec:\llllfff.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-