Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
22/11/2024, 21:05
General
-
Target
2d2c68f0dc80b7bfee06d626148f8ac97746723a3d23bf4030cea0a4f6b5f6da.exe
-
Size
49KB
-
MD5
64ab0cd8df9d6d027937e65c52b2e498
-
SHA1
52f075d3aed88341b4f4d941eb7e1becdef42f7f
-
SHA256
2d2c68f0dc80b7bfee06d626148f8ac97746723a3d23bf4030cea0a4f6b5f6da
-
SHA512
093123d714d2987b28d79cee810c810988c5e2291182707e18cfae48ed69503d75b17b340b900c1be431c307746d4e1871cb7dcba8c301dbac054d2a40046a74
-
SSDEEP
1536:mAocdpeVoBDulhzHMb7xNAa04Mcg5IKvlU:0cdpeeBSHHMHLf9RyIT
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2d2c68f0dc80b7bfee06d626148f8ac97746723a3d23bf4030cea0a4f6b5f6da.exe"C:\Users\Admin\AppData\Local\Temp\2d2c68f0dc80b7bfee06d626148f8ac97746723a3d23bf4030cea0a4f6b5f6da.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxrrr.exec:\fxfxrrr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nnhbb.exec:\9nnhbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnnhn.exec:\thnnhn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdpp.exec:\jvdpp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxrfxr.exec:\flxrfxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllfxxx.exec:\lllfxxx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttnhh.exec:\tttnhh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvvp.exec:\pdvvp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdjd.exec:\pvdjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxxxrx.exec:\fxxxxrx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnnhh.exec:\btnnhh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpvd.exec:\vdpvd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lfxxxr.exec:\5lfxxxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxrllf.exec:\lfxrllf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbtnn.exec:\hbbtnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnnnn.exec:\bnnnnn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppp.exec:\pjppp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ppjv.exec:\3ppjv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfflxrx.exec:\lfflxrx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrllllf.exec:\xrllllf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbbbb.exec:\bbbbbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvp.exec:\vpdvp.exe23⤵
- Executes dropped EXE
-
\??\c:\fllfrrl.exec:\fllfrrl.exe24⤵
- Executes dropped EXE
-
\??\c:\nnnhbh.exec:\nnnhbh.exe25⤵
- Executes dropped EXE
-
\??\c:\nhbbtt.exec:\nhbbtt.exe26⤵
- Executes dropped EXE
-
\??\c:\jjpjv.exec:\jjpjv.exe27⤵
- Executes dropped EXE
-
\??\c:\rffxrrl.exec:\rffxrrl.exe28⤵
- Executes dropped EXE
-
\??\c:\1hnnhb.exec:\1hnnhb.exe29⤵
- Executes dropped EXE
-
\??\c:\7vddv.exec:\7vddv.exe30⤵
- Executes dropped EXE
-
\??\c:\lxffxxx.exec:\lxffxxx.exe31⤵
- Executes dropped EXE
-
\??\c:\3llrrxr.exec:\3llrrxr.exe32⤵
- Executes dropped EXE
-
\??\c:\7tbbtn.exec:\7tbbtn.exe33⤵
- Executes dropped EXE
-
\??\c:\jdddp.exec:\jdddp.exe34⤵
- Executes dropped EXE
-
\??\c:\pvvpd.exec:\pvvpd.exe35⤵
- Executes dropped EXE
-
\??\c:\rxfxlfx.exec:\rxfxlfx.exe36⤵
- Executes dropped EXE
-
\??\c:\ttnntt.exec:\ttnntt.exe37⤵
- Executes dropped EXE
-
\??\c:\nbnnnn.exec:\nbnnnn.exe38⤵
- Executes dropped EXE
-
\??\c:\ppjdp.exec:\ppjdp.exe39⤵
- Executes dropped EXE
-
\??\c:\pppjv.exec:\pppjv.exe40⤵
- Executes dropped EXE
-
\??\c:\9lxrxfx.exec:\9lxrxfx.exe41⤵
- Executes dropped EXE
-
\??\c:\hbbnhb.exec:\hbbnhb.exe42⤵
- Executes dropped EXE
-
\??\c:\hhntnt.exec:\hhntnt.exe43⤵
- Executes dropped EXE
-
\??\c:\5jdjd.exec:\5jdjd.exe44⤵
- Executes dropped EXE
-
\??\c:\lrxxlxr.exec:\lrxxlxr.exe45⤵
- Executes dropped EXE
-
\??\c:\5lrlrrr.exec:\5lrlrrr.exe46⤵
- Executes dropped EXE
-
\??\c:\nnbtnn.exec:\nnbtnn.exe47⤵
- Executes dropped EXE
-
\??\c:\5nhhtt.exec:\5nhhtt.exe48⤵
- Executes dropped EXE
-
\??\c:\1vjjv.exec:\1vjjv.exe49⤵
- Executes dropped EXE
-
\??\c:\5flrfxx.exec:\5flrfxx.exe50⤵
- Executes dropped EXE
-
\??\c:\bbtnhn.exec:\bbtnhn.exe51⤵
- Executes dropped EXE
-
\??\c:\httnbt.exec:\httnbt.exe52⤵
-
\??\c:\jvvpv.exec:\jvvpv.exe53⤵
- Executes dropped EXE
-
\??\c:\lrrlffx.exec:\lrrlffx.exe54⤵
- Executes dropped EXE
-
\??\c:\lrrrllf.exec:\lrrrllf.exe55⤵
- Executes dropped EXE
-
\??\c:\nhthbn.exec:\nhthbn.exe56⤵
- Executes dropped EXE
-
\??\c:\ddjjv.exec:\ddjjv.exe57⤵
- Executes dropped EXE
-
\??\c:\dvppj.exec:\dvppj.exe58⤵
- Executes dropped EXE
-
\??\c:\xflfffl.exec:\xflfffl.exe59⤵
- Executes dropped EXE
-
\??\c:\5btnhh.exec:\5btnhh.exe60⤵
- Executes dropped EXE
-
\??\c:\jjvjv.exec:\jjvjv.exe61⤵
- Executes dropped EXE
-
\??\c:\vdjdd.exec:\vdjdd.exe62⤵
- Executes dropped EXE
-
\??\c:\xxfrfxf.exec:\xxfrfxf.exe63⤵
- Executes dropped EXE
-
\??\c:\1rxrrfx.exec:\1rxrrfx.exe64⤵
- Executes dropped EXE
-
\??\c:\hbnhtn.exec:\hbnhtn.exe65⤵
- Executes dropped EXE
-
\??\c:\ntbhbh.exec:\ntbhbh.exe66⤵
- Executes dropped EXE
-
\??\c:\pjjvj.exec:\pjjvj.exe67⤵
- System Location Discovery: System Language Discovery
-
\??\c:\5rllxfx.exec:\5rllxfx.exe68⤵
-
\??\c:\rffxxrl.exec:\rffxxrl.exe69⤵
-
\??\c:\bnnbnt.exec:\bnnbnt.exe70⤵
-
\??\c:\vjpdv.exec:\vjpdv.exe71⤵
-
\??\c:\vvdjd.exec:\vvdjd.exe72⤵
-
\??\c:\rxrlxrl.exec:\rxrlxrl.exe73⤵
-
\??\c:\1lxrfrl.exec:\1lxrfrl.exe74⤵
-
\??\c:\3bbtnn.exec:\3bbtnn.exe75⤵
-
\??\c:\tnnhtb.exec:\tnnhtb.exe76⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe77⤵
-
\??\c:\xxxffrr.exec:\xxxffrr.exe78⤵
-
\??\c:\rfffffx.exec:\rfffffx.exe79⤵
-
\??\c:\tttnhh.exec:\tttnhh.exe80⤵
-
\??\c:\nhnhtn.exec:\nhnhtn.exe81⤵
-
\??\c:\vdvvp.exec:\vdvvp.exe82⤵
-
\??\c:\7pppd.exec:\7pppd.exe83⤵
-
\??\c:\5vpjv.exec:\5vpjv.exe84⤵
-
\??\c:\5pvjp.exec:\5pvjp.exe85⤵
-
\??\c:\rrrxllf.exec:\rrrxllf.exe86⤵
-
\??\c:\rlfxrll.exec:\rlfxrll.exe87⤵
-
\??\c:\5nbthb.exec:\5nbthb.exe88⤵
-
\??\c:\bbbbnh.exec:\bbbbnh.exe89⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe90⤵
-
\??\c:\9ddvj.exec:\9ddvj.exe91⤵
-
\??\c:\1fxrllr.exec:\1fxrllr.exe92⤵
-
\??\c:\nhhbth.exec:\nhhbth.exe93⤵
-
\??\c:\9vpjj.exec:\9vpjj.exe94⤵
-
\??\c:\djdpd.exec:\djdpd.exe95⤵
-
\??\c:\fxfrfrl.exec:\fxfrfrl.exe96⤵
-
\??\c:\7tbnnh.exec:\7tbnnh.exe97⤵
-
\??\c:\5hnhtt.exec:\5hnhtt.exe98⤵
-
\??\c:\jpvdd.exec:\jpvdd.exe99⤵
-
\??\c:\dpjdp.exec:\dpjdp.exe100⤵
-
\??\c:\rffrfxl.exec:\rffrfxl.exe101⤵
-
\??\c:\rlxllxl.exec:\rlxllxl.exe102⤵
-
\??\c:\thnbnb.exec:\thnbnb.exe103⤵
-
\??\c:\9hnbnn.exec:\9hnbnn.exe104⤵
-
\??\c:\pvvjv.exec:\pvvjv.exe105⤵
-
\??\c:\3flffxf.exec:\3flffxf.exe106⤵
-
\??\c:\3tthbh.exec:\3tthbh.exe107⤵
-
\??\c:\nhhtnh.exec:\nhhtnh.exe108⤵
-
\??\c:\djpjv.exec:\djpjv.exe109⤵
-
\??\c:\fxrlrlf.exec:\fxrlrlf.exe110⤵
-
\??\c:\fllxxxl.exec:\fllxxxl.exe111⤵
-
\??\c:\1ntnhh.exec:\1ntnhh.exe112⤵
-
\??\c:\dddvj.exec:\dddvj.exe113⤵
-
\??\c:\pvvpd.exec:\pvvpd.exe114⤵
-
\??\c:\lffxfxr.exec:\lffxfxr.exe115⤵
-
\??\c:\9fllllf.exec:\9fllllf.exe116⤵
-
\??\c:\3bbbtn.exec:\3bbbtn.exe117⤵
-
\??\c:\3nnhhb.exec:\3nnhhb.exe118⤵
-
\??\c:\jvvvj.exec:\jvvvj.exe119⤵
-
\??\c:\jpvvj.exec:\jpvvj.exe120⤵
-
\??\c:\rlfxllx.exec:\rlfxllx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-