Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
23-11-2024 05:32
General
-
Target
df324d02b40aef84514fb392461371048629d46ecf7c670f4580c4dca866f2c4.exe
-
Size
71KB
-
MD5
1e4ab4d42921fb71305c3bc0e966f7bf
-
SHA1
8759e87fbd6a17ed2c4ced288e48842d28213b38
-
SHA256
df324d02b40aef84514fb392461371048629d46ecf7c670f4580c4dca866f2c4
-
SHA512
d55b46061f9fbc56ee4c5e17c4998ff222dc4ce1e1f60568c11b97bbab44ac1ca877580c7a90b402feb51f713dfe8ea72668c8232daf81d8ae2db11b3202312a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIkpi+q8l45CmK:ymb3NkkiQ3mdBjFIj+q8lL
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\df324d02b40aef84514fb392461371048629d46ecf7c670f4580c4dca866f2c4.exe"C:\Users\Admin\AppData\Local\Temp\df324d02b40aef84514fb392461371048629d46ecf7c670f4580c4dca866f2c4.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjjd.exec:\pjjjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fflffx.exec:\9fflffx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvjd.exec:\jpvjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppd.exec:\dvppd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxlffx.exec:\xrxlffx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nnttt.exec:\7nnttt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpddv.exec:\jpddv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ffxxlf.exec:\1ffxxlf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrxrx.exec:\rlrrxrx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhhbb.exec:\tbhhbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vdjj.exec:\7vdjj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7djdd.exec:\7djdd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxffrrl.exec:\rxffrrl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbttt.exec:\nnbttt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9djjd.exec:\9djjd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxrrrr.exec:\lfxrrrr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9htntt.exec:\9htntt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbnbt.exec:\btbnbt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjppj.exec:\jjppj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ffxffr.exec:\7ffxffr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hhnnn.exec:\9hhnnn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dvpd.exec:\3dvpd.exe23⤵
- Executes dropped EXE
-
\??\c:\fxrllll.exec:\fxrllll.exe24⤵
- Executes dropped EXE
-
\??\c:\3xfffll.exec:\3xfffll.exe25⤵
- Executes dropped EXE
-
\??\c:\3htbbb.exec:\3htbbb.exe26⤵
- Executes dropped EXE
-
\??\c:\7vpjj.exec:\7vpjj.exe27⤵
- Executes dropped EXE
-
\??\c:\lrxffll.exec:\lrxffll.exe28⤵
- Executes dropped EXE
-
\??\c:\fxxrrrl.exec:\fxxrrrl.exe29⤵
- Executes dropped EXE
-
\??\c:\nbhnnb.exec:\nbhnnb.exe30⤵
- Executes dropped EXE
-
\??\c:\5pvjj.exec:\5pvjj.exe31⤵
- Executes dropped EXE
-
\??\c:\7pvjp.exec:\7pvjp.exe32⤵
- Executes dropped EXE
-
\??\c:\7lrlxrl.exec:\7lrlxrl.exe33⤵
- Executes dropped EXE
-
\??\c:\bbbbbh.exec:\bbbbbh.exe34⤵
- Executes dropped EXE
-
\??\c:\pddjj.exec:\pddjj.exe35⤵
- Executes dropped EXE
-
\??\c:\xlffxxr.exec:\xlffxxr.exe36⤵
- Executes dropped EXE
-
\??\c:\xxxffff.exec:\xxxffff.exe37⤵
- Executes dropped EXE
-
\??\c:\hbnnnn.exec:\hbnnnn.exe38⤵
- Executes dropped EXE
-
\??\c:\9bttnt.exec:\9bttnt.exe39⤵
- Executes dropped EXE
-
\??\c:\vpjdd.exec:\vpjdd.exe40⤵
- Executes dropped EXE
-
\??\c:\xxlflrr.exec:\xxlflrr.exe41⤵
- Executes dropped EXE
-
\??\c:\ffllffl.exec:\ffllffl.exe42⤵
- Executes dropped EXE
-
\??\c:\tntttt.exec:\tntttt.exe43⤵
- Executes dropped EXE
-
\??\c:\jpdpv.exec:\jpdpv.exe44⤵
- Executes dropped EXE
-
\??\c:\fxfllll.exec:\fxfllll.exe45⤵
-
\??\c:\xrxfflf.exec:\xrxfflf.exe46⤵
- Executes dropped EXE
-
\??\c:\5hnhnt.exec:\5hnhnt.exe47⤵
- Executes dropped EXE
-
\??\c:\vppdv.exec:\vppdv.exe48⤵
- Executes dropped EXE
-
\??\c:\xfrfrlf.exec:\xfrfrlf.exe49⤵
- Executes dropped EXE
-
\??\c:\9nbhhh.exec:\9nbhhh.exe50⤵
- Executes dropped EXE
-
\??\c:\1vddv.exec:\1vddv.exe51⤵
- Executes dropped EXE
-
\??\c:\5rxrrrx.exec:\5rxrrrx.exe52⤵
- Executes dropped EXE
-
\??\c:\flllfff.exec:\flllfff.exe53⤵
- Executes dropped EXE
-
\??\c:\1tnnhh.exec:\1tnnhh.exe54⤵
- Executes dropped EXE
-
\??\c:\hbntbt.exec:\hbntbt.exe55⤵
- Executes dropped EXE
-
\??\c:\dvdvp.exec:\dvdvp.exe56⤵
- Executes dropped EXE
-
\??\c:\flxfxrl.exec:\flxfxrl.exe57⤵
- Executes dropped EXE
-
\??\c:\3hnhbh.exec:\3hnhbh.exe58⤵
- Executes dropped EXE
-
\??\c:\hthbbb.exec:\hthbbb.exe59⤵
- Executes dropped EXE
-
\??\c:\vdvdp.exec:\vdvdp.exe60⤵
- Executes dropped EXE
-
\??\c:\rfrxlfx.exec:\rfrxlfx.exe61⤵
- Executes dropped EXE
-
\??\c:\frffffl.exec:\frffffl.exe62⤵
- Executes dropped EXE
-
\??\c:\thnnhh.exec:\thnnhh.exe63⤵
- Executes dropped EXE
-
\??\c:\jjpjd.exec:\jjpjd.exe64⤵
- Executes dropped EXE
-
\??\c:\xllrfrf.exec:\xllrfrf.exe65⤵
- Executes dropped EXE
-
\??\c:\xlfllll.exec:\xlfllll.exe66⤵
- Executes dropped EXE
-
\??\c:\7hnnnn.exec:\7hnnnn.exe67⤵
-
\??\c:\nntnnb.exec:\nntnnb.exe68⤵
-
\??\c:\hnnbbb.exec:\hnnbbb.exe69⤵
-
\??\c:\dpddd.exec:\dpddd.exe70⤵
-
\??\c:\fxllflx.exec:\fxllflx.exe71⤵
-
\??\c:\rrllrxl.exec:\rrllrxl.exe72⤵
-
\??\c:\hnbtnn.exec:\hnbtnn.exe73⤵
-
\??\c:\vddvp.exec:\vddvp.exe74⤵
-
\??\c:\xxlxrfl.exec:\xxlxrfl.exe75⤵
-
\??\c:\rrflrrx.exec:\rrflrrx.exe76⤵
-
\??\c:\hnhhtt.exec:\hnhhtt.exe77⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe78⤵
-
\??\c:\rrxllfx.exec:\rrxllfx.exe79⤵
-
\??\c:\rlxxflr.exec:\rlxxflr.exe80⤵
-
\??\c:\hnnnnt.exec:\hnnnnt.exe81⤵
-
\??\c:\bbttnt.exec:\bbttnt.exe82⤵
-
\??\c:\jjvdj.exec:\jjvdj.exe83⤵
-
\??\c:\fxrllrl.exec:\fxrllrl.exe84⤵
-
\??\c:\tbhnhn.exec:\tbhnhn.exe85⤵
-
\??\c:\bhthtn.exec:\bhthtn.exe86⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe87⤵
-
\??\c:\rxllrrx.exec:\rxllrrx.exe88⤵
-
\??\c:\3lfflrf.exec:\3lfflrf.exe89⤵
-
\??\c:\nntbnn.exec:\nntbnn.exe90⤵
-
\??\c:\jjddv.exec:\jjddv.exe91⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe92⤵
-
\??\c:\llxlxlx.exec:\llxlxlx.exe93⤵
-
\??\c:\hnhbbt.exec:\hnhbbt.exe94⤵
-
\??\c:\vdjjv.exec:\vdjjv.exe95⤵
-
\??\c:\rrrlxfx.exec:\rrrlxfx.exe96⤵
-
\??\c:\nhtttn.exec:\nhtttn.exe97⤵
-
\??\c:\tbbbtn.exec:\tbbbtn.exe98⤵
-
\??\c:\pddpv.exec:\pddpv.exe99⤵
-
\??\c:\5lxxfrr.exec:\5lxxfrr.exe100⤵
-
\??\c:\1lrfflr.exec:\1lrfflr.exe101⤵
-
\??\c:\tttthh.exec:\tttthh.exe102⤵
-
\??\c:\ppppj.exec:\ppppj.exe103⤵
-
\??\c:\rxlllff.exec:\rxlllff.exe104⤵
-
\??\c:\9rxrrrx.exec:\9rxrrrx.exe105⤵
-
\??\c:\tbttbh.exec:\tbttbh.exe106⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe107⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xfrfxrr.exec:\xfrfxrr.exe108⤵
-
\??\c:\rflxrrr.exec:\rflxrrr.exe109⤵
-
\??\c:\btttnn.exec:\btttnn.exe110⤵
-
\??\c:\jpppd.exec:\jpppd.exe111⤵
-
\??\c:\3lllfll.exec:\3lllfll.exe112⤵
-
\??\c:\rxlllll.exec:\rxlllll.exe113⤵
-
\??\c:\htbthh.exec:\htbthh.exe114⤵
-
\??\c:\htbnbb.exec:\htbnbb.exe115⤵
-
\??\c:\vdpvp.exec:\vdpvp.exe116⤵
-
\??\c:\llxfffl.exec:\llxfffl.exe117⤵
-
\??\c:\rlxxrxr.exec:\rlxxrxr.exe118⤵
-
\??\c:\tnhnnh.exec:\tnhnnh.exe119⤵
-
\??\c:\ddvpd.exec:\ddvpd.exe120⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-