Analysis
-
max time kernel
120s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
23-11-2024 07:40
General
-
Target
b24841e422f1eec0737898148a37e5fbb436dfd5688983529f5f200e70a62266N.exe
-
Size
453KB
-
MD5
8edb37a3cee29ec228a566ce11a6daf0
-
SHA1
d2625987ad84aaa62e50f074a66e19a6e78cc403
-
SHA256
b24841e422f1eec0737898148a37e5fbb436dfd5688983529f5f200e70a62266
-
SHA512
7757511c62c141909a79a27909270fbff6466511d9b5fe14d5453228551d28ccf91efcea9d2903484e9d0c6162d0312a753466707b4e826cbbbd5861eae207d1
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeI:q7Tc2NYHUrAwfMp3CDI
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 63 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b24841e422f1eec0737898148a37e5fbb436dfd5688983529f5f200e70a62266N.exe"C:\Users\Admin\AppData\Local\Temp\b24841e422f1eec0737898148a37e5fbb436dfd5688983529f5f200e70a62266N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlfxr.exec:\xrrlfxr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpdp.exec:\pvpdp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lfxxxx.exec:\1lfxxxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfxlfx.exec:\xxfxlfx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvppv.exec:\vvppv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnnnt.exec:\nhnnnt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjd.exec:\dvjjd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbtnn.exec:\tnbtnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlfrlf.exec:\fxlfrlf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhtbnn.exec:\bhtbnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pdvj.exec:\3pdvj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrllf.exec:\xrrrllf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntnnt.exec:\tntnnt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflrrfl.exec:\xflrrfl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdp.exec:\pdjdp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjj.exec:\pjpjj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntnhb.exec:\tntnhb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvjd.exec:\ppvjd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllfxxr.exec:\lllfxxr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjjd.exec:\ddjjd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrrffl.exec:\lfrrffl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbthb.exec:\hbbthb.exe23⤵
- Executes dropped EXE
-
\??\c:\ffllllf.exec:\ffllllf.exe24⤵
- Executes dropped EXE
-
\??\c:\xrrlxxr.exec:\xrrlxxr.exe25⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\tnnhhh.exec:\tnnhhh.exe26⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe27⤵
- Executes dropped EXE
-
\??\c:\rxfxllx.exec:\rxfxllx.exe28⤵
- Executes dropped EXE
-
\??\c:\pvdpj.exec:\pvdpj.exe29⤵
- Executes dropped EXE
-
\??\c:\tntnhh.exec:\tntnhh.exe30⤵
- Executes dropped EXE
-
\??\c:\ppjdv.exec:\ppjdv.exe31⤵
- Executes dropped EXE
-
\??\c:\bntnnt.exec:\bntnnt.exe32⤵
- Executes dropped EXE
-
\??\c:\5nhbtt.exec:\5nhbtt.exe33⤵
- Executes dropped EXE
-
\??\c:\pdjdd.exec:\pdjdd.exe34⤵
- Executes dropped EXE
-
\??\c:\hntnbb.exec:\hntnbb.exe35⤵
- Executes dropped EXE
-
\??\c:\vdvvp.exec:\vdvvp.exe36⤵
- Executes dropped EXE
-
\??\c:\pjpjv.exec:\pjpjv.exe37⤵
- Executes dropped EXE
-
\??\c:\lxrlffx.exec:\lxrlffx.exe38⤵
- Executes dropped EXE
-
\??\c:\thbhhb.exec:\thbhhb.exe39⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe40⤵
- Executes dropped EXE
-
\??\c:\xxxxxlx.exec:\xxxxxlx.exe41⤵
- Executes dropped EXE
-
\??\c:\bhnhbb.exec:\bhnhbb.exe42⤵
- Executes dropped EXE
-
\??\c:\vppdp.exec:\vppdp.exe43⤵
- Executes dropped EXE
-
\??\c:\3rrrffx.exec:\3rrrffx.exe44⤵
- Executes dropped EXE
-
\??\c:\ffxrfff.exec:\ffxrfff.exe45⤵
- Executes dropped EXE
-
\??\c:\tthtnn.exec:\tthtnn.exe46⤵
- Executes dropped EXE
-
\??\c:\jdjvj.exec:\jdjvj.exe47⤵
- Executes dropped EXE
-
\??\c:\xxxrllf.exec:\xxxrllf.exe48⤵
- Executes dropped EXE
-
\??\c:\ntbtnn.exec:\ntbtnn.exe49⤵
- Executes dropped EXE
-
\??\c:\hnbnth.exec:\hnbnth.exe50⤵
- Executes dropped EXE
-
\??\c:\fllfxxr.exec:\fllfxxr.exe51⤵
- Executes dropped EXE
-
\??\c:\tttntn.exec:\tttntn.exe52⤵
- Executes dropped EXE
-
\??\c:\pjjdp.exec:\pjjdp.exe53⤵
- Executes dropped EXE
-
\??\c:\pddvj.exec:\pddvj.exe54⤵
- Executes dropped EXE
-
\??\c:\rxfflxl.exec:\rxfflxl.exe55⤵
- Executes dropped EXE
-
\??\c:\thtnhh.exec:\thtnhh.exe56⤵
- Executes dropped EXE
-
\??\c:\btnnbt.exec:\btnnbt.exe57⤵
- Executes dropped EXE
-
\??\c:\ppjjj.exec:\ppjjj.exe58⤵
- Executes dropped EXE
-
\??\c:\xrlfrrl.exec:\xrlfrrl.exe59⤵
- Executes dropped EXE
-
\??\c:\7nhhbt.exec:\7nhhbt.exe60⤵
- Executes dropped EXE
-
\??\c:\9ppjd.exec:\9ppjd.exe61⤵
- Executes dropped EXE
-
\??\c:\frfxrrl.exec:\frfxrrl.exe62⤵
- Executes dropped EXE
-
\??\c:\xrxrllf.exec:\xrxrllf.exe63⤵
- Executes dropped EXE
-
\??\c:\5tbthb.exec:\5tbthb.exe64⤵
- Executes dropped EXE
-
\??\c:\jjjpj.exec:\jjjpj.exe65⤵
- Executes dropped EXE
-
\??\c:\1xrrxxr.exec:\1xrrxxr.exe66⤵
-
\??\c:\thhbnn.exec:\thhbnn.exe67⤵
-
\??\c:\djpjv.exec:\djpjv.exe68⤵
-
\??\c:\lfxxrrl.exec:\lfxxrrl.exe69⤵
-
\??\c:\rrlfrrl.exec:\rrlfrrl.exe70⤵
-
\??\c:\ttnnhb.exec:\ttnnhb.exe71⤵
-
\??\c:\dppjd.exec:\dppjd.exe72⤵
-
\??\c:\jpdvp.exec:\jpdvp.exe73⤵
-
\??\c:\3rxlfxx.exec:\3rxlfxx.exe74⤵
-
\??\c:\htbtnn.exec:\htbtnn.exe75⤵
-
\??\c:\dpvpd.exec:\dpvpd.exe76⤵
-
\??\c:\xrrxllf.exec:\xrrxllf.exe77⤵
-
\??\c:\ntbnhb.exec:\ntbnhb.exe78⤵
-
\??\c:\tbnhtt.exec:\tbnhtt.exe79⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe80⤵
-
\??\c:\5rlfrlf.exec:\5rlfrlf.exe81⤵
-
\??\c:\bhhbtt.exec:\bhhbtt.exe82⤵
-
\??\c:\vjvpv.exec:\vjvpv.exe83⤵
-
\??\c:\9ddvj.exec:\9ddvj.exe84⤵
-
\??\c:\lrxrxxr.exec:\lrxrxxr.exe85⤵
-
\??\c:\thhhnh.exec:\thhhnh.exe86⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe87⤵
-
\??\c:\3rlfrrl.exec:\3rlfrrl.exe88⤵
-
\??\c:\bhbhbt.exec:\bhbhbt.exe89⤵
-
\??\c:\jddvv.exec:\jddvv.exe90⤵
-
\??\c:\ppjdv.exec:\ppjdv.exe91⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xffxlff.exec:\xffxlff.exe92⤵
-
\??\c:\hhbthh.exec:\hhbthh.exe93⤵
-
\??\c:\jjpjp.exec:\jjpjp.exe94⤵
-
\??\c:\9llfxxx.exec:\9llfxxx.exe95⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe96⤵
-
\??\c:\3nbtnh.exec:\3nbtnh.exe97⤵
-
\??\c:\7vpdv.exec:\7vpdv.exe98⤵
-
\??\c:\1xxrlll.exec:\1xxrlll.exe99⤵
-
\??\c:\flxxfxx.exec:\flxxfxx.exe100⤵
-
\??\c:\jdddv.exec:\jdddv.exe101⤵
-
\??\c:\vpvdp.exec:\vpvdp.exe102⤵
-
\??\c:\rfxxrrr.exec:\rfxxrrr.exe103⤵
-
\??\c:\nttttt.exec:\nttttt.exe104⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe105⤵
-
\??\c:\vppdp.exec:\vppdp.exe106⤵
-
\??\c:\hbtttb.exec:\hbtttb.exe107⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe108⤵
-
\??\c:\lrxrrrl.exec:\lrxrrrl.exe109⤵
-
\??\c:\hnhbtt.exec:\hnhbtt.exe110⤵
-
\??\c:\bhnhbn.exec:\bhnhbn.exe111⤵
-
\??\c:\1jdvv.exec:\1jdvv.exe112⤵
-
\??\c:\flrlfxx.exec:\flrlfxx.exe113⤵
-
\??\c:\thbtnn.exec:\thbtnn.exe114⤵
-
\??\c:\9nbtbh.exec:\9nbtbh.exe115⤵
-
\??\c:\vddvj.exec:\vddvj.exe116⤵
-
\??\c:\xrlxrrl.exec:\xrlxrrl.exe117⤵
-
\??\c:\ntnhtt.exec:\ntnhtt.exe118⤵
-
\??\c:\1vpjd.exec:\1vpjd.exe119⤵
-
\??\c:\xllfxrf.exec:\xllfxrf.exe120⤵
-
\??\c:\3nnbnn.exec:\3nnbnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-