Analysis
-
max time kernel
120s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
23-11-2024 14:28
General
-
Target
de022f0fd09f1b861d42e439b95e4367cb0e981a9de8d3a4f0ce7039793324a8N.exe
-
Size
69KB
-
MD5
928d70ff98f275c234ddc97332b58c90
-
SHA1
70a7ef3237b22c41c7e2f2e7db120f39c0de9ed6
-
SHA256
de022f0fd09f1b861d42e439b95e4367cb0e981a9de8d3a4f0ce7039793324a8
-
SHA512
4c1c95cf4d3fda5415be63b034e851f0c0288c8600268560bdcda308f2542fea6037ece528963e1f35a2eaa4b19e9db330a2799c3853f770eb86ae00283c5cb3
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIoAcb:ymb3NkkiQ3mdBjFIsIVcb
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\de022f0fd09f1b861d42e439b95e4367cb0e981a9de8d3a4f0ce7039793324a8N.exe"C:\Users\Admin\AppData\Local\Temp\de022f0fd09f1b861d42e439b95e4367cb0e981a9de8d3a4f0ce7039793324a8N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5hnhbb.exec:\5hnhbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vvpj.exec:\9vvpj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdvp.exec:\jpdvp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxxrrl.exec:\lxxxrrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrllff.exec:\lxrllff.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbbtt.exec:\hhbbtt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddpd.exec:\vddpd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfrxxl.exec:\xxfrxxl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflfrll.exec:\rflfrll.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnnn.exec:\bttnnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvp.exec:\jddvp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrlllf.exec:\llrlllf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ntnhn.exec:\5ntnhn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnttt.exec:\nhnttt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjdv.exec:\jjjdv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrllfll.exec:\xrllfll.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9btttt.exec:\9btttt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjj.exec:\vppjj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrxllr.exec:\rlrxllr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnnhh.exec:\tnnnhh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbhbn.exec:\btbhbn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddv.exec:\vvddv.exe23⤵
- Executes dropped EXE
-
\??\c:\rlxxffl.exec:\rlxxffl.exe24⤵
- Executes dropped EXE
-
\??\c:\7frrfff.exec:\7frrfff.exe25⤵
- Executes dropped EXE
-
\??\c:\nbbbtt.exec:\nbbbtt.exe26⤵
- Executes dropped EXE
-
\??\c:\3tnbtn.exec:\3tnbtn.exe27⤵
- Executes dropped EXE
-
\??\c:\jpdvp.exec:\jpdvp.exe28⤵
- Executes dropped EXE
-
\??\c:\pppjj.exec:\pppjj.exe29⤵
- Executes dropped EXE
-
\??\c:\frrlfxr.exec:\frrlfxr.exe30⤵
- Executes dropped EXE
-
\??\c:\3nbbbt.exec:\3nbbbt.exe31⤵
- Executes dropped EXE
-
\??\c:\bttnnn.exec:\bttnnn.exe32⤵
- Executes dropped EXE
-
\??\c:\vvpjd.exec:\vvpjd.exe33⤵
- Executes dropped EXE
-
\??\c:\rxxlxrl.exec:\rxxlxrl.exe34⤵
- Executes dropped EXE
-
\??\c:\1hnnbt.exec:\1hnnbt.exe35⤵
- Executes dropped EXE
-
\??\c:\vjddd.exec:\vjddd.exe36⤵
- Executes dropped EXE
-
\??\c:\rxrllff.exec:\rxrllff.exe37⤵
- Executes dropped EXE
-
\??\c:\lfxrlrr.exec:\lfxrlrr.exe38⤵
- Executes dropped EXE
-
\??\c:\tnbbhh.exec:\tnbbhh.exe39⤵
- Executes dropped EXE
-
\??\c:\3nnbbb.exec:\3nnbbb.exe40⤵
- Executes dropped EXE
-
\??\c:\5jvpj.exec:\5jvpj.exe41⤵
- Executes dropped EXE
-
\??\c:\xxllrxx.exec:\xxllrxx.exe42⤵
- Executes dropped EXE
-
\??\c:\tnnnhh.exec:\tnnnhh.exe43⤵
- Executes dropped EXE
-
\??\c:\vdjjd.exec:\vdjjd.exe44⤵
- Executes dropped EXE
-
\??\c:\9pvvp.exec:\9pvvp.exe45⤵
- Executes dropped EXE
-
\??\c:\llxrllr.exec:\llxrllr.exe46⤵
- Executes dropped EXE
-
\??\c:\5bbbtt.exec:\5bbbtt.exe47⤵
- Executes dropped EXE
-
\??\c:\9hnnnt.exec:\9hnnnt.exe48⤵
- Executes dropped EXE
-
\??\c:\dpvpp.exec:\dpvpp.exe49⤵
- Executes dropped EXE
-
\??\c:\1xlfxxf.exec:\1xlfxxf.exe50⤵
- Executes dropped EXE
-
\??\c:\bbbthh.exec:\bbbthh.exe51⤵
- Executes dropped EXE
-
\??\c:\jjdvd.exec:\jjdvd.exe52⤵
- Executes dropped EXE
-
\??\c:\xrfxlrf.exec:\xrfxlrf.exe53⤵
- Executes dropped EXE
-
\??\c:\1hhhbb.exec:\1hhhbb.exe54⤵
- Executes dropped EXE
-
\??\c:\dpjvp.exec:\dpjvp.exe55⤵
- Executes dropped EXE
-
\??\c:\5llfxfx.exec:\5llfxfx.exe56⤵
- Executes dropped EXE
-
\??\c:\nhhhtt.exec:\nhhhtt.exe57⤵
- Executes dropped EXE
-
\??\c:\5btnbb.exec:\5btnbb.exe58⤵
- Executes dropped EXE
-
\??\c:\djvpd.exec:\djvpd.exe59⤵
- Executes dropped EXE
-
\??\c:\9llfxxr.exec:\9llfxxr.exe60⤵
- Executes dropped EXE
-
\??\c:\nhhbbn.exec:\nhhbbn.exe61⤵
- Executes dropped EXE
-
\??\c:\nthbbb.exec:\nthbbb.exe62⤵
- Executes dropped EXE
-
\??\c:\3lrrlll.exec:\3lrrlll.exe63⤵
- Executes dropped EXE
-
\??\c:\frxxrxx.exec:\frxxrxx.exe64⤵
- Executes dropped EXE
-
\??\c:\thttbh.exec:\thttbh.exe65⤵
- Executes dropped EXE
-
\??\c:\ththtn.exec:\ththtn.exe66⤵
-
\??\c:\pjjpd.exec:\pjjpd.exe67⤵
-
\??\c:\1dpjv.exec:\1dpjv.exe68⤵
-
\??\c:\rrxfrrr.exec:\rrxfrrr.exe69⤵
-
\??\c:\htthbt.exec:\htthbt.exe70⤵
-
\??\c:\7htnbb.exec:\7htnbb.exe71⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe72⤵
-
\??\c:\pdvpd.exec:\pdvpd.exe73⤵
-
\??\c:\3flfxxx.exec:\3flfxxx.exe74⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe75⤵
-
\??\c:\bnbnht.exec:\bnbnht.exe76⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe77⤵
-
\??\c:\frxrxlx.exec:\frxrxlx.exe78⤵
-
\??\c:\rrrlxxl.exec:\rrrlxxl.exe79⤵
-
\??\c:\btbbbb.exec:\btbbbb.exe80⤵
-
\??\c:\thntnn.exec:\thntnn.exe81⤵
-
\??\c:\xffxrll.exec:\xffxrll.exe82⤵
-
\??\c:\7xrlxfx.exec:\7xrlxfx.exe83⤵
-
\??\c:\bbbtnh.exec:\bbbtnh.exe84⤵
-
\??\c:\ntbbnn.exec:\ntbbnn.exe85⤵
-
\??\c:\dvvdp.exec:\dvvdp.exe86⤵
-
\??\c:\jpvpd.exec:\jpvpd.exe87⤵
-
\??\c:\xrffffx.exec:\xrffffx.exe88⤵
-
\??\c:\hbbhhn.exec:\hbbhhn.exe89⤵
-
\??\c:\5tnnbb.exec:\5tnnbb.exe90⤵
-
\??\c:\pdjvp.exec:\pdjvp.exe91⤵
-
\??\c:\jvjjd.exec:\jvjjd.exe92⤵
-
\??\c:\fflllll.exec:\fflllll.exe93⤵
-
\??\c:\5flfxxx.exec:\5flfxxx.exe94⤵
-
\??\c:\tthbtb.exec:\tthbtb.exe95⤵
-
\??\c:\vpdpj.exec:\vpdpj.exe96⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe97⤵
-
\??\c:\xfffrrr.exec:\xfffrrr.exe98⤵
-
\??\c:\xxxrllf.exec:\xxxrllf.exe99⤵
-
\??\c:\hhhbhh.exec:\hhhbhh.exe100⤵
-
\??\c:\nbbbtn.exec:\nbbbtn.exe101⤵
-
\??\c:\3ppvj.exec:\3ppvj.exe102⤵
-
\??\c:\fxfxrrr.exec:\fxfxrrr.exe103⤵
-
\??\c:\frffffx.exec:\frffffx.exe104⤵
-
\??\c:\7rfxflx.exec:\7rfxflx.exe105⤵
-
\??\c:\tnttnt.exec:\tnttnt.exe106⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe107⤵
-
\??\c:\jjpjv.exec:\jjpjv.exe108⤵
-
\??\c:\fxxllff.exec:\fxxllff.exe109⤵
-
\??\c:\bhntnt.exec:\bhntnt.exe110⤵
-
\??\c:\3hhbnn.exec:\3hhbnn.exe111⤵
-
\??\c:\3pvvp.exec:\3pvvp.exe112⤵
-
\??\c:\9xxrrrx.exec:\9xxrrrx.exe113⤵
-
\??\c:\7frrrxx.exec:\7frrrxx.exe114⤵
-
\??\c:\hntnhh.exec:\hntnhh.exe115⤵
-
\??\c:\jdppd.exec:\jdppd.exe116⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe117⤵
-
\??\c:\xlrrrxf.exec:\xlrrrxf.exe118⤵
-
\??\c:\xxfxlfx.exec:\xxfxlfx.exe119⤵
-
\??\c:\1bbthb.exec:\1bbthb.exe120⤵
-
\??\c:\nhbnbt.exec:\nhbnbt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-