Analysis
-
max time kernel
150s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
23-11-2024 17:24
General
-
Target
f63c1573e9607c6635c9adfbcb79d4918e1fe502946222de8d06c59b1fb4a995.exe
-
Size
89KB
-
MD5
f891b4e0104d419684830cfb7653df6e
-
SHA1
0558b2f23024e30754c82a8ea2450a9a923f5ba8
-
SHA256
f63c1573e9607c6635c9adfbcb79d4918e1fe502946222de8d06c59b1fb4a995
-
SHA512
8499aef9637c0e483905a2d61e7e66f9a10d56a400d2292159bfd921b786fb16bc7bd8618eb20e809612ae303b4fbbf09781ae576a6fe827d6f712b14288ae50
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoAXPfgr2hKmdbcPi2vhdW/:ymb3NkkiQ3mdBjFo6Pfgy3dbc/hdW/
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 36 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f63c1573e9607c6635c9adfbcb79d4918e1fe502946222de8d06c59b1fb4a995.exe"C:\Users\Admin\AppData\Local\Temp\f63c1573e9607c6635c9adfbcb79d4918e1fe502946222de8d06c59b1fb4a995.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\4884842.exec:\4884842.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\06260.exec:\06260.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhtt.exec:\hbhhtt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhtnn.exec:\hbhtnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxxrr.exec:\rlfxxrr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjdp.exec:\jvjdp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pvdd.exec:\1pvdd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrllll.exec:\fxrllll.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\68488.exec:\68488.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfxxx.exec:\rllfxxx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpjv.exec:\jvpjv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\60482.exec:\60482.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbnbt.exec:\hbbnbt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\868082.exec:\868082.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\084048.exec:\084048.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\264888.exec:\264888.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvp.exec:\pjdvp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjdv.exec:\pvjdv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfrxrx.exec:\fxfrxrx.exe20⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\5dpjv.exec:\5dpjv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2048042.exec:\2048042.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q06426.exec:\q06426.exe23⤵
- Executes dropped EXE
-
\??\c:\pdjjv.exec:\pdjjv.exe24⤵
- Executes dropped EXE
-
\??\c:\fffrfxl.exec:\fffrfxl.exe25⤵
- Executes dropped EXE
-
\??\c:\dpppj.exec:\dpppj.exe26⤵
- Executes dropped EXE
-
\??\c:\8020060.exec:\8020060.exe27⤵
- Executes dropped EXE
-
\??\c:\fxrxxff.exec:\fxrxxff.exe28⤵
- Executes dropped EXE
-
\??\c:\0466228.exec:\0466228.exe29⤵
- Executes dropped EXE
-
\??\c:\22888.exec:\22888.exe30⤵
- Executes dropped EXE
-
\??\c:\hbbbtn.exec:\hbbbtn.exe31⤵
- Executes dropped EXE
-
\??\c:\tbbnht.exec:\tbbnht.exe32⤵
- Executes dropped EXE
-
\??\c:\bnnbnh.exec:\bnnbnh.exe33⤵
- Executes dropped EXE
-
\??\c:\20648.exec:\20648.exe34⤵
- Executes dropped EXE
-
\??\c:\0048208.exec:\0048208.exe35⤵
- Executes dropped EXE
-
\??\c:\06862.exec:\06862.exe36⤵
- Executes dropped EXE
-
\??\c:\2042206.exec:\2042206.exe37⤵
- Executes dropped EXE
-
\??\c:\rfxrrrr.exec:\rfxrrrr.exe38⤵
- Executes dropped EXE
-
\??\c:\22820.exec:\22820.exe39⤵
- Executes dropped EXE
-
\??\c:\86204.exec:\86204.exe40⤵
- Executes dropped EXE
-
\??\c:\djpjd.exec:\djpjd.exe41⤵
- Executes dropped EXE
-
\??\c:\fffrxrf.exec:\fffrxrf.exe42⤵
- Executes dropped EXE
-
\??\c:\pddpj.exec:\pddpj.exe43⤵
- Executes dropped EXE
-
\??\c:\frlxllx.exec:\frlxllx.exe44⤵
- Executes dropped EXE
-
\??\c:\xrfxllx.exec:\xrfxllx.exe45⤵
- Executes dropped EXE
-
\??\c:\ppjvj.exec:\ppjvj.exe46⤵
- Executes dropped EXE
-
\??\c:\448204.exec:\448204.exe47⤵
- Executes dropped EXE
-
\??\c:\0460488.exec:\0460488.exe48⤵
- Executes dropped EXE
-
\??\c:\vvddp.exec:\vvddp.exe49⤵
- Executes dropped EXE
-
\??\c:\4024400.exec:\4024400.exe50⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\204860.exec:\204860.exe51⤵
- Executes dropped EXE
-
\??\c:\w64800.exec:\w64800.exe52⤵
- Executes dropped EXE
-
\??\c:\884204.exec:\884204.exe53⤵
- Executes dropped EXE
-
\??\c:\9bhbhh.exec:\9bhbhh.exe54⤵
- Executes dropped EXE
-
\??\c:\42608.exec:\42608.exe55⤵
- Executes dropped EXE
-
\??\c:\406026.exec:\406026.exe56⤵
- Executes dropped EXE
-
\??\c:\06608.exec:\06608.exe57⤵
- Executes dropped EXE
-
\??\c:\bthtbn.exec:\bthtbn.exe58⤵
- Executes dropped EXE
-
\??\c:\rlfrfxr.exec:\rlfrfxr.exe59⤵
- Executes dropped EXE
-
\??\c:\tttnhb.exec:\tttnhb.exe60⤵
- Executes dropped EXE
-
\??\c:\w48204.exec:\w48204.exe61⤵
- Executes dropped EXE
-
\??\c:\42042.exec:\42042.exe62⤵
- Executes dropped EXE
-
\??\c:\s8864.exec:\s8864.exe63⤵
- Executes dropped EXE
-
\??\c:\206460.exec:\206460.exe64⤵
- Executes dropped EXE
-
\??\c:\pvpdp.exec:\pvpdp.exe65⤵
- Executes dropped EXE
-
\??\c:\22864.exec:\22864.exe66⤵
-
\??\c:\426022.exec:\426022.exe67⤵
-
\??\c:\pppjd.exec:\pppjd.exe68⤵
-
\??\c:\lxxlffx.exec:\lxxlffx.exe69⤵
-
\??\c:\04262.exec:\04262.exe70⤵
-
\??\c:\a4082.exec:\a4082.exe71⤵
-
\??\c:\xxfxlfx.exec:\xxfxlfx.exe72⤵
-
\??\c:\082866.exec:\082866.exe73⤵
-
\??\c:\nbbnbt.exec:\nbbnbt.exe74⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe75⤵
-
\??\c:\3hhttn.exec:\3hhttn.exe76⤵
-
\??\c:\s4420.exec:\s4420.exe77⤵
-
\??\c:\jvpjp.exec:\jvpjp.exe78⤵
-
\??\c:\8882626.exec:\8882626.exe79⤵
-
\??\c:\htnhtn.exec:\htnhtn.exe80⤵
-
\??\c:\262604.exec:\262604.exe81⤵
-
\??\c:\646082.exec:\646082.exe82⤵
-
\??\c:\0882688.exec:\0882688.exe83⤵
-
\??\c:\2020404.exec:\2020404.exe84⤵
-
\??\c:\w28488.exec:\w28488.exe85⤵
-
\??\c:\7lxrffx.exec:\7lxrffx.exe86⤵
-
\??\c:\dppjd.exec:\dppjd.exe87⤵
-
\??\c:\fxlxxxx.exec:\fxlxxxx.exe88⤵
-
\??\c:\rrxxxxf.exec:\rrxxxxf.exe89⤵
-
\??\c:\28886.exec:\28886.exe90⤵
-
\??\c:\nbnnhb.exec:\nbnnhb.exe91⤵
-
\??\c:\4686660.exec:\4686660.exe92⤵
-
\??\c:\a4482.exec:\a4482.exe93⤵
-
\??\c:\668620.exec:\668620.exe94⤵
-
\??\c:\nhnhtt.exec:\nhnhtt.exe95⤵
-
\??\c:\u406486.exec:\u406486.exe96⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe97⤵
-
\??\c:\9tthtn.exec:\9tthtn.exe98⤵
-
\??\c:\bbhbtb.exec:\bbhbtb.exe99⤵
-
\??\c:\rlrxlff.exec:\rlrxlff.exe100⤵
-
\??\c:\5jdpd.exec:\5jdpd.exe101⤵
-
\??\c:\nbthbh.exec:\nbthbh.exe102⤵
-
\??\c:\htbbbt.exec:\htbbbt.exe103⤵
-
\??\c:\8848822.exec:\8848822.exe104⤵
-
\??\c:\httnnh.exec:\httnnh.exe105⤵
-
\??\c:\1hthtn.exec:\1hthtn.exe106⤵
-
\??\c:\022604.exec:\022604.exe107⤵
-
\??\c:\86608.exec:\86608.exe108⤵
-
\??\c:\440862.exec:\440862.exe109⤵
-
\??\c:\vpdpp.exec:\vpdpp.exe110⤵
-
\??\c:\62420.exec:\62420.exe111⤵
-
\??\c:\e84804.exec:\e84804.exe112⤵
-
\??\c:\40048.exec:\40048.exe113⤵
-
\??\c:\866862.exec:\866862.exe114⤵
-
\??\c:\vddpv.exec:\vddpv.exe115⤵
-
\??\c:\806204.exec:\806204.exe116⤵
-
\??\c:\40086.exec:\40086.exe117⤵
-
\??\c:\4226486.exec:\4226486.exe118⤵
-
\??\c:\tnnhbt.exec:\tnnhbt.exe119⤵
-
\??\c:\0400404.exec:\0400404.exe120⤵
-
\??\c:\htbthb.exec:\htbthb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-