Analysis
-
max time kernel
150s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
23-11-2024 19:20
General
-
Target
07bde9f23ecbe291e0a6ecd5b43f7fbd34088f99cad95eb6a38480537fffe2cd.exe
-
Size
454KB
-
MD5
9bdb9371d4f5c81e0ef03e158e84187a
-
SHA1
141c1d690291866191ac63c41781e05f2c9c5b8e
-
SHA256
07bde9f23ecbe291e0a6ecd5b43f7fbd34088f99cad95eb6a38480537fffe2cd
-
SHA512
0d245da98d0686a80f3b988a64b56828bf7bb164c2e6ec3ea025affa7fdeb7b148f7964eb3ab8bc77896d419bece48d37e470fc67fea749b9c0a396743c57121
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbecr:q7Tc2NYHUrAwfMp3CDm
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\07bde9f23ecbe291e0a6ecd5b43f7fbd34088f99cad95eb6a38480537fffe2cd.exe"C:\Users\Admin\AppData\Local\Temp\07bde9f23ecbe291e0a6ecd5b43f7fbd34088f99cad95eb6a38480537fffe2cd.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dppvv.exec:\dppvv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttnhb.exec:\nttnhb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlffff.exec:\fxlffff.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bhhbh.exec:\1bhhbh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbttt.exec:\bnbttt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfxxr.exec:\rllfxxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbtn.exec:\tnhbtn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvddd.exec:\jvddd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbbtt.exec:\ntbbtt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxrxr.exec:\rlfxrxr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhbt.exec:\bnnhbt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddjp.exec:\dddjp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfllxx.exec:\fxfllxx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhnht.exec:\bhhnht.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jpjp.exec:\7jpjp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlffx.exec:\fxrlffx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbtnn.exec:\bhbtnn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xfxxff.exec:\5xfxxff.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhbtn.exec:\bbhbtn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrfxr.exec:\rrrrfxr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rrfxxr.exec:\7rrfxxr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnttb.exec:\thnttb.exe23⤵
- Executes dropped EXE
-
\??\c:\jjpjp.exec:\jjpjp.exe24⤵
- Executes dropped EXE
-
\??\c:\nhntbn.exec:\nhntbn.exe25⤵
- Executes dropped EXE
-
\??\c:\djjdd.exec:\djjdd.exe26⤵
- Executes dropped EXE
-
\??\c:\lxfflfx.exec:\lxfflfx.exe27⤵
- Executes dropped EXE
-
\??\c:\5ntnhh.exec:\5ntnhh.exe28⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe29⤵
- Executes dropped EXE
-
\??\c:\jvvpj.exec:\jvvpj.exe30⤵
- Executes dropped EXE
-
\??\c:\xlxrlll.exec:\xlxrlll.exe31⤵
- Executes dropped EXE
-
\??\c:\vvpjj.exec:\vvpjj.exe32⤵
- Executes dropped EXE
-
\??\c:\xllffxx.exec:\xllffxx.exe33⤵
- Executes dropped EXE
-
\??\c:\1tnhtt.exec:\1tnhtt.exe34⤵
- Executes dropped EXE
-
\??\c:\rxfflfl.exec:\rxfflfl.exe35⤵
- Executes dropped EXE
-
\??\c:\bnhnnt.exec:\bnhnnt.exe36⤵
- Executes dropped EXE
-
\??\c:\xrrlfff.exec:\xrrlfff.exe37⤵
- Executes dropped EXE
-
\??\c:\bbhbbb.exec:\bbhbbb.exe38⤵
- Executes dropped EXE
-
\??\c:\flllfxx.exec:\flllfxx.exe39⤵
- Executes dropped EXE
-
\??\c:\tnbnbt.exec:\tnbnbt.exe40⤵
- Executes dropped EXE
-
\??\c:\ppvpv.exec:\ppvpv.exe41⤵
- Executes dropped EXE
-
\??\c:\hhttht.exec:\hhttht.exe42⤵
- Executes dropped EXE
-
\??\c:\pdvvv.exec:\pdvvv.exe43⤵
- Executes dropped EXE
-
\??\c:\xrfxfrr.exec:\xrfxfrr.exe44⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\btthbb.exec:\btthbb.exe45⤵
- Executes dropped EXE
-
\??\c:\7lrxlxr.exec:\7lrxlxr.exe46⤵
- Executes dropped EXE
-
\??\c:\btnnhh.exec:\btnnhh.exe47⤵
- Executes dropped EXE
-
\??\c:\7pvpp.exec:\7pvpp.exe48⤵
- Executes dropped EXE
-
\??\c:\xfrxrrl.exec:\xfrxrrl.exe49⤵
- Executes dropped EXE
-
\??\c:\tttnnh.exec:\tttnnh.exe50⤵
- Executes dropped EXE
-
\??\c:\5lrrlxx.exec:\5lrrlxx.exe51⤵
- Executes dropped EXE
-
\??\c:\tnbtbh.exec:\tnbtbh.exe52⤵
- Executes dropped EXE
-
\??\c:\bttbtt.exec:\bttbtt.exe53⤵
- Executes dropped EXE
-
\??\c:\vvjjd.exec:\vvjjd.exe54⤵
- Executes dropped EXE
-
\??\c:\rlrllll.exec:\rlrllll.exe55⤵
- Executes dropped EXE
-
\??\c:\tttntn.exec:\tttntn.exe56⤵
- Executes dropped EXE
-
\??\c:\5vvpj.exec:\5vvpj.exe57⤵
- Executes dropped EXE
-
\??\c:\llrlflf.exec:\llrlflf.exe58⤵
- Executes dropped EXE
-
\??\c:\bhnhbt.exec:\bhnhbt.exe59⤵
- Executes dropped EXE
-
\??\c:\jdvvp.exec:\jdvvp.exe60⤵
- Executes dropped EXE
-
\??\c:\rxlffll.exec:\rxlffll.exe61⤵
- Executes dropped EXE
-
\??\c:\lflfxrr.exec:\lflfxrr.exe62⤵
- Executes dropped EXE
-
\??\c:\3ntnnt.exec:\3ntnnt.exe63⤵
- Executes dropped EXE
-
\??\c:\1jvpv.exec:\1jvpv.exe64⤵
- Executes dropped EXE
-
\??\c:\rlxxrlf.exec:\rlxxrlf.exe65⤵
- Executes dropped EXE
-
\??\c:\nbhhhh.exec:\nbhhhh.exe66⤵
-
\??\c:\dvddv.exec:\dvddv.exe67⤵
-
\??\c:\1jdvp.exec:\1jdvp.exe68⤵
-
\??\c:\ttbttb.exec:\ttbttb.exe69⤵
-
\??\c:\jvpjj.exec:\jvpjj.exe70⤵
-
\??\c:\rflrxxx.exec:\rflrxxx.exe71⤵
-
\??\c:\nhhbhh.exec:\nhhbhh.exe72⤵
-
\??\c:\tnhhhh.exec:\tnhhhh.exe73⤵
-
\??\c:\vvdvv.exec:\vvdvv.exe74⤵
-
\??\c:\xxxrlfx.exec:\xxxrlfx.exe75⤵
-
\??\c:\1htnnt.exec:\1htnnt.exe76⤵
-
\??\c:\9vdvp.exec:\9vdvp.exe77⤵
-
\??\c:\rlxrrrl.exec:\rlxrrrl.exe78⤵
-
\??\c:\nnnttt.exec:\nnnttt.exe79⤵
-
\??\c:\jvvjd.exec:\jvvjd.exe80⤵
-
\??\c:\xrrrlll.exec:\xrrrlll.exe81⤵
-
\??\c:\lrfffxf.exec:\lrfffxf.exe82⤵
-
\??\c:\bbbttt.exec:\bbbttt.exe83⤵
-
\??\c:\vvjdv.exec:\vvjdv.exe84⤵
-
\??\c:\jvvvp.exec:\jvvvp.exe85⤵
-
\??\c:\fxxxrrf.exec:\fxxxrrf.exe86⤵
-
\??\c:\bthnhh.exec:\bthnhh.exe87⤵
-
\??\c:\5ppjp.exec:\5ppjp.exe88⤵
-
\??\c:\djppj.exec:\djppj.exe89⤵
-
\??\c:\9rxrllf.exec:\9rxrllf.exe90⤵
-
\??\c:\bnhhbb.exec:\bnhhbb.exe91⤵
-
\??\c:\jjvpp.exec:\jjvpp.exe92⤵
-
\??\c:\xrrlffx.exec:\xrrlffx.exe93⤵
-
\??\c:\nthbnn.exec:\nthbnn.exe94⤵
-
\??\c:\9bbtnb.exec:\9bbtnb.exe95⤵
-
\??\c:\pjjpp.exec:\pjjpp.exe96⤵
-
\??\c:\rrlxrff.exec:\rrlxrff.exe97⤵
-
\??\c:\bnbnhh.exec:\bnbnhh.exe98⤵
-
\??\c:\1pvvd.exec:\1pvvd.exe99⤵
-
\??\c:\xfrfxxx.exec:\xfrfxxx.exe100⤵
-
\??\c:\lxfxxrx.exec:\lxfxxrx.exe101⤵
-
\??\c:\bhbhht.exec:\bhbhht.exe102⤵
-
\??\c:\ddpjv.exec:\ddpjv.exe103⤵
-
\??\c:\xfffxxr.exec:\xfffxxr.exe104⤵
-
\??\c:\hhtbht.exec:\hhtbht.exe105⤵
-
\??\c:\jvppj.exec:\jvppj.exe106⤵
-
\??\c:\rllllll.exec:\rllllll.exe107⤵
-
\??\c:\htbbth.exec:\htbbth.exe108⤵
-
\??\c:\5btnhb.exec:\5btnhb.exe109⤵
-
\??\c:\jvdjj.exec:\jvdjj.exe110⤵
-
\??\c:\fxxrlfx.exec:\fxxrlfx.exe111⤵
-
\??\c:\tnbntt.exec:\tnbntt.exe112⤵
-
\??\c:\vpppj.exec:\vpppj.exe113⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rlllffl.exec:\rlllffl.exe114⤵
-
\??\c:\tbnhtb.exec:\tbnhtb.exe115⤵
-
\??\c:\htnhbh.exec:\htnhbh.exe116⤵
-
\??\c:\dvjvp.exec:\dvjvp.exe117⤵
-
\??\c:\rfffxxx.exec:\rfffxxx.exe118⤵
-
\??\c:\nttnnn.exec:\nttnnn.exe119⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe120⤵
-
\??\c:\1dvvv.exec:\1dvvv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-