Analysis
-
max time kernel
150s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
23-11-2024 19:23
General
-
Target
07bde9f23ecbe291e0a6ecd5b43f7fbd34088f99cad95eb6a38480537fffe2cd.exe
-
Size
454KB
-
MD5
9bdb9371d4f5c81e0ef03e158e84187a
-
SHA1
141c1d690291866191ac63c41781e05f2c9c5b8e
-
SHA256
07bde9f23ecbe291e0a6ecd5b43f7fbd34088f99cad95eb6a38480537fffe2cd
-
SHA512
0d245da98d0686a80f3b988a64b56828bf7bb164c2e6ec3ea025affa7fdeb7b148f7964eb3ab8bc77896d419bece48d37e470fc67fea749b9c0a396743c57121
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbecr:q7Tc2NYHUrAwfMp3CDm
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\07bde9f23ecbe291e0a6ecd5b43f7fbd34088f99cad95eb6a38480537fffe2cd.exe"C:\Users\Admin\AppData\Local\Temp\07bde9f23ecbe291e0a6ecd5b43f7fbd34088f99cad95eb6a38480537fffe2cd.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbtt.exec:\nhhbtt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpjv.exec:\ddpjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jjdj.exec:\1jjdj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflfxxr.exec:\rflfxxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnbnn.exec:\thnbnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjd.exec:\vppjd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvj.exec:\dvdvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpj.exec:\ppvpj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfllfff.exec:\rfllfff.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvvp.exec:\jjvvp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bnhbh.exec:\1bnhbh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdv.exec:\pjjdv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnhnn.exec:\hbnhnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrlfff.exec:\lrrlfff.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrrxx.exec:\fxlrrxx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9btnhh.exec:\9btnhh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvpp.exec:\vjvpp.exe18⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjdv.exec:\pvjdv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxffxfx.exec:\fxffxfx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvpp.exec:\dpvpp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnnnb.exec:\tbnnnb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjvp.exec:\vpjvp.exe23⤵
- Executes dropped EXE
-
\??\c:\fxfxxxx.exec:\fxfxxxx.exe24⤵
- Executes dropped EXE
-
\??\c:\pjddj.exec:\pjddj.exe25⤵
- Executes dropped EXE
-
\??\c:\lxflffr.exec:\lxflffr.exe26⤵
- Executes dropped EXE
-
\??\c:\vvjjp.exec:\vvjjp.exe27⤵
- Executes dropped EXE
-
\??\c:\rlrllrr.exec:\rlrllrr.exe28⤵
- Executes dropped EXE
-
\??\c:\rrxxxxx.exec:\rrxxxxx.exe29⤵
- Executes dropped EXE
-
\??\c:\tntttb.exec:\tntttb.exe30⤵
- Executes dropped EXE
-
\??\c:\llxfflr.exec:\llxfflr.exe31⤵
- Executes dropped EXE
-
\??\c:\pppjj.exec:\pppjj.exe32⤵
- Executes dropped EXE
-
\??\c:\hhnttb.exec:\hhnttb.exe33⤵
- Executes dropped EXE
-
\??\c:\djvdd.exec:\djvdd.exe34⤵
- Executes dropped EXE
-
\??\c:\rrllrrf.exec:\rrllrrf.exe35⤵
- Executes dropped EXE
-
\??\c:\tbbhhn.exec:\tbbhhn.exe36⤵
- Executes dropped EXE
-
\??\c:\vpjdp.exec:\vpjdp.exe37⤵
- Executes dropped EXE
-
\??\c:\xrrllff.exec:\xrrllff.exe38⤵
- Executes dropped EXE
-
\??\c:\tnbbhb.exec:\tnbbhb.exe39⤵
- Executes dropped EXE
-
\??\c:\pjvpp.exec:\pjvpp.exe40⤵
- Executes dropped EXE
-
\??\c:\xxxrxxf.exec:\xxxrxxf.exe41⤵
- Executes dropped EXE
-
\??\c:\thhhhh.exec:\thhhhh.exe42⤵
- Executes dropped EXE
-
\??\c:\ntntnt.exec:\ntntnt.exe43⤵
- Executes dropped EXE
-
\??\c:\ddvvp.exec:\ddvvp.exe44⤵
- Executes dropped EXE
-
\??\c:\lxfffll.exec:\lxfffll.exe45⤵
- Executes dropped EXE
-
\??\c:\xxffffl.exec:\xxffffl.exe46⤵
- Executes dropped EXE
-
\??\c:\nbhbbb.exec:\nbhbbb.exe47⤵
- Executes dropped EXE
-
\??\c:\3djpv.exec:\3djpv.exe48⤵
- Executes dropped EXE
-
\??\c:\xrfxxll.exec:\xrfxxll.exe49⤵
- Executes dropped EXE
-
\??\c:\nnhnbb.exec:\nnhnbb.exe50⤵
- Executes dropped EXE
-
\??\c:\vpvpj.exec:\vpvpj.exe51⤵
- Executes dropped EXE
-
\??\c:\frfrllf.exec:\frfrllf.exe52⤵
- Executes dropped EXE
-
\??\c:\bnbhtb.exec:\bnbhtb.exe53⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe54⤵
- Executes dropped EXE
-
\??\c:\lfrrxxf.exec:\lfrrxxf.exe55⤵
- Executes dropped EXE
-
\??\c:\fflllrr.exec:\fflllrr.exe56⤵
- Executes dropped EXE
-
\??\c:\tthntt.exec:\tthntt.exe57⤵
- Executes dropped EXE
-
\??\c:\dpjjp.exec:\dpjjp.exe58⤵
- Executes dropped EXE
-
\??\c:\fxfxrrl.exec:\fxfxrrl.exe59⤵
- Executes dropped EXE
-
\??\c:\hhbhnt.exec:\hhbhnt.exe60⤵
- Executes dropped EXE
-
\??\c:\jvppp.exec:\jvppp.exe61⤵
- Executes dropped EXE
-
\??\c:\djjdj.exec:\djjdj.exe62⤵
- Executes dropped EXE
-
\??\c:\rxrllrr.exec:\rxrllrr.exe63⤵
- Executes dropped EXE
-
\??\c:\tbhbhn.exec:\tbhbhn.exe64⤵
- Executes dropped EXE
-
\??\c:\pvjpj.exec:\pvjpj.exe65⤵
- Executes dropped EXE
-
\??\c:\rxrrrfr.exec:\rxrrrfr.exe66⤵
-
\??\c:\bbbbnt.exec:\bbbbnt.exe67⤵
-
\??\c:\vvppj.exec:\vvppj.exe68⤵
-
\??\c:\vddpp.exec:\vddpp.exe69⤵
-
\??\c:\fflllrr.exec:\fflllrr.exe70⤵
-
\??\c:\tnbtnt.exec:\tnbtnt.exe71⤵
-
\??\c:\bhnttb.exec:\bhnttb.exe72⤵
-
\??\c:\ddppp.exec:\ddppp.exe73⤵
-
\??\c:\llxxffl.exec:\llxxffl.exe74⤵
-
\??\c:\nnhbbh.exec:\nnhbbh.exe75⤵
-
\??\c:\dpdpp.exec:\dpdpp.exe76⤵
-
\??\c:\xrrlffx.exec:\xrrlffx.exe77⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe78⤵
-
\??\c:\xxxxxff.exec:\xxxxxff.exe79⤵
-
\??\c:\hhbhbn.exec:\hhbhbn.exe80⤵
-
\??\c:\bttnhb.exec:\bttnhb.exe81⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe82⤵
-
\??\c:\rxlfxxr.exec:\rxlfxxr.exe83⤵
-
\??\c:\fxlfrlx.exec:\fxlfrlx.exe84⤵
-
\??\c:\5bhbbb.exec:\5bhbbb.exe85⤵
-
\??\c:\5pvvd.exec:\5pvvd.exe86⤵
-
\??\c:\fxrrllf.exec:\fxrrllf.exe87⤵
-
\??\c:\hntnth.exec:\hntnth.exe88⤵
-
\??\c:\tbbttn.exec:\tbbttn.exe89⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe90⤵
-
\??\c:\rlrlffx.exec:\rlrlffx.exe91⤵
-
\??\c:\fxrlflf.exec:\fxrlflf.exe92⤵
-
\??\c:\hhtnhn.exec:\hhtnhn.exe93⤵
-
\??\c:\9jjpj.exec:\9jjpj.exe94⤵
-
\??\c:\llfxxlx.exec:\llfxxlx.exe95⤵
-
\??\c:\bbthhh.exec:\bbthhh.exe96⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe97⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe98⤵
-
\??\c:\nnnhnt.exec:\nnnhnt.exe99⤵
-
\??\c:\nbnhhh.exec:\nbnhhh.exe100⤵
-
\??\c:\frxrrrl.exec:\frxrrrl.exe101⤵
-
\??\c:\xlxrllf.exec:\xlxrllf.exe102⤵
-
\??\c:\thhbbb.exec:\thhbbb.exe103⤵
-
\??\c:\vvjjp.exec:\vvjjp.exe104⤵
-
\??\c:\3vpjp.exec:\3vpjp.exe105⤵
-
\??\c:\3lllfll.exec:\3lllfll.exe106⤵
-
\??\c:\tnhbtt.exec:\tnhbtt.exe107⤵
-
\??\c:\jvvdd.exec:\jvvdd.exe108⤵
-
\??\c:\vjvdd.exec:\vjvdd.exe109⤵
-
\??\c:\rlrrlrl.exec:\rlrrlrl.exe110⤵
-
\??\c:\9nhhbh.exec:\9nhhbh.exe111⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe112⤵
-
\??\c:\vdpjp.exec:\vdpjp.exe113⤵
-
\??\c:\jvpdv.exec:\jvpdv.exe114⤵
-
\??\c:\ddjjv.exec:\ddjjv.exe115⤵
-
\??\c:\xfrrrrl.exec:\xfrrrrl.exe116⤵
-
\??\c:\nntnnn.exec:\nntnnn.exe117⤵
-
\??\c:\ddjdv.exec:\ddjdv.exe118⤵
-
\??\c:\lfrxfrx.exec:\lfrxfrx.exe119⤵
-
\??\c:\bnnbhb.exec:\bnnbhb.exe120⤵
-
\??\c:\7vjdd.exec:\7vjdd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-