Analysis
-
max time kernel
150s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
23-11-2024 20:23
General
-
Target
20f7d72feb99d42814edcd10e400466a161bd0b86f90763360820a90b7582282.exe
-
Size
50KB
-
MD5
d66d1f39e03f980574c1cb69994925b7
-
SHA1
5622eadb2e97405ce00cbb01b934035b28b6adc2
-
SHA256
20f7d72feb99d42814edcd10e400466a161bd0b86f90763360820a90b7582282
-
SHA512
b92a50c8e9dabc49afbe888706c1185f5c581cf8fb3ae6de72e0215e3bdedab46e11e5f37312d2c2a0b8210f4f088b65ecee29b61f524bb918b6da5530242970
-
SSDEEP
1536:mAocdpeVoBDulhzHMb7xNAa04Mcg5IKvl2:0cdpeeBSHHMHLf9RyIN
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\20f7d72feb99d42814edcd10e400466a161bd0b86f90763360820a90b7582282.exe"C:\Users\Admin\AppData\Local\Temp\20f7d72feb99d42814edcd10e400466a161bd0b86f90763360820a90b7582282.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjd.exec:\jdjjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxxxx.exec:\xrxxxxx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hhbbb.exec:\5hhbbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nnhhh.exec:\3nnhhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpp.exec:\dvvpp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxxrxr.exec:\ffxxrxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lxrxll.exec:\9lxrxll.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnhhb.exec:\hnnhhb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjd.exec:\vppjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxflffx.exec:\fxflffx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bttnt.exec:\5bttnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hnntt.exec:\9hnntt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jpvv.exec:\7jpvv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrllfff.exec:\rrllfff.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrllf.exec:\rrrrllf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbthn.exec:\ttbthn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvvv.exec:\ppvvv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppppp.exec:\ppppp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxxxrr.exec:\ffxxxrr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhbh.exec:\hbhhbh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddjv.exec:\pddjv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflxrll.exec:\fflxrll.exe23⤵
- Executes dropped EXE
-
\??\c:\lxllllf.exec:\lxllllf.exe24⤵
- Executes dropped EXE
-
\??\c:\ntnbbh.exec:\ntnbbh.exe25⤵
- Executes dropped EXE
-
\??\c:\pjpvp.exec:\pjpvp.exe26⤵
- Executes dropped EXE
-
\??\c:\7xllfll.exec:\7xllfll.exe27⤵
- Executes dropped EXE
-
\??\c:\rxrrrxr.exec:\rxrrrxr.exe28⤵
- Executes dropped EXE
-
\??\c:\7ttnnn.exec:\7ttnnn.exe29⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\hbhhhh.exec:\hbhhhh.exe30⤵
- Executes dropped EXE
-
\??\c:\pvdjd.exec:\pvdjd.exe31⤵
- Executes dropped EXE
-
\??\c:\jjpvd.exec:\jjpvd.exe32⤵
- Executes dropped EXE
-
\??\c:\9lrrrrr.exec:\9lrrrrr.exe33⤵
- Executes dropped EXE
-
\??\c:\rxffxlf.exec:\rxffxlf.exe34⤵
- Executes dropped EXE
-
\??\c:\3ttttt.exec:\3ttttt.exe35⤵
- Executes dropped EXE
-
\??\c:\9nhnhh.exec:\9nhnhh.exe36⤵
- Executes dropped EXE
-
\??\c:\1djdp.exec:\1djdp.exe37⤵
- Executes dropped EXE
-
\??\c:\ppvdp.exec:\ppvdp.exe38⤵
- Executes dropped EXE
-
\??\c:\3flffff.exec:\3flffff.exe39⤵
- Executes dropped EXE
-
\??\c:\hnttnn.exec:\hnttnn.exe40⤵
- Executes dropped EXE
-
\??\c:\tbnhtt.exec:\tbnhtt.exe41⤵
- Executes dropped EXE
-
\??\c:\ddpdd.exec:\ddpdd.exe42⤵
- Executes dropped EXE
-
\??\c:\1djpp.exec:\1djpp.exe43⤵
- Executes dropped EXE
-
\??\c:\llrrrxl.exec:\llrrrxl.exe44⤵
- Executes dropped EXE
-
\??\c:\fxrllrr.exec:\fxrllrr.exe45⤵
- Executes dropped EXE
-
\??\c:\thnhhh.exec:\thnhhh.exe46⤵
- Executes dropped EXE
-
\??\c:\tbbbbb.exec:\tbbbbb.exe47⤵
- Executes dropped EXE
-
\??\c:\jvvvv.exec:\jvvvv.exe48⤵
- Executes dropped EXE
-
\??\c:\llrxxll.exec:\llrxxll.exe49⤵
- Executes dropped EXE
-
\??\c:\hbttnb.exec:\hbttnb.exe50⤵
- Executes dropped EXE
-
\??\c:\jjjjj.exec:\jjjjj.exe51⤵
- Executes dropped EXE
-
\??\c:\ddjjd.exec:\ddjjd.exe52⤵
- Executes dropped EXE
-
\??\c:\rfrrlrl.exec:\rfrrlrl.exe53⤵
- Executes dropped EXE
-
\??\c:\xxlrllf.exec:\xxlrllf.exe54⤵
- Executes dropped EXE
-
\??\c:\hhhtnn.exec:\hhhtnn.exe55⤵
- Executes dropped EXE
-
\??\c:\vpvpd.exec:\vpvpd.exe56⤵
- Executes dropped EXE
-
\??\c:\djjvp.exec:\djjvp.exe57⤵
- Executes dropped EXE
-
\??\c:\9rrfflf.exec:\9rrfflf.exe58⤵
- Executes dropped EXE
-
\??\c:\nnhbnn.exec:\nnhbnn.exe59⤵
- Executes dropped EXE
-
\??\c:\nbttth.exec:\nbttth.exe60⤵
- Executes dropped EXE
-
\??\c:\5pvvp.exec:\5pvvp.exe61⤵
- Executes dropped EXE
-
\??\c:\pvvpj.exec:\pvvpj.exe62⤵
- Executes dropped EXE
-
\??\c:\fxxrfxr.exec:\fxxrfxr.exe63⤵
- Executes dropped EXE
-
\??\c:\hnttnh.exec:\hnttnh.exe64⤵
- Executes dropped EXE
-
\??\c:\jpjvp.exec:\jpjvp.exe65⤵
- Executes dropped EXE
-
\??\c:\3pvvp.exec:\3pvvp.exe66⤵
-
\??\c:\fxlflxr.exec:\fxlflxr.exe67⤵
-
\??\c:\nhhhhh.exec:\nhhhhh.exe68⤵
-
\??\c:\1vvvp.exec:\1vvvp.exe69⤵
-
\??\c:\3rxrlfx.exec:\3rxrlfx.exe70⤵
-
\??\c:\rrrrlll.exec:\rrrrlll.exe71⤵
-
\??\c:\7tbbhh.exec:\7tbbhh.exe72⤵
-
\??\c:\9jjdv.exec:\9jjdv.exe73⤵
-
\??\c:\ffxrllx.exec:\ffxrllx.exe74⤵
-
\??\c:\5lrrllx.exec:\5lrrllx.exe75⤵
-
\??\c:\9nhbbt.exec:\9nhbbt.exe76⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe77⤵
-
\??\c:\pdddv.exec:\pdddv.exe78⤵
-
\??\c:\lfxfxxx.exec:\lfxfxxx.exe79⤵
-
\??\c:\tnnnhn.exec:\tnnnhn.exe80⤵
-
\??\c:\jjddd.exec:\jjddd.exe81⤵
-
\??\c:\3ffxrlf.exec:\3ffxrlf.exe82⤵
-
\??\c:\hbbnnn.exec:\hbbnnn.exe83⤵
-
\??\c:\djdvp.exec:\djdvp.exe84⤵
-
\??\c:\pddjj.exec:\pddjj.exe85⤵
-
\??\c:\5fffxxx.exec:\5fffxxx.exe86⤵
-
\??\c:\3rxrlfx.exec:\3rxrlfx.exe87⤵
-
\??\c:\9httnh.exec:\9httnh.exe88⤵
-
\??\c:\thhbbb.exec:\thhbbb.exe89⤵
-
\??\c:\ddppp.exec:\ddppp.exe90⤵
-
\??\c:\ffxrrrl.exec:\ffxrrrl.exe91⤵
-
\??\c:\rxrfrfr.exec:\rxrfrfr.exe92⤵
-
\??\c:\bbbbtt.exec:\bbbbtt.exe93⤵
-
\??\c:\dpvjd.exec:\dpvjd.exe94⤵
-
\??\c:\1jjdd.exec:\1jjdd.exe95⤵
-
\??\c:\3xfrxxr.exec:\3xfrxxr.exe96⤵
-
\??\c:\5rxlffx.exec:\5rxlffx.exe97⤵
-
\??\c:\tnhbbb.exec:\tnhbbb.exe98⤵
-
\??\c:\vjjjv.exec:\vjjjv.exe99⤵
-
\??\c:\vdvvp.exec:\vdvvp.exe100⤵
-
\??\c:\rxrrllf.exec:\rxrrllf.exe101⤵
-
\??\c:\bnttbb.exec:\bnttbb.exe102⤵
-
\??\c:\btbthh.exec:\btbthh.exe103⤵
-
\??\c:\7ddvd.exec:\7ddvd.exe104⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe105⤵
-
\??\c:\1vpjd.exec:\1vpjd.exe106⤵
-
\??\c:\fllrlll.exec:\fllrlll.exe107⤵
-
\??\c:\5bhhhn.exec:\5bhhhn.exe108⤵
-
\??\c:\pvjdv.exec:\pvjdv.exe109⤵
-
\??\c:\1dvpj.exec:\1dvpj.exe110⤵
-
\??\c:\ffffxrx.exec:\ffffxrx.exe111⤵
-
\??\c:\nnthtt.exec:\nnthtt.exe112⤵
-
\??\c:\hhhbtt.exec:\hhhbtt.exe113⤵
-
\??\c:\5lfxxrr.exec:\5lfxxrr.exe114⤵
-
\??\c:\ttnnnn.exec:\ttnnnn.exe115⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe116⤵
-
\??\c:\rlllffx.exec:\rlllffx.exe117⤵
-
\??\c:\bnnbbn.exec:\bnnbbn.exe118⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe119⤵
-
\??\c:\rfxllll.exec:\rfxllll.exe120⤵
-
\??\c:\tnbhbh.exec:\tnbhbh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-