Analysis
-
max time kernel
120s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
24-11-2024 23:49
General
-
Target
642688095dc619ed5f3c8e4ca9c59ac9fadbe8ded1144d162c531865871aad02N.exe
-
Size
50KB
-
MD5
ca6728b8172836ece668a3316619d520
-
SHA1
96327c6d3592c46536c7503377438c936011e512
-
SHA256
642688095dc619ed5f3c8e4ca9c59ac9fadbe8ded1144d162c531865871aad02
-
SHA512
4c8d2ca4682425c723a070e04a691212a71e25991be7f982612ceced390ca38a0237bd806b4e2cb5d4c795a2e26df07163ad08624567e6028180c58e1a375e4f
-
SSDEEP
1536:mAocdpeVoBDulhzHMb7xNAa04Mcg5IKvlO:0cdpeeBSHHMHLf9RyIx
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\642688095dc619ed5f3c8e4ca9c59ac9fadbe8ded1144d162c531865871aad02N.exe"C:\Users\Admin\AppData\Local\Temp\642688095dc619ed5f3c8e4ca9c59ac9fadbe8ded1144d162c531865871aad02N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbnbt.exec:\nhbnbt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbthtn.exec:\nbthtn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvv.exec:\jddvv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjvj.exec:\dvjvj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlxlfr.exec:\xrlxlfr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbnbb.exec:\nbbnbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdpv.exec:\vjdpv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ddpj.exec:\5ddpj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfflrxf.exec:\rfflrxf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bthtt.exec:\7bthtt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppvv.exec:\jppvv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxlxlx.exec:\frxlxlx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxrlf.exec:\lfxxrlf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bbbnb.exec:\7bbbnb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpj.exec:\jvvpj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfflxxr.exec:\lfflxxr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fxrlfx.exec:\1fxrlfx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tnnbt.exec:\5tnnbt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfxfxr.exec:\llfxfxr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnhh.exec:\bntnhh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnbnb.exec:\nnnbnb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpdp.exec:\vvpdp.exe23⤵
- Executes dropped EXE
-
\??\c:\xffxlxf.exec:\xffxlxf.exe24⤵
- Executes dropped EXE
-
\??\c:\3bthbn.exec:\3bthbn.exe25⤵
- Executes dropped EXE
-
\??\c:\vpvpp.exec:\vpvpp.exe26⤵
- Executes dropped EXE
-
\??\c:\pjjvd.exec:\pjjvd.exe27⤵
- Executes dropped EXE
-
\??\c:\9llfrlf.exec:\9llfrlf.exe28⤵
- Executes dropped EXE
-
\??\c:\7bttnn.exec:\7bttnn.exe29⤵
- Executes dropped EXE
-
\??\c:\tttntn.exec:\tttntn.exe30⤵
- Executes dropped EXE
-
\??\c:\vvpvd.exec:\vvpvd.exe31⤵
- Executes dropped EXE
-
\??\c:\rllfflf.exec:\rllfflf.exe32⤵
- Executes dropped EXE
-
\??\c:\9tbhbh.exec:\9tbhbh.exe33⤵
- Executes dropped EXE
-
\??\c:\bhbbnn.exec:\bhbbnn.exe34⤵
- Executes dropped EXE
-
\??\c:\ppjpj.exec:\ppjpj.exe35⤵
- Executes dropped EXE
-
\??\c:\rfxxfxx.exec:\rfxxfxx.exe36⤵
- Executes dropped EXE
-
\??\c:\hthhbn.exec:\hthhbn.exe37⤵
- Executes dropped EXE
-
\??\c:\bttnhb.exec:\bttnhb.exe38⤵
- Executes dropped EXE
-
\??\c:\9vpdp.exec:\9vpdp.exe39⤵
- Executes dropped EXE
-
\??\c:\fllxffl.exec:\fllxffl.exe40⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\nhbnhb.exec:\nhbnhb.exe41⤵
- Executes dropped EXE
-
\??\c:\3nhbhb.exec:\3nhbhb.exe42⤵
- Executes dropped EXE
-
\??\c:\3jpjv.exec:\3jpjv.exe43⤵
- Executes dropped EXE
-
\??\c:\rrlxlff.exec:\rrlxlff.exe44⤵
- Executes dropped EXE
-
\??\c:\lxrfrlf.exec:\lxrfrlf.exe45⤵
- Executes dropped EXE
-
\??\c:\bbbtnt.exec:\bbbtnt.exe46⤵
- Executes dropped EXE
-
\??\c:\tbnbnb.exec:\tbnbnb.exe47⤵
- Executes dropped EXE
-
\??\c:\ppdpj.exec:\ppdpj.exe48⤵
- Executes dropped EXE
-
\??\c:\dpdpd.exec:\dpdpd.exe49⤵
- Executes dropped EXE
-
\??\c:\1lflxlr.exec:\1lflxlr.exe50⤵
- Executes dropped EXE
-
\??\c:\1nhbtn.exec:\1nhbtn.exe51⤵
- Executes dropped EXE
-
\??\c:\hhhhht.exec:\hhhhht.exe52⤵
- Executes dropped EXE
-
\??\c:\9pjdj.exec:\9pjdj.exe53⤵
- Executes dropped EXE
-
\??\c:\ddppj.exec:\ddppj.exe54⤵
- Executes dropped EXE
-
\??\c:\5rrfxxx.exec:\5rrfxxx.exe55⤵
- Executes dropped EXE
-
\??\c:\llfxrrr.exec:\llfxrrr.exe56⤵
- Executes dropped EXE
-
\??\c:\3nbnbt.exec:\3nbnbt.exe57⤵
- Executes dropped EXE
-
\??\c:\btnbtb.exec:\btnbtb.exe58⤵
- Executes dropped EXE
-
\??\c:\1dvdv.exec:\1dvdv.exe59⤵
- Executes dropped EXE
-
\??\c:\rlfxxrr.exec:\rlfxxrr.exe60⤵
- Executes dropped EXE
-
\??\c:\flfrfxl.exec:\flfrfxl.exe61⤵
- Executes dropped EXE
-
\??\c:\hbnbtn.exec:\hbnbtn.exe62⤵
- Executes dropped EXE
-
\??\c:\thnbtn.exec:\thnbtn.exe63⤵
- Executes dropped EXE
-
\??\c:\ddjdv.exec:\ddjdv.exe64⤵
- Executes dropped EXE
-
\??\c:\jvdpv.exec:\jvdpv.exe65⤵
- Executes dropped EXE
-
\??\c:\lrrrfxr.exec:\lrrrfxr.exe66⤵
-
\??\c:\thhthb.exec:\thhthb.exe67⤵
-
\??\c:\nbhthh.exec:\nbhthh.exe68⤵
-
\??\c:\pdvpd.exec:\pdvpd.exe69⤵
-
\??\c:\3lllxlf.exec:\3lllxlf.exe70⤵
-
\??\c:\lfxrlfr.exec:\lfxrlfr.exe71⤵
-
\??\c:\ttbtbb.exec:\ttbtbb.exe72⤵
-
\??\c:\7dvpp.exec:\7dvpp.exe73⤵
-
\??\c:\9dpvj.exec:\9dpvj.exe74⤵
-
\??\c:\llllfxl.exec:\llllfxl.exe75⤵
-
\??\c:\rlrfffl.exec:\rlrfffl.exe76⤵
-
\??\c:\tnhthb.exec:\tnhthb.exe77⤵
-
\??\c:\thbtnh.exec:\thbtnh.exe78⤵
-
\??\c:\7jpjd.exec:\7jpjd.exe79⤵
-
\??\c:\pjppj.exec:\pjppj.exe80⤵
-
\??\c:\xrllllr.exec:\xrllllr.exe81⤵
-
\??\c:\fflrlrl.exec:\fflrlrl.exe82⤵
-
\??\c:\nbhhnn.exec:\nbhhnn.exe83⤵
-
\??\c:\vddvv.exec:\vddvv.exe84⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe85⤵
-
\??\c:\xxrxlff.exec:\xxrxlff.exe86⤵
-
\??\c:\5rxfxff.exec:\5rxfxff.exe87⤵
-
\??\c:\btnnnt.exec:\btnnnt.exe88⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe89⤵
-
\??\c:\frrrlrr.exec:\frrrlrr.exe90⤵
-
\??\c:\rlllfrl.exec:\rlllfrl.exe91⤵
-
\??\c:\bthbtn.exec:\bthbtn.exe92⤵
- System Location Discovery: System Language Discovery
-
\??\c:\nhthhb.exec:\nhthhb.exe93⤵
-
\??\c:\vvdvd.exec:\vvdvd.exe94⤵
-
\??\c:\9vvpd.exec:\9vvpd.exe95⤵
-
\??\c:\ffxfffl.exec:\ffxfffl.exe96⤵
-
\??\c:\lllllfx.exec:\lllllfx.exe97⤵
-
\??\c:\btbtnh.exec:\btbtnh.exe98⤵
-
\??\c:\1ththb.exec:\1ththb.exe99⤵
-
\??\c:\vddvp.exec:\vddvp.exe100⤵
-
\??\c:\lxxrxfr.exec:\lxxrxfr.exe101⤵
-
\??\c:\lfrxlff.exec:\lfrxlff.exe102⤵
-
\??\c:\9tthtt.exec:\9tthtt.exe103⤵
-
\??\c:\ttbthb.exec:\ttbthb.exe104⤵
-
\??\c:\9vdvp.exec:\9vdvp.exe105⤵
-
\??\c:\9xfxfrl.exec:\9xfxfrl.exe106⤵
-
\??\c:\5nhbht.exec:\5nhbht.exe107⤵
-
\??\c:\nbbhtn.exec:\nbbhtn.exe108⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe109⤵
-
\??\c:\3vdjj.exec:\3vdjj.exe110⤵
-
\??\c:\rxxrfrf.exec:\rxxrfrf.exe111⤵
-
\??\c:\3tnbtt.exec:\3tnbtt.exe112⤵
-
\??\c:\tbtnbn.exec:\tbtnbn.exe113⤵
-
\??\c:\djpjd.exec:\djpjd.exe114⤵
-
\??\c:\fxrflxf.exec:\fxrflxf.exe115⤵
-
\??\c:\3rlfxrl.exec:\3rlfxrl.exe116⤵
-
\??\c:\btnbnh.exec:\btnbnh.exe117⤵
-
\??\c:\nnnhnh.exec:\nnnhnh.exe118⤵
-
\??\c:\jdppv.exec:\jdppv.exe119⤵
-
\??\c:\frfxlff.exec:\frfxlff.exe120⤵
-
\??\c:\lfxllll.exec:\lfxllll.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-