Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
24/11/2024, 04:59
General
-
Target
f387a1ef45a32c9ce8f728693013ad994880608c37892e31df7c0adf1baeb9f0.exe
-
Size
50KB
-
MD5
0af5ec3b33e368af1423d7710f906619
-
SHA1
6d93e61d8e562f4b8ed97027a978c869a03d7d38
-
SHA256
f387a1ef45a32c9ce8f728693013ad994880608c37892e31df7c0adf1baeb9f0
-
SHA512
d56053c70cfff01344d9de289389ac387171dcf382a63342c280ac72cb47ce13e1e0196fac8df4662fa58855a187383e2eeedaddbb908a65255b25e5998cf5b7
-
SSDEEP
1536:mAocdpeVoBDulhzHMb7xNAa04Mcg5IKvlbD:0cdpeeBSHHMHLf9RyIc
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f387a1ef45a32c9ce8f728693013ad994880608c37892e31df7c0adf1baeb9f0.exe"C:\Users\Admin\AppData\Local\Temp\f387a1ef45a32c9ce8f728693013ad994880608c37892e31df7c0adf1baeb9f0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\68608.exec:\68608.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbnb.exec:\tnhbnb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pdpv.exec:\1pdpv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xxrfxr.exec:\3xxrfxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u066482.exec:\u066482.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0666600.exec:\0666600.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffffxxx.exec:\ffffxxx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\66428.exec:\66428.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llffrrf.exec:\llffrrf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\82422.exec:\82422.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\028400.exec:\028400.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhhbb.exec:\bhhhbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\66044.exec:\66044.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjjv.exec:\jvjjv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrfxxf.exec:\lxrfxxf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhhh.exec:\tnnhhh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnttb.exec:\bhnttb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\028828.exec:\028828.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lxfxlr.exec:\7lxfxlr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6888882.exec:\6888882.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\48044.exec:\48044.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvp.exec:\jddvp.exe23⤵
- Executes dropped EXE
-
\??\c:\ttbhht.exec:\ttbhht.exe24⤵
- Executes dropped EXE
-
\??\c:\40688.exec:\40688.exe25⤵
- Executes dropped EXE
-
\??\c:\vpppd.exec:\vpppd.exe26⤵
- Executes dropped EXE
-
\??\c:\w08204.exec:\w08204.exe27⤵
- Executes dropped EXE
-
\??\c:\lrrfrlx.exec:\lrrfrlx.exe28⤵
- Executes dropped EXE
-
\??\c:\4062004.exec:\4062004.exe29⤵
- Executes dropped EXE
-
\??\c:\0064400.exec:\0064400.exe30⤵
- Executes dropped EXE
-
\??\c:\602468.exec:\602468.exe31⤵
- Executes dropped EXE
-
\??\c:\1dvpj.exec:\1dvpj.exe32⤵
- Executes dropped EXE
-
\??\c:\48068.exec:\48068.exe33⤵
- Executes dropped EXE
-
\??\c:\882604.exec:\882604.exe34⤵
- Executes dropped EXE
-
\??\c:\66664.exec:\66664.exe35⤵
- Executes dropped EXE
-
\??\c:\bnnhhb.exec:\bnnhhb.exe36⤵
- Executes dropped EXE
-
\??\c:\nnnthb.exec:\nnnthb.exe37⤵
- Executes dropped EXE
-
\??\c:\08040.exec:\08040.exe38⤵
- Executes dropped EXE
-
\??\c:\lrxrlxr.exec:\lrxrlxr.exe39⤵
- Executes dropped EXE
-
\??\c:\22264.exec:\22264.exe40⤵
- Executes dropped EXE
-
\??\c:\vppdp.exec:\vppdp.exe41⤵
- Executes dropped EXE
-
\??\c:\dvpdv.exec:\dvpdv.exe42⤵
- Executes dropped EXE
-
\??\c:\a6240.exec:\a6240.exe43⤵
- Executes dropped EXE
-
\??\c:\62288.exec:\62288.exe44⤵
- Executes dropped EXE
-
\??\c:\pjjjj.exec:\pjjjj.exe45⤵
- Executes dropped EXE
-
\??\c:\nhnnnn.exec:\nhnnnn.exe46⤵
- Executes dropped EXE
-
\??\c:\1fxrllx.exec:\1fxrllx.exe47⤵
- Executes dropped EXE
-
\??\c:\488600.exec:\488600.exe48⤵
- Executes dropped EXE
-
\??\c:\jjpdv.exec:\jjpdv.exe49⤵
-
\??\c:\vdddd.exec:\vdddd.exe50⤵
- Executes dropped EXE
-
\??\c:\624444.exec:\624444.exe51⤵
- Executes dropped EXE
-
\??\c:\djjjv.exec:\djjjv.exe52⤵
- Executes dropped EXE
-
\??\c:\dddvp.exec:\dddvp.exe53⤵
- Executes dropped EXE
-
\??\c:\dpvdd.exec:\dpvdd.exe54⤵
- Executes dropped EXE
-
\??\c:\9jjdv.exec:\9jjdv.exe55⤵
- Executes dropped EXE
-
\??\c:\i028468.exec:\i028468.exe56⤵
- Executes dropped EXE
-
\??\c:\bhbhbh.exec:\bhbhbh.exe57⤵
- Executes dropped EXE
-
\??\c:\nnnnnh.exec:\nnnnnh.exe58⤵
- Executes dropped EXE
-
\??\c:\644266.exec:\644266.exe59⤵
- Executes dropped EXE
-
\??\c:\844820.exec:\844820.exe60⤵
- Executes dropped EXE
-
\??\c:\ttbnhb.exec:\ttbnhb.exe61⤵
- Executes dropped EXE
-
\??\c:\htnnnb.exec:\htnnnb.exe62⤵
- Executes dropped EXE
-
\??\c:\824624.exec:\824624.exe63⤵
- Executes dropped EXE
-
\??\c:\048206.exec:\048206.exe64⤵
- Executes dropped EXE
-
\??\c:\nhtnnt.exec:\nhtnnt.exe65⤵
- Executes dropped EXE
-
\??\c:\hhnnhh.exec:\hhnnhh.exe66⤵
- Executes dropped EXE
-
\??\c:\6022880.exec:\6022880.exe67⤵
-
\??\c:\2882260.exec:\2882260.exe68⤵
-
\??\c:\hhbtth.exec:\hhbtth.exe69⤵
-
\??\c:\2040684.exec:\2040684.exe70⤵
-
\??\c:\628822.exec:\628822.exe71⤵
-
\??\c:\26840.exec:\26840.exe72⤵
-
\??\c:\jjdvj.exec:\jjdvj.exe73⤵
-
\??\c:\42866.exec:\42866.exe74⤵
-
\??\c:\c682666.exec:\c682666.exe75⤵
-
\??\c:\bhbbtt.exec:\bhbbtt.exe76⤵
-
\??\c:\lffxrrl.exec:\lffxrrl.exe77⤵
-
\??\c:\jjvvd.exec:\jjvvd.exe78⤵
-
\??\c:\ddjdp.exec:\ddjdp.exe79⤵
-
\??\c:\a4424.exec:\a4424.exe80⤵
-
\??\c:\jvdjp.exec:\jvdjp.exe81⤵
-
\??\c:\tbhnnt.exec:\tbhnnt.exe82⤵
-
\??\c:\k84848.exec:\k84848.exe83⤵
-
\??\c:\ttthtn.exec:\ttthtn.exe84⤵
-
\??\c:\26604.exec:\26604.exe85⤵
-
\??\c:\a8486.exec:\a8486.exe86⤵
-
\??\c:\ppvdd.exec:\ppvdd.exe87⤵
-
\??\c:\lffffrl.exec:\lffffrl.exe88⤵
-
\??\c:\flllfxr.exec:\flllfxr.exe89⤵
-
\??\c:\44060.exec:\44060.exe90⤵
-
\??\c:\bbtnbh.exec:\bbtnbh.exe91⤵
-
\??\c:\0620482.exec:\0620482.exe92⤵
-
\??\c:\20608.exec:\20608.exe93⤵
-
\??\c:\1hnhnn.exec:\1hnhnn.exe94⤵
-
\??\c:\vvjjj.exec:\vvjjj.exe95⤵
-
\??\c:\9lllxfx.exec:\9lllxfx.exe96⤵
-
\??\c:\dvddv.exec:\dvddv.exe97⤵
-
\??\c:\o688888.exec:\o688888.exe98⤵
-
\??\c:\2428488.exec:\2428488.exe99⤵
-
\??\c:\w06040.exec:\w06040.exe100⤵
-
\??\c:\s0882.exec:\s0882.exe101⤵
-
\??\c:\8806684.exec:\8806684.exe102⤵
-
\??\c:\lxflflf.exec:\lxflflf.exe103⤵
-
\??\c:\vjvdd.exec:\vjvdd.exe104⤵
-
\??\c:\8866880.exec:\8866880.exe105⤵
-
\??\c:\hnbbbh.exec:\hnbbbh.exe106⤵
-
\??\c:\440662.exec:\440662.exe107⤵
-
\??\c:\4422046.exec:\4422046.exe108⤵
-
\??\c:\6464446.exec:\6464446.exe109⤵
-
\??\c:\24604.exec:\24604.exe110⤵
-
\??\c:\tnbbbh.exec:\tnbbbh.exe111⤵
-
\??\c:\62000.exec:\62000.exe112⤵
-
\??\c:\m6886.exec:\m6886.exe113⤵
-
\??\c:\7nnnnh.exec:\7nnnnh.exe114⤵
-
\??\c:\284440.exec:\284440.exe115⤵
-
\??\c:\a2420.exec:\a2420.exe116⤵
-
\??\c:\hhtbht.exec:\hhtbht.exe117⤵
-
\??\c:\80666.exec:\80666.exe118⤵
-
\??\c:\w28888.exec:\w28888.exe119⤵
-
\??\c:\022226.exec:\022226.exe120⤵
-
\??\c:\4286048.exec:\4286048.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-