Analysis
-
max time kernel
150s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
24-11-2024 09:12
General
-
Target
73c4963606d4e9d3dcff1cd55d0e7aa19582a623dfe47edb403493ace7250e72.exe
-
Size
87KB
-
MD5
4b7f3720bb32bfbb1914aafd7419cdf0
-
SHA1
c0f28c08f8201d51e2ef53c04586785589249a79
-
SHA256
73c4963606d4e9d3dcff1cd55d0e7aa19582a623dfe47edb403493ace7250e72
-
SHA512
01bfe54325acad87ed8a78f1ab2d1bd62adbc4c38d1ceb179be9e060f1e057b474068ae0d101f9c85b8e0d12fd58fdaad8db7b9257c137bcf24b321e4429f1eb
-
SSDEEP
1536:xvQBeOGtrYS3srx93UBWfwC6Ggnouy82F13w1rCJtzGeKuO+mqizpPubYDEzfY:xhOmTsF93UYfwC6GIout03LzuuOlzpPf
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\73c4963606d4e9d3dcff1cd55d0e7aa19582a623dfe47edb403493ace7250e72.exe"C:\Users\Admin\AppData\Local\Temp\73c4963606d4e9d3dcff1cd55d0e7aa19582a623dfe47edb403493ace7250e72.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxfrfr.exec:\xlxfrfr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bhbbb.exec:\7bhbbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddd.exec:\jdddd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrlffr.exec:\rrrlffr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbhnn.exec:\ntbhnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhhhh.exec:\thhhhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lrllxx.exec:\5lrllxx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnhhh.exec:\tbnhhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvdj.exec:\vvvdj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rrxrrr.exec:\3rrxrrr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbnb.exec:\tnhbnb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvv.exec:\jddvv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxlffr.exec:\xxxlffr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfxxr.exec:\xllfxxr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnnhn.exec:\nhnnhn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvvp.exec:\jpvvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xxfxlf.exec:\7xxfxlf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdvv.exec:\pvdvv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5btnnn.exec:\5btnnn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhbn.exec:\bnnhbn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxflfrr.exec:\fxflfrr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlfxrl.exec:\rrlfxrl.exe23⤵
- Executes dropped EXE
-
\??\c:\httnhh.exec:\httnhh.exe24⤵
- Executes dropped EXE
-
\??\c:\dpddj.exec:\dpddj.exe25⤵
- Executes dropped EXE
-
\??\c:\1djjv.exec:\1djjv.exe26⤵
- Executes dropped EXE
-
\??\c:\rlrrflf.exec:\rlrrflf.exe27⤵
- Executes dropped EXE
-
\??\c:\nhttnn.exec:\nhttnn.exe28⤵
- Executes dropped EXE
-
\??\c:\jjpdd.exec:\jjpdd.exe29⤵
- Executes dropped EXE
-
\??\c:\ffrlxfr.exec:\ffrlxfr.exe30⤵
- Executes dropped EXE
-
\??\c:\bttbbh.exec:\bttbbh.exe31⤵
- Executes dropped EXE
-
\??\c:\1djdd.exec:\1djdd.exe32⤵
- Executes dropped EXE
-
\??\c:\7frrrrf.exec:\7frrrrf.exe33⤵
- Executes dropped EXE
-
\??\c:\nhbhtn.exec:\nhbhtn.exe34⤵
- Executes dropped EXE
-
\??\c:\3ppjp.exec:\3ppjp.exe35⤵
- Executes dropped EXE
-
\??\c:\llfrrxx.exec:\llfrrxx.exe36⤵
- Executes dropped EXE
-
\??\c:\tnhttb.exec:\tnhttb.exe37⤵
- Executes dropped EXE
-
\??\c:\jdpjp.exec:\jdpjp.exe38⤵
- Executes dropped EXE
-
\??\c:\jdjjd.exec:\jdjjd.exe39⤵
- Executes dropped EXE
-
\??\c:\xrrllll.exec:\xrrllll.exe40⤵
- Executes dropped EXE
-
\??\c:\bbnhbh.exec:\bbnhbh.exe41⤵
- Executes dropped EXE
-
\??\c:\jjdpj.exec:\jjdpj.exe42⤵
- Executes dropped EXE
-
\??\c:\frlrlll.exec:\frlrlll.exe43⤵
- Executes dropped EXE
-
\??\c:\nntttn.exec:\nntttn.exe44⤵
- Executes dropped EXE
-
\??\c:\1jvdv.exec:\1jvdv.exe45⤵
- Executes dropped EXE
-
\??\c:\xxrxxrx.exec:\xxrxxrx.exe46⤵
- Executes dropped EXE
-
\??\c:\5thbnn.exec:\5thbnn.exe47⤵
- Executes dropped EXE
-
\??\c:\vpdvp.exec:\vpdvp.exe48⤵
- Executes dropped EXE
-
\??\c:\xfxxrxx.exec:\xfxxrxx.exe49⤵
- Executes dropped EXE
-
\??\c:\hbbnnh.exec:\hbbnnh.exe50⤵
- Executes dropped EXE
-
\??\c:\vjvpd.exec:\vjvpd.exe51⤵
- Executes dropped EXE
-
\??\c:\ffrrffr.exec:\ffrrffr.exe52⤵
-
\??\c:\xxxxrrl.exec:\xxxxrrl.exe53⤵
- Executes dropped EXE
-
\??\c:\thntnt.exec:\thntnt.exe54⤵
- Executes dropped EXE
-
\??\c:\lffxrrr.exec:\lffxrrr.exe55⤵
- Executes dropped EXE
-
\??\c:\ntbnhh.exec:\ntbnhh.exe56⤵
- Executes dropped EXE
-
\??\c:\jdjpv.exec:\jdjpv.exe57⤵
- Executes dropped EXE
-
\??\c:\nbtbnb.exec:\nbtbnb.exe58⤵
- Executes dropped EXE
-
\??\c:\pjjjd.exec:\pjjjd.exe59⤵
- Executes dropped EXE
-
\??\c:\xrxrlrl.exec:\xrxrlrl.exe60⤵
- Executes dropped EXE
-
\??\c:\rxxlxrr.exec:\rxxlxrr.exe61⤵
- Executes dropped EXE
-
\??\c:\nhbbnn.exec:\nhbbnn.exe62⤵
- Executes dropped EXE
-
\??\c:\hnbtbt.exec:\hnbtbt.exe63⤵
- Executes dropped EXE
-
\??\c:\pvppj.exec:\pvppj.exe64⤵
- Executes dropped EXE
-
\??\c:\xrffflf.exec:\xrffflf.exe65⤵
- Executes dropped EXE
-
\??\c:\hnnnnn.exec:\hnnnnn.exe66⤵
- Executes dropped EXE
-
\??\c:\7vjpv.exec:\7vjpv.exe67⤵
-
\??\c:\rlxxrxf.exec:\rlxxrxf.exe68⤵
-
\??\c:\llrxrfl.exec:\llrxrfl.exe69⤵
-
\??\c:\nhtnhh.exec:\nhtnhh.exe70⤵
-
\??\c:\djjdd.exec:\djjdd.exe71⤵
-
\??\c:\xfllfxx.exec:\xfllfxx.exe72⤵
-
\??\c:\ttthbb.exec:\ttthbb.exe73⤵
-
\??\c:\dpdvp.exec:\dpdvp.exe74⤵
-
\??\c:\ppvvj.exec:\ppvvj.exe75⤵
-
\??\c:\llffllf.exec:\llffllf.exe76⤵
-
\??\c:\3bhnnt.exec:\3bhnnt.exe77⤵
-
\??\c:\tbnnnb.exec:\tbnnnb.exe78⤵
-
\??\c:\vvppd.exec:\vvppd.exe79⤵
-
\??\c:\lrffxfl.exec:\lrffxfl.exe80⤵
-
\??\c:\frxxxxx.exec:\frxxxxx.exe81⤵
-
\??\c:\1tbbnt.exec:\1tbbnt.exe82⤵
-
\??\c:\djdvd.exec:\djdvd.exe83⤵
-
\??\c:\5rflfrr.exec:\5rflfrr.exe84⤵
-
\??\c:\bbtnbb.exec:\bbtnbb.exe85⤵
-
\??\c:\ttttnb.exec:\ttttnb.exe86⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe87⤵
-
\??\c:\rxrrffx.exec:\rxrrffx.exe88⤵
-
\??\c:\httbtn.exec:\httbtn.exe89⤵
-
\??\c:\jjjdj.exec:\jjjdj.exe90⤵
-
\??\c:\xflxfrr.exec:\xflxfrr.exe91⤵
-
\??\c:\hhbhbh.exec:\hhbhbh.exe92⤵
-
\??\c:\nhhnnt.exec:\nhhnnt.exe93⤵
-
\??\c:\hhnnbh.exec:\hhnnbh.exe94⤵
-
\??\c:\3frrrxx.exec:\3frrrxx.exe95⤵
-
\??\c:\bbbhhh.exec:\bbbhhh.exe96⤵
-
\??\c:\tnbttb.exec:\tnbttb.exe97⤵
-
\??\c:\jjpvv.exec:\jjpvv.exe98⤵
-
\??\c:\jppvv.exec:\jppvv.exe99⤵
-
\??\c:\7xxrrrl.exec:\7xxrrrl.exe100⤵
-
\??\c:\htnhbb.exec:\htnhbb.exe101⤵
-
\??\c:\ttthbh.exec:\ttthbh.exe102⤵
-
\??\c:\djjdp.exec:\djjdp.exe103⤵
-
\??\c:\lrxrxxx.exec:\lrxrxxx.exe104⤵
-
\??\c:\xrlfxlx.exec:\xrlfxlx.exe105⤵
-
\??\c:\nnnnhb.exec:\nnnnhb.exe106⤵
-
\??\c:\jjpdd.exec:\jjpdd.exe107⤵
-
\??\c:\9lrrrfx.exec:\9lrrrfx.exe108⤵
-
\??\c:\xlrrfrl.exec:\xlrrfrl.exe109⤵
-
\??\c:\ttbhhn.exec:\ttbhhn.exe110⤵
-
\??\c:\thtttt.exec:\thtttt.exe111⤵
-
\??\c:\ddpjp.exec:\ddpjp.exe112⤵
-
\??\c:\3lrrfrl.exec:\3lrrfrl.exe113⤵
-
\??\c:\xflxfrf.exec:\xflxfrf.exe114⤵
-
\??\c:\httnnn.exec:\httnnn.exe115⤵
-
\??\c:\7jppd.exec:\7jppd.exe116⤵
-
\??\c:\pvddv.exec:\pvddv.exe117⤵
-
\??\c:\rllllll.exec:\rllllll.exe118⤵
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe119⤵
-
\??\c:\bbbhhn.exec:\bbbhhn.exe120⤵
-
\??\c:\tthhhh.exec:\tthhhh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-