Analysis
-
max time kernel
150s -
max time network
135s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
25/11/2024, 14:48
General
-
Target
24185db1c6fcfd9c58962835bcf6c35f4127478243112665a33312a935ae4677.exe
-
Size
71KB
-
MD5
c7316804de7cf76091d3a4a3bfc358e0
-
SHA1
a996bf13abde64bbd49a410ea20cbb7c090a1b76
-
SHA256
24185db1c6fcfd9c58962835bcf6c35f4127478243112665a33312a935ae4677
-
SHA512
32d83e3f3d4f15766a7d23c2638eb5fe53280f254d6faab4a04be74b2ea7824728e80d1db694e6953693230fb2a2f55b5504c35326fa341af19aa96e93d0ac2c
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIJ/RWPqBr4:ymb3NkkiQ3mdBjFIqsr4
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 37 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\24185db1c6fcfd9c58962835bcf6c35f4127478243112665a33312a935ae4677.exe"C:\Users\Admin\AppData\Local\Temp\24185db1c6fcfd9c58962835bcf6c35f4127478243112665a33312a935ae4677.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fllfrrl.exec:\fllfrrl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5httnn.exec:\5httnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vdvj.exec:\5vdvj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjvp.exec:\pvjvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrlllr.exec:\rlrlllr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xlfffx.exec:\7xlfffx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtnnn.exec:\hhtnnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjd.exec:\pjpjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbtnt.exec:\ntbtnt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvp.exec:\jvdvp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfffxrr.exec:\rfffxrr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5flfxxx.exec:\5flfxxx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnntt.exec:\ntnntt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbbnt.exec:\tbbbnt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdvp.exec:\jjdvp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rxlxxr.exec:\9rxlxxr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnnbb.exec:\nnnnbb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxllf.exec:\fxfxllf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxxllf.exec:\xxxxllf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhnht.exec:\tnhnht.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jjdv.exec:\1jjdv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjvp.exec:\jdjvp.exe23⤵
- Executes dropped EXE
-
\??\c:\1fflllf.exec:\1fflllf.exe24⤵
- Executes dropped EXE
-
\??\c:\rxxrrll.exec:\rxxrrll.exe25⤵
- Executes dropped EXE
-
\??\c:\5rrrrrr.exec:\5rrrrrr.exe26⤵
- Executes dropped EXE
-
\??\c:\bhtnhb.exec:\bhtnhb.exe27⤵
- Executes dropped EXE
-
\??\c:\bttnhb.exec:\bttnhb.exe28⤵
- Executes dropped EXE
-
\??\c:\jdddj.exec:\jdddj.exe29⤵
- Executes dropped EXE
-
\??\c:\xlrlffx.exec:\xlrlffx.exe30⤵
- Executes dropped EXE
-
\??\c:\9btnhh.exec:\9btnhh.exe31⤵
- Executes dropped EXE
-
\??\c:\nhbhtt.exec:\nhbhtt.exe32⤵
- Executes dropped EXE
-
\??\c:\pjjvp.exec:\pjjvp.exe33⤵
- Executes dropped EXE
-
\??\c:\jjvpv.exec:\jjvpv.exe34⤵
- Executes dropped EXE
-
\??\c:\xflfrrl.exec:\xflfrrl.exe35⤵
- Executes dropped EXE
-
\??\c:\thbtbb.exec:\thbtbb.exe36⤵
- Executes dropped EXE
-
\??\c:\5jdjd.exec:\5jdjd.exe37⤵
- Executes dropped EXE
-
\??\c:\vjvjj.exec:\vjvjj.exe38⤵
- Executes dropped EXE
-
\??\c:\1rxxllf.exec:\1rxxllf.exe39⤵
- Executes dropped EXE
-
\??\c:\lrxxrll.exec:\lrxxrll.exe40⤵
- Executes dropped EXE
-
\??\c:\bnbbtt.exec:\bnbbtt.exe41⤵
- Executes dropped EXE
-
\??\c:\7hnhtt.exec:\7hnhtt.exe42⤵
- Executes dropped EXE
-
\??\c:\pddvp.exec:\pddvp.exe43⤵
- Executes dropped EXE
-
\??\c:\ppdpj.exec:\ppdpj.exe44⤵
- Executes dropped EXE
-
\??\c:\xllfllx.exec:\xllfllx.exe45⤵
- Executes dropped EXE
-
\??\c:\7llfxrr.exec:\7llfxrr.exe46⤵
- Executes dropped EXE
-
\??\c:\3pdjj.exec:\3pdjj.exe47⤵
- Executes dropped EXE
-
\??\c:\vdpvp.exec:\vdpvp.exe48⤵
- Executes dropped EXE
-
\??\c:\9llfffr.exec:\9llfffr.exe49⤵
- Executes dropped EXE
-
\??\c:\1fllrrf.exec:\1fllrrf.exe50⤵
- Executes dropped EXE
-
\??\c:\tbbttt.exec:\tbbttt.exe51⤵
- Executes dropped EXE
-
\??\c:\ddvvd.exec:\ddvvd.exe52⤵
- Executes dropped EXE
-
\??\c:\lxrlfxr.exec:\lxrlfxr.exe53⤵
- Executes dropped EXE
-
\??\c:\3llrxxl.exec:\3llrxxl.exe54⤵
- Executes dropped EXE
-
\??\c:\hhhhnt.exec:\hhhhnt.exe55⤵
- Executes dropped EXE
-
\??\c:\1ddvd.exec:\1ddvd.exe56⤵
- Executes dropped EXE
-
\??\c:\pjvpj.exec:\pjvpj.exe57⤵
- Executes dropped EXE
-
\??\c:\9rlfrlf.exec:\9rlfrlf.exe58⤵
- Executes dropped EXE
-
\??\c:\bttnhh.exec:\bttnhh.exe59⤵
- Executes dropped EXE
-
\??\c:\7bhbnn.exec:\7bhbnn.exe60⤵
- Executes dropped EXE
-
\??\c:\btnhbt.exec:\btnhbt.exe61⤵
- Executes dropped EXE
-
\??\c:\vpvpj.exec:\vpvpj.exe62⤵
- Executes dropped EXE
-
\??\c:\pvjvj.exec:\pvjvj.exe63⤵
- Executes dropped EXE
-
\??\c:\3lrlxxr.exec:\3lrlxxr.exe64⤵
- Executes dropped EXE
-
\??\c:\lrxfrrl.exec:\lrxfrrl.exe65⤵
- Executes dropped EXE
-
\??\c:\bbnhbb.exec:\bbnhbb.exe66⤵
-
\??\c:\9htbnn.exec:\9htbnn.exe67⤵
-
\??\c:\hthbtt.exec:\hthbtt.exe68⤵
-
\??\c:\9jdvd.exec:\9jdvd.exe69⤵
-
\??\c:\fxfxrxr.exec:\fxfxrxr.exe70⤵
-
\??\c:\fxflrrx.exec:\fxflrrx.exe71⤵
-
\??\c:\3hnhbb.exec:\3hnhbb.exe72⤵
-
\??\c:\bbhbnn.exec:\bbhbnn.exe73⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vpjdd.exec:\vpjdd.exe74⤵
-
\??\c:\vjppj.exec:\vjppj.exe75⤵
-
\??\c:\9rlfrlr.exec:\9rlfrlr.exe76⤵
-
\??\c:\7rfxffx.exec:\7rfxffx.exe77⤵
-
\??\c:\thtntn.exec:\thtntn.exe78⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe79⤵
-
\??\c:\3jvpv.exec:\3jvpv.exe80⤵
-
\??\c:\9xxrffx.exec:\9xxrffx.exe81⤵
-
\??\c:\xrllfxx.exec:\xrllfxx.exe82⤵
-
\??\c:\5ttnhh.exec:\5ttnhh.exe83⤵
-
\??\c:\bntbbb.exec:\bntbbb.exe84⤵
-
\??\c:\jdppj.exec:\jdppj.exe85⤵
-
\??\c:\vddvj.exec:\vddvj.exe86⤵
-
\??\c:\lfxrffx.exec:\lfxrffx.exe87⤵
-
\??\c:\vjdvj.exec:\vjdvj.exe88⤵
-
\??\c:\vjppj.exec:\vjppj.exe89⤵
-
\??\c:\7rlxxrl.exec:\7rlxxrl.exe90⤵
-
\??\c:\bhhnhb.exec:\bhhnhb.exe91⤵
-
\??\c:\bnttnt.exec:\bnttnt.exe92⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe93⤵
-
\??\c:\vjdvj.exec:\vjdvj.exe94⤵
-
\??\c:\rlrxxlr.exec:\rlrxxlr.exe95⤵
-
\??\c:\lffxrrl.exec:\lffxrrl.exe96⤵
-
\??\c:\nhbtbb.exec:\nhbtbb.exe97⤵
-
\??\c:\7nttnn.exec:\7nttnn.exe98⤵
-
\??\c:\9vjdv.exec:\9vjdv.exe99⤵
-
\??\c:\7jjdj.exec:\7jjdj.exe100⤵
-
\??\c:\7rlfrll.exec:\7rlfrll.exe101⤵
-
\??\c:\7ffxrrf.exec:\7ffxrrf.exe102⤵
-
\??\c:\9nhhbt.exec:\9nhhbt.exe103⤵
-
\??\c:\hbhbhb.exec:\hbhbhb.exe104⤵
-
\??\c:\3dvpd.exec:\3dvpd.exe105⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe106⤵
-
\??\c:\rfrflll.exec:\rfrflll.exe107⤵
-
\??\c:\xrxxfff.exec:\xrxxfff.exe108⤵
-
\??\c:\ntbbtn.exec:\ntbbtn.exe109⤵
-
\??\c:\3bhbnn.exec:\3bhbnn.exe110⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe111⤵
-
\??\c:\vvvvd.exec:\vvvvd.exe112⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe113⤵
-
\??\c:\hnnhtt.exec:\hnnhtt.exe114⤵
-
\??\c:\1djdp.exec:\1djdp.exe115⤵
-
\??\c:\jjpvp.exec:\jjpvp.exe116⤵
-
\??\c:\9lrlllf.exec:\9lrlllf.exe117⤵
-
\??\c:\xrxffff.exec:\xrxffff.exe118⤵
-
\??\c:\htbtnn.exec:\htbtnn.exe119⤵
-
\??\c:\9bhthh.exec:\9bhthh.exe120⤵
-
\??\c:\ppjjv.exec:\ppjjv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-