Analysis
-
max time kernel
120s -
max time network
98s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
25/11/2024, 14:35
General
-
Target
24185db1c6fcfd9c58962835bcf6c35f4127478243112665a33312a935ae4677.exe
-
Size
71KB
-
MD5
c7316804de7cf76091d3a4a3bfc358e0
-
SHA1
a996bf13abde64bbd49a410ea20cbb7c090a1b76
-
SHA256
24185db1c6fcfd9c58962835bcf6c35f4127478243112665a33312a935ae4677
-
SHA512
32d83e3f3d4f15766a7d23c2638eb5fe53280f254d6faab4a04be74b2ea7824728e80d1db694e6953693230fb2a2f55b5504c35326fa341af19aa96e93d0ac2c
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIJ/RWPqBr4:ymb3NkkiQ3mdBjFIqsr4
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 41 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\24185db1c6fcfd9c58962835bcf6c35f4127478243112665a33312a935ae4677.exe"C:\Users\Admin\AppData\Local\Temp\24185db1c6fcfd9c58962835bcf6c35f4127478243112665a33312a935ae4677.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1hnbbt.exec:\1hnbbt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nbthh.exec:\9nbthh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjv.exec:\dppjv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdvd.exec:\pvdvd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrfrffl.exec:\lrfrffl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xrxlrx.exec:\3xrxlrx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ttnbt.exec:\7ttnbt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbnbn.exec:\nhbnbn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjvj.exec:\jdjvj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pvpv.exec:\9pvpv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrfxlr.exec:\xfrfxlr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbntt.exec:\thbntt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpjj.exec:\vvpjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxxxxx.exec:\flxxxxx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nththn.exec:\nththn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdjp.exec:\djdjp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrffxx.exec:\lxrffxx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbtbt.exec:\bbbtbt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tththb.exec:\tththb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlrfrl.exec:\lxlrfrl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflfrlx.exec:\fflfrlx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbbtn.exec:\thbbtn.exe23⤵
- Executes dropped EXE
-
\??\c:\dvvpv.exec:\dvvpv.exe24⤵
- Executes dropped EXE
-
\??\c:\rxxrfxr.exec:\rxxrfxr.exe25⤵
- Executes dropped EXE
-
\??\c:\nbnnbn.exec:\nbnnbn.exe26⤵
- Executes dropped EXE
-
\??\c:\bntttt.exec:\bntttt.exe27⤵
- Executes dropped EXE
-
\??\c:\jddvv.exec:\jddvv.exe28⤵
- Executes dropped EXE
-
\??\c:\rrflxlr.exec:\rrflxlr.exe29⤵
- Executes dropped EXE
-
\??\c:\5htnnh.exec:\5htnnh.exe30⤵
- Executes dropped EXE
-
\??\c:\pjdvj.exec:\pjdvj.exe31⤵
- Executes dropped EXE
-
\??\c:\vvjpv.exec:\vvjpv.exe32⤵
- Executes dropped EXE
-
\??\c:\ffxrfxl.exec:\ffxrfxl.exe33⤵
- Executes dropped EXE
-
\??\c:\3hbttn.exec:\3hbttn.exe34⤵
- Executes dropped EXE
-
\??\c:\thnhtt.exec:\thnhtt.exe35⤵
- Executes dropped EXE
-
\??\c:\dvpdv.exec:\dvpdv.exe36⤵
- Executes dropped EXE
-
\??\c:\ntthnn.exec:\ntthnn.exe37⤵
- Executes dropped EXE
-
\??\c:\hbhtbt.exec:\hbhtbt.exe38⤵
- Executes dropped EXE
-
\??\c:\dvdpp.exec:\dvdpp.exe39⤵
- Executes dropped EXE
-
\??\c:\ffrllrr.exec:\ffrllrr.exe40⤵
- Executes dropped EXE
-
\??\c:\bhtttt.exec:\bhtttt.exe41⤵
- Executes dropped EXE
-
\??\c:\djdpj.exec:\djdpj.exe42⤵
- Executes dropped EXE
-
\??\c:\lfxlxxl.exec:\lfxlxxl.exe43⤵
- Executes dropped EXE
-
\??\c:\hbhntb.exec:\hbhntb.exe44⤵
- Executes dropped EXE
-
\??\c:\hnnhbb.exec:\hnnhbb.exe45⤵
- Executes dropped EXE
-
\??\c:\ddjdv.exec:\ddjdv.exe46⤵
- Executes dropped EXE
-
\??\c:\vpvpv.exec:\vpvpv.exe47⤵
- Executes dropped EXE
-
\??\c:\rfxrfxl.exec:\rfxrfxl.exe48⤵
- Executes dropped EXE
-
\??\c:\5nnnnn.exec:\5nnnnn.exe49⤵
- Executes dropped EXE
-
\??\c:\9ttnhn.exec:\9ttnhn.exe50⤵
-
\??\c:\ddppj.exec:\ddppj.exe51⤵
- Executes dropped EXE
-
\??\c:\xlxlfff.exec:\xlxlfff.exe52⤵
- Executes dropped EXE
-
\??\c:\nthhbt.exec:\nthhbt.exe53⤵
- Executes dropped EXE
-
\??\c:\nnhbhb.exec:\nnhbhb.exe54⤵
- Executes dropped EXE
-
\??\c:\ppjdj.exec:\ppjdj.exe55⤵
- Executes dropped EXE
-
\??\c:\ffxrlfx.exec:\ffxrlfx.exe56⤵
- Executes dropped EXE
-
\??\c:\5hhhbb.exec:\5hhhbb.exe57⤵
- Executes dropped EXE
-
\??\c:\bntnhh.exec:\bntnhh.exe58⤵
- Executes dropped EXE
-
\??\c:\pdvpd.exec:\pdvpd.exe59⤵
- Executes dropped EXE
-
\??\c:\5jpdv.exec:\5jpdv.exe60⤵
- Executes dropped EXE
-
\??\c:\llrxrxx.exec:\llrxrxx.exe61⤵
- Executes dropped EXE
-
\??\c:\ttbbbb.exec:\ttbbbb.exe62⤵
- Executes dropped EXE
-
\??\c:\9htnbb.exec:\9htnbb.exe63⤵
- Executes dropped EXE
-
\??\c:\vjjjd.exec:\vjjjd.exe64⤵
- Executes dropped EXE
-
\??\c:\rlxxrff.exec:\rlxxrff.exe65⤵
- Executes dropped EXE
-
\??\c:\xrfffrr.exec:\xrfffrr.exe66⤵
- Executes dropped EXE
-
\??\c:\lrxxrrr.exec:\lrxxrrr.exe67⤵
-
\??\c:\tnnhhh.exec:\tnnhhh.exe68⤵
-
\??\c:\fffxrrl.exec:\fffxrrl.exe69⤵
-
\??\c:\tbtnnb.exec:\tbtnnb.exe70⤵
-
\??\c:\vdjdd.exec:\vdjdd.exe71⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe72⤵
-
\??\c:\fxrrrrx.exec:\fxrrrrx.exe73⤵
-
\??\c:\5xlfrlf.exec:\5xlfrlf.exe74⤵
-
\??\c:\btttbt.exec:\btttbt.exe75⤵
-
\??\c:\htbttt.exec:\htbttt.exe76⤵
-
\??\c:\jppdd.exec:\jppdd.exe77⤵
-
\??\c:\xlxrlll.exec:\xlxrlll.exe78⤵
-
\??\c:\rffllll.exec:\rffllll.exe79⤵
-
\??\c:\nnhbbn.exec:\nnhbbn.exe80⤵
-
\??\c:\hnnttb.exec:\hnnttb.exe81⤵
-
\??\c:\djjdd.exec:\djjdd.exe82⤵
-
\??\c:\fffxllx.exec:\fffxllx.exe83⤵
-
\??\c:\lrrlxrl.exec:\lrrlxrl.exe84⤵
-
\??\c:\hhnnhh.exec:\hhnnhh.exe85⤵
-
\??\c:\5dvvj.exec:\5dvvj.exe86⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe87⤵
-
\??\c:\rxfxlfr.exec:\rxfxlfr.exe88⤵
-
\??\c:\tbbbnt.exec:\tbbbnt.exe89⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe90⤵
-
\??\c:\pdjpj.exec:\pdjpj.exe91⤵
-
\??\c:\5pvvj.exec:\5pvvj.exe92⤵
-
\??\c:\fxlffxr.exec:\fxlffxr.exe93⤵
-
\??\c:\nbbnth.exec:\nbbnth.exe94⤵
-
\??\c:\hnnhbt.exec:\hnnhbt.exe95⤵
-
\??\c:\pvvvv.exec:\pvvvv.exe96⤵
-
\??\c:\rffxlxl.exec:\rffxlxl.exe97⤵
-
\??\c:\rflrrrr.exec:\rflrrrr.exe98⤵
-
\??\c:\httnhb.exec:\httnhb.exe99⤵
-
\??\c:\btnhtn.exec:\btnhtn.exe100⤵
-
\??\c:\jjjjv.exec:\jjjjv.exe101⤵
-
\??\c:\ppvpj.exec:\ppvpj.exe102⤵
-
\??\c:\xrxrllf.exec:\xrxrllf.exe103⤵
-
\??\c:\htnhtn.exec:\htnhtn.exe104⤵
-
\??\c:\1ntnhh.exec:\1ntnhh.exe105⤵
-
\??\c:\vvdpd.exec:\vvdpd.exe106⤵
-
\??\c:\frfxlfx.exec:\frfxlfx.exe107⤵
-
\??\c:\tnttnn.exec:\tnttnn.exe108⤵
-
\??\c:\btttnn.exec:\btttnn.exe109⤵
-
\??\c:\3vjvv.exec:\3vjvv.exe110⤵
-
\??\c:\3fffllf.exec:\3fffllf.exe111⤵
-
\??\c:\3xfrfxl.exec:\3xfrfxl.exe112⤵
-
\??\c:\tnbtht.exec:\tnbtht.exe113⤵
-
\??\c:\xrlllff.exec:\xrlllff.exe114⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hhbntt.exec:\hhbntt.exe115⤵
-
\??\c:\jjjpv.exec:\jjjpv.exe116⤵
-
\??\c:\9jvjd.exec:\9jvjd.exe117⤵
-
\??\c:\lffxrrr.exec:\lffxrrr.exe118⤵
-
\??\c:\3rxrlfx.exec:\3rxrlfx.exe119⤵
-
\??\c:\nbhnnh.exec:\nbhnnh.exe120⤵
-
\??\c:\ddpdp.exec:\ddpdp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-