Analysis
-
max time kernel
120s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
25-11-2024 15:12
General
-
Target
a98ec67a2556f073eb240ee5afc5fc54a86fa5b878d12d4805e145c6abccc0c3N.exe
-
Size
105KB
-
MD5
d25a27c8c8263759cb09d086019d1af0
-
SHA1
705a4a9bfe25306ff3e40e2486e151c22069947e
-
SHA256
a98ec67a2556f073eb240ee5afc5fc54a86fa5b878d12d4805e145c6abccc0c3
-
SHA512
0af2e2ce0f2aa7abd2aa8b74c7d027ec984df27c2ee98d057fbdbaaf7aed65cb30f89630b1eb8bad95a7cda57bf98baf001e7f932cf581b599991d5913f56016
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73tvn+Yp99zm+/KZBHq82PC/:n3C9BRo7tvnJ99T/KZE89/
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a98ec67a2556f073eb240ee5afc5fc54a86fa5b878d12d4805e145c6abccc0c3N.exe"C:\Users\Admin\AppData\Local\Temp\a98ec67a2556f073eb240ee5afc5fc54a86fa5b878d12d4805e145c6abccc0c3N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnnnn.exec:\ttnnnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjd.exec:\vppjd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrrxxx.exec:\flrrxxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbtnh.exec:\thbtnh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdjj.exec:\vjdjj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrrrxx.exec:\lrrrrxx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhhhh.exec:\bhhhhh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dvpj.exec:\7dvpj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxrrr.exec:\lfxxrrr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tbbbh.exec:\9tbbbh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxxrr.exec:\rlfxxrr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllxrrl.exec:\rllxrrl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnhhh.exec:\thnhhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvddv.exec:\jvddv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffxrrl.exec:\fffxrrl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lxrrrx.exec:\1lxrrrx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppj.exec:\dvppj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dpdd.exec:\3dpdd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxxrrl.exec:\llxxrrl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbthh.exec:\ttbthh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jjdv.exec:\7jjdv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfflll.exec:\frfflll.exe23⤵
- Executes dropped EXE
-
\??\c:\nnnbtt.exec:\nnnbtt.exe24⤵
- Executes dropped EXE
-
\??\c:\httnhh.exec:\httnhh.exe25⤵
- Executes dropped EXE
-
\??\c:\7jppp.exec:\7jppp.exe26⤵
- Executes dropped EXE
-
\??\c:\7bhbbb.exec:\7bhbbb.exe27⤵
- Executes dropped EXE
-
\??\c:\9nhnnt.exec:\9nhnnt.exe28⤵
- Executes dropped EXE
-
\??\c:\pvvpj.exec:\pvvpj.exe29⤵
- Executes dropped EXE
-
\??\c:\1bbhhn.exec:\1bbhhn.exe30⤵
- Executes dropped EXE
-
\??\c:\5bhhbb.exec:\5bhhbb.exe31⤵
- Executes dropped EXE
-
\??\c:\jjjdd.exec:\jjjdd.exe32⤵
- Executes dropped EXE
-
\??\c:\rrfxxxx.exec:\rrfxxxx.exe33⤵
- Executes dropped EXE
-
\??\c:\thnbtb.exec:\thnbtb.exe34⤵
- Executes dropped EXE
-
\??\c:\9hhhbh.exec:\9hhhbh.exe35⤵
- Executes dropped EXE
-
\??\c:\3pvdd.exec:\3pvdd.exe36⤵
- Executes dropped EXE
-
\??\c:\jjddp.exec:\jjddp.exe37⤵
- Executes dropped EXE
-
\??\c:\xxlrllf.exec:\xxlrllf.exe38⤵
- Executes dropped EXE
-
\??\c:\tbnntb.exec:\tbnntb.exe39⤵
- Executes dropped EXE
-
\??\c:\nnnnhb.exec:\nnnnhb.exe40⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe41⤵
- Executes dropped EXE
-
\??\c:\rxffxfl.exec:\rxffxfl.exe42⤵
- Executes dropped EXE
-
\??\c:\lflffll.exec:\lflffll.exe43⤵
- Executes dropped EXE
-
\??\c:\tbbbbb.exec:\tbbbbb.exe44⤵
- Executes dropped EXE
-
\??\c:\vddvp.exec:\vddvp.exe45⤵
- Executes dropped EXE
-
\??\c:\ppdjd.exec:\ppdjd.exe46⤵
- Executes dropped EXE
-
\??\c:\lfrllll.exec:\lfrllll.exe47⤵
- Executes dropped EXE
-
\??\c:\xlffxxr.exec:\xlffxxr.exe48⤵
- Executes dropped EXE
-
\??\c:\tttnhh.exec:\tttnhh.exe49⤵
- Executes dropped EXE
-
\??\c:\pppjd.exec:\pppjd.exe50⤵
- Executes dropped EXE
-
\??\c:\jppdd.exec:\jppdd.exe51⤵
- Executes dropped EXE
-
\??\c:\flflffl.exec:\flflffl.exe52⤵
- Executes dropped EXE
-
\??\c:\tttbbh.exec:\tttbbh.exe53⤵
- Executes dropped EXE
-
\??\c:\ppddd.exec:\ppddd.exe54⤵
- Executes dropped EXE
-
\??\c:\lrlfllf.exec:\lrlfllf.exe55⤵
- Executes dropped EXE
-
\??\c:\bbhhhn.exec:\bbhhhn.exe56⤵
- Executes dropped EXE
-
\??\c:\vvpvv.exec:\vvpvv.exe57⤵
- Executes dropped EXE
-
\??\c:\pvjdd.exec:\pvjdd.exe58⤵
- Executes dropped EXE
-
\??\c:\fxlfxxr.exec:\fxlfxxr.exe59⤵
- Executes dropped EXE
-
\??\c:\ntbbtt.exec:\ntbbtt.exe60⤵
- Executes dropped EXE
-
\??\c:\7bttnt.exec:\7bttnt.exe61⤵
- Executes dropped EXE
-
\??\c:\5pvvv.exec:\5pvvv.exe62⤵
- Executes dropped EXE
-
\??\c:\rlffxxr.exec:\rlffxxr.exe63⤵
- Executes dropped EXE
-
\??\c:\ppdvj.exec:\ppdvj.exe64⤵
- Executes dropped EXE
-
\??\c:\ppddd.exec:\ppddd.exe65⤵
- Executes dropped EXE
-
\??\c:\bttntt.exec:\bttntt.exe66⤵
-
\??\c:\xfrrrfx.exec:\xfrrrfx.exe67⤵
-
\??\c:\hbbbnh.exec:\hbbbnh.exe68⤵
-
\??\c:\vddvj.exec:\vddvj.exe69⤵
-
\??\c:\1fllffx.exec:\1fllffx.exe70⤵
-
\??\c:\htnbth.exec:\htnbth.exe71⤵
-
\??\c:\ddjpp.exec:\ddjpp.exe72⤵
-
\??\c:\xfrxfxl.exec:\xfrxfxl.exe73⤵
-
\??\c:\nnnttb.exec:\nnnttb.exe74⤵
-
\??\c:\vdpvj.exec:\vdpvj.exe75⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe76⤵
-
\??\c:\lfxrxxl.exec:\lfxrxxl.exe77⤵
-
\??\c:\9thbtt.exec:\9thbtt.exe78⤵
-
\??\c:\3vjjv.exec:\3vjjv.exe79⤵
-
\??\c:\ttbttt.exec:\ttbttt.exe80⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe81⤵
-
\??\c:\lxxxffx.exec:\lxxxffx.exe82⤵
-
\??\c:\5bbhht.exec:\5bbhht.exe83⤵
-
\??\c:\dpvjd.exec:\dpvjd.exe84⤵
-
\??\c:\fxxffff.exec:\fxxffff.exe85⤵
-
\??\c:\lxlrlrr.exec:\lxlrlrr.exe86⤵
-
\??\c:\5hnttb.exec:\5hnttb.exe87⤵
-
\??\c:\jdppp.exec:\jdppp.exe88⤵
-
\??\c:\rxxxxfx.exec:\rxxxxfx.exe89⤵
-
\??\c:\xffxrfx.exec:\xffxrfx.exe90⤵
-
\??\c:\bnbbth.exec:\bnbbth.exe91⤵
-
\??\c:\ntntnn.exec:\ntntnn.exe92⤵
-
\??\c:\pvdjd.exec:\pvdjd.exe93⤵
-
\??\c:\xfrrlll.exec:\xfrrlll.exe94⤵
-
\??\c:\hhnttb.exec:\hhnttb.exe95⤵
-
\??\c:\ppjvp.exec:\ppjvp.exe96⤵
-
\??\c:\djjjj.exec:\djjjj.exe97⤵
-
\??\c:\rlxxfxr.exec:\rlxxfxr.exe98⤵
-
\??\c:\ntttnt.exec:\ntttnt.exe99⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe100⤵
-
\??\c:\xxxxfll.exec:\xxxxfll.exe101⤵
-
\??\c:\1httbb.exec:\1httbb.exe102⤵
-
\??\c:\thtbhh.exec:\thtbhh.exe103⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe104⤵
-
\??\c:\7lfxrxf.exec:\7lfxrxf.exe105⤵
-
\??\c:\xxfxrxr.exec:\xxfxrxr.exe106⤵
-
\??\c:\bnbnnt.exec:\bnbnnt.exe107⤵
-
\??\c:\vpppd.exec:\vpppd.exe108⤵
-
\??\c:\vjddp.exec:\vjddp.exe109⤵
-
\??\c:\rfxrffx.exec:\rfxrffx.exe110⤵
-
\??\c:\nnthht.exec:\nnthht.exe111⤵
-
\??\c:\bthttt.exec:\bthttt.exe112⤵
-
\??\c:\3pvpd.exec:\3pvpd.exe113⤵
-
\??\c:\lxfffll.exec:\lxfffll.exe114⤵
-
\??\c:\9bbbtb.exec:\9bbbtb.exe115⤵
-
\??\c:\ppppp.exec:\ppppp.exe116⤵
-
\??\c:\rfflffx.exec:\rfflffx.exe117⤵
-
\??\c:\tnbttt.exec:\tnbttt.exe118⤵
-
\??\c:\hhtbnt.exec:\hhtbnt.exe119⤵
-
\??\c:\jpjdd.exec:\jpjdd.exe120⤵
-
\??\c:\rlfrlff.exec:\rlfrlff.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-