Analysis
-
max time kernel
150s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
30-11-2024 05:13
General
-
Target
eefa5b53fceff1cf1207bdfbdf03e4f7060b721ab07b4259d748e6acc1ced1fd.exe
-
Size
105KB
-
MD5
a4c210bbb97e01caf3f428a3d44172f2
-
SHA1
fc9e2a416cb8a26622e3c668c7c0f4af265498bc
-
SHA256
eefa5b53fceff1cf1207bdfbdf03e4f7060b721ab07b4259d748e6acc1ced1fd
-
SHA512
cf790335aa1841a2f216a00ab39d09b034d7bc005e235d324b4179f1ac743f75cea7353e7974c7d0e11614ba1a39d376b92b3b46f5920ef1c77daca9f8dff610
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73tvn+Yp99zm+/KZBHq82PC1:n3C9BRo7tvnJ99T/KZE891
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 36 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\eefa5b53fceff1cf1207bdfbdf03e4f7060b721ab07b4259d748e6acc1ced1fd.exe"C:\Users\Admin\AppData\Local\Temp\eefa5b53fceff1cf1207bdfbdf03e4f7060b721ab07b4259d748e6acc1ced1fd.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjjv.exec:\vdjjv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttnnt.exec:\nttnnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtbtn.exec:\thtbtn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdjp.exec:\vjdjp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhhhh.exec:\bbhhhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvddd.exec:\jvddd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vppp.exec:\7vppp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrrrrr.exec:\rxrrrrr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhhnt.exec:\bbhhnt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpj.exec:\jdvpj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttbbh.exec:\bttbbh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ntnnn.exec:\1ntnnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvpj.exec:\dpvpj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllfxxf.exec:\lllfxxf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbbtt.exec:\htbbtt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddv.exec:\jdddv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrlxxx.exec:\flrlxxx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhbb.exec:\bnnhbb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxfllf.exec:\lfxfllf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvp.exec:\pjdvp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrllfx.exec:\fxrllfx.exe23⤵
- Executes dropped EXE
-
\??\c:\rlllfff.exec:\rlllfff.exe24⤵
- Executes dropped EXE
-
\??\c:\1nnhhh.exec:\1nnhhh.exe25⤵
- Executes dropped EXE
-
\??\c:\pdppj.exec:\pdppj.exe26⤵
- Executes dropped EXE
-
\??\c:\9dpjj.exec:\9dpjj.exe27⤵
- Executes dropped EXE
-
\??\c:\1rlfxxl.exec:\1rlfxxl.exe28⤵
- Executes dropped EXE
-
\??\c:\htnhtt.exec:\htnhtt.exe29⤵
- Executes dropped EXE
-
\??\c:\vpddv.exec:\vpddv.exe30⤵
- Executes dropped EXE
-
\??\c:\fflllfx.exec:\fflllfx.exe31⤵
- Executes dropped EXE
-
\??\c:\llrrrxr.exec:\llrrrxr.exe32⤵
- Executes dropped EXE
-
\??\c:\nhnhnn.exec:\nhnhnn.exe33⤵
- Executes dropped EXE
-
\??\c:\5xfxrfr.exec:\5xfxrfr.exe34⤵
- Executes dropped EXE
-
\??\c:\nhhnhh.exec:\nhhnhh.exe35⤵
- Executes dropped EXE
-
\??\c:\jdjdp.exec:\jdjdp.exe36⤵
- Executes dropped EXE
-
\??\c:\3rfxffx.exec:\3rfxffx.exe37⤵
- Executes dropped EXE
-
\??\c:\3ffllll.exec:\3ffllll.exe38⤵
- Executes dropped EXE
-
\??\c:\nhnhbh.exec:\nhnhbh.exe39⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe40⤵
- Executes dropped EXE
-
\??\c:\lrxxffr.exec:\lrxxffr.exe41⤵
- Executes dropped EXE
-
\??\c:\rrxrllf.exec:\rrxrllf.exe42⤵
- Executes dropped EXE
-
\??\c:\nhnhtt.exec:\nhnhtt.exe43⤵
- Executes dropped EXE
-
\??\c:\jdjjd.exec:\jdjjd.exe44⤵
- Executes dropped EXE
-
\??\c:\xlxxrxf.exec:\xlxxrxf.exe45⤵
- Executes dropped EXE
-
\??\c:\rllfxxr.exec:\rllfxxr.exe46⤵
- Executes dropped EXE
-
\??\c:\tbtbth.exec:\tbtbth.exe47⤵
- Executes dropped EXE
-
\??\c:\jvvpp.exec:\jvvpp.exe48⤵
- Executes dropped EXE
-
\??\c:\frlxrrl.exec:\frlxrrl.exe49⤵
- Executes dropped EXE
-
\??\c:\tnthbt.exec:\tnthbt.exe50⤵
- Executes dropped EXE
-
\??\c:\dvjdv.exec:\dvjdv.exe51⤵
- Executes dropped EXE
-
\??\c:\lllfxxr.exec:\lllfxxr.exe52⤵
- Executes dropped EXE
-
\??\c:\xxrlffx.exec:\xxrlffx.exe53⤵
- Executes dropped EXE
-
\??\c:\bhbbtb.exec:\bhbbtb.exe54⤵
- Executes dropped EXE
-
\??\c:\hbhtbb.exec:\hbhtbb.exe55⤵
- Executes dropped EXE
-
\??\c:\vppjp.exec:\vppjp.exe56⤵
- Executes dropped EXE
-
\??\c:\xrrlfxr.exec:\xrrlfxr.exe57⤵
- Executes dropped EXE
-
\??\c:\3nnhhh.exec:\3nnhhh.exe58⤵
- Executes dropped EXE
-
\??\c:\ddvpj.exec:\ddvpj.exe59⤵
- Executes dropped EXE
-
\??\c:\rflfrrl.exec:\rflfrrl.exe60⤵
- Executes dropped EXE
-
\??\c:\hnnttb.exec:\hnnttb.exe61⤵
- Executes dropped EXE
-
\??\c:\dvjjj.exec:\dvjjj.exe62⤵
- Executes dropped EXE
-
\??\c:\jppjp.exec:\jppjp.exe63⤵
- Executes dropped EXE
-
\??\c:\rrfxrrl.exec:\rrfxrrl.exe64⤵
- Executes dropped EXE
-
\??\c:\bhtnth.exec:\bhtnth.exe65⤵
- Executes dropped EXE
-
\??\c:\9pvvd.exec:\9pvvd.exe66⤵
-
\??\c:\9xlfrrr.exec:\9xlfrrr.exe67⤵
-
\??\c:\nnhhbb.exec:\nnhhbb.exe68⤵
-
\??\c:\9jjdv.exec:\9jjdv.exe69⤵
-
\??\c:\jjvpv.exec:\jjvpv.exe70⤵
-
\??\c:\xfffrrl.exec:\xfffrrl.exe71⤵
-
\??\c:\bnnnhh.exec:\bnnnhh.exe72⤵
-
\??\c:\9dvvp.exec:\9dvvp.exe73⤵
-
\??\c:\rrrfxxx.exec:\rrrfxxx.exe74⤵
-
\??\c:\nnbttb.exec:\nnbttb.exe75⤵
-
\??\c:\tnthtn.exec:\tnthtn.exe76⤵
-
\??\c:\vvpjj.exec:\vvpjj.exe77⤵
-
\??\c:\rxxrfff.exec:\rxxrfff.exe78⤵
-
\??\c:\1rxrxxx.exec:\1rxrxxx.exe79⤵
-
\??\c:\7hhhtt.exec:\7hhhtt.exe80⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe81⤵
-
\??\c:\flxlflf.exec:\flxlflf.exe82⤵
-
\??\c:\rlrlffx.exec:\rlrlffx.exe83⤵
-
\??\c:\nbtnhb.exec:\nbtnhb.exe84⤵
-
\??\c:\5ntnnn.exec:\5ntnnn.exe85⤵
-
\??\c:\pddvj.exec:\pddvj.exe86⤵
-
\??\c:\rlfxllf.exec:\rlfxllf.exe87⤵
-
\??\c:\5xfffrr.exec:\5xfffrr.exe88⤵
-
\??\c:\bbbnnn.exec:\bbbnnn.exe89⤵
-
\??\c:\nhtnhb.exec:\nhtnhb.exe90⤵
-
\??\c:\ppdvj.exec:\ppdvj.exe91⤵
-
\??\c:\7flffff.exec:\7flffff.exe92⤵
-
\??\c:\rflfxfl.exec:\rflfxfl.exe93⤵
-
\??\c:\ththnb.exec:\ththnb.exe94⤵
-
\??\c:\5nnnhb.exec:\5nnnhb.exe95⤵
-
\??\c:\7vvdv.exec:\7vvdv.exe96⤵
-
\??\c:\tbhbnn.exec:\tbhbnn.exe97⤵
-
\??\c:\bbttnt.exec:\bbttnt.exe98⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe99⤵
-
\??\c:\1vvpd.exec:\1vvpd.exe100⤵
-
\??\c:\fxrxxll.exec:\fxrxxll.exe101⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe102⤵
-
\??\c:\vvjjj.exec:\vvjjj.exe103⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe104⤵
-
\??\c:\xlrlfxr.exec:\xlrlfxr.exe105⤵
-
\??\c:\rrrfxrf.exec:\rrrfxrf.exe106⤵
-
\??\c:\9tttnt.exec:\9tttnt.exe107⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe108⤵
-
\??\c:\lffxrrl.exec:\lffxrrl.exe109⤵
-
\??\c:\xrxxrfl.exec:\xrxxrfl.exe110⤵
-
\??\c:\7hhhbb.exec:\7hhhbb.exe111⤵
-
\??\c:\vdpjv.exec:\vdpjv.exe112⤵
-
\??\c:\5llfrlf.exec:\5llfrlf.exe113⤵
-
\??\c:\frfxxxr.exec:\frfxxxr.exe114⤵
-
\??\c:\tnnbhh.exec:\tnnbhh.exe115⤵
-
\??\c:\9djvp.exec:\9djvp.exe116⤵
-
\??\c:\lfxrfrl.exec:\lfxrfrl.exe117⤵
-
\??\c:\rffxrrl.exec:\rffxrrl.exe118⤵
-
\??\c:\httttb.exec:\httttb.exe119⤵
-
\??\c:\jjdvj.exec:\jjdvj.exe120⤵
-
\??\c:\xlrlfll.exec:\xlrlfll.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-