Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
17-12-2024 13:39
General
-
Target
73fb34e2780202a04e897ba7a581e2db5423643b71c8d440eb92daa298b1cd49.exe
-
Size
53KB
-
MD5
f137b6ff5ad0a3b66840201784875e9c
-
SHA1
5c17e8afcc7e0667646cb2d354bc725ced7db6a7
-
SHA256
73fb34e2780202a04e897ba7a581e2db5423643b71c8d440eb92daa298b1cd49
-
SHA512
58d9ec00b033f24bf2245907e3328c94f4f46c12ec6533dbdb2373f081ae811a85de079722833123239896b24fc51499351c3eecfd2ef0ce6562f113919479f4
-
SSDEEP
1536:mAocdpeVoBDulhzHMb7xNAa04Mcg5IKvl5:0cdpeeBSHHMHLf9RyIa
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\73fb34e2780202a04e897ba7a581e2db5423643b71c8d440eb92daa298b1cd49.exe"C:\Users\Admin\AppData\Local\Temp\73fb34e2780202a04e897ba7a581e2db5423643b71c8d440eb92daa298b1cd49.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\828220.exec:\828220.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e06606.exec:\e06606.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\622600.exec:\622600.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtbth.exec:\thtbth.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q24822.exec:\q24822.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbtnn.exec:\bnbtnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\624888.exec:\624888.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvpj.exec:\jpvpj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htthhh.exec:\htthhh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\22226.exec:\22226.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ntnnn.exec:\5ntnnn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2082884.exec:\2082884.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbbtb.exec:\nnbbtb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e80000.exec:\e80000.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s8486.exec:\s8486.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhbnn.exec:\bhhbnn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a2642.exec:\a2642.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnhhh.exec:\nnnhhh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e46000.exec:\e46000.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\062644.exec:\062644.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpv.exec:\ppvpv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhbt.exec:\tnnhbt.exe23⤵
- Executes dropped EXE
-
\??\c:\w428226.exec:\w428226.exe24⤵
- Executes dropped EXE
-
\??\c:\ddpjd.exec:\ddpjd.exe25⤵
- Executes dropped EXE
-
\??\c:\llxlxxx.exec:\llxlxxx.exe26⤵
- Executes dropped EXE
-
\??\c:\bhhhhh.exec:\bhhhhh.exe27⤵
- Executes dropped EXE
-
\??\c:\4448800.exec:\4448800.exe28⤵
- Executes dropped EXE
-
\??\c:\2466666.exec:\2466666.exe29⤵
- Executes dropped EXE
-
\??\c:\bhhhbb.exec:\bhhhbb.exe30⤵
- Executes dropped EXE
-
\??\c:\66226.exec:\66226.exe31⤵
- Executes dropped EXE
-
\??\c:\hbhhbb.exec:\hbhhbb.exe32⤵
- Executes dropped EXE
-
\??\c:\nbtbbh.exec:\nbtbbh.exe33⤵
- Executes dropped EXE
-
\??\c:\3vppj.exec:\3vppj.exe34⤵
- Executes dropped EXE
-
\??\c:\htthtt.exec:\htthtt.exe35⤵
- Executes dropped EXE
-
\??\c:\ppvpp.exec:\ppvpp.exe36⤵
- Executes dropped EXE
-
\??\c:\22600.exec:\22600.exe37⤵
- Executes dropped EXE
-
\??\c:\3httnn.exec:\3httnn.exe38⤵
- Executes dropped EXE
-
\??\c:\q40044.exec:\q40044.exe39⤵
- Executes dropped EXE
-
\??\c:\tbhhhb.exec:\tbhhhb.exe40⤵
- Executes dropped EXE
-
\??\c:\4864606.exec:\4864606.exe41⤵
- Executes dropped EXE
-
\??\c:\e84822.exec:\e84822.exe42⤵
- Executes dropped EXE
-
\??\c:\u222600.exec:\u222600.exe43⤵
- Executes dropped EXE
-
\??\c:\4608822.exec:\4608822.exe44⤵
- Executes dropped EXE
-
\??\c:\tntntt.exec:\tntntt.exe45⤵
- Executes dropped EXE
-
\??\c:\xffxrlf.exec:\xffxrlf.exe46⤵
- Executes dropped EXE
-
\??\c:\24226.exec:\24226.exe47⤵
- Executes dropped EXE
-
\??\c:\bnnnnn.exec:\bnnnnn.exe48⤵
- Executes dropped EXE
-
\??\c:\lfffxrf.exec:\lfffxrf.exe49⤵
- Executes dropped EXE
-
\??\c:\5lllxrr.exec:\5lllxrr.exe50⤵
- Executes dropped EXE
-
\??\c:\44060.exec:\44060.exe51⤵
- Executes dropped EXE
-
\??\c:\24482.exec:\24482.exe52⤵
- Executes dropped EXE
-
\??\c:\tbtttt.exec:\tbtttt.exe53⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\e22266.exec:\e22266.exe54⤵
- Executes dropped EXE
-
\??\c:\nbhhnt.exec:\nbhhnt.exe55⤵
- Executes dropped EXE
-
\??\c:\e24840.exec:\e24840.exe56⤵
- Executes dropped EXE
-
\??\c:\68222.exec:\68222.exe57⤵
- Executes dropped EXE
-
\??\c:\0626028.exec:\0626028.exe58⤵
- Executes dropped EXE
-
\??\c:\nnnhnn.exec:\nnnhnn.exe59⤵
- Executes dropped EXE
-
\??\c:\g4482.exec:\g4482.exe60⤵
- Executes dropped EXE
-
\??\c:\7hnhhh.exec:\7hnhhh.exe61⤵
- Executes dropped EXE
-
\??\c:\040022.exec:\040022.exe62⤵
- Executes dropped EXE
-
\??\c:\620482.exec:\620482.exe63⤵
- Executes dropped EXE
-
\??\c:\ppddj.exec:\ppddj.exe64⤵
- Executes dropped EXE
-
\??\c:\i404822.exec:\i404822.exe65⤵
- Executes dropped EXE
-
\??\c:\hntnnh.exec:\hntnnh.exe66⤵
-
\??\c:\a6600.exec:\a6600.exe67⤵
-
\??\c:\ffxrlff.exec:\ffxrlff.exe68⤵
-
\??\c:\k26424.exec:\k26424.exe69⤵
-
\??\c:\62882.exec:\62882.exe70⤵
-
\??\c:\68004.exec:\68004.exe71⤵
-
\??\c:\lfflffl.exec:\lfflffl.exe72⤵
-
\??\c:\hntnht.exec:\hntnht.exe73⤵
-
\??\c:\484220.exec:\484220.exe74⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe75⤵
-
\??\c:\llfxlfx.exec:\llfxlfx.exe76⤵
-
\??\c:\jjddv.exec:\jjddv.exe77⤵
-
\??\c:\2866046.exec:\2866046.exe78⤵
-
\??\c:\1jjjj.exec:\1jjjj.exe79⤵
-
\??\c:\rxxlllr.exec:\rxxlllr.exe80⤵
-
\??\c:\lxrxxxr.exec:\lxrxxxr.exe81⤵
-
\??\c:\48862.exec:\48862.exe82⤵
-
\??\c:\60004.exec:\60004.exe83⤵
-
\??\c:\224888.exec:\224888.exe84⤵
-
\??\c:\284866.exec:\284866.exe85⤵
-
\??\c:\40222.exec:\40222.exe86⤵
-
\??\c:\3hnnhh.exec:\3hnnhh.exe87⤵
-
\??\c:\vdpjv.exec:\vdpjv.exe88⤵
-
\??\c:\48482.exec:\48482.exe89⤵
-
\??\c:\42820.exec:\42820.exe90⤵
-
\??\c:\e28826.exec:\e28826.exe91⤵
-
\??\c:\7hhhbb.exec:\7hhhbb.exe92⤵
-
\??\c:\82486.exec:\82486.exe93⤵
-
\??\c:\bbtnbb.exec:\bbtnbb.exe94⤵
-
\??\c:\0460000.exec:\0460000.exe95⤵
-
\??\c:\7nnhhb.exec:\7nnhhb.exe96⤵
-
\??\c:\1jpjv.exec:\1jpjv.exe97⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe98⤵
-
\??\c:\040422.exec:\040422.exe99⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe100⤵
-
\??\c:\htnhht.exec:\htnhht.exe101⤵
-
\??\c:\1flfxll.exec:\1flfxll.exe102⤵
-
\??\c:\5xfxfxf.exec:\5xfxfxf.exe103⤵
-
\??\c:\o064820.exec:\o064820.exe104⤵
-
\??\c:\hhbnnn.exec:\hhbnnn.exe105⤵
-
\??\c:\jdddv.exec:\jdddv.exe106⤵
-
\??\c:\066082.exec:\066082.exe107⤵
-
\??\c:\fxrlxxr.exec:\fxrlxxr.exe108⤵
-
\??\c:\1nnhnn.exec:\1nnhnn.exe109⤵
-
\??\c:\vvddv.exec:\vvddv.exe110⤵
-
\??\c:\3hbnht.exec:\3hbnht.exe111⤵
-
\??\c:\0426228.exec:\0426228.exe112⤵
-
\??\c:\a0622.exec:\a0622.exe113⤵
-
\??\c:\6282000.exec:\6282000.exe114⤵
-
\??\c:\djppp.exec:\djppp.exe115⤵
-
\??\c:\e66264.exec:\e66264.exe116⤵
-
\??\c:\xxxlxxr.exec:\xxxlxxr.exe117⤵
-
\??\c:\640426.exec:\640426.exe118⤵
-
\??\c:\httbnn.exec:\httbnn.exe119⤵
-
\??\c:\1dpjd.exec:\1dpjd.exe120⤵
-
\??\c:\406004.exec:\406004.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-