Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
18-12-2024 11:29
General
-
Target
3e916277ce2cead7ba5d6c904646e89d28d5103e4c7e91b8a960ecd32bf2e829N.exe
-
Size
67KB
-
MD5
4ec5e556585cf8ab72044074b67564f0
-
SHA1
9f93105757004fa91d5115070e6c19ac3b1575c8
-
SHA256
3e916277ce2cead7ba5d6c904646e89d28d5103e4c7e91b8a960ecd32bf2e829
-
SHA512
26ea00f1e73d697cc80150cb23d737c0079fb5ee9b31a30cacf667d254cc2394abd34f99c8e16a20d02ab6e7b8132540d092abb7e5f7e6cfc9db7a7b4f365e86
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yU+kbxe7:ymb3NkkiQ3mdBjF0y7kbU7
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3e916277ce2cead7ba5d6c904646e89d28d5103e4c7e91b8a960ecd32bf2e829N.exe"C:\Users\Admin\AppData\Local\Temp\3e916277ce2cead7ba5d6c904646e89d28d5103e4c7e91b8a960ecd32bf2e829N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrfrfl.exec:\lrrfrfl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httnnn.exec:\httnnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtnnn.exec:\nhtnnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppddd.exec:\ppddd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxxrrr.exec:\rxxxrrr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfxrl.exec:\lflfxrl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhnn.exec:\bthhnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvvj.exec:\pvvvj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xfxrrl.exec:\3xfxrrl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhhbb.exec:\nnhhbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbtth.exec:\hbbtth.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jppd.exec:\5jppd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxxrrr.exec:\lrxxrrr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnttnt.exec:\bnttnt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpvv.exec:\dvpvv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrfrlx.exec:\flrfrlx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbtbt.exec:\bnbtbt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hbnbt.exec:\5hbnbt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddpd.exec:\jddpd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrlrlf.exec:\xxrlrlf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbttbb.exec:\hbttbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbhnb.exec:\hbbhnb.exe23⤵
- Executes dropped EXE
-
\??\c:\ppppp.exec:\ppppp.exe24⤵
- Executes dropped EXE
-
\??\c:\rxxlfrl.exec:\rxxlfrl.exe25⤵
- Executes dropped EXE
-
\??\c:\bntnbt.exec:\bntnbt.exe26⤵
- Executes dropped EXE
-
\??\c:\djvdp.exec:\djvdp.exe27⤵
- Executes dropped EXE
-
\??\c:\lfflfxl.exec:\lfflfxl.exe28⤵
- Executes dropped EXE
-
\??\c:\lfrlfxl.exec:\lfrlfxl.exe29⤵
- Executes dropped EXE
-
\??\c:\nbnhhn.exec:\nbnhhn.exe30⤵
- Executes dropped EXE
-
\??\c:\vppdp.exec:\vppdp.exe31⤵
- Executes dropped EXE
-
\??\c:\nbbntb.exec:\nbbntb.exe32⤵
- Executes dropped EXE
-
\??\c:\pjjdp.exec:\pjjdp.exe33⤵
- Executes dropped EXE
-
\??\c:\jddpd.exec:\jddpd.exe34⤵
- Executes dropped EXE
-
\??\c:\5lxrlrl.exec:\5lxrlrl.exe35⤵
- Executes dropped EXE
-
\??\c:\xlfrrlx.exec:\xlfrrlx.exe36⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\tbtnbb.exec:\tbtnbb.exe37⤵
- Executes dropped EXE
-
\??\c:\pdjvp.exec:\pdjvp.exe38⤵
- Executes dropped EXE
-
\??\c:\1vdpv.exec:\1vdpv.exe39⤵
- Executes dropped EXE
-
\??\c:\9ddvj.exec:\9ddvj.exe40⤵
- Executes dropped EXE
-
\??\c:\fllxlfr.exec:\fllxlfr.exe41⤵
- Executes dropped EXE
-
\??\c:\fxxrrxr.exec:\fxxrrxr.exe42⤵
- Executes dropped EXE
-
\??\c:\nbthth.exec:\nbthth.exe43⤵
- Executes dropped EXE
-
\??\c:\pjvpd.exec:\pjvpd.exe44⤵
- Executes dropped EXE
-
\??\c:\jddpj.exec:\jddpj.exe45⤵
- Executes dropped EXE
-
\??\c:\flrfrfx.exec:\flrfrfx.exe46⤵
- Executes dropped EXE
-
\??\c:\rfrlxrf.exec:\rfrlxrf.exe47⤵
- Executes dropped EXE
-
\??\c:\hbnhbb.exec:\hbnhbb.exe48⤵
- Executes dropped EXE
-
\??\c:\lrfrlxl.exec:\lrfrlxl.exe49⤵
- Executes dropped EXE
-
\??\c:\nnhntb.exec:\nnhntb.exe50⤵
- Executes dropped EXE
-
\??\c:\nththt.exec:\nththt.exe51⤵
- Executes dropped EXE
-
\??\c:\vdvpj.exec:\vdvpj.exe52⤵
- Executes dropped EXE
-
\??\c:\vjvpp.exec:\vjvpp.exe53⤵
- Executes dropped EXE
-
\??\c:\fxrfxlf.exec:\fxrfxlf.exe54⤵
- Executes dropped EXE
-
\??\c:\5xxfrxr.exec:\5xxfrxr.exe55⤵
- Executes dropped EXE
-
\??\c:\1vpdv.exec:\1vpdv.exe56⤵
- Executes dropped EXE
-
\??\c:\1rxrllf.exec:\1rxrllf.exe57⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\lxrrllf.exec:\lxrrllf.exe58⤵
- Executes dropped EXE
-
\??\c:\9btnhh.exec:\9btnhh.exe59⤵
- Executes dropped EXE
-
\??\c:\dpvpd.exec:\dpvpd.exe60⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe61⤵
- Executes dropped EXE
-
\??\c:\xffffff.exec:\xffffff.exe62⤵
- Executes dropped EXE
-
\??\c:\fxxxxxf.exec:\fxxxxxf.exe63⤵
- Executes dropped EXE
-
\??\c:\tnbbhh.exec:\tnbbhh.exe64⤵
- Executes dropped EXE
-
\??\c:\nhhbhh.exec:\nhhbhh.exe65⤵
- Executes dropped EXE
-
\??\c:\jvpdv.exec:\jvpdv.exe66⤵
-
\??\c:\7fxrllf.exec:\7fxrllf.exe67⤵
-
\??\c:\frrlffx.exec:\frrlffx.exe68⤵
-
\??\c:\bntbbh.exec:\bntbbh.exe69⤵
-
\??\c:\bbhbtt.exec:\bbhbtt.exe70⤵
-
\??\c:\3jjdp.exec:\3jjdp.exe71⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe72⤵
-
\??\c:\xlfxrrl.exec:\xlfxrrl.exe73⤵
-
\??\c:\lfrxxll.exec:\lfrxxll.exe74⤵
-
\??\c:\3btbtb.exec:\3btbtb.exe75⤵
-
\??\c:\bhnnbb.exec:\bhnnbb.exe76⤵
-
\??\c:\pvdvp.exec:\pvdvp.exe77⤵
-
\??\c:\vjvvp.exec:\vjvvp.exe78⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe79⤵
-
\??\c:\fxrlrrf.exec:\fxrlrrf.exe80⤵
-
\??\c:\ffrrxxf.exec:\ffrrxxf.exe81⤵
-
\??\c:\tnhhbt.exec:\tnhhbt.exe82⤵
-
\??\c:\hbbtnh.exec:\hbbtnh.exe83⤵
-
\??\c:\vdpjj.exec:\vdpjj.exe84⤵
-
\??\c:\lllxffr.exec:\lllxffr.exe85⤵
-
\??\c:\rlrlfff.exec:\rlrlfff.exe86⤵
-
\??\c:\hbbhhh.exec:\hbbhhh.exe87⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe88⤵
-
\??\c:\jvpjd.exec:\jvpjd.exe89⤵
-
\??\c:\lfflxfx.exec:\lfflxfx.exe90⤵
-
\??\c:\xllfrrl.exec:\xllfrrl.exe91⤵
-
\??\c:\htthtn.exec:\htthtn.exe92⤵
-
\??\c:\tbbbtt.exec:\tbbbtt.exe93⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe94⤵
-
\??\c:\jpvjd.exec:\jpvjd.exe95⤵
-
\??\c:\5xffxxx.exec:\5xffxxx.exe96⤵
-
\??\c:\lrffffx.exec:\lrffffx.exe97⤵
-
\??\c:\9tbhbh.exec:\9tbhbh.exe98⤵
-
\??\c:\9bttht.exec:\9bttht.exe99⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe100⤵
-
\??\c:\3ppjv.exec:\3ppjv.exe101⤵
-
\??\c:\fxrlrlf.exec:\fxrlrlf.exe102⤵
-
\??\c:\nttnhh.exec:\nttnhh.exe103⤵
- System Location Discovery: System Language Discovery
-
\??\c:\7ntnhn.exec:\7ntnhn.exe104⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe105⤵
-
\??\c:\llxxlrf.exec:\llxxlrf.exe106⤵
-
\??\c:\hbtbnh.exec:\hbtbnh.exe107⤵
-
\??\c:\xfrxlfx.exec:\xfrxlfx.exe108⤵
-
\??\c:\thhhhh.exec:\thhhhh.exe109⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe110⤵
-
\??\c:\rxlfxrf.exec:\rxlfxrf.exe111⤵
-
\??\c:\xlffxfx.exec:\xlffxfx.exe112⤵
-
\??\c:\xxxxffl.exec:\xxxxffl.exe113⤵
-
\??\c:\hnbbbb.exec:\hnbbbb.exe114⤵
-
\??\c:\jvppv.exec:\jvppv.exe115⤵
-
\??\c:\ddddd.exec:\ddddd.exe116⤵
-
\??\c:\xrxxfxl.exec:\xrxxfxl.exe117⤵
-
\??\c:\fxfxxxx.exec:\fxfxxxx.exe118⤵
-
\??\c:\1nhtnh.exec:\1nhtnh.exe119⤵
-
\??\c:\htnhbt.exec:\htnhbt.exe120⤵
-
\??\c:\ppdvd.exec:\ppdvd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-