Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
19-12-2024 00:35
General
-
Target
68a954c1260e890a6273a024662bbbfaa37844925d1bfd3bbc2eff1c39abbde8.exe
-
Size
71KB
-
MD5
f6f566f622dda5972b3864d8606fe126
-
SHA1
3163e2f4edf8459faa50494c6804ba3062cf147f
-
SHA256
68a954c1260e890a6273a024662bbbfaa37844925d1bfd3bbc2eff1c39abbde8
-
SHA512
56ba0e453b16a78da75b6321717d2969a3be79b28aa69099e65d15ce6a011415da3d3f3d91e1a989d216f3117861dcafd6a49b4eed7f4ddfcad63b15bc1c2c57
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6Mu/ePS3A8N:ymb3NkkiQ3mdBjFI46TQ8N
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\68a954c1260e890a6273a024662bbbfaa37844925d1bfd3bbc2eff1c39abbde8.exe"C:\Users\Admin\AppData\Local\Temp\68a954c1260e890a6273a024662bbbfaa37844925d1bfd3bbc2eff1c39abbde8.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvvp.exec:\ddvvp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pdpd.exec:\1pdpd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhbtn.exec:\thhbtn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhbtn.exec:\bbhbtn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jjvp.exec:\3jjvp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvpp.exec:\dpvpp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrffr.exec:\xrxrffr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbtn.exec:\nbhbtn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdv.exec:\vjjdv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjjd.exec:\vjjjd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllfxxr.exec:\fllfxxr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnbth.exec:\htnbth.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvj.exec:\jvdvj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxrffx.exec:\rlxrffx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhbbb.exec:\hnhbbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhhtn.exec:\thhhtn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvppp.exec:\jvppp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrxlx.exec:\fxlrxlx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1btnhh.exec:\1btnhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dddp.exec:\7dddp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxxrlr.exec:\rxxxrlr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrlffx.exec:\rxrlffx.exe23⤵
- Executes dropped EXE
-
\??\c:\nnhhbb.exec:\nnhhbb.exe24⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe25⤵
- Executes dropped EXE
-
\??\c:\rlrllff.exec:\rlrllff.exe26⤵
- Executes dropped EXE
-
\??\c:\7jjdv.exec:\7jjdv.exe27⤵
- Executes dropped EXE
-
\??\c:\dpvjd.exec:\dpvjd.exe28⤵
- Executes dropped EXE
-
\??\c:\xrrlffx.exec:\xrrlffx.exe29⤵
- Executes dropped EXE
-
\??\c:\hhnnhh.exec:\hhnnhh.exe30⤵
- Executes dropped EXE
-
\??\c:\nbthbt.exec:\nbthbt.exe31⤵
- Executes dropped EXE
-
\??\c:\pppjv.exec:\pppjv.exe32⤵
- Executes dropped EXE
-
\??\c:\1fllfxx.exec:\1fllfxx.exe33⤵
- Executes dropped EXE
-
\??\c:\nhbthb.exec:\nhbthb.exe34⤵
- Executes dropped EXE
-
\??\c:\vdppv.exec:\vdppv.exe35⤵
- Executes dropped EXE
-
\??\c:\ddvdv.exec:\ddvdv.exe36⤵
- Executes dropped EXE
-
\??\c:\7rflfxr.exec:\7rflfxr.exe37⤵
- Executes dropped EXE
-
\??\c:\xrrxfff.exec:\xrrxfff.exe38⤵
- Executes dropped EXE
-
\??\c:\hhbhhb.exec:\hhbhhb.exe39⤵
- Executes dropped EXE
-
\??\c:\jdjpp.exec:\jdjpp.exe40⤵
- Executes dropped EXE
-
\??\c:\5vpdd.exec:\5vpdd.exe41⤵
- Executes dropped EXE
-
\??\c:\rrfffll.exec:\rrfffll.exe42⤵
- Executes dropped EXE
-
\??\c:\nnnttt.exec:\nnnttt.exe43⤵
- Executes dropped EXE
-
\??\c:\nbnhtt.exec:\nbnhtt.exe44⤵
- Executes dropped EXE
-
\??\c:\dpjjd.exec:\dpjjd.exe45⤵
- Executes dropped EXE
-
\??\c:\rrrrrrr.exec:\rrrrrrr.exe46⤵
- Executes dropped EXE
-
\??\c:\xrxrrxr.exec:\xrxrrxr.exe47⤵
- Executes dropped EXE
-
\??\c:\flxfrfx.exec:\flxfrfx.exe48⤵
- Executes dropped EXE
-
\??\c:\nhnhbb.exec:\nhnhbb.exe49⤵
- Executes dropped EXE
-
\??\c:\vpppj.exec:\vpppj.exe50⤵
- Executes dropped EXE
-
\??\c:\7rrrflf.exec:\7rrrflf.exe51⤵
- Executes dropped EXE
-
\??\c:\tnnttb.exec:\tnnttb.exe52⤵
- Executes dropped EXE
-
\??\c:\nntnhh.exec:\nntnhh.exe53⤵
- Executes dropped EXE
-
\??\c:\jddjd.exec:\jddjd.exe54⤵
- Executes dropped EXE
-
\??\c:\rlrrlll.exec:\rlrrlll.exe55⤵
- Executes dropped EXE
-
\??\c:\9nbtbh.exec:\9nbtbh.exe56⤵
- Executes dropped EXE
-
\??\c:\vddjv.exec:\vddjv.exe57⤵
- Executes dropped EXE
-
\??\c:\dpvpp.exec:\dpvpp.exe58⤵
- Executes dropped EXE
-
\??\c:\frfxxrl.exec:\frfxxrl.exe59⤵
- Executes dropped EXE
-
\??\c:\flfllrr.exec:\flfllrr.exe60⤵
- Executes dropped EXE
-
\??\c:\bthbbb.exec:\bthbbb.exe61⤵
- Executes dropped EXE
-
\??\c:\jjpjd.exec:\jjpjd.exe62⤵
- Executes dropped EXE
-
\??\c:\fflllfx.exec:\fflllfx.exe63⤵
- Executes dropped EXE
-
\??\c:\bnbtnn.exec:\bnbtnn.exe64⤵
- Executes dropped EXE
-
\??\c:\nhhbtb.exec:\nhhbtb.exe65⤵
- Executes dropped EXE
-
\??\c:\vpjjp.exec:\vpjjp.exe66⤵
-
\??\c:\lfxlrrx.exec:\lfxlrrx.exe67⤵
-
\??\c:\hnnnth.exec:\hnnnth.exe68⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe69⤵
-
\??\c:\bnnhhh.exec:\bnnhhh.exe70⤵
-
\??\c:\ppppj.exec:\ppppj.exe71⤵
-
\??\c:\lxfrllf.exec:\lxfrllf.exe72⤵
-
\??\c:\3lfxrlf.exec:\3lfxrlf.exe73⤵
- System Location Discovery: System Language Discovery
-
\??\c:\btnttn.exec:\btnttn.exe74⤵
-
\??\c:\djpjj.exec:\djpjj.exe75⤵
-
\??\c:\jddjv.exec:\jddjv.exe76⤵
-
\??\c:\llxxxlf.exec:\llxxxlf.exe77⤵
-
\??\c:\3htnnh.exec:\3htnnh.exe78⤵
-
\??\c:\9ttntt.exec:\9ttntt.exe79⤵
-
\??\c:\djdvp.exec:\djdvp.exe80⤵
-
\??\c:\lxffrlf.exec:\lxffrlf.exe81⤵
-
\??\c:\fllfffr.exec:\fllfffr.exe82⤵
-
\??\c:\7hbttn.exec:\7hbttn.exe83⤵
-
\??\c:\httnhb.exec:\httnhb.exe84⤵
-
\??\c:\jjpjd.exec:\jjpjd.exe85⤵
-
\??\c:\llrrfff.exec:\llrrfff.exe86⤵
-
\??\c:\flllffx.exec:\flllffx.exe87⤵
-
\??\c:\tnhnnh.exec:\tnhnnh.exe88⤵
-
\??\c:\3bbthb.exec:\3bbthb.exe89⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe90⤵
-
\??\c:\lfllllx.exec:\lfllllx.exe91⤵
-
\??\c:\rrllffx.exec:\rrllffx.exe92⤵
-
\??\c:\nhbttt.exec:\nhbttt.exe93⤵
-
\??\c:\9pvjj.exec:\9pvjj.exe94⤵
-
\??\c:\xrxrfrl.exec:\xrxrfrl.exe95⤵
-
\??\c:\tnnbtt.exec:\tnnbtt.exe96⤵
-
\??\c:\vdvjd.exec:\vdvjd.exe97⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe98⤵
-
\??\c:\xflfrxr.exec:\xflfrxr.exe99⤵
-
\??\c:\tntnhb.exec:\tntnhb.exe100⤵
-
\??\c:\1bthtt.exec:\1bthtt.exe101⤵
-
\??\c:\vpppd.exec:\vpppd.exe102⤵
-
\??\c:\xxfxxxf.exec:\xxfxxxf.exe103⤵
-
\??\c:\frxrlfx.exec:\frxrlfx.exe104⤵
-
\??\c:\nhhtnn.exec:\nhhtnn.exe105⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe106⤵
-
\??\c:\pddvj.exec:\pddvj.exe107⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe108⤵
-
\??\c:\rlrlfxx.exec:\rlrlfxx.exe109⤵
-
\??\c:\thhhbb.exec:\thhhbb.exe110⤵
-
\??\c:\dpdvj.exec:\dpdvj.exe111⤵
-
\??\c:\djvjd.exec:\djvjd.exe112⤵
-
\??\c:\xrrlxrr.exec:\xrrlxrr.exe113⤵
-
\??\c:\tnnttn.exec:\tnnttn.exe114⤵
-
\??\c:\nntbnn.exec:\nntbnn.exe115⤵
-
\??\c:\ddddp.exec:\ddddp.exe116⤵
-
\??\c:\7llxrlf.exec:\7llxrlf.exe117⤵
-
\??\c:\lrlfxrl.exec:\lrlfxrl.exe118⤵
-
\??\c:\hhhbnn.exec:\hhhbnn.exe119⤵
-
\??\c:\1hbthh.exec:\1hbthh.exe120⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-