Analysis
-
max time kernel
150s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
19-12-2024 05:51
General
-
Target
354031771af37f4cfe7d31435341e5c8e420f1479edb343476681c4c82029e4c.exe
-
Size
82KB
-
MD5
7b9f0a7b90de77b4940357127d5be098
-
SHA1
95c14897730771404ce4afe3748ff5ac5341fb61
-
SHA256
354031771af37f4cfe7d31435341e5c8e420f1479edb343476681c4c82029e4c
-
SHA512
a4d1e321aa4caedda459290e7ed690c45db5bd141bf565732a70231ec5669fd6ee6a2d64c13e2bc9d89b3886d5472ab244767180424610fe709c4781fd8d4548
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqC5rINFE4yeqB:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqCu4rJ
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\354031771af37f4cfe7d31435341e5c8e420f1479edb343476681c4c82029e4c.exe"C:\Users\Admin\AppData\Local\Temp\354031771af37f4cfe7d31435341e5c8e420f1479edb343476681c4c82029e4c.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjjp.exec:\vdjjp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjj.exec:\dvpjj.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrfrrr.exec:\xrrfrrr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnnhh.exec:\nnnnhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpj.exec:\jvvpj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrrrx.exec:\fxxrrrx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lrrlrl.exec:\3lrrlrl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbtnn.exec:\nhbtnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdp.exec:\pjjdp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvddj.exec:\pvddj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3frrlxr.exec:\3frrlxr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbbth.exec:\htbbth.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjj.exec:\jdjjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxfxll.exec:\fxxfxll.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ntttt.exec:\5ntttt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddppd.exec:\ddppd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djppv.exec:\djppv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxllllr.exec:\rxllllr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbbbb.exec:\bbbbbb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjdv.exec:\djjdv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfrllr.exec:\fxfrllr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbbtt.exec:\bnbbtt.exe23⤵
- Executes dropped EXE
-
\??\c:\djdvv.exec:\djdvv.exe24⤵
- Executes dropped EXE
-
\??\c:\dvvvj.exec:\dvvvj.exe25⤵
- Executes dropped EXE
-
\??\c:\lfllflf.exec:\lfllflf.exe26⤵
- Executes dropped EXE
-
\??\c:\nbhhhh.exec:\nbhhhh.exe27⤵
- Executes dropped EXE
-
\??\c:\nhhbbb.exec:\nhhbbb.exe28⤵
- Executes dropped EXE
-
\??\c:\vjpjd.exec:\vjpjd.exe29⤵
- Executes dropped EXE
-
\??\c:\xxrrfff.exec:\xxrrfff.exe30⤵
- Executes dropped EXE
-
\??\c:\lxflllr.exec:\lxflllr.exe31⤵
- Executes dropped EXE
-
\??\c:\nbbtbb.exec:\nbbtbb.exe32⤵
- Executes dropped EXE
-
\??\c:\pjjdd.exec:\pjjdd.exe33⤵
- Executes dropped EXE
-
\??\c:\dvvpp.exec:\dvvpp.exe34⤵
- Executes dropped EXE
-
\??\c:\ffllxfx.exec:\ffllxfx.exe35⤵
- Executes dropped EXE
-
\??\c:\7xlllxr.exec:\7xlllxr.exe36⤵
- Executes dropped EXE
-
\??\c:\hbnhbn.exec:\hbnhbn.exe37⤵
- Executes dropped EXE
-
\??\c:\7hbthh.exec:\7hbthh.exe38⤵
- Executes dropped EXE
-
\??\c:\rxllffx.exec:\rxllffx.exe39⤵
- Executes dropped EXE
-
\??\c:\tbnhtb.exec:\tbnhtb.exe40⤵
- Executes dropped EXE
-
\??\c:\nbntnn.exec:\nbntnn.exe41⤵
- Executes dropped EXE
-
\??\c:\jpppv.exec:\jpppv.exe42⤵
- Executes dropped EXE
-
\??\c:\pvvpp.exec:\pvvpp.exe43⤵
- Executes dropped EXE
-
\??\c:\llrxffr.exec:\llrxffr.exe44⤵
- Executes dropped EXE
-
\??\c:\xxflxlf.exec:\xxflxlf.exe45⤵
- Executes dropped EXE
-
\??\c:\ttbtbt.exec:\ttbtbt.exe46⤵
- Executes dropped EXE
-
\??\c:\9nhtht.exec:\9nhtht.exe47⤵
- Executes dropped EXE
-
\??\c:\lfxxrxr.exec:\lfxxrxr.exe48⤵
- Executes dropped EXE
-
\??\c:\lfllrrx.exec:\lfllrrx.exe49⤵
- Executes dropped EXE
-
\??\c:\ttnnhh.exec:\ttnnhh.exe50⤵
- Executes dropped EXE
-
\??\c:\3tbbtb.exec:\3tbbtb.exe51⤵
- Executes dropped EXE
-
\??\c:\pjddv.exec:\pjddv.exe52⤵
- Executes dropped EXE
-
\??\c:\rrllfff.exec:\rrllfff.exe53⤵
- Executes dropped EXE
-
\??\c:\xrlllrr.exec:\xrlllrr.exe54⤵
- Executes dropped EXE
-
\??\c:\9thhnn.exec:\9thhnn.exe55⤵
- Executes dropped EXE
-
\??\c:\vvjvp.exec:\vvjvp.exe56⤵
- Executes dropped EXE
-
\??\c:\xlrfxxr.exec:\xlrfxxr.exe57⤵
- Executes dropped EXE
-
\??\c:\hnttnh.exec:\hnttnh.exe58⤵
- Executes dropped EXE
-
\??\c:\vjjdp.exec:\vjjdp.exe59⤵
- Executes dropped EXE
-
\??\c:\xxxxlfl.exec:\xxxxlfl.exe60⤵
- Executes dropped EXE
-
\??\c:\1bhhbn.exec:\1bhhbn.exe61⤵
- Executes dropped EXE
-
\??\c:\ntbtnn.exec:\ntbtnn.exe62⤵
- Executes dropped EXE
-
\??\c:\xrffxrr.exec:\xrffxrr.exe63⤵
- Executes dropped EXE
-
\??\c:\7nbbtb.exec:\7nbbtb.exe64⤵
- Executes dropped EXE
-
\??\c:\btbhbb.exec:\btbhbb.exe65⤵
- Executes dropped EXE
-
\??\c:\9dvpj.exec:\9dvpj.exe66⤵
-
\??\c:\dpvvd.exec:\dpvvd.exe67⤵
-
\??\c:\lffrllf.exec:\lffrllf.exe68⤵
-
\??\c:\tttnnn.exec:\tttnnn.exe69⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe70⤵
-
\??\c:\llrxlrr.exec:\llrxlrr.exe71⤵
-
\??\c:\nbhttn.exec:\nbhttn.exe72⤵
-
\??\c:\1nnhtt.exec:\1nnhtt.exe73⤵
-
\??\c:\bntbbb.exec:\bntbbb.exe74⤵
-
\??\c:\hbnhhh.exec:\hbnhhh.exe75⤵
-
\??\c:\pddpp.exec:\pddpp.exe76⤵
-
\??\c:\rllfxrr.exec:\rllfxrr.exe77⤵
-
\??\c:\fxffffx.exec:\fxffffx.exe78⤵
-
\??\c:\nhtthh.exec:\nhtthh.exe79⤵
-
\??\c:\1tthbt.exec:\1tthbt.exe80⤵
-
\??\c:\jvdjv.exec:\jvdjv.exe81⤵
-
\??\c:\pppjj.exec:\pppjj.exe82⤵
-
\??\c:\rfrrrxr.exec:\rfrrrxr.exe83⤵
-
\??\c:\bnnhbt.exec:\bnnhbt.exe84⤵
-
\??\c:\nnhbtt.exec:\nnhbtt.exe85⤵
-
\??\c:\vvpjd.exec:\vvpjd.exe86⤵
-
\??\c:\rxfxlfx.exec:\rxfxlfx.exe87⤵
-
\??\c:\7frrxxx.exec:\7frrxxx.exe88⤵
-
\??\c:\httntt.exec:\httntt.exe89⤵
-
\??\c:\5tbbtt.exec:\5tbbtt.exe90⤵
-
\??\c:\jvjjd.exec:\jvjjd.exe91⤵
-
\??\c:\rllfxxf.exec:\rllfxxf.exe92⤵
-
\??\c:\xlrrlff.exec:\xlrrlff.exe93⤵
-
\??\c:\tbnhbh.exec:\tbnhbh.exe94⤵
-
\??\c:\9bbbnn.exec:\9bbbnn.exe95⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe96⤵
-
\??\c:\xrlxlxl.exec:\xrlxlxl.exe97⤵
-
\??\c:\httnhh.exec:\httnhh.exe98⤵
-
\??\c:\3pvpd.exec:\3pvpd.exe99⤵
-
\??\c:\vvjdd.exec:\vvjdd.exe100⤵
-
\??\c:\xrxxxxx.exec:\xrxxxxx.exe101⤵
-
\??\c:\xrxrlll.exec:\xrxrlll.exe102⤵
-
\??\c:\5ttnbh.exec:\5ttnbh.exe103⤵
-
\??\c:\1vvpj.exec:\1vvpj.exe104⤵
-
\??\c:\9ppjv.exec:\9ppjv.exe105⤵
-
\??\c:\rrllfxf.exec:\rrllfxf.exe106⤵
-
\??\c:\3rrxxxx.exec:\3rrxxxx.exe107⤵
-
\??\c:\bbbbbt.exec:\bbbbbt.exe108⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe109⤵
-
\??\c:\vdjjv.exec:\vdjjv.exe110⤵
-
\??\c:\xllxlfx.exec:\xllxlfx.exe111⤵
-
\??\c:\flxrrrl.exec:\flxrrrl.exe112⤵
-
\??\c:\thbnbt.exec:\thbnbt.exe113⤵
-
\??\c:\vjdjv.exec:\vjdjv.exe114⤵
-
\??\c:\dpdvp.exec:\dpdvp.exe115⤵
-
\??\c:\lxxlxfl.exec:\lxxlxfl.exe116⤵
-
\??\c:\nbhbtt.exec:\nbhbtt.exe117⤵
-
\??\c:\bhbtnh.exec:\bhbtnh.exe118⤵
-
\??\c:\pppjj.exec:\pppjj.exe119⤵
-
\??\c:\ppjjd.exec:\ppjjd.exe120⤵
-
\??\c:\lxxfrlf.exec:\lxxfrlf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-