Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
20-12-2024 03:01
General
-
Target
874dff840b18a7be75b75f9cb07abe86bafb1661173102186ac7842bec414e85.exe
-
Size
93KB
-
MD5
789612a58fd4b8deaca1dcd85daa895d
-
SHA1
2c227d9ad452da6a3e763e2ab15908f9bf545031
-
SHA256
874dff840b18a7be75b75f9cb07abe86bafb1661173102186ac7842bec414e85
-
SHA512
888e6de09c4f9ea6e52829ddc20ef6a2530386820e4613cbe377217a004e6ca3ba3818a5b1aaac1ccbbb5f994eb32720e85d1c35cf3a9cb8da92bbede1951a79
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73t6MlYqn+jMp99zx/A0UtgK:ymb3NkkiQ3mdBjFo73tvn+Yp99zDut
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\874dff840b18a7be75b75f9cb07abe86bafb1661173102186ac7842bec414e85.exe"C:\Users\Admin\AppData\Local\Temp\874dff840b18a7be75b75f9cb07abe86bafb1661173102186ac7842bec414e85.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjp.exec:\pjdjp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxrxxr.exec:\rrxrxxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttthnt.exec:\ttthnt.exe4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxlrxr.exec:\lrxlrxr.exe5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbttb.exec:\hnbttb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjjj.exec:\vdjjj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntbnt.exec:\tntbnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrxlrl.exec:\frrxlrl.exe9⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\hhttnn.exec:\hhttnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppdp.exec:\pppdp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrlfxx.exec:\rfrlfxx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddjd.exec:\dddjd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxllr.exec:\rrxxllr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvvp.exec:\jdvvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxxfl.exec:\lffxxfl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnnhh.exec:\btnnhh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfllfff.exec:\lfllfff.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnnhb.exec:\htnnhb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppjv.exec:\pppjv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrxrlr.exec:\rlrxrlr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbtbb.exec:\bnbtbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpppp.exec:\dpppp.exe23⤵
- Executes dropped EXE
-
\??\c:\rxxxrxr.exec:\rxxxrxr.exe24⤵
- Executes dropped EXE
-
\??\c:\thbnnh.exec:\thbnnh.exe25⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe26⤵
- Executes dropped EXE
-
\??\c:\fxfllll.exec:\fxfllll.exe27⤵
- Executes dropped EXE
-
\??\c:\jjppj.exec:\jjppj.exe28⤵
- Executes dropped EXE
-
\??\c:\ffxfxfl.exec:\ffxfxfl.exe29⤵
- Executes dropped EXE
-
\??\c:\bbbhnb.exec:\bbbhnb.exe30⤵
- Executes dropped EXE
-
\??\c:\vjvvp.exec:\vjvvp.exe31⤵
- Executes dropped EXE
-
\??\c:\ffrlxfr.exec:\ffrlxfr.exe32⤵
- Executes dropped EXE
-
\??\c:\bbhhhh.exec:\bbhhhh.exe33⤵
- Executes dropped EXE
-
\??\c:\vpjpp.exec:\vpjpp.exe34⤵
- Executes dropped EXE
-
\??\c:\xrxrrrl.exec:\xrxrrrl.exe35⤵
- Executes dropped EXE
-
\??\c:\tthnhh.exec:\tthnhh.exe36⤵
- Executes dropped EXE
-
\??\c:\ppddp.exec:\ppddp.exe37⤵
- Executes dropped EXE
-
\??\c:\rllfxxr.exec:\rllfxxr.exe38⤵
- Executes dropped EXE
-
\??\c:\httnbt.exec:\httnbt.exe39⤵
- Executes dropped EXE
-
\??\c:\dvdvv.exec:\dvdvv.exe40⤵
- Executes dropped EXE
-
\??\c:\lxrrxlf.exec:\lxrrxlf.exe41⤵
- Executes dropped EXE
-
\??\c:\bhnhbt.exec:\bhnhbt.exe42⤵
- Executes dropped EXE
-
\??\c:\frxllrr.exec:\frxllrr.exe43⤵
- Executes dropped EXE
-
\??\c:\bhthbn.exec:\bhthbn.exe44⤵
- Executes dropped EXE
-
\??\c:\pjddd.exec:\pjddd.exe45⤵
- Executes dropped EXE
-
\??\c:\hbnbnb.exec:\hbnbnb.exe46⤵
- Executes dropped EXE
-
\??\c:\nntttt.exec:\nntttt.exe47⤵
- Executes dropped EXE
-
\??\c:\jjvvp.exec:\jjvvp.exe48⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\lxllfxx.exec:\lxllfxx.exe49⤵
- Executes dropped EXE
-
\??\c:\hhhhnn.exec:\hhhhnn.exe50⤵
- Executes dropped EXE
-
\??\c:\btbtnn.exec:\btbtnn.exe51⤵
- Executes dropped EXE
-
\??\c:\ddvdd.exec:\ddvdd.exe52⤵
- Executes dropped EXE
-
\??\c:\5frrrrr.exec:\5frrrrr.exe53⤵
- Executes dropped EXE
-
\??\c:\btbbbb.exec:\btbbbb.exe54⤵
- Executes dropped EXE
-
\??\c:\9hbbnh.exec:\9hbbnh.exe55⤵
- Executes dropped EXE
-
\??\c:\jjddd.exec:\jjddd.exe56⤵
- Executes dropped EXE
-
\??\c:\ttnhhh.exec:\ttnhhh.exe57⤵
- Executes dropped EXE
-
\??\c:\pdvjd.exec:\pdvjd.exe58⤵
- Executes dropped EXE
-
\??\c:\rxxxrrf.exec:\rxxxrrf.exe59⤵
- Executes dropped EXE
-
\??\c:\lffffll.exec:\lffffll.exe60⤵
- Executes dropped EXE
-
\??\c:\ddppp.exec:\ddppp.exe61⤵
- Executes dropped EXE
-
\??\c:\lrrlxxl.exec:\lrrlxxl.exe62⤵
- Executes dropped EXE
-
\??\c:\hhnnhb.exec:\hhnnhb.exe63⤵
- Executes dropped EXE
-
\??\c:\pdjjd.exec:\pdjjd.exe64⤵
- Executes dropped EXE
-
\??\c:\ppvvj.exec:\ppvvj.exe65⤵
- Executes dropped EXE
-
\??\c:\3lrlfff.exec:\3lrlfff.exe66⤵
-
\??\c:\ntbtth.exec:\ntbtth.exe67⤵
-
\??\c:\jdddv.exec:\jdddv.exe68⤵
-
\??\c:\vdjjd.exec:\vdjjd.exe69⤵
-
\??\c:\9rrrrrf.exec:\9rrrrrf.exe70⤵
-
\??\c:\bttttb.exec:\bttttb.exe71⤵
-
\??\c:\jjppv.exec:\jjppv.exe72⤵
-
\??\c:\7lxrffl.exec:\7lxrffl.exe73⤵
-
\??\c:\hbtnnn.exec:\hbtnnn.exe74⤵
-
\??\c:\btbbnn.exec:\btbbnn.exe75⤵
-
\??\c:\ddpdv.exec:\ddpdv.exe76⤵
-
\??\c:\ffrrxxr.exec:\ffrrxxr.exe77⤵
-
\??\c:\btbbbh.exec:\btbbbh.exe78⤵
-
\??\c:\lfrxlrr.exec:\lfrxlrr.exe79⤵
-
\??\c:\rrfffll.exec:\rrfffll.exe80⤵
-
\??\c:\ntbbhn.exec:\ntbbhn.exe81⤵
-
\??\c:\pppdd.exec:\pppdd.exe82⤵
-
\??\c:\llxflrf.exec:\llxflrf.exe83⤵
-
\??\c:\lrrllll.exec:\lrrllll.exe84⤵
-
\??\c:\ttbhhh.exec:\ttbhhh.exe85⤵
-
\??\c:\djjjj.exec:\djjjj.exe86⤵
-
\??\c:\frxrrll.exec:\frxrrll.exe87⤵
-
\??\c:\hbhbhh.exec:\hbhbhh.exe88⤵
-
\??\c:\bnbbhh.exec:\bnbbhh.exe89⤵
-
\??\c:\jvddd.exec:\jvddd.exe90⤵
-
\??\c:\9pjjd.exec:\9pjjd.exe91⤵
-
\??\c:\rlrrfrr.exec:\rlrrfrr.exe92⤵
-
\??\c:\nbtbtb.exec:\nbtbtb.exe93⤵
-
\??\c:\nnnhbb.exec:\nnnhbb.exe94⤵
-
\??\c:\vjppj.exec:\vjppj.exe95⤵
-
\??\c:\xfrrxfl.exec:\xfrrxfl.exe96⤵
-
\??\c:\lrrxxxx.exec:\lrrxxxx.exe97⤵
-
\??\c:\nhhhbb.exec:\nhhhbb.exe98⤵
-
\??\c:\pvddv.exec:\pvddv.exe99⤵
-
\??\c:\1xxxxxx.exec:\1xxxxxx.exe100⤵
-
\??\c:\lfrrlrl.exec:\lfrrlrl.exe101⤵
-
\??\c:\nnhhbb.exec:\nnhhbb.exe102⤵
-
\??\c:\jpvdv.exec:\jpvdv.exe103⤵
-
\??\c:\rffxfff.exec:\rffxfff.exe104⤵
-
\??\c:\rlxxxll.exec:\rlxxxll.exe105⤵
-
\??\c:\hbhbbn.exec:\hbhbbn.exe106⤵
-
\??\c:\tttttt.exec:\tttttt.exe107⤵
-
\??\c:\pdjjp.exec:\pdjjp.exe108⤵
-
\??\c:\1xllfll.exec:\1xllfll.exe109⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe110⤵
-
\??\c:\dddvv.exec:\dddvv.exe111⤵
-
\??\c:\dpjpd.exec:\dpjpd.exe112⤵
-
\??\c:\llfxrxx.exec:\llfxrxx.exe113⤵
-
\??\c:\bhttnb.exec:\bhttnb.exe114⤵
-
\??\c:\dpdvd.exec:\dpdvd.exe115⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe116⤵
-
\??\c:\lflffff.exec:\lflffff.exe117⤵
-
\??\c:\hhhbhb.exec:\hhhbhb.exe118⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe119⤵
-
\??\c:\llrllrl.exec:\llrllrl.exe120⤵
-
\??\c:\rxlfxxx.exec:\rxlfxxx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-