Analysis
-
max time kernel
120s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
21-12-2024 22:15
General
-
Target
7650f3613bdcffe6ad8383e31547ef76c1f0f7077c63c111144e39f71b26686b.exe
-
Size
53KB
-
MD5
864bf3fac5dde4189a2ec07d7f651cc5
-
SHA1
23d2923fc8be4ae09ccbc158112fbe5c57b6bafb
-
SHA256
7650f3613bdcffe6ad8383e31547ef76c1f0f7077c63c111144e39f71b26686b
-
SHA512
1b74a2052d9f37771b672ec064b383742abf0b110b17ab1bf023d4444ba1bedc23dc9777e532d6b81bb8886be412fcc90a7dafe73b355a8c6670151a82126bdc
-
SSDEEP
1536:mAocdpeVoBDulhzHMb7xNAa04Mcg5IKvlm:0cdpeeBSHHMHLf9RyIB
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7650f3613bdcffe6ad8383e31547ef76c1f0f7077c63c111144e39f71b26686b.exe"C:\Users\Admin\AppData\Local\Temp\7650f3613bdcffe6ad8383e31547ef76c1f0f7077c63c111144e39f71b26686b.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lffrffr.exec:\lffrffr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdj.exec:\vpjdj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxxxr.exec:\rlxxxxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnhhh.exec:\hnnhhh.exe5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\086684.exec:\086684.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m4008.exec:\m4008.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\62000.exec:\62000.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e82622.exec:\e82622.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdjd.exec:\dpdjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvpv.exec:\jjvpv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8248440.exec:\8248440.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjjp.exec:\pvjjp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\20448.exec:\20448.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\80882.exec:\80882.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a6080.exec:\a6080.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\44066.exec:\44066.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbtnbh.exec:\tbtnbh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxxrfx.exec:\frxxrfx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\62886.exec:\62886.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrfrrf.exec:\xrrfrrf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s4448.exec:\s4448.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\84828.exec:\84828.exe23⤵
- Executes dropped EXE
-
\??\c:\0624460.exec:\0624460.exe24⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\8204264.exec:\8204264.exe25⤵
- Executes dropped EXE
-
\??\c:\9pvjd.exec:\9pvjd.exe26⤵
- Executes dropped EXE
-
\??\c:\e06660.exec:\e06660.exe27⤵
- Executes dropped EXE
-
\??\c:\08422.exec:\08422.exe28⤵
- Executes dropped EXE
-
\??\c:\5ttnbb.exec:\5ttnbb.exe29⤵
- Executes dropped EXE
-
\??\c:\8200042.exec:\8200042.exe30⤵
- Executes dropped EXE
-
\??\c:\2206062.exec:\2206062.exe31⤵
- Executes dropped EXE
-
\??\c:\jjdjj.exec:\jjdjj.exe32⤵
- Executes dropped EXE
-
\??\c:\80666.exec:\80666.exe33⤵
- Executes dropped EXE
-
\??\c:\24604.exec:\24604.exe34⤵
- Executes dropped EXE
-
\??\c:\022222.exec:\022222.exe35⤵
- Executes dropped EXE
-
\??\c:\jdpvj.exec:\jdpvj.exe36⤵
- Executes dropped EXE
-
\??\c:\jjvjj.exec:\jjvjj.exe37⤵
- Executes dropped EXE
-
\??\c:\vpdvv.exec:\vpdvv.exe38⤵
- Executes dropped EXE
-
\??\c:\xlffrrf.exec:\xlffrrf.exe39⤵
- Executes dropped EXE
-
\??\c:\jvvvj.exec:\jvvvj.exe40⤵
- Executes dropped EXE
-
\??\c:\8060008.exec:\8060008.exe41⤵
- Executes dropped EXE
-
\??\c:\q84088.exec:\q84088.exe42⤵
- Executes dropped EXE
-
\??\c:\6668284.exec:\6668284.exe43⤵
- Executes dropped EXE
-
\??\c:\48422.exec:\48422.exe44⤵
- Executes dropped EXE
-
\??\c:\lxxrffr.exec:\lxxrffr.exe45⤵
- Executes dropped EXE
-
\??\c:\xfxrfrf.exec:\xfxrfrf.exe46⤵
- Executes dropped EXE
-
\??\c:\2246266.exec:\2246266.exe47⤵
- Executes dropped EXE
-
\??\c:\1pddj.exec:\1pddj.exe48⤵
- Executes dropped EXE
-
\??\c:\w64644.exec:\w64644.exe49⤵
- Executes dropped EXE
-
\??\c:\xxxlrfx.exec:\xxxlrfx.exe50⤵
- Executes dropped EXE
-
\??\c:\ddddddv.exec:\ddddddv.exe51⤵
- Executes dropped EXE
-
\??\c:\lxrrllf.exec:\lxrrllf.exe52⤵
- Executes dropped EXE
-
\??\c:\622422.exec:\622422.exe53⤵
- Executes dropped EXE
-
\??\c:\602664.exec:\602664.exe54⤵
- Executes dropped EXE
-
\??\c:\2064608.exec:\2064608.exe55⤵
- Executes dropped EXE
-
\??\c:\ddddd.exec:\ddddd.exe56⤵
- Executes dropped EXE
-
\??\c:\rllxlfr.exec:\rllxlfr.exe57⤵
- Executes dropped EXE
-
\??\c:\622204.exec:\622204.exe58⤵
- Executes dropped EXE
-
\??\c:\88666.exec:\88666.exe59⤵
- Executes dropped EXE
-
\??\c:\rxxxfff.exec:\rxxxfff.exe60⤵
- Executes dropped EXE
-
\??\c:\lffxrrl.exec:\lffxrrl.exe61⤵
- Executes dropped EXE
-
\??\c:\84282.exec:\84282.exe62⤵
- Executes dropped EXE
-
\??\c:\7vvpj.exec:\7vvpj.exe63⤵
- Executes dropped EXE
-
\??\c:\vjdvp.exec:\vjdvp.exe64⤵
- Executes dropped EXE
-
\??\c:\rxrrffx.exec:\rxrrffx.exe65⤵
- Executes dropped EXE
-
\??\c:\9htnhb.exec:\9htnhb.exe66⤵
-
\??\c:\248260.exec:\248260.exe67⤵
-
\??\c:\q68262.exec:\q68262.exe68⤵
-
\??\c:\bbhbbt.exec:\bbhbbt.exe69⤵
-
\??\c:\268888.exec:\268888.exe70⤵
-
\??\c:\jddvd.exec:\jddvd.exe71⤵
-
\??\c:\2404844.exec:\2404844.exe72⤵
-
\??\c:\84442.exec:\84442.exe73⤵
-
\??\c:\3fxrxfl.exec:\3fxrxfl.exe74⤵
-
\??\c:\lxxrlll.exec:\lxxrlll.exe75⤵
-
\??\c:\444488.exec:\444488.exe76⤵
-
\??\c:\00684.exec:\00684.exe77⤵
-
\??\c:\5nnhhh.exec:\5nnhhh.exe78⤵
-
\??\c:\5hhnbh.exec:\5hhnbh.exe79⤵
-
\??\c:\hhhbnh.exec:\hhhbnh.exe80⤵
-
\??\c:\dvdjj.exec:\dvdjj.exe81⤵
-
\??\c:\btbtbb.exec:\btbtbb.exe82⤵
-
\??\c:\tnbtnn.exec:\tnbtnn.exe83⤵
-
\??\c:\pvpjp.exec:\pvpjp.exe84⤵
-
\??\c:\5pjdp.exec:\5pjdp.exe85⤵
-
\??\c:\tttnnn.exec:\tttnnn.exe86⤵
-
\??\c:\ntnhtt.exec:\ntnhtt.exe87⤵
-
\??\c:\i248200.exec:\i248200.exe88⤵
-
\??\c:\428420.exec:\428420.exe89⤵
-
\??\c:\nttthn.exec:\nttthn.exe90⤵
-
\??\c:\o244480.exec:\o244480.exe91⤵
-
\??\c:\nhbttn.exec:\nhbttn.exe92⤵
-
\??\c:\lffxllx.exec:\lffxllx.exe93⤵
-
\??\c:\622848.exec:\622848.exe94⤵
-
\??\c:\s4482.exec:\s4482.exe95⤵
-
\??\c:\2262024.exec:\2262024.exe96⤵
-
\??\c:\0404886.exec:\0404886.exe97⤵
-
\??\c:\262648.exec:\262648.exe98⤵
-
\??\c:\w68260.exec:\w68260.exe99⤵
-
\??\c:\tthbnb.exec:\tthbnb.exe100⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe101⤵
-
\??\c:\8220826.exec:\8220826.exe102⤵
-
\??\c:\628484.exec:\628484.exe103⤵
-
\??\c:\dvvdp.exec:\dvvdp.exe104⤵
-
\??\c:\468848.exec:\468848.exe105⤵
-
\??\c:\vjpjv.exec:\vjpjv.exe106⤵
-
\??\c:\k28844.exec:\k28844.exe107⤵
-
\??\c:\1lrrrrx.exec:\1lrrrrx.exe108⤵
-
\??\c:\jpvvv.exec:\jpvvv.exe109⤵
-
\??\c:\llflrrr.exec:\llflrrr.exe110⤵
-
\??\c:\bhhhbt.exec:\bhhhbt.exe111⤵
-
\??\c:\068266.exec:\068266.exe112⤵
-
\??\c:\26048.exec:\26048.exe113⤵
-
\??\c:\866044.exec:\866044.exe114⤵
-
\??\c:\e24648.exec:\e24648.exe115⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe116⤵
-
\??\c:\tttnbt.exec:\tttnbt.exe117⤵
-
\??\c:\4808862.exec:\4808862.exe118⤵
-
\??\c:\xrrrlrl.exec:\xrrrlrl.exe119⤵
-
\??\c:\1djdd.exec:\1djdd.exe120⤵
-
\??\c:\280426.exec:\280426.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-