Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
21-12-2024 22:18
General
-
Target
7650f3613bdcffe6ad8383e31547ef76c1f0f7077c63c111144e39f71b26686b.exe
-
Size
53KB
-
MD5
864bf3fac5dde4189a2ec07d7f651cc5
-
SHA1
23d2923fc8be4ae09ccbc158112fbe5c57b6bafb
-
SHA256
7650f3613bdcffe6ad8383e31547ef76c1f0f7077c63c111144e39f71b26686b
-
SHA512
1b74a2052d9f37771b672ec064b383742abf0b110b17ab1bf023d4444ba1bedc23dc9777e532d6b81bb8886be412fcc90a7dafe73b355a8c6670151a82126bdc
-
SSDEEP
1536:mAocdpeVoBDulhzHMb7xNAa04Mcg5IKvlm:0cdpeeBSHHMHLf9RyIB
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7650f3613bdcffe6ad8383e31547ef76c1f0f7077c63c111144e39f71b26686b.exe"C:\Users\Admin\AppData\Local\Temp\7650f3613bdcffe6ad8383e31547ef76c1f0f7077c63c111144e39f71b26686b.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvpj.exec:\pvvpj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflfrlx.exec:\fflfrlx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtnbb.exec:\nbtnbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdvj.exec:\vvdvj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlxxr.exec:\fxrlxxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnbb.exec:\bttnbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvpd.exec:\vjvpd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrlfxr.exec:\lrrlfxr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bbtnh.exec:\5bbtnh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnhtn.exec:\htnhtn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jvpd.exec:\3jvpd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvj.exec:\pjdvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxlrff.exec:\rfxlrff.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllxlfx.exec:\lllxlfx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhhhn.exec:\nnhhhn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjv.exec:\jdpjv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jjvj.exec:\9jjvj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lfrlxr.exec:\7lfrlxr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlfxrr.exec:\rrlfxrr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhbt.exec:\bthhbt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5thbnh.exec:\5thbnh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ddvp.exec:\5ddvp.exe23⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rffxffx.exec:\rffxffx.exe24⤵
- Executes dropped EXE
-
\??\c:\btnbtt.exec:\btnbtt.exe25⤵
- Executes dropped EXE
-
\??\c:\jjjdd.exec:\jjjdd.exe26⤵
- Executes dropped EXE
-
\??\c:\7jjdp.exec:\7jjdp.exe27⤵
- Executes dropped EXE
-
\??\c:\rxrxffr.exec:\rxrxffr.exe28⤵
- Executes dropped EXE
-
\??\c:\fxxlrlx.exec:\fxxlrlx.exe29⤵
- Executes dropped EXE
-
\??\c:\bbbtnh.exec:\bbbtnh.exe30⤵
- Executes dropped EXE
-
\??\c:\1djpd.exec:\1djpd.exe31⤵
- Executes dropped EXE
-
\??\c:\rrlxlfl.exec:\rrlxlfl.exe32⤵
- Executes dropped EXE
-
\??\c:\bnnhtt.exec:\bnnhtt.exe33⤵
- Executes dropped EXE
-
\??\c:\5ddvj.exec:\5ddvj.exe34⤵
- Executes dropped EXE
-
\??\c:\jddpd.exec:\jddpd.exe35⤵
- Executes dropped EXE
-
\??\c:\xlxlfxr.exec:\xlxlfxr.exe36⤵
- Executes dropped EXE
-
\??\c:\9lfrfxr.exec:\9lfrfxr.exe37⤵
- Executes dropped EXE
-
\??\c:\tbtnbt.exec:\tbtnbt.exe38⤵
- Executes dropped EXE
-
\??\c:\vddvd.exec:\vddvd.exe39⤵
- Executes dropped EXE
-
\??\c:\vvpdv.exec:\vvpdv.exe40⤵
- Executes dropped EXE
-
\??\c:\rlxxrxf.exec:\rlxxrxf.exe41⤵
- Executes dropped EXE
-
\??\c:\httbnh.exec:\httbnh.exe42⤵
- Executes dropped EXE
-
\??\c:\hbthtn.exec:\hbthtn.exe43⤵
- Executes dropped EXE
-
\??\c:\1djdd.exec:\1djdd.exe44⤵
- Executes dropped EXE
-
\??\c:\lxffxfx.exec:\lxffxfx.exe45⤵
- Executes dropped EXE
-
\??\c:\lxxlxlf.exec:\lxxlxlf.exe46⤵
- Executes dropped EXE
-
\??\c:\ttnhnn.exec:\ttnhnn.exe47⤵
- Executes dropped EXE
-
\??\c:\dpjdp.exec:\dpjdp.exe48⤵
- Executes dropped EXE
-
\??\c:\jdvpd.exec:\jdvpd.exe49⤵
- Executes dropped EXE
-
\??\c:\llxrrxx.exec:\llxrrxx.exe50⤵
- Executes dropped EXE
-
\??\c:\xfllrll.exec:\xfllrll.exe51⤵
- Executes dropped EXE
-
\??\c:\3tbbtt.exec:\3tbbtt.exe52⤵
- Executes dropped EXE
-
\??\c:\pjpjv.exec:\pjpjv.exe53⤵
- Executes dropped EXE
-
\??\c:\jppvv.exec:\jppvv.exe54⤵
- Executes dropped EXE
-
\??\c:\rlfxlfx.exec:\rlfxlfx.exe55⤵
- Executes dropped EXE
-
\??\c:\fxlrxrr.exec:\fxlrxrr.exe56⤵
- Executes dropped EXE
-
\??\c:\ttnhtt.exec:\ttnhtt.exe57⤵
- Executes dropped EXE
-
\??\c:\jpvjd.exec:\jpvjd.exe58⤵
- Executes dropped EXE
-
\??\c:\9xxrlll.exec:\9xxrlll.exe59⤵
- Executes dropped EXE
-
\??\c:\rlrlrrx.exec:\rlrlrrx.exe60⤵
- Executes dropped EXE
-
\??\c:\3btthh.exec:\3btthh.exe61⤵
- Executes dropped EXE
-
\??\c:\ttnhnh.exec:\ttnhnh.exe62⤵
- Executes dropped EXE
-
\??\c:\1dvjv.exec:\1dvjv.exe63⤵
- Executes dropped EXE
-
\??\c:\xlxlrlf.exec:\xlxlrlf.exe64⤵
- Executes dropped EXE
-
\??\c:\bnnnhb.exec:\bnnnhb.exe65⤵
- Executes dropped EXE
-
\??\c:\nnthnn.exec:\nnthnn.exe66⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe67⤵
-
\??\c:\jdvjj.exec:\jdvjj.exe68⤵
-
\??\c:\5fllrxx.exec:\5fllrxx.exe69⤵
-
\??\c:\7nbtnh.exec:\7nbtnh.exe70⤵
-
\??\c:\7tbntb.exec:\7tbntb.exe71⤵
-
\??\c:\pvdvp.exec:\pvdvp.exe72⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe73⤵
-
\??\c:\lxfxlfl.exec:\lxfxlfl.exe74⤵
-
\??\c:\rlrfxrf.exec:\rlrfxrf.exe75⤵
-
\??\c:\9nnhbt.exec:\9nnhbt.exe76⤵
-
\??\c:\nbbnbn.exec:\nbbnbn.exe77⤵
-
\??\c:\pvddj.exec:\pvddj.exe78⤵
-
\??\c:\jvdjv.exec:\jvdjv.exe79⤵
-
\??\c:\rllxlfx.exec:\rllxlfx.exe80⤵
-
\??\c:\ttbtnh.exec:\ttbtnh.exe81⤵
-
\??\c:\9hhthh.exec:\9hhthh.exe82⤵
-
\??\c:\ttbbbb.exec:\ttbbbb.exe83⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe84⤵
-
\??\c:\1dpjv.exec:\1dpjv.exe85⤵
-
\??\c:\lflxlfx.exec:\lflxlfx.exe86⤵
-
\??\c:\xrrfrrf.exec:\xrrfrrf.exe87⤵
-
\??\c:\fxfrfrl.exec:\fxfrfrl.exe88⤵
-
\??\c:\hnnhbt.exec:\hnnhbt.exe89⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe90⤵
-
\??\c:\9rrrrxx.exec:\9rrrrxx.exe91⤵
-
\??\c:\rfxfrxf.exec:\rfxfrxf.exe92⤵
-
\??\c:\tbhntt.exec:\tbhntt.exe93⤵
-
\??\c:\hnnhnh.exec:\hnnhnh.exe94⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe95⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe96⤵
-
\??\c:\rrrrfff.exec:\rrrrfff.exe97⤵
-
\??\c:\ttbntn.exec:\ttbntn.exe98⤵
-
\??\c:\htnthn.exec:\htnthn.exe99⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe100⤵
-
\??\c:\xrrxrlx.exec:\xrrxrlx.exe101⤵
-
\??\c:\nhbbbb.exec:\nhbbbb.exe102⤵
-
\??\c:\vjppj.exec:\vjppj.exe103⤵
-
\??\c:\vjjvp.exec:\vjjvp.exe104⤵
-
\??\c:\xfffrrr.exec:\xfffrrr.exe105⤵
-
\??\c:\bhhbbt.exec:\bhhbbt.exe106⤵
-
\??\c:\tbnbnn.exec:\tbnbnn.exe107⤵
-
\??\c:\7djdd.exec:\7djdd.exe108⤵
-
\??\c:\1pvpd.exec:\1pvpd.exe109⤵
-
\??\c:\7lfrrfr.exec:\7lfrrfr.exe110⤵
-
\??\c:\xxfxlfr.exec:\xxfxlfr.exe111⤵
-
\??\c:\9tbbth.exec:\9tbbth.exe112⤵
-
\??\c:\bbhtnn.exec:\bbhtnn.exe113⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ddppp.exec:\ddppp.exe114⤵
-
\??\c:\9jjdv.exec:\9jjdv.exe115⤵
-
\??\c:\lflffff.exec:\lflffff.exe116⤵
-
\??\c:\rfrlxxr.exec:\rfrlxxr.exe117⤵
-
\??\c:\nnnhth.exec:\nnnhth.exe118⤵
-
\??\c:\pjdjj.exec:\pjdjj.exe119⤵
-
\??\c:\dpdjd.exec:\dpdjd.exe120⤵
-
\??\c:\ddjdp.exec:\ddjdp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-