Analysis
-
max time kernel
120s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
22-12-2024 01:39
General
-
Target
eeb3700ee8411f5e443a216be195118854eba93c051874cc970a09f0f08b1d7f.exe
-
Size
53KB
-
MD5
f3622e4e42e6f564563caac3d1962a6f
-
SHA1
adc685342fc780f8a57438415418df24368d7112
-
SHA256
eeb3700ee8411f5e443a216be195118854eba93c051874cc970a09f0f08b1d7f
-
SHA512
77733aa15f07624fd471ce384486947e2a219cf80dec9a3ef5ff19fce0f5ee7c014b542d1f13185ea79b711f37c08579ac7d7befd3b8114e96a64d80cecfbed4
-
SSDEEP
1536:mAocdpeVoBDulhzHMb7xNAa04Mcg5IKvlW:0cdpeeBSHHMHLf9RyIT
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\eeb3700ee8411f5e443a216be195118854eba93c051874cc970a09f0f08b1d7f.exe"C:\Users\Admin\AppData\Local\Temp\eeb3700ee8411f5e443a216be195118854eba93c051874cc970a09f0f08b1d7f.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5xxlllx.exec:\5xxlllx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbhhb.exec:\hnbhhb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbttn.exec:\hhbttn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjp.exec:\dppjp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flffrlx.exec:\flffrlx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrfxrf.exec:\flrfxrf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthbnn.exec:\bthbnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddppd.exec:\ddppd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlfrxr.exec:\rrlfrxr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbtnh.exec:\bbbtnh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hthhb.exec:\9hthhb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvdv.exec:\vvvdv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrxxr.exec:\rrrrxxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbthb.exec:\hnbthb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjd.exec:\pjpjd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpd.exec:\jvvpd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrlfxr.exec:\xxrlfxr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pjdj.exec:\3pjdj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jdpd.exec:\7jdpd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlxllf.exec:\rrlxllf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbthb.exec:\ntbthb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppddj.exec:\ppddj.exe23⤵
- Executes dropped EXE
-
\??\c:\ppjdd.exec:\ppjdd.exe24⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\tthbnh.exec:\tthbnh.exe25⤵
- Executes dropped EXE
-
\??\c:\bbhbbb.exec:\bbhbbb.exe26⤵
- Executes dropped EXE
-
\??\c:\pjpvj.exec:\pjpvj.exe27⤵
- Executes dropped EXE
-
\??\c:\llxlxfr.exec:\llxlxfr.exe28⤵
- Executes dropped EXE
-
\??\c:\xllrllx.exec:\xllrllx.exe29⤵
- Executes dropped EXE
-
\??\c:\tnhbth.exec:\tnhbth.exe30⤵
- Executes dropped EXE
-
\??\c:\vjjdv.exec:\vjjdv.exe31⤵
- Executes dropped EXE
-
\??\c:\lflfxlr.exec:\lflfxlr.exe32⤵
- Executes dropped EXE
-
\??\c:\nhhtnn.exec:\nhhtnn.exe33⤵
- Executes dropped EXE
-
\??\c:\pjvpj.exec:\pjvpj.exe34⤵
- Executes dropped EXE
-
\??\c:\rrrxllf.exec:\rrrxllf.exe35⤵
- Executes dropped EXE
-
\??\c:\htbttt.exec:\htbttt.exe36⤵
- Executes dropped EXE
-
\??\c:\9hhbnn.exec:\9hhbnn.exe37⤵
- Executes dropped EXE
-
\??\c:\3pdjd.exec:\3pdjd.exe38⤵
- Executes dropped EXE
-
\??\c:\lffxrxr.exec:\lffxrxr.exe39⤵
- Executes dropped EXE
-
\??\c:\rlrlrrr.exec:\rlrlrrr.exe40⤵
- Executes dropped EXE
-
\??\c:\9bhntb.exec:\9bhntb.exe41⤵
- Executes dropped EXE
-
\??\c:\tnhhbh.exec:\tnhhbh.exe42⤵
- Executes dropped EXE
-
\??\c:\jvddp.exec:\jvddp.exe43⤵
- Executes dropped EXE
-
\??\c:\xxrlllf.exec:\xxrlllf.exe44⤵
- Executes dropped EXE
-
\??\c:\rllfxrr.exec:\rllfxrr.exe45⤵
- Executes dropped EXE
-
\??\c:\nbtnbt.exec:\nbtnbt.exe46⤵
- Executes dropped EXE
-
\??\c:\jjdvj.exec:\jjdvj.exe47⤵
- Executes dropped EXE
-
\??\c:\3dvpd.exec:\3dvpd.exe48⤵
- Executes dropped EXE
-
\??\c:\xffrffx.exec:\xffrffx.exe49⤵
- Executes dropped EXE
-
\??\c:\5lllrff.exec:\5lllrff.exe50⤵
- Executes dropped EXE
-
\??\c:\bhtnnn.exec:\bhtnnn.exe51⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\hbthhh.exec:\hbthhh.exe52⤵
- Executes dropped EXE
-
\??\c:\jjvvd.exec:\jjvvd.exe53⤵
- Executes dropped EXE
-
\??\c:\pjvpv.exec:\pjvpv.exe54⤵
- Executes dropped EXE
-
\??\c:\xllxrrx.exec:\xllxrrx.exe55⤵
- Executes dropped EXE
-
\??\c:\ttbhhn.exec:\ttbhhn.exe56⤵
- Executes dropped EXE
-
\??\c:\nnnhtt.exec:\nnnhtt.exe57⤵
- Executes dropped EXE
-
\??\c:\dpvpj.exec:\dpvpj.exe58⤵
- Executes dropped EXE
-
\??\c:\7vjdv.exec:\7vjdv.exe59⤵
- Executes dropped EXE
-
\??\c:\xxrlfxr.exec:\xxrlfxr.exe60⤵
- Executes dropped EXE
-
\??\c:\hntnhh.exec:\hntnhh.exe61⤵
- Executes dropped EXE
-
\??\c:\djvvv.exec:\djvvv.exe62⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\vppjd.exec:\vppjd.exe63⤵
- Executes dropped EXE
-
\??\c:\xlrxxxr.exec:\xlrxxxr.exe64⤵
- Executes dropped EXE
-
\??\c:\fflrlff.exec:\fflrlff.exe65⤵
- Executes dropped EXE
-
\??\c:\hhtbnb.exec:\hhtbnb.exe66⤵
-
\??\c:\3nbttb.exec:\3nbttb.exe67⤵
-
\??\c:\vdvpj.exec:\vdvpj.exe68⤵
-
\??\c:\fxxxffx.exec:\fxxxffx.exe69⤵
-
\??\c:\7rlfxrf.exec:\7rlfxrf.exe70⤵
-
\??\c:\ttntnh.exec:\ttntnh.exe71⤵
-
\??\c:\jddvj.exec:\jddvj.exe72⤵
-
\??\c:\nnnnhb.exec:\nnnnhb.exe73⤵
-
\??\c:\btnthb.exec:\btnthb.exe74⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe75⤵
-
\??\c:\lrxrlrr.exec:\lrxrlrr.exe76⤵
-
\??\c:\lrffllf.exec:\lrffllf.exe77⤵
-
\??\c:\rxlfrrl.exec:\rxlfrrl.exe78⤵
-
\??\c:\pdvvj.exec:\pdvvj.exe79⤵
-
\??\c:\9ppvp.exec:\9ppvp.exe80⤵
-
\??\c:\rlllxxx.exec:\rlllxxx.exe81⤵
-
\??\c:\7hbtnh.exec:\7hbtnh.exe82⤵
-
\??\c:\tttttn.exec:\tttttn.exe83⤵
-
\??\c:\9pppd.exec:\9pppd.exe84⤵
-
\??\c:\rrfxrrr.exec:\rrfxrrr.exe85⤵
-
\??\c:\5xrlxxl.exec:\5xrlxxl.exe86⤵
-
\??\c:\1tntnn.exec:\1tntnn.exe87⤵
-
\??\c:\7nhbhh.exec:\7nhbhh.exe88⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jjpjp.exec:\jjpjp.exe89⤵
-
\??\c:\lxffxlf.exec:\lxffxlf.exe90⤵
-
\??\c:\nnnntb.exec:\nnnntb.exe91⤵
-
\??\c:\bntnhh.exec:\bntnhh.exe92⤵
-
\??\c:\vvjpv.exec:\vvjpv.exe93⤵
-
\??\c:\llffxxx.exec:\llffxxx.exe94⤵
-
\??\c:\rfflfrr.exec:\rfflfrr.exe95⤵
-
\??\c:\5tbbhn.exec:\5tbbhn.exe96⤵
-
\??\c:\hbnhbb.exec:\hbnhbb.exe97⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe98⤵
-
\??\c:\rlxxxrr.exec:\rlxxxrr.exe99⤵
-
\??\c:\llrrrrr.exec:\llrrrrr.exe100⤵
-
\??\c:\3hhhbt.exec:\3hhhbt.exe101⤵
-
\??\c:\ddpjj.exec:\ddpjj.exe102⤵
-
\??\c:\9jpjd.exec:\9jpjd.exe103⤵
-
\??\c:\ffffxxx.exec:\ffffxxx.exe104⤵
-
\??\c:\tthtnt.exec:\tthtnt.exe105⤵
-
\??\c:\hhnhtt.exec:\hhnhtt.exe106⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe107⤵
-
\??\c:\fxxrlll.exec:\fxxrlll.exe108⤵
-
\??\c:\lfffxxx.exec:\lfffxxx.exe109⤵
-
\??\c:\1hnhhb.exec:\1hnhhb.exe110⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe111⤵
-
\??\c:\7jjjv.exec:\7jjjv.exe112⤵
-
\??\c:\ffxrxfr.exec:\ffxrxfr.exe113⤵
-
\??\c:\nbhhbn.exec:\nbhhbn.exe114⤵
-
\??\c:\9tttnt.exec:\9tttnt.exe115⤵
-
\??\c:\pvdpp.exec:\pvdpp.exe116⤵
-
\??\c:\pvvvv.exec:\pvvvv.exe117⤵
-
\??\c:\rrffllx.exec:\rrffllx.exe118⤵
-
\??\c:\hhnnht.exec:\hhnnht.exe119⤵
-
\??\c:\bthbtt.exec:\bthbtt.exe120⤵
-
\??\c:\jjdpp.exec:\jjdpp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-