Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
22-12-2024 01:42
General
-
Target
eeb3700ee8411f5e443a216be195118854eba93c051874cc970a09f0f08b1d7f.exe
-
Size
53KB
-
MD5
f3622e4e42e6f564563caac3d1962a6f
-
SHA1
adc685342fc780f8a57438415418df24368d7112
-
SHA256
eeb3700ee8411f5e443a216be195118854eba93c051874cc970a09f0f08b1d7f
-
SHA512
77733aa15f07624fd471ce384486947e2a219cf80dec9a3ef5ff19fce0f5ee7c014b542d1f13185ea79b711f37c08579ac7d7befd3b8114e96a64d80cecfbed4
-
SSDEEP
1536:mAocdpeVoBDulhzHMb7xNAa04Mcg5IKvlW:0cdpeeBSHHMHLf9RyIT
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 62 IoCs
-
Executes dropped EXE 64 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\eeb3700ee8411f5e443a216be195118854eba93c051874cc970a09f0f08b1d7f.exe"C:\Users\Admin\AppData\Local\Temp\eeb3700ee8411f5e443a216be195118854eba93c051874cc970a09f0f08b1d7f.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjvj.exec:\jdjvj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxrrrl.exec:\rrxrrrl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfffxxr.exec:\rfffxxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbtb.exec:\nhhbtb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vvdd.exec:\9vvdd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxxrl.exec:\rlfxxrl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbthbb.exec:\hbthbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnbhb.exec:\hhnbhb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvp.exec:\vpdvp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrfllf.exec:\xlrfllf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnhbb.exec:\hnnhbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbnbt.exec:\tnbnbt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjj.exec:\vppjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrlfrr.exec:\rxrlfrr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnnnt.exec:\bhnnnt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lrllff.exec:\9lrllff.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjdp.exec:\ddjdp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrrrlf.exec:\frrrrlf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnnht.exec:\tnnnht.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ppdj.exec:\7ppdj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9djdp.exec:\9djdp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xrrllf.exec:\9xrrllf.exe23⤵
- Executes dropped EXE
-
\??\c:\tbtntn.exec:\tbtntn.exe24⤵
- Executes dropped EXE
-
\??\c:\thnhbb.exec:\thnhbb.exe25⤵
- Executes dropped EXE
-
\??\c:\xffxrrf.exec:\xffxrrf.exe26⤵
- Executes dropped EXE
-
\??\c:\btnnhh.exec:\btnnhh.exe27⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe28⤵
- Executes dropped EXE
-
\??\c:\5rllxfr.exec:\5rllxfr.exe29⤵
- Executes dropped EXE
-
\??\c:\xfllfrr.exec:\xfllfrr.exe30⤵
- Executes dropped EXE
-
\??\c:\nbhhtn.exec:\nbhhtn.exe31⤵
- Executes dropped EXE
-
\??\c:\7jdpj.exec:\7jdpj.exe32⤵
- Executes dropped EXE
-
\??\c:\9vdvp.exec:\9vdvp.exe33⤵
- Executes dropped EXE
-
\??\c:\1llxlrr.exec:\1llxlrr.exe34⤵
- Executes dropped EXE
-
\??\c:\tnhbtn.exec:\tnhbtn.exe35⤵
- Executes dropped EXE
-
\??\c:\nbthtn.exec:\nbthtn.exe36⤵
- Executes dropped EXE
-
\??\c:\jpdpd.exec:\jpdpd.exe37⤵
- Executes dropped EXE
-
\??\c:\ffflxrx.exec:\ffflxrx.exe38⤵
- Executes dropped EXE
-
\??\c:\9tttnh.exec:\9tttnh.exe39⤵
- Executes dropped EXE
-
\??\c:\pdjdv.exec:\pdjdv.exe40⤵
- Executes dropped EXE
-
\??\c:\jddvv.exec:\jddvv.exe41⤵
- Executes dropped EXE
-
\??\c:\xfrlfff.exec:\xfrlfff.exe42⤵
- Executes dropped EXE
-
\??\c:\hhnhhn.exec:\hhnhhn.exe43⤵
- Executes dropped EXE
-
\??\c:\nntntn.exec:\nntntn.exe44⤵
- Executes dropped EXE
-
\??\c:\dddjv.exec:\dddjv.exe45⤵
- Executes dropped EXE
-
\??\c:\lllrflx.exec:\lllrflx.exe46⤵
- Executes dropped EXE
-
\??\c:\rlrlffx.exec:\rlrlffx.exe47⤵
- Executes dropped EXE
-
\??\c:\bbntbb.exec:\bbntbb.exe48⤵
- Executes dropped EXE
-
\??\c:\ddjdv.exec:\ddjdv.exe49⤵
- Executes dropped EXE
-
\??\c:\jvddv.exec:\jvddv.exe50⤵
- Executes dropped EXE
-
\??\c:\3xllrff.exec:\3xllrff.exe51⤵
- Executes dropped EXE
-
\??\c:\tbtnhb.exec:\tbtnhb.exe52⤵
- Executes dropped EXE
-
\??\c:\hhnhhh.exec:\hhnhhh.exe53⤵
- Executes dropped EXE
-
\??\c:\pvppj.exec:\pvppj.exe54⤵
- Executes dropped EXE
-
\??\c:\xrfxxxl.exec:\xrfxxxl.exe55⤵
- Executes dropped EXE
-
\??\c:\5llffff.exec:\5llffff.exe56⤵
- Executes dropped EXE
-
\??\c:\tthbbh.exec:\tthbbh.exe57⤵
- Executes dropped EXE
-
\??\c:\1ppdv.exec:\1ppdv.exe58⤵
- Executes dropped EXE
-
\??\c:\rrxrrxf.exec:\rrxrrxf.exe59⤵
- Executes dropped EXE
-
\??\c:\rlffffx.exec:\rlffffx.exe60⤵
- Executes dropped EXE
-
\??\c:\bntnbt.exec:\bntnbt.exe61⤵
- Executes dropped EXE
-
\??\c:\jjpjd.exec:\jjpjd.exe62⤵
- Executes dropped EXE
-
\??\c:\jpddd.exec:\jpddd.exe63⤵
- Executes dropped EXE
-
\??\c:\hhnhbt.exec:\hhnhbt.exe64⤵
- Executes dropped EXE
-
\??\c:\bttnnn.exec:\bttnnn.exe65⤵
- Executes dropped EXE
-
\??\c:\7ppjj.exec:\7ppjj.exe66⤵
-
\??\c:\rlrfxrr.exec:\rlrfxrr.exe67⤵
-
\??\c:\xlrrrrl.exec:\xlrrrrl.exe68⤵
-
\??\c:\hhbbbh.exec:\hhbbbh.exe69⤵
-
\??\c:\btbhhb.exec:\btbhhb.exe70⤵
-
\??\c:\jjvvd.exec:\jjvvd.exe71⤵
-
\??\c:\5vvpd.exec:\5vvpd.exe72⤵
-
\??\c:\lxllfxr.exec:\lxllfxr.exe73⤵
-
\??\c:\bhhhbb.exec:\bhhhbb.exe74⤵
-
\??\c:\jpppj.exec:\jpppj.exe75⤵
-
\??\c:\dvvvd.exec:\dvvvd.exe76⤵
-
\??\c:\fxxrlfx.exec:\fxxrlfx.exe77⤵
-
\??\c:\rlxrlll.exec:\rlxrlll.exe78⤵
-
\??\c:\hbbhbb.exec:\hbbhbb.exe79⤵
-
\??\c:\nntttb.exec:\nntttb.exe80⤵
- System Location Discovery: System Language Discovery
-
\??\c:\5vpjd.exec:\5vpjd.exe81⤵
-
\??\c:\3xrlxrl.exec:\3xrlxrl.exe82⤵
-
\??\c:\xxxffll.exec:\xxxffll.exe83⤵
-
\??\c:\tbnnnn.exec:\tbnnnn.exe84⤵
-
\??\c:\btnnbb.exec:\btnnbb.exe85⤵
-
\??\c:\vvjdv.exec:\vvjdv.exe86⤵
-
\??\c:\rfllxrl.exec:\rfllxrl.exe87⤵
-
\??\c:\frrxrxx.exec:\frrxrxx.exe88⤵
-
\??\c:\tnnnht.exec:\tnnnht.exe89⤵
-
\??\c:\pvppp.exec:\pvppp.exe90⤵
-
\??\c:\dvddd.exec:\dvddd.exe91⤵
-
\??\c:\lxrxfrx.exec:\lxrxfrx.exe92⤵
-
\??\c:\htnhhn.exec:\htnhhn.exe93⤵
-
\??\c:\3jvpv.exec:\3jvpv.exe94⤵
-
\??\c:\5vdjv.exec:\5vdjv.exe95⤵
-
\??\c:\5xffxxx.exec:\5xffxxx.exe96⤵
-
\??\c:\flrxffr.exec:\flrxffr.exe97⤵
-
\??\c:\bbhbnn.exec:\bbhbnn.exe98⤵
-
\??\c:\jdppp.exec:\jdppp.exe99⤵
-
\??\c:\vjpdp.exec:\vjpdp.exe100⤵
-
\??\c:\fxrlfll.exec:\fxrlfll.exe101⤵
-
\??\c:\hhbbtt.exec:\hhbbtt.exe102⤵
-
\??\c:\btnhbb.exec:\btnhbb.exe103⤵
-
\??\c:\djvpp.exec:\djvpp.exe104⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe105⤵
- System Location Discovery: System Language Discovery
-
\??\c:\frxrllf.exec:\frxrllf.exe106⤵
-
\??\c:\bbnntt.exec:\bbnntt.exe107⤵
-
\??\c:\ttnhnn.exec:\ttnhnn.exe108⤵
-
\??\c:\jjpjp.exec:\jjpjp.exe109⤵
-
\??\c:\rrlfxxr.exec:\rrlfxxr.exe110⤵
-
\??\c:\lxxfflf.exec:\lxxfflf.exe111⤵
- System Location Discovery: System Language Discovery
-
\??\c:\nnbtbt.exec:\nnbtbt.exe112⤵
-
\??\c:\ppvpv.exec:\ppvpv.exe113⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe114⤵
-
\??\c:\rffxrrr.exec:\rffxrrr.exe115⤵
-
\??\c:\hbbhbb.exec:\hbbhbb.exe116⤵
-
\??\c:\tnbtnn.exec:\tnbtnn.exe117⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe118⤵
-
\??\c:\5fxrrrr.exec:\5fxrrrr.exe119⤵
-
\??\c:\rrxxrrr.exec:\rrxxrrr.exe120⤵
-
\??\c:\btbtnn.exec:\btbtnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-