Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
22-12-2024 01:34
General
-
Target
2e70e908ea274ffc35386dd27c8a5d32436c0632645b5fe790fc270aa375f868N.exe
-
Size
53KB
-
MD5
cd9c76370ebe37b8d2d902152a1ec5a0
-
SHA1
c288247da3b94aec5ba18f96880d23bb1bab3c6f
-
SHA256
2e70e908ea274ffc35386dd27c8a5d32436c0632645b5fe790fc270aa375f868
-
SHA512
10a3f131e93b15f2a3038b0027fed277ee196291a85027c48aa3c0a603beb3f19db68b78d2a5df3dcc1de509dc6fa5b4b48efcd04279e9844be3e2ea983755c1
-
SSDEEP
1536:mAocdpeVoBDulhzHMb7xNAa04Mcg5IKvlS:0cdpeeBSHHMHLf9RyIb
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2e70e908ea274ffc35386dd27c8a5d32436c0632645b5fe790fc270aa375f868N.exe"C:\Users\Admin\AppData\Local\Temp\2e70e908ea274ffc35386dd27c8a5d32436c0632645b5fe790fc270aa375f868N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3ppvv.exec:\3ppvv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9djjd.exec:\9djjd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrlfxr.exec:\lxrlfxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnbtn.exec:\nbnbtn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ppvp.exec:\1ppvp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxxfxl.exec:\rxxxfxl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthbbb.exec:\tthbbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhhbh.exec:\nbhhbh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrllfl.exec:\rlrllfl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnhtn.exec:\bbnhtn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnntt.exec:\hnnntt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdp.exec:\vjjdp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fffrxx.exec:\1fffrxx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdvv.exec:\vvdvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ddvp.exec:\1ddvp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnnhn.exec:\ntnnhn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tttnn.exec:\7tttnn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpjd.exec:\ddpjd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5flflfr.exec:\5flflfr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllrffr.exec:\lllrffr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbbtb.exec:\hhbbtb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvvd.exec:\jjvvd.exe23⤵
- Executes dropped EXE
-
\??\c:\ppjjd.exec:\ppjjd.exe24⤵
- Executes dropped EXE
-
\??\c:\flrrffr.exec:\flrrffr.exe25⤵
- Executes dropped EXE
-
\??\c:\9thhbh.exec:\9thhbh.exe26⤵
- Executes dropped EXE
-
\??\c:\thtnbb.exec:\thtnbb.exe27⤵
- Executes dropped EXE
-
\??\c:\pjjdp.exec:\pjjdp.exe28⤵
- Executes dropped EXE
-
\??\c:\xllxllf.exec:\xllxllf.exe29⤵
- Executes dropped EXE
-
\??\c:\fxffxrr.exec:\fxffxrr.exe30⤵
- Executes dropped EXE
-
\??\c:\7btnhb.exec:\7btnhb.exe31⤵
- Executes dropped EXE
-
\??\c:\jvvpj.exec:\jvvpj.exe32⤵
- Executes dropped EXE
-
\??\c:\jvjdv.exec:\jvjdv.exe33⤵
- Executes dropped EXE
-
\??\c:\fflfxff.exec:\fflfxff.exe34⤵
- Executes dropped EXE
-
\??\c:\ttttnb.exec:\ttttnb.exe35⤵
- Executes dropped EXE
-
\??\c:\htnnhn.exec:\htnnhn.exe36⤵
- Executes dropped EXE
-
\??\c:\ppddj.exec:\ppddj.exe37⤵
- Executes dropped EXE
-
\??\c:\7ffxlfr.exec:\7ffxlfr.exe38⤵
- Executes dropped EXE
-
\??\c:\bbhbtt.exec:\bbhbtt.exe39⤵
- Executes dropped EXE
-
\??\c:\5ttbht.exec:\5ttbht.exe40⤵
- Executes dropped EXE
-
\??\c:\vddvp.exec:\vddvp.exe41⤵
- Executes dropped EXE
-
\??\c:\rrfrfxl.exec:\rrfrfxl.exe42⤵
- Executes dropped EXE
-
\??\c:\lllfffr.exec:\lllfffr.exe43⤵
- Executes dropped EXE
-
\??\c:\5hnbbb.exec:\5hnbbb.exe44⤵
- Executes dropped EXE
-
\??\c:\jjpdj.exec:\jjpdj.exe45⤵
- Executes dropped EXE
-
\??\c:\ppvvp.exec:\ppvvp.exe46⤵
- Executes dropped EXE
-
\??\c:\1rfrflx.exec:\1rfrflx.exe47⤵
- Executes dropped EXE
-
\??\c:\1rfrfxf.exec:\1rfrfxf.exe48⤵
- Executes dropped EXE
-
\??\c:\9nnbtn.exec:\9nnbtn.exe49⤵
- Executes dropped EXE
-
\??\c:\dpvjd.exec:\dpvjd.exe50⤵
- Executes dropped EXE
-
\??\c:\ppvpd.exec:\ppvpd.exe51⤵
- Executes dropped EXE
-
\??\c:\xxxrfxr.exec:\xxxrfxr.exe52⤵
- Executes dropped EXE
-
\??\c:\hhhbbn.exec:\hhhbbn.exe53⤵
- Executes dropped EXE
-
\??\c:\hnhbhh.exec:\hnhbhh.exe54⤵
- Executes dropped EXE
-
\??\c:\dddpv.exec:\dddpv.exe55⤵
- Executes dropped EXE
-
\??\c:\jjdpp.exec:\jjdpp.exe56⤵
- Executes dropped EXE
-
\??\c:\5xffrlf.exec:\5xffrlf.exe57⤵
- Executes dropped EXE
-
\??\c:\nnnhhb.exec:\nnnhhb.exe58⤵
- Executes dropped EXE
-
\??\c:\hbtntt.exec:\hbtntt.exe59⤵
- Executes dropped EXE
-
\??\c:\pjdpj.exec:\pjdpj.exe60⤵
- Executes dropped EXE
-
\??\c:\9djjd.exec:\9djjd.exe61⤵
- Executes dropped EXE
-
\??\c:\3rlfrlf.exec:\3rlfrlf.exe62⤵
- Executes dropped EXE
-
\??\c:\xrffxxr.exec:\xrffxxr.exe63⤵
- Executes dropped EXE
-
\??\c:\nhnntn.exec:\nhnntn.exe64⤵
- Executes dropped EXE
-
\??\c:\dpvpp.exec:\dpvpp.exe65⤵
- Executes dropped EXE
-
\??\c:\pjdpj.exec:\pjdpj.exe66⤵
-
\??\c:\llrllrl.exec:\llrllrl.exe67⤵
-
\??\c:\thbtth.exec:\thbtth.exe68⤵
-
\??\c:\vpvjj.exec:\vpvjj.exe69⤵
-
\??\c:\jjvpp.exec:\jjvpp.exe70⤵
-
\??\c:\7fffrxr.exec:\7fffrxr.exe71⤵
-
\??\c:\nhbtbt.exec:\nhbtbt.exe72⤵
-
\??\c:\nnhbhh.exec:\nnhbhh.exe73⤵
-
\??\c:\5jdjv.exec:\5jdjv.exe74⤵
-
\??\c:\vpddv.exec:\vpddv.exe75⤵
-
\??\c:\9fxxflx.exec:\9fxxflx.exe76⤵
-
\??\c:\1hnnnn.exec:\1hnnnn.exe77⤵
-
\??\c:\jjppv.exec:\jjppv.exe78⤵
-
\??\c:\llrfxxx.exec:\llrfxxx.exe79⤵
-
\??\c:\tnbbbn.exec:\tnbbbn.exe80⤵
-
\??\c:\nhbthh.exec:\nhbthh.exe81⤵
-
\??\c:\3vddd.exec:\3vddd.exe82⤵
-
\??\c:\xrxrrrl.exec:\xrxrrrl.exe83⤵
-
\??\c:\xrrlffx.exec:\xrrlffx.exe84⤵
-
\??\c:\hhtthn.exec:\hhtthn.exe85⤵
-
\??\c:\jvpdv.exec:\jvpdv.exe86⤵
-
\??\c:\dvvdj.exec:\dvvdj.exe87⤵
-
\??\c:\rffxxrl.exec:\rffxxrl.exe88⤵
-
\??\c:\lrrlfxr.exec:\lrrlfxr.exe89⤵
-
\??\c:\ttbbtt.exec:\ttbbtt.exe90⤵
-
\??\c:\bntnht.exec:\bntnht.exe91⤵
-
\??\c:\vpppj.exec:\vpppj.exe92⤵
-
\??\c:\5xllfff.exec:\5xllfff.exe93⤵
-
\??\c:\rrxrlxf.exec:\rrxrlxf.exe94⤵
-
\??\c:\nntbhh.exec:\nntbhh.exe95⤵
-
\??\c:\ddjjv.exec:\ddjjv.exe96⤵
-
\??\c:\vjpdv.exec:\vjpdv.exe97⤵
-
\??\c:\rrrrfll.exec:\rrrrfll.exe98⤵
-
\??\c:\hbntht.exec:\hbntht.exe99⤵
-
\??\c:\hntbhh.exec:\hntbhh.exe100⤵
-
\??\c:\9vvpj.exec:\9vvpj.exe101⤵
-
\??\c:\3llfrlf.exec:\3llfrlf.exe102⤵
-
\??\c:\frrrllr.exec:\frrrllr.exe103⤵
-
\??\c:\bbbttn.exec:\bbbttn.exe104⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe105⤵
-
\??\c:\ddppd.exec:\ddppd.exe106⤵
-
\??\c:\llfrfrl.exec:\llfrfrl.exe107⤵
-
\??\c:\rlrlllf.exec:\rlrlllf.exe108⤵
-
\??\c:\nbhbbt.exec:\nbhbbt.exe109⤵
-
\??\c:\tnnbhb.exec:\tnnbhb.exe110⤵
-
\??\c:\jjvvp.exec:\jjvvp.exe111⤵
-
\??\c:\jpvjv.exec:\jpvjv.exe112⤵
-
\??\c:\flrrffx.exec:\flrrffx.exe113⤵
-
\??\c:\flllfxf.exec:\flllfxf.exe114⤵
-
\??\c:\tntnnn.exec:\tntnnn.exe115⤵
-
\??\c:\1vvvp.exec:\1vvvp.exe116⤵
-
\??\c:\pppjv.exec:\pppjv.exe117⤵
-
\??\c:\1lxrllf.exec:\1lxrllf.exe118⤵
-
\??\c:\xlfrxlf.exec:\xlfrxlf.exe119⤵
-
\??\c:\nhnbbb.exec:\nhnbbb.exe120⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-