Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
22-12-2024 02:01
General
-
Target
110fd24f8b5be837137b074536d0f9b7c0dcf6b6f2ca1eb996bfbc1bbb1a09dcN.exe
-
Size
83KB
-
MD5
d1d3e9489add38205e2bb5a88cdc7d00
-
SHA1
cd4b6082f7330245c821ea876beeca3891aa488f
-
SHA256
110fd24f8b5be837137b074536d0f9b7c0dcf6b6f2ca1eb996bfbc1bbb1a09dc
-
SHA512
c0fdafa7447b52a17575c0c10a9a6cd3088b498ec7b59f1413ed76b79729b5249bb30d68a72e5b8cbf9b73efaf4b692db2721cad90df301e4d5a41f173b9291a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA89QD:ymb3NkkiQ3mdBjFIIp9L9QrrA8k
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\110fd24f8b5be837137b074536d0f9b7c0dcf6b6f2ca1eb996bfbc1bbb1a09dcN.exe"C:\Users\Admin\AppData\Local\Temp\110fd24f8b5be837137b074536d0f9b7c0dcf6b6f2ca1eb996bfbc1bbb1a09dcN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\8240006.exec:\8240006.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\o844888.exec:\o844888.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllfffr.exec:\fllfffr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\62822.exec:\62822.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdpj.exec:\pjdpj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrffrfx.exec:\xrffrfx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pvvj.exec:\1pvvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdj.exec:\pjjdj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlfffr.exec:\rrlfffr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpdj.exec:\pdpdj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\224226.exec:\224226.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnnbt.exec:\nbnnbt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\026284.exec:\026284.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppvv.exec:\jppvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\64204.exec:\64204.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\c842266.exec:\c842266.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppvj.exec:\vppvj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnhht.exec:\bhnhht.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttntt.exec:\tttntt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrfff.exec:\ffrrfff.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjpj.exec:\dpjpj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffxrfx.exec:\rffxrfx.exe23⤵
- Executes dropped EXE
-
\??\c:\hnttth.exec:\hnttth.exe24⤵
- Executes dropped EXE
-
\??\c:\ddvpv.exec:\ddvpv.exe25⤵
- Executes dropped EXE
-
\??\c:\060020.exec:\060020.exe26⤵
- Executes dropped EXE
-
\??\c:\o804444.exec:\o804444.exe27⤵
- Executes dropped EXE
-
\??\c:\hntntn.exec:\hntntn.exe28⤵
- Executes dropped EXE
-
\??\c:\8466000.exec:\8466000.exe29⤵
- Executes dropped EXE
-
\??\c:\62822.exec:\62822.exe30⤵
- Executes dropped EXE
-
\??\c:\26882.exec:\26882.exe31⤵
- Executes dropped EXE
-
\??\c:\w86488.exec:\w86488.exe32⤵
- Executes dropped EXE
-
\??\c:\1vdvj.exec:\1vdvj.exe33⤵
- Executes dropped EXE
-
\??\c:\tnbbth.exec:\tnbbth.exe34⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\84026.exec:\84026.exe35⤵
- Executes dropped EXE
-
\??\c:\48044.exec:\48044.exe36⤵
- Executes dropped EXE
-
\??\c:\6660000.exec:\6660000.exe37⤵
- Executes dropped EXE
-
\??\c:\vvjjv.exec:\vvjjv.exe38⤵
- Executes dropped EXE
-
\??\c:\hhbtnh.exec:\hhbtnh.exe39⤵
- Executes dropped EXE
-
\??\c:\642422.exec:\642422.exe40⤵
- Executes dropped EXE
-
\??\c:\068460.exec:\068460.exe41⤵
- Executes dropped EXE
-
\??\c:\pvddd.exec:\pvddd.exe42⤵
- Executes dropped EXE
-
\??\c:\28864.exec:\28864.exe43⤵
- Executes dropped EXE
-
\??\c:\q28648.exec:\q28648.exe44⤵
- Executes dropped EXE
-
\??\c:\622604.exec:\622604.exe45⤵
- Executes dropped EXE
-
\??\c:\68022.exec:\68022.exe46⤵
- Executes dropped EXE
-
\??\c:\q88248.exec:\q88248.exe47⤵
- Executes dropped EXE
-
\??\c:\64486.exec:\64486.exe48⤵
- Executes dropped EXE
-
\??\c:\2062626.exec:\2062626.exe49⤵
- Executes dropped EXE
-
\??\c:\602028.exec:\602028.exe50⤵
- Executes dropped EXE
-
\??\c:\dddvp.exec:\dddvp.exe51⤵
- Executes dropped EXE
-
\??\c:\3nnbtn.exec:\3nnbtn.exe52⤵
- Executes dropped EXE
-
\??\c:\828484.exec:\828484.exe53⤵
- Executes dropped EXE
-
\??\c:\220488.exec:\220488.exe54⤵
- Executes dropped EXE
-
\??\c:\606806.exec:\606806.exe55⤵
- Executes dropped EXE
-
\??\c:\60044.exec:\60044.exe56⤵
- Executes dropped EXE
-
\??\c:\9jddj.exec:\9jddj.exe57⤵
- Executes dropped EXE
-
\??\c:\3llxrll.exec:\3llxrll.exe58⤵
- Executes dropped EXE
-
\??\c:\fffflrr.exec:\fffflrr.exe59⤵
- Executes dropped EXE
-
\??\c:\vjpvd.exec:\vjpvd.exe60⤵
- Executes dropped EXE
-
\??\c:\8804882.exec:\8804882.exe61⤵
- Executes dropped EXE
-
\??\c:\fxfrfxl.exec:\fxfrfxl.exe62⤵
- Executes dropped EXE
-
\??\c:\5xxxxxx.exec:\5xxxxxx.exe63⤵
- Executes dropped EXE
-
\??\c:\4226886.exec:\4226886.exe64⤵
- Executes dropped EXE
-
\??\c:\hnhbnh.exec:\hnhbnh.exe65⤵
- Executes dropped EXE
-
\??\c:\62066.exec:\62066.exe66⤵
-
\??\c:\djjjj.exec:\djjjj.exe67⤵
-
\??\c:\i480448.exec:\i480448.exe68⤵
-
\??\c:\q68828.exec:\q68828.exe69⤵
-
\??\c:\vvjdv.exec:\vvjdv.exe70⤵
-
\??\c:\hbhhhh.exec:\hbhhhh.exe71⤵
-
\??\c:\1dvvv.exec:\1dvvv.exe72⤵
-
\??\c:\ppddj.exec:\ppddj.exe73⤵
-
\??\c:\ntbhhn.exec:\ntbhhn.exe74⤵
-
\??\c:\6866600.exec:\6866600.exe75⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe76⤵
-
\??\c:\86826.exec:\86826.exe77⤵
-
\??\c:\ppvpv.exec:\ppvpv.exe78⤵
-
\??\c:\e20062.exec:\e20062.exe79⤵
-
\??\c:\i088000.exec:\i088000.exe80⤵
-
\??\c:\028822.exec:\028822.exe81⤵
-
\??\c:\hhbbhh.exec:\hhbbhh.exe82⤵
-
\??\c:\c602662.exec:\c602662.exe83⤵
-
\??\c:\m0406.exec:\m0406.exe84⤵
-
\??\c:\06608.exec:\06608.exe85⤵
-
\??\c:\5rxlrxr.exec:\5rxlrxr.exe86⤵
-
\??\c:\a0606.exec:\a0606.exe87⤵
-
\??\c:\0422886.exec:\0422886.exe88⤵
-
\??\c:\u826048.exec:\u826048.exe89⤵
-
\??\c:\08088.exec:\08088.exe90⤵
-
\??\c:\c284600.exec:\c284600.exe91⤵
-
\??\c:\xrlrfxr.exec:\xrlrfxr.exe92⤵
-
\??\c:\4804480.exec:\4804480.exe93⤵
-
\??\c:\1fxrlfx.exec:\1fxrlfx.exe94⤵
-
\??\c:\002888.exec:\002888.exe95⤵
-
\??\c:\08602.exec:\08602.exe96⤵
-
\??\c:\7hnhnb.exec:\7hnhnb.exe97⤵
-
\??\c:\jpppd.exec:\jpppd.exe98⤵
-
\??\c:\6860486.exec:\6860486.exe99⤵
-
\??\c:\6006044.exec:\6006044.exe100⤵
-
\??\c:\204826.exec:\204826.exe101⤵
-
\??\c:\64088.exec:\64088.exe102⤵
-
\??\c:\8248800.exec:\8248800.exe103⤵
-
\??\c:\fffxlfx.exec:\fffxlfx.exe104⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe105⤵
-
\??\c:\3pjpp.exec:\3pjpp.exe106⤵
-
\??\c:\i404222.exec:\i404222.exe107⤵
-
\??\c:\w40000.exec:\w40000.exe108⤵
-
\??\c:\8208844.exec:\8208844.exe109⤵
-
\??\c:\7dvvv.exec:\7dvvv.exe110⤵
-
\??\c:\djvvd.exec:\djvvd.exe111⤵
-
\??\c:\fxxxrfx.exec:\fxxxrfx.exe112⤵
-
\??\c:\hnttnn.exec:\hnttnn.exe113⤵
-
\??\c:\jddvd.exec:\jddvd.exe114⤵
-
\??\c:\064226.exec:\064226.exe115⤵
-
\??\c:\rlxxrlf.exec:\rlxxrlf.exe116⤵
- System Location Discovery: System Language Discovery
-
\??\c:\48444.exec:\48444.exe117⤵
-
\??\c:\264402.exec:\264402.exe118⤵
-
\??\c:\m2844.exec:\m2844.exe119⤵
-
\??\c:\vvppp.exec:\vvppp.exe120⤵
-
\??\c:\a8600.exec:\a8600.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-