Analysis
-
max time kernel
120s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
26-12-2024 01:52
General
-
Target
3c576ae8f7aafb248fd0a5f97173ea720be862b407981ddd076255a28508507fN.exe
-
Size
67KB
-
MD5
88d398d0c7df90c1424060aff2a85a80
-
SHA1
3d0cfccf309c4acf23e3f51825e590ab80cad6fc
-
SHA256
3c576ae8f7aafb248fd0a5f97173ea720be862b407981ddd076255a28508507f
-
SHA512
564e288f2e9ca9395d63c79becefa6e3e542174b8c5df07b22ccb76e7f2b1492857f8af0cdee4bc25e17fc1bbc23a2503ca121874646c92424c99b6879d22f44
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yU+kbxe6:ymb3NkkiQ3mdBjF0y7kbU6
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3c576ae8f7aafb248fd0a5f97173ea720be862b407981ddd076255a28508507fN.exe"C:\Users\Admin\AppData\Local\Temp\3c576ae8f7aafb248fd0a5f97173ea720be862b407981ddd076255a28508507fN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfffff.exec:\fxfffff.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbbhh.exec:\ttbbhh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnnhh.exec:\nnnnhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdppj.exec:\vdppj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xflffx.exec:\5xflffx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfffxxx.exec:\rfffxxx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjjd.exec:\jpjjd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vvdv.exec:\7vvdv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lfllll.exec:\9lfllll.exe10⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrflx.exec:\xrxrflx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbttnh.exec:\bbttnh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvdd.exec:\jjvdd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xllflf.exec:\5xllflf.exe14⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\xxllrrl.exec:\xxllrrl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbtbb.exec:\bbbtbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jppp.exec:\5jppp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xrrllf.exec:\3xrrllf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhhbb.exec:\hhhhbb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnhhh.exec:\hbnhhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppvp.exec:\jppvp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlffxxr.exec:\rlffxxr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhttnn.exec:\bhttnn.exe23⤵
- Executes dropped EXE
-
\??\c:\btnhbb.exec:\btnhbb.exe24⤵
- Executes dropped EXE
-
\??\c:\3vddv.exec:\3vddv.exe25⤵
- Executes dropped EXE
-
\??\c:\lfxxrrl.exec:\lfxxrrl.exe26⤵
- Executes dropped EXE
-
\??\c:\htthhh.exec:\htthhh.exe27⤵
- Executes dropped EXE
-
\??\c:\1tbbbb.exec:\1tbbbb.exe28⤵
- Executes dropped EXE
-
\??\c:\vvddv.exec:\vvddv.exe29⤵
- Executes dropped EXE
-
\??\c:\dpvjp.exec:\dpvjp.exe30⤵
- Executes dropped EXE
-
\??\c:\pvvdv.exec:\pvvdv.exe31⤵
- Executes dropped EXE
-
\??\c:\fxllrfr.exec:\fxllrfr.exe32⤵
- Executes dropped EXE
-
\??\c:\5hnhhh.exec:\5hnhhh.exe33⤵
- Executes dropped EXE
-
\??\c:\tntttt.exec:\tntttt.exe34⤵
- Executes dropped EXE
-
\??\c:\nnnnhh.exec:\nnnnhh.exe35⤵
- Executes dropped EXE
-
\??\c:\jvvpp.exec:\jvvpp.exe36⤵
- Executes dropped EXE
-
\??\c:\xflfxxx.exec:\xflfxxx.exe37⤵
- Executes dropped EXE
-
\??\c:\lllllxr.exec:\lllllxr.exe38⤵
- Executes dropped EXE
-
\??\c:\1hnbnn.exec:\1hnbnn.exe39⤵
- Executes dropped EXE
-
\??\c:\nnhhbb.exec:\nnhhbb.exe40⤵
- Executes dropped EXE
-
\??\c:\ddvjj.exec:\ddvjj.exe41⤵
- Executes dropped EXE
-
\??\c:\rlrrlrx.exec:\rlrrlrx.exe42⤵
- Executes dropped EXE
-
\??\c:\bbttnn.exec:\bbttnn.exe43⤵
- Executes dropped EXE
-
\??\c:\nhnnhn.exec:\nhnnhn.exe44⤵
- Executes dropped EXE
-
\??\c:\jjjjj.exec:\jjjjj.exe45⤵
- Executes dropped EXE
-
\??\c:\lflrlll.exec:\lflrlll.exe46⤵
- Executes dropped EXE
-
\??\c:\xllllrr.exec:\xllllrr.exe47⤵
- Executes dropped EXE
-
\??\c:\9hhhhh.exec:\9hhhhh.exe48⤵
- Executes dropped EXE
-
\??\c:\3dpjp.exec:\3dpjp.exe49⤵
- Executes dropped EXE
-
\??\c:\1lxrxxl.exec:\1lxrxxl.exe50⤵
- Executes dropped EXE
-
\??\c:\tnttnh.exec:\tnttnh.exe51⤵
- Executes dropped EXE
-
\??\c:\3jdvv.exec:\3jdvv.exe52⤵
- Executes dropped EXE
-
\??\c:\rffrllr.exec:\rffrllr.exe53⤵
- Executes dropped EXE
-
\??\c:\jjpvd.exec:\jjpvd.exe54⤵
- Executes dropped EXE
-
\??\c:\jppjv.exec:\jppjv.exe55⤵
- Executes dropped EXE
-
\??\c:\3llrllf.exec:\3llrllf.exe56⤵
- Executes dropped EXE
-
\??\c:\tthhnb.exec:\tthhnb.exe57⤵
- Executes dropped EXE
-
\??\c:\ttttnn.exec:\ttttnn.exe58⤵
- Executes dropped EXE
-
\??\c:\5vddd.exec:\5vddd.exe59⤵
- Executes dropped EXE
-
\??\c:\5pvpv.exec:\5pvpv.exe60⤵
- Executes dropped EXE
-
\??\c:\fxrrllf.exec:\fxrrllf.exe61⤵
- Executes dropped EXE
-
\??\c:\9ntntb.exec:\9ntntb.exe62⤵
- Executes dropped EXE
-
\??\c:\pppjj.exec:\pppjj.exe63⤵
- Executes dropped EXE
-
\??\c:\djvvj.exec:\djvvj.exe64⤵
- Executes dropped EXE
-
\??\c:\xxfxxxx.exec:\xxfxxxx.exe65⤵
- Executes dropped EXE
-
\??\c:\rrffffl.exec:\rrffffl.exe66⤵
-
\??\c:\hbthbb.exec:\hbthbb.exe67⤵
-
\??\c:\3jjjd.exec:\3jjjd.exe68⤵
-
\??\c:\xxxxrrl.exec:\xxxxrrl.exe69⤵
-
\??\c:\htbbtt.exec:\htbbtt.exe70⤵
-
\??\c:\nbhthn.exec:\nbhthn.exe71⤵
-
\??\c:\rxflfrr.exec:\rxflfrr.exe72⤵
-
\??\c:\nnntnt.exec:\nnntnt.exe73⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe74⤵
-
\??\c:\vvppv.exec:\vvppv.exe75⤵
-
\??\c:\frfxrrl.exec:\frfxrrl.exe76⤵
-
\??\c:\rrllffx.exec:\rrllffx.exe77⤵
-
\??\c:\thnhbb.exec:\thnhbb.exe78⤵
-
\??\c:\vvpjj.exec:\vvpjj.exe79⤵
-
\??\c:\lxllffx.exec:\lxllffx.exe80⤵
-
\??\c:\hnttbb.exec:\hnttbb.exe81⤵
-
\??\c:\djddd.exec:\djddd.exe82⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vddvv.exec:\vddvv.exe83⤵
-
\??\c:\fxrlllf.exec:\fxrlllf.exe84⤵
-
\??\c:\hbtnhh.exec:\hbtnhh.exe85⤵
-
\??\c:\bbtttn.exec:\bbtttn.exe86⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe87⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ddddd.exec:\ddddd.exe88⤵
-
\??\c:\fxrrrrl.exec:\fxrrrrl.exe89⤵
-
\??\c:\nhbnbh.exec:\nhbnbh.exe90⤵
-
\??\c:\btthbb.exec:\btthbb.exe91⤵
-
\??\c:\7pppj.exec:\7pppj.exe92⤵
-
\??\c:\rlfxllf.exec:\rlfxllf.exe93⤵
-
\??\c:\rxfflrl.exec:\rxfflrl.exe94⤵
-
\??\c:\tbhhbt.exec:\tbhhbt.exe95⤵
-
\??\c:\7bbbtt.exec:\7bbbtt.exe96⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe97⤵
-
\??\c:\1jppj.exec:\1jppj.exe98⤵
-
\??\c:\3lrllrr.exec:\3lrllrr.exe99⤵
-
\??\c:\hnnbbb.exec:\hnnbbb.exe100⤵
-
\??\c:\ttnnhh.exec:\ttnnhh.exe101⤵
-
\??\c:\3vddv.exec:\3vddv.exe102⤵
-
\??\c:\1vpdv.exec:\1vpdv.exe103⤵
-
\??\c:\xlllflf.exec:\xlllflf.exe104⤵
-
\??\c:\nnttbb.exec:\nnttbb.exe105⤵
-
\??\c:\3tbbbb.exec:\3tbbbb.exe106⤵
-
\??\c:\jpjdv.exec:\jpjdv.exe107⤵
-
\??\c:\1djdv.exec:\1djdv.exe108⤵
-
\??\c:\3lfxrrl.exec:\3lfxrrl.exe109⤵
-
\??\c:\nthbbt.exec:\nthbbt.exe110⤵
-
\??\c:\bhbbbb.exec:\bhbbbb.exe111⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pdvpd.exec:\pdvpd.exe112⤵
-
\??\c:\flxlxxr.exec:\flxlxxr.exe113⤵
-
\??\c:\xrlxlrf.exec:\xrlxlrf.exe114⤵
-
\??\c:\hhhbbn.exec:\hhhbbn.exe115⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ddjdv.exec:\ddjdv.exe116⤵
-
\??\c:\jvjjj.exec:\jvjjj.exe117⤵
-
\??\c:\rlxlxrl.exec:\rlxlxrl.exe118⤵
-
\??\c:\7xrrllf.exec:\7xrrllf.exe119⤵
-
\??\c:\bntnhn.exec:\bntnhn.exe120⤵
-
\??\c:\7nhhbh.exec:\7nhhbh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-