Analysis
-
max time kernel
120s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
26-12-2024 03:21
General
-
Target
680a06ace9f201131ea2bef9926c27b1140c795b635a11ae4323fddfc61eff10.exe
-
Size
71KB
-
MD5
d41597c58fc3f2dd0ba1d6db23c596b6
-
SHA1
cde607e425abe274e1ba8e8c43bf33d21ed738fb
-
SHA256
680a06ace9f201131ea2bef9926c27b1140c795b635a11ae4323fddfc61eff10
-
SHA512
d9f9765b9cb68e8ad5ca87cad8147c8f38da1139d61d2113f6b0a31c85dfd520b23424838d61cf7f3631be03e0939459d65d968fbd8935e21cb42571bc5bd9b4
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUuYp+5C8+LuvdLH+/:ymb3NkkiQ3mdBjF0yMliC/
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\680a06ace9f201131ea2bef9926c27b1140c795b635a11ae4323fddfc61eff10.exe"C:\Users\Admin\AppData\Local\Temp\680a06ace9f201131ea2bef9926c27b1140c795b635a11ae4323fddfc61eff10.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xflffxx.exec:\xflffxx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xffrrff.exec:\xffrrff.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnnhh.exec:\tnnnhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbttt.exec:\hbbttt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbthh.exec:\htbthh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpjv.exec:\jvpjv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffxlfx.exec:\fffxlfx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxffl.exec:\rrxxffl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnnhh.exec:\btnnhh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjdd.exec:\dvjdd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjdv.exec:\ddjdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflffxx.exec:\rflffxx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxrrl.exec:\fxfxrrl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhhnn.exec:\hhhhnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdv.exec:\pjjdv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjjd.exec:\vjjjd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlllfxx.exec:\rlllfxx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbtt.exec:\tnbbtt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vvjd.exec:\5vvjd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ffxxlf.exec:\1ffxxlf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhnn.exec:\nhnhnn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpdv.exec:\vjpdv.exe23⤵
- Executes dropped EXE
-
\??\c:\vjjpp.exec:\vjjpp.exe24⤵
- Executes dropped EXE
-
\??\c:\lxfrllf.exec:\lxfrllf.exe25⤵
- Executes dropped EXE
-
\??\c:\bbhhnn.exec:\bbhhnn.exe26⤵
- Executes dropped EXE
-
\??\c:\dvvjd.exec:\dvvjd.exe27⤵
- Executes dropped EXE
-
\??\c:\lflfrrf.exec:\lflfrrf.exe28⤵
- Executes dropped EXE
-
\??\c:\thnhbb.exec:\thnhbb.exe29⤵
- Executes dropped EXE
-
\??\c:\dvvvp.exec:\dvvvp.exe30⤵
- Executes dropped EXE
-
\??\c:\rflfrlx.exec:\rflfrlx.exe31⤵
- Executes dropped EXE
-
\??\c:\bnbttt.exec:\bnbttt.exe32⤵
- Executes dropped EXE
-
\??\c:\httnhb.exec:\httnhb.exe33⤵
- Executes dropped EXE
-
\??\c:\pddvp.exec:\pddvp.exe34⤵
- Executes dropped EXE
-
\??\c:\xlfffxf.exec:\xlfffxf.exe35⤵
- Executes dropped EXE
-
\??\c:\lrxrllf.exec:\lrxrllf.exe36⤵
- Executes dropped EXE
-
\??\c:\hbbbbt.exec:\hbbbbt.exe37⤵
- Executes dropped EXE
-
\??\c:\tntthn.exec:\tntthn.exe38⤵
- Executes dropped EXE
-
\??\c:\pvvvp.exec:\pvvvp.exe39⤵
- Executes dropped EXE
-
\??\c:\dvvpd.exec:\dvvpd.exe40⤵
- Executes dropped EXE
-
\??\c:\xrrlfxx.exec:\xrrlfxx.exe41⤵
- Executes dropped EXE
-
\??\c:\rlrlffx.exec:\rlrlffx.exe42⤵
- Executes dropped EXE
-
\??\c:\5nnhhb.exec:\5nnhhb.exe43⤵
- Executes dropped EXE
-
\??\c:\hbbhhn.exec:\hbbhhn.exe44⤵
- Executes dropped EXE
-
\??\c:\jddvv.exec:\jddvv.exe45⤵
- Executes dropped EXE
-
\??\c:\pvvjd.exec:\pvvjd.exe46⤵
- Executes dropped EXE
-
\??\c:\xfllxxx.exec:\xfllxxx.exe47⤵
- Executes dropped EXE
-
\??\c:\htnbnh.exec:\htnbnh.exe48⤵
- Executes dropped EXE
-
\??\c:\nbbnbb.exec:\nbbnbb.exe49⤵
- Executes dropped EXE
-
\??\c:\jjjjd.exec:\jjjjd.exe50⤵
- Executes dropped EXE
-
\??\c:\vdpjv.exec:\vdpjv.exe51⤵
-
\??\c:\lxrlrxl.exec:\lxrlrxl.exe52⤵
- Executes dropped EXE
-
\??\c:\rrrrlll.exec:\rrrrlll.exe53⤵
- Executes dropped EXE
-
\??\c:\ttnnhh.exec:\ttnnhh.exe54⤵
- Executes dropped EXE
-
\??\c:\btnhbt.exec:\btnhbt.exe55⤵
- Executes dropped EXE
-
\??\c:\jjjdp.exec:\jjjdp.exe56⤵
- Executes dropped EXE
-
\??\c:\3jdvp.exec:\3jdvp.exe57⤵
- Executes dropped EXE
-
\??\c:\xrrrllf.exec:\xrrrllf.exe58⤵
- Executes dropped EXE
-
\??\c:\1bbbtt.exec:\1bbbtt.exe59⤵
- Executes dropped EXE
-
\??\c:\bnbthb.exec:\bnbthb.exe60⤵
- Executes dropped EXE
-
\??\c:\vjdvj.exec:\vjdvj.exe61⤵
- Executes dropped EXE
-
\??\c:\dpjjv.exec:\dpjjv.exe62⤵
- Executes dropped EXE
-
\??\c:\rflxfxf.exec:\rflxfxf.exe63⤵
- Executes dropped EXE
-
\??\c:\lflxlxl.exec:\lflxlxl.exe64⤵
- Executes dropped EXE
-
\??\c:\hntbhh.exec:\hntbhh.exe65⤵
- Executes dropped EXE
-
\??\c:\htnhbt.exec:\htnhbt.exe66⤵
- Executes dropped EXE
-
\??\c:\7jjvj.exec:\7jjvj.exe67⤵
-
\??\c:\fxlflfx.exec:\fxlflfx.exe68⤵
-
\??\c:\rxrrlll.exec:\rxrrlll.exe69⤵
-
\??\c:\bbbhhn.exec:\bbbhhn.exe70⤵
-
\??\c:\pppvd.exec:\pppvd.exe71⤵
-
\??\c:\jjdvj.exec:\jjdvj.exe72⤵
-
\??\c:\fxxxlrl.exec:\fxxxlrl.exe73⤵
-
\??\c:\nnbbnn.exec:\nnbbnn.exe74⤵
-
\??\c:\tnhbbt.exec:\tnhbbt.exe75⤵
-
\??\c:\pjpdj.exec:\pjpdj.exe76⤵
-
\??\c:\pdpvv.exec:\pdpvv.exe77⤵
-
\??\c:\5flxllf.exec:\5flxllf.exe78⤵
-
\??\c:\rxrlffr.exec:\rxrlffr.exe79⤵
-
\??\c:\nntnht.exec:\nntnht.exe80⤵
-
\??\c:\tbtntt.exec:\tbtntt.exe81⤵
-
\??\c:\vddpd.exec:\vddpd.exe82⤵
-
\??\c:\dvjvj.exec:\dvjvj.exe83⤵
-
\??\c:\fxlfllx.exec:\fxlfllx.exe84⤵
-
\??\c:\bhhhhh.exec:\bhhhhh.exe85⤵
-
\??\c:\nhnhbt.exec:\nhnhbt.exe86⤵
-
\??\c:\ppvdv.exec:\ppvdv.exe87⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe88⤵
-
\??\c:\jpvpd.exec:\jpvpd.exe89⤵
-
\??\c:\flxxrfx.exec:\flxxrfx.exe90⤵
-
\??\c:\xllllll.exec:\xllllll.exe91⤵
-
\??\c:\btnhhb.exec:\btnhhb.exe92⤵
-
\??\c:\dpjpj.exec:\dpjpj.exe93⤵
-
\??\c:\3ppvj.exec:\3ppvj.exe94⤵
-
\??\c:\rllxlfx.exec:\rllxlfx.exe95⤵
-
\??\c:\xllffxx.exec:\xllffxx.exe96⤵
-
\??\c:\thhthb.exec:\thhthb.exe97⤵
-
\??\c:\nbthbn.exec:\nbthbn.exe98⤵
-
\??\c:\5jjvp.exec:\5jjvp.exe99⤵
-
\??\c:\djpvj.exec:\djpvj.exe100⤵
-
\??\c:\frlflfr.exec:\frlflfr.exe101⤵
-
\??\c:\7rxrxrf.exec:\7rxrxrf.exe102⤵
-
\??\c:\tnbttn.exec:\tnbttn.exe103⤵
-
\??\c:\jdddp.exec:\jdddp.exe104⤵
-
\??\c:\dpjvj.exec:\dpjvj.exe105⤵
-
\??\c:\flrlxrl.exec:\flrlxrl.exe106⤵
-
\??\c:\1llxrll.exec:\1llxrll.exe107⤵
-
\??\c:\nbtnht.exec:\nbtnht.exe108⤵
-
\??\c:\nntnbt.exec:\nntnbt.exe109⤵
-
\??\c:\jjvdj.exec:\jjvdj.exe110⤵
-
\??\c:\fxxrllx.exec:\fxxrllx.exe111⤵
-
\??\c:\rrxxlfr.exec:\rrxxlfr.exe112⤵
-
\??\c:\thtnhb.exec:\thtnhb.exe113⤵
-
\??\c:\bntnbn.exec:\bntnbn.exe114⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe115⤵
-
\??\c:\vpdpv.exec:\vpdpv.exe116⤵
-
\??\c:\frlxlfr.exec:\frlxlfr.exe117⤵
-
\??\c:\xllfxrx.exec:\xllfxrx.exe118⤵
-
\??\c:\hbtnhb.exec:\hbtnhb.exe119⤵
-
\??\c:\7ppdp.exec:\7ppdp.exe120⤵
-
\??\c:\jvvpv.exec:\jvvpv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-