Analysis
-
max time kernel
120s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
24/07/2024, 01:52
General
-
Target
355d59537ce6a25ff0d46ff8c54b17b0N.exe
-
Size
72KB
-
MD5
355d59537ce6a25ff0d46ff8c54b17b0
-
SHA1
a6b8258c1e130f9d3ba91a4a88a097ca0d8f61ad
-
SHA256
543dd32db1451cb7f48d667c236c6b5c78d29558ea4cc2a4982a873090f24bb1
-
SHA512
f90a1d767efb00973677370344b5017f05c2e75b6ea6eebcad1afd5d8e26e15b2d0b328863446b56b963cf0867680ea37c7b5b508d85b379e24e4a3aa6d6b3ee
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzk358nLA89OG1UMYC:ymb3NkkiQ3mdBjFIvl358nLA89OaqC
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\355d59537ce6a25ff0d46ff8c54b17b0N.exe"C:\Users\Admin\AppData\Local\Temp\355d59537ce6a25ff0d46ff8c54b17b0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjpd.exec:\pjjpd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfflrl.exec:\xrfflrl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttttht.exec:\ttttht.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthntt.exec:\bthntt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrfrxr.exec:\fxrfrxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbhb.exec:\tnbbhb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tntth.exec:\1tntth.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pjdd.exec:\9pjdd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lxrfrf.exec:\7lxrfrf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnthhn.exec:\hnthhn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhttbh.exec:\hhttbh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpvj.exec:\dvpvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxflrxf.exec:\fxflrxf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3thnbn.exec:\3thnbn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpdp.exec:\dvpdp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvpd.exec:\vvvpd.exe17⤵
- Executes dropped EXE
-
\??\c:\flrrlrx.exec:\flrrlrx.exe18⤵
- Executes dropped EXE
-
\??\c:\hhthtb.exec:\hhthtb.exe19⤵
- Executes dropped EXE
-
\??\c:\1ppvd.exec:\1ppvd.exe20⤵
- Executes dropped EXE
-
\??\c:\vpjvj.exec:\vpjvj.exe21⤵
- Executes dropped EXE
-
\??\c:\3lxrxxf.exec:\3lxrxxf.exe22⤵
- Executes dropped EXE
-
\??\c:\1xrfxff.exec:\1xrfxff.exe23⤵
- Executes dropped EXE
-
\??\c:\btnthh.exec:\btnthh.exe24⤵
- Executes dropped EXE
-
\??\c:\3jvjv.exec:\3jvjv.exe25⤵
- Executes dropped EXE
-
\??\c:\dpjjp.exec:\dpjjp.exe26⤵
- Executes dropped EXE
-
\??\c:\xrlxlxf.exec:\xrlxlxf.exe27⤵
- Executes dropped EXE
-
\??\c:\hbtbtb.exec:\hbtbtb.exe28⤵
- Executes dropped EXE
-
\??\c:\dddpp.exec:\dddpp.exe29⤵
- Executes dropped EXE
-
\??\c:\jddpp.exec:\jddpp.exe30⤵
- Executes dropped EXE
-
\??\c:\rllrxxf.exec:\rllrxxf.exe31⤵
- Executes dropped EXE
-
\??\c:\hbnthn.exec:\hbnthn.exe32⤵
- Executes dropped EXE
-
\??\c:\dddpp.exec:\dddpp.exe33⤵
- Executes dropped EXE
-
\??\c:\3vvvv.exec:\3vvvv.exe34⤵
- Executes dropped EXE
-
\??\c:\7rlxlrx.exec:\7rlxlrx.exe35⤵
- Executes dropped EXE
-
\??\c:\7xxfrrl.exec:\7xxfrrl.exe36⤵
- Executes dropped EXE
-
\??\c:\7hbntb.exec:\7hbntb.exe37⤵
- Executes dropped EXE
-
\??\c:\7nnbnb.exec:\7nnbnb.exe38⤵
- Executes dropped EXE
-
\??\c:\pjpvv.exec:\pjpvv.exe39⤵
- Executes dropped EXE
-
\??\c:\vpdpv.exec:\vpdpv.exe40⤵
- Executes dropped EXE
-
\??\c:\rfxrxxl.exec:\rfxrxxl.exe41⤵
- Executes dropped EXE
-
\??\c:\xrxxlrf.exec:\xrxxlrf.exe42⤵
- Executes dropped EXE
-
\??\c:\3bthbn.exec:\3bthbn.exe43⤵
- Executes dropped EXE
-
\??\c:\5hnhnh.exec:\5hnhnh.exe44⤵
- Executes dropped EXE
-
\??\c:\pjvdp.exec:\pjvdp.exe45⤵
- Executes dropped EXE
-
\??\c:\pjdjv.exec:\pjdjv.exe46⤵
- Executes dropped EXE
-
\??\c:\xllfrxf.exec:\xllfrxf.exe47⤵
- Executes dropped EXE
-
\??\c:\lllffrx.exec:\lllffrx.exe48⤵
- Executes dropped EXE
-
\??\c:\hbtnnn.exec:\hbtnnn.exe49⤵
- Executes dropped EXE
-
\??\c:\nhnbtb.exec:\nhnbtb.exe50⤵
- Executes dropped EXE
-
\??\c:\tthntb.exec:\tthntb.exe51⤵
- Executes dropped EXE
-
\??\c:\dvjvv.exec:\dvjvv.exe52⤵
- Executes dropped EXE
-
\??\c:\fllxxrx.exec:\fllxxrx.exe53⤵
- Executes dropped EXE
-
\??\c:\xlrxffx.exec:\xlrxffx.exe54⤵
- Executes dropped EXE
-
\??\c:\hbhhhn.exec:\hbhhhn.exe55⤵
- Executes dropped EXE
-
\??\c:\5bbttb.exec:\5bbttb.exe56⤵
- Executes dropped EXE
-
\??\c:\bhnbbn.exec:\bhnbbn.exe57⤵
- Executes dropped EXE
-
\??\c:\3vpjj.exec:\3vpjj.exe58⤵
- Executes dropped EXE
-
\??\c:\vjvvj.exec:\vjvvj.exe59⤵
- Executes dropped EXE
-
\??\c:\frflxfl.exec:\frflxfl.exe60⤵
- Executes dropped EXE
-
\??\c:\ffxxllx.exec:\ffxxllx.exe61⤵
- Executes dropped EXE
-
\??\c:\nnnnbh.exec:\nnnnbh.exe62⤵
- Executes dropped EXE
-
\??\c:\3bhnhh.exec:\3bhnhh.exe63⤵
- Executes dropped EXE
-
\??\c:\jjdpp.exec:\jjdpp.exe64⤵
- Executes dropped EXE
-
\??\c:\7pdjp.exec:\7pdjp.exe65⤵
- Executes dropped EXE
-
\??\c:\jdvvd.exec:\jdvvd.exe66⤵
-
\??\c:\5lfxlrx.exec:\5lfxlrx.exe67⤵
-
\??\c:\rrrfxlf.exec:\rrrfxlf.exe68⤵
-
\??\c:\1tnnbh.exec:\1tnnbh.exe69⤵
-
\??\c:\nhttbh.exec:\nhttbh.exe70⤵
-
\??\c:\djpdd.exec:\djpdd.exe71⤵
-
\??\c:\ppjdd.exec:\ppjdd.exe72⤵
-
\??\c:\lfxxflx.exec:\lfxxflx.exe73⤵
-
\??\c:\xxflxxl.exec:\xxflxxl.exe74⤵
-
\??\c:\btnbnn.exec:\btnbnn.exe75⤵
-
\??\c:\hnthtn.exec:\hnthtn.exe76⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe77⤵
-
\??\c:\dvpdd.exec:\dvpdd.exe78⤵
-
\??\c:\7fxfflr.exec:\7fxfflr.exe79⤵
-
\??\c:\fxrxfrx.exec:\fxrxfrx.exe80⤵
-
\??\c:\tthnbn.exec:\tthnbn.exe81⤵
-
\??\c:\7bhbtt.exec:\7bhbtt.exe82⤵
-
\??\c:\jjjpv.exec:\jjjpv.exe83⤵
-
\??\c:\ppjvv.exec:\ppjvv.exe84⤵
-
\??\c:\3fxlfrx.exec:\3fxlfrx.exe85⤵
-
\??\c:\1rlfrfl.exec:\1rlfrfl.exe86⤵
-
\??\c:\tbntbb.exec:\tbntbb.exe87⤵
-
\??\c:\3bbthh.exec:\3bbthh.exe88⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe89⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe90⤵
-
\??\c:\frrlfff.exec:\frrlfff.exe91⤵
-
\??\c:\rrlfrxr.exec:\rrlfrxr.exe92⤵
-
\??\c:\1nhbnt.exec:\1nhbnt.exe93⤵
-
\??\c:\hbnnnb.exec:\hbnnnb.exe94⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ppdvp.exec:\ppdvp.exe95⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe96⤵
-
\??\c:\xxxxlrf.exec:\xxxxlrf.exe97⤵
-
\??\c:\nhnhnt.exec:\nhnhnt.exe98⤵
-
\??\c:\1hhbnb.exec:\1hhbnb.exe99⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe100⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe101⤵
-
\??\c:\1xrrxxl.exec:\1xrrxxl.exe102⤵
-
\??\c:\5flllrx.exec:\5flllrx.exe103⤵
-
\??\c:\hhbntb.exec:\hhbntb.exe104⤵
-
\??\c:\tnbhtt.exec:\tnbhtt.exe105⤵
-
\??\c:\jdppv.exec:\jdppv.exe106⤵
-
\??\c:\jdjpv.exec:\jdjpv.exe107⤵
-
\??\c:\xxflrlf.exec:\xxflrlf.exe108⤵
-
\??\c:\lfflflr.exec:\lfflflr.exe109⤵
-
\??\c:\bbnhnb.exec:\bbnhnb.exe110⤵
-
\??\c:\vpdpp.exec:\vpdpp.exe111⤵
-
\??\c:\vjddd.exec:\vjddd.exe112⤵
-
\??\c:\lrrxrxl.exec:\lrrxrxl.exe113⤵
-
\??\c:\9frrffl.exec:\9frrffl.exe114⤵
-
\??\c:\nntbnt.exec:\nntbnt.exe115⤵
- System Location Discovery: System Language Discovery
-
\??\c:\7nntht.exec:\7nntht.exe116⤵
-
\??\c:\hhtnbh.exec:\hhtnbh.exe117⤵
-
\??\c:\vvjjd.exec:\vvjjd.exe118⤵
-
\??\c:\frrfrfl.exec:\frrfrfl.exe119⤵
-
\??\c:\lfxflxf.exec:\lfxflxf.exe120⤵
-
\??\c:\7httbn.exec:\7httbn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-