Analysis
-
max time kernel
149s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
27-07-2024 00:26
General
-
Target
8bb49241b07303c044251159225afca563688d5cc96c37fee426db5d98fdf06e.exe
-
Size
463KB
-
MD5
d378d61d3a39b37f9799ec093b25d189
-
SHA1
691061f8fd5b836cf72f17549823d5629e222fba
-
SHA256
8bb49241b07303c044251159225afca563688d5cc96c37fee426db5d98fdf06e
-
SHA512
325779a9bc9aca00d8484e5d9557c074ac73f0b8b81f0db65e7138b97575c875f2f1302889889ea316c64a749b39a69c818ee4203dde9c562c8ed452292369ea
-
SSDEEP
6144:n3C9BRo7tvnJ9Fywhk/TJTaYvMmr3C9BRo7tvnJ9Fywhk/Tku4:n3C9ytvn8whkbJTaFmr3C9ytvn8whkbY
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8bb49241b07303c044251159225afca563688d5cc96c37fee426db5d98fdf06e.exe"C:\Users\Admin\AppData\Local\Temp\8bb49241b07303c044251159225afca563688d5cc96c37fee426db5d98fdf06e.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbbbt.exec:\ttbbbt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbtht.exec:\bnbtht.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtbnt.exec:\hhtbnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nhhnn.exec:\7nhhnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bnbhn.exec:\3bnbhn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllxfrr.exec:\rllxfrr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhtbh.exec:\thhtbh.exe8⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvdd.exec:\jjvdd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjjv.exec:\vvjjv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbttn.exec:\hnbttn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnnhn.exec:\hnnnhn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflrrfl.exec:\fflrrfl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvvd.exec:\jpvvd.exe14⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjpv.exec:\vvjpv.exe15⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\pvppp.exec:\pvppp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrfxlx.exec:\xlrfxlx.exe17⤵
- Executes dropped EXE
-
\??\c:\rrlrlll.exec:\rrlrlll.exe18⤵
- Executes dropped EXE
-
\??\c:\tbttnt.exec:\tbttnt.exe19⤵
- Executes dropped EXE
-
\??\c:\jpdvp.exec:\jpdvp.exe20⤵
- Executes dropped EXE
-
\??\c:\nbthnh.exec:\nbthnh.exe21⤵
- Executes dropped EXE
-
\??\c:\bntbnn.exec:\bntbnn.exe22⤵
- Executes dropped EXE
-
\??\c:\hbbnhh.exec:\hbbnhh.exe23⤵
- Executes dropped EXE
-
\??\c:\nhttnb.exec:\nhttnb.exe24⤵
- Executes dropped EXE
-
\??\c:\pvjpv.exec:\pvjpv.exe25⤵
- Executes dropped EXE
-
\??\c:\lfxfxxl.exec:\lfxfxxl.exe26⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\llrlxlr.exec:\llrlxlr.exe27⤵
- Executes dropped EXE
-
\??\c:\bhbntb.exec:\bhbntb.exe28⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\ppjdj.exec:\ppjdj.exe29⤵
- Executes dropped EXE
-
\??\c:\7tbttb.exec:\7tbttb.exe30⤵
- Executes dropped EXE
-
\??\c:\tnnttb.exec:\tnnttb.exe31⤵
- Executes dropped EXE
-
\??\c:\tnhttb.exec:\tnhttb.exe32⤵
- Executes dropped EXE
-
\??\c:\pdpvp.exec:\pdpvp.exe33⤵
- Executes dropped EXE
-
\??\c:\3jvvv.exec:\3jvvv.exe34⤵
- Executes dropped EXE
-
\??\c:\flxxflr.exec:\flxxflr.exe35⤵
- Executes dropped EXE
-
\??\c:\bnbntt.exec:\bnbntt.exe36⤵
- Executes dropped EXE
-
\??\c:\xlxxffx.exec:\xlxxffx.exe37⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\xlrrrlf.exec:\xlrrrlf.exe38⤵
- Executes dropped EXE
-
\??\c:\jvvpp.exec:\jvvpp.exe39⤵
- Executes dropped EXE
-
\??\c:\vjddp.exec:\vjddp.exe40⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\tnhhhh.exec:\tnhhhh.exe41⤵
- Executes dropped EXE
-
\??\c:\llxllxx.exec:\llxllxx.exe42⤵
- Executes dropped EXE
-
\??\c:\jjvjj.exec:\jjvjj.exe43⤵
- Executes dropped EXE
-
\??\c:\bbhttt.exec:\bbhttt.exe44⤵
- Executes dropped EXE
-
\??\c:\fflfrfx.exec:\fflfrfx.exe45⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\xffrlxx.exec:\xffrlxx.exe46⤵
- Executes dropped EXE
-
\??\c:\jpddv.exec:\jpddv.exe47⤵
- Executes dropped EXE
-
\??\c:\hnbnnn.exec:\hnbnnn.exe48⤵
- Executes dropped EXE
-
\??\c:\xxfxflr.exec:\xxfxflr.exe49⤵
- Executes dropped EXE
-
\??\c:\vvdpj.exec:\vvdpj.exe50⤵
- Executes dropped EXE
-
\??\c:\ttttht.exec:\ttttht.exe51⤵
- Executes dropped EXE
-
\??\c:\hhhtht.exec:\hhhtht.exe52⤵
- Executes dropped EXE
-
\??\c:\xffxffl.exec:\xffxffl.exe53⤵
- Executes dropped EXE
-
\??\c:\bhnttb.exec:\bhnttb.exe54⤵
- Executes dropped EXE
-
\??\c:\flxrrxl.exec:\flxrrxl.exe55⤵
- Executes dropped EXE
-
\??\c:\vjjdv.exec:\vjjdv.exe56⤵
- Executes dropped EXE
-
\??\c:\llxfffr.exec:\llxfffr.exe57⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\jpddj.exec:\jpddj.exe58⤵
- Executes dropped EXE
-
\??\c:\5frxlff.exec:\5frxlff.exe59⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\vpvpp.exec:\vpvpp.exe60⤵
- Executes dropped EXE
-
\??\c:\bhnthn.exec:\bhnthn.exe61⤵
- Executes dropped EXE
-
\??\c:\llrlxxl.exec:\llrlxxl.exe62⤵
- Executes dropped EXE
-
\??\c:\xxxlflr.exec:\xxxlflr.exe63⤵
- Executes dropped EXE
-
\??\c:\bbnnbh.exec:\bbnnbh.exe64⤵
- Executes dropped EXE
-
\??\c:\rxfxlll.exec:\rxfxlll.exe65⤵
- Executes dropped EXE
-
\??\c:\lxffflx.exec:\lxffflx.exe66⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe67⤵
-
\??\c:\hntnnn.exec:\hntnnn.exe68⤵
-
\??\c:\rxfllxr.exec:\rxfllxr.exe69⤵
-
\??\c:\hnnthb.exec:\hnnthb.exe70⤵
-
\??\c:\hnbbbt.exec:\hnbbbt.exe71⤵
-
\??\c:\rffxxfl.exec:\rffxxfl.exe72⤵
-
\??\c:\dppjp.exec:\dppjp.exe73⤵
-
\??\c:\lllfllf.exec:\lllfllf.exe74⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe75⤵
-
\??\c:\pvdjv.exec:\pvdjv.exe76⤵
-
\??\c:\lrfrfrl.exec:\lrfrfrl.exe77⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vvpvv.exec:\vvpvv.exe78⤵
-
\??\c:\hnnnth.exec:\hnnnth.exe79⤵
-
\??\c:\vvpdd.exec:\vvpdd.exe80⤵
-
\??\c:\nbhhhh.exec:\nbhhhh.exe81⤵
-
\??\c:\1lxlrlf.exec:\1lxlrlf.exe82⤵
-
\??\c:\vdddj.exec:\vdddj.exe83⤵
-
\??\c:\tttttt.exec:\tttttt.exe84⤵
-
\??\c:\pvppj.exec:\pvppj.exe85⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe86⤵
-
\??\c:\vdjjp.exec:\vdjjp.exe87⤵
-
\??\c:\nbbhtt.exec:\nbbhtt.exe88⤵
-
\??\c:\rflfrxr.exec:\rflfrxr.exe89⤵
-
\??\c:\dpjvp.exec:\dpjvp.exe90⤵
-
\??\c:\7bhnbh.exec:\7bhnbh.exe91⤵
-
\??\c:\hhhtnb.exec:\hhhtnb.exe92⤵
-
\??\c:\lxlrflx.exec:\lxlrflx.exe93⤵
-
\??\c:\pdpvj.exec:\pdpvj.exe94⤵
-
\??\c:\btntnn.exec:\btntnn.exe95⤵
-
\??\c:\rlxffxf.exec:\rlxffxf.exe96⤵
-
\??\c:\ppppd.exec:\ppppd.exe97⤵
- System Location Discovery: System Language Discovery
-
\??\c:\bthhbh.exec:\bthhbh.exe98⤵
-
\??\c:\lfflfxx.exec:\lfflfxx.exe99⤵
-
\??\c:\bbtbtn.exec:\bbtbtn.exe100⤵
-
\??\c:\fxxflff.exec:\fxxflff.exe101⤵
-
\??\c:\3djjp.exec:\3djjp.exe102⤵
-
\??\c:\bhhtht.exec:\bhhtht.exe103⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xlfrxfr.exec:\xlfrxfr.exe104⤵
-
\??\c:\hnbhbh.exec:\hnbhbh.exe105⤵
-
\??\c:\xllxrll.exec:\xllxrll.exe106⤵
-
\??\c:\hthhnt.exec:\hthhnt.exe107⤵
-
\??\c:\9xrrflx.exec:\9xrrflx.exe108⤵
-
\??\c:\tbbbbn.exec:\tbbbbn.exe109⤵
-
\??\c:\xfrlflx.exec:\xfrlflx.exe110⤵
-
\??\c:\vjddj.exec:\vjddj.exe111⤵
-
\??\c:\ttntbh.exec:\ttntbh.exe112⤵
-
\??\c:\rffxllf.exec:\rffxllf.exe113⤵
-
\??\c:\ppdpd.exec:\ppdpd.exe114⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hnhhnb.exec:\hnhhnb.exe115⤵
-
\??\c:\ffxlffl.exec:\ffxlffl.exe116⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe117⤵
- System Location Discovery: System Language Discovery
-
\??\c:\nttnth.exec:\nttnth.exe118⤵
- System Location Discovery: System Language Discovery
-
\??\c:\5xfrrll.exec:\5xfrrll.exe119⤵
-
\??\c:\ddddp.exec:\ddddp.exe120⤵
-
\??\c:\bhbntn.exec:\bhbntn.exe121⤵
-
\??\c:\ffxrfrf.exec:\ffxrfrf.exe122⤵
- System Location Discovery: System Language Discovery
-
\??\c:\fllrlxl.exec:\fllrlxl.exe123⤵
- System Location Discovery: System Language Discovery
-
\??\c:\3pjvv.exec:\3pjvv.exe124⤵
-
\??\c:\bnnnhb.exec:\bnnnhb.exe125⤵
-
\??\c:\xlrrrlx.exec:\xlrrrlx.exe126⤵
-
\??\c:\pppvj.exec:\pppvj.exe127⤵
-
\??\c:\hnhttb.exec:\hnhttb.exe128⤵
-
\??\c:\rrxllff.exec:\rrxllff.exe129⤵
-
\??\c:\nthhhn.exec:\nthhhn.exe130⤵
-
\??\c:\hnntbt.exec:\hnntbt.exe131⤵
- System Location Discovery: System Language Discovery
-
\??\c:\frxxlxf.exec:\frxxlxf.exe132⤵
-
\??\c:\pjddp.exec:\pjddp.exe133⤵
-
\??\c:\nbbnhn.exec:\nbbnhn.exe134⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pdvvv.exec:\pdvvv.exe135⤵
-
\??\c:\jpvdv.exec:\jpvdv.exe136⤵
-
\??\c:\thhtbh.exec:\thhtbh.exe137⤵
-
\??\c:\jpvjd.exec:\jpvjd.exe138⤵
-
\??\c:\bhttnt.exec:\bhttnt.exe139⤵
- System Location Discovery: System Language Discovery
-
\??\c:\htnbtt.exec:\htnbtt.exe140⤵
-
\??\c:\pjdjj.exec:\pjdjj.exe141⤵
-
\??\c:\tntbnt.exec:\tntbnt.exe142⤵
-
\??\c:\tntbht.exec:\tntbht.exe143⤵
-
\??\c:\xrfflll.exec:\xrfflll.exe144⤵
-
\??\c:\5jvvd.exec:\5jvvd.exe145⤵
-
\??\c:\tttbth.exec:\tttbth.exe146⤵
-
\??\c:\fflxffr.exec:\fflxffr.exe147⤵
- System Location Discovery: System Language Discovery
-
\??\c:\dvdpp.exec:\dvdpp.exe148⤵
- System Location Discovery: System Language Discovery
-
\??\c:\llxfrll.exec:\llxfrll.exe149⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe150⤵
- System Location Discovery: System Language Discovery
-
\??\c:\tntntt.exec:\tntntt.exe151⤵
-
\??\c:\rxfrlfl.exec:\rxfrlfl.exe152⤵
-
\??\c:\vjjpj.exec:\vjjpj.exe153⤵
-
\??\c:\ttbbnb.exec:\ttbbnb.exe154⤵
-
\??\c:\xlrfxxl.exec:\xlrfxxl.exe155⤵
-
\??\c:\pvddv.exec:\pvddv.exe156⤵
-
\??\c:\lxlffxl.exec:\lxlffxl.exe157⤵
- System Location Discovery: System Language Discovery
-
\??\c:\dddjv.exec:\dddjv.exe158⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe159⤵
-
\??\c:\vddpv.exec:\vddpv.exe160⤵
-
\??\c:\nnntbt.exec:\nnntbt.exe161⤵
-
\??\c:\dppjp.exec:\dppjp.exe162⤵
-
\??\c:\tnnbth.exec:\tnnbth.exe163⤵
-
\??\c:\bnthth.exec:\bnthth.exe164⤵
-
\??\c:\ppjvd.exec:\ppjvd.exe165⤵
-
\??\c:\dvdjd.exec:\dvdjd.exe166⤵
-
\??\c:\bbttht.exec:\bbttht.exe167⤵
-
\??\c:\9rrllxr.exec:\9rrllxr.exe168⤵
-
\??\c:\rflrxff.exec:\rflrxff.exe169⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pvddp.exec:\pvddp.exe170⤵
-
\??\c:\nbhnht.exec:\nbhnht.exe171⤵
-
\??\c:\lxrfxlr.exec:\lxrfxlr.exe172⤵
-
\??\c:\dppvv.exec:\dppvv.exe173⤵
-
\??\c:\rfllxxf.exec:\rfllxxf.exe174⤵
-
\??\c:\1pjpd.exec:\1pjpd.exe175⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pddvd.exec:\pddvd.exe176⤵
-
\??\c:\3bntnh.exec:\3bntnh.exe177⤵
-
\??\c:\tnthtn.exec:\tnthtn.exe178⤵
-
\??\c:\bntnnn.exec:\bntnnn.exe179⤵
-
\??\c:\jpdjp.exec:\jpdjp.exe180⤵
-
\??\c:\5hbtht.exec:\5hbtht.exe181⤵
-
\??\c:\rrrxxlf.exec:\rrrxxlf.exe182⤵
-
\??\c:\djddv.exec:\djddv.exe183⤵
-
\??\c:\vjpdd.exec:\vjpdd.exe184⤵
-
\??\c:\bnntht.exec:\bnntht.exe185⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ffrlxfx.exec:\ffrlxfx.exe186⤵
-
\??\c:\ppdjd.exec:\ppdjd.exe187⤵
-
\??\c:\1vdjv.exec:\1vdjv.exe188⤵
-
\??\c:\bbntnn.exec:\bbntnn.exe189⤵
-
\??\c:\flrflrr.exec:\flrflrr.exe190⤵
-
\??\c:\rlrrllf.exec:\rlrrllf.exe191⤵
-
\??\c:\ddppv.exec:\ddppv.exe192⤵
- System Location Discovery: System Language Discovery
-
\??\c:\llxfxxx.exec:\llxfxxx.exe193⤵
-
\??\c:\lxfxrrx.exec:\lxfxrrx.exe194⤵
-
\??\c:\vddjj.exec:\vddjj.exe195⤵
-
\??\c:\bbhnnt.exec:\bbhnnt.exe196⤵
-
\??\c:\3tbhbh.exec:\3tbhbh.exe197⤵
-
\??\c:\lflrlrx.exec:\lflrlrx.exe198⤵
-
\??\c:\ttbnht.exec:\ttbnht.exe199⤵
-
\??\c:\ttnhhn.exec:\ttnhhn.exe200⤵
-
\??\c:\rxxfxlf.exec:\rxxfxlf.exe201⤵
-
\??\c:\ffrrrfr.exec:\ffrrrfr.exe202⤵
-
\??\c:\pvppj.exec:\pvppj.exe203⤵
-
\??\c:\tthbnn.exec:\tthbnn.exe204⤵
-
\??\c:\hhnbtt.exec:\hhnbtt.exe205⤵
-
\??\c:\fllxrll.exec:\fllxrll.exe206⤵
-
\??\c:\jvdpd.exec:\jvdpd.exe207⤵
-
\??\c:\thhhhb.exec:\thhhhb.exe208⤵
-
\??\c:\xffffrr.exec:\xffffrr.exe209⤵
-
\??\c:\vvdjv.exec:\vvdjv.exe210⤵
-
\??\c:\nbtbth.exec:\nbtbth.exe211⤵
-
\??\c:\hbnthh.exec:\hbnthh.exe212⤵
-
\??\c:\rxxfffl.exec:\rxxfffl.exe213⤵
-
\??\c:\vdvvd.exec:\vdvvd.exe214⤵
-
\??\c:\jjvjp.exec:\jjvjp.exe215⤵
-
\??\c:\nhtbbn.exec:\nhtbbn.exe216⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jjpdd.exec:\jjpdd.exe217⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jjjjv.exec:\jjjjv.exe218⤵
-
\??\c:\tntthb.exec:\tntthb.exe219⤵
-
\??\c:\fllfrlr.exec:\fllfrlr.exe220⤵
-
\??\c:\vdvvj.exec:\vdvvj.exe221⤵
-
\??\c:\vvdpv.exec:\vvdpv.exe222⤵
-
\??\c:\bhnnbh.exec:\bhnnbh.exe223⤵
-
\??\c:\ntbhbh.exec:\ntbhbh.exe224⤵
-
\??\c:\nhhnnt.exec:\nhhnnt.exe225⤵
-
\??\c:\3rfrlfr.exec:\3rfrlfr.exe226⤵
-
\??\c:\pvddd.exec:\pvddd.exe227⤵
-
\??\c:\frlxflx.exec:\frlxflx.exe228⤵
-
\??\c:\vvjpp.exec:\vvjpp.exe229⤵
-
\??\c:\ddvjd.exec:\ddvjd.exe230⤵
-
\??\c:\vjjjp.exec:\vjjjp.exe231⤵
- System Location Discovery: System Language Discovery
-
\??\c:\bnnttn.exec:\bnnttn.exe232⤵
-
\??\c:\xrlxrfx.exec:\xrlxrfx.exe233⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe234⤵
-
\??\c:\9hhthn.exec:\9hhthn.exe235⤵
-
\??\c:\vdvvd.exec:\vdvvd.exe236⤵
-
\??\c:\fllxrrr.exec:\fllxrrr.exe237⤵
-
\??\c:\vvvjj.exec:\vvvjj.exe238⤵
-
\??\c:\rlrfrfl.exec:\rlrfrfl.exe239⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vdppj.exec:\vdppj.exe240⤵