Analysis
-
max time kernel
102s -
max time network
20s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
27-07-2024 01:48
General
-
Target
7cd79210f58de47b883ad8115b103790N.exe
-
Size
56KB
-
MD5
7cd79210f58de47b883ad8115b103790
-
SHA1
c966dcf5c2bf32989d17cbb8960a567f5c86eea5
-
SHA256
629981ba50b5aee9b61496e6aae690418e6408e01460e3303393da042f779cdf
-
SHA512
40b12aa2520098e5aec7d4616adc16bf8e85cee63add8e947b077d311adaa2d34328253bc5754924c32600c85dff2f9a2e54db12894e97b9188676a6156efd74
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFs:ymb3NkkiQ3mdBjFIFs
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7cd79210f58de47b883ad8115b103790N.exe"C:\Users\Admin\AppData\Local\Temp\7cd79210f58de47b883ad8115b103790N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bbrrh.exec:\bbrrh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\drvlddt.exec:\drvlddt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\drdvh.exec:\drdvh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlnhhtd.exec:\xlnhhtd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hdbxh.exec:\hdbxh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hvvbt.exec:\hvvbt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flvrdhx.exec:\flvrdhx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lvfffrr.exec:\lvfffrr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xdvtt.exec:\xdvtt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhdb.exec:\hhhdb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bdvvd.exec:\bdvvd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvtvrfh.exec:\pvtvrfh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hvfxpv.exec:\hvfxpv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fvbtfj.exec:\fvbtfj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bfxjnv.exec:\bfxjnv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hvdhx.exec:\hvdhx.exe17⤵
- Executes dropped EXE
-
\??\c:\rfvft.exec:\rfvft.exe18⤵
- Executes dropped EXE
-
\??\c:\lhnbnvf.exec:\lhnbnvf.exe19⤵
- Executes dropped EXE
-
\??\c:\fbdpp.exec:\fbdpp.exe20⤵
- Executes dropped EXE
-
\??\c:\ttpbl.exec:\ttpbl.exe21⤵
- Executes dropped EXE
-
\??\c:\hbxtvr.exec:\hbxtvr.exe22⤵
- Executes dropped EXE
-
\??\c:\frpdvj.exec:\frpdvj.exe23⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\xpnbplh.exec:\xpnbplh.exe24⤵
- Executes dropped EXE
-
\??\c:\hvpdh.exec:\hvpdh.exe25⤵
- Executes dropped EXE
-
\??\c:\ntdfxxp.exec:\ntdfxxp.exe26⤵
- Executes dropped EXE
-
\??\c:\jhntbl.exec:\jhntbl.exe27⤵
- Executes dropped EXE
-
\??\c:\bvtxnd.exec:\bvtxnd.exe28⤵
- Executes dropped EXE
-
\??\c:\vxtrl.exec:\vxtrl.exe29⤵
- Executes dropped EXE
-
\??\c:\phpntb.exec:\phpntb.exe30⤵
- Executes dropped EXE
-
\??\c:\lvpvp.exec:\lvpvp.exe31⤵
- Executes dropped EXE
-
\??\c:\lldlfht.exec:\lldlfht.exe32⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\tlpldjt.exec:\tlpldjt.exe33⤵
- Executes dropped EXE
-
\??\c:\jlpxlbf.exec:\jlpxlbf.exe34⤵
-
\??\c:\ftndnv.exec:\ftndnv.exe35⤵
- Executes dropped EXE
-
\??\c:\rvbvpf.exec:\rvbvpf.exe36⤵
- Executes dropped EXE
-
\??\c:\jvxjpvr.exec:\jvxjpvr.exe37⤵
- Executes dropped EXE
-
\??\c:\htlnnx.exec:\htlnnx.exe38⤵
- Executes dropped EXE
-
\??\c:\pxtrf.exec:\pxtrf.exe39⤵
- Executes dropped EXE
-
\??\c:\ffbhpnn.exec:\ffbhpnn.exe40⤵
- Executes dropped EXE
-
\??\c:\blfpjj.exec:\blfpjj.exe41⤵
- Executes dropped EXE
-
\??\c:\ddxxnd.exec:\ddxxnd.exe42⤵
- Executes dropped EXE
-
\??\c:\xdlhx.exec:\xdlhx.exe43⤵
- Executes dropped EXE
-
\??\c:\xjlvnjd.exec:\xjlvnjd.exe44⤵
- Executes dropped EXE
-
\??\c:\lvhdd.exec:\lvhdd.exe45⤵
- Executes dropped EXE
-
\??\c:\rltbbb.exec:\rltbbb.exe46⤵
- Executes dropped EXE
-
\??\c:\xthfh.exec:\xthfh.exe47⤵
- Executes dropped EXE
-
\??\c:\nxjrh.exec:\nxjrh.exe48⤵
- Executes dropped EXE
-
\??\c:\nbxvxph.exec:\nbxvxph.exe49⤵
- Executes dropped EXE
-
\??\c:\dfdnvhp.exec:\dfdnvhp.exe50⤵
- Executes dropped EXE
-
\??\c:\htbnv.exec:\htbnv.exe51⤵
- Executes dropped EXE
-
\??\c:\brtrdr.exec:\brtrdr.exe52⤵
- Executes dropped EXE
-
\??\c:\xrtlndp.exec:\xrtlndp.exe53⤵
- Executes dropped EXE
-
\??\c:\nfdbnhd.exec:\nfdbnhd.exe54⤵
- Executes dropped EXE
-
\??\c:\fnjrrh.exec:\fnjrrh.exe55⤵
- Executes dropped EXE
-
\??\c:\xfllhhv.exec:\xfllhhv.exe56⤵
- Executes dropped EXE
-
\??\c:\jpdpl.exec:\jpdpl.exe57⤵
- Executes dropped EXE
-
\??\c:\lhtnjhh.exec:\lhtnjhh.exe58⤵
- Executes dropped EXE
-
\??\c:\jlrdhj.exec:\jlrdhj.exe59⤵
- Executes dropped EXE
-
\??\c:\dtnftp.exec:\dtnftp.exe60⤵
- Executes dropped EXE
-
\??\c:\nxhlfrj.exec:\nxhlfrj.exe61⤵
- Executes dropped EXE
-
\??\c:\dlftx.exec:\dlftx.exe62⤵
- Executes dropped EXE
-
\??\c:\nbblpdb.exec:\nbblpdb.exe63⤵
- Executes dropped EXE
-
\??\c:\lvttlxr.exec:\lvttlxr.exe64⤵
- Executes dropped EXE
-
\??\c:\xdnjp.exec:\xdnjp.exe65⤵
- Executes dropped EXE
-
\??\c:\tttnlf.exec:\tttnlf.exe66⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\ldrpx.exec:\ldrpx.exe67⤵
-
\??\c:\xbtpfll.exec:\xbtpfll.exe68⤵
-
\??\c:\xtjdtln.exec:\xtjdtln.exe69⤵
-
\??\c:\jxnpnrh.exec:\jxnpnrh.exe70⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rnhxvt.exec:\rnhxvt.exe71⤵
-
\??\c:\tnhvv.exec:\tnhvv.exe72⤵
-
\??\c:\nxxfnj.exec:\nxxfnj.exe73⤵
-
\??\c:\vdnrfxd.exec:\vdnrfxd.exe74⤵
-
\??\c:\dlbfphd.exec:\dlbfphd.exe75⤵
-
\??\c:\fptbdfp.exec:\fptbdfp.exe76⤵
-
\??\c:\lhvtdtr.exec:\lhvtdtr.exe77⤵
-
\??\c:\dllhld.exec:\dllhld.exe78⤵
-
\??\c:\trbrj.exec:\trbrj.exe79⤵
-
\??\c:\trdxddv.exec:\trdxddv.exe80⤵
-
\??\c:\hbjpldj.exec:\hbjpldj.exe81⤵
-
\??\c:\bjdfrl.exec:\bjdfrl.exe82⤵
-
\??\c:\bbxrnf.exec:\bbxrnf.exe83⤵
-
\??\c:\djhhdpr.exec:\djhhdpr.exe84⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xvjptlv.exec:\xvjptlv.exe85⤵
-
\??\c:\jnhdh.exec:\jnhdh.exe86⤵
-
\??\c:\rhpjrrd.exec:\rhpjrrd.exe87⤵
-
\??\c:\hhvrht.exec:\hhvrht.exe88⤵
-
\??\c:\rrpvf.exec:\rrpvf.exe89⤵
-
\??\c:\ljnrrnv.exec:\ljnrrnv.exe90⤵
-
\??\c:\tffnj.exec:\tffnj.exe91⤵
-
\??\c:\lbhhnnb.exec:\lbhhnnb.exe92⤵
-
\??\c:\vnplnvp.exec:\vnplnvp.exe93⤵
-
\??\c:\jnbtbrp.exec:\jnbtbrp.exe94⤵
-
\??\c:\btxfjtx.exec:\btxfjtx.exe95⤵
-
\??\c:\jrfrbp.exec:\jrfrbp.exe96⤵
-
\??\c:\fxtrr.exec:\fxtrr.exe97⤵
-
\??\c:\rrjhx.exec:\rrjhx.exe98⤵
-
\??\c:\ljjntx.exec:\ljjntx.exe99⤵
-
\??\c:\nfdhl.exec:\nfdhl.exe100⤵
-
\??\c:\fxpvhtr.exec:\fxpvhtr.exe101⤵
-
\??\c:\nvhfdx.exec:\nvhfdx.exe102⤵
-
\??\c:\vblljlv.exec:\vblljlv.exe103⤵
-
\??\c:\blbnlr.exec:\blbnlr.exe104⤵
-
\??\c:\nfbnv.exec:\nfbnv.exe105⤵
-
\??\c:\blrfhfr.exec:\blrfhfr.exe106⤵
-
\??\c:\jnpjd.exec:\jnpjd.exe107⤵
-
\??\c:\jlrjvl.exec:\jlrjvl.exe108⤵
-
\??\c:\jrlxf.exec:\jrlxf.exe109⤵
-
\??\c:\pbdxjrb.exec:\pbdxjrb.exe110⤵
-
\??\c:\lxdbdd.exec:\lxdbdd.exe111⤵
-
\??\c:\jpbppx.exec:\jpbppx.exe112⤵
- System Location Discovery: System Language Discovery
-
\??\c:\bvjlh.exec:\bvjlh.exe113⤵
-
\??\c:\fdjxthf.exec:\fdjxthf.exe114⤵
-
\??\c:\pfrjdvf.exec:\pfrjdvf.exe115⤵
-
\??\c:\jbtxn.exec:\jbtxn.exe116⤵
-
\??\c:\hnjpx.exec:\hnjpx.exe117⤵
-
\??\c:\xbnfdx.exec:\xbnfdx.exe118⤵
-
\??\c:\hbldd.exec:\hbldd.exe119⤵
-
\??\c:\lhhnh.exec:\lhhnh.exe120⤵
-
\??\c:\lnbbpjt.exec:\lnbbpjt.exe121⤵
-
\??\c:\pdpdlb.exec:\pdpdlb.exe122⤵
-
\??\c:\fvfdbl.exec:\fvfdbl.exe123⤵
-
\??\c:\phjvhv.exec:\phjvhv.exe124⤵
-
\??\c:\xpphb.exec:\xpphb.exe125⤵
-
\??\c:\pjfdx.exec:\pjfdx.exe126⤵
-
\??\c:\vbxrvb.exec:\vbxrvb.exe127⤵
-
\??\c:\dvnrx.exec:\dvnrx.exe128⤵
-
\??\c:\pvnxjt.exec:\pvnxjt.exe129⤵
-
\??\c:\ntlfx.exec:\ntlfx.exe130⤵
-
\??\c:\prpjlp.exec:\prpjlp.exe131⤵
-
\??\c:\vfnpr.exec:\vfnpr.exe132⤵
-
\??\c:\lvdtbpn.exec:\lvdtbpn.exe133⤵
-
\??\c:\ltfhhd.exec:\ltfhhd.exe134⤵
-
\??\c:\xjpxbj.exec:\xjpxbj.exe135⤵
-
\??\c:\trpht.exec:\trpht.exe136⤵
-
\??\c:\fjbblvd.exec:\fjbblvd.exe137⤵
-
\??\c:\djpjnn.exec:\djpjnn.exe138⤵
-
\??\c:\hrvrhf.exec:\hrvrhf.exe139⤵
-
\??\c:\pdrnnhh.exec:\pdrnnhh.exe140⤵
-
\??\c:\rxdjjj.exec:\rxdjjj.exe141⤵
-
\??\c:\fnxnxxr.exec:\fnxnxxr.exe142⤵
-
\??\c:\rvfbhfb.exec:\rvfbhfb.exe143⤵
-
\??\c:\ppdjr.exec:\ppdjr.exe144⤵
-
\??\c:\nbrjrxh.exec:\nbrjrxh.exe145⤵
-
\??\c:\rrjfvf.exec:\rrjfvf.exe146⤵
-
\??\c:\pdxbxb.exec:\pdxbxb.exe147⤵
-
\??\c:\pxfjdv.exec:\pxfjdv.exe148⤵
-
\??\c:\bdvvh.exec:\bdvvh.exe149⤵
-
\??\c:\pddhrdp.exec:\pddhrdp.exe150⤵
-
\??\c:\dvhtv.exec:\dvhtv.exe151⤵
-
\??\c:\pjxjb.exec:\pjxjb.exe152⤵
-
\??\c:\xfrhb.exec:\xfrhb.exe153⤵
-
\??\c:\xdnxnjh.exec:\xdnxnjh.exe154⤵
-
\??\c:\tbxbxn.exec:\tbxbxn.exe155⤵
-
\??\c:\brfbf.exec:\brfbf.exe156⤵
-
\??\c:\xlnhfn.exec:\xlnhfn.exe157⤵
-
\??\c:\bbppr.exec:\bbppr.exe158⤵
-
\??\c:\htbnvf.exec:\htbnvf.exe159⤵
-
\??\c:\ppdbxf.exec:\ppdbxf.exe160⤵
-
\??\c:\nldpdb.exec:\nldpdb.exe161⤵
-
\??\c:\nvltf.exec:\nvltf.exe162⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rjpnxr.exec:\rjpnxr.exe163⤵
-
\??\c:\pblpntp.exec:\pblpntp.exe164⤵
-
\??\c:\jvphv.exec:\jvphv.exe165⤵
-
\??\c:\tnvlxdx.exec:\tnvlxdx.exe166⤵
-
\??\c:\tvhltjt.exec:\tvhltjt.exe167⤵
-
\??\c:\fvvbn.exec:\fvvbn.exe168⤵
-
\??\c:\tbtjhj.exec:\tbtjhj.exe169⤵
-
\??\c:\trdbv.exec:\trdbv.exe170⤵
-
\??\c:\hvxrhnd.exec:\hvxrhnd.exe171⤵
-
\??\c:\hhdtf.exec:\hhdtf.exe172⤵
-
\??\c:\lxpjrx.exec:\lxpjrx.exe173⤵
-
\??\c:\hbnbvp.exec:\hbnbvp.exe174⤵
-
\??\c:\nlhhtj.exec:\nlhhtj.exe175⤵
-
\??\c:\txnhnvv.exec:\txnhnvv.exe176⤵
-
\??\c:\pfbll.exec:\pfbll.exe177⤵
-
\??\c:\hdxpbrj.exec:\hdxpbrj.exe178⤵
-
\??\c:\tdjnp.exec:\tdjnp.exe179⤵
-
\??\c:\dbndvp.exec:\dbndvp.exe180⤵
-
\??\c:\nnddrfp.exec:\nnddrfp.exe181⤵
-
\??\c:\nddfr.exec:\nddfr.exe182⤵
-
\??\c:\tlrfl.exec:\tlrfl.exe183⤵
-
\??\c:\rjhlhhp.exec:\rjhlhhp.exe184⤵
-
\??\c:\xhpxn.exec:\xhpxn.exe185⤵
-
\??\c:\jdllbn.exec:\jdllbn.exe186⤵
-
\??\c:\dhppxt.exec:\dhppxt.exe187⤵
-
\??\c:\bflhjn.exec:\bflhjn.exe188⤵
-
\??\c:\rtdpb.exec:\rtdpb.exe189⤵
-
\??\c:\prhhltd.exec:\prhhltd.exe190⤵
- System Location Discovery: System Language Discovery
-
\??\c:\dlrhn.exec:\dlrhn.exe191⤵
-
\??\c:\vpvbpvv.exec:\vpvbpvv.exe192⤵
-
\??\c:\vhxlf.exec:\vhxlf.exe193⤵
-
\??\c:\dpxbb.exec:\dpxbb.exe194⤵
-
\??\c:\bfjjhff.exec:\bfjjhff.exe195⤵
-
\??\c:\fjfrpx.exec:\fjfrpx.exe196⤵
-
\??\c:\pphjvl.exec:\pphjvl.exe197⤵
-
\??\c:\nvrpf.exec:\nvrpf.exe198⤵
-
\??\c:\tvlvv.exec:\tvlvv.exe199⤵
-
\??\c:\hlhhn.exec:\hlhhn.exe200⤵
-
\??\c:\xjtlt.exec:\xjtlt.exe201⤵
-
\??\c:\ndpdll.exec:\ndpdll.exe202⤵
-
\??\c:\plddvtr.exec:\plddvtr.exe203⤵
-
\??\c:\rtlrh.exec:\rtlrh.exe204⤵
-
\??\c:\nvxnxp.exec:\nvxnxp.exe205⤵
-
\??\c:\rbrvp.exec:\rbrvp.exe206⤵
-
\??\c:\rhfhxxl.exec:\rhfhxxl.exe207⤵
-
\??\c:\fblfxh.exec:\fblfxh.exe208⤵
-
\??\c:\fhftf.exec:\fhftf.exe209⤵
-
\??\c:\phrdvd.exec:\phrdvd.exe210⤵
-
\??\c:\vtjntld.exec:\vtjntld.exe211⤵
-
\??\c:\rdbhhtv.exec:\rdbhhtv.exe212⤵
-
\??\c:\dldbh.exec:\dldbh.exe213⤵
-
\??\c:\ltvxpv.exec:\ltvxpv.exe214⤵
-
\??\c:\hxrpbn.exec:\hxrpbn.exe215⤵
-
\??\c:\tpptvn.exec:\tpptvn.exe216⤵
-
\??\c:\nttjlx.exec:\nttjlx.exe217⤵
-
\??\c:\xhhhhd.exec:\xhhhhd.exe218⤵
-
\??\c:\tjbth.exec:\tjbth.exe219⤵
-
\??\c:\lhrxvr.exec:\lhrxvr.exe220⤵
-
\??\c:\rpxlnft.exec:\rpxlnft.exe221⤵
-
\??\c:\fxtlx.exec:\fxtlx.exe222⤵
-
\??\c:\xrdnjdd.exec:\xrdnjdd.exe223⤵
-
\??\c:\hfllfp.exec:\hfllfp.exe224⤵
-
\??\c:\jptfh.exec:\jptfh.exe225⤵
-
\??\c:\hhdrj.exec:\hhdrj.exe226⤵
-
\??\c:\jnvdlpf.exec:\jnvdlpf.exe227⤵
-
\??\c:\lddvlt.exec:\lddvlt.exe228⤵
-
\??\c:\djjtpf.exec:\djjtpf.exe229⤵
-
\??\c:\lxnnx.exec:\lxnnx.exe230⤵
-
\??\c:\fvnvb.exec:\fvnvb.exe231⤵
-
\??\c:\vhbnph.exec:\vhbnph.exe232⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vdftv.exec:\vdftv.exe233⤵
-
\??\c:\xjphbl.exec:\xjphbl.exe234⤵
-
\??\c:\dxphnlf.exec:\dxphnlf.exe235⤵
-
\??\c:\vpfnxtr.exec:\vpfnxtr.exe236⤵
-
\??\c:\dpnphnx.exec:\dpnphnx.exe237⤵
- System Location Discovery: System Language Discovery
-
\??\c:\tjrpr.exec:\tjrpr.exe238⤵
-
\??\c:\xfbfbfj.exec:\xfbfbfj.exe239⤵
-
\??\c:\thrfht.exec:\thrfht.exe240⤵
-
\??\c:\nttbp.exec:\nttbp.exe241⤵