Analysis
-
max time kernel
120s -
max time network
106s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
27-07-2024 01:48
General
-
Target
7cd79210f58de47b883ad8115b103790N.exe
-
Size
56KB
-
MD5
7cd79210f58de47b883ad8115b103790
-
SHA1
c966dcf5c2bf32989d17cbb8960a567f5c86eea5
-
SHA256
629981ba50b5aee9b61496e6aae690418e6408e01460e3303393da042f779cdf
-
SHA512
40b12aa2520098e5aec7d4616adc16bf8e85cee63add8e947b077d311adaa2d34328253bc5754924c32600c85dff2f9a2e54db12894e97b9188676a6156efd74
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFs:ymb3NkkiQ3mdBjFIFs
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7cd79210f58de47b883ad8115b103790N.exe"C:\Users\Admin\AppData\Local\Temp\7cd79210f58de47b883ad8115b103790N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1jjdd.exec:\1jjdd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxfxf.exec:\xrfxfxf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbntt.exec:\ntbntt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrxxxx.exec:\xlrxxxx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnthbt.exec:\nnthbt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppdd.exec:\dppdd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvjv.exec:\jpvjv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddpv.exec:\jddpv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbbhn.exec:\nnbbhn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhnt.exec:\btnhnt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdpd.exec:\ppdpd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrfrxf.exec:\rlrfrxf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjdp.exec:\jjjdp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnbbh.exec:\thnbbh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlfrll.exec:\lrlfrll.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhtb.exec:\hbhhtb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tnbnn.exec:\1tnbnn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrfxll.exec:\xxrfxll.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppppv.exec:\ppppv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhnhb.exec:\thhnhb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbnt.exec:\hbhbnt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrffxl.exec:\xxrffxl.exe23⤵
- Executes dropped EXE
-
\??\c:\fxfrxlx.exec:\fxfrxlx.exe24⤵
- Executes dropped EXE
-
\??\c:\flrrfxf.exec:\flrrfxf.exe25⤵
- Executes dropped EXE
-
\??\c:\hnhtnh.exec:\hnhtnh.exe26⤵
- Executes dropped EXE
-
\??\c:\dvjvv.exec:\dvjvv.exe27⤵
- Executes dropped EXE
-
\??\c:\httbbt.exec:\httbbt.exe28⤵
- Executes dropped EXE
-
\??\c:\frrrxlr.exec:\frrrxlr.exe29⤵
- Executes dropped EXE
-
\??\c:\ddppp.exec:\ddppp.exe30⤵
- Executes dropped EXE
-
\??\c:\tbbtnt.exec:\tbbtnt.exe31⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\httttt.exec:\httttt.exe32⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\fffxflx.exec:\fffxflx.exe33⤵
- Executes dropped EXE
-
\??\c:\pjvjv.exec:\pjvjv.exe34⤵
- Executes dropped EXE
-
\??\c:\vdjvp.exec:\vdjvp.exe35⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\bntntn.exec:\bntntn.exe36⤵
- Executes dropped EXE
-
\??\c:\nbhnnh.exec:\nbhnnh.exe37⤵
- Executes dropped EXE
-
\??\c:\nnbhtn.exec:\nnbhtn.exe38⤵
- Executes dropped EXE
-
\??\c:\thbtht.exec:\thbtht.exe39⤵
- Executes dropped EXE
-
\??\c:\9rlfrll.exec:\9rlfrll.exe40⤵
- Executes dropped EXE
-
\??\c:\xlxxxfr.exec:\xlxxxfr.exe41⤵
- Executes dropped EXE
-
\??\c:\hnhttb.exec:\hnhttb.exe42⤵
- Executes dropped EXE
-
\??\c:\lfrlxrl.exec:\lfrlxrl.exe43⤵
- Executes dropped EXE
-
\??\c:\ddpdp.exec:\ddpdp.exe44⤵
- Executes dropped EXE
-
\??\c:\9nntnh.exec:\9nntnh.exe45⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\vvjvd.exec:\vvjvd.exe46⤵
- Executes dropped EXE
-
\??\c:\7nnhnh.exec:\7nnhnh.exe47⤵
- Executes dropped EXE
-
\??\c:\rrlrxfx.exec:\rrlrxfx.exe48⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rxlllfx.exec:\rxlllfx.exe49⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\3vvvj.exec:\3vvvj.exe50⤵
- Executes dropped EXE
-
\??\c:\bbhhtn.exec:\bbhhtn.exe51⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rrlxlxl.exec:\rrlxlxl.exe52⤵
- Executes dropped EXE
-
\??\c:\bthtbn.exec:\bthtbn.exe53⤵
- Executes dropped EXE
-
\??\c:\xlxrrll.exec:\xlxrrll.exe54⤵
- Executes dropped EXE
-
\??\c:\lrllfff.exec:\lrllfff.exe55⤵
- Executes dropped EXE
-
\??\c:\ffrrrrr.exec:\ffrrrrr.exe56⤵
- Executes dropped EXE
-
\??\c:\xlxrxlr.exec:\xlxrxlr.exe57⤵
- Executes dropped EXE
-
\??\c:\rrflxlx.exec:\rrflxlx.exe58⤵
- Executes dropped EXE
-
\??\c:\pppjj.exec:\pppjj.exe59⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\xxxllxx.exec:\xxxllxx.exe60⤵
- Executes dropped EXE
-
\??\c:\llfrfrr.exec:\llfrfrr.exe61⤵
- Executes dropped EXE
-
\??\c:\jdvvd.exec:\jdvvd.exe62⤵
- Executes dropped EXE
-
\??\c:\xxlrrxr.exec:\xxlrrxr.exe63⤵
- Executes dropped EXE
-
\??\c:\dpdpd.exec:\dpdpd.exe64⤵
- Executes dropped EXE
-
\??\c:\xrlrfrx.exec:\xrlrfrx.exe65⤵
- Executes dropped EXE
-
\??\c:\tbhtbt.exec:\tbhtbt.exe66⤵
- System Location Discovery: System Language Discovery
-
\??\c:\bthhnt.exec:\bthhnt.exe67⤵
-
\??\c:\lrrfxfr.exec:\lrrfxfr.exe68⤵
-
\??\c:\flxrlxr.exec:\flxrlxr.exe69⤵
-
\??\c:\vpppp.exec:\vpppp.exe70⤵
-
\??\c:\tbnnbh.exec:\tbnnbh.exe71⤵
-
\??\c:\fxfxxxr.exec:\fxfxxxr.exe72⤵
-
\??\c:\jpdjv.exec:\jpdjv.exe73⤵
-
\??\c:\5xlfxlx.exec:\5xlfxlx.exe74⤵
- System Location Discovery: System Language Discovery
-
\??\c:\nbtnhb.exec:\nbtnhb.exe75⤵
-
\??\c:\9lxxlrr.exec:\9lxxlrr.exe76⤵
-
\??\c:\pppdd.exec:\pppdd.exe77⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe78⤵
-
\??\c:\pppdp.exec:\pppdp.exe79⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe80⤵
- System Location Discovery: System Language Discovery
-
\??\c:\bhthth.exec:\bhthth.exe81⤵
-
\??\c:\hnnnnt.exec:\hnnnnt.exe82⤵
- System Location Discovery: System Language Discovery
-
\??\c:\lfxxfrr.exec:\lfxxfrr.exe83⤵
-
\??\c:\rxxflrl.exec:\rxxflrl.exe84⤵
-
\??\c:\jjpjd.exec:\jjpjd.exe85⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe86⤵
-
\??\c:\jvvvd.exec:\jvvvd.exe87⤵
-
\??\c:\tbhhbt.exec:\tbhhbt.exe88⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hhnnbn.exec:\hhnnbn.exe89⤵
- System Location Discovery: System Language Discovery
-
\??\c:\lrlfxfr.exec:\lrlfxfr.exe90⤵
- System Location Discovery: System Language Discovery
-
\??\c:\dpddp.exec:\dpddp.exe91⤵
- System Location Discovery: System Language Discovery
-
\??\c:\7lfxrfr.exec:\7lfxrfr.exe92⤵
-
\??\c:\frrlfrx.exec:\frrlfrx.exe93⤵
- System Location Discovery: System Language Discovery
-
\??\c:\flxxffl.exec:\flxxffl.exe94⤵
- System Location Discovery: System Language Discovery
-
\??\c:\bhtbtb.exec:\bhtbtb.exe95⤵
-
\??\c:\nbttnn.exec:\nbttnn.exe96⤵
-
\??\c:\tttnnb.exec:\tttnnb.exe97⤵
-
\??\c:\xrxxfxf.exec:\xrxxfxf.exe98⤵
-
\??\c:\jjpvj.exec:\jjpvj.exe99⤵
-
\??\c:\jvjvj.exec:\jvjvj.exe100⤵
-
\??\c:\5btttt.exec:\5btttt.exe101⤵
-
\??\c:\hnnbhn.exec:\hnnbhn.exe102⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rfrfrlx.exec:\rfrfrlx.exe103⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe104⤵
-
\??\c:\nnbnnn.exec:\nnbnnn.exe105⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hbbhbb.exec:\hbbhbb.exe106⤵
-
\??\c:\1lrrlxr.exec:\1lrrlxr.exe107⤵
-
\??\c:\dvvdj.exec:\dvvdj.exe108⤵
-
\??\c:\dpjdd.exec:\dpjdd.exe109⤵
-
\??\c:\thbbhb.exec:\thbbhb.exe110⤵
-
\??\c:\fxfxrrl.exec:\fxfxrrl.exe111⤵
-
\??\c:\rfrrlfx.exec:\rfrrlfx.exe112⤵
-
\??\c:\flffrfr.exec:\flffrfr.exe113⤵
-
\??\c:\lfxxrxr.exec:\lfxxrxr.exe114⤵
-
\??\c:\flllxfl.exec:\flllxfl.exe115⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hbttnt.exec:\hbttnt.exe116⤵
-
\??\c:\bnbthh.exec:\bnbthh.exe117⤵
-
\??\c:\tthhhn.exec:\tthhhn.exe118⤵
-
\??\c:\bnntht.exec:\bnntht.exe119⤵
-
\??\c:\frrlrrr.exec:\frrlrrr.exe120⤵
-
\??\c:\djdjj.exec:\djdjj.exe121⤵
-
\??\c:\vddpd.exec:\vddpd.exe122⤵
-
\??\c:\lrrxxll.exec:\lrrxxll.exe123⤵
-
\??\c:\nbhbtn.exec:\nbhbtn.exe124⤵
-
\??\c:\hhhhht.exec:\hhhhht.exe125⤵
-
\??\c:\vppjj.exec:\vppjj.exe126⤵
-
\??\c:\bttnhb.exec:\bttnhb.exe127⤵
-
\??\c:\fxrlfrr.exec:\fxrlfrr.exe128⤵
-
\??\c:\rlffxlr.exec:\rlffxlr.exe129⤵
-
\??\c:\vjvdj.exec:\vjvdj.exe130⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe131⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vvdpv.exec:\vvdpv.exe132⤵
- System Location Discovery: System Language Discovery
-
\??\c:\9xfrrxf.exec:\9xfrrxf.exe133⤵
-
\??\c:\djvjp.exec:\djvjp.exe134⤵
-
\??\c:\jppjj.exec:\jppjj.exe135⤵
-
\??\c:\htthbt.exec:\htthbt.exe136⤵
-
\??\c:\dddpp.exec:\dddpp.exe137⤵
-
\??\c:\ntntnn.exec:\ntntnn.exe138⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe139⤵
-
\??\c:\vvjjp.exec:\vvjjp.exe140⤵
-
\??\c:\7hhbtb.exec:\7hhbtb.exe141⤵
-
\??\c:\xflxflr.exec:\xflxflr.exe142⤵
-
\??\c:\pdvjj.exec:\pdvjj.exe143⤵
-
\??\c:\rxrrrff.exec:\rxrrrff.exe144⤵
-
\??\c:\pvppd.exec:\pvppd.exe145⤵
-
\??\c:\ttntnt.exec:\ttntnt.exe146⤵
-
\??\c:\tntthn.exec:\tntthn.exe147⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xlrxlrl.exec:\xlrxlrl.exe148⤵
-
\??\c:\bnbnbh.exec:\bnbnbh.exe149⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xlrrllf.exec:\xlrrllf.exe150⤵
-
\??\c:\9ppvv.exec:\9ppvv.exe151⤵
-
\??\c:\xrxffrr.exec:\xrxffrr.exe152⤵
-
\??\c:\hnbbtn.exec:\hnbbtn.exe153⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jvpjj.exec:\jvpjj.exe154⤵
-
\??\c:\bntttt.exec:\bntttt.exe155⤵
-
\??\c:\bhbnbt.exec:\bhbnbt.exe156⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rxrrrrx.exec:\rxrrrrx.exe157⤵
-
\??\c:\vvpvp.exec:\vvpvp.exe158⤵
-
\??\c:\pddpp.exec:\pddpp.exe159⤵
-
\??\c:\nhbbht.exec:\nhbbht.exe160⤵
-
\??\c:\lxlflxr.exec:\lxlflxr.exe161⤵
-
\??\c:\rlfxxxx.exec:\rlfxxxx.exe162⤵
-
\??\c:\dvjvp.exec:\dvjvp.exe163⤵
-
\??\c:\tbbnhb.exec:\tbbnhb.exe164⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xlffrll.exec:\xlffrll.exe165⤵
-
\??\c:\hhnhbt.exec:\hhnhbt.exe166⤵
-
\??\c:\dppvj.exec:\dppvj.exe167⤵
-
\??\c:\bnttbb.exec:\bnttbb.exe168⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ttbhth.exec:\ttbhth.exe169⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe170⤵
-
\??\c:\bhtntt.exec:\bhtntt.exe171⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rrrflrf.exec:\rrrflrf.exe172⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pdjvd.exec:\pdjvd.exe173⤵
-
\??\c:\pjvjp.exec:\pjvjp.exe174⤵
-
\??\c:\ntbtnn.exec:\ntbtnn.exe175⤵
-
\??\c:\rrfxlfr.exec:\rrfxlfr.exe176⤵
- System Location Discovery: System Language Discovery
-
\??\c:\frllxrr.exec:\frllxrr.exe177⤵
-
\??\c:\pdddj.exec:\pdddj.exe178⤵
-
\??\c:\btnhhn.exec:\btnhhn.exe179⤵
-
\??\c:\lfrxlrl.exec:\lfrxlrl.exe180⤵
-
\??\c:\vddjp.exec:\vddjp.exe181⤵
-
\??\c:\tbnnbn.exec:\tbnnbn.exe182⤵
-
\??\c:\hhttbn.exec:\hhttbn.exe183⤵
- System Location Discovery: System Language Discovery
-
\??\c:\frxrxlf.exec:\frxrxlf.exe184⤵
-
\??\c:\jjvdp.exec:\jjvdp.exe185⤵
-
\??\c:\llrrxff.exec:\llrrxff.exe186⤵
-
\??\c:\httnbh.exec:\httnbh.exe187⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe188⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pvjvj.exec:\pvjvj.exe189⤵
-
\??\c:\thhhhh.exec:\thhhhh.exe190⤵
-
\??\c:\lxrrlrx.exec:\lxrrlrx.exe191⤵
-
\??\c:\pvjpd.exec:\pvjpd.exe192⤵
- System Location Discovery: System Language Discovery
-
\??\c:\tnbbhb.exec:\tnbbhb.exe193⤵
-
\??\c:\lxlffxl.exec:\lxlffxl.exe194⤵
-
\??\c:\dddpp.exec:\dddpp.exe195⤵
-
\??\c:\jvjpj.exec:\jvjpj.exe196⤵
-
\??\c:\hbntnt.exec:\hbntnt.exe197⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xrfxxll.exec:\xrfxxll.exe198⤵
-
\??\c:\3dvdj.exec:\3dvdj.exe199⤵
-
\??\c:\tnbtbt.exec:\tnbtbt.exe200⤵
-
\??\c:\fxrlxff.exec:\fxrlxff.exe201⤵
-
\??\c:\dpdjp.exec:\dpdjp.exe202⤵
-
\??\c:\jjdpj.exec:\jjdpj.exe203⤵
-
\??\c:\9bhbnt.exec:\9bhbnt.exe204⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xxlxflf.exec:\xxlxflf.exe205⤵
-
\??\c:\thttnn.exec:\thttnn.exe206⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jjppv.exec:\jjppv.exe207⤵
-
\??\c:\htnbtt.exec:\htnbtt.exe208⤵
-
\??\c:\fxllrxf.exec:\fxllrxf.exe209⤵
-
\??\c:\djpvd.exec:\djpvd.exe210⤵
-
\??\c:\hhbnnb.exec:\hhbnnb.exe211⤵
-
\??\c:\rrrfxxl.exec:\rrrfxxl.exe212⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ppvvd.exec:\ppvvd.exe213⤵
-
\??\c:\rfrxxfl.exec:\rfrxxfl.exe214⤵
-
\??\c:\5rflxxx.exec:\5rflxxx.exe215⤵
-
\??\c:\nthttb.exec:\nthttb.exe216⤵
-
\??\c:\hnhbnb.exec:\hnhbnb.exe217⤵
-
\??\c:\pdvjp.exec:\pdvjp.exe218⤵
-
\??\c:\jvjpj.exec:\jvjpj.exe219⤵
-
\??\c:\nnttbn.exec:\nnttbn.exe220⤵
- System Location Discovery: System Language Discovery
-
\??\c:\lxlxlfx.exec:\lxlxlfx.exe221⤵
-
\??\c:\rfrfrxr.exec:\rfrfrxr.exe222⤵
-
\??\c:\jvddd.exec:\jvddd.exe223⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jvjpj.exec:\jvjpj.exe224⤵
-
\??\c:\tbnbth.exec:\tbnbth.exe225⤵
-
\??\c:\bbbhbn.exec:\bbbhbn.exe226⤵
-
\??\c:\xlrfrrl.exec:\xlrfrrl.exe227⤵
-
\??\c:\vvdpj.exec:\vvdpj.exe228⤵
-
\??\c:\hhtbnb.exec:\hhtbnb.exe229⤵
-
\??\c:\rlxrxxl.exec:\rlxrxxl.exe230⤵
-
\??\c:\3rfflxr.exec:\3rfflxr.exe231⤵
-
\??\c:\nththt.exec:\nththt.exe232⤵
-
\??\c:\hbhhth.exec:\hbhhth.exe233⤵
-
\??\c:\jvdpv.exec:\jvdpv.exe234⤵
- System Location Discovery: System Language Discovery
-
\??\c:\btbnbh.exec:\btbnbh.exe235⤵
-
\??\c:\dvdpv.exec:\dvdpv.exe236⤵
-
\??\c:\dpdvp.exec:\dpdvp.exe237⤵
-
\??\c:\pvjjd.exec:\pvjjd.exe238⤵
-
\??\c:\rlxflrr.exec:\rlxflrr.exe239⤵
-
\??\c:\vjvvj.exec:\vjvvj.exe240⤵
-
\??\c:\pjdpj.exec:\pjdpj.exe241⤵