Analysis
-
max time kernel
149s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
27-07-2024 02:45
General
-
Target
b73a7b24d2085926cbcb5ede6685d6b7c105e88672fa7fb5277de4117cce4a87.exe
-
Size
65KB
-
MD5
6dd2e9aba5cf0beeced4fc84bcdb342c
-
SHA1
5b59b56d2b4612c79f9ee12e841be1d8424b158e
-
SHA256
b73a7b24d2085926cbcb5ede6685d6b7c105e88672fa7fb5277de4117cce4a87
-
SHA512
ecf78a1dbf733897a445ebd047f588f41cde0ea971ce170b7d76268d9d17d5b97cffe7d687aae369d740406ba89ae0005080e560c2e39c83706265465c07100b
-
SSDEEP
1536:tvQBeOGtrYS3srx93UBWfwC6Ggnouy8gA2Nr602M:thOmTsF93UYfwC6GIoutgd20v
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 56 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b73a7b24d2085926cbcb5ede6685d6b7c105e88672fa7fb5277de4117cce4a87.exe"C:\Users\Admin\AppData\Local\Temp\b73a7b24d2085926cbcb5ede6685d6b7c105e88672fa7fb5277de4117cce4a87.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\xflxfxf.exec:\xflxfxf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdjp.exec:\jpdjp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnhth.exec:\thnhth.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlxrff.exec:\frlxrff.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vjjp.exec:\3vjjp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfrrlx.exec:\xxfrrlx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vpvj.exec:\5vpvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdvp.exec:\pvdvp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbthnt.exec:\hbthnt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfflxrx.exec:\lfflxrx.exe11⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\1bthtn.exec:\1bthtn.exe12⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbtht.exec:\bbbtht.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttbnt.exec:\nttbnt.exe14⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\7vpvv.exec:\7vpvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbnhn.exec:\nnbnhn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrffffl.exec:\lrffffl.exe17⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\5vpjj.exec:\5vpjj.exe18⤵
- Executes dropped EXE
-
\??\c:\tttntt.exec:\tttntt.exe19⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\9rrrxll.exec:\9rrrxll.exe20⤵
- Executes dropped EXE
-
\??\c:\rlffrfr.exec:\rlffrfr.exe21⤵
- Executes dropped EXE
-
\??\c:\9pdvd.exec:\9pdvd.exe22⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\fxlrflx.exec:\fxlrflx.exe23⤵
- Executes dropped EXE
-
\??\c:\dpddd.exec:\dpddd.exe24⤵
- Executes dropped EXE
-
\??\c:\7flfrxr.exec:\7flfrxr.exe25⤵
- Executes dropped EXE
-
\??\c:\xxffxrf.exec:\xxffxrf.exe26⤵
- Executes dropped EXE
-
\??\c:\vvvjv.exec:\vvvjv.exe27⤵
- Executes dropped EXE
-
\??\c:\flrrlfl.exec:\flrrlfl.exe28⤵
- Executes dropped EXE
-
\??\c:\djppv.exec:\djppv.exe29⤵
- Executes dropped EXE
-
\??\c:\hbnnht.exec:\hbnnht.exe30⤵
- Executes dropped EXE
-
\??\c:\vpppp.exec:\vpppp.exe31⤵
- Executes dropped EXE
-
\??\c:\pjjjv.exec:\pjjjv.exe32⤵
- Executes dropped EXE
-
\??\c:\ppppv.exec:\ppppv.exe33⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\nttbtb.exec:\nttbtb.exe34⤵
- Executes dropped EXE
-
\??\c:\llllfxr.exec:\llllfxr.exe35⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\7vvjv.exec:\7vvjv.exe36⤵
- Executes dropped EXE
-
\??\c:\9hhnnb.exec:\9hhnnb.exe37⤵
- Executes dropped EXE
-
\??\c:\xxxfllr.exec:\xxxfllr.exe38⤵
- Executes dropped EXE
-
\??\c:\djdjj.exec:\djdjj.exe39⤵
- Executes dropped EXE
-
\??\c:\djdpj.exec:\djdpj.exe40⤵
- Executes dropped EXE
-
\??\c:\lfxfrrf.exec:\lfxfrrf.exe41⤵
- Executes dropped EXE
-
\??\c:\jdddp.exec:\jdddp.exe42⤵
- Executes dropped EXE
-
\??\c:\ntntnb.exec:\ntntnb.exe43⤵
- Executes dropped EXE
-
\??\c:\htnttn.exec:\htnttn.exe44⤵
- Executes dropped EXE
-
\??\c:\jpdvj.exec:\jpdvj.exe45⤵
- Executes dropped EXE
-
\??\c:\ffllffl.exec:\ffllffl.exe46⤵
- Executes dropped EXE
-
\??\c:\ntttnn.exec:\ntttnn.exe47⤵
- Executes dropped EXE
-
\??\c:\bbbbbt.exec:\bbbbbt.exe48⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\bhhthh.exec:\bhhthh.exe49⤵
- Executes dropped EXE
-
\??\c:\rlllxlf.exec:\rlllxlf.exe50⤵
- Executes dropped EXE
-
\??\c:\rfrrffr.exec:\rfrrffr.exe51⤵
- Executes dropped EXE
-
\??\c:\dvvvp.exec:\dvvvp.exe52⤵
- Executes dropped EXE
-
\??\c:\rfrlrlf.exec:\rfrlrlf.exe53⤵
- Executes dropped EXE
-
\??\c:\pdjjv.exec:\pdjjv.exe54⤵
- Executes dropped EXE
-
\??\c:\jdvjv.exec:\jdvjv.exe55⤵
- Executes dropped EXE
-
\??\c:\9htnhb.exec:\9htnhb.exe56⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\tthntb.exec:\tthntb.exe57⤵
- Executes dropped EXE
-
\??\c:\nhbhnh.exec:\nhbhnh.exe58⤵
- Executes dropped EXE
-
\??\c:\3xrfffr.exec:\3xrfffr.exe59⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\xllxfrr.exec:\xllxfrr.exe60⤵
- Executes dropped EXE
-
\??\c:\7rrflxf.exec:\7rrflxf.exe61⤵
- Executes dropped EXE
-
\??\c:\lflxrlr.exec:\lflxrlr.exe62⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\bnhnbt.exec:\bnhnbt.exe63⤵
- Executes dropped EXE
-
\??\c:\xflrfrr.exec:\xflrfrr.exe64⤵
- Executes dropped EXE
-
\??\c:\xfxxrxf.exec:\xfxxrxf.exe65⤵
- Executes dropped EXE
-
\??\c:\hhnbnn.exec:\hhnbnn.exe66⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ddpdd.exec:\ddpdd.exe67⤵
-
\??\c:\hbnbbt.exec:\hbnbbt.exe68⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe69⤵
-
\??\c:\tnhtbh.exec:\tnhtbh.exe70⤵
-
\??\c:\fxrxxxx.exec:\fxrxxxx.exe71⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe72⤵
-
\??\c:\rffxffx.exec:\rffxffx.exe73⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vppvj.exec:\vppvj.exe74⤵
-
\??\c:\1lflfrf.exec:\1lflfrf.exe75⤵
-
\??\c:\5jjjv.exec:\5jjjv.exe76⤵
-
\??\c:\bhtbnh.exec:\bhtbnh.exe77⤵
-
\??\c:\xfllfxf.exec:\xfllfxf.exe78⤵
-
\??\c:\pvvjd.exec:\pvvjd.exe79⤵
-
\??\c:\flfrflr.exec:\flfrflr.exe80⤵
-
\??\c:\jdvdd.exec:\jdvdd.exe81⤵
-
\??\c:\nthhnt.exec:\nthhnt.exe82⤵
-
\??\c:\ffllfrr.exec:\ffllfrr.exe83⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vdpjv.exec:\vdpjv.exe84⤵
-
\??\c:\ttnbbb.exec:\ttnbbb.exe85⤵
- System Location Discovery: System Language Discovery
-
\??\c:\dvjdd.exec:\dvjdd.exe86⤵
-
\??\c:\nhhbtb.exec:\nhhbtb.exe87⤵
-
\??\c:\jppdj.exec:\jppdj.exe88⤵
-
\??\c:\tttbnt.exec:\tttbnt.exe89⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pjvvv.exec:\pjvvv.exe90⤵
-
\??\c:\ppvjv.exec:\ppvjv.exe91⤵
-
\??\c:\rrlxrll.exec:\rrlxrll.exe92⤵
-
\??\c:\bhbbbn.exec:\bhbbbn.exe93⤵
-
\??\c:\djddp.exec:\djddp.exe94⤵
-
\??\c:\llfxflr.exec:\llfxflr.exe95⤵
-
\??\c:\htbnbt.exec:\htbnbt.exe96⤵
-
\??\c:\pjppp.exec:\pjppp.exe97⤵
-
\??\c:\tbnnhh.exec:\tbnnhh.exe98⤵
-
\??\c:\xxfxrfr.exec:\xxfxrfr.exe99⤵
-
\??\c:\ppdpd.exec:\ppdpd.exe100⤵
-
\??\c:\tbtntt.exec:\tbtntt.exe101⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ppvjp.exec:\ppvjp.exe102⤵
-
\??\c:\rxrxlfr.exec:\rxrxlfr.exe103⤵
-
\??\c:\vpjvd.exec:\vpjvd.exe104⤵
-
\??\c:\ffllxxl.exec:\ffllxxl.exe105⤵
-
\??\c:\thbbht.exec:\thbbht.exe106⤵
-
\??\c:\rfxfrrx.exec:\rfxfrrx.exe107⤵
-
\??\c:\hhhhhb.exec:\hhhhhb.exe108⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xrllxlr.exec:\xrllxlr.exe109⤵
-
\??\c:\bnbhnt.exec:\bnbhnt.exe110⤵
-
\??\c:\jpvjj.exec:\jpvjj.exe111⤵
-
\??\c:\7thhht.exec:\7thhht.exe112⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe113⤵
-
\??\c:\frfrfrf.exec:\frfrfrf.exe114⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jjvjd.exec:\jjvjd.exe115⤵
-
\??\c:\rfrrllf.exec:\rfrrllf.exe116⤵
-
\??\c:\bbttnn.exec:\bbttnn.exe117⤵
-
\??\c:\ppjjp.exec:\ppjjp.exe118⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ttnnhh.exec:\ttnnhh.exe119⤵
-
\??\c:\vdjvp.exec:\vdjvp.exe120⤵
- System Location Discovery: System Language Discovery
-
\??\c:\bbhbnh.exec:\bbhbnh.exe121⤵
-
\??\c:\vvppj.exec:\vvppj.exe122⤵
-
\??\c:\hhttbn.exec:\hhttbn.exe123⤵
-
\??\c:\7thbbh.exec:\7thbbh.exe124⤵
-
\??\c:\xlrxlfl.exec:\xlrxlfl.exe125⤵
-
\??\c:\nbhhhn.exec:\nbhhhn.exe126⤵
-
\??\c:\djpjp.exec:\djpjp.exe127⤵
-
\??\c:\9fxrlfx.exec:\9fxrlfx.exe128⤵
-
\??\c:\llfrlrx.exec:\llfrlrx.exe129⤵
-
\??\c:\pjjvd.exec:\pjjvd.exe130⤵
-
\??\c:\ddvjj.exec:\ddvjj.exe131⤵
-
\??\c:\thttth.exec:\thttth.exe132⤵
-
\??\c:\3nhbbn.exec:\3nhbbn.exe133⤵
-
\??\c:\jpdjp.exec:\jpdjp.exe134⤵
-
\??\c:\tnhtbt.exec:\tnhtbt.exe135⤵
-
\??\c:\vdvjp.exec:\vdvjp.exe136⤵
-
\??\c:\nnbbtn.exec:\nnbbtn.exe137⤵
-
\??\c:\ddjjp.exec:\ddjjp.exe138⤵
- System Location Discovery: System Language Discovery
-
\??\c:\bbbbhh.exec:\bbbbhh.exe139⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe140⤵
-
\??\c:\rfflxlf.exec:\rfflxlf.exe141⤵
-
\??\c:\7djdd.exec:\7djdd.exe142⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xrrfxlf.exec:\xrrfxlf.exe143⤵
-
\??\c:\vdpvp.exec:\vdpvp.exe144⤵
-
\??\c:\fxflxxx.exec:\fxflxxx.exe145⤵
-
\??\c:\nnbtnt.exec:\nnbtnt.exe146⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xffxxrr.exec:\xffxxrr.exe147⤵
-
\??\c:\tbnnhh.exec:\tbnnhh.exe148⤵
- System Location Discovery: System Language Discovery
-
\??\c:\djdvv.exec:\djdvv.exe149⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xlrxxxx.exec:\xlrxxxx.exe150⤵
- System Location Discovery: System Language Discovery
-
\??\c:\nnthnb.exec:\nnthnb.exe151⤵
-
\??\c:\5vpdp.exec:\5vpdp.exe152⤵
-
\??\c:\frrxxlx.exec:\frrxxlx.exe153⤵
-
\??\c:\djdvv.exec:\djdvv.exe154⤵
- System Location Discovery: System Language Discovery
-
\??\c:\lrfxllr.exec:\lrfxllr.exe155⤵
-
\??\c:\bnnhtb.exec:\bnnhtb.exe156⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pdpdd.exec:\pdpdd.exe157⤵
-
\??\c:\5hbntn.exec:\5hbntn.exe158⤵
-
\??\c:\lxxfrrf.exec:\lxxfrrf.exe159⤵
-
\??\c:\nnnntb.exec:\nnnntb.exe160⤵
-
\??\c:\xlrrlrx.exec:\xlrrlrx.exe161⤵
-
\??\c:\bhtnnh.exec:\bhtnnh.exe162⤵
-
\??\c:\dddvj.exec:\dddvj.exe163⤵
-
\??\c:\xxfxllr.exec:\xxfxllr.exe164⤵
-
\??\c:\vdppp.exec:\vdppp.exe165⤵
-
\??\c:\9pjpj.exec:\9pjpj.exe166⤵
-
\??\c:\bbhhtn.exec:\bbhhtn.exe167⤵
-
\??\c:\rrrrxlr.exec:\rrrrxlr.exe168⤵
-
\??\c:\tntbhh.exec:\tntbhh.exe169⤵
-
\??\c:\jvjvv.exec:\jvjvv.exe170⤵
-
\??\c:\hbntnt.exec:\hbntnt.exe171⤵
-
\??\c:\xlxlffr.exec:\xlxlffr.exe172⤵
-
\??\c:\1vjvp.exec:\1vjvp.exe173⤵
-
\??\c:\rxfrffl.exec:\rxfrffl.exe174⤵
-
\??\c:\nbbhtn.exec:\nbbhtn.exe175⤵
-
\??\c:\dvppd.exec:\dvppd.exe176⤵
-
\??\c:\xlfflxf.exec:\xlfflxf.exe177⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ddjdj.exec:\ddjdj.exe178⤵
-
\??\c:\1rrxfxx.exec:\1rrxfxx.exe179⤵
-
\??\c:\jddpd.exec:\jddpd.exe180⤵
-
\??\c:\btnbht.exec:\btnbht.exe181⤵
-
\??\c:\xllrxxl.exec:\xllrxxl.exe182⤵
-
\??\c:\pppvp.exec:\pppvp.exe183⤵
-
\??\c:\bntnbb.exec:\bntnbb.exe184⤵
-
\??\c:\rrlxfxx.exec:\rrlxfxx.exe185⤵
-
\??\c:\tnbnhn.exec:\tnbnhn.exe186⤵
-
\??\c:\dvddp.exec:\dvddp.exe187⤵
-
\??\c:\tnhnbn.exec:\tnhnbn.exe188⤵
-
\??\c:\ppvjv.exec:\ppvjv.exe189⤵
-
\??\c:\rlxxxfr.exec:\rlxxxfr.exe190⤵
-
\??\c:\ntbttn.exec:\ntbttn.exe191⤵
-
\??\c:\pjvjp.exec:\pjvjp.exe192⤵
-
\??\c:\rxxxlrl.exec:\rxxxlrl.exe193⤵
-
\??\c:\tnnthn.exec:\tnnthn.exe194⤵
-
\??\c:\9dvjd.exec:\9dvjd.exe195⤵
-
\??\c:\ttbbhn.exec:\ttbbhn.exe196⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xfxlxrf.exec:\xfxlxrf.exe197⤵
- System Location Discovery: System Language Discovery
-
\??\c:\bbtnbb.exec:\bbtnbb.exe198⤵
-
\??\c:\ddjdd.exec:\ddjdd.exe199⤵
-
\??\c:\xxfxfff.exec:\xxfxfff.exe200⤵
-
\??\c:\tbntnb.exec:\tbntnb.exe201⤵
-
\??\c:\7dppp.exec:\7dppp.exe202⤵
-
\??\c:\llrrlrl.exec:\llrrlrl.exe203⤵
-
\??\c:\dddpd.exec:\dddpd.exe204⤵
-
\??\c:\xxrflrf.exec:\xxrflrf.exe205⤵
-
\??\c:\nbttbb.exec:\nbttbb.exe206⤵
-
\??\c:\5xxfffl.exec:\5xxfffl.exe207⤵
-
\??\c:\bbtttn.exec:\bbtttn.exe208⤵
-
\??\c:\9rrfllx.exec:\9rrfllx.exe209⤵
-
\??\c:\dvvjd.exec:\dvvjd.exe210⤵
-
\??\c:\frlrflx.exec:\frlrflx.exe211⤵
-
\??\c:\7hnnbh.exec:\7hnnbh.exe212⤵
-
\??\c:\pvdvv.exec:\pvdvv.exe213⤵
-
\??\c:\bttbhb.exec:\bttbhb.exe214⤵
-
\??\c:\pvvjd.exec:\pvvjd.exe215⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hhnnbh.exec:\hhnnbh.exe216⤵
-
\??\c:\vjvjp.exec:\vjvjp.exe217⤵
-
\??\c:\xlfxllf.exec:\xlfxllf.exe218⤵
-
\??\c:\bhttbb.exec:\bhttbb.exe219⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jjjjv.exec:\jjjjv.exe220⤵
-
\??\c:\rffrflx.exec:\rffrflx.exe221⤵
- System Location Discovery: System Language Discovery
-
\??\c:\3vdpj.exec:\3vdpj.exe222⤵
-
\??\c:\1rxrllr.exec:\1rxrllr.exe223⤵
-
\??\c:\nththb.exec:\nththb.exe224⤵
-
\??\c:\jvvvj.exec:\jvvvj.exe225⤵
-
\??\c:\fllrrfr.exec:\fllrrfr.exe226⤵
-
\??\c:\vpjpj.exec:\vpjpj.exe227⤵
-
\??\c:\xrxxrrf.exec:\xrxxrrf.exe228⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hbthtt.exec:\hbthtt.exe229⤵
- System Location Discovery: System Language Discovery
-
\??\c:\7dpjv.exec:\7dpjv.exe230⤵
-
\??\c:\lxffrll.exec:\lxffrll.exe231⤵
-
\??\c:\vdjpj.exec:\vdjpj.exe232⤵
-
\??\c:\jppvj.exec:\jppvj.exe233⤵
-
\??\c:\ppvdv.exec:\ppvdv.exe234⤵
- System Location Discovery: System Language Discovery
-
\??\c:\llxfrrx.exec:\llxfrrx.exe235⤵
-
\??\c:\dpdpp.exec:\dpdpp.exe236⤵
-
\??\c:\xrlfrfl.exec:\xrlfrfl.exe237⤵
-
\??\c:\thbhbn.exec:\thbhbn.exe238⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rxflrfr.exec:\rxflrfr.exe239⤵
-
\??\c:\xlxxfll.exec:\xlxxfll.exe240⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe241⤵