Analysis
-
max time kernel
112s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
27-07-2024 02:17
General
-
Target
800b4e0f309f0cf8ef848b306c42a710N.exe
-
Size
99KB
-
MD5
800b4e0f309f0cf8ef848b306c42a710
-
SHA1
786d5421fefa88d1add77d2677f6e373842802d6
-
SHA256
c75e4cf8ccf00f980791cb965e6f7179d74375329aa9f22883817f2a75852dd2
-
SHA512
86ec7e1e8a3cb4df7cd582bb7c2ce6b1dabd7da6391b102537db5c2667af2452486bbd23c72711d41995160db4f5aa33702c12a8c40528d13d8b37a64e8d6e55
-
SSDEEP
3072:khOmTsF93UYfwC6GIoutpYcvrqrE6ddW5:kcm4FmowdHoSphra/A
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 57 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\800b4e0f309f0cf8ef848b306c42a710N.exe"C:\Users\Admin\AppData\Local\Temp\800b4e0f309f0cf8ef848b306c42a710N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ddddv.exec:\ddddv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lxxfff.exec:\9lxxfff.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vvpj.exec:\3vvpj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfrrrx.exec:\rxfrrrx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjjp.exec:\vdjjp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhbb.exec:\hbhhbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrlfxr.exec:\rfrlfxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtbhn.exec:\thtbhn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjppp.exec:\jjppp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnnnb.exec:\bhnnnb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrflxx.exec:\rrrflxx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnnbb.exec:\bhnnbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhnnb.exec:\nhhnnb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jdvp.exec:\7jdvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrflll.exec:\flrflll.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhhb.exec:\bnnhhb.exe17⤵
- Executes dropped EXE
-
\??\c:\rrrfxlf.exec:\rrrfxlf.exe18⤵
- Executes dropped EXE
-
\??\c:\hhbbnn.exec:\hhbbnn.exe19⤵
- Executes dropped EXE
-
\??\c:\3llfrlr.exec:\3llfrlr.exe20⤵
- Executes dropped EXE
-
\??\c:\rfflrrl.exec:\rfflrrl.exe21⤵
- Executes dropped EXE
-
\??\c:\dpdjv.exec:\dpdjv.exe22⤵
- Executes dropped EXE
-
\??\c:\jdvdp.exec:\jdvdp.exe23⤵
- Executes dropped EXE
-
\??\c:\tnntnt.exec:\tnntnt.exe24⤵
- Executes dropped EXE
-
\??\c:\dpjpj.exec:\dpjpj.exe25⤵
- Executes dropped EXE
-
\??\c:\xrflflx.exec:\xrflflx.exe26⤵
- Executes dropped EXE
-
\??\c:\vvvpv.exec:\vvvpv.exe27⤵
- Executes dropped EXE
-
\??\c:\hntnnh.exec:\hntnnh.exe28⤵
- Executes dropped EXE
-
\??\c:\ppdvj.exec:\ppdvj.exe29⤵
- Executes dropped EXE
-
\??\c:\7bhnbb.exec:\7bhnbb.exe30⤵
- Executes dropped EXE
-
\??\c:\vdpjj.exec:\vdpjj.exe31⤵
- Executes dropped EXE
-
\??\c:\nbhthh.exec:\nbhthh.exe32⤵
- Executes dropped EXE
-
\??\c:\dpjpd.exec:\dpjpd.exe33⤵
- Executes dropped EXE
-
\??\c:\bnbtbb.exec:\bnbtbb.exe34⤵
- Executes dropped EXE
-
\??\c:\1ddjd.exec:\1ddjd.exe35⤵
- Executes dropped EXE
-
\??\c:\bbtnnt.exec:\bbtnnt.exe36⤵
- Executes dropped EXE
-
\??\c:\7xlffrl.exec:\7xlffrl.exe37⤵
- Executes dropped EXE
-
\??\c:\7ntnhh.exec:\7ntnhh.exe38⤵
- Executes dropped EXE
-
\??\c:\vvvdd.exec:\vvvdd.exe39⤵
- Executes dropped EXE
-
\??\c:\5flflll.exec:\5flflll.exe40⤵
- Executes dropped EXE
-
\??\c:\vpjjd.exec:\vpjjd.exe41⤵
- Executes dropped EXE
-
\??\c:\xxxxxxx.exec:\xxxxxxx.exe42⤵
- Executes dropped EXE
-
\??\c:\bttttb.exec:\bttttb.exe43⤵
- Executes dropped EXE
-
\??\c:\rrlxxfl.exec:\rrlxxfl.exe44⤵
- Executes dropped EXE
-
\??\c:\nhntnn.exec:\nhntnn.exe45⤵
- Executes dropped EXE
-
\??\c:\jjpvp.exec:\jjpvp.exe46⤵
- Executes dropped EXE
-
\??\c:\xrrrlrx.exec:\xrrrlrx.exe47⤵
- Executes dropped EXE
-
\??\c:\pvdvv.exec:\pvdvv.exe48⤵
- Executes dropped EXE
-
\??\c:\7jvvv.exec:\7jvvv.exe49⤵
- Executes dropped EXE
-
\??\c:\bbbhhn.exec:\bbbhhn.exe50⤵
- Executes dropped EXE
-
\??\c:\1rlrxxl.exec:\1rlrxxl.exe51⤵
- Executes dropped EXE
-
\??\c:\nhtbbt.exec:\nhtbbt.exe52⤵
- Executes dropped EXE
-
\??\c:\nnhttn.exec:\nnhttn.exe53⤵
- Executes dropped EXE
-
\??\c:\flrrxrx.exec:\flrrxrx.exe54⤵
- Executes dropped EXE
-
\??\c:\1xxxrlx.exec:\1xxxrlx.exe55⤵
- Executes dropped EXE
-
\??\c:\nntttn.exec:\nntttn.exe56⤵
- Executes dropped EXE
-
\??\c:\ddddd.exec:\ddddd.exe57⤵
- Executes dropped EXE
-
\??\c:\xxrrlrx.exec:\xxrrlrx.exe58⤵
- Executes dropped EXE
-
\??\c:\nnbbhh.exec:\nnbbhh.exe59⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\nthnnb.exec:\nthnnb.exe60⤵
- Executes dropped EXE
-
\??\c:\vjdpd.exec:\vjdpd.exe61⤵
- Executes dropped EXE
-
\??\c:\ntnntb.exec:\ntnntb.exe62⤵
- Executes dropped EXE
-
\??\c:\5hbnnt.exec:\5hbnnt.exe63⤵
- Executes dropped EXE
-
\??\c:\lxrxrxx.exec:\lxrxrxx.exe64⤵
- Executes dropped EXE
-
\??\c:\fxxxlxl.exec:\fxxxlxl.exe65⤵
- Executes dropped EXE
-
\??\c:\nntbhh.exec:\nntbhh.exe66⤵
-
\??\c:\jvjpj.exec:\jvjpj.exe67⤵
-
\??\c:\rrrfxfl.exec:\rrrfxfl.exe68⤵
-
\??\c:\hhhnhh.exec:\hhhnhh.exe69⤵
-
\??\c:\1jjjv.exec:\1jjjv.exe70⤵
-
\??\c:\xxrllrr.exec:\xxrllrr.exe71⤵
-
\??\c:\nnhhht.exec:\nnhhht.exe72⤵
-
\??\c:\9vppv.exec:\9vppv.exe73⤵
-
\??\c:\ffrxfrx.exec:\ffrxfrx.exe74⤵
-
\??\c:\ttnttb.exec:\ttnttb.exe75⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe76⤵
-
\??\c:\jdddp.exec:\jdddp.exe77⤵
-
\??\c:\5bbhbb.exec:\5bbhbb.exe78⤵
-
\??\c:\bnhttb.exec:\bnhttb.exe79⤵
-
\??\c:\rrxrxxf.exec:\rrxrxxf.exe80⤵
-
\??\c:\hnnnth.exec:\hnnnth.exe81⤵
-
\??\c:\vdppd.exec:\vdppd.exe82⤵
-
\??\c:\9vppj.exec:\9vppj.exe83⤵
-
\??\c:\9fxllxr.exec:\9fxllxr.exe84⤵
-
\??\c:\hbnnnt.exec:\hbnnnt.exe85⤵
-
\??\c:\pvjdv.exec:\pvjdv.exe86⤵
-
\??\c:\jjjdj.exec:\jjjdj.exe87⤵
-
\??\c:\lrxxffl.exec:\lrxxffl.exe88⤵
-
\??\c:\bnbntt.exec:\bnbntt.exe89⤵
-
\??\c:\vpjjd.exec:\vpjjd.exe90⤵
-
\??\c:\rffflfl.exec:\rffflfl.exe91⤵
-
\??\c:\frfrrrx.exec:\frfrrrx.exe92⤵
-
\??\c:\7jvjv.exec:\7jvjv.exe93⤵
-
\??\c:\lllrlfl.exec:\lllrlfl.exe94⤵
-
\??\c:\jpddp.exec:\jpddp.exe95⤵
-
\??\c:\llxfxff.exec:\llxfxff.exe96⤵
-
\??\c:\pppjp.exec:\pppjp.exe97⤵
-
\??\c:\bhbnbb.exec:\bhbnbb.exe98⤵
-
\??\c:\pdvvv.exec:\pdvvv.exe99⤵
-
\??\c:\nhttnn.exec:\nhttnn.exe100⤵
-
\??\c:\ddjpv.exec:\ddjpv.exe101⤵
-
\??\c:\xrrflrl.exec:\xrrflrl.exe102⤵
-
\??\c:\hnhnnh.exec:\hnhnnh.exe103⤵
-
\??\c:\pdvjv.exec:\pdvjv.exe104⤵
-
\??\c:\lrlrxxr.exec:\lrlrxxr.exe105⤵
-
\??\c:\nthbbh.exec:\nthbbh.exe106⤵
-
\??\c:\bthnth.exec:\bthnth.exe107⤵
-
\??\c:\dppjj.exec:\dppjj.exe108⤵
-
\??\c:\xffrrll.exec:\xffrrll.exe109⤵
-
\??\c:\9nhbhh.exec:\9nhbhh.exe110⤵
-
\??\c:\jvjpd.exec:\jvjpd.exe111⤵
-
\??\c:\lllrxfl.exec:\lllrxfl.exe112⤵
-
\??\c:\bbnhtb.exec:\bbnhtb.exe113⤵
-
\??\c:\dvdpj.exec:\dvdpj.exe114⤵
-
\??\c:\pvjjj.exec:\pvjjj.exe115⤵
-
\??\c:\bnhhbh.exec:\bnhhbh.exe116⤵
-
\??\c:\1nbhhb.exec:\1nbhhb.exe117⤵
-
\??\c:\dpddj.exec:\dpddj.exe118⤵
-
\??\c:\9hhbtt.exec:\9hhbtt.exe119⤵
-
\??\c:\vdvjp.exec:\vdvjp.exe120⤵
-
\??\c:\tnnbht.exec:\tnnbht.exe121⤵
-
\??\c:\hhtbnb.exec:\hhtbnb.exe122⤵
-
\??\c:\pddjj.exec:\pddjj.exe123⤵
-
\??\c:\rflxxxl.exec:\rflxxxl.exe124⤵
-
\??\c:\vpvdv.exec:\vpvdv.exe125⤵
-
\??\c:\rflxrrf.exec:\rflxrrf.exe126⤵
-
\??\c:\tttnth.exec:\tttnth.exe127⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe128⤵
-
\??\c:\bnbhbb.exec:\bnbhbb.exe129⤵
-
\??\c:\jdvjp.exec:\jdvjp.exe130⤵
-
\??\c:\frffxxl.exec:\frffxxl.exe131⤵
-
\??\c:\hhnttt.exec:\hhnttt.exe132⤵
-
\??\c:\9dvdv.exec:\9dvdv.exe133⤵
-
\??\c:\rxxxfrr.exec:\rxxxfrr.exe134⤵
-
\??\c:\djdjj.exec:\djdjj.exe135⤵
-
\??\c:\bhttbb.exec:\bhttbb.exe136⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe137⤵
-
\??\c:\9flrlff.exec:\9flrlff.exe138⤵
-
\??\c:\tntbbt.exec:\tntbbt.exe139⤵
-
\??\c:\djvvd.exec:\djvvd.exe140⤵
-
\??\c:\tthtbt.exec:\tthtbt.exe141⤵
-
\??\c:\hnnntn.exec:\hnnntn.exe142⤵
-
\??\c:\dpjjp.exec:\dpjjp.exe143⤵
-
\??\c:\xxllfrf.exec:\xxllfrf.exe144⤵
-
\??\c:\1pddj.exec:\1pddj.exe145⤵
-
\??\c:\fxlfrfr.exec:\fxlfrfr.exe146⤵
-
\??\c:\thbtbt.exec:\thbtbt.exe147⤵
-
\??\c:\3jppp.exec:\3jppp.exe148⤵
-
\??\c:\lrrlxrx.exec:\lrrlxrx.exe149⤵
-
\??\c:\5pppj.exec:\5pppj.exe150⤵
-
\??\c:\lrlrfff.exec:\lrlrfff.exe151⤵
-
\??\c:\btnnnh.exec:\btnnnh.exe152⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe153⤵
-
\??\c:\7xxflxx.exec:\7xxflxx.exe154⤵
-
\??\c:\3hbtbb.exec:\3hbtbb.exe155⤵
-
\??\c:\rxxxfxx.exec:\rxxxfxx.exe156⤵
-
\??\c:\bbbhth.exec:\bbbhth.exe157⤵
- System Location Discovery: System Language Discovery
-
\??\c:\3bhthn.exec:\3bhthn.exe158⤵
-
\??\c:\pvdpp.exec:\pvdpp.exe159⤵
-
\??\c:\lrfflxr.exec:\lrfflxr.exe160⤵
-
\??\c:\bhtttt.exec:\bhtttt.exe161⤵
-
\??\c:\5vjjv.exec:\5vjjv.exe162⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe163⤵
-
\??\c:\rrlxrrf.exec:\rrlxrrf.exe164⤵
-
\??\c:\tbbtbn.exec:\tbbtbn.exe165⤵
-
\??\c:\ppjvv.exec:\ppjvv.exe166⤵
-
\??\c:\lrrrrfl.exec:\lrrrrfl.exe167⤵
-
\??\c:\rffxrxf.exec:\rffxrxf.exe168⤵
-
\??\c:\jpjdj.exec:\jpjdj.exe169⤵
-
\??\c:\btntnb.exec:\btntnb.exe170⤵
-
\??\c:\jjpdp.exec:\jjpdp.exe171⤵
-
\??\c:\djvpp.exec:\djvpp.exe172⤵
- System Location Discovery: System Language Discovery
-
\??\c:\9xrfffx.exec:\9xrfffx.exe173⤵
-
\??\c:\htnnbn.exec:\htnnbn.exe174⤵
-
\??\c:\bnntnn.exec:\bnntnn.exe175⤵
-
\??\c:\pdvjp.exec:\pdvjp.exe176⤵
-
\??\c:\xrffrll.exec:\xrffrll.exe177⤵
-
\??\c:\thhbnn.exec:\thhbnn.exe178⤵
-
\??\c:\djvvd.exec:\djvvd.exe179⤵
-
\??\c:\flrfrrl.exec:\flrfrrl.exe180⤵
-
\??\c:\frflfrf.exec:\frflfrf.exe181⤵
-
\??\c:\tnbtbb.exec:\tnbtbb.exe182⤵
-
\??\c:\ddvjp.exec:\ddvjp.exe183⤵
-
\??\c:\llxxflr.exec:\llxxflr.exe184⤵
-
\??\c:\bhbtnn.exec:\bhbtnn.exe185⤵
-
\??\c:\xxlfflx.exec:\xxlfflx.exe186⤵
-
\??\c:\nntbnn.exec:\nntbnn.exe187⤵
-
\??\c:\jvjjv.exec:\jvjjv.exe188⤵
-
\??\c:\ppjpv.exec:\ppjpv.exe189⤵
-
\??\c:\bbtntb.exec:\bbtntb.exe190⤵
- System Location Discovery: System Language Discovery
-
\??\c:\3bbnth.exec:\3bbnth.exe191⤵
-
\??\c:\9pddd.exec:\9pddd.exe192⤵
-
\??\c:\5lfxflx.exec:\5lfxflx.exe193⤵
-
\??\c:\xlflxxr.exec:\xlflxxr.exe194⤵
-
\??\c:\bnbbnb.exec:\bnbbnb.exe195⤵
-
\??\c:\ppdjp.exec:\ppdjp.exe196⤵
-
\??\c:\flrrxxf.exec:\flrrxxf.exe197⤵
-
\??\c:\hnbhnn.exec:\hnbhnn.exe198⤵
-
\??\c:\thtthh.exec:\thtthh.exe199⤵
-
\??\c:\pvvjp.exec:\pvvjp.exe200⤵
-
\??\c:\xlffrxl.exec:\xlffrxl.exe201⤵
-
\??\c:\htnbhn.exec:\htnbhn.exe202⤵
-
\??\c:\pdpvv.exec:\pdpvv.exe203⤵
-
\??\c:\rrxfrfx.exec:\rrxfrfx.exe204⤵
-
\??\c:\lxllxrr.exec:\lxllxrr.exe205⤵
-
\??\c:\bnbtbb.exec:\bnbtbb.exe206⤵
-
\??\c:\pjvpd.exec:\pjvpd.exe207⤵
-
\??\c:\frlrxlx.exec:\frlrxlx.exe208⤵
-
\??\c:\htntnt.exec:\htntnt.exe209⤵
-
\??\c:\jvpvj.exec:\jvpvj.exe210⤵
-
\??\c:\fxfxfff.exec:\fxfxfff.exe211⤵
-
\??\c:\tbtnbt.exec:\tbtnbt.exe212⤵
-
\??\c:\nbtthb.exec:\nbtthb.exe213⤵
-
\??\c:\tthbnn.exec:\tthbnn.exe214⤵
-
\??\c:\pvddj.exec:\pvddj.exe215⤵
-
\??\c:\dddjj.exec:\dddjj.exe216⤵
-
\??\c:\xrffrff.exec:\xrffrff.exe217⤵
-
\??\c:\hhhnbh.exec:\hhhnbh.exe218⤵
-
\??\c:\dddvp.exec:\dddvp.exe219⤵
-
\??\c:\lxfxllr.exec:\lxfxllr.exe220⤵
-
\??\c:\xxxxlxl.exec:\xxxxlxl.exe221⤵
-
\??\c:\nthbnn.exec:\nthbnn.exe222⤵
-
\??\c:\1jjpp.exec:\1jjpp.exe223⤵
-
\??\c:\3vddp.exec:\3vddp.exe224⤵
-
\??\c:\3xlfrrr.exec:\3xlfrrr.exe225⤵
-
\??\c:\htbbhn.exec:\htbbhn.exe226⤵
-
\??\c:\nhhhbb.exec:\nhhhbb.exe227⤵
-
\??\c:\dpdjv.exec:\dpdjv.exe228⤵
-
\??\c:\xfrrrfx.exec:\xfrrrfx.exe229⤵
-
\??\c:\frflrxf.exec:\frflrxf.exe230⤵
-
\??\c:\hntbbb.exec:\hntbbb.exe231⤵
-
\??\c:\djjpd.exec:\djjpd.exe232⤵
-
\??\c:\3djpv.exec:\3djpv.exe233⤵
-
\??\c:\fxrlrrx.exec:\fxrlrrx.exe234⤵
-
\??\c:\bntnbh.exec:\bntnbh.exe235⤵
-
\??\c:\vjdjp.exec:\vjdjp.exe236⤵
-
\??\c:\xrxfflx.exec:\xrxfflx.exe237⤵
-
\??\c:\xxxllfl.exec:\xxxllfl.exe238⤵
-
\??\c:\nbnhnn.exec:\nbnhnn.exe239⤵
-
\??\c:\ppvjj.exec:\ppvjj.exe240⤵
-
\??\c:\jvjjv.exec:\jvjjv.exe241⤵