Analysis
-
max time kernel
120s -
max time network
20s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
27-07-2024 04:52
General
-
Target
93b61e568b02cf9dfc98bf093f145070N.exe
-
Size
99KB
-
MD5
93b61e568b02cf9dfc98bf093f145070
-
SHA1
80942c4dffa97eb852ab7c007794e8bac1e6d437
-
SHA256
7cc8220dce886c23c0402608c3b0eb6f45600afaa7aa30a7353e0571357c7a10
-
SHA512
a2c69cbbf3d3cc1dc919b2ba8815d8b12ca15788e11b163194d61576fdc4cbaa2a3216d01f61d7e0d0de5c30540436c6764918694e00040304e4cf160f902eb8
-
SSDEEP
3072:khOmTsF93UYfwC6GIoutpYcvrqrE6ddWR:kcm4FmowdHoSphra/6
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 50 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\93b61e568b02cf9dfc98bf093f145070N.exe"C:\Users\Admin\AppData\Local\Temp\93b61e568b02cf9dfc98bf093f145070N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lbdhj.exec:\lbdhj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddnxpp.exec:\ddnxpp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlplp.exec:\xlplp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xpnxld.exec:\xpnxld.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jrlljvx.exec:\jrlljvx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lltdtl.exec:\lltdtl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnvxjj.exec:\tnvxjj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbbdj.exec:\tbbbdj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbxlp.exec:\hnbxlp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nlfjl.exec:\nlfjl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvnfd.exec:\pvnfd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bxbph.exec:\bxbph.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thlfnx.exec:\thlfnx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nxlvdjx.exec:\nxlvdjx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hlblhn.exec:\hlblhn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vttlvtx.exec:\vttlvtx.exe17⤵
- Executes dropped EXE
-
\??\c:\hxlhbh.exec:\hxlhbh.exe18⤵
- Executes dropped EXE
-
\??\c:\fhxbvlf.exec:\fhxbvlf.exe19⤵
- Executes dropped EXE
-
\??\c:\tfrfj.exec:\tfrfj.exe20⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\pplnx.exec:\pplnx.exe21⤵
- Executes dropped EXE
-
\??\c:\pbjtnj.exec:\pbjtnj.exe22⤵
- Executes dropped EXE
-
\??\c:\lnhjrf.exec:\lnhjrf.exe23⤵
- Executes dropped EXE
-
\??\c:\xptdjhv.exec:\xptdjhv.exe24⤵
- Executes dropped EXE
-
\??\c:\vrnfl.exec:\vrnfl.exe25⤵
- Executes dropped EXE
-
\??\c:\xhpvl.exec:\xhpvl.exe26⤵
- Executes dropped EXE
-
\??\c:\bjxvjld.exec:\bjxvjld.exe27⤵
- Executes dropped EXE
-
\??\c:\bxtfljf.exec:\bxtfljf.exe28⤵
- Executes dropped EXE
-
\??\c:\dptbjhx.exec:\dptbjhx.exe29⤵
- Executes dropped EXE
-
\??\c:\drrhjnl.exec:\drrhjnl.exe30⤵
- Executes dropped EXE
-
\??\c:\hjfvfp.exec:\hjfvfp.exe31⤵
- Executes dropped EXE
-
\??\c:\bphbx.exec:\bphbx.exe32⤵
- Executes dropped EXE
-
\??\c:\rntvd.exec:\rntvd.exe33⤵
- Executes dropped EXE
-
\??\c:\fxldfnr.exec:\fxldfnr.exe34⤵
- Executes dropped EXE
-
\??\c:\vlrdth.exec:\vlrdth.exe35⤵
- Executes dropped EXE
-
\??\c:\tptnr.exec:\tptnr.exe36⤵
- Executes dropped EXE
-
\??\c:\xjpnrtv.exec:\xjpnrtv.exe37⤵
- Executes dropped EXE
-
\??\c:\jvdlhvt.exec:\jvdlhvt.exe38⤵
- Executes dropped EXE
-
\??\c:\tllrpx.exec:\tllrpx.exe39⤵
- Executes dropped EXE
-
\??\c:\xrlxxph.exec:\xrlxxph.exe40⤵
- Executes dropped EXE
-
\??\c:\xhjllf.exec:\xhjllf.exe41⤵
- Executes dropped EXE
-
\??\c:\xdldl.exec:\xdldl.exe42⤵
- Executes dropped EXE
-
\??\c:\rxfdx.exec:\rxfdx.exe43⤵
- Executes dropped EXE
-
\??\c:\nndxrnj.exec:\nndxrnj.exe44⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\nrxtjf.exec:\nrxtjf.exe45⤵
- Executes dropped EXE
-
\??\c:\dxjrtbp.exec:\dxjrtbp.exe46⤵
- Executes dropped EXE
-
\??\c:\fxprhnb.exec:\fxprhnb.exe47⤵
- Executes dropped EXE
-
\??\c:\rpddn.exec:\rpddn.exe48⤵
- Executes dropped EXE
-
\??\c:\hxhhxdn.exec:\hxhhxdn.exe49⤵
- Executes dropped EXE
-
\??\c:\vlbltrx.exec:\vlbltrx.exe50⤵
- Executes dropped EXE
-
\??\c:\vvhtnr.exec:\vvhtnr.exe51⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\vjhjpll.exec:\vjhjpll.exe52⤵
- Executes dropped EXE
-
\??\c:\jfxbtnx.exec:\jfxbtnx.exe53⤵
- Executes dropped EXE
-
\??\c:\rbvjpr.exec:\rbvjpr.exe54⤵
- Executes dropped EXE
-
\??\c:\rdxbhj.exec:\rdxbhj.exe55⤵
- Executes dropped EXE
-
\??\c:\pfprlxf.exec:\pfprlxf.exe56⤵
- Executes dropped EXE
-
\??\c:\ftbtlp.exec:\ftbtlp.exe57⤵
- Executes dropped EXE
-
\??\c:\xnxvdr.exec:\xnxvdr.exe58⤵
- Executes dropped EXE
-
\??\c:\dnbblh.exec:\dnbblh.exe59⤵
- Executes dropped EXE
-
\??\c:\rpxvf.exec:\rpxvf.exe60⤵
- Executes dropped EXE
-
\??\c:\hdrfxtv.exec:\hdrfxtv.exe61⤵
- Executes dropped EXE
-
\??\c:\hnxhfnh.exec:\hnxhfnh.exe62⤵
- Executes dropped EXE
-
\??\c:\bpdlpx.exec:\bpdlpx.exe63⤵
- Executes dropped EXE
-
\??\c:\xfpvxn.exec:\xfpvxn.exe64⤵
- Executes dropped EXE
-
\??\c:\rjjjhx.exec:\rjjjhx.exe65⤵
- Executes dropped EXE
-
\??\c:\pvdvdpp.exec:\pvdvdpp.exe66⤵
-
\??\c:\thxrdrl.exec:\thxrdrl.exe67⤵
-
\??\c:\fhfpfpn.exec:\fhfpfpn.exe68⤵
-
\??\c:\jhpdbh.exec:\jhpdbh.exe69⤵
-
\??\c:\hrffp.exec:\hrffp.exe70⤵
-
\??\c:\pxlft.exec:\pxlft.exe71⤵
-
\??\c:\xxhxjlb.exec:\xxhxjlb.exe72⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jltpjl.exec:\jltpjl.exe73⤵
-
\??\c:\xjlfjr.exec:\xjlfjr.exe74⤵
-
\??\c:\lxpldpn.exec:\lxpldpn.exe75⤵
-
\??\c:\bbpxr.exec:\bbpxr.exe76⤵
-
\??\c:\dpjpr.exec:\dpjpr.exe77⤵
-
\??\c:\rptvlv.exec:\rptvlv.exe78⤵
-
\??\c:\nfbjd.exec:\nfbjd.exe79⤵
-
\??\c:\vhbbf.exec:\vhbbf.exe80⤵
-
\??\c:\nprxff.exec:\nprxff.exe81⤵
-
\??\c:\dvpvht.exec:\dvpvht.exe82⤵
-
\??\c:\pnftltx.exec:\pnftltx.exe83⤵
-
\??\c:\frvrfbt.exec:\frvrfbt.exe84⤵
-
\??\c:\lblrl.exec:\lblrl.exe85⤵
-
\??\c:\jvfljt.exec:\jvfljt.exe86⤵
-
\??\c:\hjtvr.exec:\hjtvr.exe87⤵
-
\??\c:\nfhrf.exec:\nfhrf.exe88⤵
-
\??\c:\vhxtfxl.exec:\vhxtfxl.exe89⤵
-
\??\c:\hlpndb.exec:\hlpndb.exe90⤵
-
\??\c:\pnxxh.exec:\pnxxh.exe91⤵
-
\??\c:\txxhlh.exec:\txxhlh.exe92⤵
-
\??\c:\lxxpbr.exec:\lxxpbr.exe93⤵
-
\??\c:\lxnphvd.exec:\lxnphvd.exe94⤵
-
\??\c:\jltxtp.exec:\jltxtp.exe95⤵
-
\??\c:\lppph.exec:\lppph.exe96⤵
-
\??\c:\rvtfj.exec:\rvtfj.exe97⤵
-
\??\c:\dthlvvf.exec:\dthlvvf.exe98⤵
-
\??\c:\pvjdfpn.exec:\pvjdfpn.exe99⤵
-
\??\c:\hnnft.exec:\hnnft.exe100⤵
-
\??\c:\vbvlx.exec:\vbvlx.exe101⤵
-
\??\c:\jbtdbpb.exec:\jbtdbpb.exe102⤵
-
\??\c:\rhfhjj.exec:\rhfhjj.exe103⤵
-
\??\c:\ppblph.exec:\ppblph.exe104⤵
-
\??\c:\hdrddhp.exec:\hdrddhp.exe105⤵
-
\??\c:\ddjjjtx.exec:\ddjjjtx.exe106⤵
-
\??\c:\tlpvl.exec:\tlpvl.exe107⤵
-
\??\c:\thrtdbt.exec:\thrtdbt.exe108⤵
-
\??\c:\fftvh.exec:\fftvh.exe109⤵
-
\??\c:\xdxtb.exec:\xdxtb.exe110⤵
- System Location Discovery: System Language Discovery
-
\??\c:\tjbptr.exec:\tjbptr.exe111⤵
-
\??\c:\dlnpbn.exec:\dlnpbn.exe112⤵
-
\??\c:\hldfv.exec:\hldfv.exe113⤵
-
\??\c:\fxhvl.exec:\fxhvl.exe114⤵
-
\??\c:\fxbnxv.exec:\fxbnxv.exe115⤵
-
\??\c:\lpbtttb.exec:\lpbtttb.exe116⤵
-
\??\c:\bxxjl.exec:\bxxjl.exe117⤵
-
\??\c:\bpfjd.exec:\bpfjd.exe118⤵
-
\??\c:\jjlhppl.exec:\jjlhppl.exe119⤵
-
\??\c:\ndbfnfx.exec:\ndbfnfx.exe120⤵
-
\??\c:\jddhllr.exec:\jddhllr.exe121⤵
-
\??\c:\fllpxh.exec:\fllpxh.exe122⤵
-
\??\c:\pbptjpd.exec:\pbptjpd.exe123⤵
-
\??\c:\vjdbx.exec:\vjdbx.exe124⤵
-
\??\c:\hrlfb.exec:\hrlfb.exe125⤵
-
\??\c:\npfjr.exec:\npfjr.exe126⤵
-
\??\c:\rtvtt.exec:\rtvtt.exe127⤵
-
\??\c:\hdtfjh.exec:\hdtfjh.exe128⤵
-
\??\c:\dhppr.exec:\dhppr.exe129⤵
-
\??\c:\nthrhpx.exec:\nthrhpx.exe130⤵
-
\??\c:\nhnfjj.exec:\nhnfjj.exe131⤵
-
\??\c:\htbxdj.exec:\htbxdj.exe132⤵
-
\??\c:\fpbbfr.exec:\fpbbfr.exe133⤵
-
\??\c:\xdxvjvh.exec:\xdxvjvh.exe134⤵
-
\??\c:\dnhrr.exec:\dnhrr.exe135⤵
-
\??\c:\jnhffh.exec:\jnhffh.exe136⤵
-
\??\c:\llvddjn.exec:\llvddjn.exe137⤵
-
\??\c:\jnhxttr.exec:\jnhxttr.exe138⤵
-
\??\c:\vfjttp.exec:\vfjttp.exe139⤵
-
\??\c:\dxxdl.exec:\dxxdl.exe140⤵
-
\??\c:\hbnjp.exec:\hbnjp.exe141⤵
-
\??\c:\xltlhr.exec:\xltlhr.exe142⤵
-
\??\c:\frxlx.exec:\frxlx.exe143⤵
-
\??\c:\lhlpvnj.exec:\lhlpvnj.exe144⤵
-
\??\c:\jvbbhb.exec:\jvbbhb.exe145⤵
-
\??\c:\fppvnlv.exec:\fppvnlv.exe146⤵
- System Location Discovery: System Language Discovery
-
\??\c:\dpvpvx.exec:\dpvpvx.exe147⤵
-
\??\c:\xxxtb.exec:\xxxtb.exe148⤵
-
\??\c:\tdrntp.exec:\tdrntp.exe149⤵
-
\??\c:\dxhttv.exec:\dxhttv.exe150⤵
-
\??\c:\bbhnj.exec:\bbhnj.exe151⤵
-
\??\c:\thflth.exec:\thflth.exe152⤵
-
\??\c:\bfdfpd.exec:\bfdfpd.exe153⤵
-
\??\c:\frvbxll.exec:\frvbxll.exe154⤵
-
\??\c:\fhhtdbh.exec:\fhhtdbh.exe155⤵
-
\??\c:\bbjpdlb.exec:\bbjpdlb.exe156⤵
-
\??\c:\ttbxph.exec:\ttbxph.exe157⤵
-
\??\c:\phttj.exec:\phttj.exe158⤵
-
\??\c:\hrxxttx.exec:\hrxxttx.exe159⤵
-
\??\c:\xdrxvjr.exec:\xdrxvjr.exe160⤵
-
\??\c:\xjvnj.exec:\xjvnj.exe161⤵
-
\??\c:\dpnrtt.exec:\dpnrtt.exe162⤵
-
\??\c:\jxxxd.exec:\jxxxd.exe163⤵
-
\??\c:\ndhlx.exec:\ndhlx.exe164⤵
-
\??\c:\njfhp.exec:\njfhp.exe165⤵
-
\??\c:\lddnjb.exec:\lddnjb.exe166⤵
-
\??\c:\tlbnndn.exec:\tlbnndn.exe167⤵
-
\??\c:\pxnnl.exec:\pxnnl.exe168⤵
-
\??\c:\fhffxvp.exec:\fhffxvp.exe169⤵
-
\??\c:\pfbpbl.exec:\pfbpbl.exe170⤵
-
\??\c:\phpttp.exec:\phpttp.exe171⤵
-
\??\c:\hfrpv.exec:\hfrpv.exe172⤵
-
\??\c:\tdhbtjx.exec:\tdhbtjx.exe173⤵
-
\??\c:\nxjdnbx.exec:\nxjdnbx.exe174⤵
-
\??\c:\fpjjfbl.exec:\fpjjfbl.exe175⤵
-
\??\c:\nvltn.exec:\nvltn.exe176⤵
-
\??\c:\rdltx.exec:\rdltx.exe177⤵
-
\??\c:\nnvrxv.exec:\nnvrxv.exe178⤵
-
\??\c:\rhjtfrt.exec:\rhjtfrt.exe179⤵
-
\??\c:\ntpfn.exec:\ntpfn.exe180⤵
-
\??\c:\dplltfl.exec:\dplltfl.exe181⤵
- System Location Discovery: System Language Discovery
-
\??\c:\bxxbt.exec:\bxxbt.exe182⤵
-
\??\c:\jrlpfhj.exec:\jrlpfhj.exe183⤵
-
\??\c:\prvtv.exec:\prvtv.exe184⤵
-
\??\c:\blbbf.exec:\blbbf.exe185⤵
-
\??\c:\njxfxnx.exec:\njxfxnx.exe186⤵
-
\??\c:\hlrfvrr.exec:\hlrfvrr.exe187⤵
- System Location Discovery: System Language Discovery
-
\??\c:\lvhpxfh.exec:\lvhpxfh.exe188⤵
-
\??\c:\bxljn.exec:\bxljn.exe189⤵
-
\??\c:\rjnnpt.exec:\rjnnpt.exe190⤵
-
\??\c:\npxbd.exec:\npxbd.exe191⤵
-
\??\c:\btfvj.exec:\btfvj.exe192⤵
-
\??\c:\jxtjn.exec:\jxtjn.exe193⤵
-
\??\c:\xhpbnxf.exec:\xhpbnxf.exe194⤵
-
\??\c:\pjtdxx.exec:\pjtdxx.exe195⤵
-
\??\c:\htbvlhj.exec:\htbvlhj.exe196⤵
-
\??\c:\thpvrx.exec:\thpvrx.exe197⤵
-
\??\c:\htxrlv.exec:\htxrlv.exe198⤵
-
\??\c:\xhxvj.exec:\xhxvj.exe199⤵
-
\??\c:\vbpbll.exec:\vbpbll.exe200⤵
- System Location Discovery: System Language Discovery
-
\??\c:\htlfxj.exec:\htlfxj.exe201⤵
-
\??\c:\lhjphnp.exec:\lhjphnp.exe202⤵
- System Location Discovery: System Language Discovery
-
\??\c:\bnhfdb.exec:\bnhfdb.exe203⤵
-
\??\c:\hllhllv.exec:\hllhllv.exe204⤵
-
\??\c:\pnhbdlb.exec:\pnhbdlb.exe205⤵
-
\??\c:\prpvdr.exec:\prpvdr.exe206⤵
-
\??\c:\fnvjljh.exec:\fnvjljh.exe207⤵
-
\??\c:\fvrfdpn.exec:\fvrfdpn.exe208⤵
-
\??\c:\dtlxfbt.exec:\dtlxfbt.exe209⤵
-
\??\c:\xpffdf.exec:\xpffdf.exe210⤵
-
\??\c:\hjphjvr.exec:\hjphjvr.exe211⤵
-
\??\c:\tnnvf.exec:\tnnvf.exe212⤵
-
\??\c:\xxxpvbv.exec:\xxxpvbv.exe213⤵
-
\??\c:\fdtpjf.exec:\fdtpjf.exe214⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ddlhft.exec:\ddlhft.exe215⤵
-
\??\c:\jbnhtvr.exec:\jbnhtvr.exe216⤵
-
\??\c:\nbjjdv.exec:\nbjjdv.exe217⤵
-
\??\c:\prrvdn.exec:\prrvdn.exe218⤵
-
\??\c:\xxndpfn.exec:\xxndpfn.exe219⤵
-
\??\c:\xrlldnh.exec:\xrlldnh.exe220⤵
-
\??\c:\xfpdtjf.exec:\xfpdtjf.exe221⤵
-
\??\c:\hvvjdth.exec:\hvvjdth.exe222⤵
-
\??\c:\tjhnjv.exec:\tjhnjv.exe223⤵
-
\??\c:\xnxhxp.exec:\xnxhxp.exe224⤵
-
\??\c:\bndpvbb.exec:\bndpvbb.exe225⤵
-
\??\c:\pffdrj.exec:\pffdrj.exe226⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pvrxd.exec:\pvrxd.exe227⤵
-
\??\c:\rfnlb.exec:\rfnlb.exe228⤵
-
\??\c:\brtxvrd.exec:\brtxvrd.exe229⤵
-
\??\c:\btflpp.exec:\btflpp.exe230⤵
-
\??\c:\rphjd.exec:\rphjd.exe231⤵
-
\??\c:\pbndjr.exec:\pbndjr.exe232⤵
-
\??\c:\tfxvpt.exec:\tfxvpt.exe233⤵
-
\??\c:\pvxvrnr.exec:\pvxvrnr.exe234⤵
-
\??\c:\pphxnhd.exec:\pphxnhd.exe235⤵
-
\??\c:\lpllvpd.exec:\lpllvpd.exe236⤵
-
\??\c:\llrflrp.exec:\llrflrp.exe237⤵
-
\??\c:\xdbnnlf.exec:\xdbnnlf.exe238⤵
-
\??\c:\lxnhxtd.exec:\lxnhxtd.exe239⤵
-
\??\c:\thrnnp.exec:\thrnnp.exe240⤵
-
\??\c:\phdthtp.exec:\phdthtp.exe241⤵