Analysis
-
max time kernel
42s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
27-07-2024 10:51
General
-
Target
b95ebc1b86cb45a213fbbe9f78281de0N.exe
-
Size
63KB
-
MD5
b95ebc1b86cb45a213fbbe9f78281de0
-
SHA1
239fc0b394a7b583540630faac0e90790baae6b8
-
SHA256
dd2d000dda50545eff0d74159bf1506917ea19173b11184abe4140050881e083
-
SHA512
f01fe2150d01f390fbb081a8550b8bbb75383c9f9d85f11d160b1d1401f18cde4464824b4fcbc4407ff69913c9911462308b998d14c2132d9115140499a0c389
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzkzN+:ymb3NkkiQ3mdBjFIvlp+
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b95ebc1b86cb45a213fbbe9f78281de0N.exe"C:\Users\Admin\AppData\Local\Temp\b95ebc1b86cb45a213fbbe9f78281de0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfxlll.exec:\rrfxlll.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4026860.exec:\4026860.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\62808.exec:\62808.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\242660.exec:\242660.exe5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrffxx.exec:\rrrffxx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjjd.exec:\jjjjd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpd.exec:\jvvpd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\66686.exec:\66686.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\68424.exec:\68424.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\66228.exec:\66228.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\22666.exec:\22666.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnhnt.exec:\bhnhnt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e46682.exec:\e46682.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lllxxf.exec:\1lllxxf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2226200.exec:\2226200.exe16⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\06868.exec:\06868.exe17⤵
- Executes dropped EXE
-
\??\c:\064260.exec:\064260.exe18⤵
- Executes dropped EXE
-
\??\c:\pjdvv.exec:\pjdvv.exe19⤵
- Executes dropped EXE
-
\??\c:\xflrxxl.exec:\xflrxxl.exe20⤵
- Executes dropped EXE
-
\??\c:\i606408.exec:\i606408.exe21⤵
- Executes dropped EXE
-
\??\c:\vddjd.exec:\vddjd.exe22⤵
- Executes dropped EXE
-
\??\c:\hbbhtb.exec:\hbbhtb.exe23⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\2846020.exec:\2846020.exe24⤵
- Executes dropped EXE
-
\??\c:\jvjvj.exec:\jvjvj.exe25⤵
- Executes dropped EXE
-
\??\c:\244802.exec:\244802.exe26⤵
- Executes dropped EXE
-
\??\c:\ffxxlff.exec:\ffxxlff.exe27⤵
- Executes dropped EXE
-
\??\c:\1bbbhn.exec:\1bbbhn.exe28⤵
- Executes dropped EXE
-
\??\c:\882682.exec:\882682.exe29⤵
- Executes dropped EXE
-
\??\c:\htnbtn.exec:\htnbtn.exe30⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rlrlrxx.exec:\rlrlrxx.exe31⤵
- Executes dropped EXE
-
\??\c:\ppjjp.exec:\ppjjp.exe32⤵
- Executes dropped EXE
-
\??\c:\4020046.exec:\4020046.exe33⤵
- Executes dropped EXE
-
\??\c:\8004082.exec:\8004082.exe34⤵
- Executes dropped EXE
-
\??\c:\24602.exec:\24602.exe35⤵
- Executes dropped EXE
-
\??\c:\thntht.exec:\thntht.exe36⤵
- Executes dropped EXE
-
\??\c:\bbbbbn.exec:\bbbbbn.exe37⤵
- Executes dropped EXE
-
\??\c:\rrrfxlx.exec:\rrrfxlx.exe38⤵
- Executes dropped EXE
-
\??\c:\nhtthb.exec:\nhtthb.exe39⤵
- Executes dropped EXE
-
\??\c:\u082808.exec:\u082808.exe40⤵
- Executes dropped EXE
-
\??\c:\ddvjv.exec:\ddvjv.exe41⤵
- Executes dropped EXE
-
\??\c:\htnnnb.exec:\htnnnb.exe42⤵
- Executes dropped EXE
-
\??\c:\u206802.exec:\u206802.exe43⤵
- Executes dropped EXE
-
\??\c:\82804.exec:\82804.exe44⤵
- Executes dropped EXE
-
\??\c:\o284684.exec:\o284684.exe45⤵
- Executes dropped EXE
-
\??\c:\ntttht.exec:\ntttht.exe46⤵
- Executes dropped EXE
-
\??\c:\442468.exec:\442468.exe47⤵
- Executes dropped EXE
-
\??\c:\2224624.exec:\2224624.exe48⤵
- Executes dropped EXE
-
\??\c:\xxrfxlr.exec:\xxrfxlr.exe49⤵
- Executes dropped EXE
-
\??\c:\3pdjd.exec:\3pdjd.exe50⤵
- Executes dropped EXE
-
\??\c:\484084.exec:\484084.exe51⤵
- Executes dropped EXE
-
\??\c:\22826.exec:\22826.exe52⤵
- Executes dropped EXE
-
\??\c:\fllfllr.exec:\fllfllr.exe53⤵
- Executes dropped EXE
-
\??\c:\pvdjj.exec:\pvdjj.exe54⤵
- Executes dropped EXE
-
\??\c:\6448088.exec:\6448088.exe55⤵
- Executes dropped EXE
-
\??\c:\6220648.exec:\6220648.exe56⤵
- Executes dropped EXE
-
\??\c:\tbbbtn.exec:\tbbbtn.exe57⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\hthnbh.exec:\hthnbh.exe58⤵
- Executes dropped EXE
-
\??\c:\062220.exec:\062220.exe59⤵
- Executes dropped EXE
-
\??\c:\ththtn.exec:\ththtn.exe60⤵
- Executes dropped EXE
-
\??\c:\228620.exec:\228620.exe61⤵
- Executes dropped EXE
-
\??\c:\28488.exec:\28488.exe62⤵
- Executes dropped EXE
-
\??\c:\6266400.exec:\6266400.exe63⤵
- Executes dropped EXE
-
\??\c:\htbtth.exec:\htbtth.exe64⤵
- Executes dropped EXE
-
\??\c:\06606.exec:\06606.exe65⤵
- Executes dropped EXE
-
\??\c:\604484.exec:\604484.exe66⤵
-
\??\c:\7btbnh.exec:\7btbnh.exe67⤵
- System Location Discovery: System Language Discovery
-
\??\c:\4640088.exec:\4640088.exe68⤵
-
\??\c:\1djjd.exec:\1djjd.exe69⤵
-
\??\c:\24444.exec:\24444.exe70⤵
-
\??\c:\8228286.exec:\8228286.exe71⤵
- System Location Discovery: System Language Discovery
-
\??\c:\22088.exec:\22088.exe72⤵
- System Location Discovery: System Language Discovery
-
\??\c:\622446.exec:\622446.exe73⤵
-
\??\c:\62866.exec:\62866.exe74⤵
- System Location Discovery: System Language Discovery
-
\??\c:\066060.exec:\066060.exe75⤵
-
\??\c:\62206.exec:\62206.exe76⤵
-
\??\c:\08828.exec:\08828.exe77⤵
-
\??\c:\206606.exec:\206606.exe78⤵
-
\??\c:\682080.exec:\682080.exe79⤵
-
\??\c:\6264046.exec:\6264046.exe80⤵
-
\??\c:\7hbnhn.exec:\7hbnhn.exe81⤵
-
\??\c:\84040.exec:\84040.exe82⤵
-
\??\c:\68040.exec:\68040.exe83⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vjdvj.exec:\vjdvj.exe84⤵
- System Location Discovery: System Language Discovery
-
\??\c:\nhbtht.exec:\nhbtht.exe85⤵
-
\??\c:\vpddv.exec:\vpddv.exe86⤵
-
\??\c:\68008.exec:\68008.exe87⤵
-
\??\c:\djjjj.exec:\djjjj.exe88⤵
-
\??\c:\82424.exec:\82424.exe89⤵
-
\??\c:\thnntb.exec:\thnntb.exe90⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ntbhbn.exec:\ntbhbn.exe91⤵
-
\??\c:\w84064.exec:\w84064.exe92⤵
-
\??\c:\tttnhn.exec:\tttnhn.exe93⤵
-
\??\c:\28206.exec:\28206.exe94⤵
-
\??\c:\482846.exec:\482846.exe95⤵
-
\??\c:\tbhnht.exec:\tbhnht.exe96⤵
- System Location Discovery: System Language Discovery
-
\??\c:\bbhntn.exec:\bbhntn.exe97⤵
-
\??\c:\nhbtnt.exec:\nhbtnt.exe98⤵
-
\??\c:\hnhhbt.exec:\hnhhbt.exe99⤵
-
\??\c:\lfrlllr.exec:\lfrlllr.exe100⤵
-
\??\c:\nhhnbh.exec:\nhhnbh.exe101⤵
-
\??\c:\xrlxffl.exec:\xrlxffl.exe102⤵
-
\??\c:\lfrxxlr.exec:\lfrxxlr.exe103⤵
-
\??\c:\pjddp.exec:\pjddp.exe104⤵
-
\??\c:\tnbbht.exec:\tnbbht.exe105⤵
-
\??\c:\6040202.exec:\6040202.exe106⤵
-
\??\c:\jdpvv.exec:\jdpvv.exe107⤵
-
\??\c:\dpvjv.exec:\dpvjv.exe108⤵
-
\??\c:\jpddv.exec:\jpddv.exe109⤵
-
\??\c:\6882826.exec:\6882826.exe110⤵
-
\??\c:\i422402.exec:\i422402.exe111⤵
-
\??\c:\22606.exec:\22606.exe112⤵
- System Location Discovery: System Language Discovery
-
\??\c:\8464822.exec:\8464822.exe113⤵
-
\??\c:\rrxrrlx.exec:\rrxrrlx.exe114⤵
-
\??\c:\240666.exec:\240666.exe115⤵
-
\??\c:\hbnbtt.exec:\hbnbtt.exe116⤵
-
\??\c:\lxffxrf.exec:\lxffxrf.exe117⤵
- System Location Discovery: System Language Discovery
-
\??\c:\040022.exec:\040022.exe118⤵
- System Location Discovery: System Language Discovery
-
\??\c:\thnhnh.exec:\thnhnh.exe119⤵
-
\??\c:\864642.exec:\864642.exe120⤵
-
\??\c:\284226.exec:\284226.exe121⤵
-
\??\c:\thnnnn.exec:\thnnnn.exe122⤵
- System Location Discovery: System Language Discovery
-
\??\c:\222680.exec:\222680.exe123⤵
-
\??\c:\nbbnbt.exec:\nbbnbt.exe124⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vdjjp.exec:\vdjjp.exe125⤵
-
\??\c:\hbbtbn.exec:\hbbtbn.exe126⤵
-
\??\c:\5pvdd.exec:\5pvdd.exe127⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xlrrffx.exec:\xlrrffx.exe128⤵
-
\??\c:\q08886.exec:\q08886.exe129⤵
-
\??\c:\jpddp.exec:\jpddp.exe130⤵
-
\??\c:\44448.exec:\44448.exe131⤵
-
\??\c:\vjvvj.exec:\vjvvj.exe132⤵
-
\??\c:\i406604.exec:\i406604.exe133⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe134⤵
-
\??\c:\xxflllf.exec:\xxflllf.exe135⤵
-
\??\c:\0422286.exec:\0422286.exe136⤵
-
\??\c:\826642.exec:\826642.exe137⤵
-
\??\c:\802288.exec:\802288.exe138⤵
-
\??\c:\206060.exec:\206060.exe139⤵
-
\??\c:\djjjv.exec:\djjjv.exe140⤵
- System Location Discovery: System Language Discovery
-
\??\c:\68040.exec:\68040.exe141⤵
- System Location Discovery: System Language Discovery
-
\??\c:\9jvvv.exec:\9jvvv.exe142⤵
- System Location Discovery: System Language Discovery
-
\??\c:\288888.exec:\288888.exe143⤵
-
\??\c:\8842066.exec:\8842066.exe144⤵
-
\??\c:\4420864.exec:\4420864.exe145⤵
-
\??\c:\3lrxrxl.exec:\3lrxrxl.exe146⤵
-
\??\c:\hnbbnn.exec:\hnbbnn.exe147⤵
-
\??\c:\62444.exec:\62444.exe148⤵
-
\??\c:\4442680.exec:\4442680.exe149⤵
-
\??\c:\pvppp.exec:\pvppp.exe150⤵
-
\??\c:\bnbhnh.exec:\bnbhnh.exe151⤵
-
\??\c:\u880026.exec:\u880026.exe152⤵
-
\??\c:\5lxxffl.exec:\5lxxffl.exe153⤵
-
\??\c:\0686624.exec:\0686624.exe154⤵
-
\??\c:\vddpv.exec:\vddpv.exe155⤵
- System Location Discovery: System Language Discovery
-
\??\c:\5vjjj.exec:\5vjjj.exe156⤵
-
\??\c:\84866.exec:\84866.exe157⤵
-
\??\c:\jvvvp.exec:\jvvvp.exe158⤵
-
\??\c:\2400066.exec:\2400066.exe159⤵
-
\??\c:\840228.exec:\840228.exe160⤵
-
\??\c:\llxrxxl.exec:\llxrxxl.exe161⤵
-
\??\c:\0808420.exec:\0808420.exe162⤵
-
\??\c:\q42062.exec:\q42062.exe163⤵
-
\??\c:\vdjvd.exec:\vdjvd.exe164⤵
-
\??\c:\a8866.exec:\a8866.exe165⤵
-
\??\c:\o220082.exec:\o220082.exe166⤵
- System Location Discovery: System Language Discovery
-
\??\c:\8004422.exec:\8004422.exe167⤵
-
\??\c:\vdjdd.exec:\vdjdd.exe168⤵
-
\??\c:\66084.exec:\66084.exe169⤵
-
\??\c:\3vvpd.exec:\3vvpd.exe170⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jvvvv.exec:\jvvvv.exe171⤵
-
\??\c:\02822.exec:\02822.exe172⤵
-
\??\c:\jvdjd.exec:\jvdjd.exe173⤵
- System Location Discovery: System Language Discovery
-
\??\c:\4048804.exec:\4048804.exe174⤵
-
\??\c:\822802.exec:\822802.exe175⤵
-
\??\c:\6226640.exec:\6226640.exe176⤵
-
\??\c:\88862.exec:\88862.exe177⤵
-
\??\c:\886622.exec:\886622.exe178⤵
-
\??\c:\rlrrxll.exec:\rlrrxll.exe179⤵
-
\??\c:\2264082.exec:\2264082.exe180⤵
- System Location Discovery: System Language Discovery
-
\??\c:\266008.exec:\266008.exe181⤵
-
\??\c:\46662.exec:\46662.exe182⤵
-
\??\c:\rxxxffl.exec:\rxxxffl.exe183⤵
- System Location Discovery: System Language Discovery
-
\??\c:\8442204.exec:\8442204.exe184⤵
-
\??\c:\406042.exec:\406042.exe185⤵
-
\??\c:\0042866.exec:\0042866.exe186⤵
-
\??\c:\tbhhth.exec:\tbhhth.exe187⤵
-
\??\c:\nnw428.exec:\nnw428.exe188⤵
-
\??\c:\2448860.exec:\2448860.exe189⤵
-
\??\c:\rfllllr.exec:\rfllllr.exe190⤵
-
\??\c:\thttbt.exec:\thttbt.exe191⤵
-
\??\c:\08488.exec:\08488.exe192⤵
-
\??\c:\lxflxfl.exec:\lxflxfl.exe193⤵
-
\??\c:\xlxfrrx.exec:\xlxfrrx.exe194⤵
-
\??\c:\vjjpj.exec:\vjjpj.exe195⤵
-
\??\c:\62286.exec:\62286.exe196⤵
-
\??\c:\4626048.exec:\4626048.exe197⤵
-
\??\c:\468222.exec:\468222.exe198⤵
-
\??\c:\28204.exec:\28204.exe199⤵
-
\??\c:\vvdpv.exec:\vvdpv.exe200⤵
-
\??\c:\80820.exec:\80820.exe201⤵
- System Location Discovery: System Language Discovery
-
\??\c:\4880826.exec:\4880826.exe202⤵
-
\??\c:\tnhnht.exec:\tnhnht.exe203⤵
-
\??\c:\2882866.exec:\2882866.exe204⤵
-
\??\c:\46622.exec:\46622.exe205⤵
-
\??\c:\e40608.exec:\e40608.exe206⤵
-
\??\c:\hntnnn.exec:\hntnnn.exe207⤵
-
\??\c:\llflflf.exec:\llflflf.exe208⤵
- System Location Discovery: System Language Discovery
-
\??\c:\bbhtth.exec:\bbhtth.exe209⤵
-
\??\c:\hnbnnb.exec:\hnbnnb.exe210⤵
-
\??\c:\0048624.exec:\0048624.exe211⤵
-
\??\c:\xlxlxxx.exec:\xlxlxxx.exe212⤵
- System Location Discovery: System Language Discovery
-
\??\c:\7rrrrlr.exec:\7rrrrlr.exe213⤵
-
\??\c:\06666.exec:\06666.exe214⤵
-
\??\c:\g0648.exec:\g0648.exe215⤵
-
\??\c:\0060042.exec:\0060042.exe216⤵
-
\??\c:\flrlrlx.exec:\flrlrlx.exe217⤵
-
\??\c:\422484.exec:\422484.exe218⤵
-
\??\c:\bbhbnt.exec:\bbhbnt.exe219⤵
-
\??\c:\022042.exec:\022042.exe220⤵
-
\??\c:\88444.exec:\88444.exe221⤵
-
\??\c:\bnbthb.exec:\bnbthb.exe222⤵
-
\??\c:\42042.exec:\42042.exe223⤵
-
\??\c:\44088.exec:\44088.exe224⤵
- System Location Discovery: System Language Discovery
-
\??\c:\9frlxxf.exec:\9frlxxf.exe225⤵
-
\??\c:\3frxllx.exec:\3frxllx.exe226⤵
-
\??\c:\222880.exec:\222880.exe227⤵
-
\??\c:\3ntnnb.exec:\3ntnnb.exe228⤵
-
\??\c:\bbbhtt.exec:\bbbhtt.exe229⤵
-
\??\c:\2644628.exec:\2644628.exe230⤵
-
\??\c:\rxfxxxf.exec:\rxfxxxf.exe231⤵
-
\??\c:\nnnhnh.exec:\nnnhnh.exe232⤵
-
\??\c:\rfrllll.exec:\rfrllll.exe233⤵
-
\??\c:\llffxxl.exec:\llffxxl.exe234⤵
-
\??\c:\djpdp.exec:\djpdp.exe235⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe236⤵
-
\??\c:\404046.exec:\404046.exe237⤵
-
\??\c:\840404.exec:\840404.exe238⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rlfrfxl.exec:\rlfrfxl.exe239⤵
-
\??\c:\0046860.exec:\0046860.exe240⤵
-
\??\c:\rxllflx.exec:\rxllflx.exe241⤵