Analysis
-
max time kernel
120s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
05/08/2024, 07:35
General
-
Target
6632cc628518a78f275422ffd286c250N.exe
-
Size
80KB
-
MD5
6632cc628518a78f275422ffd286c250
-
SHA1
14ffc461c763d7ee10a67431c270a19e75ea92d6
-
SHA256
6cad545e9478a4748b3894c64db71063385e8520633f47884cf4df01a0980aae
-
SHA512
99456111092fe6a5fc70340c8c790ff0ac85ce7f5dafeaa6b323338641538a7f56ff40fdc06d88d8653e09a764da65e3b0c2187f4227734944e94a7a110a4e80
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73t6MlYqn+jMp9tQL:ymb3NkkiQ3mdBjFo73tvn+Yp9tQL
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 38 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6632cc628518a78f275422ffd286c250N.exe"C:\Users\Admin\AppData\Local\Temp\6632cc628518a78f275422ffd286c250N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vfblxb.exec:\vfblxb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxpxnv.exec:\xxpxnv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdnbxf.exec:\vdnbxf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jrdxjhx.exec:\jrdxjhx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dlprrtp.exec:\dlprrtp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnjph.exec:\hnjph.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nrjrjnj.exec:\nrjrjnj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdnnt.exec:\vdnnt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rnvbn.exec:\rnvbn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrdvr.exec:\xrdvr.exe11⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\pblhhr.exec:\pblhhr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hvfvjf.exec:\hvfvjf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjrxb.exec:\vjrxb.exe14⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\drthb.exec:\drthb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfblvdd.exec:\rfblvdd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tvldndh.exec:\tvldndh.exe17⤵
- Executes dropped EXE
-
\??\c:\bvrjdf.exec:\bvrjdf.exe18⤵
- Executes dropped EXE
-
\??\c:\jbnff.exec:\jbnff.exe19⤵
- Executes dropped EXE
-
\??\c:\njpthdh.exec:\njpthdh.exe20⤵
- Executes dropped EXE
-
\??\c:\jnjfxbr.exec:\jnjfxbr.exe21⤵
- Executes dropped EXE
-
\??\c:\xjjvnvv.exec:\xjjvnvv.exe22⤵
- Executes dropped EXE
-
\??\c:\fvfrl.exec:\fvfrl.exe23⤵
- Executes dropped EXE
-
\??\c:\hvhrr.exec:\hvhrr.exe24⤵
- Executes dropped EXE
-
\??\c:\vjjlpd.exec:\vjjlpd.exe25⤵
- Executes dropped EXE
-
\??\c:\bffnb.exec:\bffnb.exe26⤵
- Executes dropped EXE
-
\??\c:\brhrvrb.exec:\brhrvrb.exe27⤵
- Executes dropped EXE
-
\??\c:\jhxpx.exec:\jhxpx.exe28⤵
- Executes dropped EXE
-
\??\c:\pxtvhj.exec:\pxtvhj.exe29⤵
- Executes dropped EXE
-
\??\c:\bjfpt.exec:\bjfpt.exe30⤵
- Executes dropped EXE
-
\??\c:\rtdbjb.exec:\rtdbjb.exe31⤵
- Executes dropped EXE
-
\??\c:\rxrhtb.exec:\rxrhtb.exe32⤵
- Executes dropped EXE
-
\??\c:\jtjvbpb.exec:\jtjvbpb.exe33⤵
- Executes dropped EXE
-
\??\c:\jppxt.exec:\jppxt.exe34⤵
- Executes dropped EXE
-
\??\c:\blblrd.exec:\blblrd.exe35⤵
- Executes dropped EXE
-
\??\c:\vnhbhd.exec:\vnhbhd.exe36⤵
- Executes dropped EXE
-
\??\c:\nlftxtj.exec:\nlftxtj.exe37⤵
- Executes dropped EXE
-
\??\c:\ftdnl.exec:\ftdnl.exe38⤵
- Executes dropped EXE
-
\??\c:\bhrtl.exec:\bhrtl.exe39⤵
- Executes dropped EXE
-
\??\c:\hjxxprr.exec:\hjxxprr.exe40⤵
- Executes dropped EXE
-
\??\c:\lpfpxt.exec:\lpfpxt.exe41⤵
- Executes dropped EXE
-
\??\c:\nlphl.exec:\nlphl.exe42⤵
- Executes dropped EXE
-
\??\c:\xbjxhfb.exec:\xbjxhfb.exe43⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\xdbhn.exec:\xdbhn.exe44⤵
- Executes dropped EXE
-
\??\c:\dfvrbh.exec:\dfvrbh.exe45⤵
- Executes dropped EXE
-
\??\c:\vvlrxbx.exec:\vvlrxbx.exe46⤵
- Executes dropped EXE
-
\??\c:\rnfnb.exec:\rnfnb.exe47⤵
- Executes dropped EXE
-
\??\c:\pnjjn.exec:\pnjjn.exe48⤵
- Executes dropped EXE
-
\??\c:\rfvvp.exec:\rfvvp.exe49⤵
- Executes dropped EXE
-
\??\c:\tnnpnnv.exec:\tnnpnnv.exe50⤵
- Executes dropped EXE
-
\??\c:\bdfnbt.exec:\bdfnbt.exe51⤵
- Executes dropped EXE
-
\??\c:\fxhjjl.exec:\fxhjjl.exe52⤵
- Executes dropped EXE
-
\??\c:\vlhbjh.exec:\vlhbjh.exe53⤵
- Executes dropped EXE
-
\??\c:\dnrrnpp.exec:\dnrrnpp.exe54⤵
- Executes dropped EXE
-
\??\c:\ldjnp.exec:\ldjnp.exe55⤵
- Executes dropped EXE
-
\??\c:\hljrdrf.exec:\hljrdrf.exe56⤵
- Executes dropped EXE
-
\??\c:\rdrvr.exec:\rdrvr.exe57⤵
- Executes dropped EXE
-
\??\c:\jtxjpvh.exec:\jtxjpvh.exe58⤵
- Executes dropped EXE
-
\??\c:\vxfdf.exec:\vxfdf.exe59⤵
- Executes dropped EXE
-
\??\c:\pfbtnhr.exec:\pfbtnhr.exe60⤵
- Executes dropped EXE
-
\??\c:\dlbdflb.exec:\dlbdflb.exe61⤵
- Executes dropped EXE
-
\??\c:\xfvxfh.exec:\xfvxfh.exe62⤵
- Executes dropped EXE
-
\??\c:\lpjfv.exec:\lpjfv.exe63⤵
- Executes dropped EXE
-
\??\c:\fbdbd.exec:\fbdbd.exe64⤵
- Executes dropped EXE
-
\??\c:\bpbtt.exec:\bpbtt.exe65⤵
- Executes dropped EXE
-
\??\c:\lvfphxb.exec:\lvfphxb.exe66⤵
-
\??\c:\rftvxdj.exec:\rftvxdj.exe67⤵
-
\??\c:\tbhjrxr.exec:\tbhjrxr.exe68⤵
-
\??\c:\tlxpxb.exec:\tlxpxb.exe69⤵
-
\??\c:\vjhphrv.exec:\vjhphrv.exe70⤵
-
\??\c:\xlbhjv.exec:\xlbhjv.exe71⤵
-
\??\c:\txvdhjl.exec:\txvdhjl.exe72⤵
-
\??\c:\nhrnd.exec:\nhrnd.exe73⤵
-
\??\c:\jlhpx.exec:\jlhpx.exe74⤵
-
\??\c:\rbbjtf.exec:\rbbjtf.exe75⤵
-
\??\c:\vdjxp.exec:\vdjxp.exe76⤵
-
\??\c:\jdljv.exec:\jdljv.exe77⤵
-
\??\c:\tnpnrdh.exec:\tnpnrdh.exe78⤵
-
\??\c:\npffnh.exec:\npffnh.exe79⤵
-
\??\c:\rxpplj.exec:\rxpplj.exe80⤵
- System Location Discovery: System Language Discovery
-
\??\c:\bbfrx.exec:\bbfrx.exe81⤵
-
\??\c:\ljvrlj.exec:\ljvrlj.exe82⤵
-
\??\c:\xlhlvd.exec:\xlhlvd.exe83⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pvbjvn.exec:\pvbjvn.exe84⤵
-
\??\c:\rtnfpnp.exec:\rtnfpnp.exe85⤵
-
\??\c:\lpxhxt.exec:\lpxhxt.exe86⤵
-
\??\c:\jjttfjb.exec:\jjttfjb.exe87⤵
-
\??\c:\npllxht.exec:\npllxht.exe88⤵
-
\??\c:\hnpdrnx.exec:\hnpdrnx.exe89⤵
-
\??\c:\hnxfj.exec:\hnxfj.exe90⤵
-
\??\c:\jnlxhl.exec:\jnlxhl.exe91⤵
-
\??\c:\rdlxnt.exec:\rdlxnt.exe92⤵
-
\??\c:\hnfxx.exec:\hnfxx.exe93⤵
-
\??\c:\jpdfrf.exec:\jpdfrf.exe94⤵
-
\??\c:\jtflnb.exec:\jtflnb.exe95⤵
-
\??\c:\rxbtj.exec:\rxbtj.exe96⤵
-
\??\c:\xvxlrl.exec:\xvxlrl.exe97⤵
-
\??\c:\tvnjh.exec:\tvnjh.exe98⤵
-
\??\c:\hvrxvvr.exec:\hvrxvvr.exe99⤵
-
\??\c:\rjndr.exec:\rjndr.exe100⤵
-
\??\c:\jvdvnjr.exec:\jvdvnjr.exe101⤵
-
\??\c:\fplnr.exec:\fplnr.exe102⤵
-
\??\c:\xbbvj.exec:\xbbvj.exe103⤵
-
\??\c:\nldhdnv.exec:\nldhdnv.exe104⤵
-
\??\c:\pnpjpnd.exec:\pnpjpnd.exe105⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jthntt.exec:\jthntt.exe106⤵
-
\??\c:\jxxhrv.exec:\jxxhrv.exe107⤵
-
\??\c:\xdfjvr.exec:\xdfjvr.exe108⤵
-
\??\c:\xhppvvh.exec:\xhppvvh.exe109⤵
-
\??\c:\rnrblb.exec:\rnrblb.exe110⤵
-
\??\c:\xpnjj.exec:\xpnjj.exe111⤵
-
\??\c:\fnvrd.exec:\fnvrd.exe112⤵
-
\??\c:\rpblrj.exec:\rpblrj.exe113⤵
-
\??\c:\fxlrnf.exec:\fxlrnf.exe114⤵
-
\??\c:\jtnrdn.exec:\jtnrdn.exe115⤵
-
\??\c:\hdbjfh.exec:\hdbjfh.exe116⤵
-
\??\c:\nbbnxf.exec:\nbbnxf.exe117⤵
-
\??\c:\bjpld.exec:\bjpld.exe118⤵
-
\??\c:\tnbpflx.exec:\tnbpflx.exe119⤵
-
\??\c:\vjplt.exec:\vjplt.exe120⤵
-
\??\c:\xdpjv.exec:\xdpjv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-