Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
06-08-2024 00:41
General
-
Target
a06d01e2bc0280f949e5e204bb6e9c0cc48b4757cb17873003fcfd7913595b08.exe
-
Size
94KB
-
MD5
716c0a035f55682028eeb717c3a0d32a
-
SHA1
fd3c7a8326ccc7fc2f5460748f1f865985ed84da
-
SHA256
a06d01e2bc0280f949e5e204bb6e9c0cc48b4757cb17873003fcfd7913595b08
-
SHA512
9cecb9e80a67230ab0df197a5b2652213b7b7a4c0002f239aed48cf4c3258b1f478ea3f3484c0ea642e09bf02a3585184d6ed2485531a75fad958e7534eaa29e
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIQIDyviFxx2hCtgIMLP9rBZaRB/:ymb3NkkiQ3mdBjFIVLd2hWZGreRCYBtt
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a06d01e2bc0280f949e5e204bb6e9c0cc48b4757cb17873003fcfd7913595b08.exe"C:\Users\Admin\AppData\Local\Temp\a06d01e2bc0280f949e5e204bb6e9c0cc48b4757cb17873003fcfd7913595b08.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1ttthb.exec:\1ttthb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppd.exec:\dvppd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfrxfl.exec:\llfrxfl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhntt.exec:\nnhntt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtbbb.exec:\hbtbbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddjj.exec:\jddjj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrxffl.exec:\rfrxffl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lflxff.exec:\1lflxff.exe9⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\btntbt.exec:\btntbt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpvv.exec:\vdpvv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpdv.exec:\jjpdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrfrfl.exec:\xxrfrfl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhtth.exec:\nhhtth.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhnbb.exec:\bnhnbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vpdj.exec:\1vpdj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvdj.exec:\jdvdj.exe17⤵
- Executes dropped EXE
-
\??\c:\xlrrrrr.exec:\xlrrrrr.exe18⤵
- Executes dropped EXE
-
\??\c:\xrlrffl.exec:\xrlrffl.exe19⤵
- Executes dropped EXE
-
\??\c:\nnhbbt.exec:\nnhbbt.exe20⤵
- Executes dropped EXE
-
\??\c:\5nnhtt.exec:\5nnhtt.exe21⤵
- Executes dropped EXE
-
\??\c:\jjvdp.exec:\jjvdp.exe22⤵
- Executes dropped EXE
-
\??\c:\jjdvd.exec:\jjdvd.exe23⤵
- Executes dropped EXE
-
\??\c:\frfrlrf.exec:\frfrlrf.exe24⤵
- Executes dropped EXE
-
\??\c:\hbhhtt.exec:\hbhhtt.exe25⤵
- Executes dropped EXE
-
\??\c:\htnbtt.exec:\htnbtt.exe26⤵
- Executes dropped EXE
-
\??\c:\5bhttt.exec:\5bhttt.exe27⤵
- Executes dropped EXE
-
\??\c:\jjdjp.exec:\jjdjp.exe28⤵
- Executes dropped EXE
-
\??\c:\xrllfrf.exec:\xrllfrf.exe29⤵
- Executes dropped EXE
-
\??\c:\lfrxffl.exec:\lfrxffl.exe30⤵
- Executes dropped EXE
-
\??\c:\bttthh.exec:\bttthh.exe31⤵
- Executes dropped EXE
-
\??\c:\1htbnn.exec:\1htbnn.exe32⤵
- Executes dropped EXE
-
\??\c:\9jpjv.exec:\9jpjv.exe33⤵
- Executes dropped EXE
-
\??\c:\ffxfffr.exec:\ffxfffr.exe34⤵
- Executes dropped EXE
-
\??\c:\lfrrxxx.exec:\lfrrxxx.exe35⤵
- Executes dropped EXE
-
\??\c:\3xlxfrx.exec:\3xlxfrx.exe36⤵
- Executes dropped EXE
-
\??\c:\tbnnnh.exec:\tbnnnh.exe37⤵
- Executes dropped EXE
-
\??\c:\btbtbt.exec:\btbtbt.exe38⤵
- Executes dropped EXE
-
\??\c:\pjvvd.exec:\pjvvd.exe39⤵
- Executes dropped EXE
-
\??\c:\pdjdp.exec:\pdjdp.exe40⤵
- Executes dropped EXE
-
\??\c:\lxrrrrx.exec:\lxrrrrx.exe41⤵
- Executes dropped EXE
-
\??\c:\llflxxf.exec:\llflxxf.exe42⤵
- Executes dropped EXE
-
\??\c:\1bbtbt.exec:\1bbtbt.exe43⤵
- Executes dropped EXE
-
\??\c:\htntbb.exec:\htntbb.exe44⤵
- Executes dropped EXE
-
\??\c:\pddpd.exec:\pddpd.exe45⤵
- Executes dropped EXE
-
\??\c:\dvpvd.exec:\dvpvd.exe46⤵
- Executes dropped EXE
-
\??\c:\3lxxrrx.exec:\3lxxrrx.exe47⤵
- Executes dropped EXE
-
\??\c:\rlfrxfr.exec:\rlfrxfr.exe48⤵
- Executes dropped EXE
-
\??\c:\3hntnn.exec:\3hntnn.exe49⤵
- Executes dropped EXE
-
\??\c:\bbntbb.exec:\bbntbb.exe50⤵
- Executes dropped EXE
-
\??\c:\vpdpp.exec:\vpdpp.exe51⤵
- Executes dropped EXE
-
\??\c:\xrfxfxl.exec:\xrfxfxl.exe52⤵
- Executes dropped EXE
-
\??\c:\lfxrxrx.exec:\lfxrxrx.exe53⤵
- Executes dropped EXE
-
\??\c:\flrxxfl.exec:\flrxxfl.exe54⤵
- Executes dropped EXE
-
\??\c:\nhthnn.exec:\nhthnn.exe55⤵
- Executes dropped EXE
-
\??\c:\3bttbh.exec:\3bttbh.exe56⤵
- Executes dropped EXE
-
\??\c:\9jdpj.exec:\9jdpj.exe57⤵
- Executes dropped EXE
-
\??\c:\7dvdp.exec:\7dvdp.exe58⤵
- Executes dropped EXE
-
\??\c:\5rrrfff.exec:\5rrrfff.exe59⤵
- Executes dropped EXE
-
\??\c:\7fxfxxl.exec:\7fxfxxl.exe60⤵
- Executes dropped EXE
-
\??\c:\bbnhtb.exec:\bbnhtb.exe61⤵
- Executes dropped EXE
-
\??\c:\3hnbbt.exec:\3hnbbt.exe62⤵
- Executes dropped EXE
-
\??\c:\dvpvv.exec:\dvpvv.exe63⤵
- Executes dropped EXE
-
\??\c:\pjppd.exec:\pjppd.exe64⤵
- Executes dropped EXE
-
\??\c:\3xxrffr.exec:\3xxrffr.exe65⤵
- Executes dropped EXE
-
\??\c:\fxllxfl.exec:\fxllxfl.exe66⤵
-
\??\c:\bbnnnt.exec:\bbnnnt.exe67⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe68⤵
-
\??\c:\9dpvv.exec:\9dpvv.exe69⤵
-
\??\c:\rfrlllr.exec:\rfrlllr.exe70⤵
-
\??\c:\5hbnbb.exec:\5hbnbb.exe71⤵
-
\??\c:\bhbhbh.exec:\bhbhbh.exe72⤵
-
\??\c:\1jpdd.exec:\1jpdd.exe73⤵
-
\??\c:\jvjdj.exec:\jvjdj.exe74⤵
-
\??\c:\rllllll.exec:\rllllll.exe75⤵
-
\??\c:\frxxrrr.exec:\frxxrrr.exe76⤵
-
\??\c:\hthnhb.exec:\hthnhb.exe77⤵
-
\??\c:\1thnbh.exec:\1thnbh.exe78⤵
-
\??\c:\3djdv.exec:\3djdv.exe79⤵
-
\??\c:\rlflrxx.exec:\rlflrxx.exe80⤵
-
\??\c:\rlxffrr.exec:\rlxffrr.exe81⤵
-
\??\c:\bnbhbt.exec:\bnbhbt.exe82⤵
-
\??\c:\3bttbb.exec:\3bttbb.exe83⤵
-
\??\c:\dvdjj.exec:\dvdjj.exe84⤵
-
\??\c:\1jvpp.exec:\1jvpp.exe85⤵
-
\??\c:\5lrrrll.exec:\5lrrrll.exe86⤵
-
\??\c:\xllrfxf.exec:\xllrfxf.exe87⤵
-
\??\c:\9rlrrrr.exec:\9rlrrrr.exe88⤵
-
\??\c:\bbhhhh.exec:\bbhhhh.exe89⤵
-
\??\c:\5nhbhh.exec:\5nhbhh.exe90⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe91⤵
-
\??\c:\djpjd.exec:\djpjd.exe92⤵
-
\??\c:\rrffllx.exec:\rrffllx.exe93⤵
-
\??\c:\xllrrlr.exec:\xllrrlr.exe94⤵
-
\??\c:\7hhhnn.exec:\7hhhnn.exe95⤵
-
\??\c:\tttbtt.exec:\tttbtt.exe96⤵
-
\??\c:\pjjvj.exec:\pjjvj.exe97⤵
-
\??\c:\1pdpv.exec:\1pdpv.exe98⤵
-
\??\c:\rflrfxf.exec:\rflrfxf.exe99⤵
-
\??\c:\5fxrxrr.exec:\5fxrxrr.exe100⤵
-
\??\c:\5thhnt.exec:\5thhnt.exe101⤵
-
\??\c:\bnthnt.exec:\bnthnt.exe102⤵
-
\??\c:\hthtnn.exec:\hthtnn.exe103⤵
-
\??\c:\vjjjj.exec:\vjjjj.exe104⤵
-
\??\c:\dvdjj.exec:\dvdjj.exe105⤵
-
\??\c:\xllffxx.exec:\xllffxx.exe106⤵
-
\??\c:\lxxxxrr.exec:\lxxxxrr.exe107⤵
-
\??\c:\7hbttt.exec:\7hbttt.exe108⤵
-
\??\c:\htbbbb.exec:\htbbbb.exe109⤵
-
\??\c:\1jpjj.exec:\1jpjj.exe110⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe111⤵
-
\??\c:\flrrlll.exec:\flrrlll.exe112⤵
-
\??\c:\ffrfxxr.exec:\ffrfxxr.exe113⤵
-
\??\c:\rffxffl.exec:\rffxffl.exe114⤵
-
\??\c:\7tbhtt.exec:\7tbhtt.exe115⤵
-
\??\c:\5hnhhb.exec:\5hnhhb.exe116⤵
- System Location Discovery: System Language Discovery
-
\??\c:\1jpjj.exec:\1jpjj.exe117⤵
-
\??\c:\3vdvv.exec:\3vdvv.exe118⤵
-
\??\c:\frllrlr.exec:\frllrlr.exe119⤵
-
\??\c:\frxxxlr.exec:\frxxxlr.exe120⤵
-
\??\c:\thtnbt.exec:\thtnbt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-