Analysis
-
max time kernel
120s -
max time network
116s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
18-08-2024 11:59
General
-
Target
7f5c5af83ae83c05576b2d9e6aab42b0N.exe
-
Size
57KB
-
MD5
7f5c5af83ae83c05576b2d9e6aab42b0
-
SHA1
94b366e10c4013a74db81b8569c0c1c2f976f745
-
SHA256
dc671d6ee3918912ef68e6167a4e4f1b72c17b20c4ad62a4e913cbd6c643595e
-
SHA512
2a8d33fd346c6eb952c43bc06eae00f268524031fe726dd16f1734c36817899b6437905c957b976d90eb42d1312477b687fdd39f17fb593e2ac02389ff1b6fd1
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIgTz:ymb3NkkiQ3mdBjFIg/
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 37 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7f5c5af83ae83c05576b2d9e6aab42b0N.exe"C:\Users\Admin\AppData\Local\Temp\7f5c5af83ae83c05576b2d9e6aab42b0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdvj.exec:\dpdvj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ffrfxr.exec:\7ffrfxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxlfx.exec:\rlfxlfx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnhnh.exec:\tbnhnh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjvv.exec:\vpjvv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pjvp.exec:\9pjvp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflflfx.exec:\fflflfx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpd.exec:\vpvpd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjvj.exec:\vjjvj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ffrfxl.exec:\3ffrfxl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hbnbt.exec:\3hbnbt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvpv.exec:\vjvpv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ddpd.exec:\7ddpd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffflrfr.exec:\ffflrfr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbtnh.exec:\bnbtnh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbnhb.exec:\thbnhb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjvj.exec:\dpjvj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllfrlf.exec:\fllfrlf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfxlfr.exec:\llfxlfr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbttt.exec:\nnbttt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdpv.exec:\dvdpv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ffrffl.exec:\1ffrffl.exe23⤵
- Executes dropped EXE
-
\??\c:\7xxrfxf.exec:\7xxrfxf.exe24⤵
- Executes dropped EXE
-
\??\c:\thhbnh.exec:\thhbnh.exe25⤵
- Executes dropped EXE
-
\??\c:\ddjpv.exec:\ddjpv.exe26⤵
- Executes dropped EXE
-
\??\c:\9xrlxrl.exec:\9xrlxrl.exe27⤵
- Executes dropped EXE
-
\??\c:\rfxlxlx.exec:\rfxlxlx.exe28⤵
- Executes dropped EXE
-
\??\c:\htnbbn.exec:\htnbbn.exe29⤵
- Executes dropped EXE
-
\??\c:\vdvjv.exec:\vdvjv.exe30⤵
- Executes dropped EXE
-
\??\c:\7rrfrrf.exec:\7rrfrrf.exe31⤵
- Executes dropped EXE
-
\??\c:\frffxxr.exec:\frffxxr.exe32⤵
- Executes dropped EXE
-
\??\c:\1tnbtb.exec:\1tnbtb.exe33⤵
- Executes dropped EXE
-
\??\c:\nbtttb.exec:\nbtttb.exe34⤵
- Executes dropped EXE
-
\??\c:\ddvvp.exec:\ddvvp.exe35⤵
- Executes dropped EXE
-
\??\c:\pdvjd.exec:\pdvjd.exe36⤵
- Executes dropped EXE
-
\??\c:\rlfxlfr.exec:\rlfxlfr.exe37⤵
- Executes dropped EXE
-
\??\c:\xlrxfrr.exec:\xlrxfrr.exe38⤵
- Executes dropped EXE
-
\??\c:\bhhbnn.exec:\bhhbnn.exe39⤵
- Executes dropped EXE
-
\??\c:\bttnnb.exec:\bttnnb.exe40⤵
- Executes dropped EXE
-
\??\c:\pdvjv.exec:\pdvjv.exe41⤵
- Executes dropped EXE
-
\??\c:\pddpd.exec:\pddpd.exe42⤵
- Executes dropped EXE
-
\??\c:\frrfxrf.exec:\frrfxrf.exe43⤵
- Executes dropped EXE
-
\??\c:\1lfxllf.exec:\1lfxllf.exe44⤵
- Executes dropped EXE
-
\??\c:\hnhbtn.exec:\hnhbtn.exe45⤵
- Executes dropped EXE
-
\??\c:\pdjvj.exec:\pdjvj.exe46⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\vvdpd.exec:\vvdpd.exe47⤵
- Executes dropped EXE
-
\??\c:\rrlxfxl.exec:\rrlxfxl.exe48⤵
- Executes dropped EXE
-
\??\c:\xxlfxrl.exec:\xxlfxrl.exe49⤵
- Executes dropped EXE
-
\??\c:\hnthnb.exec:\hnthnb.exe50⤵
- Executes dropped EXE
-
\??\c:\tthhht.exec:\tthhht.exe51⤵
- Executes dropped EXE
-
\??\c:\jjdpd.exec:\jjdpd.exe52⤵
- Executes dropped EXE
-
\??\c:\fxxrrlx.exec:\fxxrrlx.exe53⤵
- Executes dropped EXE
-
\??\c:\1rrrfxl.exec:\1rrrfxl.exe54⤵
- Executes dropped EXE
-
\??\c:\btbtnt.exec:\btbtnt.exe55⤵
- Executes dropped EXE
-
\??\c:\jvvjj.exec:\jvvjj.exe56⤵
- Executes dropped EXE
-
\??\c:\vvvdv.exec:\vvvdv.exe57⤵
- Executes dropped EXE
-
\??\c:\frflxrf.exec:\frflxrf.exe58⤵
- Executes dropped EXE
-
\??\c:\lrrlxll.exec:\lrrlxll.exe59⤵
- Executes dropped EXE
-
\??\c:\tnnhhb.exec:\tnnhhb.exe60⤵
- Executes dropped EXE
-
\??\c:\pdvjv.exec:\pdvjv.exe61⤵
- Executes dropped EXE
-
\??\c:\vvjdp.exec:\vvjdp.exe62⤵
- Executes dropped EXE
-
\??\c:\fxlffrr.exec:\fxlffrr.exe63⤵
- Executes dropped EXE
-
\??\c:\fllllfr.exec:\fllllfr.exe64⤵
- Executes dropped EXE
-
\??\c:\hnhbnh.exec:\hnhbnh.exe65⤵
- Executes dropped EXE
-
\??\c:\vvvjv.exec:\vvvjv.exe66⤵
-
\??\c:\9ddpp.exec:\9ddpp.exe67⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe68⤵
-
\??\c:\1xxlxxr.exec:\1xxlxxr.exe69⤵
-
\??\c:\bbbtnh.exec:\bbbtnh.exe70⤵
-
\??\c:\bhnhbn.exec:\bhnhbn.exe71⤵
-
\??\c:\bnbnhb.exec:\bnbnhb.exe72⤵
-
\??\c:\vvppv.exec:\vvppv.exe73⤵
-
\??\c:\djdpd.exec:\djdpd.exe74⤵
-
\??\c:\rfxrlxr.exec:\rfxrlxr.exe75⤵
-
\??\c:\3lxlfrf.exec:\3lxlfrf.exe76⤵
-
\??\c:\tbtnhh.exec:\tbtnhh.exe77⤵
-
\??\c:\nnhnbt.exec:\nnhnbt.exe78⤵
-
\??\c:\vddpv.exec:\vddpv.exe79⤵
-
\??\c:\dpjvp.exec:\dpjvp.exe80⤵
-
\??\c:\llrfrrf.exec:\llrfrrf.exe81⤵
-
\??\c:\fxrflfx.exec:\fxrflfx.exe82⤵
-
\??\c:\rrfxxxf.exec:\rrfxxxf.exe83⤵
-
\??\c:\3ttnnh.exec:\3ttnnh.exe84⤵
-
\??\c:\hbtbhb.exec:\hbtbhb.exe85⤵
-
\??\c:\1pjvp.exec:\1pjvp.exe86⤵
-
\??\c:\vvpjv.exec:\vvpjv.exe87⤵
-
\??\c:\lxrlxrl.exec:\lxrlxrl.exe88⤵
-
\??\c:\5lrfrlr.exec:\5lrfrlr.exe89⤵
-
\??\c:\hbhnbn.exec:\hbhnbn.exe90⤵
-
\??\c:\hnhbnb.exec:\hnhbnb.exe91⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe92⤵
-
\??\c:\pvpdp.exec:\pvpdp.exe93⤵
-
\??\c:\bnthhb.exec:\bnthhb.exe94⤵
-
\??\c:\pjpdj.exec:\pjpdj.exe95⤵
-
\??\c:\dpdpj.exec:\dpdpj.exe96⤵
-
\??\c:\5rrlfxr.exec:\5rrlfxr.exe97⤵
-
\??\c:\xxxrfxl.exec:\xxxrfxl.exe98⤵
-
\??\c:\bntnhh.exec:\bntnhh.exe99⤵
-
\??\c:\bnhbhh.exec:\bnhbhh.exe100⤵
-
\??\c:\pvvjp.exec:\pvvjp.exe101⤵
-
\??\c:\pvdpd.exec:\pvdpd.exe102⤵
-
\??\c:\lxfxlfr.exec:\lxfxlfr.exe103⤵
-
\??\c:\rxrfrlf.exec:\rxrfrlf.exe104⤵
-
\??\c:\tnhtnh.exec:\tnhtnh.exe105⤵
-
\??\c:\nbbnnh.exec:\nbbnnh.exe106⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe107⤵
-
\??\c:\3pddp.exec:\3pddp.exe108⤵
-
\??\c:\fflxlff.exec:\fflxlff.exe109⤵
-
\??\c:\frxxxll.exec:\frxxxll.exe110⤵
-
\??\c:\bhbnbt.exec:\bhbnbt.exe111⤵
-
\??\c:\nbnbnb.exec:\nbnbnb.exe112⤵
-
\??\c:\dpdpd.exec:\dpdpd.exe113⤵
-
\??\c:\1xxfxrr.exec:\1xxfxrr.exe114⤵
-
\??\c:\xflxrlf.exec:\xflxrlf.exe115⤵
-
\??\c:\lxlfxrl.exec:\lxlfxrl.exe116⤵
-
\??\c:\9nhhtb.exec:\9nhhtb.exe117⤵
-
\??\c:\jjvjj.exec:\jjvjj.exe118⤵
-
\??\c:\lxrrlfx.exec:\lxrrlfx.exe119⤵
-
\??\c:\rrrlfxr.exec:\rrrlfxr.exe120⤵
-
\??\c:\nbnhtn.exec:\nbnhtn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-