Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
25/08/2024, 02:41
General
-
Target
a0224f122f55ac11e57d3c72e256e88f6f575a5bc4757ccd644186ce18b26e72.exe
-
Size
69KB
-
MD5
3e88103cdf4469b3fa09048c08308c3c
-
SHA1
bad18ebcf2fe06408593aac905cfa9a6b9c85166
-
SHA256
a0224f122f55ac11e57d3c72e256e88f6f575a5bc4757ccd644186ce18b26e72
-
SHA512
3f1e0db1b9d9b7e4202ee3940169abf760d45e7b5f0d1a1021c8d6a4b9133f9b40860d95b63205707d3d0d1e875632ede52cd7dbb62a2121530a141864e7655e
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUuYp+5C8+Luvdv:ymb3NkkiQ3mdBjF0yMliv
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a0224f122f55ac11e57d3c72e256e88f6f575a5bc4757ccd644186ce18b26e72.exe"C:\Users\Admin\AppData\Local\Temp\a0224f122f55ac11e57d3c72e256e88f6f575a5bc4757ccd644186ce18b26e72.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9nntbn.exec:\9nntbn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdjv.exec:\jvdjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrxxfl.exec:\xlrxxfl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhnn.exec:\nhbhnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xfxlfl.exec:\9xfxlfl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbhn.exec:\tnbbhn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjpd.exec:\dvjpd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjvj.exec:\vvjvj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rlllrl.exec:\3rlllrl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthnth.exec:\tthnth.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtttn.exec:\hbtttn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjpd.exec:\ppjpd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfffxl.exec:\xrfffxl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnthn.exec:\btnthn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9djdv.exec:\9djdv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvjj.exec:\dvvjj.exe17⤵
- Executes dropped EXE
-
\??\c:\frffffl.exec:\frffffl.exe18⤵
- Executes dropped EXE
-
\??\c:\xrxflrr.exec:\xrxflrr.exe19⤵
- Executes dropped EXE
-
\??\c:\nbbbhb.exec:\nbbbhb.exe20⤵
- Executes dropped EXE
-
\??\c:\vdpjv.exec:\vdpjv.exe21⤵
- Executes dropped EXE
-
\??\c:\llfxffl.exec:\llfxffl.exe22⤵
- Executes dropped EXE
-
\??\c:\3rrlrlx.exec:\3rrlrlx.exe23⤵
- Executes dropped EXE
-
\??\c:\btbhtb.exec:\btbhtb.exe24⤵
- Executes dropped EXE
-
\??\c:\1btthn.exec:\1btthn.exe25⤵
- Executes dropped EXE
-
\??\c:\jvvjp.exec:\jvvjp.exe26⤵
- Executes dropped EXE
-
\??\c:\rrlrfll.exec:\rrlrfll.exe27⤵
- Executes dropped EXE
-
\??\c:\xrrlrrx.exec:\xrrlrrx.exe28⤵
- Executes dropped EXE
-
\??\c:\7nnbnn.exec:\7nnbnn.exe29⤵
- Executes dropped EXE
-
\??\c:\pjvvj.exec:\pjvvj.exe30⤵
- Executes dropped EXE
-
\??\c:\3fflrxf.exec:\3fflrxf.exe31⤵
- Executes dropped EXE
-
\??\c:\htbhnt.exec:\htbhnt.exe32⤵
- Executes dropped EXE
-
\??\c:\tnbhhn.exec:\tnbhhn.exe33⤵
- Executes dropped EXE
-
\??\c:\9vvdd.exec:\9vvdd.exe34⤵
- Executes dropped EXE
-
\??\c:\xxxrflr.exec:\xxxrflr.exe35⤵
- Executes dropped EXE
-
\??\c:\xrlfrxf.exec:\xrlfrxf.exe36⤵
- Executes dropped EXE
-
\??\c:\tthhbn.exec:\tthhbn.exe37⤵
- Executes dropped EXE
-
\??\c:\bttbhh.exec:\bttbhh.exe38⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe39⤵
- Executes dropped EXE
-
\??\c:\jdjpj.exec:\jdjpj.exe40⤵
- Executes dropped EXE
-
\??\c:\rlxllrx.exec:\rlxllrx.exe41⤵
- Executes dropped EXE
-
\??\c:\hbnthh.exec:\hbnthh.exe42⤵
- Executes dropped EXE
-
\??\c:\7tbhth.exec:\7tbhth.exe43⤵
- Executes dropped EXE
-
\??\c:\dpvpp.exec:\dpvpp.exe44⤵
- Executes dropped EXE
-
\??\c:\dvdjd.exec:\dvdjd.exe45⤵
- Executes dropped EXE
-
\??\c:\ffrxlfx.exec:\ffrxlfx.exe46⤵
- Executes dropped EXE
-
\??\c:\lfxxllr.exec:\lfxxllr.exe47⤵
- Executes dropped EXE
-
\??\c:\7nthhh.exec:\7nthhh.exe48⤵
- Executes dropped EXE
-
\??\c:\nhtbnh.exec:\nhtbnh.exe49⤵
- Executes dropped EXE
-
\??\c:\pjpvj.exec:\pjpvj.exe50⤵
- Executes dropped EXE
-
\??\c:\fxlrxxf.exec:\fxlrxxf.exe51⤵
- Executes dropped EXE
-
\??\c:\xrfrflf.exec:\xrfrflf.exe52⤵
- Executes dropped EXE
-
\??\c:\9hhthh.exec:\9hhthh.exe53⤵
- Executes dropped EXE
-
\??\c:\xrfxffl.exec:\xrfxffl.exe54⤵
- Executes dropped EXE
-
\??\c:\fxflxfl.exec:\fxflxfl.exe55⤵
- Executes dropped EXE
-
\??\c:\httbtt.exec:\httbtt.exe56⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\hhnnbn.exec:\hhnnbn.exe57⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\3pjvd.exec:\3pjvd.exe58⤵
- Executes dropped EXE
-
\??\c:\vpdjj.exec:\vpdjj.exe59⤵
- Executes dropped EXE
-
\??\c:\xlxxxfl.exec:\xlxxxfl.exe60⤵
- Executes dropped EXE
-
\??\c:\lfrflrf.exec:\lfrflrf.exe61⤵
- Executes dropped EXE
-
\??\c:\hbhhnn.exec:\hbhhnn.exe62⤵
- Executes dropped EXE
-
\??\c:\hbtttt.exec:\hbtttt.exe63⤵
- Executes dropped EXE
-
\??\c:\vpjpd.exec:\vpjpd.exe64⤵
- Executes dropped EXE
-
\??\c:\pvddj.exec:\pvddj.exe65⤵
- Executes dropped EXE
-
\??\c:\lllxfrr.exec:\lllxfrr.exe66⤵
-
\??\c:\xrxfxxr.exec:\xrxfxxr.exe67⤵
-
\??\c:\thtbtb.exec:\thtbtb.exe68⤵
-
\??\c:\3tnhhh.exec:\3tnhhh.exe69⤵
-
\??\c:\7ppdp.exec:\7ppdp.exe70⤵
-
\??\c:\rlfxxxx.exec:\rlfxxxx.exe71⤵
-
\??\c:\7xlxflr.exec:\7xlxflr.exe72⤵
-
\??\c:\nhhnbt.exec:\nhhnbt.exe73⤵
-
\??\c:\3ntbbt.exec:\3ntbbt.exe74⤵
-
\??\c:\3djdj.exec:\3djdj.exe75⤵
-
\??\c:\vjddj.exec:\vjddj.exe76⤵
-
\??\c:\9lfllll.exec:\9lfllll.exe77⤵
-
\??\c:\lflrxrr.exec:\lflrxrr.exe78⤵
-
\??\c:\bnbnbh.exec:\bnbnbh.exe79⤵
-
\??\c:\hbhbnn.exec:\hbhbnn.exe80⤵
-
\??\c:\tbnhnh.exec:\tbnhnh.exe81⤵
-
\??\c:\jjvjj.exec:\jjvjj.exe82⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe83⤵
-
\??\c:\xlrxxxx.exec:\xlrxxxx.exe84⤵
-
\??\c:\lxlllfl.exec:\lxlllfl.exe85⤵
-
\??\c:\1nnntn.exec:\1nnntn.exe86⤵
-
\??\c:\thnbnh.exec:\thnbnh.exe87⤵
- System Location Discovery: System Language Discovery
-
\??\c:\5dpdv.exec:\5dpdv.exe88⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe89⤵
-
\??\c:\rlrrrxf.exec:\rlrrrxf.exe90⤵
-
\??\c:\lxlrffl.exec:\lxlrffl.exe91⤵
-
\??\c:\bnhhnb.exec:\bnhhnb.exe92⤵
-
\??\c:\7tnhnn.exec:\7tnhnn.exe93⤵
-
\??\c:\7bnntt.exec:\7bnntt.exe94⤵
-
\??\c:\dppvp.exec:\dppvp.exe95⤵
-
\??\c:\frlrrxf.exec:\frlrrxf.exe96⤵
-
\??\c:\9lxlrxl.exec:\9lxlrxl.exe97⤵
-
\??\c:\7bbtbb.exec:\7bbtbb.exe98⤵
-
\??\c:\thnntt.exec:\thnntt.exe99⤵
-
\??\c:\vjpjp.exec:\vjpjp.exe100⤵
-
\??\c:\5vpjp.exec:\5vpjp.exe101⤵
-
\??\c:\xrfxxrx.exec:\xrfxxrx.exe102⤵
-
\??\c:\xrflxxx.exec:\xrflxxx.exe103⤵
-
\??\c:\htbhnn.exec:\htbhnn.exe104⤵
-
\??\c:\7thhhn.exec:\7thhhn.exe105⤵
-
\??\c:\jvddd.exec:\jvddd.exe106⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe107⤵
-
\??\c:\xfrxllr.exec:\xfrxllr.exe108⤵
-
\??\c:\rffrxxl.exec:\rffrxxl.exe109⤵
-
\??\c:\hbnntt.exec:\hbnntt.exe110⤵
-
\??\c:\thbbhn.exec:\thbbhn.exe111⤵
-
\??\c:\vpvjv.exec:\vpvjv.exe112⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe113⤵
-
\??\c:\lflrfxf.exec:\lflrfxf.exe114⤵
-
\??\c:\5rxllrx.exec:\5rxllrx.exe115⤵
-
\??\c:\bthnbh.exec:\bthnbh.exe116⤵
-
\??\c:\tntntn.exec:\tntntn.exe117⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe118⤵
-
\??\c:\7jvvj.exec:\7jvvj.exe119⤵
-
\??\c:\1jpvv.exec:\1jpvv.exe120⤵
-
\??\c:\xrlrxrr.exec:\xrlrxrr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-