Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
01-09-2024 03:49
General
-
Target
dcebb2e1ea4c0d7c5bb706d6120f27089f8e9318fe3a7aedf603d5bef0a43420.exe
-
Size
82KB
-
MD5
bea7a34f32f0930bcff895e355cd3431
-
SHA1
cff2023cbcc339b57ff92ab146f5b2987b504aed
-
SHA256
dcebb2e1ea4c0d7c5bb706d6120f27089f8e9318fe3a7aedf603d5bef0a43420
-
SHA512
1f7bc16379384148e99bb69abf8ea0da60ee9d815e551f1c95740bfe3b05313488b0369df0992379708c4069a39c880b8f1ee4e9145e682ae88274ec61226351
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA89Q3:ymb3NkkiQ3mdBjFIIp9L9QrrA8e
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\dcebb2e1ea4c0d7c5bb706d6120f27089f8e9318fe3a7aedf603d5bef0a43420.exe"C:\Users\Admin\AppData\Local\Temp\dcebb2e1ea4c0d7c5bb706d6120f27089f8e9318fe3a7aedf603d5bef0a43420.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxxllx.exec:\rfxxllx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frflrfr.exec:\frflrfr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntnth.exec:\nntnth.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjd.exec:\vpjjd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rxfrrf.exec:\1rxfrrf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbntt.exec:\tnbntt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpdj.exec:\pjpdj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xlflfr.exec:\5xlflfr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbnhh.exec:\tbbnhh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbtbb.exec:\btbtbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjpj.exec:\vpjpj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllrfrf.exec:\xllrfrf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrllr.exec:\xrlrllr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnnbh.exec:\nbnnbh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjv.exec:\pjpjv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvjj.exec:\pjvjj.exe17⤵
- Executes dropped EXE
-
\??\c:\lfrxrxf.exec:\lfrxrxf.exe18⤵
- Executes dropped EXE
-
\??\c:\hbbhhh.exec:\hbbhhh.exe19⤵
- Executes dropped EXE
-
\??\c:\1tnhth.exec:\1tnhth.exe20⤵
- Executes dropped EXE
-
\??\c:\9jpjp.exec:\9jpjp.exe21⤵
- Executes dropped EXE
-
\??\c:\9pdvd.exec:\9pdvd.exe22⤵
- Executes dropped EXE
-
\??\c:\rlxxffr.exec:\rlxxffr.exe23⤵
- Executes dropped EXE
-
\??\c:\htnnnn.exec:\htnnnn.exe24⤵
- Executes dropped EXE
-
\??\c:\nhbbhh.exec:\nhbbhh.exe25⤵
- Executes dropped EXE
-
\??\c:\3djjj.exec:\3djjj.exe26⤵
- Executes dropped EXE
-
\??\c:\ppvvd.exec:\ppvvd.exe27⤵
- Executes dropped EXE
-
\??\c:\lxfxfrl.exec:\lxfxfrl.exe28⤵
- Executes dropped EXE
-
\??\c:\3bnhbh.exec:\3bnhbh.exe29⤵
- Executes dropped EXE
-
\??\c:\jvpvj.exec:\jvpvj.exe30⤵
- Executes dropped EXE
-
\??\c:\lfxlflx.exec:\lfxlflx.exe31⤵
- Executes dropped EXE
-
\??\c:\9xxrffl.exec:\9xxrffl.exe32⤵
- Executes dropped EXE
-
\??\c:\7ntnbb.exec:\7ntnbb.exe33⤵
- Executes dropped EXE
-
\??\c:\3hhnnn.exec:\3hhnnn.exe34⤵
- Executes dropped EXE
-
\??\c:\7ddpv.exec:\7ddpv.exe35⤵
- Executes dropped EXE
-
\??\c:\dpddj.exec:\dpddj.exe36⤵
- Executes dropped EXE
-
\??\c:\3rllflx.exec:\3rllflx.exe37⤵
- Executes dropped EXE
-
\??\c:\rrfflrf.exec:\rrfflrf.exe38⤵
- Executes dropped EXE
-
\??\c:\rlfflll.exec:\rlfflll.exe39⤵
- Executes dropped EXE
-
\??\c:\1tnthn.exec:\1tnthn.exe40⤵
- Executes dropped EXE
-
\??\c:\7dvjj.exec:\7dvjj.exe41⤵
- Executes dropped EXE
-
\??\c:\vppjv.exec:\vppjv.exe42⤵
- Executes dropped EXE
-
\??\c:\fxxrffr.exec:\fxxrffr.exe43⤵
- Executes dropped EXE
-
\??\c:\xxrlflf.exec:\xxrlflf.exe44⤵
- Executes dropped EXE
-
\??\c:\fxxxlrx.exec:\fxxxlrx.exe45⤵
- Executes dropped EXE
-
\??\c:\tntnbb.exec:\tntnbb.exe46⤵
- Executes dropped EXE
-
\??\c:\5hbtht.exec:\5hbtht.exe47⤵
- Executes dropped EXE
-
\??\c:\pdvvj.exec:\pdvvj.exe48⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe49⤵
- Executes dropped EXE
-
\??\c:\xflflfr.exec:\xflflfr.exe50⤵
- Executes dropped EXE
-
\??\c:\5xrfllr.exec:\5xrfllr.exe51⤵
- Executes dropped EXE
-
\??\c:\thtthh.exec:\thtthh.exe52⤵
- Executes dropped EXE
-
\??\c:\btnbhn.exec:\btnbhn.exe53⤵
- Executes dropped EXE
-
\??\c:\7btbhn.exec:\7btbhn.exe54⤵
- Executes dropped EXE
-
\??\c:\7dpvd.exec:\7dpvd.exe55⤵
- Executes dropped EXE
-
\??\c:\3jvvv.exec:\3jvvv.exe56⤵
- Executes dropped EXE
-
\??\c:\rlfrxlx.exec:\rlfrxlx.exe57⤵
- Executes dropped EXE
-
\??\c:\7rlrlff.exec:\7rlrlff.exe58⤵
- Executes dropped EXE
-
\??\c:\bnhtbh.exec:\bnhtbh.exe59⤵
- Executes dropped EXE
-
\??\c:\9thnnb.exec:\9thnnb.exe60⤵
- Executes dropped EXE
-
\??\c:\1bbntt.exec:\1bbntt.exe61⤵
- Executes dropped EXE
-
\??\c:\jdjdj.exec:\jdjdj.exe62⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\jjdpj.exec:\jjdpj.exe63⤵
- Executes dropped EXE
-
\??\c:\fxllffl.exec:\fxllffl.exe64⤵
- Executes dropped EXE
-
\??\c:\lxrfrxl.exec:\lxrfrxl.exe65⤵
- Executes dropped EXE
-
\??\c:\hhbthn.exec:\hhbthn.exe66⤵
-
\??\c:\hbtbbb.exec:\hbtbbb.exe67⤵
-
\??\c:\dvvjp.exec:\dvvjp.exe68⤵
-
\??\c:\vvpvp.exec:\vvpvp.exe69⤵
-
\??\c:\ddpvp.exec:\ddpvp.exe70⤵
-
\??\c:\1fxxflf.exec:\1fxxflf.exe71⤵
-
\??\c:\3llxlrf.exec:\3llxlrf.exe72⤵
-
\??\c:\tnhnbh.exec:\tnhnbh.exe73⤵
-
\??\c:\nhhnbb.exec:\nhhnbb.exe74⤵
-
\??\c:\vpvjd.exec:\vpvjd.exe75⤵
-
\??\c:\1vddj.exec:\1vddj.exe76⤵
-
\??\c:\rfrxllx.exec:\rfrxllx.exe77⤵
-
\??\c:\xlfllrr.exec:\xlfllrr.exe78⤵
-
\??\c:\7bbhnt.exec:\7bbhnt.exe79⤵
-
\??\c:\bthttb.exec:\bthttb.exe80⤵
-
\??\c:\dvpjp.exec:\dvpjp.exe81⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe82⤵
-
\??\c:\fxrrfrr.exec:\fxrrfrr.exe83⤵
-
\??\c:\xxflxlx.exec:\xxflxlx.exe84⤵
-
\??\c:\hbhnnb.exec:\hbhnnb.exe85⤵
-
\??\c:\1pdvp.exec:\1pdvp.exe86⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe87⤵
-
\??\c:\rrlrllr.exec:\rrlrllr.exe88⤵
-
\??\c:\xxfxxrf.exec:\xxfxxrf.exe89⤵
-
\??\c:\bbnntt.exec:\bbnntt.exe90⤵
-
\??\c:\hbthtt.exec:\hbthtt.exe91⤵
-
\??\c:\7vjdj.exec:\7vjdj.exe92⤵
-
\??\c:\pjjpv.exec:\pjjpv.exe93⤵
-
\??\c:\xxrxrll.exec:\xxrxrll.exe94⤵
-
\??\c:\fxrlrlr.exec:\fxrlrlr.exe95⤵
-
\??\c:\9tnhbn.exec:\9tnhbn.exe96⤵
-
\??\c:\bbthhn.exec:\bbthhn.exe97⤵
-
\??\c:\pdvdj.exec:\pdvdj.exe98⤵
-
\??\c:\jvvdj.exec:\jvvdj.exe99⤵
-
\??\c:\rlxlllx.exec:\rlxlllx.exe100⤵
-
\??\c:\3lffflf.exec:\3lffflf.exe101⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe102⤵
-
\??\c:\9nttbh.exec:\9nttbh.exe103⤵
-
\??\c:\hhthht.exec:\hhthht.exe104⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe105⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe106⤵
-
\??\c:\rrflxxf.exec:\rrflxxf.exe107⤵
-
\??\c:\xrxxllr.exec:\xrxxllr.exe108⤵
-
\??\c:\tnbnhb.exec:\tnbnhb.exe109⤵
-
\??\c:\tbthnt.exec:\tbthnt.exe110⤵
-
\??\c:\bnbhhn.exec:\bnbhhn.exe111⤵
-
\??\c:\vpvjd.exec:\vpvjd.exe112⤵
-
\??\c:\pdppd.exec:\pdppd.exe113⤵
-
\??\c:\xrrrxfr.exec:\xrrrxfr.exe114⤵
-
\??\c:\3fflxxx.exec:\3fflxxx.exe115⤵
-
\??\c:\bthtnb.exec:\bthtnb.exe116⤵
- System Location Discovery: System Language Discovery
-
\??\c:\bthhtb.exec:\bthhtb.exe117⤵
-
\??\c:\vvpdv.exec:\vvpdv.exe118⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe119⤵
-
\??\c:\llfrrfr.exec:\llfrrfr.exe120⤵
-
\??\c:\rlrlrrx.exec:\rlrlrrx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-