Analysis
-
max time kernel
150s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
03-09-2024 23:53
General
-
Target
7db85bc4464e8c014f5e01ffb26c7e28f53f6e7a242138e8531ca6e7bf2a91bd.exe
-
Size
70KB
-
MD5
7988471efb6939dc418a0936e3fccd38
-
SHA1
2d85a18e650fe503902fefc8c471b9e3e9919c9a
-
SHA256
7db85bc4464e8c014f5e01ffb26c7e28f53f6e7a242138e8531ca6e7bf2a91bd
-
SHA512
a7aa4b70552b993500c9b67a0bfc6b4c7c00cef8876b9e97cae84032cca2be3931008c61b01dd4225206507d9884f2fb3676ec134d65e1466fb0e39a402536f5
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfjK:ymb3NkkiQ3mdBjFI4V6
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7db85bc4464e8c014f5e01ffb26c7e28f53f6e7a242138e8531ca6e7bf2a91bd.exe"C:\Users\Admin\AppData\Local\Temp\7db85bc4464e8c014f5e01ffb26c7e28f53f6e7a242138e8531ca6e7bf2a91bd.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5bbttt.exec:\5bbttt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvd.exec:\pjdvd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfxxx.exec:\rllfxxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbtnn.exec:\hhbtnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbbtt.exec:\htbbtt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pvpj.exec:\1pvpj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlfxrr.exec:\rrlfxrr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrfxlrr.exec:\lrfxlrr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rffxff.exec:\5rffxff.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnhnn.exec:\hhnhnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlxxff.exec:\lxlxxff.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxxrxr.exec:\frxxrxr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbhbt.exec:\ntbhbt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdvp.exec:\pvdvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ppjj.exec:\1ppjj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxrfxf.exec:\lxxrfxf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnnbt.exec:\nbnnbt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdv.exec:\pdjdv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfxxrr.exec:\lxfxxrr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnnhh.exec:\ttnnhh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbnbb.exec:\tbbnbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvjd.exec:\ddvjd.exe23⤵
- Executes dropped EXE
-
\??\c:\xrxrllf.exec:\xrxrllf.exe24⤵
- Executes dropped EXE
-
\??\c:\bbbbtt.exec:\bbbbtt.exe25⤵
- Executes dropped EXE
-
\??\c:\5htnnn.exec:\5htnnn.exe26⤵
- Executes dropped EXE
-
\??\c:\vjvpp.exec:\vjvpp.exe27⤵
- Executes dropped EXE
-
\??\c:\xrffxff.exec:\xrffxff.exe28⤵
- Executes dropped EXE
-
\??\c:\htbttb.exec:\htbttb.exe29⤵
- Executes dropped EXE
-
\??\c:\htttth.exec:\htttth.exe30⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\vddjj.exec:\vddjj.exe31⤵
- Executes dropped EXE
-
\??\c:\pjjjj.exec:\pjjjj.exe32⤵
- Executes dropped EXE
-
\??\c:\ffxlllr.exec:\ffxlllr.exe33⤵
- Executes dropped EXE
-
\??\c:\htnhbt.exec:\htnhbt.exe34⤵
- Executes dropped EXE
-
\??\c:\nhbbbt.exec:\nhbbbt.exe35⤵
- Executes dropped EXE
-
\??\c:\7dpjp.exec:\7dpjp.exe36⤵
- Executes dropped EXE
-
\??\c:\rxrrrrl.exec:\rxrrrrl.exe37⤵
- Executes dropped EXE
-
\??\c:\xxlfxxl.exec:\xxlfxxl.exe38⤵
- Executes dropped EXE
-
\??\c:\hnnnhh.exec:\hnnnhh.exe39⤵
- Executes dropped EXE
-
\??\c:\pjjjj.exec:\pjjjj.exe40⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\jjdvp.exec:\jjdvp.exe41⤵
- Executes dropped EXE
-
\??\c:\vpdpj.exec:\vpdpj.exe42⤵
- Executes dropped EXE
-
\??\c:\fxxxxff.exec:\fxxxxff.exe43⤵
- Executes dropped EXE
-
\??\c:\btttnt.exec:\btttnt.exe44⤵
- Executes dropped EXE
-
\??\c:\nttnnt.exec:\nttnnt.exe45⤵
- Executes dropped EXE
-
\??\c:\pjvpp.exec:\pjvpp.exe46⤵
- Executes dropped EXE
-
\??\c:\ppvpp.exec:\ppvpp.exe47⤵
- Executes dropped EXE
-
\??\c:\1frrffx.exec:\1frrffx.exe48⤵
- Executes dropped EXE
-
\??\c:\xrxxxxr.exec:\xrxxxxr.exe49⤵
- Executes dropped EXE
-
\??\c:\9nbbbh.exec:\9nbbbh.exe50⤵
- Executes dropped EXE
-
\??\c:\thhnnn.exec:\thhnnn.exe51⤵
- Executes dropped EXE
-
\??\c:\jdddd.exec:\jdddd.exe52⤵
- Executes dropped EXE
-
\??\c:\vdpdd.exec:\vdpdd.exe53⤵
- Executes dropped EXE
-
\??\c:\fxrlfff.exec:\fxrlfff.exe54⤵
- Executes dropped EXE
-
\??\c:\xrrrrrx.exec:\xrrrrrx.exe55⤵
- Executes dropped EXE
-
\??\c:\hntttt.exec:\hntttt.exe56⤵
- Executes dropped EXE
-
\??\c:\hnnttn.exec:\hnnttn.exe57⤵
- Executes dropped EXE
-
\??\c:\ppdvp.exec:\ppdvp.exe58⤵
- Executes dropped EXE
-
\??\c:\vvvvp.exec:\vvvvp.exe59⤵
- Executes dropped EXE
-
\??\c:\3xfxrrr.exec:\3xfxrrr.exe60⤵
- Executes dropped EXE
-
\??\c:\xrffxfx.exec:\xrffxfx.exe61⤵
- Executes dropped EXE
-
\??\c:\1bhhnn.exec:\1bhhnn.exe62⤵
- Executes dropped EXE
-
\??\c:\hbbhbb.exec:\hbbhbb.exe63⤵
- Executes dropped EXE
-
\??\c:\vjvpj.exec:\vjvpj.exe64⤵
- Executes dropped EXE
-
\??\c:\1jdjj.exec:\1jdjj.exe65⤵
- Executes dropped EXE
-
\??\c:\rlrrrxr.exec:\rlrrrxr.exe66⤵
-
\??\c:\xxrxxff.exec:\xxrxxff.exe67⤵
-
\??\c:\nbbhhh.exec:\nbbhhh.exe68⤵
-
\??\c:\htttnn.exec:\htttnn.exe69⤵
-
\??\c:\5pvvp.exec:\5pvvp.exe70⤵
-
\??\c:\lrfxffr.exec:\lrfxffr.exe71⤵
-
\??\c:\7nbthn.exec:\7nbthn.exe72⤵
-
\??\c:\nnhhhh.exec:\nnhhhh.exe73⤵
-
\??\c:\tbtnnt.exec:\tbtnnt.exe74⤵
-
\??\c:\vvdvv.exec:\vvdvv.exe75⤵
-
\??\c:\dpvpv.exec:\dpvpv.exe76⤵
-
\??\c:\frxrflf.exec:\frxrflf.exe77⤵
-
\??\c:\lffflll.exec:\lffflll.exe78⤵
-
\??\c:\7hbhbh.exec:\7hbhbh.exe79⤵
-
\??\c:\5bbtnn.exec:\5bbtnn.exe80⤵
-
\??\c:\jjvvd.exec:\jjvvd.exe81⤵
-
\??\c:\dppvv.exec:\dppvv.exe82⤵
-
\??\c:\5frrxxr.exec:\5frrxxr.exe83⤵
-
\??\c:\rllllll.exec:\rllllll.exe84⤵
-
\??\c:\thnttt.exec:\thnttt.exe85⤵
-
\??\c:\ttnhhb.exec:\ttnhhb.exe86⤵
-
\??\c:\nhbbnt.exec:\nhbbnt.exe87⤵
-
\??\c:\ddjjd.exec:\ddjjd.exe88⤵
-
\??\c:\vpddd.exec:\vpddd.exe89⤵
-
\??\c:\xrxxrxx.exec:\xrxxrxx.exe90⤵
-
\??\c:\hhhhhh.exec:\hhhhhh.exe91⤵
-
\??\c:\jddvp.exec:\jddvp.exe92⤵
-
\??\c:\xrxxlrr.exec:\xrxxlrr.exe93⤵
-
\??\c:\httbtt.exec:\httbtt.exe94⤵
-
\??\c:\tnbbtb.exec:\tnbbtb.exe95⤵
-
\??\c:\pvddv.exec:\pvddv.exe96⤵
-
\??\c:\pppjj.exec:\pppjj.exe97⤵
-
\??\c:\rlfxrrx.exec:\rlfxrrx.exe98⤵
-
\??\c:\fxffxxr.exec:\fxffxxr.exe99⤵
-
\??\c:\jppjd.exec:\jppjd.exe100⤵
-
\??\c:\lfxlffx.exec:\lfxlffx.exe101⤵
-
\??\c:\xlfrllf.exec:\xlfrllf.exe102⤵
-
\??\c:\tnbnnn.exec:\tnbnnn.exe103⤵
-
\??\c:\bnnhbb.exec:\bnnhbb.exe104⤵
-
\??\c:\jjpvv.exec:\jjpvv.exe105⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe106⤵
-
\??\c:\rxrxflf.exec:\rxrxflf.exe107⤵
-
\??\c:\lxxxrrl.exec:\lxxxrrl.exe108⤵
-
\??\c:\hbhhbh.exec:\hbhhbh.exe109⤵
-
\??\c:\nhbbbb.exec:\nhbbbb.exe110⤵
-
\??\c:\dpppd.exec:\dpppd.exe111⤵
-
\??\c:\7jjpp.exec:\7jjpp.exe112⤵
-
\??\c:\llrrlrr.exec:\llrrlrr.exe113⤵
-
\??\c:\fxflxrx.exec:\fxflxrx.exe114⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe115⤵
-
\??\c:\7vvdv.exec:\7vvdv.exe116⤵
-
\??\c:\pdppp.exec:\pdppp.exe117⤵
-
\??\c:\9frfffx.exec:\9frfffx.exe118⤵
-
\??\c:\flxrrrr.exec:\flxrrrr.exe119⤵
-
\??\c:\nthbnn.exec:\nthbnn.exe120⤵
-
\??\c:\btnhnn.exec:\btnhnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-