Analysis
-
max time kernel
120s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
05-09-2024 12:18
General
-
Target
7f149581054b45f83054d4b616e348c0N.exe
-
Size
64KB
-
MD5
7f149581054b45f83054d4b616e348c0
-
SHA1
ae484dcb3987e4d4db2a11f608d38d2e889f0d51
-
SHA256
794365d91ff6f206e7ca2b2f6ee6d2cc4acddaa061b7df73b168c7ef13ccd612
-
SHA512
8e3276aac1dfc686e0a49c15e788adb46fbfae39123f51d64c9e4c9d83db79854982ceb020016f6d7fcb411d6438fcf9fb1ee6fecd86f048bfac73d3e43beb29
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI9L27B11:ymb3NkkiQ3mdBjFI9cD
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7f149581054b45f83054d4b616e348c0N.exe"C:\Users\Admin\AppData\Local\Temp\7f149581054b45f83054d4b616e348c0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrlrr.exec:\xrxrlrr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffxlff.exec:\rffxlff.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hbbtt.exec:\9hbbtt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tnnhh.exec:\5tnnhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdvp.exec:\pvdvp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xxrfll.exec:\5xxrfll.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbttt.exec:\tnbttt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnthn.exec:\htnthn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvjd.exec:\jvvjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrfxxr.exec:\xfrfxxr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbtnh.exec:\bnbtnh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdpj.exec:\pjdpj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xxffll.exec:\3xxffll.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rrrllr.exec:\1rrrllr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntthh.exec:\nntthh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpdv.exec:\djpdv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxffrlf.exec:\fxffrlf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlxfrf.exec:\rxlxfrf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tnhbn.exec:\1tnhbn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjpd.exec:\jvjpd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpj.exec:\jdvpj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfllllr.exec:\lfllllr.exe23⤵
- Executes dropped EXE
-
\??\c:\bttnhb.exec:\bttnhb.exe24⤵
- Executes dropped EXE
-
\??\c:\9vdvp.exec:\9vdvp.exe25⤵
- Executes dropped EXE
-
\??\c:\fxfxrlr.exec:\fxfxrlr.exe26⤵
- Executes dropped EXE
-
\??\c:\xrllfff.exec:\xrllfff.exe27⤵
- Executes dropped EXE
-
\??\c:\thbhbb.exec:\thbhbb.exe28⤵
- Executes dropped EXE
-
\??\c:\jjppj.exec:\jjppj.exe29⤵
- Executes dropped EXE
-
\??\c:\jdvpd.exec:\jdvpd.exe30⤵
- Executes dropped EXE
-
\??\c:\ntbhnb.exec:\ntbhnb.exe31⤵
- Executes dropped EXE
-
\??\c:\hbhbnn.exec:\hbhbnn.exe32⤵
- Executes dropped EXE
-
\??\c:\rlfxrrr.exec:\rlfxrrr.exe33⤵
- Executes dropped EXE
-
\??\c:\lrffllf.exec:\lrffllf.exe34⤵
- Executes dropped EXE
-
\??\c:\bhhbbb.exec:\bhhbbb.exe35⤵
- Executes dropped EXE
-
\??\c:\ddvpp.exec:\ddvpp.exe36⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\ppvpp.exec:\ppvpp.exe37⤵
- Executes dropped EXE
-
\??\c:\frrflrr.exec:\frrflrr.exe38⤵
- Executes dropped EXE
-
\??\c:\xxxlrrr.exec:\xxxlrrr.exe39⤵
- Executes dropped EXE
-
\??\c:\hhttnn.exec:\hhttnn.exe40⤵
-
\??\c:\5hhbnn.exec:\5hhbnn.exe41⤵
- Executes dropped EXE
-
\??\c:\jddpv.exec:\jddpv.exe42⤵
- Executes dropped EXE
-
\??\c:\7pvvj.exec:\7pvvj.exe43⤵
- Executes dropped EXE
-
\??\c:\rrffrrx.exec:\rrffrrx.exe44⤵
- Executes dropped EXE
-
\??\c:\ffxrlll.exec:\ffxrlll.exe45⤵
- Executes dropped EXE
-
\??\c:\nttttt.exec:\nttttt.exe46⤵
- Executes dropped EXE
-
\??\c:\ppvpp.exec:\ppvpp.exe47⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe48⤵
- Executes dropped EXE
-
\??\c:\xlxlrrx.exec:\xlxlrrx.exe49⤵
- Executes dropped EXE
-
\??\c:\nhtntn.exec:\nhtntn.exe50⤵
- Executes dropped EXE
-
\??\c:\9vddv.exec:\9vddv.exe51⤵
- Executes dropped EXE
-
\??\c:\1djjv.exec:\1djjv.exe52⤵
- Executes dropped EXE
-
\??\c:\frrlfxr.exec:\frrlfxr.exe53⤵
- Executes dropped EXE
-
\??\c:\1bbbtt.exec:\1bbbtt.exe54⤵
- Executes dropped EXE
-
\??\c:\tnbtnh.exec:\tnbtnh.exe55⤵
- Executes dropped EXE
-
\??\c:\ppvpv.exec:\ppvpv.exe56⤵
- Executes dropped EXE
-
\??\c:\3pdvv.exec:\3pdvv.exe57⤵
- Executes dropped EXE
-
\??\c:\xlllxfx.exec:\xlllxfx.exe58⤵
- Executes dropped EXE
-
\??\c:\xllxlfr.exec:\xllxlfr.exe59⤵
- Executes dropped EXE
-
\??\c:\hhbbbb.exec:\hhbbbb.exe60⤵
- Executes dropped EXE
-
\??\c:\3bhhhh.exec:\3bhhhh.exe61⤵
- Executes dropped EXE
-
\??\c:\dvjjj.exec:\dvjjj.exe62⤵
- Executes dropped EXE
-
\??\c:\ddddp.exec:\ddddp.exe63⤵
- Executes dropped EXE
-
\??\c:\llxrxxf.exec:\llxrxxf.exe64⤵
- Executes dropped EXE
-
\??\c:\5rrllll.exec:\5rrllll.exe65⤵
- Executes dropped EXE
-
\??\c:\hhbbbb.exec:\hhbbbb.exe66⤵
- Executes dropped EXE
-
\??\c:\bbhnnn.exec:\bbhnnn.exe67⤵
-
\??\c:\5nnhbb.exec:\5nnhbb.exe68⤵
-
\??\c:\9jddp.exec:\9jddp.exe69⤵
-
\??\c:\1frxlxr.exec:\1frxlxr.exe70⤵
-
\??\c:\lllllll.exec:\lllllll.exe71⤵
-
\??\c:\5hnhbt.exec:\5hnhbt.exe72⤵
-
\??\c:\1ntbnt.exec:\1ntbnt.exe73⤵
-
\??\c:\3thhtb.exec:\3thhtb.exe74⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe75⤵
-
\??\c:\5vdvp.exec:\5vdvp.exe76⤵
-
\??\c:\7lfxxff.exec:\7lfxxff.exe77⤵
-
\??\c:\thnhhh.exec:\thnhhh.exe78⤵
-
\??\c:\bthbtt.exec:\bthbtt.exe79⤵
-
\??\c:\vdpjj.exec:\vdpjj.exe80⤵
-
\??\c:\rlxxffl.exec:\rlxxffl.exe81⤵
-
\??\c:\rrrrrrr.exec:\rrrrrrr.exe82⤵
-
\??\c:\3ffllll.exec:\3ffllll.exe83⤵
-
\??\c:\1hhbbb.exec:\1hhbbb.exe84⤵
-
\??\c:\lfllllr.exec:\lfllllr.exe85⤵
-
\??\c:\rrxfxxx.exec:\rrxfxxx.exe86⤵
-
\??\c:\5tbtbb.exec:\5tbtbb.exe87⤵
-
\??\c:\hhhhbb.exec:\hhhhbb.exe88⤵
-
\??\c:\ddvvd.exec:\ddvvd.exe89⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe90⤵
-
\??\c:\xxfxxrr.exec:\xxfxxrr.exe91⤵
-
\??\c:\xfffxfx.exec:\xfffxfx.exe92⤵
-
\??\c:\lllfxxr.exec:\lllfxxr.exe93⤵
-
\??\c:\hthbbb.exec:\hthbbb.exe94⤵
-
\??\c:\pjjvj.exec:\pjjvj.exe95⤵
-
\??\c:\jjdvj.exec:\jjdvj.exe96⤵
-
\??\c:\djppp.exec:\djppp.exe97⤵
-
\??\c:\llrrxlr.exec:\llrrxlr.exe98⤵
-
\??\c:\3fxxrrr.exec:\3fxxrrr.exe99⤵
-
\??\c:\hhtntt.exec:\hhtntt.exe100⤵
-
\??\c:\dddvd.exec:\dddvd.exe101⤵
-
\??\c:\3jjdv.exec:\3jjdv.exe102⤵
-
\??\c:\llxxrrr.exec:\llxxrrr.exe103⤵
-
\??\c:\xfxrfrf.exec:\xfxrfrf.exe104⤵
-
\??\c:\hnbhbt.exec:\hnbhbt.exe105⤵
-
\??\c:\9ttnnn.exec:\9ttnnn.exe106⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe107⤵
-
\??\c:\7djvp.exec:\7djvp.exe108⤵
-
\??\c:\1xfxxxl.exec:\1xfxxxl.exe109⤵
-
\??\c:\frxrlll.exec:\frxrlll.exe110⤵
-
\??\c:\bthhhh.exec:\bthhhh.exe111⤵
-
\??\c:\ttbthn.exec:\ttbthn.exe112⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe113⤵
-
\??\c:\5ddvj.exec:\5ddvj.exe114⤵
-
\??\c:\pppjj.exec:\pppjj.exe115⤵
-
\??\c:\rfrlffx.exec:\rfrlffx.exe116⤵
-
\??\c:\xrllxxx.exec:\xrllxxx.exe117⤵
-
\??\c:\9thhhh.exec:\9thhhh.exe118⤵
-
\??\c:\nttnbn.exec:\nttnbn.exe119⤵
-
\??\c:\3dvvp.exec:\3dvvp.exe120⤵
-
\??\c:\pvjdv.exec:\pvjdv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-