Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
07/09/2024, 05:06
General
-
Target
e8b5ea779ca5e7cbf75b5ff3bed56f00N.exe
-
Size
82KB
-
MD5
e8b5ea779ca5e7cbf75b5ff3bed56f00
-
SHA1
5e4bd02e61af4e1c619a77ae29bf3d561214f341
-
SHA256
da0c1163a660f18346745a9c20f2bf00530bd86661d076a1af8e3b2b65c1d6d1
-
SHA512
4df2e0a10f51b56adf5d7bb17d78515456cc626d9224b01f82573b3dc4e257a8bfe017b01182a5cec576f3544a50e882741abb64ae9326f0353807730479d856
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA89QB:ymb3NkkiQ3mdBjFIIp9L9QrrA8Y
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 36 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e8b5ea779ca5e7cbf75b5ff3bed56f00N.exe"C:\Users\Admin\AppData\Local\Temp\e8b5ea779ca5e7cbf75b5ff3bed56f00N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjjj.exec:\pdjjj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpjv.exec:\ddpjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhtth.exec:\thhtth.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dddv.exec:\1dddv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvddd.exec:\jvddd.exe6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrrxrr.exec:\lfrrxrr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbtbb.exec:\htbtbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjpv.exec:\vjjpv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlxxll.exec:\xrlxxll.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhht.exec:\tnnhht.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhnh.exec:\bthhnh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjv.exec:\pjpjv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vvdp.exec:\9vvdp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxxfxx.exec:\llxxfxx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhntt.exec:\nhhntt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbnt.exec:\nhbbnt.exe17⤵
- Executes dropped EXE
-
\??\c:\jvpdd.exec:\jvpdd.exe18⤵
- Executes dropped EXE
-
\??\c:\9frllll.exec:\9frllll.exe19⤵
- Executes dropped EXE
-
\??\c:\nbhhhh.exec:\nbhhhh.exe20⤵
- Executes dropped EXE
-
\??\c:\hthtbb.exec:\hthtbb.exe21⤵
- Executes dropped EXE
-
\??\c:\pjvdv.exec:\pjvdv.exe22⤵
- Executes dropped EXE
-
\??\c:\lflrxlr.exec:\lflrxlr.exe23⤵
- Executes dropped EXE
-
\??\c:\frfffxx.exec:\frfffxx.exe24⤵
- Executes dropped EXE
-
\??\c:\tnttbt.exec:\tnttbt.exe25⤵
- Executes dropped EXE
-
\??\c:\nthbbb.exec:\nthbbb.exe26⤵
- Executes dropped EXE
-
\??\c:\3vpvj.exec:\3vpvj.exe27⤵
- Executes dropped EXE
-
\??\c:\dvpvd.exec:\dvpvd.exe28⤵
- Executes dropped EXE
-
\??\c:\frfrxxx.exec:\frfrxxx.exe29⤵
- Executes dropped EXE
-
\??\c:\frxxxxf.exec:\frxxxxf.exe30⤵
- Executes dropped EXE
-
\??\c:\bnhbhb.exec:\bnhbhb.exe31⤵
- Executes dropped EXE
-
\??\c:\vpdvd.exec:\vpdvd.exe32⤵
- Executes dropped EXE
-
\??\c:\xrllxfr.exec:\xrllxfr.exe33⤵
- Executes dropped EXE
-
\??\c:\lxlxflr.exec:\lxlxflr.exe34⤵
- Executes dropped EXE
-
\??\c:\bnnthh.exec:\bnnthh.exe35⤵
- Executes dropped EXE
-
\??\c:\5tntth.exec:\5tntth.exe36⤵
- Executes dropped EXE
-
\??\c:\3jdvv.exec:\3jdvv.exe37⤵
- Executes dropped EXE
-
\??\c:\jdpvp.exec:\jdpvp.exe38⤵
- Executes dropped EXE
-
\??\c:\xlfxffl.exec:\xlfxffl.exe39⤵
- Executes dropped EXE
-
\??\c:\flxlfff.exec:\flxlfff.exe40⤵
- Executes dropped EXE
-
\??\c:\tnbbhh.exec:\tnbbhh.exe41⤵
- Executes dropped EXE
-
\??\c:\jpdpv.exec:\jpdpv.exe42⤵
- Executes dropped EXE
-
\??\c:\dddjv.exec:\dddjv.exe43⤵
- Executes dropped EXE
-
\??\c:\rfxxffl.exec:\rfxxffl.exe44⤵
- Executes dropped EXE
-
\??\c:\xfrlrlr.exec:\xfrlrlr.exe45⤵
- Executes dropped EXE
-
\??\c:\hbntbb.exec:\hbntbb.exe46⤵
- Executes dropped EXE
-
\??\c:\nhhtnb.exec:\nhhtnb.exe47⤵
- Executes dropped EXE
-
\??\c:\vpdvj.exec:\vpdvj.exe48⤵
- Executes dropped EXE
-
\??\c:\jddpp.exec:\jddpp.exe49⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\frxrlfl.exec:\frxrlfl.exe50⤵
- Executes dropped EXE
-
\??\c:\tnbhnt.exec:\tnbhnt.exe51⤵
- Executes dropped EXE
-
\??\c:\bthbhh.exec:\bthbhh.exe52⤵
- Executes dropped EXE
-
\??\c:\jddjj.exec:\jddjj.exe53⤵
- Executes dropped EXE
-
\??\c:\pdvvv.exec:\pdvvv.exe54⤵
- Executes dropped EXE
-
\??\c:\xrlflfl.exec:\xrlflfl.exe55⤵
- Executes dropped EXE
-
\??\c:\xllrflr.exec:\xllrflr.exe56⤵
- Executes dropped EXE
-
\??\c:\nntbbh.exec:\nntbbh.exe57⤵
- Executes dropped EXE
-
\??\c:\7lflrrx.exec:\7lflrrx.exe58⤵
- Executes dropped EXE
-
\??\c:\lfxrxxf.exec:\lfxrxxf.exe59⤵
- Executes dropped EXE
-
\??\c:\hbbnnh.exec:\hbbnnh.exe60⤵
- Executes dropped EXE
-
\??\c:\hbbhhh.exec:\hbbhhh.exe61⤵
- Executes dropped EXE
-
\??\c:\dvpvv.exec:\dvpvv.exe62⤵
- Executes dropped EXE
-
\??\c:\ddpjj.exec:\ddpjj.exe63⤵
- Executes dropped EXE
-
\??\c:\xxxfrrf.exec:\xxxfrrf.exe64⤵
- Executes dropped EXE
-
\??\c:\fffllrf.exec:\fffllrf.exe65⤵
- Executes dropped EXE
-
\??\c:\hbnntn.exec:\hbnntn.exe66⤵
-
\??\c:\3htnnt.exec:\3htnnt.exe67⤵
-
\??\c:\3htttt.exec:\3htttt.exe68⤵
-
\??\c:\3pddj.exec:\3pddj.exe69⤵
-
\??\c:\9rllrrf.exec:\9rllrrf.exe70⤵
-
\??\c:\1ffrxxr.exec:\1ffrxxr.exe71⤵
-
\??\c:\bthtbh.exec:\bthtbh.exe72⤵
- System Location Discovery: System Language Discovery
-
\??\c:\btthnn.exec:\btthnn.exe73⤵
-
\??\c:\ppjdj.exec:\ppjdj.exe74⤵
-
\??\c:\pdpvd.exec:\pdpvd.exe75⤵
-
\??\c:\9lxfffl.exec:\9lxfffl.exe76⤵
-
\??\c:\xrffrrx.exec:\xrffrrx.exe77⤵
-
\??\c:\5ntntn.exec:\5ntntn.exe78⤵
-
\??\c:\5bttbh.exec:\5bttbh.exe79⤵
-
\??\c:\dpddj.exec:\dpddj.exe80⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe81⤵
-
\??\c:\3fxlxrx.exec:\3fxlxrx.exe82⤵
-
\??\c:\3rlrxfl.exec:\3rlrxfl.exe83⤵
-
\??\c:\5thhnt.exec:\5thhnt.exe84⤵
-
\??\c:\3httnt.exec:\3httnt.exe85⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe86⤵
-
\??\c:\jdddd.exec:\jdddd.exe87⤵
-
\??\c:\lxlfflr.exec:\lxlfflr.exe88⤵
-
\??\c:\5rlrxfr.exec:\5rlrxfr.exe89⤵
-
\??\c:\9bbtnt.exec:\9bbtnt.exe90⤵
-
\??\c:\1nhntt.exec:\1nhntt.exe91⤵
-
\??\c:\pdpdj.exec:\pdpdj.exe92⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe93⤵
-
\??\c:\lfrllfl.exec:\lfrllfl.exe94⤵
-
\??\c:\3rfrxxf.exec:\3rfrxxf.exe95⤵
-
\??\c:\tntttt.exec:\tntttt.exe96⤵
-
\??\c:\bthntn.exec:\bthntn.exe97⤵
-
\??\c:\9nhhhh.exec:\9nhhhh.exe98⤵
-
\??\c:\dvjvp.exec:\dvjvp.exe99⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe100⤵
-
\??\c:\lxffflr.exec:\lxffflr.exe101⤵
-
\??\c:\lxlxllr.exec:\lxlxllr.exe102⤵
-
\??\c:\7bhntt.exec:\7bhntt.exe103⤵
-
\??\c:\bbhbbh.exec:\bbhbbh.exe104⤵
-
\??\c:\9bnnbh.exec:\9bnnbh.exe105⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe106⤵
-
\??\c:\dvddd.exec:\dvddd.exe107⤵
-
\??\c:\5rlfllr.exec:\5rlfllr.exe108⤵
-
\??\c:\3rfffrf.exec:\3rfffrf.exe109⤵
-
\??\c:\bthhnt.exec:\bthhnt.exe110⤵
-
\??\c:\tnnnbh.exec:\tnnnbh.exe111⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe112⤵
-
\??\c:\1pjdj.exec:\1pjdj.exe113⤵
-
\??\c:\1xrrfxl.exec:\1xrrfxl.exe114⤵
-
\??\c:\9lrffrr.exec:\9lrffrr.exe115⤵
-
\??\c:\nnnnnt.exec:\nnnnnt.exe116⤵
-
\??\c:\hhhhth.exec:\hhhhth.exe117⤵
-
\??\c:\1jddd.exec:\1jddd.exe118⤵
-
\??\c:\5jdvv.exec:\5jdvv.exe119⤵
-
\??\c:\7xfxrrx.exec:\7xfxrrx.exe120⤵
-
\??\c:\llllllr.exec:\llllllr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-