Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
07/09/2024, 06:08
General
-
Target
7b63e53c280d1763322945a29893bb80N.exe
-
Size
82KB
-
MD5
7b63e53c280d1763322945a29893bb80
-
SHA1
62f5466b0239996e593b8a730470e670703d2825
-
SHA256
de4661141a9a61af2334e3baec54daf76f62b5d4331b4bbc0671dbd4ac609f18
-
SHA512
0a199c3eb6f497f56673d9169594e48476e0d16ab31014196b38eff38e1c800d4314ab25f28937eb3ec910c81c5eaa2b75b2cedb164b2024dcd6fab21ec0c167
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA89QD:ymb3NkkiQ3mdBjFIIp9L9QrrA8I
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 37 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7b63e53c280d1763322945a29893bb80N.exe"C:\Users\Admin\AppData\Local\Temp\7b63e53c280d1763322945a29893bb80N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbtnn.exec:\hhbtnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpjv.exec:\vvpjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffffff.exec:\lffffff.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tnhnh.exec:\5tnhnh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvpj.exec:\vjvpj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pddv.exec:\5pddv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxfff.exec:\xrfxfff.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httntn.exec:\httntn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hhhbb.exec:\3hhhbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpvp.exec:\pjpvp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnnn.exec:\bttnnn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbhb.exec:\tnhbhb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjdj.exec:\ppjdj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllfxxr.exec:\lllfxxr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtbth.exec:\nbtbth.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tbthh.exec:\7tbthh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dppd.exec:\9dppd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflfffl.exec:\rflfffl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfffff.exec:\xrfffff.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7djjd.exec:\7djjd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vjjj.exec:\1vjjj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrxxx.exec:\fxxrxxx.exe23⤵
- Executes dropped EXE
-
\??\c:\xxxfxxr.exec:\xxxfxxr.exe24⤵
- Executes dropped EXE
-
\??\c:\bbbbbt.exec:\bbbbbt.exe25⤵
- Executes dropped EXE
-
\??\c:\btbtnn.exec:\btbtnn.exe26⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe27⤵
- Executes dropped EXE
-
\??\c:\lllfrll.exec:\lllfrll.exe28⤵
- Executes dropped EXE
-
\??\c:\htthth.exec:\htthth.exe29⤵
- Executes dropped EXE
-
\??\c:\hbbntn.exec:\hbbntn.exe30⤵
- Executes dropped EXE
-
\??\c:\ppvjv.exec:\ppvjv.exe31⤵
- Executes dropped EXE
-
\??\c:\3rrfxrl.exec:\3rrfxrl.exe32⤵
- Executes dropped EXE
-
\??\c:\7nthbt.exec:\7nthbt.exe33⤵
- Executes dropped EXE
-
\??\c:\nhbtbb.exec:\nhbtbb.exe34⤵
- Executes dropped EXE
-
\??\c:\jvvdj.exec:\jvvdj.exe35⤵
- Executes dropped EXE
-
\??\c:\dvpjp.exec:\dvpjp.exe36⤵
- Executes dropped EXE
-
\??\c:\1rxrfrl.exec:\1rxrfrl.exe37⤵
- Executes dropped EXE
-
\??\c:\rffrlrl.exec:\rffrlrl.exe38⤵
- Executes dropped EXE
-
\??\c:\tthbnh.exec:\tthbnh.exe39⤵
- Executes dropped EXE
-
\??\c:\dvdvd.exec:\dvdvd.exe40⤵
- Executes dropped EXE
-
\??\c:\vjdpj.exec:\vjdpj.exe41⤵
- Executes dropped EXE
-
\??\c:\xrlfrlx.exec:\xrlfrlx.exe42⤵
- Executes dropped EXE
-
\??\c:\rllfxfr.exec:\rllfxfr.exe43⤵
- Executes dropped EXE
-
\??\c:\thtnhb.exec:\thtnhb.exe44⤵
- Executes dropped EXE
-
\??\c:\dppjv.exec:\dppjv.exe45⤵
- Executes dropped EXE
-
\??\c:\7ddpd.exec:\7ddpd.exe46⤵
- Executes dropped EXE
-
\??\c:\xrrfxrl.exec:\xrrfxrl.exe47⤵
- Executes dropped EXE
-
\??\c:\fxlfrrl.exec:\fxlfrrl.exe48⤵
- Executes dropped EXE
-
\??\c:\bhnhbh.exec:\bhnhbh.exe49⤵
- Executes dropped EXE
-
\??\c:\pdvpd.exec:\pdvpd.exe50⤵
- Executes dropped EXE
-
\??\c:\jvvjv.exec:\jvvjv.exe51⤵
- Executes dropped EXE
-
\??\c:\fxrrfxl.exec:\fxrrfxl.exe52⤵
- Executes dropped EXE
-
\??\c:\1xxxrrl.exec:\1xxxrrl.exe53⤵
- Executes dropped EXE
-
\??\c:\5bbthb.exec:\5bbthb.exe54⤵
- Executes dropped EXE
-
\??\c:\1vpjp.exec:\1vpjp.exe55⤵
- Executes dropped EXE
-
\??\c:\ddpjp.exec:\ddpjp.exe56⤵
- Executes dropped EXE
-
\??\c:\dpdvj.exec:\dpdvj.exe57⤵
- Executes dropped EXE
-
\??\c:\fllxlfx.exec:\fllxlfx.exe58⤵
- Executes dropped EXE
-
\??\c:\9bhbnn.exec:\9bhbnn.exe59⤵
- Executes dropped EXE
-
\??\c:\9tthbt.exec:\9tthbt.exe60⤵
- Executes dropped EXE
-
\??\c:\dvpdp.exec:\dvpdp.exe61⤵
- Executes dropped EXE
-
\??\c:\djpdv.exec:\djpdv.exe62⤵
- Executes dropped EXE
-
\??\c:\xlfrfxl.exec:\xlfrfxl.exe63⤵
- Executes dropped EXE
-
\??\c:\rrrflfr.exec:\rrrflfr.exe64⤵
- Executes dropped EXE
-
\??\c:\9nhbnh.exec:\9nhbnh.exe65⤵
- Executes dropped EXE
-
\??\c:\jdjdd.exec:\jdjdd.exe66⤵
-
\??\c:\dpvjd.exec:\dpvjd.exe67⤵
-
\??\c:\frxfrll.exec:\frxfrll.exe68⤵
-
\??\c:\lffrxrf.exec:\lffrxrf.exe69⤵
-
\??\c:\3bthtt.exec:\3bthtt.exe70⤵
-
\??\c:\3hnhnh.exec:\3hnhnh.exe71⤵
-
\??\c:\pvvjd.exec:\pvvjd.exe72⤵
-
\??\c:\vvjdj.exec:\vvjdj.exe73⤵
-
\??\c:\rfllrxl.exec:\rfllrxl.exe74⤵
-
\??\c:\frlfxrl.exec:\frlfxrl.exe75⤵
-
\??\c:\btthhb.exec:\btthhb.exe76⤵
-
\??\c:\nbhtbt.exec:\nbhtbt.exe77⤵
-
\??\c:\xflfxxx.exec:\xflfxxx.exe78⤵
-
\??\c:\frxllll.exec:\frxllll.exe79⤵
-
\??\c:\hhbtnn.exec:\hhbtnn.exe80⤵
-
\??\c:\3bttnt.exec:\3bttnt.exe81⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe82⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe83⤵
-
\??\c:\xrrlfrr.exec:\xrrlfrr.exe84⤵
-
\??\c:\5rllfff.exec:\5rllfff.exe85⤵
-
\??\c:\nnhhbb.exec:\nnhhbb.exe86⤵
-
\??\c:\vddjj.exec:\vddjj.exe87⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe88⤵
-
\??\c:\fflfrrl.exec:\fflfrrl.exe89⤵
-
\??\c:\hbnnhh.exec:\hbnnhh.exe90⤵
-
\??\c:\bnhbhh.exec:\bnhbhh.exe91⤵
-
\??\c:\vvddd.exec:\vvddd.exe92⤵
-
\??\c:\1vpjd.exec:\1vpjd.exe93⤵
-
\??\c:\5pjdp.exec:\5pjdp.exe94⤵
-
\??\c:\lxxlxxr.exec:\lxxlxxr.exe95⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe96⤵
-
\??\c:\nhttnn.exec:\nhttnn.exe97⤵
-
\??\c:\vdjdp.exec:\vdjdp.exe98⤵
-
\??\c:\dpvpd.exec:\dpvpd.exe99⤵
-
\??\c:\xlffxxx.exec:\xlffxxx.exe100⤵
-
\??\c:\xrxrllf.exec:\xrxrllf.exe101⤵
-
\??\c:\tntntt.exec:\tntntt.exe102⤵
-
\??\c:\tnnhtt.exec:\tnnhtt.exe103⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe104⤵
-
\??\c:\jdvjj.exec:\jdvjj.exe105⤵
-
\??\c:\rllfrrl.exec:\rllfrrl.exe106⤵
-
\??\c:\rxrlfxr.exec:\rxrlfxr.exe107⤵
-
\??\c:\nhbbbh.exec:\nhbbbh.exe108⤵
-
\??\c:\vjjdj.exec:\vjjdj.exe109⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe110⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe111⤵
-
\??\c:\llrlxxr.exec:\llrlxxr.exe112⤵
-
\??\c:\lfffrxl.exec:\lfffrxl.exe113⤵
-
\??\c:\btttbt.exec:\btttbt.exe114⤵
-
\??\c:\hnhbhh.exec:\hnhbhh.exe115⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe116⤵
-
\??\c:\fxxxlxx.exec:\fxxxlxx.exe117⤵
-
\??\c:\ffxxrlf.exec:\ffxxrlf.exe118⤵
-
\??\c:\rxflffl.exec:\rxflffl.exe119⤵
-
\??\c:\7btnhh.exec:\7btnhh.exe120⤵
-
\??\c:\pvjdp.exec:\pvjdp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-