Analysis
-
max time kernel
120s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
08/09/2024, 14:31
General
-
Target
4eced1cab94f0fe4e430eedc93d42e80N.exe
-
Size
90KB
-
MD5
4eced1cab94f0fe4e430eedc93d42e80
-
SHA1
68273cf409d7dd70148b217a7e810179e0284436
-
SHA256
1febd05af56d54a73ec7b8353ca1e0c39c2c6c72efb8022e435aaa3022126d48
-
SHA512
c746a1ee2cb765070efdc7f6b562a5c471d210c313ed82bf73dbdb49f5ac5558c9cc79cbd0d13b4c85a1ed0f7fc9ee429a744efa5fbb4761bb709b29fa2070f1
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND+3T4+mzv7oEzN/8wNXj:ymb3NkkiQ3mdBjF+3TYzvTFD1
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4eced1cab94f0fe4e430eedc93d42e80N.exe"C:\Users\Admin\AppData\Local\Temp\4eced1cab94f0fe4e430eedc93d42e80N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlxlrf.exec:\fxlxlrf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbhhn.exec:\bbbhhn.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpv.exec:\ppvpv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjjj.exec:\jpjjj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhtht.exec:\hhhtht.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttthnb.exec:\ttthnb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jddp.exec:\9jddp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdvv.exec:\vjdvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffrrlf.exec:\lffrrlf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhtt.exec:\tnhhtt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hbhtb.exec:\7hbhtb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjjp.exec:\vvjjp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjvd.exec:\dvjvd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppv.exec:\jdppv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlffrl.exec:\xxlffrl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nnttb.exec:\9nnttb.exe17⤵
- Executes dropped EXE
-
\??\c:\bttnbn.exec:\bttnbn.exe18⤵
- Executes dropped EXE
-
\??\c:\vvpvd.exec:\vvpvd.exe19⤵
- Executes dropped EXE
-
\??\c:\vpvjv.exec:\vpvjv.exe20⤵
- Executes dropped EXE
-
\??\c:\ffrffrl.exec:\ffrffrl.exe21⤵
- Executes dropped EXE
-
\??\c:\llfxlxl.exec:\llfxlxl.exe22⤵
- Executes dropped EXE
-
\??\c:\bhtnnn.exec:\bhtnnn.exe23⤵
- Executes dropped EXE
-
\??\c:\bhbthh.exec:\bhbthh.exe24⤵
- Executes dropped EXE
-
\??\c:\vjddd.exec:\vjddd.exe25⤵
- Executes dropped EXE
-
\??\c:\1jjpd.exec:\1jjpd.exe26⤵
- Executes dropped EXE
-
\??\c:\fllxfrx.exec:\fllxfrx.exe27⤵
- Executes dropped EXE
-
\??\c:\3hhtbh.exec:\3hhtbh.exe28⤵
- Executes dropped EXE
-
\??\c:\nhntnt.exec:\nhntnt.exe29⤵
- Executes dropped EXE
-
\??\c:\jdppp.exec:\jdppp.exe30⤵
- Executes dropped EXE
-
\??\c:\1jdpv.exec:\1jdpv.exe31⤵
- Executes dropped EXE
-
\??\c:\1lllfrf.exec:\1lllfrf.exe32⤵
- Executes dropped EXE
-
\??\c:\ffxlxxr.exec:\ffxlxxr.exe33⤵
- Executes dropped EXE
-
\??\c:\bhbthb.exec:\bhbthb.exe34⤵
- Executes dropped EXE
-
\??\c:\btthbt.exec:\btthbt.exe35⤵
- Executes dropped EXE
-
\??\c:\3ppvp.exec:\3ppvp.exe36⤵
- Executes dropped EXE
-
\??\c:\9jjjp.exec:\9jjjp.exe37⤵
- Executes dropped EXE
-
\??\c:\pdjdp.exec:\pdjdp.exe38⤵
- Executes dropped EXE
-
\??\c:\fxrxlrf.exec:\fxrxlrf.exe39⤵
- Executes dropped EXE
-
\??\c:\rrlfrff.exec:\rrlfrff.exe40⤵
- Executes dropped EXE
-
\??\c:\9bbtbt.exec:\9bbtbt.exe41⤵
- Executes dropped EXE
-
\??\c:\tthhbb.exec:\tthhbb.exe42⤵
- Executes dropped EXE
-
\??\c:\tnhhnb.exec:\tnhhnb.exe43⤵
- Executes dropped EXE
-
\??\c:\vpjpj.exec:\vpjpj.exe44⤵
- Executes dropped EXE
-
\??\c:\ppdvd.exec:\ppdvd.exe45⤵
- Executes dropped EXE
-
\??\c:\lrxrxrx.exec:\lrxrxrx.exe46⤵
- Executes dropped EXE
-
\??\c:\fllfffl.exec:\fllfffl.exe47⤵
- Executes dropped EXE
-
\??\c:\rlxlflr.exec:\rlxlflr.exe48⤵
- Executes dropped EXE
-
\??\c:\bthnbb.exec:\bthnbb.exe49⤵
- Executes dropped EXE
-
\??\c:\7btbhh.exec:\7btbhh.exe50⤵
- Executes dropped EXE
-
\??\c:\vjvpd.exec:\vjvpd.exe51⤵
- Executes dropped EXE
-
\??\c:\djdpv.exec:\djdpv.exe52⤵
- Executes dropped EXE
-
\??\c:\7rxfxrx.exec:\7rxfxrx.exe53⤵
- Executes dropped EXE
-
\??\c:\lfxlxlx.exec:\lfxlxlx.exe54⤵
- Executes dropped EXE
-
\??\c:\7xxxffr.exec:\7xxxffr.exe55⤵
- Executes dropped EXE
-
\??\c:\bbbnbn.exec:\bbbnbn.exe56⤵
- Executes dropped EXE
-
\??\c:\nnnnht.exec:\nnnnht.exe57⤵
- Executes dropped EXE
-
\??\c:\vpjvp.exec:\vpjvp.exe58⤵
- Executes dropped EXE
-
\??\c:\pjjdp.exec:\pjjdp.exe59⤵
- Executes dropped EXE
-
\??\c:\djdjp.exec:\djdjp.exe60⤵
- Executes dropped EXE
-
\??\c:\fxrrffx.exec:\fxrrffx.exe61⤵
- Executes dropped EXE
-
\??\c:\llrxlxx.exec:\llrxlxx.exe62⤵
- Executes dropped EXE
-
\??\c:\ttntbt.exec:\ttntbt.exe63⤵
- Executes dropped EXE
-
\??\c:\htbbhh.exec:\htbbhh.exe64⤵
- Executes dropped EXE
-
\??\c:\ntthht.exec:\ntthht.exe65⤵
- Executes dropped EXE
-
\??\c:\dvjpv.exec:\dvjpv.exe66⤵
-
\??\c:\vvpvj.exec:\vvpvj.exe67⤵
-
\??\c:\vvpjp.exec:\vvpjp.exe68⤵
-
\??\c:\fflfrll.exec:\fflfrll.exe69⤵
-
\??\c:\9xfrxlf.exec:\9xfrxlf.exe70⤵
-
\??\c:\xxrrlrf.exec:\xxrrlrf.exe71⤵
-
\??\c:\7bhhbh.exec:\7bhhbh.exe72⤵
-
\??\c:\btnnth.exec:\btnnth.exe73⤵
-
\??\c:\hbnbtb.exec:\hbnbtb.exe74⤵
-
\??\c:\jjddv.exec:\jjddv.exe75⤵
-
\??\c:\vvjjp.exec:\vvjjp.exe76⤵
-
\??\c:\fffxfrr.exec:\fffxfrr.exe77⤵
-
\??\c:\lxlxlfl.exec:\lxlxlfl.exe78⤵
-
\??\c:\lxxxflx.exec:\lxxxflx.exe79⤵
-
\??\c:\htntnt.exec:\htntnt.exe80⤵
-
\??\c:\nnbbnb.exec:\nnbbnb.exe81⤵
-
\??\c:\9nntbn.exec:\9nntbn.exe82⤵
-
\??\c:\7vddd.exec:\7vddd.exe83⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe84⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe85⤵
-
\??\c:\lllflfx.exec:\lllflfx.exe86⤵
-
\??\c:\7lfrlrl.exec:\7lfrlrl.exe87⤵
-
\??\c:\lfllrfx.exec:\lfllrfx.exe88⤵
-
\??\c:\hbttbh.exec:\hbttbh.exe89⤵
-
\??\c:\hnnhhb.exec:\hnnhhb.exe90⤵
-
\??\c:\jjpdd.exec:\jjpdd.exe91⤵
-
\??\c:\jjpdv.exec:\jjpdv.exe92⤵
-
\??\c:\vdpdv.exec:\vdpdv.exe93⤵
-
\??\c:\1xrrrrx.exec:\1xrrrrx.exe94⤵
-
\??\c:\lllfflx.exec:\lllfflx.exe95⤵
-
\??\c:\9lfrxxr.exec:\9lfrxxr.exe96⤵
-
\??\c:\nbhhnh.exec:\nbhhnh.exe97⤵
-
\??\c:\thnnhn.exec:\thnnhn.exe98⤵
-
\??\c:\btbthn.exec:\btbthn.exe99⤵
-
\??\c:\djvpp.exec:\djvpp.exe100⤵
-
\??\c:\ppvdd.exec:\ppvdd.exe101⤵
-
\??\c:\rrlllrl.exec:\rrlllrl.exe102⤵
-
\??\c:\fxrxxfr.exec:\fxrxxfr.exe103⤵
-
\??\c:\xxflrfr.exec:\xxflrfr.exe104⤵
-
\??\c:\nhbnth.exec:\nhbnth.exe105⤵
-
\??\c:\3hbbtt.exec:\3hbbtt.exe106⤵
-
\??\c:\nhthth.exec:\nhthth.exe107⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe108⤵
-
\??\c:\9vvjd.exec:\9vvjd.exe109⤵
-
\??\c:\xxxlflx.exec:\xxxlflx.exe110⤵
-
\??\c:\lffxrfl.exec:\lffxrfl.exe111⤵
-
\??\c:\lrrrlxf.exec:\lrrrlxf.exe112⤵
-
\??\c:\9bttnn.exec:\9bttnn.exe113⤵
-
\??\c:\7hhtbt.exec:\7hhtbt.exe114⤵
-
\??\c:\dddvd.exec:\dddvd.exe115⤵
-
\??\c:\ppjvd.exec:\ppjvd.exe116⤵
-
\??\c:\lfllllx.exec:\lfllllx.exe117⤵
-
\??\c:\frlrlxl.exec:\frlrlxl.exe118⤵
-
\??\c:\3xxlxxf.exec:\3xxlxxf.exe119⤵
-
\??\c:\hthtbb.exec:\hthtbb.exe120⤵
-
\??\c:\7bhtbb.exec:\7bhtbb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-