Analysis
-
max time kernel
120s -
max time network
110s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
13/09/2024, 22:17 UTC
General
-
Target
7a052c606ae90eea024aba8758fe4680N.exe
-
Size
249KB
-
MD5
7a052c606ae90eea024aba8758fe4680
-
SHA1
de926d61996ea48085a2db620d2c6cefb0ab429b
-
SHA256
cc7b0d979fb2e790a08744a9183d31406b616998fbc5a23ce298172e25b60e72
-
SHA512
78faf30e6b7206c3c1e0ac0a9c169f7982bf4303a1ab788f4072fd75fbe10c79190c3ee3003611fd26e0df95ef8834d31e3accd060182c9ea8337c0c071e18d3
-
SSDEEP
6144:n3C9BRo/AIX27NHWpU00VIxas1oa3YiFRlin:n3C9uD6AUDCa4NYmRMn
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7a052c606ae90eea024aba8758fe4680N.exe"C:\Users\Admin\AppData\Local\Temp\7a052c606ae90eea024aba8758fe4680N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlfrlr.exec:\rrlfrlr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nnbth.exec:\5nnbth.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjppj.exec:\vjppj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflxlff.exec:\fflxlff.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllxrlf.exec:\rllxrlf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhthtn.exec:\nhthtn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxxlxx.exec:\flxxlxx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tbnhn.exec:\7tbnhn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvdd.exec:\djvdd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrlffx.exec:\ffrlffx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbhbt.exec:\ttbhbt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdp.exec:\vjjdp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xrrlfx.exec:\9xrrlfx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjdp.exec:\vdjdp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llffxxl.exec:\llffxxl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbtnh.exec:\ttbtnh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdv.exec:\pjjdv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xfrlfx.exec:\7xfrlfx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhtthh.exec:\bhtthh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pvjv.exec:\1pvjv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxxxlf.exec:\xlxxxlf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnhtt.exec:\bhnhtt.exe23⤵
- Executes dropped EXE
-
\??\c:\pvdpj.exec:\pvdpj.exe24⤵
- Executes dropped EXE
-
\??\c:\1hnhhh.exec:\1hnhhh.exe25⤵
- Executes dropped EXE
-
\??\c:\vpjpj.exec:\vpjpj.exe26⤵
- Executes dropped EXE
-
\??\c:\tbnhbt.exec:\tbnhbt.exe27⤵
- Executes dropped EXE
-
\??\c:\vvjdj.exec:\vvjdj.exe28⤵
- Executes dropped EXE
-
\??\c:\7ffffll.exec:\7ffffll.exe29⤵
- Executes dropped EXE
-
\??\c:\5vvpj.exec:\5vvpj.exe30⤵
- Executes dropped EXE
-
\??\c:\xlrrrxx.exec:\xlrrrxx.exe31⤵
- Executes dropped EXE
-
\??\c:\nbhhbb.exec:\nbhhbb.exe32⤵
- Executes dropped EXE
-
\??\c:\vpvpj.exec:\vpvpj.exe33⤵
- Executes dropped EXE
-
\??\c:\1htnhh.exec:\1htnhh.exe34⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\pjpjd.exec:\pjpjd.exe35⤵
- Executes dropped EXE
-
\??\c:\1rxrrrl.exec:\1rxrrrl.exe36⤵
- Executes dropped EXE
-
\??\c:\llrlllr.exec:\llrlllr.exe37⤵
- Executes dropped EXE
-
\??\c:\bbtbbb.exec:\bbtbbb.exe38⤵
-
\??\c:\jvjdd.exec:\jvjdd.exe39⤵
- Executes dropped EXE
-
\??\c:\pppjj.exec:\pppjj.exe40⤵
- Executes dropped EXE
-
\??\c:\xrfxlll.exec:\xrfxlll.exe41⤵
- Executes dropped EXE
-
\??\c:\llrxxxr.exec:\llrxxxr.exe42⤵
- Executes dropped EXE
-
\??\c:\9bhbtt.exec:\9bhbtt.exe43⤵
- Executes dropped EXE
-
\??\c:\nhnhhh.exec:\nhnhhh.exe44⤵
- Executes dropped EXE
-
\??\c:\jjjdp.exec:\jjjdp.exe45⤵
- Executes dropped EXE
-
\??\c:\lfrllll.exec:\lfrllll.exe46⤵
- Executes dropped EXE
-
\??\c:\hnbbtt.exec:\hnbbtt.exe47⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\bhthbn.exec:\bhthbn.exe48⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe49⤵
- Executes dropped EXE
-
\??\c:\lrrrlrf.exec:\lrrrlrf.exe50⤵
- Executes dropped EXE
-
\??\c:\nnbthh.exec:\nnbthh.exe51⤵
- Executes dropped EXE
-
\??\c:\bnbtnh.exec:\bnbtnh.exe52⤵
- Executes dropped EXE
-
\??\c:\9jddv.exec:\9jddv.exe53⤵
- Executes dropped EXE
-
\??\c:\lfllxff.exec:\lfllxff.exe54⤵
- Executes dropped EXE
-
\??\c:\rfrlfff.exec:\rfrlfff.exe55⤵
- Executes dropped EXE
-
\??\c:\tntnhb.exec:\tntnhb.exe56⤵
- Executes dropped EXE
-
\??\c:\9xllfrr.exec:\9xllfrr.exe57⤵
- Executes dropped EXE
-
\??\c:\nbhnnn.exec:\nbhnnn.exe58⤵
- Executes dropped EXE
-
\??\c:\1nbttb.exec:\1nbttb.exe59⤵
- Executes dropped EXE
-
\??\c:\jjppj.exec:\jjppj.exe60⤵
- Executes dropped EXE
-
\??\c:\rrxxxrl.exec:\rrxxxrl.exe61⤵
- Executes dropped EXE
-
\??\c:\vjjdj.exec:\vjjdj.exe62⤵
- Executes dropped EXE
-
\??\c:\ffllflf.exec:\ffllflf.exe63⤵
- Executes dropped EXE
-
\??\c:\rrxllrf.exec:\rrxllrf.exe64⤵
- Executes dropped EXE
-
\??\c:\nhbttn.exec:\nhbttn.exe65⤵
- Executes dropped EXE
-
\??\c:\3pjdv.exec:\3pjdv.exe66⤵
- Executes dropped EXE
-
\??\c:\xrxxrll.exec:\xrxxrll.exe67⤵
-
\??\c:\5lflffx.exec:\5lflffx.exe68⤵
-
\??\c:\hhhhhh.exec:\hhhhhh.exe69⤵
-
\??\c:\1jjjd.exec:\1jjjd.exe70⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe71⤵
-
\??\c:\7llfxxr.exec:\7llfxxr.exe72⤵
-
\??\c:\llffrxr.exec:\llffrxr.exe73⤵
-
\??\c:\hnnhhh.exec:\hnnhhh.exe74⤵
-
\??\c:\djjjp.exec:\djjjp.exe75⤵
-
\??\c:\3ppjd.exec:\3ppjd.exe76⤵
-
\??\c:\rrxrrrf.exec:\rrxrrrf.exe77⤵
-
\??\c:\lfrrxxf.exec:\lfrrxxf.exe78⤵
-
\??\c:\ttbhhh.exec:\ttbhhh.exe79⤵
-
\??\c:\7vjpj.exec:\7vjpj.exe80⤵
-
\??\c:\pdppj.exec:\pdppj.exe81⤵
-
\??\c:\rxlfxxx.exec:\rxlfxxx.exe82⤵
-
\??\c:\tntnnh.exec:\tntnnh.exe83⤵
-
\??\c:\thhbtt.exec:\thhbtt.exe84⤵
-
\??\c:\jvpjp.exec:\jvpjp.exe85⤵
-
\??\c:\lrlrfrf.exec:\lrlrfrf.exe86⤵
-
\??\c:\5rllflf.exec:\5rllflf.exe87⤵
-
\??\c:\5tbttb.exec:\5tbttb.exe88⤵
-
\??\c:\5dddj.exec:\5dddj.exe89⤵
-
\??\c:\pvdvp.exec:\pvdvp.exe90⤵
-
\??\c:\ffxxfxf.exec:\ffxxfxf.exe91⤵
-
\??\c:\ffffxxx.exec:\ffffxxx.exe92⤵
-
\??\c:\ntttnt.exec:\ntttnt.exe93⤵
-
\??\c:\3dpjj.exec:\3dpjj.exe94⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pdjdd.exec:\pdjdd.exe95⤵
-
\??\c:\xrxrllf.exec:\xrxrllf.exe96⤵
-
\??\c:\llrrrrl.exec:\llrrrrl.exe97⤵
-
\??\c:\bnntnh.exec:\bnntnh.exe98⤵
-
\??\c:\hbbbbb.exec:\hbbbbb.exe99⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe100⤵
-
\??\c:\vvpjp.exec:\vvpjp.exe101⤵
-
\??\c:\fxrlfxf.exec:\fxrlfxf.exe102⤵
-
\??\c:\hhhbbb.exec:\hhhbbb.exe103⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe104⤵
-
\??\c:\ddpjj.exec:\ddpjj.exe105⤵
-
\??\c:\fxrxrlf.exec:\fxrxrlf.exe106⤵
-
\??\c:\lxflffx.exec:\lxflffx.exe107⤵
-
\??\c:\5nnhbh.exec:\5nnhbh.exe108⤵
-
\??\c:\ddjdd.exec:\ddjdd.exe109⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe110⤵
-
\??\c:\rllfrrl.exec:\rllfrrl.exe111⤵
-
\??\c:\hnhbnn.exec:\hnhbnn.exe112⤵
-
\??\c:\hhbtth.exec:\hhbtth.exe113⤵
-
\??\c:\pddvp.exec:\pddvp.exe114⤵
-
\??\c:\flxxflx.exec:\flxxflx.exe115⤵
-
\??\c:\hhntnn.exec:\hhntnn.exe116⤵
-
\??\c:\jddvj.exec:\jddvj.exe117⤵
-
\??\c:\ddjdp.exec:\ddjdp.exe118⤵
-
\??\c:\xxfxrrr.exec:\xxfxrrr.exe119⤵
-
\??\c:\5xffflf.exec:\5xffflf.exe120⤵
-
\??\c:\tttnnn.exec:\tttnnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-