Analysis
-
max time kernel
104s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
14/09/2024, 22:25
General
-
Target
7c47f433d92b00c56035a4896117c6c0N.exe
-
Size
79KB
-
MD5
7c47f433d92b00c56035a4896117c6c0
-
SHA1
8dc89daedfb8bee7cb00853107150edd94b0a1d9
-
SHA256
8101b34d5b2b8aa262eb4382bf6b2d161945053aa1aacba1fe21588bf09b301e
-
SHA512
42bd29d6dfeb94ec8b988e097cf952f28c3f099f4f2019da6c6ba0c70e8e21d60c08965faa1845be607285a04683a355fc7e8dcc614a1f7f9d13e30f166677ea
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfjDbOXY8Rn:ymb3NkkiQ3mdBjFI4VAYA
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7c47f433d92b00c56035a4896117c6c0N.exe"C:\Users\Admin\AppData\Local\Temp\7c47f433d92b00c56035a4896117c6c0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7fxlfxl.exec:\7fxlfxl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlxrfx.exec:\rrlxrfx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tthhb.exec:\5tthhb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbhnt.exec:\hbbhnt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rlfrlf.exec:\7rlfrlf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthtnh.exec:\hthtnh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbbhb.exec:\nnbbhb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vdvj.exec:\5vdvj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5fxlxrf.exec:\5fxlxrf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrffrf.exec:\rxrffrf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnnbt.exec:\htnnbt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnthhb.exec:\bnthhb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppdp.exec:\jppdp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllxxll.exec:\fllxxll.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlxlfr.exec:\rrlxlfr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntthb.exec:\hntthb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dddd.exec:\1dddd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5llflrl.exec:\5llflrl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bbttn.exec:\7bbttn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ntnbb.exec:\9ntnbb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjv.exec:\dvpjv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffxxfx.exec:\rffxxfx.exe23⤵
- Executes dropped EXE
-
\??\c:\ttntnt.exec:\ttntnt.exe24⤵
- Executes dropped EXE
-
\??\c:\bhbthh.exec:\bhbthh.exe25⤵
- Executes dropped EXE
-
\??\c:\ddvjv.exec:\ddvjv.exe26⤵
- Executes dropped EXE
-
\??\c:\frfrlff.exec:\frfrlff.exe27⤵
- Executes dropped EXE
-
\??\c:\bthhhn.exec:\bthhhn.exe28⤵
- Executes dropped EXE
-
\??\c:\bthbhb.exec:\bthbhb.exe29⤵
- Executes dropped EXE
-
\??\c:\jpvvp.exec:\jpvvp.exe30⤵
- Executes dropped EXE
-
\??\c:\ddjdj.exec:\ddjdj.exe31⤵
- Executes dropped EXE
-
\??\c:\xrxrllf.exec:\xrxrllf.exe32⤵
- Executes dropped EXE
-
\??\c:\btnttb.exec:\btnttb.exe33⤵
- Executes dropped EXE
-
\??\c:\nhbbnn.exec:\nhbbnn.exe34⤵
- Executes dropped EXE
-
\??\c:\jjppd.exec:\jjppd.exe35⤵
- Executes dropped EXE
-
\??\c:\9pvpj.exec:\9pvpj.exe36⤵
- Executes dropped EXE
-
\??\c:\rfrlffl.exec:\rfrlffl.exe37⤵
- Executes dropped EXE
-
\??\c:\7tbbnn.exec:\7tbbnn.exe38⤵
- Executes dropped EXE
-
\??\c:\tttttb.exec:\tttttb.exe39⤵
- Executes dropped EXE
-
\??\c:\9jjdv.exec:\9jjdv.exe40⤵
- Executes dropped EXE
-
\??\c:\xfxlfff.exec:\xfxlfff.exe41⤵
- Executes dropped EXE
-
\??\c:\fxlfffx.exec:\fxlfffx.exe42⤵
- Executes dropped EXE
-
\??\c:\nthhbh.exec:\nthhbh.exe43⤵
- Executes dropped EXE
-
\??\c:\nhntnn.exec:\nhntnn.exe44⤵
- Executes dropped EXE
-
\??\c:\jvjvj.exec:\jvjvj.exe45⤵
- Executes dropped EXE
-
\??\c:\7vppv.exec:\7vppv.exe46⤵
- Executes dropped EXE
-
\??\c:\7frlfxr.exec:\7frlfxr.exe47⤵
- Executes dropped EXE
-
\??\c:\1fxrllf.exec:\1fxrllf.exe48⤵
- Executes dropped EXE
-
\??\c:\bntnbb.exec:\bntnbb.exe49⤵
- Executes dropped EXE
-
\??\c:\ttbttt.exec:\ttbttt.exe50⤵
- Executes dropped EXE
-
\??\c:\jjdpv.exec:\jjdpv.exe51⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe52⤵
- Executes dropped EXE
-
\??\c:\7fflllf.exec:\7fflllf.exe53⤵
- Executes dropped EXE
-
\??\c:\fxfxxxr.exec:\fxfxxxr.exe54⤵
- Executes dropped EXE
-
\??\c:\htnhbt.exec:\htnhbt.exe55⤵
- Executes dropped EXE
-
\??\c:\btnnhn.exec:\btnnhn.exe56⤵
- Executes dropped EXE
-
\??\c:\vpvvp.exec:\vpvvp.exe57⤵
- Executes dropped EXE
-
\??\c:\vpdpp.exec:\vpdpp.exe58⤵
- Executes dropped EXE
-
\??\c:\llllfff.exec:\llllfff.exe59⤵
- Executes dropped EXE
-
\??\c:\lrxfxlf.exec:\lrxfxlf.exe60⤵
- Executes dropped EXE
-
\??\c:\tnnhnn.exec:\tnnhnn.exe61⤵
- Executes dropped EXE
-
\??\c:\htbttt.exec:\htbttt.exe62⤵
- Executes dropped EXE
-
\??\c:\vjdvp.exec:\vjdvp.exe63⤵
- Executes dropped EXE
-
\??\c:\jpjdv.exec:\jpjdv.exe64⤵
- Executes dropped EXE
-
\??\c:\fflfxff.exec:\fflfxff.exe65⤵
- Executes dropped EXE
-
\??\c:\fxxxrrl.exec:\fxxxrrl.exe66⤵
-
\??\c:\tbbtnn.exec:\tbbtnn.exe67⤵
-
\??\c:\nthnbh.exec:\nthnbh.exe68⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe69⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe70⤵
-
\??\c:\lffxrrl.exec:\lffxrrl.exe71⤵
-
\??\c:\llrrrrx.exec:\llrrrrx.exe72⤵
-
\??\c:\lffxrll.exec:\lffxrll.exe73⤵
-
\??\c:\htbbbb.exec:\htbbbb.exe74⤵
-
\??\c:\tnnhtt.exec:\tnnhtt.exe75⤵
-
\??\c:\vvppv.exec:\vvppv.exe76⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe77⤵
-
\??\c:\rflxfxl.exec:\rflxfxl.exe78⤵
-
\??\c:\nhbtnn.exec:\nhbtnn.exe79⤵
-
\??\c:\htbbtb.exec:\htbbtb.exe80⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe81⤵
-
\??\c:\pvdjv.exec:\pvdjv.exe82⤵
-
\??\c:\frxrrrr.exec:\frxrrrr.exe83⤵
-
\??\c:\rllflfl.exec:\rllflfl.exe84⤵
-
\??\c:\thhtnn.exec:\thhtnn.exe85⤵
-
\??\c:\hbbtnh.exec:\hbbtnh.exe86⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe87⤵
-
\??\c:\xxxxlll.exec:\xxxxlll.exe88⤵
-
\??\c:\7flfllx.exec:\7flfllx.exe89⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe90⤵
-
\??\c:\jjvpp.exec:\jjvpp.exe91⤵
-
\??\c:\xrrrllr.exec:\xrrrllr.exe92⤵
-
\??\c:\1ffxxrx.exec:\1ffxxrx.exe93⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe94⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe95⤵
-
\??\c:\frrlllr.exec:\frrlllr.exe96⤵
-
\??\c:\hhtttt.exec:\hhtttt.exe97⤵
-
\??\c:\9hhhbh.exec:\9hhhbh.exe98⤵
-
\??\c:\3pvpd.exec:\3pvpd.exe99⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe100⤵
-
\??\c:\lrxrllr.exec:\lrxrllr.exe101⤵
-
\??\c:\rffxllf.exec:\rffxllf.exe102⤵
-
\??\c:\hntnhh.exec:\hntnhh.exe103⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe104⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pjvpj.exec:\pjvpj.exe105⤵
-
\??\c:\1jvpp.exec:\1jvpp.exe106⤵
-
\??\c:\7xxrffx.exec:\7xxrffx.exe107⤵
-
\??\c:\xlxrlll.exec:\xlxrlll.exe108⤵
-
\??\c:\thntnn.exec:\thntnn.exe109⤵
-
\??\c:\9tnhbt.exec:\9tnhbt.exe110⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe111⤵
-
\??\c:\jdvpv.exec:\jdvpv.exe112⤵
-
\??\c:\xlllffx.exec:\xlllffx.exe113⤵
-
\??\c:\hnnnnn.exec:\hnnnnn.exe114⤵
-
\??\c:\tntnhh.exec:\tntnhh.exe115⤵
-
\??\c:\pvdvv.exec:\pvdvv.exe116⤵
-
\??\c:\1djdv.exec:\1djdv.exe117⤵
-
\??\c:\frrlllf.exec:\frrlllf.exe118⤵
-
\??\c:\1rflfff.exec:\1rflfff.exe119⤵
-
\??\c:\bhnhbb.exec:\bhnhbb.exe120⤵
-
\??\c:\bnbtnn.exec:\bnbtnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-