Analysis
-
max time kernel
120s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
18-09-2024 22:08
General
-
Target
fe9242e635be3c9045ed2d8b248774372ea157bf51f04f095f0a0e0e9e4fa45aN.exe
-
Size
82KB
-
MD5
2ef71c6c9977c4d36b6fc25da4472f10
-
SHA1
1ae02de6a22339f0d1ec890fab323e5dddf1c1b4
-
SHA256
fe9242e635be3c9045ed2d8b248774372ea157bf51f04f095f0a0e0e9e4fa45a
-
SHA512
49b5151f77eaa266462b33e126b8d932581e9847f6a4ed6f25e0b3d8c2582fbe447315a9146a6d9718f969298bd43ce246d7d735362db458ecf72321784bd0cf
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA89Qj:ymb3NkkiQ3mdBjFIIp9L9QrrA8C
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fe9242e635be3c9045ed2d8b248774372ea157bf51f04f095f0a0e0e9e4fa45aN.exe"C:\Users\Admin\AppData\Local\Temp\fe9242e635be3c9045ed2d8b248774372ea157bf51f04f095f0a0e0e9e4fa45aN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxxllr.exec:\xlxxllr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbnh.exec:\hthbnh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppppd.exec:\ppppd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rllllr.exec:\7rllllr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrrll.exec:\rxxrrll.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hnttt.exec:\5hnttt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvdp.exec:\ddvdp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlxflx.exec:\fxlxflx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrrfxf.exec:\rfrrfxf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bbbnh.exec:\9bbbnh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ntntt.exec:\3ntntt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjddp.exec:\pjddp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpjp.exec:\vdpjp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpvd.exec:\jvpvd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrflx.exec:\xrlrflx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthhnh.exec:\hthhnh.exe17⤵
- Executes dropped EXE
-
\??\c:\lfxlxfr.exec:\lfxlxfr.exe18⤵
- Executes dropped EXE
-
\??\c:\htntbt.exec:\htntbt.exe19⤵
- Executes dropped EXE
-
\??\c:\7nbthb.exec:\7nbthb.exe20⤵
- Executes dropped EXE
-
\??\c:\7dvdj.exec:\7dvdj.exe21⤵
- Executes dropped EXE
-
\??\c:\xrfxrff.exec:\xrfxrff.exe22⤵
- Executes dropped EXE
-
\??\c:\thttbh.exec:\thttbh.exe23⤵
- Executes dropped EXE
-
\??\c:\vvjjv.exec:\vvjjv.exe24⤵
- Executes dropped EXE
-
\??\c:\vpdpp.exec:\vpdpp.exe25⤵
- Executes dropped EXE
-
\??\c:\lfrxlfl.exec:\lfrxlfl.exe26⤵
- Executes dropped EXE
-
\??\c:\frrxffr.exec:\frrxffr.exe27⤵
- Executes dropped EXE
-
\??\c:\dvpdp.exec:\dvpdp.exe28⤵
- Executes dropped EXE
-
\??\c:\jjpdv.exec:\jjpdv.exe29⤵
- Executes dropped EXE
-
\??\c:\xrrxrff.exec:\xrrxrff.exe30⤵
- Executes dropped EXE
-
\??\c:\lllxlfx.exec:\lllxlfx.exe31⤵
- Executes dropped EXE
-
\??\c:\bthhnn.exec:\bthhnn.exe32⤵
- Executes dropped EXE
-
\??\c:\9djjp.exec:\9djjp.exe33⤵
- Executes dropped EXE
-
\??\c:\5ppjp.exec:\5ppjp.exe34⤵
- Executes dropped EXE
-
\??\c:\fxllffl.exec:\fxllffl.exe35⤵
- Executes dropped EXE
-
\??\c:\hbtbbh.exec:\hbtbbh.exe36⤵
- Executes dropped EXE
-
\??\c:\hbtntt.exec:\hbtntt.exe37⤵
- Executes dropped EXE
-
\??\c:\vpddd.exec:\vpddd.exe38⤵
- Executes dropped EXE
-
\??\c:\pjvvv.exec:\pjvvv.exe39⤵
- Executes dropped EXE
-
\??\c:\lfrxxfl.exec:\lfrxxfl.exe40⤵
- Executes dropped EXE
-
\??\c:\llrxfff.exec:\llrxfff.exe41⤵
- Executes dropped EXE
-
\??\c:\5tnbhh.exec:\5tnbhh.exe42⤵
- Executes dropped EXE
-
\??\c:\hthtnn.exec:\hthtnn.exe43⤵
- Executes dropped EXE
-
\??\c:\pppdv.exec:\pppdv.exe44⤵
- Executes dropped EXE
-
\??\c:\5vdpp.exec:\5vdpp.exe45⤵
- Executes dropped EXE
-
\??\c:\rlflflf.exec:\rlflflf.exe46⤵
- Executes dropped EXE
-
\??\c:\fxlrfll.exec:\fxlrfll.exe47⤵
- Executes dropped EXE
-
\??\c:\bthtbt.exec:\bthtbt.exe48⤵
- Executes dropped EXE
-
\??\c:\thtbbb.exec:\thtbbb.exe49⤵
- Executes dropped EXE
-
\??\c:\5vvpd.exec:\5vvpd.exe50⤵
- Executes dropped EXE
-
\??\c:\rlxflrf.exec:\rlxflrf.exe51⤵
- Executes dropped EXE
-
\??\c:\hhtbtb.exec:\hhtbtb.exe52⤵
- Executes dropped EXE
-
\??\c:\bbtbnt.exec:\bbtbnt.exe53⤵
- Executes dropped EXE
-
\??\c:\7dvvp.exec:\7dvvp.exe54⤵
- Executes dropped EXE
-
\??\c:\pppvj.exec:\pppvj.exe55⤵
- Executes dropped EXE
-
\??\c:\lllxlfx.exec:\lllxlfx.exe56⤵
- Executes dropped EXE
-
\??\c:\lfrxffx.exec:\lfrxffx.exe57⤵
- Executes dropped EXE
-
\??\c:\bnthth.exec:\bnthth.exe58⤵
- Executes dropped EXE
-
\??\c:\nhthnb.exec:\nhthnb.exe59⤵
- Executes dropped EXE
-
\??\c:\pjppj.exec:\pjppj.exe60⤵
- Executes dropped EXE
-
\??\c:\ddddp.exec:\ddddp.exe61⤵
- Executes dropped EXE
-
\??\c:\ffxlrrf.exec:\ffxlrrf.exe62⤵
- Executes dropped EXE
-
\??\c:\9bnhtb.exec:\9bnhtb.exe63⤵
- Executes dropped EXE
-
\??\c:\hnbtbb.exec:\hnbtbb.exe64⤵
- Executes dropped EXE
-
\??\c:\dddjj.exec:\dddjj.exe65⤵
- Executes dropped EXE
-
\??\c:\vpdpd.exec:\vpdpd.exe66⤵
-
\??\c:\xxrlxlf.exec:\xxrlxlf.exe67⤵
-
\??\c:\rrxlxlr.exec:\rrxlxlr.exe68⤵
-
\??\c:\bbtbnt.exec:\bbtbnt.exe69⤵
-
\??\c:\9hbhbh.exec:\9hbhbh.exe70⤵
-
\??\c:\vvdvj.exec:\vvdvj.exe71⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe72⤵
-
\??\c:\rlxxflr.exec:\rlxxflr.exe73⤵
-
\??\c:\3lxxrxr.exec:\3lxxrxr.exe74⤵
-
\??\c:\nntnnh.exec:\nntnnh.exe75⤵
-
\??\c:\btnnhn.exec:\btnnhn.exe76⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe77⤵
-
\??\c:\pddjv.exec:\pddjv.exe78⤵
-
\??\c:\7rxfrxr.exec:\7rxfrxr.exe79⤵
-
\??\c:\7ffxflx.exec:\7ffxflx.exe80⤵
-
\??\c:\bbhttb.exec:\bbhttb.exe81⤵
-
\??\c:\hbbbhh.exec:\hbbbhh.exe82⤵
-
\??\c:\jjjpj.exec:\jjjpj.exe83⤵
-
\??\c:\vpdjd.exec:\vpdjd.exe84⤵
-
\??\c:\rrrxllx.exec:\rrrxllx.exe85⤵
-
\??\c:\rllfflf.exec:\rllfflf.exe86⤵
-
\??\c:\xxxlfrr.exec:\xxxlfrr.exe87⤵
-
\??\c:\tntbtt.exec:\tntbtt.exe88⤵
-
\??\c:\nnbnnt.exec:\nnbnnt.exe89⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe90⤵
- System Location Discovery: System Language Discovery
-
\??\c:\1pddp.exec:\1pddp.exe91⤵
-
\??\c:\ffrllfx.exec:\ffrllfx.exe92⤵
-
\??\c:\fxllflf.exec:\fxllflf.exe93⤵
-
\??\c:\5bnnbt.exec:\5bnnbt.exe94⤵
-
\??\c:\tthnbn.exec:\tthnbn.exe95⤵
-
\??\c:\5ppdd.exec:\5ppdd.exe96⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe97⤵
-
\??\c:\jvpvv.exec:\jvpvv.exe98⤵
-
\??\c:\rllxfrx.exec:\rllxfrx.exe99⤵
-
\??\c:\7rlfffr.exec:\7rlfffr.exe100⤵
-
\??\c:\9tnbtb.exec:\9tnbtb.exe101⤵
-
\??\c:\5hhhtb.exec:\5hhhtb.exe102⤵
-
\??\c:\1vvjj.exec:\1vvjj.exe103⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe104⤵
-
\??\c:\fxlrflr.exec:\fxlrflr.exe105⤵
-
\??\c:\llflffr.exec:\llflffr.exe106⤵
-
\??\c:\hhtthn.exec:\hhtthn.exe107⤵
-
\??\c:\nttnht.exec:\nttnht.exe108⤵
-
\??\c:\hhtnhh.exec:\hhtnhh.exe109⤵
-
\??\c:\jdjvj.exec:\jdjvj.exe110⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe111⤵
-
\??\c:\3xffxxr.exec:\3xffxxr.exe112⤵
-
\??\c:\xxxlfrl.exec:\xxxlfrl.exe113⤵
-
\??\c:\9xlfrfl.exec:\9xlfrfl.exe114⤵
-
\??\c:\nnbntb.exec:\nnbntb.exe115⤵
-
\??\c:\5hbbhn.exec:\5hbbhn.exe116⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jdvjv.exec:\jdvjv.exe117⤵
-
\??\c:\dvpdj.exec:\dvpdj.exe118⤵
-
\??\c:\ffxfflf.exec:\ffxfflf.exe119⤵
-
\??\c:\fffxrfx.exec:\fffxrfx.exe120⤵
-
\??\c:\3ntbbb.exec:\3ntbbb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-