Analysis
-
max time kernel
120s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
19-09-2024 06:08
General
-
Target
85a4a9178d988070f38d67bd4fd990e7432fc6dc261436c4b467a530df41a12eN.exe
-
Size
64KB
-
MD5
51ce8c0199e3cee240748ccaaa1af470
-
SHA1
1bad9e71a2e4aab4368f352568540c0b7706fe66
-
SHA256
85a4a9178d988070f38d67bd4fd990e7432fc6dc261436c4b467a530df41a12e
-
SHA512
445c2454e77cdb70e5a816d199ed0f7f7085238666442e4c0a27c90b519f730adda046c7f64be99999c5725fc1769323b942178d742478e971644fff710e3ba3
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI9L27U:ymb3NkkiQ3mdBjFI9l
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\85a4a9178d988070f38d67bd4fd990e7432fc6dc261436c4b467a530df41a12eN.exe"C:\Users\Admin\AppData\Local\Temp\85a4a9178d988070f38d67bd4fd990e7432fc6dc261436c4b467a530df41a12eN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfflrr.exec:\rlfflrr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnnhn.exec:\hhnnhn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vjpv.exec:\5vjpv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxxrrx.exec:\llxxrrx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbbhn.exec:\bnbbhn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvjp.exec:\ddvjp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfrflx.exec:\llfrflx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvpd.exec:\ddvpd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pjvv.exec:\1pjvv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxxfff.exec:\frxxfff.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7frxffl.exec:\7frxffl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5thhtt.exec:\5thhtt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppp.exec:\pjppp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfrffx.exec:\xxfrffx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxflrxr.exec:\xxflrxr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbhnn.exec:\hhbhnn.exe17⤵
- Executes dropped EXE
-
\??\c:\thntbh.exec:\thntbh.exe18⤵
- Executes dropped EXE
-
\??\c:\jpjjv.exec:\jpjjv.exe19⤵
- Executes dropped EXE
-
\??\c:\rlfrllr.exec:\rlfrllr.exe20⤵
- Executes dropped EXE
-
\??\c:\lfrflrx.exec:\lfrflrx.exe21⤵
- Executes dropped EXE
-
\??\c:\ttnhbb.exec:\ttnhbb.exe22⤵
- Executes dropped EXE
-
\??\c:\ppvpj.exec:\ppvpj.exe23⤵
- Executes dropped EXE
-
\??\c:\fxllfrf.exec:\fxllfrf.exe24⤵
- Executes dropped EXE
-
\??\c:\htnbtt.exec:\htnbtt.exe25⤵
- Executes dropped EXE
-
\??\c:\nhhtbb.exec:\nhhtbb.exe26⤵
- Executes dropped EXE
-
\??\c:\vvpjj.exec:\vvpjj.exe27⤵
- Executes dropped EXE
-
\??\c:\pppdv.exec:\pppdv.exe28⤵
- Executes dropped EXE
-
\??\c:\rlfxrxl.exec:\rlfxrxl.exe29⤵
- Executes dropped EXE
-
\??\c:\bbnttb.exec:\bbnttb.exe30⤵
- Executes dropped EXE
-
\??\c:\vvjjp.exec:\vvjjp.exe31⤵
- Executes dropped EXE
-
\??\c:\3fxfflx.exec:\3fxfflx.exe32⤵
- Executes dropped EXE
-
\??\c:\xxrlxll.exec:\xxrlxll.exe33⤵
- Executes dropped EXE
-
\??\c:\hbtntn.exec:\hbtntn.exe34⤵
- Executes dropped EXE
-
\??\c:\hnhnnn.exec:\hnhnnn.exe35⤵
- Executes dropped EXE
-
\??\c:\3vvvv.exec:\3vvvv.exe36⤵
- Executes dropped EXE
-
\??\c:\jpvpj.exec:\jpvpj.exe37⤵
- Executes dropped EXE
-
\??\c:\9fxxxlx.exec:\9fxxxlx.exe38⤵
- Executes dropped EXE
-
\??\c:\lllfxlx.exec:\lllfxlx.exe39⤵
- Executes dropped EXE
-
\??\c:\bttbnt.exec:\bttbnt.exe40⤵
- Executes dropped EXE
-
\??\c:\3vpjp.exec:\3vpjp.exe41⤵
- Executes dropped EXE
-
\??\c:\pjpvd.exec:\pjpvd.exe42⤵
- Executes dropped EXE
-
\??\c:\lfxlxxl.exec:\lfxlxxl.exe43⤵
- Executes dropped EXE
-
\??\c:\nnntnt.exec:\nnntnt.exe44⤵
- Executes dropped EXE
-
\??\c:\nhnntt.exec:\nhnntt.exe45⤵
- Executes dropped EXE
-
\??\c:\5jddp.exec:\5jddp.exe46⤵
- Executes dropped EXE
-
\??\c:\ddddv.exec:\ddddv.exe47⤵
- Executes dropped EXE
-
\??\c:\5rlxllf.exec:\5rlxllf.exe48⤵
- Executes dropped EXE
-
\??\c:\5lxlrxx.exec:\5lxlrxx.exe49⤵
- Executes dropped EXE
-
\??\c:\nhhhtt.exec:\nhhhtt.exe50⤵
- Executes dropped EXE
-
\??\c:\nhtthn.exec:\nhtthn.exe51⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\ddvjp.exec:\ddvjp.exe52⤵
- Executes dropped EXE
-
\??\c:\xxflrrf.exec:\xxflrrf.exe53⤵
- Executes dropped EXE
-
\??\c:\rlfllrx.exec:\rlfllrx.exe54⤵
- Executes dropped EXE
-
\??\c:\xfxrflx.exec:\xfxrflx.exe55⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\hhbtnn.exec:\hhbtnn.exe56⤵
- Executes dropped EXE
-
\??\c:\nhbthn.exec:\nhbthn.exe57⤵
- Executes dropped EXE
-
\??\c:\dvpvp.exec:\dvpvp.exe58⤵
- Executes dropped EXE
-
\??\c:\fxrlrrx.exec:\fxrlrrx.exe59⤵
- Executes dropped EXE
-
\??\c:\9frrrfx.exec:\9frrrfx.exe60⤵
- Executes dropped EXE
-
\??\c:\rrfrxxl.exec:\rrfrxxl.exe61⤵
- Executes dropped EXE
-
\??\c:\hhhnbh.exec:\hhhnbh.exe62⤵
- Executes dropped EXE
-
\??\c:\bthbnh.exec:\bthbnh.exe63⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\ddvdv.exec:\ddvdv.exe64⤵
- Executes dropped EXE
-
\??\c:\1rxlxfx.exec:\1rxlxfx.exe65⤵
- Executes dropped EXE
-
\??\c:\xllrxrx.exec:\xllrxrx.exe66⤵
-
\??\c:\btbnbb.exec:\btbnbb.exe67⤵
-
\??\c:\bthttb.exec:\bthttb.exe68⤵
-
\??\c:\vpjpj.exec:\vpjpj.exe69⤵
-
\??\c:\pjpjv.exec:\pjpjv.exe70⤵
-
\??\c:\fxfllff.exec:\fxfllff.exe71⤵
-
\??\c:\rlxlxlx.exec:\rlxlxlx.exe72⤵
-
\??\c:\hhhhtb.exec:\hhhhtb.exe73⤵
-
\??\c:\hbbnbn.exec:\hbbnbn.exe74⤵
-
\??\c:\9jvvj.exec:\9jvvj.exe75⤵
-
\??\c:\1rllrrl.exec:\1rllrrl.exe76⤵
-
\??\c:\fxrfxlx.exec:\fxrfxlx.exe77⤵
-
\??\c:\bbtbnb.exec:\bbtbnb.exe78⤵
-
\??\c:\ntnnbh.exec:\ntnnbh.exe79⤵
-
\??\c:\5jjjv.exec:\5jjjv.exe80⤵
-
\??\c:\pppdp.exec:\pppdp.exe81⤵
-
\??\c:\rrffllr.exec:\rrffllr.exe82⤵
-
\??\c:\rlxrxxl.exec:\rlxrxxl.exe83⤵
-
\??\c:\btnnbh.exec:\btnnbh.exe84⤵
-
\??\c:\5hbnbh.exec:\5hbnbh.exe85⤵
-
\??\c:\vpjvv.exec:\vpjvv.exe86⤵
-
\??\c:\vvjpd.exec:\vvjpd.exe87⤵
-
\??\c:\lfrxfrr.exec:\lfrxfrr.exe88⤵
-
\??\c:\flfrlxf.exec:\flfrlxf.exe89⤵
-
\??\c:\ttnbth.exec:\ttnbth.exe90⤵
-
\??\c:\1nhhtb.exec:\1nhhtb.exe91⤵
-
\??\c:\5vvjp.exec:\5vvjp.exe92⤵
-
\??\c:\pjvpj.exec:\pjvpj.exe93⤵
-
\??\c:\llflrrf.exec:\llflrrf.exe94⤵
-
\??\c:\rlxfllr.exec:\rlxfllr.exe95⤵
-
\??\c:\hhhnbt.exec:\hhhnbt.exe96⤵
-
\??\c:\hbntbb.exec:\hbntbb.exe97⤵
-
\??\c:\jjdpj.exec:\jjdpj.exe98⤵
-
\??\c:\pjjjp.exec:\pjjjp.exe99⤵
-
\??\c:\rrlxlfx.exec:\rrlxlfx.exe100⤵
-
\??\c:\fxrlxlr.exec:\fxrlxlr.exe101⤵
-
\??\c:\bnhthn.exec:\bnhthn.exe102⤵
-
\??\c:\1btbbb.exec:\1btbbb.exe103⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe104⤵
-
\??\c:\ppvdv.exec:\ppvdv.exe105⤵
-
\??\c:\9fxffrf.exec:\9fxffrf.exe106⤵
-
\??\c:\ffllxxl.exec:\ffllxxl.exe107⤵
-
\??\c:\nnnbnt.exec:\nnnbnt.exe108⤵
-
\??\c:\3bbthh.exec:\3bbthh.exe109⤵
-
\??\c:\vppvp.exec:\vppvp.exe110⤵
-
\??\c:\djvvj.exec:\djvvj.exe111⤵
-
\??\c:\ffrlxfr.exec:\ffrlxfr.exe112⤵
-
\??\c:\fxflxxl.exec:\fxflxxl.exe113⤵
-
\??\c:\hhbtbh.exec:\hhbtbh.exe114⤵
-
\??\c:\nhnthh.exec:\nhnthh.exe115⤵
-
\??\c:\jjjdj.exec:\jjjdj.exe116⤵
-
\??\c:\ppjpd.exec:\ppjpd.exe117⤵
-
\??\c:\3lflflr.exec:\3lflflr.exe118⤵
-
\??\c:\rlxfxxx.exec:\rlxfxxx.exe119⤵
-
\??\c:\bbbhbh.exec:\bbbhbh.exe120⤵
-
\??\c:\bbtbnt.exec:\bbtbnt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-