Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
19-09-2024 07:49
General
-
Target
2b95f3f33e0ad83cb777a5b2f24c2ad666571e36ee2a366cd09a414f28785308N.exe
-
Size
68KB
-
MD5
170e0d450d0b9b23a4ab9f5055cb4700
-
SHA1
c2ecaea7c6dad88c8c654c5abea63ffca8e5432a
-
SHA256
2b95f3f33e0ad83cb777a5b2f24c2ad666571e36ee2a366cd09a414f28785308
-
SHA512
cf21353c7b73f35139cf940335c827d849aa28d243e6671f0526749897a9a467ee712d78e0c2e651d2dcb2acb4b9ff283ac4a292e1330c003d5dc1449d000032
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIoAcZ:ymb3NkkiQ3mdBjFIsIVcZ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2b95f3f33e0ad83cb777a5b2f24c2ad666571e36ee2a366cd09a414f28785308N.exe"C:\Users\Admin\AppData\Local\Temp\2b95f3f33e0ad83cb777a5b2f24c2ad666571e36ee2a366cd09a414f28785308N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrlxxf.exec:\ffrlxxf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntntt.exec:\nntntt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbtnb.exec:\hbbtnb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xllllr.exec:\7xllllr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnhtb.exec:\htnhtb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvpp.exec:\dpvpp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlfxrx.exec:\lrlfxrx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhntb.exec:\nbhntb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhnhn.exec:\hhhnhn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdpv.exec:\jvdpv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxfff.exec:\lfxxfff.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbhbh.exec:\thbhbh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhtbb.exec:\nhhtbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pppv.exec:\3pppv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vpjp.exec:\3vpjp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxflxr.exec:\fxxflxr.exe17⤵
- Executes dropped EXE
-
\??\c:\3xlllrx.exec:\3xlllrx.exe18⤵
- Executes dropped EXE
-
\??\c:\bthhbn.exec:\bthhbn.exe19⤵
- Executes dropped EXE
-
\??\c:\pvvpp.exec:\pvvpp.exe20⤵
- Executes dropped EXE
-
\??\c:\3jjpd.exec:\3jjpd.exe21⤵
- Executes dropped EXE
-
\??\c:\xrxxflx.exec:\xrxxflx.exe22⤵
- Executes dropped EXE
-
\??\c:\nhnbhn.exec:\nhnbhn.exe23⤵
- Executes dropped EXE
-
\??\c:\9nhnhn.exec:\9nhnhn.exe24⤵
- Executes dropped EXE
-
\??\c:\7jppv.exec:\7jppv.exe25⤵
- Executes dropped EXE
-
\??\c:\9lfflrr.exec:\9lfflrr.exe26⤵
- Executes dropped EXE
-
\??\c:\bbntbn.exec:\bbntbn.exe27⤵
- Executes dropped EXE
-
\??\c:\jpdvv.exec:\jpdvv.exe28⤵
- Executes dropped EXE
-
\??\c:\ddjpd.exec:\ddjpd.exe29⤵
- Executes dropped EXE
-
\??\c:\llrllxr.exec:\llrllxr.exe30⤵
- Executes dropped EXE
-
\??\c:\hhttbb.exec:\hhttbb.exe31⤵
- Executes dropped EXE
-
\??\c:\3jvjj.exec:\3jvjj.exe32⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe33⤵
- Executes dropped EXE
-
\??\c:\lfxxllx.exec:\lfxxllx.exe34⤵
- Executes dropped EXE
-
\??\c:\hbtbhh.exec:\hbtbhh.exe35⤵
- Executes dropped EXE
-
\??\c:\bhhttn.exec:\bhhttn.exe36⤵
- Executes dropped EXE
-
\??\c:\vpjpp.exec:\vpjpp.exe37⤵
- Executes dropped EXE
-
\??\c:\xlflxfx.exec:\xlflxfx.exe38⤵
- Executes dropped EXE
-
\??\c:\rrfflrx.exec:\rrfflrx.exe39⤵
- Executes dropped EXE
-
\??\c:\hhbhbh.exec:\hhbhbh.exe40⤵
- Executes dropped EXE
-
\??\c:\vjdpd.exec:\vjdpd.exe41⤵
- Executes dropped EXE
-
\??\c:\jppdv.exec:\jppdv.exe42⤵
- Executes dropped EXE
-
\??\c:\lxxlrff.exec:\lxxlrff.exe43⤵
- Executes dropped EXE
-
\??\c:\xfflflr.exec:\xfflflr.exe44⤵
- Executes dropped EXE
-
\??\c:\tntnnt.exec:\tntnnt.exe45⤵
- Executes dropped EXE
-
\??\c:\hbtbbh.exec:\hbtbbh.exe46⤵
- Executes dropped EXE
-
\??\c:\jjdpd.exec:\jjdpd.exe47⤵
- Executes dropped EXE
-
\??\c:\rlflrrf.exec:\rlflrrf.exe48⤵
- Executes dropped EXE
-
\??\c:\lxrxffl.exec:\lxrxffl.exe49⤵
- Executes dropped EXE
-
\??\c:\nbbnbb.exec:\nbbnbb.exe50⤵
- Executes dropped EXE
-
\??\c:\ttbnbb.exec:\ttbnbb.exe51⤵
- Executes dropped EXE
-
\??\c:\nhbbnt.exec:\nhbbnt.exe52⤵
- Executes dropped EXE
-
\??\c:\vjjpj.exec:\vjjpj.exe53⤵
- Executes dropped EXE
-
\??\c:\9dpvd.exec:\9dpvd.exe54⤵
- Executes dropped EXE
-
\??\c:\9rllrfl.exec:\9rllrfl.exe55⤵
- Executes dropped EXE
-
\??\c:\rlrxxff.exec:\rlrxxff.exe56⤵
- Executes dropped EXE
-
\??\c:\hbnnbh.exec:\hbnnbh.exe57⤵
- Executes dropped EXE
-
\??\c:\bbthht.exec:\bbthht.exe58⤵
- Executes dropped EXE
-
\??\c:\vpjvv.exec:\vpjvv.exe59⤵
- Executes dropped EXE
-
\??\c:\jvvpp.exec:\jvvpp.exe60⤵
- Executes dropped EXE
-
\??\c:\9fflxlr.exec:\9fflxlr.exe61⤵
- Executes dropped EXE
-
\??\c:\nbnntt.exec:\nbnntt.exe62⤵
- Executes dropped EXE
-
\??\c:\tbhbhh.exec:\tbhbhh.exe63⤵
- Executes dropped EXE
-
\??\c:\jdvjp.exec:\jdvjp.exe64⤵
- Executes dropped EXE
-
\??\c:\7fxrxfr.exec:\7fxrxfr.exe65⤵
- Executes dropped EXE
-
\??\c:\xrxfxrx.exec:\xrxfxrx.exe66⤵
-
\??\c:\9xrlrxf.exec:\9xrlrxf.exe67⤵
-
\??\c:\5hbthn.exec:\5hbthn.exe68⤵
-
\??\c:\thbhnn.exec:\thbhnn.exe69⤵
-
\??\c:\9vjjj.exec:\9vjjj.exe70⤵
-
\??\c:\1dpdd.exec:\1dpdd.exe71⤵
-
\??\c:\9flfllr.exec:\9flfllr.exe72⤵
-
\??\c:\hnttnb.exec:\hnttnb.exe73⤵
-
\??\c:\nhtntb.exec:\nhtntb.exe74⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe75⤵
-
\??\c:\pdpvj.exec:\pdpvj.exe76⤵
-
\??\c:\rllrrrx.exec:\rllrrrx.exe77⤵
-
\??\c:\frrxllr.exec:\frrxllr.exe78⤵
-
\??\c:\1tbhnn.exec:\1tbhnn.exe79⤵
-
\??\c:\btnthh.exec:\btnthh.exe80⤵
-
\??\c:\ddvdv.exec:\ddvdv.exe81⤵
-
\??\c:\rrffrxx.exec:\rrffrxx.exe82⤵
-
\??\c:\fxlrxxf.exec:\fxlrxxf.exe83⤵
-
\??\c:\tnhntb.exec:\tnhntb.exe84⤵
-
\??\c:\hbnntb.exec:\hbnntb.exe85⤵
-
\??\c:\dpdjp.exec:\dpdjp.exe86⤵
-
\??\c:\lrxxrfx.exec:\lrxxrfx.exe87⤵
-
\??\c:\rfxfrrf.exec:\rfxfrrf.exe88⤵
-
\??\c:\bthnnn.exec:\bthnnn.exe89⤵
-
\??\c:\vppvj.exec:\vppvj.exe90⤵
-
\??\c:\dpddj.exec:\dpddj.exe91⤵
-
\??\c:\lxfffff.exec:\lxfffff.exe92⤵
-
\??\c:\ffrfrrr.exec:\ffrfrrr.exe93⤵
-
\??\c:\tnbbhn.exec:\tnbbhn.exe94⤵
-
\??\c:\nnhnbb.exec:\nnhnbb.exe95⤵
-
\??\c:\pjdpj.exec:\pjdpj.exe96⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe97⤵
-
\??\c:\rlxfrlx.exec:\rlxfrlx.exe98⤵
-
\??\c:\flxrxrr.exec:\flxrxrr.exe99⤵
-
\??\c:\1tthhh.exec:\1tthhh.exe100⤵
-
\??\c:\3hbnnn.exec:\3hbnnn.exe101⤵
-
\??\c:\1dvvj.exec:\1dvvj.exe102⤵
-
\??\c:\1pdvj.exec:\1pdvj.exe103⤵
-
\??\c:\fxllllx.exec:\fxllllx.exe104⤵
-
\??\c:\ffllllr.exec:\ffllllr.exe105⤵
-
\??\c:\btthtb.exec:\btthtb.exe106⤵
-
\??\c:\pddjj.exec:\pddjj.exe107⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe108⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe109⤵
-
\??\c:\rlrllfl.exec:\rlrllfl.exe110⤵
-
\??\c:\bntbbn.exec:\bntbbn.exe111⤵
-
\??\c:\nbhbbn.exec:\nbhbbn.exe112⤵
-
\??\c:\3hnhhh.exec:\3hnhhh.exe113⤵
-
\??\c:\pdjpd.exec:\pdjpd.exe114⤵
-
\??\c:\5vppp.exec:\5vppp.exe115⤵
-
\??\c:\5ffrxlx.exec:\5ffrxlx.exe116⤵
-
\??\c:\lrxrxlr.exec:\lrxrxlr.exe117⤵
-
\??\c:\hbhhnt.exec:\hbhhnt.exe118⤵
-
\??\c:\btbbhn.exec:\btbbhn.exe119⤵
-
\??\c:\djpjp.exec:\djpjp.exe120⤵
-
\??\c:\pdjjv.exec:\pdjjv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-