Analysis
-
max time kernel
120s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
21/09/2024, 15:30
General
-
Target
8b24e56c64695fcdb74aba6bbb9661c9a217e1310f1162fa7d07ac3e8d9f4043N.exe
-
Size
74KB
-
MD5
de14de6865d8b8c4cfd6bdea76cfde70
-
SHA1
b3de13666cc8fb9ea87d57a5ba7877a2a68e99ed
-
SHA256
8b24e56c64695fcdb74aba6bbb9661c9a217e1310f1162fa7d07ac3e8d9f4043
-
SHA512
965b0b640263038c454708e5db2c02d496fe64d6ed338b609c2fcc138a77e8fb368ec01dfd0d6343c5eb31f5ebd90a19e65371a90a17e2581fee0688f9474917
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDWiekja1br3GGBxfot3eTl:ymb3NkkiQ3mdBjFWXkj7afokl
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8b24e56c64695fcdb74aba6bbb9661c9a217e1310f1162fa7d07ac3e8d9f4043N.exe"C:\Users\Admin\AppData\Local\Temp\8b24e56c64695fcdb74aba6bbb9661c9a217e1310f1162fa7d07ac3e8d9f4043N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtbhb.exec:\hbtbhb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvd.exec:\pjvvd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrxflx.exec:\llrxflx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hbbnt.exec:\7hbbnt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjv.exec:\pjdjv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddppd.exec:\ddppd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxllrxx.exec:\lxllrxx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhntt.exec:\nnhntt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpv.exec:\jdvpv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfrfrf.exec:\xrfrfrf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrfrrl.exec:\xxrfrrl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbthtb.exec:\hbthtb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnbhn.exec:\btnbhn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpvp.exec:\pdpvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvv.exec:\pjvvv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvjv.exec:\jjvjv.exe17⤵
- Executes dropped EXE
-
\??\c:\9xrfrxl.exec:\9xrfrxl.exe18⤵
- Executes dropped EXE
-
\??\c:\7xlxfrf.exec:\7xlxfrf.exe19⤵
- Executes dropped EXE
-
\??\c:\tbtnhb.exec:\tbtnhb.exe20⤵
- Executes dropped EXE
-
\??\c:\nhnnbb.exec:\nhnnbb.exe21⤵
- Executes dropped EXE
-
\??\c:\5vpvv.exec:\5vpvv.exe22⤵
- Executes dropped EXE
-
\??\c:\dvpdp.exec:\dvpdp.exe23⤵
- Executes dropped EXE
-
\??\c:\1xlrxxr.exec:\1xlrxxr.exe24⤵
- Executes dropped EXE
-
\??\c:\fxrrxfr.exec:\fxrrxfr.exe25⤵
- Executes dropped EXE
-
\??\c:\btnbnt.exec:\btnbnt.exe26⤵
- Executes dropped EXE
-
\??\c:\tnnbtt.exec:\tnnbtt.exe27⤵
- Executes dropped EXE
-
\??\c:\5dpvd.exec:\5dpvd.exe28⤵
- Executes dropped EXE
-
\??\c:\vpjpp.exec:\vpjpp.exe29⤵
- Executes dropped EXE
-
\??\c:\7xrfxxl.exec:\7xrfxxl.exe30⤵
- Executes dropped EXE
-
\??\c:\rlxlffx.exec:\rlxlffx.exe31⤵
- Executes dropped EXE
-
\??\c:\nnhtth.exec:\nnhtth.exe32⤵
- Executes dropped EXE
-
\??\c:\ddjvv.exec:\ddjvv.exe33⤵
- Executes dropped EXE
-
\??\c:\jjdpv.exec:\jjdpv.exe34⤵
- Executes dropped EXE
-
\??\c:\flxlxrl.exec:\flxlxrl.exe35⤵
- Executes dropped EXE
-
\??\c:\xxrrffr.exec:\xxrrffr.exe36⤵
- Executes dropped EXE
-
\??\c:\fxrflxr.exec:\fxrflxr.exe37⤵
- Executes dropped EXE
-
\??\c:\3bntht.exec:\3bntht.exe38⤵
- Executes dropped EXE
-
\??\c:\3htttt.exec:\3htttt.exe39⤵
- Executes dropped EXE
-
\??\c:\jpdpp.exec:\jpdpp.exe40⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\vjpjd.exec:\vjpjd.exe41⤵
- Executes dropped EXE
-
\??\c:\7vvdd.exec:\7vvdd.exe42⤵
- Executes dropped EXE
-
\??\c:\xrffllf.exec:\xrffllf.exe43⤵
- Executes dropped EXE
-
\??\c:\3rrrrrx.exec:\3rrrrrx.exe44⤵
- Executes dropped EXE
-
\??\c:\ffxrffl.exec:\ffxrffl.exe45⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\hhhtbh.exec:\hhhtbh.exe46⤵
- Executes dropped EXE
-
\??\c:\hnnnnn.exec:\hnnnnn.exe47⤵
- Executes dropped EXE
-
\??\c:\1vjdd.exec:\1vjdd.exe48⤵
- Executes dropped EXE
-
\??\c:\vvjvp.exec:\vvjvp.exe49⤵
- Executes dropped EXE
-
\??\c:\pjppv.exec:\pjppv.exe50⤵
- Executes dropped EXE
-
\??\c:\ffrxllf.exec:\ffrxllf.exe51⤵
- Executes dropped EXE
-
\??\c:\rrflxfr.exec:\rrflxfr.exe52⤵
- Executes dropped EXE
-
\??\c:\fxffflx.exec:\fxffflx.exe53⤵
- Executes dropped EXE
-
\??\c:\9btbnt.exec:\9btbnt.exe54⤵
- Executes dropped EXE
-
\??\c:\7nnnnt.exec:\7nnnnt.exe55⤵
- Executes dropped EXE
-
\??\c:\btthtb.exec:\btthtb.exe56⤵
- Executes dropped EXE
-
\??\c:\3vpvv.exec:\3vpvv.exe57⤵
- Executes dropped EXE
-
\??\c:\jvjpv.exec:\jvjpv.exe58⤵
- Executes dropped EXE
-
\??\c:\vpvdd.exec:\vpvdd.exe59⤵
- Executes dropped EXE
-
\??\c:\lxrrlrr.exec:\lxrrlrr.exe60⤵
- Executes dropped EXE
-
\??\c:\1fxxfff.exec:\1fxxfff.exe61⤵
- Executes dropped EXE
-
\??\c:\ffxfxxl.exec:\ffxfxxl.exe62⤵
- Executes dropped EXE
-
\??\c:\hbhnnn.exec:\hbhnnn.exe63⤵
- Executes dropped EXE
-
\??\c:\ttbbnh.exec:\ttbbnh.exe64⤵
- Executes dropped EXE
-
\??\c:\btbnhn.exec:\btbnhn.exe65⤵
- Executes dropped EXE
-
\??\c:\vvjdd.exec:\vvjdd.exe66⤵
-
\??\c:\dddvd.exec:\dddvd.exe67⤵
-
\??\c:\xlxfxxr.exec:\xlxfxxr.exe68⤵
-
\??\c:\xrfrffr.exec:\xrfrffr.exe69⤵
-
\??\c:\lfxfxfl.exec:\lfxfxfl.exe70⤵
-
\??\c:\hnhhtn.exec:\hnhhtn.exe71⤵
-
\??\c:\tthbtb.exec:\tthbtb.exe72⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe73⤵
-
\??\c:\vjdjv.exec:\vjdjv.exe74⤵
-
\??\c:\xrlrxxl.exec:\xrlrxxl.exe75⤵
-
\??\c:\btnttt.exec:\btnttt.exe76⤵
-
\??\c:\3nhtbh.exec:\3nhtbh.exe77⤵
-
\??\c:\7dppd.exec:\7dppd.exe78⤵
-
\??\c:\7vdvp.exec:\7vdvp.exe79⤵
-
\??\c:\3ddjj.exec:\3ddjj.exe80⤵
-
\??\c:\fxrxlxf.exec:\fxrxlxf.exe81⤵
-
\??\c:\ffxrflr.exec:\ffxrflr.exe82⤵
-
\??\c:\htbtth.exec:\htbtth.exe83⤵
-
\??\c:\hbnhtb.exec:\hbnhtb.exe84⤵
-
\??\c:\vdpdd.exec:\vdpdd.exe85⤵
-
\??\c:\rrlrxfr.exec:\rrlrxfr.exe86⤵
-
\??\c:\tnbntb.exec:\tnbntb.exe87⤵
-
\??\c:\3pddj.exec:\3pddj.exe88⤵
-
\??\c:\nbhhtt.exec:\nbhhtt.exe89⤵
-
\??\c:\vppjp.exec:\vppjp.exe90⤵
-
\??\c:\1xrrxxl.exec:\1xrrxxl.exe91⤵
-
\??\c:\5fffrxl.exec:\5fffrxl.exe92⤵
-
\??\c:\hbthnt.exec:\hbthnt.exe93⤵
-
\??\c:\fxlflrx.exec:\fxlflrx.exe94⤵
-
\??\c:\btbbhn.exec:\btbbhn.exe95⤵
-
\??\c:\vjppv.exec:\vjppv.exe96⤵
-
\??\c:\jdddj.exec:\jdddj.exe97⤵
-
\??\c:\bthhtb.exec:\bthhtb.exe98⤵
-
\??\c:\tnnbhh.exec:\tnnbhh.exe99⤵
-
\??\c:\9jdjj.exec:\9jdjj.exe100⤵
-
\??\c:\ddppp.exec:\ddppp.exe101⤵
-
\??\c:\1frfxlx.exec:\1frfxlx.exe102⤵
-
\??\c:\nnttht.exec:\nnttht.exe103⤵
-
\??\c:\vvpdd.exec:\vvpdd.exe104⤵
-
\??\c:\djjjd.exec:\djjjd.exe105⤵
-
\??\c:\lfxrlfr.exec:\lfxrlfr.exe106⤵
-
\??\c:\ntthhb.exec:\ntthhb.exe107⤵
-
\??\c:\7vpdp.exec:\7vpdp.exe108⤵
-
\??\c:\lfllllr.exec:\lfllllr.exe109⤵
-
\??\c:\3lffrxf.exec:\3lffrxf.exe110⤵
-
\??\c:\bbtbbb.exec:\bbtbbb.exe111⤵
-
\??\c:\hbhbtt.exec:\hbhbtt.exe112⤵
-
\??\c:\7djdj.exec:\7djdj.exe113⤵
-
\??\c:\xffffxx.exec:\xffffxx.exe114⤵
-
\??\c:\1nhtbh.exec:\1nhtbh.exe115⤵
-
\??\c:\tntntt.exec:\tntntt.exe116⤵
-
\??\c:\dpdjj.exec:\dpdjj.exe117⤵
-
\??\c:\xrfxffx.exec:\xrfxffx.exe118⤵
-
\??\c:\httnnt.exec:\httnnt.exe119⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe120⤵
-
\??\c:\frllllr.exec:\frllllr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-