Analysis
-
max time kernel
119s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
25/09/2024, 20:15
General
-
Target
4ce9cc42dfe3c12f653943ba98a53c495709978c05e77dbb1071db114f2ed893N.exe
-
Size
132KB
-
MD5
cd4a651584f8cad238529e6fc5a7d8e0
-
SHA1
cd3da1994f4c6b70a34f598bb895d6d81db5d847
-
SHA256
4ce9cc42dfe3c12f653943ba98a53c495709978c05e77dbb1071db114f2ed893
-
SHA512
bd09f771f7f4b1c00ad8726600990c2b80efc8ace4cfe18951f074d2084ffdcc20bacb478354ecb075dadfb4ffbf9e3cee496d0e56eb7d8842cec49383f220b7
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73tvn+Yp9gFb8kSv3v1Jgs7hMw8s5bBZf1B:n3C9BRo7tvnJ9oLSvv1FhMVIfn
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4ce9cc42dfe3c12f653943ba98a53c495709978c05e77dbb1071db114f2ed893N.exe"C:\Users\Admin\AppData\Local\Temp\4ce9cc42dfe3c12f653943ba98a53c495709978c05e77dbb1071db114f2ed893N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnhnb.exec:\nnnhnb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjdp.exec:\jjjdp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfxrfx.exec:\llfxrfx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htntbb.exec:\htntbb.exe5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\hnthhn.exec:\hnthhn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjvd.exec:\ddjvd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnthhb.exec:\hnthhb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dvjv.exec:\7dvjv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rrlxfx.exec:\3rrlxfx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbtnbn.exec:\tbtnbn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bthht.exec:\1bthht.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jvvv.exec:\7jvvv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lrxrlx.exec:\1lrxrlx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhbnh.exec:\nnhbnh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnbtb.exec:\nnnbtb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdv.exec:\vvjdv.exe17⤵
- Executes dropped EXE
-
\??\c:\xxxrfrr.exec:\xxxrfrr.exe18⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rrlfrfr.exec:\rrlfrfr.exe19⤵
- Executes dropped EXE
-
\??\c:\nnbhtb.exec:\nnbhtb.exe20⤵
- Executes dropped EXE
-
\??\c:\1pjjv.exec:\1pjjv.exe21⤵
- Executes dropped EXE
-
\??\c:\xxfrrfr.exec:\xxfrrfr.exe22⤵
- Executes dropped EXE
-
\??\c:\hhbhtb.exec:\hhbhtb.exe23⤵
- Executes dropped EXE
-
\??\c:\ttnbnb.exec:\ttnbnb.exe24⤵
- Executes dropped EXE
-
\??\c:\vpjpd.exec:\vpjpd.exe25⤵
- Executes dropped EXE
-
\??\c:\llflxll.exec:\llflxll.exe26⤵
- Executes dropped EXE
-
\??\c:\xxfrxlf.exec:\xxfrxlf.exe27⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\5nnntb.exec:\5nnntb.exe28⤵
- Executes dropped EXE
-
\??\c:\vdvvp.exec:\vdvvp.exe29⤵
- Executes dropped EXE
-
\??\c:\flflxlx.exec:\flflxlx.exe30⤵
- Executes dropped EXE
-
\??\c:\9nhthb.exec:\9nhthb.exe31⤵
- Executes dropped EXE
-
\??\c:\5hnhnh.exec:\5hnhnh.exe32⤵
- Executes dropped EXE
-
\??\c:\vpjpv.exec:\vpjpv.exe33⤵
- Executes dropped EXE
-
\??\c:\llfllxx.exec:\llfllxx.exe34⤵
- Executes dropped EXE
-
\??\c:\hnnhnh.exec:\hnnhnh.exe35⤵
- Executes dropped EXE
-
\??\c:\1hhntb.exec:\1hhntb.exe36⤵
- Executes dropped EXE
-
\??\c:\1pdvd.exec:\1pdvd.exe37⤵
- Executes dropped EXE
-
\??\c:\pvvvv.exec:\pvvvv.exe38⤵
- Executes dropped EXE
-
\??\c:\9xlrxxl.exec:\9xlrxxl.exe39⤵
- Executes dropped EXE
-
\??\c:\rrlllff.exec:\rrlllff.exe40⤵
- Executes dropped EXE
-
\??\c:\ttnbth.exec:\ttnbth.exe41⤵
- Executes dropped EXE
-
\??\c:\hnhnbn.exec:\hnhnbn.exe42⤵
- Executes dropped EXE
-
\??\c:\jdpvd.exec:\jdpvd.exe43⤵
- Executes dropped EXE
-
\??\c:\jjdjv.exec:\jjdjv.exe44⤵
- Executes dropped EXE
-
\??\c:\5rrxlrx.exec:\5rrxlrx.exe45⤵
- Executes dropped EXE
-
\??\c:\llrffff.exec:\llrffff.exe46⤵
- Executes dropped EXE
-
\??\c:\hnnnhb.exec:\hnnnhb.exe47⤵
- Executes dropped EXE
-
\??\c:\ppjvj.exec:\ppjvj.exe48⤵
- Executes dropped EXE
-
\??\c:\jdjvj.exec:\jdjvj.exe49⤵
- Executes dropped EXE
-
\??\c:\lrlfxxx.exec:\lrlfxxx.exe50⤵
- Executes dropped EXE
-
\??\c:\flxlrrf.exec:\flxlrrf.exe51⤵
- Executes dropped EXE
-
\??\c:\9nhthb.exec:\9nhthb.exe52⤵
- Executes dropped EXE
-
\??\c:\bbntht.exec:\bbntht.exe53⤵
- Executes dropped EXE
-
\??\c:\jpjjd.exec:\jpjjd.exe54⤵
- Executes dropped EXE
-
\??\c:\jppdv.exec:\jppdv.exe55⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\9fflxfx.exec:\9fflxfx.exe56⤵
- Executes dropped EXE
-
\??\c:\ffxlxfx.exec:\ffxlxfx.exe57⤵
- Executes dropped EXE
-
\??\c:\hhhthh.exec:\hhhthh.exe58⤵
- Executes dropped EXE
-
\??\c:\hbbhnt.exec:\hbbhnt.exe59⤵
- Executes dropped EXE
-
\??\c:\ppjdj.exec:\ppjdj.exe60⤵
- Executes dropped EXE
-
\??\c:\jvdpp.exec:\jvdpp.exe61⤵
- Executes dropped EXE
-
\??\c:\xxlrlfx.exec:\xxlrlfx.exe62⤵
- Executes dropped EXE
-
\??\c:\llxfrxl.exec:\llxfrxl.exe63⤵
- Executes dropped EXE
-
\??\c:\ttnthn.exec:\ttnthn.exe64⤵
- Executes dropped EXE
-
\??\c:\9hbbth.exec:\9hbbth.exe65⤵
- Executes dropped EXE
-
\??\c:\ppdpv.exec:\ppdpv.exe66⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe67⤵
-
\??\c:\1rrxrfl.exec:\1rrxrfl.exe68⤵
-
\??\c:\7tbthn.exec:\7tbthn.exe69⤵
-
\??\c:\7bthtt.exec:\7bthtt.exe70⤵
-
\??\c:\jdjvv.exec:\jdjvv.exe71⤵
-
\??\c:\ppjdv.exec:\ppjdv.exe72⤵
-
\??\c:\5xxflxl.exec:\5xxflxl.exe73⤵
-
\??\c:\xffrlfx.exec:\xffrlfx.exe74⤵
-
\??\c:\htnhtn.exec:\htnhtn.exe75⤵
-
\??\c:\btnhtt.exec:\btnhtt.exe76⤵
-
\??\c:\jvddp.exec:\jvddp.exe77⤵
-
\??\c:\xrfxlfl.exec:\xrfxlfl.exe78⤵
-
\??\c:\rrrfrlx.exec:\rrrfrlx.exe79⤵
- System Location Discovery: System Language Discovery
-
\??\c:\nhbhbh.exec:\nhbhbh.exe80⤵
-
\??\c:\nnbtht.exec:\nnbtht.exe81⤵
-
\??\c:\jjpjj.exec:\jjpjj.exe82⤵
-
\??\c:\vvpvj.exec:\vvpvj.exe83⤵
-
\??\c:\fxlflll.exec:\fxlflll.exe84⤵
-
\??\c:\xxxfrxl.exec:\xxxfrxl.exe85⤵
-
\??\c:\hntbbn.exec:\hntbbn.exe86⤵
-
\??\c:\hhtntt.exec:\hhtntt.exe87⤵
-
\??\c:\pdpjv.exec:\pdpjv.exe88⤵
-
\??\c:\fllxlxr.exec:\fllxlxr.exe89⤵
-
\??\c:\ffxlxlx.exec:\ffxlxlx.exe90⤵
-
\??\c:\rlflxfx.exec:\rlflxfx.exe91⤵
-
\??\c:\htbnbn.exec:\htbnbn.exe92⤵
-
\??\c:\jjvjp.exec:\jjvjp.exe93⤵
-
\??\c:\dvppj.exec:\dvppj.exe94⤵
-
\??\c:\7fxxflf.exec:\7fxxflf.exe95⤵
-
\??\c:\xxxfrll.exec:\xxxfrll.exe96⤵
-
\??\c:\9tbhbh.exec:\9tbhbh.exe97⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe98⤵
-
\??\c:\7vdjv.exec:\7vdjv.exe99⤵
-
\??\c:\7xxfrxr.exec:\7xxfrxr.exe100⤵
-
\??\c:\rxxfxlx.exec:\rxxfxlx.exe101⤵
-
\??\c:\hnbbth.exec:\hnbbth.exe102⤵
-
\??\c:\nnttht.exec:\nnttht.exe103⤵
-
\??\c:\djdvv.exec:\djdvv.exe104⤵
-
\??\c:\vddpd.exec:\vddpd.exe105⤵
-
\??\c:\rrlxrfx.exec:\rrlxrfx.exe106⤵
-
\??\c:\5hbhnb.exec:\5hbhnb.exe107⤵
-
\??\c:\hnbhhn.exec:\hnbhhn.exe108⤵
-
\??\c:\9ppvp.exec:\9ppvp.exe109⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe110⤵
-
\??\c:\xxrfxlf.exec:\xxrfxlf.exe111⤵
-
\??\c:\rrrlfxr.exec:\rrrlfxr.exe112⤵
-
\??\c:\7bhhth.exec:\7bhhth.exe113⤵
-
\??\c:\ddvdj.exec:\ddvdj.exe114⤵
-
\??\c:\pjddp.exec:\pjddp.exe115⤵
-
\??\c:\lrffxxf.exec:\lrffxxf.exe116⤵
-
\??\c:\9lrflrl.exec:\9lrflrl.exe117⤵
-
\??\c:\thnbbt.exec:\thnbbt.exe118⤵
-
\??\c:\ddvjv.exec:\ddvjv.exe119⤵
-
\??\c:\jvvjp.exec:\jvvjp.exe120⤵
-
\??\c:\frxrxrx.exec:\frxrxrx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-