Analysis
-
max time kernel
120s -
max time network
15s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
27/09/2024, 03:49
General
-
Target
8c35093c4c1da7b935eadc924e7d4fd2914131774ba6d2fa0e71aeaee65bc51aN.exe
-
Size
452KB
-
MD5
f2b2cef7fffe44e4b96bc20883a0c280
-
SHA1
26c24cb4e944023c1dd676813df174a9c4f1a502
-
SHA256
8c35093c4c1da7b935eadc924e7d4fd2914131774ba6d2fa0e71aeaee65bc51a
-
SHA512
2ee4578ca489305f25298d570fe84b76ffe2393cac60de0bd341674dbfde050dea41a9a8fe539ac488422ed0003e1a5276ad450189589028f8704445937e4690
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeD:q7Tc2NYHUrAwfMp3CDD
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 45 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 43 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8c35093c4c1da7b935eadc924e7d4fd2914131774ba6d2fa0e71aeaee65bc51aN.exe"C:\Users\Admin\AppData\Local\Temp\8c35093c4c1da7b935eadc924e7d4fd2914131774ba6d2fa0e71aeaee65bc51aN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rtbdp.exec:\rtbdp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfnd.exec:\rxfnd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfpvtnf.exec:\lfpvtnf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lprph.exec:\lprph.exe5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\vbbnthj.exec:\vbbnthj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bftlv.exec:\bftlv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jptxb.exec:\jptxb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nfhtx.exec:\nfhtx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dbvphxx.exec:\dbvphxx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pxjhpf.exec:\pxjhpf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvnt.exec:\pjvnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\txllnlt.exec:\txllnlt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pnfpvh.exec:\pnfpvh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhvvr.exec:\nnhvvr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\phpbl.exec:\phpbl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bndfbln.exec:\bndfbln.exe17⤵
- Executes dropped EXE
-
\??\c:\flrdl.exec:\flrdl.exe18⤵
- Executes dropped EXE
-
\??\c:\tvpxt.exec:\tvpxt.exe19⤵
- Executes dropped EXE
-
\??\c:\bxvbv.exec:\bxvbv.exe20⤵
- Executes dropped EXE
-
\??\c:\nbvlr.exec:\nbvlr.exe21⤵
- Executes dropped EXE
-
\??\c:\pvpdlv.exec:\pvpdlv.exe22⤵
- Executes dropped EXE
-
\??\c:\hbpbd.exec:\hbpbd.exe23⤵
- Executes dropped EXE
-
\??\c:\hrdhxlh.exec:\hrdhxlh.exe24⤵
- Executes dropped EXE
-
\??\c:\dpfxp.exec:\dpfxp.exe25⤵
- Executes dropped EXE
-
\??\c:\phxdbhr.exec:\phxdbhr.exe26⤵
- Executes dropped EXE
-
\??\c:\dhlpr.exec:\dhlpr.exe27⤵
- Executes dropped EXE
-
\??\c:\vnbvnp.exec:\vnbvnp.exe28⤵
- Executes dropped EXE
-
\??\c:\bdvpjtv.exec:\bdvpjtv.exe29⤵
- Executes dropped EXE
-
\??\c:\xjhbpr.exec:\xjhbpr.exe30⤵
- Executes dropped EXE
-
\??\c:\dpnpnj.exec:\dpnpnj.exe31⤵
- Executes dropped EXE
-
\??\c:\xbxhpr.exec:\xbxhpr.exe32⤵
- Executes dropped EXE
-
\??\c:\vllljvl.exec:\vllljvl.exe33⤵
- Executes dropped EXE
-
\??\c:\vhbhxt.exec:\vhbhxt.exe34⤵
- Executes dropped EXE
-
\??\c:\nxhppd.exec:\nxhppd.exe35⤵
- Executes dropped EXE
-
\??\c:\prjbl.exec:\prjbl.exe36⤵
- Executes dropped EXE
-
\??\c:\vrhbj.exec:\vrhbj.exe37⤵
- Executes dropped EXE
-
\??\c:\pdpntj.exec:\pdpntj.exe38⤵
- Executes dropped EXE
-
\??\c:\hxfrlv.exec:\hxfrlv.exe39⤵
- Executes dropped EXE
-
\??\c:\lthptlt.exec:\lthptlt.exe40⤵
- Executes dropped EXE
-
\??\c:\vxhnlrn.exec:\vxhnlrn.exe41⤵
- Executes dropped EXE
-
\??\c:\rjbvd.exec:\rjbvd.exe42⤵
- Executes dropped EXE
-
\??\c:\tprbpvx.exec:\tprbpvx.exe43⤵
- Executes dropped EXE
-
\??\c:\rthnthv.exec:\rthnthv.exe44⤵
- Executes dropped EXE
-
\??\c:\nxdxphp.exec:\nxdxphp.exe45⤵
- Executes dropped EXE
-
\??\c:\hjlrrnf.exec:\hjlrrnf.exe46⤵
- Executes dropped EXE
-
\??\c:\jntpbfv.exec:\jntpbfv.exe47⤵
- Executes dropped EXE
-
\??\c:\ltpvjn.exec:\ltpvjn.exe48⤵
- Executes dropped EXE
-
\??\c:\llnvtb.exec:\llnvtb.exe49⤵
- Executes dropped EXE
-
\??\c:\hvjvvft.exec:\hvjvvft.exe50⤵
- Executes dropped EXE
-
\??\c:\txhxhtv.exec:\txhxhtv.exe51⤵
- Executes dropped EXE
-
\??\c:\tndjfhj.exec:\tndjfhj.exe52⤵
- Executes dropped EXE
-
\??\c:\rdhhtvl.exec:\rdhhtvl.exe53⤵
- Executes dropped EXE
-
\??\c:\bdfvxjt.exec:\bdfvxjt.exe54⤵
- Executes dropped EXE
-
\??\c:\xhvpld.exec:\xhvpld.exe55⤵
- Executes dropped EXE
-
\??\c:\jdhrhv.exec:\jdhrhv.exe56⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rfxdx.exec:\rfxdx.exe57⤵
- Executes dropped EXE
-
\??\c:\rdffdt.exec:\rdffdt.exe58⤵
- Executes dropped EXE
-
\??\c:\rhdph.exec:\rhdph.exe59⤵
- Executes dropped EXE
-
\??\c:\hfphdxd.exec:\hfphdxd.exe60⤵
- Executes dropped EXE
-
\??\c:\vhdjv.exec:\vhdjv.exe61⤵
- Executes dropped EXE
-
\??\c:\thjtrjl.exec:\thjtrjl.exe62⤵
- Executes dropped EXE
-
\??\c:\ppxxv.exec:\ppxxv.exe63⤵
- Executes dropped EXE
-
\??\c:\flpltr.exec:\flpltr.exe64⤵
- Executes dropped EXE
-
\??\c:\vvntvb.exec:\vvntvb.exe65⤵
- Executes dropped EXE
-
\??\c:\pbhbnrp.exec:\pbhbnrp.exe66⤵
-
\??\c:\thtrtln.exec:\thtrtln.exe67⤵
- System Location Discovery: System Language Discovery
-
\??\c:\nprppdf.exec:\nprppdf.exe68⤵
-
\??\c:\pllhhpn.exec:\pllhhpn.exe69⤵
-
\??\c:\pbtvp.exec:\pbtvp.exe70⤵
-
\??\c:\dhjpxpf.exec:\dhjpxpf.exe71⤵
-
\??\c:\brblp.exec:\brblp.exe72⤵
-
\??\c:\phdrlxr.exec:\phdrlxr.exe73⤵
-
\??\c:\thnrxh.exec:\thnrxh.exe74⤵
-
\??\c:\tdnpp.exec:\tdnpp.exe75⤵
-
\??\c:\nxrtvhx.exec:\nxrtvhx.exe76⤵
-
\??\c:\jhvhdv.exec:\jhvhdv.exe77⤵
-
\??\c:\hbxtd.exec:\hbxtd.exe78⤵
-
\??\c:\hdddxhh.exec:\hdddxhh.exe79⤵
-
\??\c:\nxlrj.exec:\nxlrj.exe80⤵
-
\??\c:\nrppd.exec:\nrppd.exe81⤵
-
\??\c:\jjnjxfv.exec:\jjnjxfv.exe82⤵
-
\??\c:\trtnhbx.exec:\trtnhbx.exe83⤵
-
\??\c:\rtthxbx.exec:\rtthxbx.exe84⤵
- System Location Discovery: System Language Discovery
-
\??\c:\bxlnv.exec:\bxlnv.exe85⤵
-
\??\c:\vhnrnfv.exec:\vhnrnfv.exe86⤵
-
\??\c:\vhnxlj.exec:\vhnxlj.exe87⤵
-
\??\c:\pdtxhnv.exec:\pdtxhnv.exe88⤵
-
\??\c:\fvvnj.exec:\fvvnj.exe89⤵
-
\??\c:\jrpbxv.exec:\jrpbxv.exe90⤵
-
\??\c:\tjjpjp.exec:\tjjpjp.exe91⤵
-
\??\c:\vrprf.exec:\vrprf.exe92⤵
-
\??\c:\jlrrht.exec:\jlrrht.exe93⤵
-
\??\c:\ljbrfn.exec:\ljbrfn.exe94⤵
-
\??\c:\tfnhvh.exec:\tfnhvh.exe95⤵
-
\??\c:\rvnht.exec:\rvnht.exe96⤵
-
\??\c:\hvvdtrx.exec:\hvvdtrx.exe97⤵
-
\??\c:\xjpnrvf.exec:\xjpnrvf.exe98⤵
-
\??\c:\tpjvnfh.exec:\tpjvnfh.exe99⤵
-
\??\c:\frfppjh.exec:\frfppjh.exe100⤵
-
\??\c:\vplvnh.exec:\vplvnh.exe101⤵
-
\??\c:\hrfnjht.exec:\hrfnjht.exe102⤵
-
\??\c:\hjnhb.exec:\hjnhb.exe103⤵
-
\??\c:\dhljrv.exec:\dhljrv.exe104⤵
-
\??\c:\nxtfj.exec:\nxtfj.exe105⤵
-
\??\c:\ttljnpl.exec:\ttljnpl.exe106⤵
-
\??\c:\xprdr.exec:\xprdr.exe107⤵
-
\??\c:\vlrnv.exec:\vlrnv.exe108⤵
-
\??\c:\hnhvdpd.exec:\hnhvdpd.exe109⤵
-
\??\c:\dpjpprh.exec:\dpjpprh.exe110⤵
- System Location Discovery: System Language Discovery
-
\??\c:\fxpxt.exec:\fxpxt.exe111⤵
-
\??\c:\plxln.exec:\plxln.exe112⤵
-
\??\c:\lxvfrx.exec:\lxvfrx.exe113⤵
-
\??\c:\rlpjjl.exec:\rlpjjl.exe114⤵
-
\??\c:\dlhdnn.exec:\dlhdnn.exe115⤵
-
\??\c:\fpbfjrt.exec:\fpbfjrt.exe116⤵
-
\??\c:\xvvfx.exec:\xvvfx.exe117⤵
-
\??\c:\ldfbt.exec:\ldfbt.exe118⤵
-
\??\c:\xvjbfx.exec:\xvjbfx.exe119⤵
-
\??\c:\pxpbv.exec:\pxpbv.exe120⤵
-
\??\c:\hthbnx.exec:\hthbnx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-