Analysis
-
max time kernel
120s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
27-09-2024 17:56
General
-
Target
e8617478199895ce265feb19ff938eaeb195c5751190fe034092d6c12bee1c34N.exe
-
Size
65KB
-
MD5
425d153dd998d24be8e9061f34c1a380
-
SHA1
0ad1b971c8669997acd409e09534d6ba00f4e6e4
-
SHA256
e8617478199895ce265feb19ff938eaeb195c5751190fe034092d6c12bee1c34
-
SHA512
8762966a6c863910bd8a232b0263633ef7c8a6c614d5c44dfb6007083a4478fdb46277848d7e256956d045f91824cb4e08ed53e6b6c83f1fb83b7de369ab39bf
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yU+kbxij:ymb3NkkiQ3mdBjF0y7kbA
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e8617478199895ce265feb19ff938eaeb195c5751190fe034092d6c12bee1c34N.exe"C:\Users\Admin\AppData\Local\Temp\e8617478199895ce265feb19ff938eaeb195c5751190fe034092d6c12bee1c34N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxxxfr.exec:\xxxxxfr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtnnt.exec:\nhtnnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppddd.exec:\ppddd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxrllr.exec:\rlxrllr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvvj.exec:\jjvvj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxflxfl.exec:\xxflxfl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbhn.exec:\hthbhn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvv.exec:\jddvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxllllr.exec:\fxllllr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttbtt.exec:\tttbtt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhntbh.exec:\hhntbh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjddp.exec:\jjddp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvdp.exec:\jjvdp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrffl.exec:\xrrrffl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7htttt.exec:\7htttt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhttnn.exec:\hhttnn.exe17⤵
- Executes dropped EXE
-
\??\c:\jdjpv.exec:\jdjpv.exe18⤵
- Executes dropped EXE
-
\??\c:\xrlxffr.exec:\xrlxffr.exe19⤵
- Executes dropped EXE
-
\??\c:\5rffxfl.exec:\5rffxfl.exe20⤵
- Executes dropped EXE
-
\??\c:\nnhhnn.exec:\nnhhnn.exe21⤵
- Executes dropped EXE
-
\??\c:\nhtbnt.exec:\nhtbnt.exe22⤵
- Executes dropped EXE
-
\??\c:\dpddd.exec:\dpddd.exe23⤵
- Executes dropped EXE
-
\??\c:\ffrxflr.exec:\ffrxflr.exe24⤵
- Executes dropped EXE
-
\??\c:\xrrrxxf.exec:\xrrrxxf.exe25⤵
- Executes dropped EXE
-
\??\c:\7bnntn.exec:\7bnntn.exe26⤵
- Executes dropped EXE
-
\??\c:\nhntnn.exec:\nhntnn.exe27⤵
- Executes dropped EXE
-
\??\c:\1vpvj.exec:\1vpvj.exe28⤵
- Executes dropped EXE
-
\??\c:\xlxxffl.exec:\xlxxffl.exe29⤵
- Executes dropped EXE
-
\??\c:\rfflrrx.exec:\rfflrrx.exe30⤵
- Executes dropped EXE
-
\??\c:\rlrxxxl.exec:\rlrxxxl.exe31⤵
- Executes dropped EXE
-
\??\c:\hhnnbb.exec:\hhnnbb.exe32⤵
- Executes dropped EXE
-
\??\c:\9htttb.exec:\9htttb.exe33⤵
- Executes dropped EXE
-
\??\c:\5vpjj.exec:\5vpjj.exe34⤵
- Executes dropped EXE
-
\??\c:\fxflrxf.exec:\fxflrxf.exe35⤵
- Executes dropped EXE
-
\??\c:\ffxllxl.exec:\ffxllxl.exe36⤵
- Executes dropped EXE
-
\??\c:\nhnntb.exec:\nhnntb.exe37⤵
- Executes dropped EXE
-
\??\c:\htbntt.exec:\htbntt.exe38⤵
- Executes dropped EXE
-
\??\c:\1vvdd.exec:\1vvdd.exe39⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\xrrxflr.exec:\xrrxflr.exe40⤵
- Executes dropped EXE
-
\??\c:\3xrrllf.exec:\3xrrllf.exe41⤵
- Executes dropped EXE
-
\??\c:\pddjj.exec:\pddjj.exe42⤵
- Executes dropped EXE
-
\??\c:\pjpjv.exec:\pjpjv.exe43⤵
- Executes dropped EXE
-
\??\c:\xrxxrll.exec:\xrxxrll.exe44⤵
- Executes dropped EXE
-
\??\c:\lfrlrrr.exec:\lfrlrrr.exe45⤵
- Executes dropped EXE
-
\??\c:\3thhtn.exec:\3thhtn.exe46⤵
- Executes dropped EXE
-
\??\c:\nhhbbb.exec:\nhhbbb.exe47⤵
- Executes dropped EXE
-
\??\c:\jdjjp.exec:\jdjjp.exe48⤵
- Executes dropped EXE
-
\??\c:\pjjjd.exec:\pjjjd.exe49⤵
- Executes dropped EXE
-
\??\c:\jdjjj.exec:\jdjjj.exe50⤵
- Executes dropped EXE
-
\??\c:\9flxrrr.exec:\9flxrrr.exe51⤵
- Executes dropped EXE
-
\??\c:\rrffxrx.exec:\rrffxrx.exe52⤵
- Executes dropped EXE
-
\??\c:\9tbhnt.exec:\9tbhnt.exe53⤵
- Executes dropped EXE
-
\??\c:\nbhttn.exec:\nbhttn.exe54⤵
- Executes dropped EXE
-
\??\c:\vpppj.exec:\vpppj.exe55⤵
- Executes dropped EXE
-
\??\c:\vpjjj.exec:\vpjjj.exe56⤵
- Executes dropped EXE
-
\??\c:\pjpdd.exec:\pjpdd.exe57⤵
- Executes dropped EXE
-
\??\c:\fxrlrll.exec:\fxrlrll.exe58⤵
- Executes dropped EXE
-
\??\c:\xxflxlr.exec:\xxflxlr.exe59⤵
- Executes dropped EXE
-
\??\c:\bnbbtt.exec:\bnbbtt.exe60⤵
- Executes dropped EXE
-
\??\c:\thnhnh.exec:\thnhnh.exe61⤵
- Executes dropped EXE
-
\??\c:\7vddj.exec:\7vddj.exe62⤵
- Executes dropped EXE
-
\??\c:\vpvpp.exec:\vpvpp.exe63⤵
- Executes dropped EXE
-
\??\c:\xllflfx.exec:\xllflfx.exe64⤵
- Executes dropped EXE
-
\??\c:\lflflff.exec:\lflflff.exe65⤵
- Executes dropped EXE
-
\??\c:\3nttbb.exec:\3nttbb.exe66⤵
-
\??\c:\7hnhhh.exec:\7hnhhh.exe67⤵
-
\??\c:\thhhhb.exec:\thhhhb.exe68⤵
-
\??\c:\1vdvv.exec:\1vdvv.exe69⤵
-
\??\c:\pddvv.exec:\pddvv.exe70⤵
-
\??\c:\5rlfffl.exec:\5rlfffl.exe71⤵
-
\??\c:\xrxlrlr.exec:\xrxlrlr.exe72⤵
-
\??\c:\lrxxxxx.exec:\lrxxxxx.exe73⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe74⤵
-
\??\c:\nhhhbb.exec:\nhhhbb.exe75⤵
-
\??\c:\jdpdv.exec:\jdpdv.exe76⤵
-
\??\c:\vjppp.exec:\vjppp.exe77⤵
-
\??\c:\xlrrxrr.exec:\xlrrxrr.exe78⤵
- System Location Discovery: System Language Discovery
-
\??\c:\lflxxxf.exec:\lflxxxf.exe79⤵
-
\??\c:\1bntbt.exec:\1bntbt.exe80⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe81⤵
-
\??\c:\5pjjj.exec:\5pjjj.exe82⤵
-
\??\c:\vjvpv.exec:\vjvpv.exe83⤵
-
\??\c:\rlrlfff.exec:\rlrlfff.exe84⤵
-
\??\c:\1rllrlr.exec:\1rllrlr.exe85⤵
-
\??\c:\9tbbhn.exec:\9tbbhn.exe86⤵
-
\??\c:\5hbbhn.exec:\5hbbhn.exe87⤵
-
\??\c:\vpppp.exec:\vpppp.exe88⤵
-
\??\c:\1pppp.exec:\1pppp.exe89⤵
-
\??\c:\fxrxfxl.exec:\fxrxfxl.exe90⤵
-
\??\c:\lrxfrxl.exec:\lrxfrxl.exe91⤵
-
\??\c:\hbnhnn.exec:\hbnhnn.exe92⤵
-
\??\c:\5bhttb.exec:\5bhttb.exe93⤵
-
\??\c:\vjppp.exec:\vjppp.exe94⤵
-
\??\c:\frfrrll.exec:\frfrrll.exe95⤵
-
\??\c:\rflllrx.exec:\rflllrx.exe96⤵
-
\??\c:\btbhhb.exec:\btbhhb.exe97⤵
-
\??\c:\7nhttb.exec:\7nhttb.exe98⤵
-
\??\c:\pjjpp.exec:\pjjpp.exe99⤵
-
\??\c:\vvppd.exec:\vvppd.exe100⤵
-
\??\c:\5rxlllr.exec:\5rxlllr.exe101⤵
-
\??\c:\xxrxxxf.exec:\xxrxxxf.exe102⤵
-
\??\c:\9thnnt.exec:\9thnnt.exe103⤵
-
\??\c:\hhnbbb.exec:\hhnbbb.exe104⤵
-
\??\c:\jjdpj.exec:\jjdpj.exe105⤵
-
\??\c:\3pddp.exec:\3pddp.exe106⤵
-
\??\c:\5rxxlfl.exec:\5rxxlfl.exe107⤵
-
\??\c:\1frxxxf.exec:\1frxxxf.exe108⤵
-
\??\c:\hbhhhh.exec:\hbhhhh.exe109⤵
-
\??\c:\9hbhnt.exec:\9hbhnt.exe110⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe111⤵
-
\??\c:\jdppp.exec:\jdppp.exe112⤵
-
\??\c:\3xllrrx.exec:\3xllrrx.exe113⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rrxfrxf.exec:\rrxfrxf.exe114⤵
-
\??\c:\thttnt.exec:\thttnt.exe115⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe116⤵
-
\??\c:\btbnbb.exec:\btbnbb.exe117⤵
-
\??\c:\jjpdp.exec:\jjpdp.exe118⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe119⤵
-
\??\c:\ffrflrf.exec:\ffrflrf.exe120⤵
-
\??\c:\xlrxlfl.exec:\xlrxlfl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-