Analysis
-
max time kernel
150s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
28/09/2024, 03:58
General
-
Target
83638009768b9afffd2e650df3363fd1061ff700c965e4206adcbd9e2d3d92e3N.exe
-
Size
230KB
-
MD5
206d60f3a0dcf6796c167b145e8561b0
-
SHA1
af7bef0f3026a8850b1531afdfd3538d73e4437a
-
SHA256
83638009768b9afffd2e650df3363fd1061ff700c965e4206adcbd9e2d3d92e3
-
SHA512
5a2f9fc274b8b049afd58e476752e99607fc07f15963d606d498d22d64c7715a57650e1ca4e589e2cac043b1fa13b1ee79dbb724d69ec036e686218e2c0c55d2
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4xLjBeG+4:n3C9BRo7MlrWKo+lxKf
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\83638009768b9afffd2e650df3363fd1061ff700c965e4206adcbd9e2d3d92e3N.exe"C:\Users\Admin\AppData\Local\Temp\83638009768b9afffd2e650df3363fd1061ff700c965e4206adcbd9e2d3d92e3N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvj.exec:\pjvvj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxllll.exec:\rlxllll.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nbnhb.exec:\5nbnhb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffxllr.exec:\fffxllr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnbhb.exec:\hbnbhb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddp.exec:\jdddp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rrrfrf.exec:\1rrrfrf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrxfll.exec:\fxrxfll.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbnh.exec:\btbbnh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllrllf.exec:\rllrllf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hbhnn.exec:\5hbhnn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jdvj.exec:\1jdvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxlrrx.exec:\llxlrrx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtbhh.exec:\hhtbhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhhtb.exec:\nnhhtb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddpv.exec:\dddpv.exe17⤵
- Executes dropped EXE
-
\??\c:\llflrxf.exec:\llflrxf.exe18⤵
- Executes dropped EXE
-
\??\c:\xxrflrx.exec:\xxrflrx.exe19⤵
- Executes dropped EXE
-
\??\c:\3hhnbh.exec:\3hhnbh.exe20⤵
- Executes dropped EXE
-
\??\c:\ddpvp.exec:\ddpvp.exe21⤵
- Executes dropped EXE
-
\??\c:\llfflrf.exec:\llfflrf.exe22⤵
- Executes dropped EXE
-
\??\c:\nhbhnb.exec:\nhbhnb.exe23⤵
- Executes dropped EXE
-
\??\c:\9ntbnt.exec:\9ntbnt.exe24⤵
- Executes dropped EXE
-
\??\c:\rrlrxrx.exec:\rrlrxrx.exe25⤵
- Executes dropped EXE
-
\??\c:\7xrxffl.exec:\7xrxffl.exe26⤵
- Executes dropped EXE
-
\??\c:\btntbn.exec:\btntbn.exe27⤵
- Executes dropped EXE
-
\??\c:\3vjjj.exec:\3vjjj.exe28⤵
- Executes dropped EXE
-
\??\c:\xxlxrrl.exec:\xxlxrrl.exe29⤵
- Executes dropped EXE
-
\??\c:\hhhhnh.exec:\hhhhnh.exe30⤵
- Executes dropped EXE
-
\??\c:\1vjpv.exec:\1vjpv.exe31⤵
- Executes dropped EXE
-
\??\c:\rlflrxl.exec:\rlflrxl.exe32⤵
- Executes dropped EXE
-
\??\c:\tnbhhn.exec:\tnbhhn.exe33⤵
- Executes dropped EXE
-
\??\c:\jdpdd.exec:\jdpdd.exe34⤵
- Executes dropped EXE
-
\??\c:\vppvp.exec:\vppvp.exe35⤵
- Executes dropped EXE
-
\??\c:\hbtbhn.exec:\hbtbhn.exe36⤵
- Executes dropped EXE
-
\??\c:\tnbtbb.exec:\tnbtbb.exe37⤵
- Executes dropped EXE
-
\??\c:\dvjpp.exec:\dvjpp.exe38⤵
- Executes dropped EXE
-
\??\c:\pdpvd.exec:\pdpvd.exe39⤵
- Executes dropped EXE
-
\??\c:\5lxxxrx.exec:\5lxxxrx.exe40⤵
- Executes dropped EXE
-
\??\c:\thtttt.exec:\thtttt.exe41⤵
- Executes dropped EXE
-
\??\c:\httntn.exec:\httntn.exe42⤵
- Executes dropped EXE
-
\??\c:\pdpvj.exec:\pdpvj.exe43⤵
- Executes dropped EXE
-
\??\c:\vpddv.exec:\vpddv.exe44⤵
- Executes dropped EXE
-
\??\c:\lllfflf.exec:\lllfflf.exe45⤵
- Executes dropped EXE
-
\??\c:\7fffflx.exec:\7fffflx.exe46⤵
- Executes dropped EXE
-
\??\c:\5thntb.exec:\5thntb.exe47⤵
- Executes dropped EXE
-
\??\c:\1tnbbt.exec:\1tnbbt.exe48⤵
- Executes dropped EXE
-
\??\c:\vpdpv.exec:\vpdpv.exe49⤵
- Executes dropped EXE
-
\??\c:\9ddjp.exec:\9ddjp.exe50⤵
- Executes dropped EXE
-
\??\c:\9fffrrr.exec:\9fffrrr.exe51⤵
- Executes dropped EXE
-
\??\c:\nnhnhn.exec:\nnhnhn.exe52⤵
- Executes dropped EXE
-
\??\c:\btntbb.exec:\btntbb.exe53⤵
- Executes dropped EXE
-
\??\c:\3vvdv.exec:\3vvdv.exe54⤵
- Executes dropped EXE
-
\??\c:\fxrrxlf.exec:\fxrrxlf.exe55⤵
- Executes dropped EXE
-
\??\c:\xrfflrf.exec:\xrfflrf.exe56⤵
- Executes dropped EXE
-
\??\c:\5bthbh.exec:\5bthbh.exe57⤵
- Executes dropped EXE
-
\??\c:\hbtbtb.exec:\hbtbtb.exe58⤵
- Executes dropped EXE
-
\??\c:\vjpvd.exec:\vjpvd.exe59⤵
- Executes dropped EXE
-
\??\c:\dppvd.exec:\dppvd.exe60⤵
- Executes dropped EXE
-
\??\c:\3flrrrf.exec:\3flrrrf.exe61⤵
- Executes dropped EXE
-
\??\c:\lfxfxfl.exec:\lfxfxfl.exe62⤵
- Executes dropped EXE
-
\??\c:\nhtntb.exec:\nhtntb.exe63⤵
- Executes dropped EXE
-
\??\c:\jdjvj.exec:\jdjvj.exe64⤵
- Executes dropped EXE
-
\??\c:\vpjpd.exec:\vpjpd.exe65⤵
- Executes dropped EXE
-
\??\c:\llflxxl.exec:\llflxxl.exe66⤵
-
\??\c:\fxlxxrx.exec:\fxlxxrx.exe67⤵
-
\??\c:\nhttbh.exec:\nhttbh.exe68⤵
-
\??\c:\nhbthn.exec:\nhbthn.exe69⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe70⤵
-
\??\c:\1rlrxxf.exec:\1rlrxxf.exe71⤵
-
\??\c:\lfxxffr.exec:\lfxxffr.exe72⤵
-
\??\c:\ttnntt.exec:\ttnntt.exe73⤵
-
\??\c:\3nbbht.exec:\3nbbht.exe74⤵
-
\??\c:\pjddp.exec:\pjddp.exe75⤵
-
\??\c:\1pjdd.exec:\1pjdd.exe76⤵
-
\??\c:\llffrrx.exec:\llffrrx.exe77⤵
-
\??\c:\tnntnt.exec:\tnntnt.exe78⤵
-
\??\c:\bthnth.exec:\bthnth.exe79⤵
-
\??\c:\9dpjp.exec:\9dpjp.exe80⤵
-
\??\c:\pjvjp.exec:\pjvjp.exe81⤵
-
\??\c:\lfxxflr.exec:\lfxxflr.exe82⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xrllxff.exec:\xrllxff.exe83⤵
-
\??\c:\bnhnbh.exec:\bnhnbh.exe84⤵
-
\??\c:\1nnbnn.exec:\1nnbnn.exe85⤵
-
\??\c:\dvjvd.exec:\dvjvd.exe86⤵
-
\??\c:\dvpvv.exec:\dvpvv.exe87⤵
-
\??\c:\7lxrlll.exec:\7lxrlll.exe88⤵
-
\??\c:\flxxffl.exec:\flxxffl.exe89⤵
-
\??\c:\nnhhbh.exec:\nnhhbh.exe90⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe91⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe92⤵
-
\??\c:\llrrffl.exec:\llrrffl.exe93⤵
-
\??\c:\rlfrrrx.exec:\rlfrrrx.exe94⤵
-
\??\c:\hbnthn.exec:\hbnthn.exe95⤵
-
\??\c:\5bnhnt.exec:\5bnhnt.exe96⤵
-
\??\c:\pppvd.exec:\pppvd.exe97⤵
-
\??\c:\vpddp.exec:\vpddp.exe98⤵
-
\??\c:\rrrxxfr.exec:\rrrxxfr.exe99⤵
-
\??\c:\7nhtbn.exec:\7nhtbn.exe100⤵
-
\??\c:\5hhhbn.exec:\5hhhbn.exe101⤵
-
\??\c:\vvddj.exec:\vvddj.exe102⤵
-
\??\c:\jvpvv.exec:\jvpvv.exe103⤵
-
\??\c:\xllrxxr.exec:\xllrxxr.exe104⤵
-
\??\c:\3frxffr.exec:\3frxffr.exe105⤵
-
\??\c:\bnhnbh.exec:\bnhnbh.exe106⤵
-
\??\c:\hbthnh.exec:\hbthnh.exe107⤵
-
\??\c:\9pjvv.exec:\9pjvv.exe108⤵
-
\??\c:\vjvjv.exec:\vjvjv.exe109⤵
-
\??\c:\lflrflx.exec:\lflrflx.exe110⤵
-
\??\c:\frxfflr.exec:\frxfflr.exe111⤵
-
\??\c:\9btttn.exec:\9btttn.exe112⤵
-
\??\c:\dvvdv.exec:\dvvdv.exe113⤵
-
\??\c:\pjddd.exec:\pjddd.exe114⤵
-
\??\c:\3xxxxxl.exec:\3xxxxxl.exe115⤵
-
\??\c:\xrlrllx.exec:\xrlrllx.exe116⤵
-
\??\c:\hbnbhb.exec:\hbnbhb.exe117⤵
-
\??\c:\3hnnnt.exec:\3hnnnt.exe118⤵
-
\??\c:\3jdjp.exec:\3jdjp.exe119⤵
-
\??\c:\dvjvd.exec:\dvjvd.exe120⤵
-
\??\c:\1xrxfll.exec:\1xrxfll.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-