Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
28/09/2024, 06:40
General
-
Target
31f6cf22a0a9a8fce9a6cc85af4852c2eb22935f50adb02a4c64773611984c4aN.exe
-
Size
64KB
-
MD5
4c195614474608945b8670dd65438890
-
SHA1
c5586d904660809bddae1dc2f49f3daf9b1810f5
-
SHA256
31f6cf22a0a9a8fce9a6cc85af4852c2eb22935f50adb02a4c64773611984c4a
-
SHA512
c70322bc2478c2fde29002fb03c053e233316dae4ec182b88fa6f4ae79d54f9787536cc0dd8cc7dff937300daf1707c083827c0946c5e08ae18245cc9cef5f94
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI9L27B12:ymb3NkkiQ3mdBjFI9cg
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\31f6cf22a0a9a8fce9a6cc85af4852c2eb22935f50adb02a4c64773611984c4aN.exe"C:\Users\Admin\AppData\Local\Temp\31f6cf22a0a9a8fce9a6cc85af4852c2eb22935f50adb02a4c64773611984c4aN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9dvpp.exec:\9dvpp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpvp.exec:\jjpvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nhthb.exec:\9nhthb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbthb.exec:\thbthb.exe5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\rlflxfr.exec:\rlflxfr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbhnt.exec:\tnbhnt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntthn.exec:\nntthn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddv.exec:\vpddv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrxlxl.exec:\xxrxlxl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbthhn.exec:\tbthhn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhth.exec:\tnhhth.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvd.exec:\jdpvd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfflrf.exec:\rlfflrf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3llrxxl.exec:\3llrxxl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1htthn.exec:\1htthn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnthb.exec:\nbnthb.exe17⤵
- Executes dropped EXE
-
\??\c:\jjdvp.exec:\jjdvp.exe18⤵
- Executes dropped EXE
-
\??\c:\lfflxxl.exec:\lfflxxl.exe19⤵
- Executes dropped EXE
-
\??\c:\rrrxllx.exec:\rrrxllx.exe20⤵
- Executes dropped EXE
-
\??\c:\ntntnb.exec:\ntntnb.exe21⤵
- Executes dropped EXE
-
\??\c:\hhbntb.exec:\hhbntb.exe22⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\jjvdp.exec:\jjvdp.exe23⤵
- Executes dropped EXE
-
\??\c:\xxlxrxr.exec:\xxlxrxr.exe24⤵
- Executes dropped EXE
-
\??\c:\fxlrflr.exec:\fxlrflr.exe25⤵
- Executes dropped EXE
-
\??\c:\bthbtb.exec:\bthbtb.exe26⤵
- Executes dropped EXE
-
\??\c:\nbnntb.exec:\nbnntb.exe27⤵
- Executes dropped EXE
-
\??\c:\jjdvd.exec:\jjdvd.exe28⤵
- Executes dropped EXE
-
\??\c:\xxrxrfr.exec:\xxrxrfr.exe29⤵
- Executes dropped EXE
-
\??\c:\lxrlrfr.exec:\lxrlrfr.exe30⤵
- Executes dropped EXE
-
\??\c:\hhbbnb.exec:\hhbbnb.exe31⤵
- Executes dropped EXE
-
\??\c:\tnthhh.exec:\tnthhh.exe32⤵
- Executes dropped EXE
-
\??\c:\jvjvd.exec:\jvjvd.exe33⤵
- Executes dropped EXE
-
\??\c:\lffrfrl.exec:\lffrfrl.exe34⤵
- Executes dropped EXE
-
\??\c:\5fxlxfx.exec:\5fxlxfx.exe35⤵
- Executes dropped EXE
-
\??\c:\tnhtbh.exec:\tnhtbh.exe36⤵
- Executes dropped EXE
-
\??\c:\nhhntt.exec:\nhhntt.exe37⤵
- Executes dropped EXE
-
\??\c:\5jddp.exec:\5jddp.exe38⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe39⤵
- Executes dropped EXE
-
\??\c:\3fxlrlx.exec:\3fxlrlx.exe40⤵
- Executes dropped EXE
-
\??\c:\lfrrffl.exec:\lfrrffl.exe41⤵
- Executes dropped EXE
-
\??\c:\tnhthn.exec:\tnhthn.exe42⤵
- Executes dropped EXE
-
\??\c:\1nhhtb.exec:\1nhhtb.exe43⤵
- Executes dropped EXE
-
\??\c:\vjddv.exec:\vjddv.exe44⤵
- Executes dropped EXE
-
\??\c:\vdvdp.exec:\vdvdp.exe45⤵
- Executes dropped EXE
-
\??\c:\lfrrxxl.exec:\lfrrxxl.exe46⤵
- Executes dropped EXE
-
\??\c:\tthnbh.exec:\tthnbh.exe47⤵
- Executes dropped EXE
-
\??\c:\nhbbhb.exec:\nhbbhb.exe48⤵
- Executes dropped EXE
-
\??\c:\vpjpj.exec:\vpjpj.exe49⤵
- Executes dropped EXE
-
\??\c:\ddvdd.exec:\ddvdd.exe50⤵
- Executes dropped EXE
-
\??\c:\vdpdp.exec:\vdpdp.exe51⤵
- Executes dropped EXE
-
\??\c:\9ffxfll.exec:\9ffxfll.exe52⤵
- Executes dropped EXE
-
\??\c:\ththbh.exec:\ththbh.exe53⤵
- Executes dropped EXE
-
\??\c:\nnbbnt.exec:\nnbbnt.exe54⤵
- Executes dropped EXE
-
\??\c:\vjpdd.exec:\vjpdd.exe55⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\pdvdd.exec:\pdvdd.exe56⤵
- Executes dropped EXE
-
\??\c:\1rrxrfl.exec:\1rrxrfl.exe57⤵
- Executes dropped EXE
-
\??\c:\lfrlxxl.exec:\lfrlxxl.exe58⤵
- Executes dropped EXE
-
\??\c:\nhnthn.exec:\nhnthn.exe59⤵
- Executes dropped EXE
-
\??\c:\1hbhnn.exec:\1hbhnn.exe60⤵
- Executes dropped EXE
-
\??\c:\ppddd.exec:\ppddd.exe61⤵
- Executes dropped EXE
-
\??\c:\jjjpd.exec:\jjjpd.exe62⤵
- Executes dropped EXE
-
\??\c:\xxlxffr.exec:\xxlxffr.exe63⤵
- Executes dropped EXE
-
\??\c:\7rlrxxl.exec:\7rlrxxl.exe64⤵
- Executes dropped EXE
-
\??\c:\hhbhhn.exec:\hhbhhn.exe65⤵
- Executes dropped EXE
-
\??\c:\tntnth.exec:\tntnth.exe66⤵
-
\??\c:\jvpjp.exec:\jvpjp.exe67⤵
-
\??\c:\vpddj.exec:\vpddj.exe68⤵
-
\??\c:\lfflxxf.exec:\lfflxxf.exe69⤵
-
\??\c:\frllfrx.exec:\frllfrx.exe70⤵
-
\??\c:\1nhnbn.exec:\1nhnbn.exe71⤵
-
\??\c:\hthhtt.exec:\hthhtt.exe72⤵
-
\??\c:\jjvjd.exec:\jjvjd.exe73⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe74⤵
-
\??\c:\rrxfllr.exec:\rrxfllr.exe75⤵
-
\??\c:\5xflxfr.exec:\5xflxfr.exe76⤵
-
\??\c:\7btbtb.exec:\7btbtb.exe77⤵
-
\??\c:\hhttbb.exec:\hhttbb.exe78⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe79⤵
-
\??\c:\ppjpv.exec:\ppjpv.exe80⤵
-
\??\c:\3xfrrxl.exec:\3xfrrxl.exe81⤵
-
\??\c:\fxxllxl.exec:\fxxllxl.exe82⤵
-
\??\c:\xllxlxf.exec:\xllxlxf.exe83⤵
-
\??\c:\hhbbnn.exec:\hhbbnn.exe84⤵
-
\??\c:\nnbbhn.exec:\nnbbhn.exe85⤵
-
\??\c:\9pjdd.exec:\9pjdd.exe86⤵
-
\??\c:\jdvjp.exec:\jdvjp.exe87⤵
-
\??\c:\fflrfrx.exec:\fflrfrx.exe88⤵
-
\??\c:\fxrrffl.exec:\fxrrffl.exe89⤵
-
\??\c:\hbbhbh.exec:\hbbhbh.exe90⤵
-
\??\c:\7btbhn.exec:\7btbhn.exe91⤵
-
\??\c:\dvddj.exec:\dvddj.exe92⤵
-
\??\c:\pjjpv.exec:\pjjpv.exe93⤵
-
\??\c:\7lrxxxf.exec:\7lrxxxf.exe94⤵
-
\??\c:\lfxxrxf.exec:\lfxxrxf.exe95⤵
-
\??\c:\nhhtht.exec:\nhhtht.exe96⤵
-
\??\c:\5thhnh.exec:\5thhnh.exe97⤵
-
\??\c:\5pvdp.exec:\5pvdp.exe98⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe99⤵
-
\??\c:\frxfrlr.exec:\frxfrlr.exe100⤵
-
\??\c:\ffxrffx.exec:\ffxrffx.exe101⤵
-
\??\c:\xxrfrfl.exec:\xxrfrfl.exe102⤵
-
\??\c:\tntthn.exec:\tntthn.exe103⤵
-
\??\c:\hbnnnb.exec:\hbnnnb.exe104⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe105⤵
-
\??\c:\tnhtbh.exec:\tnhtbh.exe106⤵
-
\??\c:\vjdjp.exec:\vjdjp.exe107⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe108⤵
-
\??\c:\9jddv.exec:\9jddv.exe109⤵
-
\??\c:\rrfxxxl.exec:\rrfxxxl.exe110⤵
-
\??\c:\5rlrrlf.exec:\5rlrrlf.exe111⤵
-
\??\c:\tnttnt.exec:\tnttnt.exe112⤵
-
\??\c:\ttbtnt.exec:\ttbtnt.exe113⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe114⤵
-
\??\c:\vdjdd.exec:\vdjdd.exe115⤵
-
\??\c:\xrlrrxl.exec:\xrlrrxl.exe116⤵
-
\??\c:\rrlxlxf.exec:\rrlxlxf.exe117⤵
-
\??\c:\3hhnbb.exec:\3hhnbb.exe118⤵
-
\??\c:\nhnntn.exec:\nhnntn.exe119⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vvjvj.exec:\vvjvj.exe120⤵
-
\??\c:\pjdvd.exec:\pjdvd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-