Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
30-09-2024 21:32
General
-
Target
4e26f38bbbf091fe002f258be4d65e670929c15fc6dd485be7bbb5c5727d2432N.exe
-
Size
82KB
-
MD5
cad9e2ef30454c6c517c644bc66b4890
-
SHA1
3ab06317d32cf3b122548bc0c4cf5f1486c7417c
-
SHA256
4e26f38bbbf091fe002f258be4d65e670929c15fc6dd485be7bbb5c5727d2432
-
SHA512
744b68fcd5ee17512e9f2fc6dacdc766c058dda6657b63f023dfdcd493b82eedd168943033166a9fcf8909b90bf4f35d134f9d7d95f4b4c85cb958c2cc3a1de3
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA89QIj:ymb3NkkiQ3mdBjFIIp9L9QrrA8rj
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4e26f38bbbf091fe002f258be4d65e670929c15fc6dd485be7bbb5c5727d2432N.exe"C:\Users\Admin\AppData\Local\Temp\4e26f38bbbf091fe002f258be4d65e670929c15fc6dd485be7bbb5c5727d2432N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrrllr.exec:\lfrrllr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9btnnt.exec:\9btnnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjdj.exec:\jvjdj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrxxfl.exec:\lfrxxfl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9thbhb.exec:\9thbhb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdddj.exec:\pdddj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxllllr.exec:\xxllllr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfflxxf.exec:\lfflxxf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbtbb.exec:\htbtbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjpd.exec:\jvjpd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfrxfl.exec:\xrfrxfl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlxlrr.exec:\frlxlrr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnnnn.exec:\hbnnnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbthnt.exec:\hbthnt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjpd.exec:\vvjpd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dpdp.exec:\7dpdp.exe17⤵
- Executes dropped EXE
-
\??\c:\rflffxf.exec:\rflffxf.exe18⤵
- Executes dropped EXE
-
\??\c:\tnbbhn.exec:\tnbbhn.exe19⤵
- Executes dropped EXE
-
\??\c:\htbbhh.exec:\htbbhh.exe20⤵
- Executes dropped EXE
-
\??\c:\3jddp.exec:\3jddp.exe21⤵
- Executes dropped EXE
-
\??\c:\dvddj.exec:\dvddj.exe22⤵
- Executes dropped EXE
-
\??\c:\1xxlxlf.exec:\1xxlxlf.exe23⤵
- Executes dropped EXE
-
\??\c:\lrxflrx.exec:\lrxflrx.exe24⤵
- Executes dropped EXE
-
\??\c:\hbhntn.exec:\hbhntn.exe25⤵
- Executes dropped EXE
-
\??\c:\pdvjv.exec:\pdvjv.exe26⤵
- Executes dropped EXE
-
\??\c:\lfxffff.exec:\lfxffff.exe27⤵
- Executes dropped EXE
-
\??\c:\frxxrxx.exec:\frxxrxx.exe28⤵
- Executes dropped EXE
-
\??\c:\hbhhnn.exec:\hbhhnn.exe29⤵
- Executes dropped EXE
-
\??\c:\ddjpd.exec:\ddjpd.exe30⤵
- Executes dropped EXE
-
\??\c:\5dddd.exec:\5dddd.exe31⤵
- Executes dropped EXE
-
\??\c:\xlrrrrr.exec:\xlrrrrr.exe32⤵
- Executes dropped EXE
-
\??\c:\7bttth.exec:\7bttth.exe33⤵
- Executes dropped EXE
-
\??\c:\nnhhbh.exec:\nnhhbh.exe34⤵
- Executes dropped EXE
-
\??\c:\jddjj.exec:\jddjj.exe35⤵
- Executes dropped EXE
-
\??\c:\vjvvv.exec:\vjvvv.exe36⤵
- Executes dropped EXE
-
\??\c:\rllrxxl.exec:\rllrxxl.exe37⤵
- Executes dropped EXE
-
\??\c:\tnhhnh.exec:\tnhhnh.exe38⤵
- Executes dropped EXE
-
\??\c:\htnnhh.exec:\htnnhh.exe39⤵
- Executes dropped EXE
-
\??\c:\3vpjj.exec:\3vpjj.exe40⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe41⤵
- Executes dropped EXE
-
\??\c:\xlxxlfr.exec:\xlxxlfr.exe42⤵
- Executes dropped EXE
-
\??\c:\xllffxx.exec:\xllffxx.exe43⤵
- Executes dropped EXE
-
\??\c:\hnhtbn.exec:\hnhtbn.exe44⤵
- Executes dropped EXE
-
\??\c:\bhnhhb.exec:\bhnhhb.exe45⤵
- Executes dropped EXE
-
\??\c:\pjddp.exec:\pjddp.exe46⤵
- Executes dropped EXE
-
\??\c:\nbntbb.exec:\nbntbb.exe47⤵
- Executes dropped EXE
-
\??\c:\1thbbb.exec:\1thbbb.exe48⤵
- Executes dropped EXE
-
\??\c:\pjdpp.exec:\pjdpp.exe49⤵
- Executes dropped EXE
-
\??\c:\djjdp.exec:\djjdp.exe50⤵
- Executes dropped EXE
-
\??\c:\xrlflrr.exec:\xrlflrr.exe51⤵
- Executes dropped EXE
-
\??\c:\rflfxxl.exec:\rflfxxl.exe52⤵
- Executes dropped EXE
-
\??\c:\htbhbh.exec:\htbhbh.exe53⤵
- Executes dropped EXE
-
\??\c:\hthnnh.exec:\hthnnh.exe54⤵
- Executes dropped EXE
-
\??\c:\vjvvp.exec:\vjvvp.exe55⤵
- Executes dropped EXE
-
\??\c:\vpppp.exec:\vpppp.exe56⤵
- Executes dropped EXE
-
\??\c:\rflllfr.exec:\rflllfr.exe57⤵
- Executes dropped EXE
-
\??\c:\lxrxllr.exec:\lxrxllr.exe58⤵
- Executes dropped EXE
-
\??\c:\bbtnhn.exec:\bbtnhn.exe59⤵
- Executes dropped EXE
-
\??\c:\5tnttt.exec:\5tnttt.exe60⤵
- Executes dropped EXE
-
\??\c:\vpppv.exec:\vpppv.exe61⤵
- Executes dropped EXE
-
\??\c:\pdpvd.exec:\pdpvd.exe62⤵
- Executes dropped EXE
-
\??\c:\fxrrrxl.exec:\fxrrrxl.exe63⤵
- Executes dropped EXE
-
\??\c:\5fflflr.exec:\5fflflr.exe64⤵
- Executes dropped EXE
-
\??\c:\9bbhtt.exec:\9bbhtt.exe65⤵
- Executes dropped EXE
-
\??\c:\5nhnhb.exec:\5nhnhb.exe66⤵
-
\??\c:\jvjdj.exec:\jvjdj.exe67⤵
-
\??\c:\9vvpd.exec:\9vvpd.exe68⤵
-
\??\c:\frrfllr.exec:\frrfllr.exe69⤵
-
\??\c:\hbnbth.exec:\hbnbth.exe70⤵
-
\??\c:\tnbhnn.exec:\tnbhnn.exe71⤵
-
\??\c:\vvdjd.exec:\vvdjd.exe72⤵
-
\??\c:\djvpj.exec:\djvpj.exe73⤵
-
\??\c:\frfflrx.exec:\frfflrx.exe74⤵
-
\??\c:\btnhnh.exec:\btnhnh.exe75⤵
-
\??\c:\hbtnbb.exec:\hbtnbb.exe76⤵
-
\??\c:\9jvpj.exec:\9jvpj.exe77⤵
-
\??\c:\dpdvd.exec:\dpdvd.exe78⤵
-
\??\c:\9rlrxlr.exec:\9rlrxlr.exe79⤵
-
\??\c:\llxrrlr.exec:\llxrrlr.exe80⤵
-
\??\c:\tnnnnt.exec:\tnnnnt.exe81⤵
-
\??\c:\9hbbtb.exec:\9hbbtb.exe82⤵
-
\??\c:\vddjp.exec:\vddjp.exe83⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe84⤵
-
\??\c:\7lfffll.exec:\7lfffll.exe85⤵
-
\??\c:\xxfxrlr.exec:\xxfxrlr.exe86⤵
-
\??\c:\lxflxfr.exec:\lxflxfr.exe87⤵
-
\??\c:\1btnbt.exec:\1btnbt.exe88⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe89⤵
-
\??\c:\jvdpp.exec:\jvdpp.exe90⤵
-
\??\c:\pdvvv.exec:\pdvvv.exe91⤵
-
\??\c:\9pjjj.exec:\9pjjj.exe92⤵
-
\??\c:\lxxfrxr.exec:\lxxfrxr.exe93⤵
-
\??\c:\xxlrrxl.exec:\xxlrrxl.exe94⤵
-
\??\c:\nbthhh.exec:\nbthhh.exe95⤵
-
\??\c:\tnbbbt.exec:\tnbbbt.exe96⤵
-
\??\c:\vpvdd.exec:\vpvdd.exe97⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe98⤵
-
\??\c:\3llffxf.exec:\3llffxf.exe99⤵
-
\??\c:\rxlrxxx.exec:\rxlrxxx.exe100⤵
-
\??\c:\3bbbbb.exec:\3bbbbb.exe101⤵
-
\??\c:\tnbbbh.exec:\tnbbbh.exe102⤵
-
\??\c:\pdjvj.exec:\pdjvj.exe103⤵
-
\??\c:\7dddd.exec:\7dddd.exe104⤵
-
\??\c:\lxlrxrf.exec:\lxlrxrf.exe105⤵
-
\??\c:\xfrxfrl.exec:\xfrxfrl.exe106⤵
-
\??\c:\nbhhbh.exec:\nbhhbh.exe107⤵
-
\??\c:\5tnhhn.exec:\5tnhhn.exe108⤵
-
\??\c:\nhthhn.exec:\nhthhn.exe109⤵
-
\??\c:\pvjjj.exec:\pvjjj.exe110⤵
-
\??\c:\1dvpp.exec:\1dvpp.exe111⤵
-
\??\c:\xlxrxlf.exec:\xlxrxlf.exe112⤵
-
\??\c:\xlrxlff.exec:\xlrxlff.exe113⤵
-
\??\c:\3btbnt.exec:\3btbnt.exe114⤵
-
\??\c:\bhthnt.exec:\bhthnt.exe115⤵
-
\??\c:\pjddj.exec:\pjddj.exe116⤵
-
\??\c:\jpvpp.exec:\jpvpp.exe117⤵
-
\??\c:\xrfllll.exec:\xrfllll.exe118⤵
-
\??\c:\7rlrlxf.exec:\7rlrlxf.exe119⤵
-
\??\c:\hbbhhh.exec:\hbbhhh.exe120⤵
-
\??\c:\1hbbbb.exec:\1hbbbb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-