Analysis
-
max time kernel
120s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
30/09/2024, 01:38
General
-
Target
56ed6c73ccaabb0482bfdcd7ef257a6e44fb9785f9a46ee4e4ff59760f3e38ebN.exe
-
Size
64KB
-
MD5
74c2e1e5c5f6b7a3dd16d54f5b3e5a60
-
SHA1
922973d3cc5037f098a71aa6e4cb1e610682f3af
-
SHA256
56ed6c73ccaabb0482bfdcd7ef257a6e44fb9785f9a46ee4e4ff59760f3e38eb
-
SHA512
a51aca76ac6bc0a1bb703efe1f226a5f060229e7e84c0bb5318c042f08960950b3097128a7b56defc2129183adfabe378bfe96c9d93117185bbef56f5f833eb0
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yU+kbxio:ymb3NkkiQ3mdBjF0y7kbH
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\56ed6c73ccaabb0482bfdcd7ef257a6e44fb9785f9a46ee4e4ff59760f3e38ebN.exe"C:\Users\Admin\AppData\Local\Temp\56ed6c73ccaabb0482bfdcd7ef257a6e44fb9785f9a46ee4e4ff59760f3e38ebN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1xrrxfl.exec:\1xrrxfl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxffrf.exec:\lxxffrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tnbhn.exec:\3tnbhn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttbnb.exec:\bttbnb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddd.exec:\dvddd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bnttt.exec:\1bnttt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tbbbb.exec:\7tbbbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvdv.exec:\pdvdv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfllrrf.exec:\lfllrrf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbttbb.exec:\nbttbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnhtn.exec:\hbnhtn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvdp.exec:\ddvdp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrfll.exec:\rrrrfll.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfflflx.exec:\lfflflx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnttb.exec:\nhnttb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbnh.exec:\btbbnh.exe17⤵
- Executes dropped EXE
-
\??\c:\ppjvd.exec:\ppjvd.exe18⤵
- Executes dropped EXE
-
\??\c:\rfrxflx.exec:\rfrxflx.exe19⤵
- Executes dropped EXE
-
\??\c:\lfllrrx.exec:\lfllrrx.exe20⤵
- Executes dropped EXE
-
\??\c:\nhbnht.exec:\nhbnht.exe21⤵
- Executes dropped EXE
-
\??\c:\9hbttb.exec:\9hbttb.exe22⤵
- Executes dropped EXE
-
\??\c:\djjpd.exec:\djjpd.exe23⤵
- Executes dropped EXE
-
\??\c:\xxrxlfx.exec:\xxrxlfx.exe24⤵
- Executes dropped EXE
-
\??\c:\xrffrxf.exec:\xrffrxf.exe25⤵
- Executes dropped EXE
-
\??\c:\nhtbhh.exec:\nhtbhh.exe26⤵
- Executes dropped EXE
-
\??\c:\5dvjj.exec:\5dvjj.exe27⤵
- Executes dropped EXE
-
\??\c:\ppjpd.exec:\ppjpd.exe28⤵
- Executes dropped EXE
-
\??\c:\xrflrrf.exec:\xrflrrf.exe29⤵
- Executes dropped EXE
-
\??\c:\hnhtnn.exec:\hnhtnn.exe30⤵
- Executes dropped EXE
-
\??\c:\tnntbh.exec:\tnntbh.exe31⤵
- Executes dropped EXE
-
\??\c:\dvvdp.exec:\dvvdp.exe32⤵
- Executes dropped EXE
-
\??\c:\7jvpp.exec:\7jvpp.exe33⤵
- Executes dropped EXE
-
\??\c:\lxfxxrx.exec:\lxfxxrx.exe34⤵
- Executes dropped EXE
-
\??\c:\rrxfffl.exec:\rrxfffl.exe35⤵
- Executes dropped EXE
-
\??\c:\thnhbt.exec:\thnhbt.exe36⤵
- Executes dropped EXE
-
\??\c:\nbhhnh.exec:\nbhhnh.exe37⤵
- Executes dropped EXE
-
\??\c:\pdvpp.exec:\pdvpp.exe38⤵
- Executes dropped EXE
-
\??\c:\pjdjj.exec:\pjdjj.exe39⤵
- Executes dropped EXE
-
\??\c:\jpdpp.exec:\jpdpp.exe40⤵
- Executes dropped EXE
-
\??\c:\fxrlxlx.exec:\fxrlxlx.exe41⤵
- Executes dropped EXE
-
\??\c:\xlrrllr.exec:\xlrrllr.exe42⤵
- Executes dropped EXE
-
\??\c:\btnttb.exec:\btnttb.exe43⤵
- Executes dropped EXE
-
\??\c:\7bthnn.exec:\7bthnn.exe44⤵
- Executes dropped EXE
-
\??\c:\pdvvv.exec:\pdvvv.exe45⤵
- Executes dropped EXE
-
\??\c:\3vddv.exec:\3vddv.exe46⤵
- Executes dropped EXE
-
\??\c:\1xffxfl.exec:\1xffxfl.exe47⤵
- Executes dropped EXE
-
\??\c:\lxlfrrx.exec:\lxlfrrx.exe48⤵
- Executes dropped EXE
-
\??\c:\thnttb.exec:\thnttb.exe49⤵
- Executes dropped EXE
-
\??\c:\nhnnnb.exec:\nhnnnb.exe50⤵
- Executes dropped EXE
-
\??\c:\pvdvv.exec:\pvdvv.exe51⤵
- Executes dropped EXE
-
\??\c:\dvjdj.exec:\dvjdj.exe52⤵
- Executes dropped EXE
-
\??\c:\rfrlllr.exec:\rfrlllr.exe53⤵
- Executes dropped EXE
-
\??\c:\5xrrrlr.exec:\5xrrrlr.exe54⤵
- Executes dropped EXE
-
\??\c:\3nnntt.exec:\3nnntt.exe55⤵
- Executes dropped EXE
-
\??\c:\9bnntn.exec:\9bnntn.exe56⤵
- Executes dropped EXE
-
\??\c:\jvjpv.exec:\jvjpv.exe57⤵
- Executes dropped EXE
-
\??\c:\vdppj.exec:\vdppj.exe58⤵
- Executes dropped EXE
-
\??\c:\frlfffl.exec:\frlfffl.exe59⤵
- Executes dropped EXE
-
\??\c:\xlrxfrx.exec:\xlrxfrx.exe60⤵
- Executes dropped EXE
-
\??\c:\hthttt.exec:\hthttt.exe61⤵
- Executes dropped EXE
-
\??\c:\1bbtbb.exec:\1bbtbb.exe62⤵
- Executes dropped EXE
-
\??\c:\pdjjp.exec:\pdjjp.exe63⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\3vddd.exec:\3vddd.exe64⤵
- Executes dropped EXE
-
\??\c:\7xlrrrx.exec:\7xlrrrx.exe65⤵
- Executes dropped EXE
-
\??\c:\lrlllll.exec:\lrlllll.exe66⤵
-
\??\c:\1htbbt.exec:\1htbbt.exe67⤵
-
\??\c:\btnntt.exec:\btnntt.exe68⤵
-
\??\c:\vvdjd.exec:\vvdjd.exe69⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe70⤵
-
\??\c:\fxllxrf.exec:\fxllxrf.exe71⤵
-
\??\c:\vjjpj.exec:\vjjpj.exe72⤵
-
\??\c:\jpvjp.exec:\jpvjp.exe73⤵
-
\??\c:\vjvpd.exec:\vjvpd.exe74⤵
-
\??\c:\rrxxfrl.exec:\rrxxfrl.exe75⤵
-
\??\c:\lfffllr.exec:\lfffllr.exe76⤵
-
\??\c:\hnhnbh.exec:\hnhnbh.exe77⤵
-
\??\c:\bthttb.exec:\bthttb.exe78⤵
-
\??\c:\jjddj.exec:\jjddj.exe79⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe80⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rllrxxl.exec:\rllrxxl.exe81⤵
-
\??\c:\ffxffff.exec:\ffxffff.exe82⤵
-
\??\c:\5httbb.exec:\5httbb.exe83⤵
-
\??\c:\bhtbnt.exec:\bhtbnt.exe84⤵
-
\??\c:\1vjpp.exec:\1vjpp.exe85⤵
-
\??\c:\1xflllr.exec:\1xflllr.exe86⤵
-
\??\c:\lfrxxxr.exec:\lfrxxxr.exe87⤵
-
\??\c:\bnhnnn.exec:\bnhnnn.exe88⤵
-
\??\c:\pjjvj.exec:\pjjvj.exe89⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe90⤵
-
\??\c:\xrfflfr.exec:\xrfflfr.exe91⤵
-
\??\c:\rfrrxxf.exec:\rfrrxxf.exe92⤵
-
\??\c:\ttntht.exec:\ttntht.exe93⤵
-
\??\c:\bhnnbh.exec:\bhnnbh.exe94⤵
-
\??\c:\5jjpp.exec:\5jjpp.exe95⤵
-
\??\c:\lfllxfr.exec:\lfllxfr.exe96⤵
-
\??\c:\fxlrxlx.exec:\fxlrxlx.exe97⤵
-
\??\c:\btnnht.exec:\btnnht.exe98⤵
-
\??\c:\hhttnb.exec:\hhttnb.exe99⤵
-
\??\c:\1pvdj.exec:\1pvdj.exe100⤵
-
\??\c:\3pjjj.exec:\3pjjj.exe101⤵
-
\??\c:\1rfflrf.exec:\1rfflrf.exe102⤵
-
\??\c:\fxflrrf.exec:\fxflrrf.exe103⤵
-
\??\c:\3hbtbh.exec:\3hbtbh.exe104⤵
-
\??\c:\nhnttb.exec:\nhnttb.exe105⤵
-
\??\c:\vpvdp.exec:\vpvdp.exe106⤵
-
\??\c:\vdpjv.exec:\vdpjv.exe107⤵
-
\??\c:\lxlxlff.exec:\lxlxlff.exe108⤵
-
\??\c:\rrflrfr.exec:\rrflrfr.exe109⤵
-
\??\c:\bthhbt.exec:\bthhbt.exe110⤵
-
\??\c:\3ttnth.exec:\3ttnth.exe111⤵
-
\??\c:\dpdvd.exec:\dpdvd.exe112⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe113⤵
-
\??\c:\1jddd.exec:\1jddd.exe114⤵
-
\??\c:\1xxxlxx.exec:\1xxxlxx.exe115⤵
-
\??\c:\fxrfrrf.exec:\fxrfrrf.exe116⤵
-
\??\c:\9thhhh.exec:\9thhhh.exe117⤵
-
\??\c:\3hnnhh.exec:\3hnnhh.exe118⤵
-
\??\c:\pvddp.exec:\pvddp.exe119⤵
-
\??\c:\ddjpv.exec:\ddjpv.exe120⤵
-
\??\c:\lflxxfr.exec:\lflxxfr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-