Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
02/10/2024, 11:50
General
-
Target
39410189091fa47569a8515ed44165ad132b6556fc98dd25ce3ae5ab2bdc1a96N.exe
-
Size
70KB
-
MD5
7e1892dcba2692b5898bcb66d7dfafe0
-
SHA1
373dcd6800af2cf82888e953ab343ec4d8188dd8
-
SHA256
39410189091fa47569a8515ed44165ad132b6556fc98dd25ce3ae5ab2bdc1a96
-
SHA512
77a82758e8304b154a6bf945771552d9dc683a340d207752273eb475a4bcb80c89253dddcf9512300b4e50b27a857216888e684bed4589c6740d4fdce8c1366a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfUcicvM:ymb3NkkiQ3mdBjFI4V4cit
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\39410189091fa47569a8515ed44165ad132b6556fc98dd25ce3ae5ab2bdc1a96N.exe"C:\Users\Admin\AppData\Local\Temp\39410189091fa47569a8515ed44165ad132b6556fc98dd25ce3ae5ab2bdc1a96N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9vdpj.exec:\9vdpj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrxfx.exec:\rxxrxfx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnttt.exec:\nbnttt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvdj.exec:\dvvdj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dvdv.exec:\9dvdv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nbnbh.exec:\5nbnbh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthnnn.exec:\tthnnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjv.exec:\pjdjv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlllxl.exec:\lrlllxl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfllrr.exec:\rrfllrr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhnnt.exec:\nhhnnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvdp.exec:\dvvdp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpdj.exec:\pdpdj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrflxfx.exec:\xrflxfx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffffllr.exec:\ffffllr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtnhn.exec:\bbtnhn.exe17⤵
- Executes dropped EXE
-
\??\c:\dpvvj.exec:\dpvvj.exe18⤵
- Executes dropped EXE
-
\??\c:\ddjjp.exec:\ddjjp.exe19⤵
- Executes dropped EXE
-
\??\c:\rfrxrrx.exec:\rfrxrrx.exe20⤵
- Executes dropped EXE
-
\??\c:\9rlfrlr.exec:\9rlfrlr.exe21⤵
- Executes dropped EXE
-
\??\c:\hthntt.exec:\hthntt.exe22⤵
- Executes dropped EXE
-
\??\c:\9dddv.exec:\9dddv.exe23⤵
- Executes dropped EXE
-
\??\c:\1pjvj.exec:\1pjvj.exe24⤵
- Executes dropped EXE
-
\??\c:\xxlrfxf.exec:\xxlrfxf.exe25⤵
- Executes dropped EXE
-
\??\c:\nhtbnt.exec:\nhtbnt.exe26⤵
- Executes dropped EXE
-
\??\c:\hhttbt.exec:\hhttbt.exe27⤵
- Executes dropped EXE
-
\??\c:\jvjpv.exec:\jvjpv.exe28⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\pjdjj.exec:\pjdjj.exe29⤵
- Executes dropped EXE
-
\??\c:\rlfrxxf.exec:\rlfrxxf.exe30⤵
- Executes dropped EXE
-
\??\c:\9bthbn.exec:\9bthbn.exe31⤵
- Executes dropped EXE
-
\??\c:\hbntbh.exec:\hbntbh.exe32⤵
- Executes dropped EXE
-
\??\c:\pdpjv.exec:\pdpjv.exe33⤵
- Executes dropped EXE
-
\??\c:\jdppd.exec:\jdppd.exe34⤵
- Executes dropped EXE
-
\??\c:\xxrfllr.exec:\xxrfllr.exe35⤵
- Executes dropped EXE
-
\??\c:\9lxrrrf.exec:\9lxrrrf.exe36⤵
- Executes dropped EXE
-
\??\c:\nhtbhh.exec:\nhtbhh.exe37⤵
- Executes dropped EXE
-
\??\c:\1nnthn.exec:\1nnthn.exe38⤵
- Executes dropped EXE
-
\??\c:\7pppd.exec:\7pppd.exe39⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe40⤵
- Executes dropped EXE
-
\??\c:\dvjpd.exec:\dvjpd.exe41⤵
- Executes dropped EXE
-
\??\c:\1rrxlxf.exec:\1rrxlxf.exe42⤵
- Executes dropped EXE
-
\??\c:\fxlrrrr.exec:\fxlrrrr.exe43⤵
- Executes dropped EXE
-
\??\c:\bbtbnn.exec:\bbtbnn.exe44⤵
- Executes dropped EXE
-
\??\c:\1hhnnt.exec:\1hhnnt.exe45⤵
- Executes dropped EXE
-
\??\c:\7ddpd.exec:\7ddpd.exe46⤵
- Executes dropped EXE
-
\??\c:\1pvpd.exec:\1pvpd.exe47⤵
- Executes dropped EXE
-
\??\c:\xrffrrx.exec:\xrffrrx.exe48⤵
- Executes dropped EXE
-
\??\c:\lxllrlr.exec:\lxllrlr.exe49⤵
- Executes dropped EXE
-
\??\c:\bthnbt.exec:\bthnbt.exe50⤵
- Executes dropped EXE
-
\??\c:\5ttbhn.exec:\5ttbhn.exe51⤵
- Executes dropped EXE
-
\??\c:\pjvdv.exec:\pjvdv.exe52⤵
- Executes dropped EXE
-
\??\c:\ppdjv.exec:\ppdjv.exe53⤵
- Executes dropped EXE
-
\??\c:\xrxflrx.exec:\xrxflrx.exe54⤵
- Executes dropped EXE
-
\??\c:\1fxrflx.exec:\1fxrflx.exe55⤵
- Executes dropped EXE
-
\??\c:\nhnthn.exec:\nhnthn.exe56⤵
- Executes dropped EXE
-
\??\c:\nhthtb.exec:\nhthtb.exe57⤵
- Executes dropped EXE
-
\??\c:\vjddd.exec:\vjddd.exe58⤵
- Executes dropped EXE
-
\??\c:\dpvpd.exec:\dpvpd.exe59⤵
- Executes dropped EXE
-
\??\c:\3xfllrx.exec:\3xfllrx.exe60⤵
- Executes dropped EXE
-
\??\c:\lflrxfl.exec:\lflrxfl.exe61⤵
- Executes dropped EXE
-
\??\c:\1lllxxr.exec:\1lllxxr.exe62⤵
- Executes dropped EXE
-
\??\c:\bhbhnb.exec:\bhbhnb.exe63⤵
- Executes dropped EXE
-
\??\c:\nhtthb.exec:\nhtthb.exe64⤵
- Executes dropped EXE
-
\??\c:\7vppd.exec:\7vppd.exe65⤵
- Executes dropped EXE
-
\??\c:\dvjvj.exec:\dvjvj.exe66⤵
-
\??\c:\xlrflrx.exec:\xlrflrx.exe67⤵
-
\??\c:\rlrxxrf.exec:\rlrxxrf.exe68⤵
-
\??\c:\htntbb.exec:\htntbb.exe69⤵
-
\??\c:\tnbhnt.exec:\tnbhnt.exe70⤵
-
\??\c:\dpdjp.exec:\dpdjp.exe71⤵
-
\??\c:\jjjpv.exec:\jjjpv.exe72⤵
-
\??\c:\fxffllr.exec:\fxffllr.exe73⤵
-
\??\c:\rlxfffl.exec:\rlxfffl.exe74⤵
-
\??\c:\lfxxrrf.exec:\lfxxrrf.exe75⤵
-
\??\c:\hbnhnh.exec:\hbnhnh.exe76⤵
-
\??\c:\bththh.exec:\bththh.exe77⤵
-
\??\c:\jjdvv.exec:\jjdvv.exe78⤵
-
\??\c:\jdjpv.exec:\jdjpv.exe79⤵
-
\??\c:\btbhnn.exec:\btbhnn.exe80⤵
-
\??\c:\bththn.exec:\bththn.exe81⤵
-
\??\c:\pjjjj.exec:\pjjjj.exe82⤵
-
\??\c:\ddpdj.exec:\ddpdj.exe83⤵
-
\??\c:\5xrrxxf.exec:\5xrrxxf.exe84⤵
-
\??\c:\1rxlxlr.exec:\1rxlxlr.exe85⤵
-
\??\c:\bthtbh.exec:\bthtbh.exe86⤵
-
\??\c:\ttnhhh.exec:\ttnhhh.exe87⤵
-
\??\c:\vvvjv.exec:\vvvjv.exe88⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe89⤵
-
\??\c:\lfxlxxf.exec:\lfxlxxf.exe90⤵
-
\??\c:\1frfllr.exec:\1frfllr.exe91⤵
-
\??\c:\1ttnhn.exec:\1ttnhn.exe92⤵
-
\??\c:\nhhnhn.exec:\nhhnhn.exe93⤵
-
\??\c:\9vjpd.exec:\9vjpd.exe94⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe95⤵
-
\??\c:\xrflrxf.exec:\xrflrxf.exe96⤵
-
\??\c:\1rxxfff.exec:\1rxxfff.exe97⤵
-
\??\c:\btnttb.exec:\btnttb.exe98⤵
-
\??\c:\hbnbhh.exec:\hbnbhh.exe99⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe100⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe101⤵
-
\??\c:\xlfllrx.exec:\xlfllrx.exe102⤵
-
\??\c:\rlxflrx.exec:\rlxflrx.exe103⤵
-
\??\c:\bbnnhh.exec:\bbnnhh.exe104⤵
-
\??\c:\hbhnnn.exec:\hbhnnn.exe105⤵
-
\??\c:\vppvj.exec:\vppvj.exe106⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe107⤵
-
\??\c:\lxllrrx.exec:\lxllrrx.exe108⤵
-
\??\c:\rllxrfr.exec:\rllxrfr.exe109⤵
-
\??\c:\fxrfrrx.exec:\fxrfrrx.exe110⤵
-
\??\c:\btnbhh.exec:\btnbhh.exe111⤵
-
\??\c:\btttbt.exec:\btttbt.exe112⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe113⤵
-
\??\c:\jjdvv.exec:\jjdvv.exe114⤵
-
\??\c:\frllfll.exec:\frllfll.exe115⤵
-
\??\c:\lfllxrf.exec:\lfllxrf.exe116⤵
-
\??\c:\lxfflfl.exec:\lxfflfl.exe117⤵
-
\??\c:\nhbbbh.exec:\nhbbbh.exe118⤵
-
\??\c:\7btbhh.exec:\7btbhh.exe119⤵
-
\??\c:\5pjdj.exec:\5pjdj.exe120⤵
-
\??\c:\jdvjp.exec:\jdvjp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-