Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
03-10-2024 05:06
General
-
Target
030fb7428718f9a4169468ee9aabd9ec2a6514b57ecf202c7b9840a57b034597N.exe
-
Size
230KB
-
MD5
3a03bfb307412678a42bf2f212534f30
-
SHA1
30aabe93d127ae7e4505ab0084d55170e36454e4
-
SHA256
030fb7428718f9a4169468ee9aabd9ec2a6514b57ecf202c7b9840a57b034597
-
SHA512
73dc41108453acad827bddf39188d73d0d291885b115adb4b2c93a114fe2eb3a4ed1d102e495cbc0996ed734d51b5e5e901dc666c1ad4eab5832327e20b31e9f
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4xLn/c1f7:n3C9BRo7MlrWKo+lxKk1f7
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\030fb7428718f9a4169468ee9aabd9ec2a6514b57ecf202c7b9840a57b034597N.exe"C:\Users\Admin\AppData\Local\Temp\030fb7428718f9a4169468ee9aabd9ec2a6514b57ecf202c7b9840a57b034597N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvd.exec:\jdpvd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nntbb.exec:\1nntbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pjjp.exec:\7pjjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpdd.exec:\jdpdd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbtth.exec:\tnbtth.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdj.exec:\pdjdj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfrfrx.exec:\rrfrfrx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rlrxxx.exec:\1rlrxxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjj.exec:\vpdjj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxfllr.exec:\lfxfllr.exe11⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnbbn.exec:\bhnbbn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjp.exec:\vjpjp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfflxl.exec:\fxfflxl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btthnt.exec:\btthnt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvddp.exec:\pvddp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frffffl.exec:\frffffl.exe17⤵
- Executes dropped EXE
-
\??\c:\nhtbbt.exec:\nhtbbt.exe18⤵
- Executes dropped EXE
-
\??\c:\pjdvd.exec:\pjdvd.exe19⤵
- Executes dropped EXE
-
\??\c:\vpdvd.exec:\vpdvd.exe20⤵
- Executes dropped EXE
-
\??\c:\btnntt.exec:\btnntt.exe21⤵
- Executes dropped EXE
-
\??\c:\bbntnn.exec:\bbntnn.exe22⤵
- Executes dropped EXE
-
\??\c:\xlllllr.exec:\xlllllr.exe23⤵
- Executes dropped EXE
-
\??\c:\rxxfxrr.exec:\rxxfxrr.exe24⤵
- Executes dropped EXE
-
\??\c:\bthntb.exec:\bthntb.exe25⤵
- Executes dropped EXE
-
\??\c:\9pddp.exec:\9pddp.exe26⤵
- Executes dropped EXE
-
\??\c:\rrlfxxl.exec:\rrlfxxl.exe27⤵
- Executes dropped EXE
-
\??\c:\lxflfll.exec:\lxflfll.exe28⤵
- Executes dropped EXE
-
\??\c:\djddp.exec:\djddp.exe29⤵
- Executes dropped EXE
-
\??\c:\pdppp.exec:\pdppp.exe30⤵
- Executes dropped EXE
-
\??\c:\htbtbb.exec:\htbtbb.exe31⤵
- Executes dropped EXE
-
\??\c:\nbhhhh.exec:\nbhhhh.exe32⤵
- Executes dropped EXE
-
\??\c:\xffrxxl.exec:\xffrxxl.exe33⤵
- Executes dropped EXE
-
\??\c:\7xffrrr.exec:\7xffrrr.exe34⤵
- Executes dropped EXE
-
\??\c:\hbhbhn.exec:\hbhbhn.exe35⤵
- Executes dropped EXE
-
\??\c:\7rfflrx.exec:\7rfflrx.exe36⤵
- Executes dropped EXE
-
\??\c:\rlfrlxr.exec:\rlfrlxr.exe37⤵
- Executes dropped EXE
-
\??\c:\bttntt.exec:\bttntt.exe38⤵
- Executes dropped EXE
-
\??\c:\hthhnt.exec:\hthhnt.exe39⤵
- Executes dropped EXE
-
\??\c:\jdpdp.exec:\jdpdp.exe40⤵
- Executes dropped EXE
-
\??\c:\3rlfllx.exec:\3rlfllx.exe41⤵
- Executes dropped EXE
-
\??\c:\5fffxxl.exec:\5fffxxl.exe42⤵
- Executes dropped EXE
-
\??\c:\ththnt.exec:\ththnt.exe43⤵
- Executes dropped EXE
-
\??\c:\bttbhh.exec:\bttbhh.exe44⤵
- Executes dropped EXE
-
\??\c:\vpjvd.exec:\vpjvd.exe45⤵
- Executes dropped EXE
-
\??\c:\9lfrxxf.exec:\9lfrxxf.exe46⤵
- Executes dropped EXE
-
\??\c:\llflxfr.exec:\llflxfr.exe47⤵
- Executes dropped EXE
-
\??\c:\nhtbnt.exec:\nhtbnt.exe48⤵
- Executes dropped EXE
-
\??\c:\tntnnh.exec:\tntnnh.exe49⤵
- Executes dropped EXE
-
\??\c:\pjpjp.exec:\pjpjp.exe50⤵
- Executes dropped EXE
-
\??\c:\vppvj.exec:\vppvj.exe51⤵
- Executes dropped EXE
-
\??\c:\rfllrrf.exec:\rfllrrf.exe52⤵
- Executes dropped EXE
-
\??\c:\ffxxflr.exec:\ffxxflr.exe53⤵
- Executes dropped EXE
-
\??\c:\tnbhtt.exec:\tnbhtt.exe54⤵
- Executes dropped EXE
-
\??\c:\hbtbnn.exec:\hbtbnn.exe55⤵
- Executes dropped EXE
-
\??\c:\ppvvd.exec:\ppvvd.exe56⤵
- Executes dropped EXE
-
\??\c:\pjddp.exec:\pjddp.exe57⤵
- Executes dropped EXE
-
\??\c:\5lflxll.exec:\5lflxll.exe58⤵
- Executes dropped EXE
-
\??\c:\hbtbbb.exec:\hbtbbb.exe59⤵
- Executes dropped EXE
-
\??\c:\nhnnhn.exec:\nhnnhn.exe60⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe61⤵
- Executes dropped EXE
-
\??\c:\5djjj.exec:\5djjj.exe62⤵
- Executes dropped EXE
-
\??\c:\lffllll.exec:\lffllll.exe63⤵
- Executes dropped EXE
-
\??\c:\1lllflx.exec:\1lllflx.exe64⤵
- Executes dropped EXE
-
\??\c:\3nbbnh.exec:\3nbbnh.exe65⤵
- Executes dropped EXE
-
\??\c:\9nbhth.exec:\9nbhth.exe66⤵
-
\??\c:\jdvdv.exec:\jdvdv.exe67⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe68⤵
-
\??\c:\rllrflr.exec:\rllrflr.exe69⤵
-
\??\c:\xrflflf.exec:\xrflflf.exe70⤵
-
\??\c:\thtbhn.exec:\thtbhn.exe71⤵
-
\??\c:\7ntttt.exec:\7ntttt.exe72⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe73⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe74⤵
-
\??\c:\llxxxfl.exec:\llxxxfl.exe75⤵
-
\??\c:\3frxflr.exec:\3frxflr.exe76⤵
-
\??\c:\hbhthn.exec:\hbhthn.exe77⤵
-
\??\c:\dvdjv.exec:\dvdjv.exe78⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe79⤵
-
\??\c:\lfrxlrf.exec:\lfrxlrf.exe80⤵
-
\??\c:\fxffllr.exec:\fxffllr.exe81⤵
-
\??\c:\tnnttb.exec:\tnnttb.exe82⤵
-
\??\c:\bnhnhh.exec:\bnhnhh.exe83⤵
-
\??\c:\9jjdv.exec:\9jjdv.exe84⤵
-
\??\c:\5vjdd.exec:\5vjdd.exe85⤵
-
\??\c:\rfrxllr.exec:\rfrxllr.exe86⤵
-
\??\c:\llrlllr.exec:\llrlllr.exe87⤵
-
\??\c:\9nhbnn.exec:\9nhbnn.exe88⤵
-
\??\c:\vppdp.exec:\vppdp.exe89⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe90⤵
-
\??\c:\lfrrrxf.exec:\lfrrrxf.exe91⤵
-
\??\c:\lfrfxfl.exec:\lfrfxfl.exe92⤵
-
\??\c:\3tbhtt.exec:\3tbhtt.exe93⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hbnbhh.exec:\hbnbhh.exe94⤵
-
\??\c:\dpdjj.exec:\dpdjj.exe95⤵
-
\??\c:\rfrrxfl.exec:\rfrrxfl.exe96⤵
-
\??\c:\rlxfrrx.exec:\rlxfrrx.exe97⤵
-
\??\c:\hbthbn.exec:\hbthbn.exe98⤵
-
\??\c:\bbntth.exec:\bbntth.exe99⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe100⤵
-
\??\c:\9pdvd.exec:\9pdvd.exe101⤵
-
\??\c:\lflfflr.exec:\lflfflr.exe102⤵
-
\??\c:\5xfffff.exec:\5xfffff.exe103⤵
-
\??\c:\thbbhn.exec:\thbbhn.exe104⤵
-
\??\c:\btnthh.exec:\btnthh.exe105⤵
-
\??\c:\3jdpd.exec:\3jdpd.exe106⤵
-
\??\c:\rlrxrrx.exec:\rlrxrrx.exe107⤵
-
\??\c:\9xlrflr.exec:\9xlrflr.exe108⤵
-
\??\c:\7ththh.exec:\7ththh.exe109⤵
-
\??\c:\5tnnbh.exec:\5tnnbh.exe110⤵
-
\??\c:\9jvdv.exec:\9jvdv.exe111⤵
-
\??\c:\dvvdj.exec:\dvvdj.exe112⤵
-
\??\c:\rlrlfxf.exec:\rlrlfxf.exe113⤵
-
\??\c:\btnnbb.exec:\btnnbb.exe114⤵
-
\??\c:\nhtbnt.exec:\nhtbnt.exe115⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe116⤵
-
\??\c:\5pddp.exec:\5pddp.exe117⤵
-
\??\c:\5llllrx.exec:\5llllrx.exe118⤵
-
\??\c:\httntt.exec:\httntt.exe119⤵
-
\??\c:\nbhbhh.exec:\nbhbhh.exe120⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vjvvj.exec:\vjvvj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-