Analysis
-
max time kernel
120s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
04/10/2024, 00:09
General
-
Target
9063fae6561fb7a36c58ff4cbeae9f8918e49b16b07d5c63fc604092aefc1a55N.exe
-
Size
67KB
-
MD5
b8df8ab5e74c7f3180a39bc20e494500
-
SHA1
7a9c37dd4101eefe5edc6af3555dec1a7e0fd23c
-
SHA256
9063fae6561fb7a36c58ff4cbeae9f8918e49b16b07d5c63fc604092aefc1a55
-
SHA512
52dce267475be44e7098478ebcfede3420646c780f02886edc5c9125f4e2af1ce919242616a9feef9756e0dbbd1e860a260a4f90c5304559fdf96595d6d94caa
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI9L27B5QcS:ymb3NkkiQ3mdBjFI9c+h
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 20 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9063fae6561fb7a36c58ff4cbeae9f8918e49b16b07d5c63fc604092aefc1a55N.exe"C:\Users\Admin\AppData\Local\Temp\9063fae6561fb7a36c58ff4cbeae9f8918e49b16b07d5c63fc604092aefc1a55N.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\3dpvd.exec:\3dpvd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjddj.exec:\vjddj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrxxfl.exec:\lxrxxfl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnnt.exec:\hbtnnt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbbh.exec:\hbhbbh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvjp.exec:\dvvjp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rfrlrr.exec:\1rfrlrr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrxllr.exec:\rfrxllr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbthbt.exec:\bbthbt.exe10⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\1ddjj.exec:\1ddjj.exe11⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\fffxxrr.exec:\fffxxrr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrlfxl.exec:\lrrlfxl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjvv.exec:\pjjvv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ddpp.exec:\7ddpp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxxfr.exec:\lfxxxfr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthnbb.exec:\bthnbb.exe17⤵
- Executes dropped EXE
-
\??\c:\vpdvd.exec:\vpdvd.exe18⤵
- Executes dropped EXE
-
\??\c:\dvvvd.exec:\dvvvd.exe19⤵
- Executes dropped EXE
-
\??\c:\frffrxf.exec:\frffrxf.exe20⤵
- Executes dropped EXE
-
\??\c:\bnhnnt.exec:\bnhnnt.exe21⤵
- Executes dropped EXE
-
\??\c:\7ntbhh.exec:\7ntbhh.exe22⤵
- Executes dropped EXE
-
\??\c:\jjdpv.exec:\jjdpv.exe23⤵
- Executes dropped EXE
-
\??\c:\7ppdd.exec:\7ppdd.exe24⤵
- Executes dropped EXE
-
\??\c:\xxfrlxr.exec:\xxfrlxr.exe25⤵
- Executes dropped EXE
-
\??\c:\1htbbb.exec:\1htbbb.exe26⤵
- Executes dropped EXE
-
\??\c:\5bnhbb.exec:\5bnhbb.exe27⤵
- Executes dropped EXE
-
\??\c:\9vpjp.exec:\9vpjp.exe28⤵
- Executes dropped EXE
-
\??\c:\fxlxxxx.exec:\fxlxxxx.exe29⤵
- Executes dropped EXE
-
\??\c:\lfrrxxl.exec:\lfrrxxl.exe30⤵
- Executes dropped EXE
-
\??\c:\btnbtb.exec:\btnbtb.exe31⤵
- Executes dropped EXE
-
\??\c:\btnbbh.exec:\btnbbh.exe32⤵
- Executes dropped EXE
-
\??\c:\1thnhh.exec:\1thnhh.exe33⤵
- Executes dropped EXE
-
\??\c:\vjdvv.exec:\vjdvv.exe34⤵
- Executes dropped EXE
-
\??\c:\7lfllll.exec:\7lfllll.exe35⤵
- Executes dropped EXE
-
\??\c:\lrlflff.exec:\lrlflff.exe36⤵
- Executes dropped EXE
-
\??\c:\nbnhnn.exec:\nbnhnn.exe37⤵
- Executes dropped EXE
-
\??\c:\hbhhbb.exec:\hbhhbb.exe38⤵
- Executes dropped EXE
-
\??\c:\3pddj.exec:\3pddj.exe39⤵
- Executes dropped EXE
-
\??\c:\7jvpv.exec:\7jvpv.exe40⤵
- Executes dropped EXE
-
\??\c:\rllllrx.exec:\rllllrx.exe41⤵
- Executes dropped EXE
-
\??\c:\lffrxfl.exec:\lffrxfl.exe42⤵
- Executes dropped EXE
-
\??\c:\xlrflff.exec:\xlrflff.exe43⤵
- Executes dropped EXE
-
\??\c:\bnbhhn.exec:\bnbhhn.exe44⤵
- Executes dropped EXE
-
\??\c:\3pvpj.exec:\3pvpj.exe45⤵
- Executes dropped EXE
-
\??\c:\5pjpp.exec:\5pjpp.exe46⤵
- Executes dropped EXE
-
\??\c:\5jddj.exec:\5jddj.exe47⤵
- Executes dropped EXE
-
\??\c:\rfrxxxx.exec:\rfrxxxx.exe48⤵
- Executes dropped EXE
-
\??\c:\frrxllr.exec:\frrxllr.exe49⤵
- Executes dropped EXE
-
\??\c:\btbbbb.exec:\btbbbb.exe50⤵
- Executes dropped EXE
-
\??\c:\nbtnnh.exec:\nbtnnh.exe51⤵
- Executes dropped EXE
-
\??\c:\5pjjp.exec:\5pjjp.exe52⤵
- Executes dropped EXE
-
\??\c:\7dpvv.exec:\7dpvv.exe53⤵
- Executes dropped EXE
-
\??\c:\rlfrrrx.exec:\rlfrrrx.exe54⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rlrfrxf.exec:\rlrfrxf.exe55⤵
- Executes dropped EXE
-
\??\c:\tnnhtb.exec:\tnnhtb.exe56⤵
- Executes dropped EXE
-
\??\c:\bnbhhb.exec:\bnbhhb.exe57⤵
- Executes dropped EXE
-
\??\c:\dpvdd.exec:\dpvdd.exe58⤵
- Executes dropped EXE
-
\??\c:\1jvpv.exec:\1jvpv.exe59⤵
- Executes dropped EXE
-
\??\c:\rlfflrf.exec:\rlfflrf.exe60⤵
- Executes dropped EXE
-
\??\c:\9rlxfxf.exec:\9rlxfxf.exe61⤵
- Executes dropped EXE
-
\??\c:\rfffrrx.exec:\rfffrrx.exe62⤵
- Executes dropped EXE
-
\??\c:\bbhbnt.exec:\bbhbnt.exe63⤵
- Executes dropped EXE
-
\??\c:\7bthtt.exec:\7bthtt.exe64⤵
- Executes dropped EXE
-
\??\c:\1pvvj.exec:\1pvvj.exe65⤵
- Executes dropped EXE
-
\??\c:\jdjjj.exec:\jdjjj.exe66⤵
-
\??\c:\fxrrxrf.exec:\fxrrxrf.exe67⤵
-
\??\c:\7xffrrr.exec:\7xffrrr.exe68⤵
-
\??\c:\7nbnbb.exec:\7nbnbb.exe69⤵
-
\??\c:\thntnt.exec:\thntnt.exe70⤵
-
\??\c:\dppjp.exec:\dppjp.exe71⤵
-
\??\c:\ppvpv.exec:\ppvpv.exe72⤵
-
\??\c:\rlxxllr.exec:\rlxxllr.exe73⤵
-
\??\c:\lfxxlrx.exec:\lfxxlrx.exe74⤵
-
\??\c:\fxrxlrf.exec:\fxrxlrf.exe75⤵
-
\??\c:\nbhbbb.exec:\nbhbbb.exe76⤵
-
\??\c:\nhhhbh.exec:\nhhhbh.exe77⤵
-
\??\c:\7hthtb.exec:\7hthtb.exe78⤵
-
\??\c:\9jvjj.exec:\9jvjj.exe79⤵
-
\??\c:\fxffxrf.exec:\fxffxrf.exe80⤵
-
\??\c:\fxxlxxf.exec:\fxxlxxf.exe81⤵
-
\??\c:\hbhnbh.exec:\hbhnbh.exe82⤵
-
\??\c:\hhbhhn.exec:\hhbhhn.exe83⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe84⤵
-
\??\c:\vjvdj.exec:\vjvdj.exe85⤵
-
\??\c:\rfllxxf.exec:\rfllxxf.exe86⤵
-
\??\c:\fxrlxrf.exec:\fxrlxrf.exe87⤵
-
\??\c:\btnthh.exec:\btnthh.exe88⤵
-
\??\c:\5dddd.exec:\5dddd.exe89⤵
-
\??\c:\vpvjj.exec:\vpvjj.exe90⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe91⤵
-
\??\c:\fxlrffl.exec:\fxlrffl.exe92⤵
-
\??\c:\7rllxxl.exec:\7rllxxl.exe93⤵
-
\??\c:\hnbhhb.exec:\hnbhhb.exe94⤵
-
\??\c:\hbthbh.exec:\hbthbh.exe95⤵
-
\??\c:\vjddp.exec:\vjddp.exe96⤵
-
\??\c:\vjvdj.exec:\vjvdj.exe97⤵
-
\??\c:\rlxxlrx.exec:\rlxxlrx.exe98⤵
-
\??\c:\xlllrlx.exec:\xlllrlx.exe99⤵
-
\??\c:\tnttbb.exec:\tnttbb.exe100⤵
-
\??\c:\tntbhb.exec:\tntbhb.exe101⤵
-
\??\c:\jvdjp.exec:\jvdjp.exe102⤵
-
\??\c:\5dpdd.exec:\5dpdd.exe103⤵
-
\??\c:\vvjdj.exec:\vvjdj.exe104⤵
-
\??\c:\frfffxf.exec:\frfffxf.exe105⤵
-
\??\c:\xxrxlfx.exec:\xxrxlfx.exe106⤵
-
\??\c:\hthhtt.exec:\hthhtt.exe107⤵
-
\??\c:\thtbhh.exec:\thtbhh.exe108⤵
-
\??\c:\jvdjv.exec:\jvdjv.exe109⤵
-
\??\c:\dpdvv.exec:\dpdvv.exe110⤵
-
\??\c:\rfffllr.exec:\rfffllr.exe111⤵
-
\??\c:\5lfrffr.exec:\5lfrffr.exe112⤵
-
\??\c:\9htttb.exec:\9htttb.exe113⤵
-
\??\c:\tnbhbt.exec:\tnbhbt.exe114⤵
-
\??\c:\pjvpd.exec:\pjvpd.exe115⤵
-
\??\c:\3jppp.exec:\3jppp.exe116⤵
-
\??\c:\1rlxfrx.exec:\1rlxfrx.exe117⤵
-
\??\c:\rlflxfl.exec:\rlflxfl.exe118⤵
-
\??\c:\5xrrxfl.exec:\5xrrxfl.exe119⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe120⤵
-
\??\c:\nnbtbh.exec:\nnbtbh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-