Analysis
-
max time kernel
120s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
04-10-2024 02:22
General
-
Target
846b91540e8cc22610c6ddb4db1ad05c281fc0a25cf53ebde54232f021726fc0N.exe
-
Size
66KB
-
MD5
a9a296070c202d7b11972db746be6b70
-
SHA1
4eb07e5f467464b7b7b20279520556b61f1d351c
-
SHA256
846b91540e8cc22610c6ddb4db1ad05c281fc0a25cf53ebde54232f021726fc0
-
SHA512
52d1433fe4aa712771831b27edc6e43e0a04c788e5a91a7539c00ff3cc615db38d477d83799ee0d6bc2db90f4a6ea453f8078bc0966761a1163928a54314d5de
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI9L27Bqfo4l:ymb3NkkiQ3mdBjFI9cqfVl
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 17 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\846b91540e8cc22610c6ddb4db1ad05c281fc0a25cf53ebde54232f021726fc0N.exe"C:\Users\Admin\AppData\Local\Temp\846b91540e8cc22610c6ddb4db1ad05c281fc0a25cf53ebde54232f021726fc0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nnxppl.exec:\nnxppl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxvlfpt.exec:\fxvlfpt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlddnb.exec:\rlddnb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\phpthhx.exec:\phpthhx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bfvrddx.exec:\bfvrddx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httvnbx.exec:\httvnbx.exe7⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\jlhpphr.exec:\jlhpphr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnddrtl.exec:\bnddrtl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttxvttt.exec:\ttxvttt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vltbr.exec:\vltbr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pfvvhrp.exec:\pfvvhrp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrhfh.exec:\rrhfh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lhxvjnp.exec:\lhxvjnp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htjjf.exec:\htjjf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhxf.exec:\bbhxf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ljrpxh.exec:\ljrpxh.exe17⤵
- Executes dropped EXE
-
\??\c:\vljnddv.exec:\vljnddv.exe18⤵
- Executes dropped EXE
-
\??\c:\rfpxdr.exec:\rfpxdr.exe19⤵
- Executes dropped EXE
-
\??\c:\xttffx.exec:\xttffx.exe20⤵
- Executes dropped EXE
-
\??\c:\nhvnrv.exec:\nhvnrv.exe21⤵
- Executes dropped EXE
-
\??\c:\lrrdxvr.exec:\lrrdxvr.exe22⤵
- Executes dropped EXE
-
\??\c:\rrbvdhd.exec:\rrbvdhd.exe23⤵
- Executes dropped EXE
-
\??\c:\vlvftx.exec:\vlvftx.exe24⤵
- Executes dropped EXE
-
\??\c:\bxndbxp.exec:\bxndbxp.exe25⤵
- Executes dropped EXE
-
\??\c:\dhvjhfx.exec:\dhvjhfx.exe26⤵
- Executes dropped EXE
-
\??\c:\ljbfjp.exec:\ljbfjp.exe27⤵
- Executes dropped EXE
-
\??\c:\tjdhrpr.exec:\tjdhrpr.exe28⤵
- Executes dropped EXE
-
\??\c:\hnxvrrv.exec:\hnxvrrv.exe29⤵
- Executes dropped EXE
-
\??\c:\vrbrp.exec:\vrbrp.exe30⤵
- Executes dropped EXE
-
\??\c:\lhdll.exec:\lhdll.exe31⤵
- Executes dropped EXE
-
\??\c:\txxpdbd.exec:\txxpdbd.exe32⤵
- Executes dropped EXE
-
\??\c:\xvtlx.exec:\xvtlx.exe33⤵
-
\??\c:\vxrdt.exec:\vxrdt.exe34⤵
- Executes dropped EXE
-
\??\c:\nnhvnr.exec:\nnhvnr.exe35⤵
- Executes dropped EXE
-
\??\c:\jhpdbj.exec:\jhpdbj.exe36⤵
- Executes dropped EXE
-
\??\c:\ppftdj.exec:\ppftdj.exe37⤵
- Executes dropped EXE
-
\??\c:\dtttjdd.exec:\dtttjdd.exe38⤵
- Executes dropped EXE
-
\??\c:\thlnxrp.exec:\thlnxrp.exe39⤵
- Executes dropped EXE
-
\??\c:\xrrvt.exec:\xrrvt.exe40⤵
- Executes dropped EXE
-
\??\c:\tplrl.exec:\tplrl.exe41⤵
- Executes dropped EXE
-
\??\c:\tphrvl.exec:\tphrvl.exe42⤵
- Executes dropped EXE
-
\??\c:\nrxdbb.exec:\nrxdbb.exe43⤵
- Executes dropped EXE
-
\??\c:\vphpxxr.exec:\vphpxxr.exe44⤵
- Executes dropped EXE
-
\??\c:\plpvpn.exec:\plpvpn.exe45⤵
- Executes dropped EXE
-
\??\c:\blpppd.exec:\blpppd.exe46⤵
- Executes dropped EXE
-
\??\c:\jdrbrb.exec:\jdrbrb.exe47⤵
- Executes dropped EXE
-
\??\c:\xjldtj.exec:\xjldtj.exe48⤵
- Executes dropped EXE
-
\??\c:\rvrvfdb.exec:\rvrvfdb.exe49⤵
- Executes dropped EXE
-
\??\c:\vjtdvl.exec:\vjtdvl.exe50⤵
- Executes dropped EXE
-
\??\c:\dpbdf.exec:\dpbdf.exe51⤵
- Executes dropped EXE
-
\??\c:\rlxjt.exec:\rlxjt.exe52⤵
- Executes dropped EXE
-
\??\c:\llfttbn.exec:\llfttbn.exe53⤵
- Executes dropped EXE
-
\??\c:\rxhlbjf.exec:\rxhlbjf.exe54⤵
- Executes dropped EXE
-
\??\c:\hbblvpx.exec:\hbblvpx.exe55⤵
- Executes dropped EXE
-
\??\c:\flvjnvh.exec:\flvjnvh.exe56⤵
- Executes dropped EXE
-
\??\c:\jfxdlhn.exec:\jfxdlhn.exe57⤵
- Executes dropped EXE
-
\??\c:\bfdvbnp.exec:\bfdvbnp.exe58⤵
- Executes dropped EXE
-
\??\c:\dxtppl.exec:\dxtppl.exe59⤵
- Executes dropped EXE
-
\??\c:\fjtdvt.exec:\fjtdvt.exe60⤵
- Executes dropped EXE
-
\??\c:\brplfpx.exec:\brplfpx.exe61⤵
- Executes dropped EXE
-
\??\c:\bhpthf.exec:\bhpthf.exe62⤵
- Executes dropped EXE
-
\??\c:\ptxbjb.exec:\ptxbjb.exe63⤵
- Executes dropped EXE
-
\??\c:\hrdnxd.exec:\hrdnxd.exe64⤵
- Executes dropped EXE
-
\??\c:\pbtfntj.exec:\pbtfntj.exe65⤵
- Executes dropped EXE
-
\??\c:\tjxvtlr.exec:\tjxvtlr.exe66⤵
- Executes dropped EXE
-
\??\c:\fprjlh.exec:\fprjlh.exe67⤵
-
\??\c:\pfdflhp.exec:\pfdflhp.exe68⤵
-
\??\c:\bbnxf.exec:\bbnxf.exe69⤵
-
\??\c:\prtxr.exec:\prtxr.exe70⤵
-
\??\c:\fhbnd.exec:\fhbnd.exe71⤵
-
\??\c:\xjfvn.exec:\xjfvn.exe72⤵
-
\??\c:\fhxdj.exec:\fhxdj.exe73⤵
- System Location Discovery: System Language Discovery
-
\??\c:\fdjvr.exec:\fdjvr.exe74⤵
-
\??\c:\tnldnj.exec:\tnldnj.exe75⤵
-
\??\c:\phpfv.exec:\phpfv.exe76⤵
-
\??\c:\vnnfxnf.exec:\vnnfxnf.exe77⤵
-
\??\c:\bjlpnv.exec:\bjlpnv.exe78⤵
-
\??\c:\nblpjv.exec:\nblpjv.exe79⤵
-
\??\c:\lhtlbnv.exec:\lhtlbnv.exe80⤵
-
\??\c:\xntlvvv.exec:\xntlvvv.exe81⤵
-
\??\c:\tddvxhj.exec:\tddvxhj.exe82⤵
-
\??\c:\jdvnpb.exec:\jdvnpb.exe83⤵
-
\??\c:\fptbtn.exec:\fptbtn.exe84⤵
-
\??\c:\fptdhv.exec:\fptdhv.exe85⤵
-
\??\c:\fppjb.exec:\fppjb.exe86⤵
-
\??\c:\hnxxtrv.exec:\hnxxtrv.exe87⤵
-
\??\c:\vnxjthd.exec:\vnxjthd.exe88⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vtfhj.exec:\vtfhj.exe89⤵
-
\??\c:\nrxvr.exec:\nrxvr.exe90⤵
-
\??\c:\jrtjtdd.exec:\jrtjtdd.exe91⤵
-
\??\c:\rdxldrx.exec:\rdxldrx.exe92⤵
-
\??\c:\dnnnvl.exec:\dnnnvl.exe93⤵
-
\??\c:\rxtjjl.exec:\rxtjjl.exe94⤵
-
\??\c:\fxbhxv.exec:\fxbhxv.exe95⤵
-
\??\c:\hxlnbdd.exec:\hxlnbdd.exe96⤵
-
\??\c:\txrvxfd.exec:\txrvxfd.exe97⤵
-
\??\c:\jxxxllh.exec:\jxxxllh.exe98⤵
-
\??\c:\npjhrpp.exec:\npjhrpp.exe99⤵
-
\??\c:\jffvp.exec:\jffvp.exe100⤵
-
\??\c:\rxjhpdj.exec:\rxjhpdj.exe101⤵
-
\??\c:\tnrfldp.exec:\tnrfldp.exe102⤵
-
\??\c:\brnfvll.exec:\brnfvll.exe103⤵
-
\??\c:\lljvht.exec:\lljvht.exe104⤵
-
\??\c:\llrvf.exec:\llrvf.exe105⤵
-
\??\c:\dhnfth.exec:\dhnfth.exe106⤵
-
\??\c:\fhpnb.exec:\fhpnb.exe107⤵
-
\??\c:\rxbjptf.exec:\rxbjptf.exe108⤵
-
\??\c:\hjfhn.exec:\hjfhn.exe109⤵
-
\??\c:\vfxlnp.exec:\vfxlnp.exe110⤵
-
\??\c:\hrpbnpp.exec:\hrpbnpp.exe111⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jrftnbr.exec:\jrftnbr.exe112⤵
-
\??\c:\ftxlph.exec:\ftxlph.exe113⤵
-
\??\c:\trlfv.exec:\trlfv.exe114⤵
-
\??\c:\bpdjtxj.exec:\bpdjtxj.exe115⤵
-
\??\c:\lfnpv.exec:\lfnpv.exe116⤵
-
\??\c:\pxnvpb.exec:\pxnvpb.exe117⤵
-
\??\c:\rvbbp.exec:\rvbbp.exe118⤵
-
\??\c:\nrntf.exec:\nrntf.exe119⤵
-
\??\c:\nrrpnb.exec:\nrrpnb.exe120⤵
-
\??\c:\pxtjxv.exec:\pxtjxv.exe121⤵
- System Location Discovery: System Language Discovery
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-