Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
05/10/2024, 22:01
General
-
Target
62f4662f9909899d9a59cdbb17d1cfdce4138dbe275c75ff87deb01a1c519295.exe
-
Size
64KB
-
MD5
4948e4ac3dfeee3aa5fc4229541b515b
-
SHA1
fe19811fe3ff6479a740dea6a52ced6a9ddf730f
-
SHA256
62f4662f9909899d9a59cdbb17d1cfdce4138dbe275c75ff87deb01a1c519295
-
SHA512
52db3bc6d8f074668cbf6a1be1f8040fc68ae84285a1c106ed2e3e0276e3bb492a3f45403cb5c712c8faed0a2edfaf877fe9f335470cc8abf8e41fcd11dd716e
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI9L27B1k:ymb3NkkiQ3mdBjFI9c6
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 21 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\62f4662f9909899d9a59cdbb17d1cfdce4138dbe275c75ff87deb01a1c519295.exe"C:\Users\Admin\AppData\Local\Temp\62f4662f9909899d9a59cdbb17d1cfdce4138dbe275c75ff87deb01a1c519295.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vddpv.exec:\vddpv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflrffl.exec:\lflrffl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbttbb.exec:\hbttbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vjpv.exec:\1vjpv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppp.exec:\jdppp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlfrrf.exec:\xrlfrrf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxlxxl.exec:\llxlxxl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjvp.exec:\vpjvp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pjjv.exec:\3pjjv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xxxlrf.exec:\1xxxlrf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ffxlrx.exec:\1ffxlrx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbnhn.exec:\htbnhn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvp.exec:\jvdvp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rxfrxl.exec:\1rxfrxl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbnt.exec:\nhtbnt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnthn.exec:\btnthn.exe17⤵
- Executes dropped EXE
-
\??\c:\3vdpd.exec:\3vdpd.exe18⤵
- Executes dropped EXE
-
\??\c:\xxrxllx.exec:\xxrxllx.exe19⤵
- Executes dropped EXE
-
\??\c:\1lrxfrx.exec:\1lrxfrx.exe20⤵
- Executes dropped EXE
-
\??\c:\nhtbnn.exec:\nhtbnn.exe21⤵
- Executes dropped EXE
-
\??\c:\nnhtbn.exec:\nnhtbn.exe22⤵
- Executes dropped EXE
-
\??\c:\7dppv.exec:\7dppv.exe23⤵
- Executes dropped EXE
-
\??\c:\rlxfxxl.exec:\rlxfxxl.exe24⤵
- Executes dropped EXE
-
\??\c:\9rlrflr.exec:\9rlrflr.exe25⤵
- Executes dropped EXE
-
\??\c:\hhnntt.exec:\hhnntt.exe26⤵
- Executes dropped EXE
-
\??\c:\ntbntn.exec:\ntbntn.exe27⤵
- Executes dropped EXE
-
\??\c:\rlxffxx.exec:\rlxffxx.exe28⤵
- Executes dropped EXE
-
\??\c:\7xlfxxf.exec:\7xlfxxf.exe29⤵
- Executes dropped EXE
-
\??\c:\tnthtn.exec:\tnthtn.exe30⤵
- Executes dropped EXE
-
\??\c:\3tnnhh.exec:\3tnnhh.exe31⤵
- Executes dropped EXE
-
\??\c:\3vjvp.exec:\3vjvp.exe32⤵
- Executes dropped EXE
-
\??\c:\xrxlrlr.exec:\xrxlrlr.exe33⤵
- Executes dropped EXE
-
\??\c:\rllxlxx.exec:\rllxlxx.exe34⤵
- Executes dropped EXE
-
\??\c:\nbnttt.exec:\nbnttt.exe35⤵
- Executes dropped EXE
-
\??\c:\bnhnbb.exec:\bnhnbb.exe36⤵
- Executes dropped EXE
-
\??\c:\jdvdv.exec:\jdvdv.exe37⤵
- Executes dropped EXE
-
\??\c:\dvdjp.exec:\dvdjp.exe38⤵
- Executes dropped EXE
-
\??\c:\7fxflrx.exec:\7fxflrx.exe39⤵
- Executes dropped EXE
-
\??\c:\1rxxllr.exec:\1rxxllr.exe40⤵
- Executes dropped EXE
-
\??\c:\3hnntt.exec:\3hnntt.exe41⤵
- Executes dropped EXE
-
\??\c:\5hbnhh.exec:\5hbnhh.exe42⤵
- Executes dropped EXE
-
\??\c:\jvjvd.exec:\jvjvd.exe43⤵
- Executes dropped EXE
-
\??\c:\xrrrlfl.exec:\xrrrlfl.exe44⤵
- Executes dropped EXE
-
\??\c:\tttbnt.exec:\tttbnt.exe45⤵
- Executes dropped EXE
-
\??\c:\bthbhb.exec:\bthbhb.exe46⤵
- Executes dropped EXE
-
\??\c:\jjvjd.exec:\jjvjd.exe47⤵
- Executes dropped EXE
-
\??\c:\frrffxf.exec:\frrffxf.exe48⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\ffxlflx.exec:\ffxlflx.exe49⤵
- Executes dropped EXE
-
\??\c:\hbnthh.exec:\hbnthh.exe50⤵
- Executes dropped EXE
-
\??\c:\3nnhth.exec:\3nnhth.exe51⤵
- Executes dropped EXE
-
\??\c:\jjvjv.exec:\jjvjv.exe52⤵
- Executes dropped EXE
-
\??\c:\5jjjv.exec:\5jjjv.exe53⤵
- Executes dropped EXE
-
\??\c:\7frrrlr.exec:\7frrrlr.exe54⤵
- Executes dropped EXE
-
\??\c:\1frrxfr.exec:\1frrxfr.exe55⤵
- Executes dropped EXE
-
\??\c:\1hnntt.exec:\1hnntt.exe56⤵
- Executes dropped EXE
-
\??\c:\hhtbnt.exec:\hhtbnt.exe57⤵
- Executes dropped EXE
-
\??\c:\3ppvd.exec:\3ppvd.exe58⤵
- Executes dropped EXE
-
\??\c:\5lffrxf.exec:\5lffrxf.exe59⤵
- Executes dropped EXE
-
\??\c:\fxrfxfl.exec:\fxrfxfl.exe60⤵
- Executes dropped EXE
-
\??\c:\1nnthb.exec:\1nnthb.exe61⤵
- Executes dropped EXE
-
\??\c:\5bbhth.exec:\5bbhth.exe62⤵
- Executes dropped EXE
-
\??\c:\pjddp.exec:\pjddp.exe63⤵
- Executes dropped EXE
-
\??\c:\vpjjj.exec:\vpjjj.exe64⤵
- Executes dropped EXE
-
\??\c:\rlxxxfl.exec:\rlxxxfl.exe65⤵
- Executes dropped EXE
-
\??\c:\lxrrxff.exec:\lxrrxff.exe66⤵
-
\??\c:\7btbhn.exec:\7btbhn.exe67⤵
-
\??\c:\jvjpp.exec:\jvjpp.exe68⤵
-
\??\c:\dpjvp.exec:\dpjvp.exe69⤵
-
\??\c:\xrfffrx.exec:\xrfffrx.exe70⤵
-
\??\c:\llxxxxf.exec:\llxxxxf.exe71⤵
-
\??\c:\tnbttb.exec:\tnbttb.exe72⤵
-
\??\c:\ttnttt.exec:\ttnttt.exe73⤵
-
\??\c:\dvppv.exec:\dvppv.exe74⤵
-
\??\c:\pjjvd.exec:\pjjvd.exe75⤵
-
\??\c:\xrfflll.exec:\xrfflll.exe76⤵
-
\??\c:\3xfrxfl.exec:\3xfrxfl.exe77⤵
-
\??\c:\7btbnn.exec:\7btbnn.exe78⤵
-
\??\c:\ddjpv.exec:\ddjpv.exe79⤵
-
\??\c:\pjvpj.exec:\pjvpj.exe80⤵
-
\??\c:\5fxxflf.exec:\5fxxflf.exe81⤵
-
\??\c:\rlfflll.exec:\rlfflll.exe82⤵
-
\??\c:\tnbbnh.exec:\tnbbnh.exe83⤵
-
\??\c:\hhthbn.exec:\hhthbn.exe84⤵
-
\??\c:\vdjjp.exec:\vdjjp.exe85⤵
-
\??\c:\jvppv.exec:\jvppv.exe86⤵
-
\??\c:\lxrxrxx.exec:\lxrxrxx.exe87⤵
-
\??\c:\lxrrflx.exec:\lxrrflx.exe88⤵
-
\??\c:\llxfllr.exec:\llxfllr.exe89⤵
-
\??\c:\3hhtbh.exec:\3hhtbh.exe90⤵
-
\??\c:\hbthnn.exec:\hbthnn.exe91⤵
-
\??\c:\7vjpv.exec:\7vjpv.exe92⤵
-
\??\c:\vpddp.exec:\vpddp.exe93⤵
-
\??\c:\xxrfffr.exec:\xxrfffr.exe94⤵
-
\??\c:\xxlrflr.exec:\xxlrflr.exe95⤵
-
\??\c:\bhtnhh.exec:\bhtnhh.exe96⤵
-
\??\c:\jjdpp.exec:\jjdpp.exe97⤵
-
\??\c:\9vjjp.exec:\9vjjp.exe98⤵
-
\??\c:\xrlrflr.exec:\xrlrflr.exe99⤵
-
\??\c:\fxlxlxr.exec:\fxlxlxr.exe100⤵
-
\??\c:\btnthb.exec:\btnthb.exe101⤵
-
\??\c:\nhtttb.exec:\nhtttb.exe102⤵
-
\??\c:\nhbbtb.exec:\nhbbtb.exe103⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe104⤵
-
\??\c:\5jjvd.exec:\5jjvd.exe105⤵
-
\??\c:\fxrxlxf.exec:\fxrxlxf.exe106⤵
-
\??\c:\7fxxxfl.exec:\7fxxxfl.exe107⤵
-
\??\c:\7htthh.exec:\7htthh.exe108⤵
-
\??\c:\nttnbt.exec:\nttnbt.exe109⤵
-
\??\c:\7jdpd.exec:\7jdpd.exe110⤵
-
\??\c:\7jvjv.exec:\7jvjv.exe111⤵
-
\??\c:\7rxxrrf.exec:\7rxxrrf.exe112⤵
-
\??\c:\1rlxfxl.exec:\1rlxfxl.exe113⤵
-
\??\c:\3hhttt.exec:\3hhttt.exe114⤵
-
\??\c:\5nhtth.exec:\5nhtth.exe115⤵
-
\??\c:\jjjpp.exec:\jjjpp.exe116⤵
-
\??\c:\vvvdj.exec:\vvvdj.exe117⤵
-
\??\c:\xfrrxll.exec:\xfrrxll.exe118⤵
-
\??\c:\fxlxffl.exec:\fxlxffl.exe119⤵
-
\??\c:\bthnth.exec:\bthnth.exe120⤵
-
\??\c:\9hhhtt.exec:\9hhhtt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-