Analysis
-
max time kernel
120s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
06/10/2024, 01:56
General
-
Target
2a310d239f53c4bfab3229394f388c144c219cde22800008b126af676c3d02f0N.exe
-
Size
73KB
-
MD5
1bfabca692d1249f8d78d83756c40ae0
-
SHA1
c96e937d4bcb2123238e10fbd4a0255563b334d6
-
SHA256
2a310d239f53c4bfab3229394f388c144c219cde22800008b126af676c3d02f0
-
SHA512
816e3d97199cd9a60484d6d22cb6735555da24211ceb603e91e0052eabf3e3ed79fe738bbc35ef4eb12d7ab10045ad5a643f25478c36878030eefa687583b413
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfUcicP/f69q:ymb3NkkiQ3mdBjFI4V4ci2/fOq
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2a310d239f53c4bfab3229394f388c144c219cde22800008b126af676c3d02f0N.exe"C:\Users\Admin\AppData\Local\Temp\2a310d239f53c4bfab3229394f388c144c219cde22800008b126af676c3d02f0N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrrxxx.exec:\rfrrxxx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rxxxff.exec:\3rxxxff.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnttbh.exec:\bnttbh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jddp.exec:\9jddp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrfxfl.exec:\lrrfxfl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbnn.exec:\hthbnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhtt.exec:\nhnhtt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjp.exec:\vpjjp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xrflrx.exec:\3xrflrx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rfrrxf.exec:\3rfrrxf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnnbh.exec:\nhnnbh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pjjv.exec:\9pjjv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvpd.exec:\pjvpd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dpjp.exec:\7dpjp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxflxfr.exec:\fxflxfr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhtt.exec:\bthhtt.exe17⤵
- Executes dropped EXE
-
\??\c:\5ntbtt.exec:\5ntbtt.exe18⤵
- Executes dropped EXE
-
\??\c:\jpdjv.exec:\jpdjv.exe19⤵
- Executes dropped EXE
-
\??\c:\ddvdd.exec:\ddvdd.exe20⤵
- Executes dropped EXE
-
\??\c:\5frxffr.exec:\5frxffr.exe21⤵
- Executes dropped EXE
-
\??\c:\5nhhnn.exec:\5nhhnn.exe22⤵
- Executes dropped EXE
-
\??\c:\tnbbnt.exec:\tnbbnt.exe23⤵
- Executes dropped EXE
-
\??\c:\dvdjp.exec:\dvdjp.exe24⤵
- Executes dropped EXE
-
\??\c:\rfrxrxf.exec:\rfrxrxf.exe25⤵
- Executes dropped EXE
-
\??\c:\rxllfff.exec:\rxllfff.exe26⤵
- Executes dropped EXE
-
\??\c:\hbbhtb.exec:\hbbhtb.exe27⤵
- Executes dropped EXE
-
\??\c:\ntbtth.exec:\ntbtth.exe28⤵
- Executes dropped EXE
-
\??\c:\pvpjp.exec:\pvpjp.exe29⤵
- Executes dropped EXE
-
\??\c:\3flflll.exec:\3flflll.exe30⤵
- Executes dropped EXE
-
\??\c:\3xlxffl.exec:\3xlxffl.exe31⤵
- Executes dropped EXE
-
\??\c:\htbhnh.exec:\htbhnh.exe32⤵
- Executes dropped EXE
-
\??\c:\jvjpv.exec:\jvjpv.exe33⤵
- Executes dropped EXE
-
\??\c:\9djpj.exec:\9djpj.exe34⤵
- Executes dropped EXE
-
\??\c:\rxxrrlr.exec:\rxxrrlr.exe35⤵
- Executes dropped EXE
-
\??\c:\frxfffl.exec:\frxfffl.exe36⤵
- Executes dropped EXE
-
\??\c:\frxffxf.exec:\frxffxf.exe37⤵
- Executes dropped EXE
-
\??\c:\nbbttt.exec:\nbbttt.exe38⤵
- Executes dropped EXE
-
\??\c:\3djjd.exec:\3djjd.exe39⤵
- Executes dropped EXE
-
\??\c:\jdjpd.exec:\jdjpd.exe40⤵
- Executes dropped EXE
-
\??\c:\rxxxxxr.exec:\rxxxxxr.exe41⤵
- Executes dropped EXE
-
\??\c:\rllxxrx.exec:\rllxxrx.exe42⤵
- Executes dropped EXE
-
\??\c:\1lxffxr.exec:\1lxffxr.exe43⤵
- Executes dropped EXE
-
\??\c:\htnbtn.exec:\htnbtn.exe44⤵
- Executes dropped EXE
-
\??\c:\5thnnn.exec:\5thnnn.exe45⤵
- Executes dropped EXE
-
\??\c:\jvpjv.exec:\jvpjv.exe46⤵
- Executes dropped EXE
-
\??\c:\pvddj.exec:\pvddj.exe47⤵
- Executes dropped EXE
-
\??\c:\9lrxrlr.exec:\9lrxrlr.exe48⤵
- Executes dropped EXE
-
\??\c:\7lfffff.exec:\7lfffff.exe49⤵
- Executes dropped EXE
-
\??\c:\1ntntn.exec:\1ntntn.exe50⤵
- Executes dropped EXE
-
\??\c:\bntntt.exec:\bntntt.exe51⤵
- Executes dropped EXE
-
\??\c:\tnthnt.exec:\tnthnt.exe52⤵
- Executes dropped EXE
-
\??\c:\5jjjj.exec:\5jjjj.exe53⤵
- Executes dropped EXE
-
\??\c:\1jddp.exec:\1jddp.exe54⤵
- Executes dropped EXE
-
\??\c:\fxlxlrx.exec:\fxlxlrx.exe55⤵
- Executes dropped EXE
-
\??\c:\xfrfxlf.exec:\xfrfxlf.exe56⤵
- Executes dropped EXE
-
\??\c:\9hnbtn.exec:\9hnbtn.exe57⤵
- Executes dropped EXE
-
\??\c:\1nhbhb.exec:\1nhbhb.exe58⤵
- Executes dropped EXE
-
\??\c:\dvjvd.exec:\dvjvd.exe59⤵
- Executes dropped EXE
-
\??\c:\3xffxrx.exec:\3xffxrx.exe60⤵
- Executes dropped EXE
-
\??\c:\flrxrfr.exec:\flrxrfr.exe61⤵
- Executes dropped EXE
-
\??\c:\xrlflll.exec:\xrlflll.exe62⤵
- Executes dropped EXE
-
\??\c:\3vjvd.exec:\3vjvd.exe63⤵
- Executes dropped EXE
-
\??\c:\1jvpp.exec:\1jvpp.exe64⤵
- Executes dropped EXE
-
\??\c:\xlxfrrx.exec:\xlxfrrx.exe65⤵
- Executes dropped EXE
-
\??\c:\3xffrrx.exec:\3xffrrx.exe66⤵
-
\??\c:\3htbhn.exec:\3htbhn.exe67⤵
-
\??\c:\9ntbhb.exec:\9ntbhb.exe68⤵
-
\??\c:\pjvjv.exec:\pjvjv.exe69⤵
-
\??\c:\dvdjp.exec:\dvdjp.exe70⤵
-
\??\c:\frfflfl.exec:\frfflfl.exe71⤵
-
\??\c:\rfxxrff.exec:\rfxxrff.exe72⤵
-
\??\c:\thntbh.exec:\thntbh.exe73⤵
-
\??\c:\htnntn.exec:\htnntn.exe74⤵
-
\??\c:\tnthnt.exec:\tnthnt.exe75⤵
-
\??\c:\dpddj.exec:\dpddj.exe76⤵
-
\??\c:\1vvdd.exec:\1vvdd.exe77⤵
-
\??\c:\lrxxxrf.exec:\lrxxxrf.exe78⤵
-
\??\c:\9fxxllx.exec:\9fxxllx.exe79⤵
-
\??\c:\thnnnn.exec:\thnnnn.exe80⤵
-
\??\c:\bnbhnn.exec:\bnbhnn.exe81⤵
-
\??\c:\jvjpp.exec:\jvjpp.exe82⤵
-
\??\c:\vpjjj.exec:\vpjjj.exe83⤵
-
\??\c:\lxllllf.exec:\lxllllf.exe84⤵
-
\??\c:\frxxllr.exec:\frxxllr.exe85⤵
-
\??\c:\httbbh.exec:\httbbh.exe86⤵
-
\??\c:\9ntbbh.exec:\9ntbbh.exe87⤵
-
\??\c:\vvddv.exec:\vvddv.exe88⤵
-
\??\c:\dpjjv.exec:\dpjjv.exe89⤵
-
\??\c:\3frrrrx.exec:\3frrrrx.exe90⤵
-
\??\c:\flfxlfx.exec:\flfxlfx.exe91⤵
-
\??\c:\nhhntt.exec:\nhhntt.exe92⤵
-
\??\c:\ntbbtn.exec:\ntbbtn.exe93⤵
-
\??\c:\jvvdd.exec:\jvvdd.exe94⤵
-
\??\c:\ddpjd.exec:\ddpjd.exe95⤵
-
\??\c:\3rllxxx.exec:\3rllxxx.exe96⤵
-
\??\c:\fxflxrx.exec:\fxflxrx.exe97⤵
-
\??\c:\lxfflll.exec:\lxfflll.exe98⤵
-
\??\c:\tbtbhn.exec:\tbtbhn.exe99⤵
-
\??\c:\jdppp.exec:\jdppp.exe100⤵
-
\??\c:\7pppv.exec:\7pppv.exe101⤵
-
\??\c:\pvjdd.exec:\pvjdd.exe102⤵
-
\??\c:\flrxrrx.exec:\flrxrrx.exe103⤵
-
\??\c:\frfxrrr.exec:\frfxrrr.exe104⤵
-
\??\c:\nbbhtt.exec:\nbbhtt.exe105⤵
-
\??\c:\bnnhhb.exec:\bnnhhb.exe106⤵
-
\??\c:\thbhnn.exec:\thbhnn.exe107⤵
-
\??\c:\jdjvd.exec:\jdjvd.exe108⤵
-
\??\c:\jpppj.exec:\jpppj.exe109⤵
-
\??\c:\dpjjp.exec:\dpjjp.exe110⤵
-
\??\c:\rffflfx.exec:\rffflfx.exe111⤵
-
\??\c:\frxfllx.exec:\frxfllx.exe112⤵
-
\??\c:\7btbhn.exec:\7btbhn.exe113⤵
-
\??\c:\9bntbh.exec:\9bntbh.exe114⤵
-
\??\c:\nbhbhh.exec:\nbhbhh.exe115⤵
-
\??\c:\vdjjd.exec:\vdjjd.exe116⤵
-
\??\c:\pjppd.exec:\pjppd.exe117⤵
-
\??\c:\vjvdj.exec:\vjvdj.exe118⤵
-
\??\c:\5rrxxrf.exec:\5rrxxrf.exe119⤵
-
\??\c:\rfrxxrx.exec:\rfrxxrx.exe120⤵
-
\??\c:\9bnnnt.exec:\9bnnnt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-