Analysis
-
max time kernel
150s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
06-10-2024 03:00
General
-
Target
d8686a5b1a4688c2253ae793ca949389c425466a74150a90b1d5fb0887dc4fee.exe
-
Size
71KB
-
MD5
a4673542dd6d0e4ac70ea604f3a3f08c
-
SHA1
8e0fd2b5ad6bcf355fc81943b1924396d531c724
-
SHA256
d8686a5b1a4688c2253ae793ca949389c425466a74150a90b1d5fb0887dc4fee
-
SHA512
9a57b62249a2e758322b146deb733b45e8d0dad1ae1c33d549c1aad59d334f04de2c8cbf81d20252acf80608e0d56f1dc165fb21ad80ec3c20e2ef1decfb407e
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfj5hq:ymb3NkkiQ3mdBjFI4Vq
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d8686a5b1a4688c2253ae793ca949389c425466a74150a90b1d5fb0887dc4fee.exe"C:\Users\Admin\AppData\Local\Temp\d8686a5b1a4688c2253ae793ca949389c425466a74150a90b1d5fb0887dc4fee.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7vdvv.exec:\7vdvv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdv.exec:\pdjdv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxrxxr.exec:\lxxrxxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pjjp.exec:\9pjjp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddp.exec:\dvddp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxxffx.exec:\lrxxffx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfxfl.exec:\xllfxfl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3btbbt.exec:\3btbbt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvvd.exec:\dpvvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjvv.exec:\dpjvv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjpd.exec:\dvjpd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflllll.exec:\lflllll.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lxfrlx.exec:\5lxfrlx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9thttb.exec:\9thttb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbhb.exec:\hthbhb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntbbh.exec:\bntbbh.exe17⤵
- Executes dropped EXE
-
\??\c:\vpppp.exec:\vpppp.exe18⤵
- Executes dropped EXE
-
\??\c:\jjppp.exec:\jjppp.exe19⤵
- Executes dropped EXE
-
\??\c:\7dpdj.exec:\7dpdj.exe20⤵
- Executes dropped EXE
-
\??\c:\1flfffl.exec:\1flfffl.exe21⤵
- Executes dropped EXE
-
\??\c:\fxrrxxf.exec:\fxrrxxf.exe22⤵
- Executes dropped EXE
-
\??\c:\thtbhh.exec:\thtbhh.exe23⤵
- Executes dropped EXE
-
\??\c:\nhbbbh.exec:\nhbbbh.exe24⤵
- Executes dropped EXE
-
\??\c:\7nbhbb.exec:\7nbhbb.exe25⤵
- Executes dropped EXE
-
\??\c:\dpjpv.exec:\dpjpv.exe26⤵
- Executes dropped EXE
-
\??\c:\9vjjv.exec:\9vjjv.exe27⤵
- Executes dropped EXE
-
\??\c:\rlrfxfr.exec:\rlrfxfr.exe28⤵
- Executes dropped EXE
-
\??\c:\frfrxrr.exec:\frfrxrr.exe29⤵
- Executes dropped EXE
-
\??\c:\rlxlflr.exec:\rlxlflr.exe30⤵
- Executes dropped EXE
-
\??\c:\nhtnbb.exec:\nhtnbb.exe31⤵
- Executes dropped EXE
-
\??\c:\nhtbnt.exec:\nhtbnt.exe32⤵
- Executes dropped EXE
-
\??\c:\jpvjd.exec:\jpvjd.exe33⤵
- Executes dropped EXE
-
\??\c:\pjvpd.exec:\pjvpd.exe34⤵
- Executes dropped EXE
-
\??\c:\lxllffl.exec:\lxllffl.exe35⤵
- Executes dropped EXE
-
\??\c:\rrflflr.exec:\rrflflr.exe36⤵
- Executes dropped EXE
-
\??\c:\rxlfxlr.exec:\rxlfxlr.exe37⤵
- Executes dropped EXE
-
\??\c:\nhthnn.exec:\nhthnn.exe38⤵
- Executes dropped EXE
-
\??\c:\tnbbnb.exec:\tnbbnb.exe39⤵
- Executes dropped EXE
-
\??\c:\vppvd.exec:\vppvd.exe40⤵
- Executes dropped EXE
-
\??\c:\xxlxllx.exec:\xxlxllx.exe41⤵
- Executes dropped EXE
-
\??\c:\lfxlflx.exec:\lfxlflx.exe42⤵
- Executes dropped EXE
-
\??\c:\tnbhnn.exec:\tnbhnn.exe43⤵
- Executes dropped EXE
-
\??\c:\1httbb.exec:\1httbb.exe44⤵
- Executes dropped EXE
-
\??\c:\pppdj.exec:\pppdj.exe45⤵
- Executes dropped EXE
-
\??\c:\1lflxlx.exec:\1lflxlx.exe46⤵
- Executes dropped EXE
-
\??\c:\rrfrlxf.exec:\rrfrlxf.exe47⤵
- Executes dropped EXE
-
\??\c:\bbntht.exec:\bbntht.exe48⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\bbthtt.exec:\bbthtt.exe49⤵
- Executes dropped EXE
-
\??\c:\9pdvd.exec:\9pdvd.exe50⤵
- Executes dropped EXE
-
\??\c:\vjvdd.exec:\vjvdd.exe51⤵
- Executes dropped EXE
-
\??\c:\fxrrrfr.exec:\fxrrrfr.exe52⤵
- Executes dropped EXE
-
\??\c:\llfrlxl.exec:\llfrlxl.exe53⤵
- Executes dropped EXE
-
\??\c:\ttnbth.exec:\ttnbth.exe54⤵
- Executes dropped EXE
-
\??\c:\pjdjj.exec:\pjdjj.exe55⤵
- Executes dropped EXE
-
\??\c:\rfxfllr.exec:\rfxfllr.exe56⤵
- Executes dropped EXE
-
\??\c:\bthntb.exec:\bthntb.exe57⤵
- Executes dropped EXE
-
\??\c:\nnhnhn.exec:\nnhnhn.exe58⤵
- Executes dropped EXE
-
\??\c:\7jvdp.exec:\7jvdp.exe59⤵
- Executes dropped EXE
-
\??\c:\ppddp.exec:\ppddp.exe60⤵
- Executes dropped EXE
-
\??\c:\llrxlxl.exec:\llrxlxl.exe61⤵
- Executes dropped EXE
-
\??\c:\ttntnt.exec:\ttntnt.exe62⤵
- Executes dropped EXE
-
\??\c:\hhbhnn.exec:\hhbhnn.exe63⤵
- Executes dropped EXE
-
\??\c:\pvpvj.exec:\pvpvj.exe64⤵
- Executes dropped EXE
-
\??\c:\rlxxlxf.exec:\rlxxlxf.exe65⤵
- Executes dropped EXE
-
\??\c:\ffrlxfl.exec:\ffrlxfl.exe66⤵
-
\??\c:\3ddjv.exec:\3ddjv.exe67⤵
-
\??\c:\rrllrxl.exec:\rrllrxl.exe68⤵
-
\??\c:\rlflrxr.exec:\rlflrxr.exe69⤵
-
\??\c:\5nnthn.exec:\5nnthn.exe70⤵
-
\??\c:\1pppp.exec:\1pppp.exe71⤵
-
\??\c:\vpjpj.exec:\vpjpj.exe72⤵
-
\??\c:\9lxrxxf.exec:\9lxrxxf.exe73⤵
-
\??\c:\ffxflxf.exec:\ffxflxf.exe74⤵
-
\??\c:\bnbbbb.exec:\bnbbbb.exe75⤵
-
\??\c:\ppvvv.exec:\ppvvv.exe76⤵
-
\??\c:\5dvvj.exec:\5dvvj.exe77⤵
-
\??\c:\7jpvv.exec:\7jpvv.exe78⤵
-
\??\c:\xrfrrrf.exec:\xrfrrrf.exe79⤵
-
\??\c:\thbhnt.exec:\thbhnt.exe80⤵
-
\??\c:\nbnttn.exec:\nbnttn.exe81⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe82⤵
-
\??\c:\jvddj.exec:\jvddj.exe83⤵
-
\??\c:\fflllrx.exec:\fflllrx.exe84⤵
-
\??\c:\fxrflff.exec:\fxrflff.exe85⤵
-
\??\c:\1thnnh.exec:\1thnnh.exe86⤵
-
\??\c:\btntbn.exec:\btntbn.exe87⤵
-
\??\c:\ddpjv.exec:\ddpjv.exe88⤵
-
\??\c:\1vpdv.exec:\1vpdv.exe89⤵
-
\??\c:\rlrrxxf.exec:\rlrrxxf.exe90⤵
-
\??\c:\5flllfr.exec:\5flllfr.exe91⤵
-
\??\c:\3tnnhh.exec:\3tnnhh.exe92⤵
-
\??\c:\9thtbt.exec:\9thtbt.exe93⤵
-
\??\c:\dvppd.exec:\dvppd.exe94⤵
-
\??\c:\rrfrflr.exec:\rrfrflr.exe95⤵
-
\??\c:\9lrllrl.exec:\9lrllrl.exe96⤵
-
\??\c:\ththnt.exec:\ththnt.exe97⤵
-
\??\c:\7bbbhn.exec:\7bbbhn.exe98⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe99⤵
-
\??\c:\9ppvj.exec:\9ppvj.exe100⤵
-
\??\c:\lfflrxf.exec:\lfflrxf.exe101⤵
-
\??\c:\rllfllr.exec:\rllfllr.exe102⤵
-
\??\c:\7htntt.exec:\7htntt.exe103⤵
-
\??\c:\hnthtt.exec:\hnthtt.exe104⤵
-
\??\c:\hbhnnt.exec:\hbhnnt.exe105⤵
-
\??\c:\dvdjp.exec:\dvdjp.exe106⤵
-
\??\c:\fxlrffl.exec:\fxlrffl.exe107⤵
-
\??\c:\ffxfrxl.exec:\ffxfrxl.exe108⤵
-
\??\c:\xrrlxrx.exec:\xrrlxrx.exe109⤵
-
\??\c:\7tbnth.exec:\7tbnth.exe110⤵
-
\??\c:\nbhnbt.exec:\nbhnbt.exe111⤵
-
\??\c:\jdvjj.exec:\jdvjj.exe112⤵
-
\??\c:\vpddd.exec:\vpddd.exe113⤵
-
\??\c:\rxxlrlx.exec:\rxxlrlx.exe114⤵
-
\??\c:\1lrxflr.exec:\1lrxflr.exe115⤵
-
\??\c:\ttbtnt.exec:\ttbtnt.exe116⤵
-
\??\c:\1thntb.exec:\1thntb.exe117⤵
-
\??\c:\ppjjd.exec:\ppjjd.exe118⤵
-
\??\c:\3jvjp.exec:\3jvjp.exe119⤵
-
\??\c:\lflrxfr.exec:\lflrxfr.exe120⤵
-
\??\c:\bthhhn.exec:\bthhhn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-