Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
11-10-2024 21:11
General
-
Target
451e330c80f7784cb9c980c089252bf454e97bf29432caf7419971cefc44d38a.exe
-
Size
71KB
-
MD5
6d4c6b2b189aa2bae17b60322901f153
-
SHA1
6978b0f8f3630a6ffa21c075f280086d0286d356
-
SHA256
451e330c80f7784cb9c980c089252bf454e97bf29432caf7419971cefc44d38a
-
SHA512
c5182059b9e8e21a61058775f70e752e3444fe87abac9c77ef1668b91ded616cf74f34c3a2ad2b35a7c1c2ae4ecbd926d8310e0bad94365f5b1b87264f5388be
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfjF:ymb3NkkiQ3mdBjFI4VV
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\451e330c80f7784cb9c980c089252bf454e97bf29432caf7419971cefc44d38a.exe"C:\Users\Admin\AppData\Local\Temp\451e330c80f7784cb9c980c089252bf454e97bf29432caf7419971cefc44d38a.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bthntb.exec:\bthntb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjvp.exec:\vdjvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lfrxxf.exec:\7lfrxxf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hhtnb.exec:\5hhtnb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjpj.exec:\jdjpj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfrxxf.exec:\rrfrxxf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxlrfr.exec:\llxlrfr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbbhn.exec:\tbbbhn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthtbt.exec:\bthtbt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjpd.exec:\ppjpd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrrlff.exec:\xlrrlff.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbnhn.exec:\hbbnhn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbnhh.exec:\nnbnhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjv.exec:\pjdjv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlxlxf.exec:\lxlxlxf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbntt.exec:\nnbntt.exe17⤵
- Executes dropped EXE
-
\??\c:\vdjvp.exec:\vdjvp.exe18⤵
- Executes dropped EXE
-
\??\c:\vpjpv.exec:\vpjpv.exe19⤵
- Executes dropped EXE
-
\??\c:\xflllfx.exec:\xflllfx.exe20⤵
- Executes dropped EXE
-
\??\c:\7thbnb.exec:\7thbnb.exe21⤵
- Executes dropped EXE
-
\??\c:\jpdpv.exec:\jpdpv.exe22⤵
- Executes dropped EXE
-
\??\c:\jpdpv.exec:\jpdpv.exe23⤵
- Executes dropped EXE
-
\??\c:\lfxxxlr.exec:\lfxxxlr.exe24⤵
- Executes dropped EXE
-
\??\c:\xrfflrf.exec:\xrfflrf.exe25⤵
- Executes dropped EXE
-
\??\c:\hhhnth.exec:\hhhnth.exe26⤵
- Executes dropped EXE
-
\??\c:\vvvjp.exec:\vvvjp.exe27⤵
- Executes dropped EXE
-
\??\c:\pjvdp.exec:\pjvdp.exe28⤵
- Executes dropped EXE
-
\??\c:\7rrxflx.exec:\7rrxflx.exe29⤵
- Executes dropped EXE
-
\??\c:\nnhtnt.exec:\nnhtnt.exe30⤵
- Executes dropped EXE
-
\??\c:\5ppjp.exec:\5ppjp.exe31⤵
- Executes dropped EXE
-
\??\c:\rllxxfx.exec:\rllxxfx.exe32⤵
- Executes dropped EXE
-
\??\c:\ffrxlrr.exec:\ffrxlrr.exe33⤵
- Executes dropped EXE
-
\??\c:\3btnhh.exec:\3btnhh.exe34⤵
- Executes dropped EXE
-
\??\c:\1jjpd.exec:\1jjpd.exe35⤵
- Executes dropped EXE
-
\??\c:\3vpdj.exec:\3vpdj.exe36⤵
- Executes dropped EXE
-
\??\c:\xxrlxfx.exec:\xxrlxfx.exe37⤵
- Executes dropped EXE
-
\??\c:\rrxlxlx.exec:\rrxlxlx.exe38⤵
- Executes dropped EXE
-
\??\c:\bnbtbh.exec:\bnbtbh.exe39⤵
- Executes dropped EXE
-
\??\c:\btbhnn.exec:\btbhnn.exe40⤵
- Executes dropped EXE
-
\??\c:\djdvd.exec:\djdvd.exe41⤵
- Executes dropped EXE
-
\??\c:\jjpjj.exec:\jjpjj.exe42⤵
- Executes dropped EXE
-
\??\c:\fxllrrx.exec:\fxllrrx.exe43⤵
- Executes dropped EXE
-
\??\c:\nnhbhh.exec:\nnhbhh.exe44⤵
- Executes dropped EXE
-
\??\c:\thbhtb.exec:\thbhtb.exe45⤵
- Executes dropped EXE
-
\??\c:\jjdjv.exec:\jjdjv.exe46⤵
- Executes dropped EXE
-
\??\c:\jjpvd.exec:\jjpvd.exe47⤵
- Executes dropped EXE
-
\??\c:\fffrllf.exec:\fffrllf.exe48⤵
- Executes dropped EXE
-
\??\c:\1nbhth.exec:\1nbhth.exe49⤵
- Executes dropped EXE
-
\??\c:\tbnhhb.exec:\tbnhhb.exe50⤵
- Executes dropped EXE
-
\??\c:\1jjpp.exec:\1jjpp.exe51⤵
- Executes dropped EXE
-
\??\c:\pjpdd.exec:\pjpdd.exe52⤵
- Executes dropped EXE
-
\??\c:\lfrfrxr.exec:\lfrfrxr.exe53⤵
- Executes dropped EXE
-
\??\c:\xllfrxf.exec:\xllfrxf.exe54⤵
- Executes dropped EXE
-
\??\c:\rlxfrrf.exec:\rlxfrrf.exe55⤵
- Executes dropped EXE
-
\??\c:\nnbnhn.exec:\nnbnhn.exe56⤵
- Executes dropped EXE
-
\??\c:\9djvp.exec:\9djvp.exe57⤵
- Executes dropped EXE
-
\??\c:\1vjdj.exec:\1vjdj.exe58⤵
- Executes dropped EXE
-
\??\c:\llfxlxf.exec:\llfxlxf.exe59⤵
- Executes dropped EXE
-
\??\c:\lfrxflx.exec:\lfrxflx.exe60⤵
- Executes dropped EXE
-
\??\c:\9nnttb.exec:\9nnttb.exe61⤵
- Executes dropped EXE
-
\??\c:\nhhtnn.exec:\nhhtnn.exe62⤵
- Executes dropped EXE
-
\??\c:\pjjjd.exec:\pjjjd.exe63⤵
- Executes dropped EXE
-
\??\c:\vvdpd.exec:\vvdpd.exe64⤵
- Executes dropped EXE
-
\??\c:\1jvpj.exec:\1jvpj.exe65⤵
- Executes dropped EXE
-
\??\c:\rlrllff.exec:\rlrllff.exe66⤵
-
\??\c:\5rffrxl.exec:\5rffrxl.exe67⤵
-
\??\c:\btthnb.exec:\btthnb.exe68⤵
-
\??\c:\tnhntb.exec:\tnhntb.exe69⤵
-
\??\c:\pjvjd.exec:\pjvjd.exe70⤵
-
\??\c:\dddpp.exec:\dddpp.exe71⤵
-
\??\c:\7fflxfr.exec:\7fflxfr.exe72⤵
-
\??\c:\lxllrxl.exec:\lxllrxl.exe73⤵
-
\??\c:\tnbnbn.exec:\tnbnbn.exe74⤵
-
\??\c:\bhhhth.exec:\bhhhth.exe75⤵
- System Location Discovery: System Language Discovery
-
\??\c:\3dpvp.exec:\3dpvp.exe76⤵
-
\??\c:\9ddjv.exec:\9ddjv.exe77⤵
-
\??\c:\lfrxfrx.exec:\lfrxfrx.exe78⤵
-
\??\c:\rrfxlrf.exec:\rrfxlrf.exe79⤵
-
\??\c:\btthnb.exec:\btthnb.exe80⤵
-
\??\c:\nhthnt.exec:\nhthnt.exe81⤵
-
\??\c:\ppvjd.exec:\ppvjd.exe82⤵
-
\??\c:\9jpdj.exec:\9jpdj.exe83⤵
-
\??\c:\7xrxlfr.exec:\7xrxlfr.exe84⤵
-
\??\c:\flrlfll.exec:\flrlfll.exe85⤵
-
\??\c:\nhtbbh.exec:\nhtbbh.exe86⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe87⤵
-
\??\c:\5dddp.exec:\5dddp.exe88⤵
-
\??\c:\llffxlx.exec:\llffxlx.exe89⤵
-
\??\c:\lrrffrr.exec:\lrrffrr.exe90⤵
-
\??\c:\ttbtbt.exec:\ttbtbt.exe91⤵
-
\??\c:\ddvpv.exec:\ddvpv.exe92⤵
-
\??\c:\vpppp.exec:\vpppp.exe93⤵
-
\??\c:\1xlfxxl.exec:\1xlfxxl.exe94⤵
-
\??\c:\flrfxlr.exec:\flrfxlr.exe95⤵
-
\??\c:\ttnbbh.exec:\ttnbbh.exe96⤵
-
\??\c:\ppppp.exec:\ppppp.exe97⤵
-
\??\c:\1vjpj.exec:\1vjpj.exe98⤵
-
\??\c:\7rrxlrr.exec:\7rrxlrr.exe99⤵
-
\??\c:\llxxxlf.exec:\llxxxlf.exe100⤵
-
\??\c:\nnthbt.exec:\nnthbt.exe101⤵
-
\??\c:\tbtnht.exec:\tbtnht.exe102⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe103⤵
-
\??\c:\xxxflrx.exec:\xxxflrx.exe104⤵
-
\??\c:\flxrrlr.exec:\flxrrlr.exe105⤵
-
\??\c:\nnnhhn.exec:\nnnhhn.exe106⤵
-
\??\c:\jpvpv.exec:\jpvpv.exe107⤵
-
\??\c:\ppppd.exec:\ppppd.exe108⤵
-
\??\c:\rlxxflx.exec:\rlxxflx.exe109⤵
-
\??\c:\lllrffl.exec:\lllrffl.exe110⤵
-
\??\c:\ntthbb.exec:\ntthbb.exe111⤵
-
\??\c:\7bhhhb.exec:\7bhhhb.exe112⤵
-
\??\c:\vppjp.exec:\vppjp.exe113⤵
-
\??\c:\lllxlxr.exec:\lllxlxr.exe114⤵
-
\??\c:\xxxflxr.exec:\xxxflxr.exe115⤵
-
\??\c:\tnhnbb.exec:\tnhnbb.exe116⤵
-
\??\c:\ttthhn.exec:\ttthhn.exe117⤵
-
\??\c:\nnnhtb.exec:\nnnhtb.exe118⤵
-
\??\c:\pdjvp.exec:\pdjvp.exe119⤵
-
\??\c:\5llxfrx.exec:\5llxfrx.exe120⤵
-
\??\c:\fxflrll.exec:\fxflrll.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-