Analysis
-
max time kernel
121s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
30-10-2024 15:08
General
-
Target
e5625c489c1e0bf709ed0520213100249eae350169b291faf8d1554b0f0e2a6fN.exe
-
Size
3.7MB
-
MD5
e43ed5e8cbf3fc1c2be1cfd902a42610
-
SHA1
3c8127f9e677b7a290948b1710d185969959b493
-
SHA256
e5625c489c1e0bf709ed0520213100249eae350169b291faf8d1554b0f0e2a6f
-
SHA512
85196882da91d9904abd981761fe10ab13ad3cb0c15e452dad0fcee6e5b59b693139714dcc4dc8b7caf4583a5959742176c91b1447f5e15258f7f30702baff59
-
SSDEEP
49152:gCOfN6X5tLLQTg20ITS/PPs/1kS4eKRL/SRsj0Zuur1T75YqVUrmNF98g:U6XLq/qPPslzKx/dJg1ErmNj
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 44 IoCs
-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e5625c489c1e0bf709ed0520213100249eae350169b291faf8d1554b0f0e2a6fN.exe"C:\Users\Admin\AppData\Local\Temp\e5625c489c1e0bf709ed0520213100249eae350169b291faf8d1554b0f0e2a6fN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dfxnbfj.exec:\dfxnbfj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vhbfhrh.exec:\vhbfhrh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbnjv.exec:\ttbnjv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpbvjfx.exec:\dpbvjfx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jbttnr.exec:\jbttnr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxprnp.exec:\fxprnp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lhrnf.exec:\lhrnf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jhvxrhn.exec:\jhvxrhn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htndt.exec:\htndt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vnjftb.exec:\vnjftb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bxvdh.exec:\bxvdh.exe12⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\bppplv.exec:\bppplv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dxvhp.exec:\dxvhp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfbjb.exec:\xfbjb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vttfjh.exec:\vttfjh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dbphf.exec:\dbphf.exe17⤵
- Executes dropped EXE
-
\??\c:\vxrrhpx.exec:\vxrrhpx.exe18⤵
- Executes dropped EXE
-
\??\c:\bxnptjb.exec:\bxnptjb.exe19⤵
- Executes dropped EXE
-
\??\c:\rfbhbrh.exec:\rfbhbrh.exe20⤵
- Executes dropped EXE
-
\??\c:\rxtbhj.exec:\rxtbhj.exe21⤵
- Executes dropped EXE
-
\??\c:\xttjbf.exec:\xttjbf.exe22⤵
- Executes dropped EXE
-
\??\c:\dvrrhtl.exec:\dvrrhtl.exe23⤵
- Executes dropped EXE
-
\??\c:\vjlnn.exec:\vjlnn.exe24⤵
- Executes dropped EXE
-
\??\c:\tjnhld.exec:\tjnhld.exe25⤵
- Executes dropped EXE
-
\??\c:\lrhjfbf.exec:\lrhjfbf.exe26⤵
- Executes dropped EXE
-
\??\c:\ldxhhln.exec:\ldxhhln.exe27⤵
- Executes dropped EXE
-
\??\c:\jhhbxdj.exec:\jhhbxdj.exe28⤵
- Executes dropped EXE
-
\??\c:\tnvjr.exec:\tnvjr.exe29⤵
- Executes dropped EXE
-
\??\c:\vrbflxn.exec:\vrbflxn.exe30⤵
- Executes dropped EXE
-
\??\c:\ltrbtlr.exec:\ltrbtlr.exe31⤵
- Executes dropped EXE
-
\??\c:\bvxpl.exec:\bvxpl.exe32⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rtftnhr.exec:\rtftnhr.exe33⤵
- Executes dropped EXE
-
\??\c:\xxlpdvr.exec:\xxlpdvr.exe34⤵
- Executes dropped EXE
-
\??\c:\jvrrphp.exec:\jvrrphp.exe35⤵
- Executes dropped EXE
-
\??\c:\xtprd.exec:\xtprd.exe36⤵
- Executes dropped EXE
-
\??\c:\jnlvrd.exec:\jnlvrd.exe37⤵
- Executes dropped EXE
-
\??\c:\bvxxrp.exec:\bvxxrp.exe38⤵
- Executes dropped EXE
-
\??\c:\xjjdxhn.exec:\xjjdxhn.exe39⤵
- Executes dropped EXE
-
\??\c:\bjvdptv.exec:\bjvdptv.exe40⤵
- Executes dropped EXE
-
\??\c:\pdrvh.exec:\pdrvh.exe41⤵
- Executes dropped EXE
-
\??\c:\ppbdx.exec:\ppbdx.exe42⤵
- Executes dropped EXE
-
\??\c:\bpblpp.exec:\bpblpp.exe43⤵
- Executes dropped EXE
-
\??\c:\bhnpl.exec:\bhnpl.exe44⤵
- Executes dropped EXE
-
\??\c:\jhvllb.exec:\jhvllb.exe45⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\bnplx.exec:\bnplx.exe46⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\lvnpr.exec:\lvnpr.exe47⤵
- Executes dropped EXE
-
\??\c:\xpbdfv.exec:\xpbdfv.exe48⤵
- Executes dropped EXE
-
\??\c:\xbbdn.exec:\xbbdn.exe49⤵
- Executes dropped EXE
-
\??\c:\jtfdxl.exec:\jtfdxl.exe50⤵
- Executes dropped EXE
-
\??\c:\bdfhrjj.exec:\bdfhrjj.exe51⤵
- Executes dropped EXE
-
\??\c:\vfnrbr.exec:\vfnrbr.exe52⤵
- Executes dropped EXE
-
\??\c:\pxnlfln.exec:\pxnlfln.exe53⤵
- Executes dropped EXE
-
\??\c:\tlllx.exec:\tlllx.exe54⤵
- Executes dropped EXE
-
\??\c:\bpjhrtj.exec:\bpjhrtj.exe55⤵
- Executes dropped EXE
-
\??\c:\rxftld.exec:\rxftld.exe56⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\ftpvrxr.exec:\ftpvrxr.exe57⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\hhhbfbd.exec:\hhhbfbd.exe58⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\tflxvbh.exec:\tflxvbh.exe59⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\fdxpnfv.exec:\fdxpnfv.exe60⤵
- Executes dropped EXE
-
\??\c:\xbjnf.exec:\xbjnf.exe61⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rtjvn.exec:\rtjvn.exe62⤵
- Executes dropped EXE
-
\??\c:\jbvpfn.exec:\jbvpfn.exe63⤵
- Executes dropped EXE
-
\??\c:\lnffptx.exec:\lnffptx.exe64⤵
- Executes dropped EXE
-
\??\c:\lnjtpj.exec:\lnjtpj.exe65⤵
- Executes dropped EXE
-
\??\c:\hnllvtn.exec:\hnllvtn.exe66⤵
-
\??\c:\xpltxl.exec:\xpltxl.exe67⤵
-
\??\c:\rnnvpp.exec:\rnnvpp.exe68⤵
-
\??\c:\rnxtft.exec:\rnxtft.exe69⤵
-
\??\c:\rxvvdvd.exec:\rxvvdvd.exe70⤵
-
\??\c:\ftfdf.exec:\ftfdf.exe71⤵
-
\??\c:\fbthxj.exec:\fbthxj.exe72⤵
-
\??\c:\fnrrx.exec:\fnrrx.exe73⤵
-
\??\c:\hpxbv.exec:\hpxbv.exe74⤵
-
\??\c:\pnbfv.exec:\pnbfv.exe75⤵
-
\??\c:\tthhxrt.exec:\tthhxrt.exe76⤵
-
\??\c:\xdtbdnb.exec:\xdtbdnb.exe77⤵
-
\??\c:\nljjf.exec:\nljjf.exe78⤵
-
\??\c:\rrnxvxb.exec:\rrnxvxb.exe79⤵
-
\??\c:\xvjhr.exec:\xvjhr.exe80⤵
-
\??\c:\bxhlrtd.exec:\bxhlrtd.exe81⤵
- System Location Discovery: System Language Discovery
-
\??\c:\njxprh.exec:\njxprh.exe82⤵
-
\??\c:\dhrffn.exec:\dhrffn.exe83⤵
-
\??\c:\hbhrdfr.exec:\hbhrdfr.exe84⤵
-
\??\c:\pbhtn.exec:\pbhtn.exe85⤵
-
\??\c:\fdtpx.exec:\fdtpx.exe86⤵
-
\??\c:\lrfvl.exec:\lrfvl.exe87⤵
-
\??\c:\jbjtb.exec:\jbjtb.exe88⤵
-
\??\c:\fvhbb.exec:\fvhbb.exe89⤵
- System Location Discovery: System Language Discovery
-
\??\c:\prfphrd.exec:\prfphrd.exe90⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ntvlf.exec:\ntvlf.exe91⤵
-
\??\c:\jjhpv.exec:\jjhpv.exe92⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vjxhx.exec:\vjxhx.exe93⤵
-
\??\c:\bhftllr.exec:\bhftllr.exe94⤵
-
\??\c:\ththjr.exec:\ththjr.exe95⤵
-
\??\c:\pbljbjl.exec:\pbljbjl.exe96⤵
-
\??\c:\fpxlt.exec:\fpxlt.exe97⤵
-
\??\c:\hbfnpb.exec:\hbfnpb.exe98⤵
-
\??\c:\fdxhhf.exec:\fdxhhf.exe99⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rpfjjnn.exec:\rpfjjnn.exe100⤵
-
\??\c:\vhhnt.exec:\vhhnt.exe101⤵
-
\??\c:\fvdnxf.exec:\fvdnxf.exe102⤵
-
\??\c:\tltntt.exec:\tltntt.exe103⤵
-
\??\c:\vfrhldt.exec:\vfrhldt.exe104⤵
-
\??\c:\hjdxbv.exec:\hjdxbv.exe105⤵
-
\??\c:\blhfhp.exec:\blhfhp.exe106⤵
-
\??\c:\rlrfxr.exec:\rlrfxr.exe107⤵
- System Location Discovery: System Language Discovery
-
\??\c:\nrbrtt.exec:\nrbrtt.exe108⤵
-
\??\c:\xnxxj.exec:\xnxxj.exe109⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pffnjdd.exec:\pffnjdd.exe110⤵
-
\??\c:\vjtltt.exec:\vjtltt.exe111⤵
-
\??\c:\lxnxt.exec:\lxnxt.exe112⤵
-
\??\c:\ljrjj.exec:\ljrjj.exe113⤵
-
\??\c:\fbtvlj.exec:\fbtvlj.exe114⤵
-
\??\c:\fjvbf.exec:\fjvbf.exe115⤵
-
\??\c:\tnnhhlh.exec:\tnnhhlh.exe116⤵
-
\??\c:\drdbj.exec:\drdbj.exe117⤵
-
\??\c:\pvlfbd.exec:\pvlfbd.exe118⤵
-
\??\c:\vfphrx.exec:\vfphrx.exe119⤵
-
\??\c:\lnnpf.exec:\lnnpf.exe120⤵
-
\??\c:\blfbb.exec:\blfbb.exe121⤵
- System Location Discovery: System Language Discovery
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-