Analysis
-
max time kernel
24s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
01-11-2024 09:20
General
-
Target
665e2c1ba6da46930f6751a2c984dac5a83082e54efe5bd9f24fae53d082da48N.exe
-
Size
75KB
-
MD5
b7f69c53be6094db14af1ff834a1ae70
-
SHA1
e1ca6b42d31e6cbba701b12cc48ba599ce86246c
-
SHA256
665e2c1ba6da46930f6751a2c984dac5a83082e54efe5bd9f24fae53d082da48
-
SHA512
f2287ca08dcc70f7396a5665b09bd1a0ac78e5608a01d1ceb0ff349c4386e7f5f17f5b78ca534321041bf9016092f0283192a67054541658e0c61b70ea17aade
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzk358nLA89OGvrFVHmPi:ymb3NkkiQ3mdBjFIvl358nLA89OMFVHD
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 18 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\665e2c1ba6da46930f6751a2c984dac5a83082e54efe5bd9f24fae53d082da48N.exe"C:\Users\Admin\AppData\Local\Temp\665e2c1ba6da46930f6751a2c984dac5a83082e54efe5bd9f24fae53d082da48N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjjd.exec:\vdjjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrfxrff.exec:\lrfxrff.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbhhn.exec:\nbbhhn.exe4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\1dddj.exec:\1dddj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrllxr.exec:\frrllxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1frflfx.exec:\1frflfx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnhbt.exec:\tbnhbt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddvd.exec:\vddvd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vpjd.exec:\3vpjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflffrl.exec:\rflffrl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflxrll.exec:\fflxrll.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbtnh.exec:\ttbtnh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbnbh.exec:\bhbnbh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ddvp.exec:\5ddvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjdj.exec:\dvjdj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxrxrx.exec:\rfxrxrx.exe17⤵
- Executes dropped EXE
-
\??\c:\rlrlllf.exec:\rlrlllf.exe18⤵
- Executes dropped EXE
-
\??\c:\tnnhnb.exec:\tnnhnb.exe19⤵
- Executes dropped EXE
-
\??\c:\tbttbn.exec:\tbttbn.exe20⤵
- Executes dropped EXE
-
\??\c:\vpvpp.exec:\vpvpp.exe21⤵
- Executes dropped EXE
-
\??\c:\fllrxll.exec:\fllrxll.exe22⤵
- Executes dropped EXE
-
\??\c:\lllfxlf.exec:\lllfxlf.exe23⤵
- Executes dropped EXE
-
\??\c:\xflrxrr.exec:\xflrxrr.exe24⤵
- Executes dropped EXE
-
\??\c:\hbbtnn.exec:\hbbtnn.exe25⤵
- Executes dropped EXE
-
\??\c:\hntnhb.exec:\hntnhb.exe26⤵
- Executes dropped EXE
-
\??\c:\djvpv.exec:\djvpv.exe27⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\vvjjp.exec:\vvjjp.exe28⤵
- Executes dropped EXE
-
\??\c:\lffrrll.exec:\lffrrll.exe29⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\9xlrrrf.exec:\9xlrrrf.exe30⤵
- Executes dropped EXE
-
\??\c:\hnhbbt.exec:\hnhbbt.exe31⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\ntbbbb.exec:\ntbbbb.exe32⤵
- Executes dropped EXE
-
\??\c:\djddv.exec:\djddv.exe33⤵
- Executes dropped EXE
-
\??\c:\djjvv.exec:\djjvv.exe34⤵
- Executes dropped EXE
-
\??\c:\xlrxfrl.exec:\xlrxfrl.exe35⤵
- Executes dropped EXE
-
\??\c:\lrlflff.exec:\lrlflff.exe36⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rxrrxll.exec:\rxrrxll.exe37⤵
- Executes dropped EXE
-
\??\c:\nnhtnb.exec:\nnhtnb.exe38⤵
- Executes dropped EXE
-
\??\c:\nbtnnt.exec:\nbtnnt.exe39⤵
- Executes dropped EXE
-
\??\c:\jvjdj.exec:\jvjdj.exe40⤵
- Executes dropped EXE
-
\??\c:\jpjjd.exec:\jpjjd.exe41⤵
- Executes dropped EXE
-
\??\c:\vjdvj.exec:\vjdvj.exe42⤵
- Executes dropped EXE
-
\??\c:\7xlllfl.exec:\7xlllfl.exe43⤵
- Executes dropped EXE
-
\??\c:\flxrrfr.exec:\flxrrfr.exe44⤵
- Executes dropped EXE
-
\??\c:\lrrflfx.exec:\lrrflfx.exe45⤵
- Executes dropped EXE
-
\??\c:\htbnnb.exec:\htbnnb.exe46⤵
- Executes dropped EXE
-
\??\c:\ntnnth.exec:\ntnnth.exe47⤵
- Executes dropped EXE
-
\??\c:\9tbthb.exec:\9tbthb.exe48⤵
- Executes dropped EXE
-
\??\c:\djpjp.exec:\djpjp.exe49⤵
- Executes dropped EXE
-
\??\c:\pvjvj.exec:\pvjvj.exe50⤵
- Executes dropped EXE
-
\??\c:\5jpjd.exec:\5jpjd.exe51⤵
- Executes dropped EXE
-
\??\c:\ffflfrl.exec:\ffflfrl.exe52⤵
- Executes dropped EXE
-
\??\c:\xfxxlxx.exec:\xfxxlxx.exe53⤵
- Executes dropped EXE
-
\??\c:\nntttn.exec:\nntttn.exe54⤵
- Executes dropped EXE
-
\??\c:\9thbht.exec:\9thbht.exe55⤵
- Executes dropped EXE
-
\??\c:\nttntn.exec:\nttntn.exe56⤵
- Executes dropped EXE
-
\??\c:\vddvv.exec:\vddvv.exe57⤵
- Executes dropped EXE
-
\??\c:\pvjdd.exec:\pvjdd.exe58⤵
- Executes dropped EXE
-
\??\c:\7vjdd.exec:\7vjdd.exe59⤵
- Executes dropped EXE
-
\??\c:\flrxxlr.exec:\flrxxlr.exe60⤵
- Executes dropped EXE
-
\??\c:\xffxfxr.exec:\xffxfxr.exe61⤵
- Executes dropped EXE
-
\??\c:\fffxxll.exec:\fffxxll.exe62⤵
- Executes dropped EXE
-
\??\c:\hntntn.exec:\hntntn.exe63⤵
- Executes dropped EXE
-
\??\c:\hhnnbb.exec:\hhnnbb.exe64⤵
- Executes dropped EXE
-
\??\c:\tbbtht.exec:\tbbtht.exe65⤵
- Executes dropped EXE
-
\??\c:\vpdvv.exec:\vpdvv.exe66⤵
-
\??\c:\flfrrxl.exec:\flfrrxl.exe67⤵
-
\??\c:\3xfrrxl.exec:\3xfrrxl.exe68⤵
-
\??\c:\bhnnhn.exec:\bhnnhn.exe69⤵
-
\??\c:\hbhnbh.exec:\hbhnbh.exe70⤵
-
\??\c:\5jjdp.exec:\5jjdp.exe71⤵
-
\??\c:\dvvjj.exec:\dvvjj.exe72⤵
-
\??\c:\frxlfrl.exec:\frxlfrl.exe73⤵
-
\??\c:\xlllfxr.exec:\xlllfxr.exe74⤵
-
\??\c:\hnnnth.exec:\hnnnth.exe75⤵
-
\??\c:\hbhbht.exec:\hbhbht.exe76⤵
-
\??\c:\3dvdd.exec:\3dvdd.exe77⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vddjj.exec:\vddjj.exe78⤵
-
\??\c:\jddjv.exec:\jddjv.exe79⤵
-
\??\c:\rrxxrfl.exec:\rrxxrfl.exe80⤵
-
\??\c:\fxlrfrf.exec:\fxlrfrf.exe81⤵
-
\??\c:\xllfrlx.exec:\xllfrlx.exe82⤵
-
\??\c:\5bbbtt.exec:\5bbbtt.exe83⤵
-
\??\c:\hhhbnh.exec:\hhhbnh.exe84⤵
-
\??\c:\9vpdj.exec:\9vpdj.exe85⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe86⤵
-
\??\c:\ppjjv.exec:\ppjjv.exe87⤵
-
\??\c:\rrrfrfx.exec:\rrrfrfx.exe88⤵
- System Location Discovery: System Language Discovery
-
\??\c:\fxrxrrl.exec:\fxrxrrl.exe89⤵
-
\??\c:\bbbbth.exec:\bbbbth.exe90⤵
- System Location Discovery: System Language Discovery
-
\??\c:\nnbnhh.exec:\nnbnhh.exe91⤵
-
\??\c:\ttntbh.exec:\ttntbh.exe92⤵
-
\??\c:\jpdjd.exec:\jpdjd.exe93⤵
-
\??\c:\dpjpj.exec:\dpjpj.exe94⤵
-
\??\c:\ppvjp.exec:\ppvjp.exe95⤵
-
\??\c:\frxxffl.exec:\frxxffl.exe96⤵
-
\??\c:\fxrfrfr.exec:\fxrfrfr.exe97⤵
-
\??\c:\nthtnt.exec:\nthtnt.exe98⤵
-
\??\c:\hhnntb.exec:\hhnntb.exe99⤵
-
\??\c:\3bnnth.exec:\3bnnth.exe100⤵
-
\??\c:\jdvjv.exec:\jdvjv.exe101⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe102⤵
-
\??\c:\llxflrl.exec:\llxflrl.exe103⤵
-
\??\c:\rlfxxfx.exec:\rlfxxfx.exe104⤵
-
\??\c:\xllllfl.exec:\xllllfl.exe105⤵
-
\??\c:\tbhhnh.exec:\tbhhnh.exe106⤵
-
\??\c:\nbbtth.exec:\nbbtth.exe107⤵
-
\??\c:\1djdj.exec:\1djdj.exe108⤵
-
\??\c:\pvddj.exec:\pvddj.exe109⤵
-
\??\c:\xlxrxll.exec:\xlxrxll.exe110⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xlrllff.exec:\xlrllff.exe111⤵
-
\??\c:\bnttbt.exec:\bnttbt.exe112⤵
-
\??\c:\hnnhnb.exec:\hnnhnb.exe113⤵
-
\??\c:\7dpdd.exec:\7dpdd.exe114⤵
-
\??\c:\9djvd.exec:\9djvd.exe115⤵
-
\??\c:\frrlxxr.exec:\frrlxxr.exe116⤵
-
\??\c:\frlfrff.exec:\frlfrff.exe117⤵
-
\??\c:\bhbbhb.exec:\bhbbhb.exe118⤵
-
\??\c:\hnbbbn.exec:\hnbbbn.exe119⤵
-
\??\c:\dpvvd.exec:\dpvvd.exe120⤵
-
\??\c:\jppdp.exec:\jppdp.exe121⤵
-
\??\c:\rxrllxf.exec:\rxrllxf.exe122⤵
- System Location Discovery: System Language Discovery
-
\??\c:\lxlrxrf.exec:\lxlrxrf.exe123⤵
-
\??\c:\tbbttt.exec:\tbbttt.exe124⤵
-
\??\c:\nnthnh.exec:\nnthnh.exe125⤵
-
\??\c:\pjpdp.exec:\pjpdp.exe126⤵
-
\??\c:\pvdvd.exec:\pvdvd.exe127⤵
-
\??\c:\9lllrxl.exec:\9lllrxl.exe128⤵
-
\??\c:\3ffxfxr.exec:\3ffxfxr.exe129⤵
-
\??\c:\3fxlffl.exec:\3fxlffl.exe130⤵
-
\??\c:\tbthhb.exec:\tbthhb.exe131⤵
-
\??\c:\nttnnh.exec:\nttnnh.exe132⤵
-
\??\c:\pvpvd.exec:\pvpvd.exe133⤵
-
\??\c:\djpdj.exec:\djpdj.exe134⤵
-
\??\c:\rxffllr.exec:\rxffllr.exe135⤵
-
\??\c:\rxfxfxl.exec:\rxfxfxl.exe136⤵
-
\??\c:\frrrxxf.exec:\frrrxxf.exe137⤵
-
\??\c:\ntbhnh.exec:\ntbhnh.exe138⤵
-
\??\c:\nntnbt.exec:\nntnbt.exe139⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe140⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe141⤵
-
\??\c:\pdjvd.exec:\pdjvd.exe142⤵
-
\??\c:\5lffflr.exec:\5lffflr.exe143⤵
-
\??\c:\rxfflfl.exec:\rxfflfl.exe144⤵
-
\??\c:\hnntth.exec:\hnntth.exe145⤵
-
\??\c:\nbbnbt.exec:\nbbnbt.exe146⤵
-
\??\c:\bnnbbt.exec:\bnnbbt.exe147⤵
-
\??\c:\jdjvv.exec:\jdjvv.exe148⤵
-
\??\c:\1pvjp.exec:\1pvjp.exe149⤵
-
\??\c:\3lxlrlx.exec:\3lxlrlx.exe150⤵
-
\??\c:\rxxffxf.exec:\rxxffxf.exe151⤵
-
\??\c:\nbthbn.exec:\nbthbn.exe152⤵
-
\??\c:\bnthtb.exec:\bnthtb.exe153⤵
-
\??\c:\hhnhhb.exec:\hhnhhb.exe154⤵
-
\??\c:\vdvvj.exec:\vdvvj.exe155⤵
-
\??\c:\pppjd.exec:\pppjd.exe156⤵
-
\??\c:\lxxllfl.exec:\lxxllfl.exe157⤵
- System Location Discovery: System Language Discovery
-
\??\c:\lxxrlfx.exec:\lxxrlfx.exe158⤵
-
\??\c:\frrlrrr.exec:\frrlrrr.exe159⤵
-
\??\c:\ttnntn.exec:\ttnntn.exe160⤵
-
\??\c:\htnnbt.exec:\htnnbt.exe161⤵
-
\??\c:\jvvpv.exec:\jvvpv.exe162⤵
-
\??\c:\jpvvd.exec:\jpvvd.exe163⤵
-
\??\c:\rxxrfrr.exec:\rxxrfrr.exe164⤵
-
\??\c:\3lrllfx.exec:\3lrllfx.exe165⤵
-
\??\c:\bhnthn.exec:\bhnthn.exe166⤵
-
\??\c:\tbbtbn.exec:\tbbtbn.exe167⤵
-
\??\c:\pjdjd.exec:\pjdjd.exe168⤵
-
\??\c:\rrxrllx.exec:\rrxrllx.exe169⤵
-
\??\c:\hnntnb.exec:\hnntnb.exe170⤵
- System Location Discovery: System Language Discovery
-
\??\c:\1nnnht.exec:\1nnnht.exe171⤵
- System Location Discovery: System Language Discovery
-
\??\c:\bnntbt.exec:\bnntbt.exe172⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe173⤵
-
\??\c:\jpjjd.exec:\jpjjd.exe174⤵
-
\??\c:\vdjjd.exec:\vdjjd.exe175⤵
-
\??\c:\xllrfrf.exec:\xllrfrf.exe176⤵
-
\??\c:\rlxrflr.exec:\rlxrflr.exe177⤵
-
\??\c:\llfxlfx.exec:\llfxlfx.exe178⤵
-
\??\c:\htbthh.exec:\htbthh.exe179⤵
-
\??\c:\htnhbb.exec:\htnhbb.exe180⤵
-
\??\c:\nnbhtt.exec:\nnbhtt.exe181⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe182⤵
-
\??\c:\5vjdp.exec:\5vjdp.exe183⤵
-
\??\c:\djvdp.exec:\djvdp.exe184⤵
-
\??\c:\rllrflx.exec:\rllrflx.exe185⤵
-
\??\c:\frlxfrx.exec:\frlxfrx.exe186⤵
-
\??\c:\htnnbt.exec:\htnnbt.exe187⤵
-
\??\c:\bbnhtb.exec:\bbnhtb.exe188⤵
-
\??\c:\nbhbht.exec:\nbhbht.exe189⤵
-
\??\c:\vdvjd.exec:\vdvjd.exe190⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe191⤵
-
\??\c:\lrrxlfr.exec:\lrrxlfr.exe192⤵
-
\??\c:\ffrxlrf.exec:\ffrxlrf.exe193⤵
-
\??\c:\xlrlxll.exec:\xlrlxll.exe194⤵
-
\??\c:\hntnnh.exec:\hntnnh.exe195⤵
- System Location Discovery: System Language Discovery
-
\??\c:\nthhtt.exec:\nthhtt.exe196⤵
-
\??\c:\7hbntb.exec:\7hbntb.exe197⤵
-
\??\c:\3vvpp.exec:\3vvpp.exe198⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe199⤵
-
\??\c:\rrrxxrl.exec:\rrrxxrl.exe200⤵
-
\??\c:\3xlxfrx.exec:\3xlxfrx.exe201⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rxxxxrr.exec:\rxxxxrr.exe202⤵
-
\??\c:\bbnhht.exec:\bbnhht.exe203⤵
-
\??\c:\3btnhb.exec:\3btnhb.exe204⤵
-
\??\c:\ttnbhb.exec:\ttnbhb.exe205⤵
-
\??\c:\jddvp.exec:\jddvp.exe206⤵
-
\??\c:\pdddj.exec:\pdddj.exe207⤵
-
\??\c:\vdvjd.exec:\vdvjd.exe208⤵
-
\??\c:\7rxrxll.exec:\7rxrxll.exe209⤵
-
\??\c:\lrxfrlf.exec:\lrxfrlf.exe210⤵
-
\??\c:\rfxffff.exec:\rfxffff.exe211⤵
-
\??\c:\hnntnt.exec:\hnntnt.exe212⤵
-
\??\c:\1hnnbb.exec:\1hnnbb.exe213⤵
-
\??\c:\tthbbt.exec:\tthbbt.exe214⤵
-
\??\c:\jpjdd.exec:\jpjdd.exe215⤵
-
\??\c:\vppjj.exec:\vppjj.exe216⤵
-
\??\c:\1pvjd.exec:\1pvjd.exe217⤵
-
\??\c:\flfflll.exec:\flfflll.exe218⤵
-
\??\c:\rxrffrr.exec:\rxrffrr.exe219⤵
-
\??\c:\ntnbtn.exec:\ntnbtn.exe220⤵
-
\??\c:\nthbht.exec:\nthbht.exe221⤵
-
\??\c:\pvvvd.exec:\pvvvd.exe222⤵
-
\??\c:\djdvd.exec:\djdvd.exe223⤵
-
\??\c:\jvpdp.exec:\jvpdp.exe224⤵
-
\??\c:\5flxxlr.exec:\5flxxlr.exe225⤵
-
\??\c:\frxlxlr.exec:\frxlxlr.exe226⤵
-
\??\c:\xlrlxlr.exec:\xlrlxlr.exe227⤵
-
\??\c:\nnhbnt.exec:\nnhbnt.exe228⤵
-
\??\c:\tbnhbn.exec:\tbnhbn.exe229⤵
-
\??\c:\dpvdd.exec:\dpvdd.exe230⤵
-
\??\c:\vjpvv.exec:\vjpvv.exe231⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vvdvd.exec:\vvdvd.exe232⤵
-
\??\c:\rxxrrll.exec:\rxxrrll.exe233⤵
-
\??\c:\flrrxrx.exec:\flrrxrx.exe234⤵
-
\??\c:\lxflrxl.exec:\lxflrxl.exe235⤵
- System Location Discovery: System Language Discovery
-
\??\c:\bhnbbb.exec:\bhnbbb.exe236⤵
-
\??\c:\tnnthn.exec:\tnnthn.exe237⤵
-
\??\c:\pjdpj.exec:\pjdpj.exe238⤵
-
\??\c:\jjjjj.exec:\jjjjj.exe239⤵
-
\??\c:\5ddpv.exec:\5ddpv.exe240⤵
-
\??\c:\lxfxfxx.exec:\lxfxfxx.exe241⤵