Analysis
-
max time kernel
120s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
19/11/2024, 14:23
General
-
Target
f1f650e6703aa708fd6895c31a51e51523fe928c7df0195555a3ed65be527feb.exe
-
Size
453KB
-
MD5
fc18693d8c9069d3f11a088d359bd2c9
-
SHA1
6414abfe85dfcc7775bc1f2ae3758b1500aa48ce
-
SHA256
f1f650e6703aa708fd6895c31a51e51523fe928c7df0195555a3ed65be527feb
-
SHA512
3af699d3ab912a3adc8750515dfd096aaa202851012f68aaa82c75dff744cd720b413110ea19171402d04021200c0ebe8489fb72df54c7423e625859f56ea14a
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbelE:q7Tc2NYHUrAwfMp3CDK
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 36 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 48 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f1f650e6703aa708fd6895c31a51e51523fe928c7df0195555a3ed65be527feb.exe"C:\Users\Admin\AppData\Local\Temp\f1f650e6703aa708fd6895c31a51e51523fe928c7df0195555a3ed65be527feb.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ptvnpnp.exec:\ptvnpnp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rnfpvfp.exec:\rnfpvfp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvnpjb.exec:\pvnpjb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntllt.exec:\ntllt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vhpfrv.exec:\vhpfrv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bdhlftb.exec:\bdhlftb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nxtpn.exec:\nxtpn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xblxhfl.exec:\xblxhfl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxj.exec:\xrxxj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tlhhrx.exec:\tlhhrx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhbb.exec:\bbhbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjrjrn.exec:\jjrjrn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ltflfv.exec:\ltflfv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjfrr.exec:\pjjfrr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nphjxh.exec:\nphjxh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddbbpv.exec:\pddbbpv.exe17⤵
- Executes dropped EXE
-
\??\c:\dnjdlph.exec:\dnjdlph.exe18⤵
- Executes dropped EXE
-
\??\c:\jxrpd.exec:\jxrpd.exe19⤵
- Executes dropped EXE
-
\??\c:\hbptf.exec:\hbptf.exe20⤵
- Executes dropped EXE
-
\??\c:\rvxlft.exec:\rvxlft.exe21⤵
- Executes dropped EXE
-
\??\c:\fdbjvhj.exec:\fdbjvhj.exe22⤵
- Executes dropped EXE
-
\??\c:\rdvrx.exec:\rdvrx.exe23⤵
- Executes dropped EXE
-
\??\c:\rbbjf.exec:\rbbjf.exe24⤵
- Executes dropped EXE
-
\??\c:\vnjbxj.exec:\vnjbxj.exe25⤵
- Executes dropped EXE
-
\??\c:\xlfhh.exec:\xlfhh.exe26⤵
- Executes dropped EXE
-
\??\c:\bnbnh.exec:\bnbnh.exe27⤵
- Executes dropped EXE
-
\??\c:\vnvpjj.exec:\vnvpjj.exe28⤵
- Executes dropped EXE
-
\??\c:\nffbdxd.exec:\nffbdxd.exe29⤵
- Executes dropped EXE
-
\??\c:\dpbbp.exec:\dpbbp.exe30⤵
- Executes dropped EXE
-
\??\c:\nbndhbv.exec:\nbndhbv.exe31⤵
- Executes dropped EXE
-
\??\c:\bfbjvf.exec:\bfbjvf.exe32⤵
- Executes dropped EXE
-
\??\c:\rnvjd.exec:\rnvjd.exe33⤵
- Executes dropped EXE
-
\??\c:\btrbnr.exec:\btrbnr.exe34⤵
- Executes dropped EXE
-
\??\c:\ljjxh.exec:\ljjxh.exe35⤵
- Executes dropped EXE
-
\??\c:\hlfphnd.exec:\hlfphnd.exe36⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\tdbht.exec:\tdbht.exe37⤵
- Executes dropped EXE
-
\??\c:\vxhrfd.exec:\vxhrfd.exe38⤵
- Executes dropped EXE
-
\??\c:\lxrlpbr.exec:\lxrlpbr.exe39⤵
- Executes dropped EXE
-
\??\c:\hnflvnj.exec:\hnflvnj.exe40⤵
- Executes dropped EXE
-
\??\c:\rpvflfv.exec:\rpvflfv.exe41⤵
- Executes dropped EXE
-
\??\c:\pdnnd.exec:\pdnnd.exe42⤵
- Executes dropped EXE
-
\??\c:\tfhjl.exec:\tfhjl.exe43⤵
- Executes dropped EXE
-
\??\c:\lthpxtl.exec:\lthpxtl.exe44⤵
- Executes dropped EXE
-
\??\c:\hhdtvxb.exec:\hhdtvxb.exe45⤵
- Executes dropped EXE
-
\??\c:\hprxll.exec:\hprxll.exe46⤵
- Executes dropped EXE
-
\??\c:\hxjdb.exec:\hxjdb.exe47⤵
- Executes dropped EXE
-
\??\c:\hvxtnrb.exec:\hvxtnrb.exe48⤵
- Executes dropped EXE
-
\??\c:\rtfrnbb.exec:\rtfrnbb.exe49⤵
- Executes dropped EXE
-
\??\c:\vllbbph.exec:\vllbbph.exe50⤵
- Executes dropped EXE
-
\??\c:\tnhrh.exec:\tnhrh.exe51⤵
- Executes dropped EXE
-
\??\c:\ltxlbl.exec:\ltxlbl.exe52⤵
- Executes dropped EXE
-
\??\c:\hxfvbv.exec:\hxfvbv.exe53⤵
- Executes dropped EXE
-
\??\c:\pjxdtt.exec:\pjxdtt.exe54⤵
- Executes dropped EXE
-
\??\c:\fftnbf.exec:\fftnbf.exe55⤵
- Executes dropped EXE
-
\??\c:\fpnhx.exec:\fpnhx.exe56⤵
- Executes dropped EXE
-
\??\c:\bjttphj.exec:\bjttphj.exe57⤵
- Executes dropped EXE
-
\??\c:\prjftbx.exec:\prjftbx.exe58⤵
- Executes dropped EXE
-
\??\c:\rxdbp.exec:\rxdbp.exe59⤵
- Executes dropped EXE
-
\??\c:\hnnrll.exec:\hnnrll.exe60⤵
- Executes dropped EXE
-
\??\c:\pfrrd.exec:\pfrrd.exe61⤵
- Executes dropped EXE
-
\??\c:\xbxpltj.exec:\xbxpltj.exe62⤵
- Executes dropped EXE
-
\??\c:\hhdxbp.exec:\hhdxbp.exe63⤵
- Executes dropped EXE
-
\??\c:\ndjbpb.exec:\ndjbpb.exe64⤵
- Executes dropped EXE
-
\??\c:\dblfd.exec:\dblfd.exe65⤵
- Executes dropped EXE
-
\??\c:\vlrbxb.exec:\vlrbxb.exe66⤵
-
\??\c:\vfvrpj.exec:\vfvrpj.exe67⤵
-
\??\c:\jlpnv.exec:\jlpnv.exe68⤵
-
\??\c:\tvvfn.exec:\tvvfn.exe69⤵
-
\??\c:\pjtxrpl.exec:\pjtxrpl.exe70⤵
-
\??\c:\bdpdvv.exec:\bdpdvv.exe71⤵
- System Location Discovery: System Language Discovery
-
\??\c:\tfpdp.exec:\tfpdp.exe72⤵
-
\??\c:\xrlblpv.exec:\xrlblpv.exe73⤵
-
\??\c:\pbjhbv.exec:\pbjhbv.exe74⤵
- System Location Discovery: System Language Discovery
-
\??\c:\drvhn.exec:\drvhn.exe75⤵
-
\??\c:\fbbdn.exec:\fbbdn.exe76⤵
-
\??\c:\bvrdfh.exec:\bvrdfh.exe77⤵
-
\??\c:\hlrbbxj.exec:\hlrbbxj.exe78⤵
-
\??\c:\dfbrp.exec:\dfbrp.exe79⤵
-
\??\c:\pvlvx.exec:\pvlvx.exe80⤵
-
\??\c:\rfhvv.exec:\rfhvv.exe81⤵
-
\??\c:\hpldvx.exec:\hpldvx.exe82⤵
-
\??\c:\nvbfn.exec:\nvbfn.exe83⤵
-
\??\c:\nxtrn.exec:\nxtrn.exe84⤵
-
\??\c:\bbfjpxd.exec:\bbfjpxd.exe85⤵
-
\??\c:\drbjh.exec:\drbjh.exe86⤵
-
\??\c:\bhthjhp.exec:\bhthjhp.exe87⤵
-
\??\c:\tbbjvn.exec:\tbbjvn.exe88⤵
-
\??\c:\lpjrjnr.exec:\lpjrjnr.exe89⤵
-
\??\c:\trflx.exec:\trflx.exe90⤵
-
\??\c:\fjvnvxn.exec:\fjvnvxn.exe91⤵
-
\??\c:\pdrfnnr.exec:\pdrfnnr.exe92⤵
-
\??\c:\nbnbbnf.exec:\nbnbbnf.exe93⤵
-
\??\c:\hnrpfxf.exec:\hnrpfxf.exe94⤵
-
\??\c:\jxxlbt.exec:\jxxlbt.exe95⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ndrprd.exec:\ndrprd.exe96⤵
-
\??\c:\dpflhhv.exec:\dpflhhv.exe97⤵
-
\??\c:\xhxbl.exec:\xhxbl.exe98⤵
-
\??\c:\bhtbpjl.exec:\bhtbpjl.exe99⤵
-
\??\c:\nhrbpjl.exec:\nhrbpjl.exe100⤵
-
\??\c:\lnhtp.exec:\lnhtp.exe101⤵
-
\??\c:\lpddj.exec:\lpddj.exe102⤵
-
\??\c:\pbnhxr.exec:\pbnhxr.exe103⤵
-
\??\c:\hxrxbbj.exec:\hxrxbbj.exe104⤵
-
\??\c:\nvvrfv.exec:\nvvrfv.exe105⤵
-
\??\c:\pljtvv.exec:\pljtvv.exe106⤵
-
\??\c:\bdhxv.exec:\bdhxv.exe107⤵
-
\??\c:\dpvvb.exec:\dpvvb.exe108⤵
-
\??\c:\vjtbf.exec:\vjtbf.exe109⤵
-
\??\c:\lxpjf.exec:\lxpjf.exe110⤵
-
\??\c:\fbptn.exec:\fbptn.exe111⤵
-
\??\c:\tbfbxt.exec:\tbfbxt.exe112⤵
-
\??\c:\jrrht.exec:\jrrht.exe113⤵
-
\??\c:\ntrlh.exec:\ntrlh.exe114⤵
-
\??\c:\dvtjl.exec:\dvtjl.exe115⤵
-
\??\c:\hvpvr.exec:\hvpvr.exe116⤵
-
\??\c:\rfpdpvn.exec:\rfpdpvn.exe117⤵
-
\??\c:\njdvf.exec:\njdvf.exe118⤵
-
\??\c:\flfnxhf.exec:\flfnxhf.exe119⤵
-
\??\c:\nfjllh.exec:\nfjllh.exe120⤵
-
\??\c:\jrhrjnh.exec:\jrhrjnh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-