Analysis
-
max time kernel
120s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
22/11/2024, 22:46
General
-
Target
fa3093a22c61d8d47fc4edcfe379a354444ddb840cb1d4101dc20333ce66f394.exe
-
Size
72KB
-
MD5
9b505f1dcf02dab70d5bfbcd3ddba70e
-
SHA1
437694a0e4a803b48e19716b00713a22f097970c
-
SHA256
fa3093a22c61d8d47fc4edcfe379a354444ddb840cb1d4101dc20333ce66f394
-
SHA512
72a81776859465374cc6c6ed1b2ccc7a375dac80beb03f17447b615c5e985fc14680860cf97dd116ba69367824b6c9c22cb7e16ae7e9b9f3cf87e54b6e72aa76
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfUcicP/fG:ymb3NkkiQ3mdBjFI4V4ci2/fG
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 18 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fa3093a22c61d8d47fc4edcfe379a354444ddb840cb1d4101dc20333ce66f394.exe"C:\Users\Admin\AppData\Local\Temp\fa3093a22c61d8d47fc4edcfe379a354444ddb840cb1d4101dc20333ce66f394.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjjj.exec:\jvjjj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlrxfl.exec:\xxlrxfl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nbhnh.exec:\7nbhnh.exe4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrrxl.exec:\ffrrrxl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7thntt.exec:\7thntt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpvd.exec:\ddpvd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rfffxx.exec:\3rfffxx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlrll.exec:\fxrlrll.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnttt.exec:\bhnttt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpddj.exec:\jpddj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrflrfl.exec:\rrflrfl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llllrrx.exec:\llllrrx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttttbb.exec:\ttttbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vdjj.exec:\5vdjj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pvvv.exec:\3pvvv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfllxf.exec:\xxfllxf.exe17⤵
- Executes dropped EXE
-
\??\c:\9bnhtb.exec:\9bnhtb.exe18⤵
- Executes dropped EXE
-
\??\c:\1tnbnb.exec:\1tnbnb.exe19⤵
- Executes dropped EXE
-
\??\c:\ppvvj.exec:\ppvvj.exe20⤵
- Executes dropped EXE
-
\??\c:\ppjpv.exec:\ppjpv.exe21⤵
- Executes dropped EXE
-
\??\c:\3lxlrxf.exec:\3lxlrxf.exe22⤵
- Executes dropped EXE
-
\??\c:\1bnbbb.exec:\1bnbbb.exe23⤵
- Executes dropped EXE
-
\??\c:\1nhbbb.exec:\1nhbbb.exe24⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe25⤵
- Executes dropped EXE
-
\??\c:\rxfxfll.exec:\rxfxfll.exe26⤵
- Executes dropped EXE
-
\??\c:\xrrxlrr.exec:\xrrxlrr.exe27⤵
- Executes dropped EXE
-
\??\c:\7thbhb.exec:\7thbhb.exe28⤵
- Executes dropped EXE
-
\??\c:\pvpvp.exec:\pvpvp.exe29⤵
- Executes dropped EXE
-
\??\c:\rrxxxfl.exec:\rrxxxfl.exe30⤵
- Executes dropped EXE
-
\??\c:\ffrrxxx.exec:\ffrrxxx.exe31⤵
- Executes dropped EXE
-
\??\c:\hhtttb.exec:\hhtttb.exe32⤵
- Executes dropped EXE
-
\??\c:\ttbbht.exec:\ttbbht.exe33⤵
- Executes dropped EXE
-
\??\c:\9pjpv.exec:\9pjpv.exe34⤵
- Executes dropped EXE
-
\??\c:\rrrlxrx.exec:\rrrlxrx.exe35⤵
- Executes dropped EXE
-
\??\c:\lflrrrx.exec:\lflrrrx.exe36⤵
- Executes dropped EXE
-
\??\c:\bbbnnh.exec:\bbbnnh.exe37⤵
- Executes dropped EXE
-
\??\c:\tbhbbn.exec:\tbhbbn.exe38⤵
- Executes dropped EXE
-
\??\c:\jdddj.exec:\jdddj.exe39⤵
- Executes dropped EXE
-
\??\c:\9jddp.exec:\9jddp.exe40⤵
- Executes dropped EXE
-
\??\c:\5lxxxxx.exec:\5lxxxxx.exe41⤵
- Executes dropped EXE
-
\??\c:\llllllr.exec:\llllllr.exe42⤵
- Executes dropped EXE
-
\??\c:\nnhntn.exec:\nnhntn.exe43⤵
- Executes dropped EXE
-
\??\c:\pdddj.exec:\pdddj.exe44⤵
- Executes dropped EXE
-
\??\c:\1pvjp.exec:\1pvjp.exe45⤵
- Executes dropped EXE
-
\??\c:\5xrflll.exec:\5xrflll.exe46⤵
- Executes dropped EXE
-
\??\c:\3lflxfx.exec:\3lflxfx.exe47⤵
- Executes dropped EXE
-
\??\c:\nnbttb.exec:\nnbttb.exe48⤵
- Executes dropped EXE
-
\??\c:\tntttn.exec:\tntttn.exe49⤵
- Executes dropped EXE
-
\??\c:\dppjv.exec:\dppjv.exe50⤵
- Executes dropped EXE
-
\??\c:\jjdvd.exec:\jjdvd.exe51⤵
- Executes dropped EXE
-
\??\c:\rlxxxfl.exec:\rlxxxfl.exe52⤵
- Executes dropped EXE
-
\??\c:\rrxxflr.exec:\rrxxflr.exe53⤵
- Executes dropped EXE
-
\??\c:\bbhhnt.exec:\bbhhnt.exe54⤵
- Executes dropped EXE
-
\??\c:\nnthtn.exec:\nnthtn.exe55⤵
- Executes dropped EXE
-
\??\c:\ppjdv.exec:\ppjdv.exe56⤵
- Executes dropped EXE
-
\??\c:\7jjjp.exec:\7jjjp.exe57⤵
- Executes dropped EXE
-
\??\c:\rlrrfll.exec:\rlrrfll.exe58⤵
- Executes dropped EXE
-
\??\c:\nhhtht.exec:\nhhtht.exe59⤵
- Executes dropped EXE
-
\??\c:\bbbbhh.exec:\bbbbhh.exe60⤵
- Executes dropped EXE
-
\??\c:\5httht.exec:\5httht.exe61⤵
- Executes dropped EXE
-
\??\c:\5pvdv.exec:\5pvdv.exe62⤵
- Executes dropped EXE
-
\??\c:\3vdvd.exec:\3vdvd.exe63⤵
- Executes dropped EXE
-
\??\c:\3xflxxx.exec:\3xflxxx.exe64⤵
- Executes dropped EXE
-
\??\c:\hbnthb.exec:\hbnthb.exe65⤵
- Executes dropped EXE
-
\??\c:\hhbnbb.exec:\hhbnbb.exe66⤵
-
\??\c:\vjdjv.exec:\vjdjv.exe67⤵
-
\??\c:\dvjpj.exec:\dvjpj.exe68⤵
-
\??\c:\5xrxlrl.exec:\5xrxlrl.exe69⤵
-
\??\c:\ffllrrr.exec:\ffllrrr.exe70⤵
-
\??\c:\nntbbn.exec:\nntbbn.exe71⤵
-
\??\c:\3tnntt.exec:\3tnntt.exe72⤵
-
\??\c:\1vjjd.exec:\1vjjd.exe73⤵
-
\??\c:\vvjdd.exec:\vvjdd.exe74⤵
-
\??\c:\rrffrrl.exec:\rrffrrl.exe75⤵
-
\??\c:\3lxxxrf.exec:\3lxxxrf.exe76⤵
-
\??\c:\nnnntt.exec:\nnnntt.exe77⤵
-
\??\c:\nnhbhh.exec:\nnhbhh.exe78⤵
-
\??\c:\9jjpv.exec:\9jjpv.exe79⤵
-
\??\c:\jjjjj.exec:\jjjjj.exe80⤵
-
\??\c:\rrxxfll.exec:\rrxxfll.exe81⤵
-
\??\c:\hhnnbb.exec:\hhnnbb.exe82⤵
-
\??\c:\hbbntb.exec:\hbbntb.exe83⤵
-
\??\c:\ppppd.exec:\ppppd.exe84⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe85⤵
-
\??\c:\9xrfrxx.exec:\9xrfrxx.exe86⤵
-
\??\c:\lflxllx.exec:\lflxllx.exe87⤵
-
\??\c:\1nbbhh.exec:\1nbbhh.exe88⤵
-
\??\c:\tthhtn.exec:\tthhtn.exe89⤵
-
\??\c:\5jvjj.exec:\5jvjj.exe90⤵
-
\??\c:\3vppd.exec:\3vppd.exe91⤵
-
\??\c:\fffxxxx.exec:\fffxxxx.exe92⤵
-
\??\c:\llrlxrx.exec:\llrlxrx.exe93⤵
-
\??\c:\7bntbb.exec:\7bntbb.exe94⤵
-
\??\c:\bbhntn.exec:\bbhntn.exe95⤵
-
\??\c:\pjppd.exec:\pjppd.exe96⤵
-
\??\c:\1pvvd.exec:\1pvvd.exe97⤵
-
\??\c:\lffxxll.exec:\lffxxll.exe98⤵
-
\??\c:\xlrxflr.exec:\xlrxflr.exe99⤵
-
\??\c:\7htttb.exec:\7htttb.exe100⤵
-
\??\c:\7htthn.exec:\7htthn.exe101⤵
-
\??\c:\tnnnnh.exec:\tnnnnh.exe102⤵
-
\??\c:\jvddj.exec:\jvddj.exe103⤵
-
\??\c:\5jvpp.exec:\5jvpp.exe104⤵
-
\??\c:\7fllrrr.exec:\7fllrrr.exe105⤵
-
\??\c:\3lrxffl.exec:\3lrxffl.exe106⤵
-
\??\c:\bhbnbn.exec:\bhbnbn.exe107⤵
-
\??\c:\3nbntt.exec:\3nbntt.exe108⤵
-
\??\c:\7djvv.exec:\7djvv.exe109⤵
-
\??\c:\3jjjp.exec:\3jjjp.exe110⤵
-
\??\c:\llrxlfl.exec:\llrxlfl.exe111⤵
-
\??\c:\xflrxff.exec:\xflrxff.exe112⤵
-
\??\c:\9tthtb.exec:\9tthtb.exe113⤵
-
\??\c:\9nhbbb.exec:\9nhbbb.exe114⤵
-
\??\c:\ddjdd.exec:\ddjdd.exe115⤵
-
\??\c:\1djjp.exec:\1djjp.exe116⤵
-
\??\c:\xxfrffx.exec:\xxfrffx.exe117⤵
-
\??\c:\nnttbh.exec:\nnttbh.exe118⤵
-
\??\c:\nntttb.exec:\nntttb.exe119⤵
-
\??\c:\9dvdj.exec:\9dvdj.exe120⤵
-
\??\c:\9vvvv.exec:\9vvvv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-