Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20241023-en -
resource tags
-
submitted
22-11-2024 01:57
General
-
Target
8ee1379ee9b3ad588715e12bbea03acf1c771c6449ceab360fb1e0ac4c8d8ce2.exe
-
Size
455KB
-
MD5
3ab6b4f090cbbed10e9b78296a059cad
-
SHA1
14c2b8d29fba31a45631b7e47260511470779f11
-
SHA256
8ee1379ee9b3ad588715e12bbea03acf1c771c6449ceab360fb1e0ac4c8d8ce2
-
SHA512
62338cb1353e1a90263d8764b989230ce6fa91be7864f7c61a652030b2132fd7f7d788b4cf464fbdf3551ca0335a272d0062b6319e129ffe6643ef54e2a04b6a
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeR7:q7Tc2NYHUrAwfMp3CDR7
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 51 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 58 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8ee1379ee9b3ad588715e12bbea03acf1c771c6449ceab360fb1e0ac4c8d8ce2.exe"C:\Users\Admin\AppData\Local\Temp\8ee1379ee9b3ad588715e12bbea03acf1c771c6449ceab360fb1e0ac4c8d8ce2.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\04286.exec:\04286.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dppp.exec:\9dppp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\48246.exec:\48246.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\48286.exec:\48286.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6046846.exec:\6046846.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dvjp.exec:\1dvjp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\86462.exec:\86462.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxflr.exec:\lfxxflr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k64066.exec:\k64066.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7frxflr.exec:\7frxflr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxllrrf.exec:\fxllrrf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\264088.exec:\264088.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rfxffx.exec:\3rfxffx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m2028.exec:\m2028.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bhbbb.exec:\7bhbbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bntbb.exec:\1bntbb.exe17⤵
- Executes dropped EXE
-
\??\c:\860020.exec:\860020.exe18⤵
- Executes dropped EXE
-
\??\c:\08286.exec:\08286.exe19⤵
- Executes dropped EXE
-
\??\c:\88460.exec:\88460.exe20⤵
- Executes dropped EXE
-
\??\c:\08286.exec:\08286.exe21⤵
- Executes dropped EXE
-
\??\c:\4806846.exec:\4806846.exe22⤵
- Executes dropped EXE
-
\??\c:\260280.exec:\260280.exe23⤵
- Executes dropped EXE
-
\??\c:\60286.exec:\60286.exe24⤵
- Executes dropped EXE
-
\??\c:\fxllflx.exec:\fxllflx.exe25⤵
- Executes dropped EXE
-
\??\c:\ddvjp.exec:\ddvjp.exe26⤵
- Executes dropped EXE
-
\??\c:\rrlrxxf.exec:\rrlrxxf.exe27⤵
- Executes dropped EXE
-
\??\c:\vpddd.exec:\vpddd.exe28⤵
- Executes dropped EXE
-
\??\c:\xrlrflr.exec:\xrlrflr.exe29⤵
- Executes dropped EXE
-
\??\c:\jdvvd.exec:\jdvvd.exe30⤵
- Executes dropped EXE
-
\??\c:\4806220.exec:\4806220.exe31⤵
- Executes dropped EXE
-
\??\c:\jjvdj.exec:\jjvdj.exe32⤵
- Executes dropped EXE
-
\??\c:\rfxfflx.exec:\rfxfflx.exe33⤵
- Executes dropped EXE
-
\??\c:\608062.exec:\608062.exe34⤵
- Executes dropped EXE
-
\??\c:\dvjpv.exec:\dvjpv.exe35⤵
- Executes dropped EXE
-
\??\c:\pvdpj.exec:\pvdpj.exe36⤵
- Executes dropped EXE
-
\??\c:\lfrrflx.exec:\lfrrflx.exe37⤵
- Executes dropped EXE
-
\??\c:\640826.exec:\640826.exe38⤵
- Executes dropped EXE
-
\??\c:\6028824.exec:\6028824.exe39⤵
- Executes dropped EXE
-
\??\c:\9dpvj.exec:\9dpvj.exe40⤵
- Executes dropped EXE
-
\??\c:\vvpjv.exec:\vvpjv.exe41⤵
- Executes dropped EXE
-
\??\c:\hnbbhn.exec:\hnbbhn.exe42⤵
- Executes dropped EXE
-
\??\c:\7rffllx.exec:\7rffllx.exe43⤵
- Executes dropped EXE
-
\??\c:\xlxrxrx.exec:\xlxrxrx.exe44⤵
- Executes dropped EXE
-
\??\c:\u800220.exec:\u800220.exe45⤵
- Executes dropped EXE
-
\??\c:\4800224.exec:\4800224.exe46⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\2662824.exec:\2662824.exe47⤵
- Executes dropped EXE
-
\??\c:\s0224.exec:\s0224.exe48⤵
- Executes dropped EXE
-
\??\c:\5bttbb.exec:\5bttbb.exe49⤵
- Executes dropped EXE
-
\??\c:\u824220.exec:\u824220.exe50⤵
- Executes dropped EXE
-
\??\c:\48846.exec:\48846.exe51⤵
- Executes dropped EXE
-
\??\c:\dddpd.exec:\dddpd.exe52⤵
- Executes dropped EXE
-
\??\c:\pjdjd.exec:\pjdjd.exe53⤵
- Executes dropped EXE
-
\??\c:\llflxfr.exec:\llflxfr.exe54⤵
- Executes dropped EXE
-
\??\c:\bnbbhn.exec:\bnbbhn.exe55⤵
- Executes dropped EXE
-
\??\c:\0806884.exec:\0806884.exe56⤵
- Executes dropped EXE
-
\??\c:\2022880.exec:\2022880.exe57⤵
- Executes dropped EXE
-
\??\c:\2040608.exec:\2040608.exe58⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe59⤵
- Executes dropped EXE
-
\??\c:\7btbbh.exec:\7btbbh.exe60⤵
- Executes dropped EXE
-
\??\c:\jdvvd.exec:\jdvvd.exe61⤵
- Executes dropped EXE
-
\??\c:\428466.exec:\428466.exe62⤵
- Executes dropped EXE
-
\??\c:\4806288.exec:\4806288.exe63⤵
- Executes dropped EXE
-
\??\c:\3xlrlrr.exec:\3xlrlrr.exe64⤵
- Executes dropped EXE
-
\??\c:\lflrffr.exec:\lflrffr.exe65⤵
- Executes dropped EXE
-
\??\c:\jdvdd.exec:\jdvdd.exe66⤵
-
\??\c:\5pjjp.exec:\5pjjp.exe67⤵
-
\??\c:\264022.exec:\264022.exe68⤵
-
\??\c:\60844.exec:\60844.exe69⤵
-
\??\c:\008068.exec:\008068.exe70⤵
-
\??\c:\lxflllf.exec:\lxflllf.exe71⤵
-
\??\c:\a4002.exec:\a4002.exe72⤵
-
\??\c:\6488446.exec:\6488446.exe73⤵
-
\??\c:\82068.exec:\82068.exe74⤵
-
\??\c:\vjvdv.exec:\vjvdv.exe75⤵
-
\??\c:\thtthn.exec:\thtthn.exe76⤵
-
\??\c:\s0846.exec:\s0846.exe77⤵
-
\??\c:\u240884.exec:\u240884.exe78⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vvvpd.exec:\vvvpd.exe79⤵
-
\??\c:\m2668.exec:\m2668.exe80⤵
-
\??\c:\w04862.exec:\w04862.exe81⤵
-
\??\c:\m8684.exec:\m8684.exe82⤵
-
\??\c:\604628.exec:\604628.exe83⤵
-
\??\c:\20008.exec:\20008.exe84⤵
-
\??\c:\26046.exec:\26046.exe85⤵
-
\??\c:\g6068.exec:\g6068.exe86⤵
-
\??\c:\xxxfxff.exec:\xxxfxff.exe87⤵
-
\??\c:\k20640.exec:\k20640.exe88⤵
-
\??\c:\8206840.exec:\8206840.exe89⤵
-
\??\c:\60284.exec:\60284.exe90⤵
-
\??\c:\xrllrrx.exec:\xrllrrx.exe91⤵
-
\??\c:\fxlxxxx.exec:\fxlxxxx.exe92⤵
-
\??\c:\llldpvd.exec:\llldpvd.exe93⤵
-
\??\c:\646282.exec:\646282.exe94⤵
-
\??\c:\1dvpv.exec:\1dvpv.exe95⤵
-
\??\c:\4046460.exec:\4046460.exe96⤵
-
\??\c:\264060.exec:\264060.exe97⤵
-
\??\c:\tnbhnt.exec:\tnbhnt.exe98⤵
-
\??\c:\i862442.exec:\i862442.exe99⤵
-
\??\c:\rxlfrxl.exec:\rxlfrxl.exe100⤵
-
\??\c:\ttbbnt.exec:\ttbbnt.exe101⤵
-
\??\c:\24806.exec:\24806.exe102⤵
-
\??\c:\o082888.exec:\o082888.exe103⤵
-
\??\c:\nbhbhb.exec:\nbhbhb.exe104⤵
-
\??\c:\424066.exec:\424066.exe105⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xrxfxrr.exec:\xrxfxrr.exe106⤵
-
\??\c:\g2064.exec:\g2064.exe107⤵
-
\??\c:\080622.exec:\080622.exe108⤵
-
\??\c:\60840.exec:\60840.exe109⤵
-
\??\c:\242804.exec:\242804.exe110⤵
-
\??\c:\pdppv.exec:\pdppv.exe111⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe112⤵
-
\??\c:\o822402.exec:\o822402.exe113⤵
-
\??\c:\448622.exec:\448622.exe114⤵
-
\??\c:\820682.exec:\820682.exe115⤵
-
\??\c:\s4684.exec:\s4684.exe116⤵
-
\??\c:\080448.exec:\080448.exe117⤵
-
\??\c:\xxlrrrx.exec:\xxlrrrx.exe118⤵
-
\??\c:\rlxfrfl.exec:\rlxfrfl.exe119⤵
-
\??\c:\8622288.exec:\8622288.exe120⤵
-
\??\c:\1xllllr.exec:\1xllllr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-