Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20241023-en -
resource tags
-
submitted
22-11-2024 02:02
General
-
Target
9358281883e52422f109b35b1e3283e40752446d1254e606c25fa0851f902858.exe
-
Size
455KB
-
MD5
8d9f18ce52e45149df11a10da21df458
-
SHA1
97428467efb4ea8e9e9d4abdda7c4bb53601dc00
-
SHA256
9358281883e52422f109b35b1e3283e40752446d1254e606c25fa0851f902858
-
SHA512
c7ca5f26c7e51bc8c831c148596963b64ed7ca918708c5990b0d1eb6879ea0a27ad61495910cc6d14dbaf1fff8c7b3d1d969722206e55978594b9bb19fa634aa
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeRn:q7Tc2NYHUrAwfMp3CDRn
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 40 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 43 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9358281883e52422f109b35b1e3283e40752446d1254e606c25fa0851f902858.exe"C:\Users\Admin\AppData\Local\Temp\9358281883e52422f109b35b1e3283e40752446d1254e606c25fa0851f902858.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppp.exec:\pjppp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4800668.exec:\4800668.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjpp.exec:\jdjpp.exe4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\g2064.exec:\g2064.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q20406.exec:\q20406.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrfllx.exec:\flrfllx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtthh.exec:\thtthh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5httht.exec:\5httht.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btttth.exec:\btttth.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\420022.exec:\420022.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2462440.exec:\2462440.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\042844.exec:\042844.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xllrfl.exec:\3xllrfl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbbbt.exec:\nnbbbt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvjp.exec:\vpvjp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthnhh.exec:\tthnhh.exe17⤵
- Executes dropped EXE
-
\??\c:\0428444.exec:\0428444.exe18⤵
- Executes dropped EXE
-
\??\c:\42446.exec:\42446.exe19⤵
- Executes dropped EXE
-
\??\c:\6422828.exec:\6422828.exe20⤵
- Executes dropped EXE
-
\??\c:\tnntbt.exec:\tnntbt.exe21⤵
- Executes dropped EXE
-
\??\c:\04224.exec:\04224.exe22⤵
- Executes dropped EXE
-
\??\c:\bthhnn.exec:\bthhnn.exe23⤵
- Executes dropped EXE
-
\??\c:\868200.exec:\868200.exe24⤵
- Executes dropped EXE
-
\??\c:\dvjdj.exec:\dvjdj.exe25⤵
- Executes dropped EXE
-
\??\c:\llxxxfl.exec:\llxxxfl.exe26⤵
- Executes dropped EXE
-
\??\c:\pjvvj.exec:\pjvvj.exe27⤵
- Executes dropped EXE
-
\??\c:\o622444.exec:\o622444.exe28⤵
- Executes dropped EXE
-
\??\c:\e08062.exec:\e08062.exe29⤵
- Executes dropped EXE
-
\??\c:\jvddp.exec:\jvddp.exe30⤵
- Executes dropped EXE
-
\??\c:\q22200.exec:\q22200.exe31⤵
- Executes dropped EXE
-
\??\c:\2648002.exec:\2648002.exe32⤵
- Executes dropped EXE
-
\??\c:\lxrrxxl.exec:\lxrrxxl.exe33⤵
- Executes dropped EXE
-
\??\c:\6000886.exec:\6000886.exe34⤵
- Executes dropped EXE
-
\??\c:\xlxfllx.exec:\xlxfllx.exe35⤵
- Executes dropped EXE
-
\??\c:\2482006.exec:\2482006.exe36⤵
- Executes dropped EXE
-
\??\c:\5bhhbb.exec:\5bhhbb.exe37⤵
- Executes dropped EXE
-
\??\c:\g2228.exec:\g2228.exe38⤵
- Executes dropped EXE
-
\??\c:\k60626.exec:\k60626.exe39⤵
- Executes dropped EXE
-
\??\c:\jpvjp.exec:\jpvjp.exe40⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\26420.exec:\26420.exe41⤵
- Executes dropped EXE
-
\??\c:\lxlrxxf.exec:\lxlrxxf.exe42⤵
- Executes dropped EXE
-
\??\c:\bthntt.exec:\bthntt.exe43⤵
- Executes dropped EXE
-
\??\c:\bbhtbh.exec:\bbhtbh.exe44⤵
- Executes dropped EXE
-
\??\c:\5nbhtt.exec:\5nbhtt.exe45⤵
- Executes dropped EXE
-
\??\c:\lxlllfr.exec:\lxlllfr.exe46⤵
- Executes dropped EXE
-
\??\c:\7vjpv.exec:\7vjpv.exe47⤵
- Executes dropped EXE
-
\??\c:\a0624.exec:\a0624.exe48⤵
- Executes dropped EXE
-
\??\c:\868848.exec:\868848.exe49⤵
- Executes dropped EXE
-
\??\c:\ddpjv.exec:\ddpjv.exe50⤵
- Executes dropped EXE
-
\??\c:\5rflxfx.exec:\5rflxfx.exe51⤵
- Executes dropped EXE
-
\??\c:\04440.exec:\04440.exe52⤵
- Executes dropped EXE
-
\??\c:\1nbhhb.exec:\1nbhhb.exe53⤵
- Executes dropped EXE
-
\??\c:\a8686.exec:\a8686.exe54⤵
- Executes dropped EXE
-
\??\c:\rlxfrlr.exec:\rlxfrlr.exe55⤵
- Executes dropped EXE
-
\??\c:\8644662.exec:\8644662.exe56⤵
- Executes dropped EXE
-
\??\c:\frxrxxx.exec:\frxrxxx.exe57⤵
- Executes dropped EXE
-
\??\c:\8606880.exec:\8606880.exe58⤵
- Executes dropped EXE
-
\??\c:\u028040.exec:\u028040.exe59⤵
- Executes dropped EXE
-
\??\c:\7jvjp.exec:\7jvjp.exe60⤵
- Executes dropped EXE
-
\??\c:\886268.exec:\886268.exe61⤵
- Executes dropped EXE
-
\??\c:\lrflflx.exec:\lrflflx.exe62⤵
- Executes dropped EXE
-
\??\c:\5rrxllr.exec:\5rrxllr.exe63⤵
- Executes dropped EXE
-
\??\c:\i446446.exec:\i446446.exe64⤵
- Executes dropped EXE
-
\??\c:\a4242.exec:\a4242.exe65⤵
- Executes dropped EXE
-
\??\c:\424844.exec:\424844.exe66⤵
-
\??\c:\26880.exec:\26880.exe67⤵
-
\??\c:\0466880.exec:\0466880.exe68⤵
-
\??\c:\2628444.exec:\2628444.exe69⤵
-
\??\c:\1htntt.exec:\1htntt.exe70⤵
-
\??\c:\m0808.exec:\m0808.exe71⤵
-
\??\c:\60842.exec:\60842.exe72⤵
-
\??\c:\5fxxrxf.exec:\5fxxrxf.exe73⤵
-
\??\c:\jvppd.exec:\jvppd.exe74⤵
-
\??\c:\hbnhhh.exec:\hbnhhh.exe75⤵
-
\??\c:\1jppp.exec:\1jppp.exe76⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe77⤵
-
\??\c:\044022.exec:\044022.exe78⤵
-
\??\c:\s2662.exec:\s2662.exe79⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe80⤵
-
\??\c:\0800606.exec:\0800606.exe81⤵
-
\??\c:\2640662.exec:\2640662.exe82⤵
-
\??\c:\40068.exec:\40068.exe83⤵
-
\??\c:\42406.exec:\42406.exe84⤵
-
\??\c:\w86022.exec:\w86022.exe85⤵
-
\??\c:\bhntbt.exec:\bhntbt.exe86⤵
-
\??\c:\68608.exec:\68608.exe87⤵
-
\??\c:\9lrlfxx.exec:\9lrlfxx.exe88⤵
-
\??\c:\djjdj.exec:\djjdj.exe89⤵
-
\??\c:\fxxflfl.exec:\fxxflfl.exe90⤵
-
\??\c:\hnhnhb.exec:\hnhnhb.exe91⤵
-
\??\c:\fxxxrll.exec:\fxxxrll.exe92⤵
-
\??\c:\llllffl.exec:\llllffl.exe93⤵
-
\??\c:\8088488.exec:\8088488.exe94⤵
-
\??\c:\6866888.exec:\6866888.exe95⤵
-
\??\c:\4802828.exec:\4802828.exe96⤵
-
\??\c:\a4044.exec:\a4044.exe97⤵
-
\??\c:\nbnnnn.exec:\nbnnnn.exe98⤵
-
\??\c:\fxxxxrl.exec:\fxxxxrl.exe99⤵
-
\??\c:\w08444.exec:\w08444.exe100⤵
-
\??\c:\802208.exec:\802208.exe101⤵
-
\??\c:\86400.exec:\86400.exe102⤵
-
\??\c:\frfxrrx.exec:\frfxrrx.exe103⤵
-
\??\c:\6084002.exec:\6084002.exe104⤵
-
\??\c:\9pddd.exec:\9pddd.exe105⤵
-
\??\c:\28666.exec:\28666.exe106⤵
-
\??\c:\7dppv.exec:\7dppv.exe107⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe108⤵
-
\??\c:\frxxxfl.exec:\frxxxfl.exe109⤵
-
\??\c:\fxrxxlr.exec:\fxrxxlr.exe110⤵
-
\??\c:\nbhnnt.exec:\nbhnnt.exe111⤵
-
\??\c:\tnntbt.exec:\tnntbt.exe112⤵
-
\??\c:\4248828.exec:\4248828.exe113⤵
-
\??\c:\4688484.exec:\4688484.exe114⤵
-
\??\c:\082222.exec:\082222.exe115⤵
-
\??\c:\m0880.exec:\m0880.exe116⤵
-
\??\c:\604400.exec:\604400.exe117⤵
-
\??\c:\0282222.exec:\0282222.exe118⤵
-
\??\c:\8288046.exec:\8288046.exe119⤵
-
\??\c:\rlfrfxr.exec:\rlfrfxr.exe120⤵
-
\??\c:\o644006.exec:\o644006.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-