Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
22-11-2024 04:14
General
-
Target
cc69023d29f668e2275b551cb9396cce4353f0ca51f3ab8a3950af0c687df31b.exe
-
Size
59KB
-
MD5
c6b0004e44a84f3897464ef81e6b0964
-
SHA1
7e91a91f43e3f6b3b4cfb3b43a93012c480f4ed8
-
SHA256
cc69023d29f668e2275b551cb9396cce4353f0ca51f3ab8a3950af0c687df31b
-
SHA512
90cbcae3e89b6b6e9a82033f650433e71a1770ba62f3d1589b461df0da995d13ae0d399d83c31e24989698d9c981391483870977838ba2fe911580eb4547eeb0
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFYuS:ymb3NkkiQ3mdBjFIFnS
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 36 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cc69023d29f668e2275b551cb9396cce4353f0ca51f3ab8a3950af0c687df31b.exe"C:\Users\Admin\AppData\Local\Temp\cc69023d29f668e2275b551cb9396cce4353f0ca51f3ab8a3950af0c687df31b.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvdv.exec:\vpvdv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxfffx.exec:\rfxfffx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhtbn.exec:\hhhtbn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpvv.exec:\vvpvv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrxlrl.exec:\fxrxlrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrxxll.exec:\ffrxxll.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnthbn.exec:\nnthbn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjddj.exec:\pjddj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lxlrfx.exec:\3lxlrfx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbnnn.exec:\bhbnnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbttt.exec:\bnbttt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjj.exec:\vpdjj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlfrrx.exec:\fxlfrrx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxxfll.exec:\frxxfll.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthhbh.exec:\nthhbh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjpv.exec:\vvjpv.exe17⤵
- Executes dropped EXE
-
\??\c:\9jddv.exec:\9jddv.exe18⤵
- Executes dropped EXE
-
\??\c:\rrlrxfr.exec:\rrlrxfr.exe19⤵
- Executes dropped EXE
-
\??\c:\lfrxfrf.exec:\lfrxfrf.exe20⤵
- Executes dropped EXE
-
\??\c:\7nnthn.exec:\7nnthn.exe21⤵
- Executes dropped EXE
-
\??\c:\nbbbbb.exec:\nbbbbb.exe22⤵
- Executes dropped EXE
-
\??\c:\pppvv.exec:\pppvv.exe23⤵
- Executes dropped EXE
-
\??\c:\pjddd.exec:\pjddd.exe24⤵
- Executes dropped EXE
-
\??\c:\rllrffx.exec:\rllrffx.exe25⤵
- Executes dropped EXE
-
\??\c:\1hbtbn.exec:\1hbtbn.exe26⤵
- Executes dropped EXE
-
\??\c:\nnbhnn.exec:\nnbhnn.exe27⤵
- Executes dropped EXE
-
\??\c:\jdjpv.exec:\jdjpv.exe28⤵
- Executes dropped EXE
-
\??\c:\ppppd.exec:\ppppd.exe29⤵
- Executes dropped EXE
-
\??\c:\fxrlrrf.exec:\fxrlrrf.exe30⤵
- Executes dropped EXE
-
\??\c:\bbbbnt.exec:\bbbbnt.exe31⤵
- Executes dropped EXE
-
\??\c:\3jddj.exec:\3jddj.exe32⤵
- Executes dropped EXE
-
\??\c:\lxflxxf.exec:\lxflxxf.exe33⤵
- Executes dropped EXE
-
\??\c:\1hbhnn.exec:\1hbhnn.exe34⤵
- Executes dropped EXE
-
\??\c:\9hthhn.exec:\9hthhn.exe35⤵
- Executes dropped EXE
-
\??\c:\ppjpp.exec:\ppjpp.exe36⤵
- Executes dropped EXE
-
\??\c:\3pvdj.exec:\3pvdj.exe37⤵
- Executes dropped EXE
-
\??\c:\ffrxffl.exec:\ffrxffl.exe38⤵
- Executes dropped EXE
-
\??\c:\1fffrxl.exec:\1fffrxl.exe39⤵
- Executes dropped EXE
-
\??\c:\3hntbn.exec:\3hntbn.exe40⤵
- Executes dropped EXE
-
\??\c:\tttnbt.exec:\tttnbt.exe41⤵
- Executes dropped EXE
-
\??\c:\pjvvp.exec:\pjvvp.exe42⤵
- Executes dropped EXE
-
\??\c:\ddvdp.exec:\ddvdp.exe43⤵
- Executes dropped EXE
-
\??\c:\9rfxxxf.exec:\9rfxxxf.exe44⤵
- Executes dropped EXE
-
\??\c:\5xlfrxl.exec:\5xlfrxl.exe45⤵
- Executes dropped EXE
-
\??\c:\nnntbn.exec:\nnntbn.exe46⤵
- Executes dropped EXE
-
\??\c:\1hnnbh.exec:\1hnnbh.exe47⤵
- Executes dropped EXE
-
\??\c:\ttntbh.exec:\ttntbh.exe48⤵
- Executes dropped EXE
-
\??\c:\vjpjv.exec:\vjpjv.exe49⤵
- Executes dropped EXE
-
\??\c:\3jdjj.exec:\3jdjj.exe50⤵
- Executes dropped EXE
-
\??\c:\lfxflll.exec:\lfxflll.exe51⤵
- Executes dropped EXE
-
\??\c:\xfxxlxf.exec:\xfxxlxf.exe52⤵
- Executes dropped EXE
-
\??\c:\ntbbbb.exec:\ntbbbb.exe53⤵
- Executes dropped EXE
-
\??\c:\1tnhht.exec:\1tnhht.exe54⤵
- Executes dropped EXE
-
\??\c:\1vjpj.exec:\1vjpj.exe55⤵
- Executes dropped EXE
-
\??\c:\5jpvd.exec:\5jpvd.exe56⤵
- Executes dropped EXE
-
\??\c:\fxlxxxf.exec:\fxlxxxf.exe57⤵
- Executes dropped EXE
-
\??\c:\9ffflxx.exec:\9ffflxx.exe58⤵
- Executes dropped EXE
-
\??\c:\5thhnh.exec:\5thhnh.exe59⤵
- Executes dropped EXE
-
\??\c:\bttntb.exec:\bttntb.exe60⤵
- Executes dropped EXE
-
\??\c:\jpdvv.exec:\jpdvv.exe61⤵
- Executes dropped EXE
-
\??\c:\vpppd.exec:\vpppd.exe62⤵
- Executes dropped EXE
-
\??\c:\1lfxxxr.exec:\1lfxxxr.exe63⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\fllxllx.exec:\fllxllx.exe64⤵
- Executes dropped EXE
-
\??\c:\tnbbhn.exec:\tnbbhn.exe65⤵
- Executes dropped EXE
-
\??\c:\pvdvd.exec:\pvdvd.exe66⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe67⤵
-
\??\c:\rrllrfl.exec:\rrllrfl.exe68⤵
-
\??\c:\lfffrrf.exec:\lfffrrf.exe69⤵
-
\??\c:\nbtnth.exec:\nbtnth.exe70⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe71⤵
-
\??\c:\jvppj.exec:\jvppj.exe72⤵
-
\??\c:\xfxrfxf.exec:\xfxrfxf.exe73⤵
-
\??\c:\5rxfxfx.exec:\5rxfxfx.exe74⤵
-
\??\c:\nhtthh.exec:\nhtthh.exe75⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe76⤵
-
\??\c:\thbhnb.exec:\thbhnb.exe77⤵
-
\??\c:\pjjvd.exec:\pjjvd.exe78⤵
-
\??\c:\flxrrxf.exec:\flxrrxf.exe79⤵
-
\??\c:\rflfrxl.exec:\rflfrxl.exe80⤵
-
\??\c:\9hbnbb.exec:\9hbnbb.exe81⤵
-
\??\c:\nnhttb.exec:\nnhttb.exe82⤵
-
\??\c:\dvdjv.exec:\dvdjv.exe83⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe84⤵
-
\??\c:\jddjd.exec:\jddjd.exe85⤵
-
\??\c:\5xrxffl.exec:\5xrxffl.exe86⤵
-
\??\c:\lxllllx.exec:\lxllllx.exe87⤵
-
\??\c:\hnnhtn.exec:\hnnhtn.exe88⤵
-
\??\c:\jvppj.exec:\jvppj.exe89⤵
-
\??\c:\dvddj.exec:\dvddj.exe90⤵
-
\??\c:\pvddv.exec:\pvddv.exe91⤵
-
\??\c:\xrlrxrx.exec:\xrlrxrx.exe92⤵
-
\??\c:\bnhbtt.exec:\bnhbtt.exe93⤵
-
\??\c:\htnttt.exec:\htnttt.exe94⤵
-
\??\c:\3vvjp.exec:\3vvjp.exe95⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jvpjv.exec:\jvpjv.exe96⤵
-
\??\c:\xrrxlrf.exec:\xrrxlrf.exe97⤵
-
\??\c:\rxfxlll.exec:\rxfxlll.exe98⤵
-
\??\c:\hnbtnt.exec:\hnbtnt.exe99⤵
-
\??\c:\7tbntb.exec:\7tbntb.exe100⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe101⤵
-
\??\c:\dvpdp.exec:\dvpdp.exe102⤵
-
\??\c:\xrfrrlr.exec:\xrfrrlr.exe103⤵
-
\??\c:\llflrfl.exec:\llflrfl.exe104⤵
-
\??\c:\xlxxffr.exec:\xlxxffr.exe105⤵
-
\??\c:\nnhnbt.exec:\nnhnbt.exe106⤵
-
\??\c:\9nnhtb.exec:\9nnhtb.exe107⤵
-
\??\c:\ppvvj.exec:\ppvvj.exe108⤵
-
\??\c:\jjddv.exec:\jjddv.exe109⤵
-
\??\c:\xfrrfrf.exec:\xfrrfrf.exe110⤵
-
\??\c:\lfrrxfr.exec:\lfrrxfr.exe111⤵
-
\??\c:\btbhnn.exec:\btbhnn.exe112⤵
-
\??\c:\3ntnbt.exec:\3ntnbt.exe113⤵
-
\??\c:\vvddj.exec:\vvddj.exe114⤵
-
\??\c:\9vvdd.exec:\9vvdd.exe115⤵
-
\??\c:\dvjvj.exec:\dvjvj.exe116⤵
-
\??\c:\3flllrf.exec:\3flllrf.exe117⤵
-
\??\c:\5tnthh.exec:\5tnthh.exe118⤵
-
\??\c:\tbnhnh.exec:\tbnhnh.exe119⤵
-
\??\c:\jjddd.exec:\jjddd.exe120⤵
-
\??\c:\3vjjd.exec:\3vjjd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-