Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
22/11/2024, 05:04
General
-
Target
e30b03c0caf290608292b13d88bf3aab69418785706912a376327ac14ff0b3eb.exe
-
Size
82KB
-
MD5
e3a9a82f7c138c77e2b1716a5a6164b3
-
SHA1
c78a2245fb1d97d0cbfd5fdd415fe467e623a900
-
SHA256
e30b03c0caf290608292b13d88bf3aab69418785706912a376327ac14ff0b3eb
-
SHA512
0456800a2a89493e2db62f3d3c6f1f2e13a00af64190f2d12cf17e6cad0d7ff9daf44a507e3aea221cef0dab6fbac6e9d6b70beba9ce8407e6fd1d7a830a6fae
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73tgygQwKjiawEmB5Gt9:ymb3NkkiQ3mdBjFo73thgQ/wEkc
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e30b03c0caf290608292b13d88bf3aab69418785706912a376327ac14ff0b3eb.exe"C:\Users\Admin\AppData\Local\Temp\e30b03c0caf290608292b13d88bf3aab69418785706912a376327ac14ff0b3eb.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nvrdl.exec:\nvrdl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfdljd.exec:\rfdljd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjftpf.exec:\vjftpf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvxpnh.exec:\dvxpnh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pfpxrd.exec:\pfpxrd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jfbfdfl.exec:\jfbfdfl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rftnf.exec:\rftnf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddbbd.exec:\ddbbd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvflrx.exec:\jvvflrx.exe10⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\dtxtbt.exec:\dtxtbt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlpjfl.exec:\rlpjfl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ljllx.exec:\ljllx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rdhnht.exec:\rdhnht.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpplrdd.exec:\jpplrdd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xvftr.exec:\xvftr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nrrthfv.exec:\nrrthfv.exe17⤵
- Executes dropped EXE
-
\??\c:\hnnfp.exec:\hnnfp.exe18⤵
- Executes dropped EXE
-
\??\c:\lnjpv.exec:\lnjpv.exe19⤵
- Executes dropped EXE
-
\??\c:\nlhldd.exec:\nlhldd.exe20⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\txjjhn.exec:\txjjhn.exe21⤵
- Executes dropped EXE
-
\??\c:\jjfrpr.exec:\jjfrpr.exe22⤵
- Executes dropped EXE
-
\??\c:\vblvrph.exec:\vblvrph.exe23⤵
- Executes dropped EXE
-
\??\c:\jlnjdp.exec:\jlnjdp.exe24⤵
- Executes dropped EXE
-
\??\c:\jdtfft.exec:\jdtfft.exe25⤵
- Executes dropped EXE
-
\??\c:\djndllx.exec:\djndllx.exe26⤵
- Executes dropped EXE
-
\??\c:\lxlxr.exec:\lxlxr.exe27⤵
- Executes dropped EXE
-
\??\c:\vlpjhx.exec:\vlpjhx.exe28⤵
- Executes dropped EXE
-
\??\c:\rpnjh.exec:\rpnjh.exe29⤵
- Executes dropped EXE
-
\??\c:\nhdth.exec:\nhdth.exe30⤵
- Executes dropped EXE
-
\??\c:\nrfdr.exec:\nrfdr.exe31⤵
- Executes dropped EXE
-
\??\c:\dnrxpfp.exec:\dnrxpfp.exe32⤵
- Executes dropped EXE
-
\??\c:\bxjtx.exec:\bxjtx.exe33⤵
- Executes dropped EXE
-
\??\c:\tbpnnpl.exec:\tbpnnpl.exe34⤵
- Executes dropped EXE
-
\??\c:\rhdprh.exec:\rhdprh.exe35⤵
- Executes dropped EXE
-
\??\c:\hbbptnt.exec:\hbbptnt.exe36⤵
- Executes dropped EXE
-
\??\c:\tvjdld.exec:\tvjdld.exe37⤵
- Executes dropped EXE
-
\??\c:\fldrb.exec:\fldrb.exe38⤵
- Executes dropped EXE
-
\??\c:\bjdjtn.exec:\bjdjtn.exe39⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\vvrvr.exec:\vvrvr.exe40⤵
- Executes dropped EXE
-
\??\c:\bhxpxlx.exec:\bhxpxlx.exe41⤵
- Executes dropped EXE
-
\??\c:\lvhftf.exec:\lvhftf.exe42⤵
- Executes dropped EXE
-
\??\c:\dffhbbt.exec:\dffhbbt.exe43⤵
- Executes dropped EXE
-
\??\c:\xvnnnj.exec:\xvnnnj.exe44⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\tvbvftr.exec:\tvbvftr.exe45⤵
- Executes dropped EXE
-
\??\c:\pfblt.exec:\pfblt.exe46⤵
- Executes dropped EXE
-
\??\c:\dhhxd.exec:\dhhxd.exe47⤵
- Executes dropped EXE
-
\??\c:\xfjlrp.exec:\xfjlrp.exe48⤵
- Executes dropped EXE
-
\??\c:\jjbvbjj.exec:\jjbvbjj.exe49⤵
- Executes dropped EXE
-
\??\c:\jtbhbfj.exec:\jtbhbfj.exe50⤵
- Executes dropped EXE
-
\??\c:\bnxxrd.exec:\bnxxrd.exe51⤵
- Executes dropped EXE
-
\??\c:\ddllbvb.exec:\ddllbvb.exe52⤵
- Executes dropped EXE
-
\??\c:\htdvn.exec:\htdvn.exe53⤵
- Executes dropped EXE
-
\??\c:\tltddb.exec:\tltddb.exe54⤵
- Executes dropped EXE
-
\??\c:\frjftj.exec:\frjftj.exe55⤵
- Executes dropped EXE
-
\??\c:\njtpj.exec:\njtpj.exe56⤵
- Executes dropped EXE
-
\??\c:\rbjpft.exec:\rbjpft.exe57⤵
- Executes dropped EXE
-
\??\c:\vhnfv.exec:\vhnfv.exe58⤵
- Executes dropped EXE
-
\??\c:\nxdxtp.exec:\nxdxtp.exe59⤵
- Executes dropped EXE
-
\??\c:\lnhpvr.exec:\lnhpvr.exe60⤵
- Executes dropped EXE
-
\??\c:\vnxpbl.exec:\vnxpbl.exe61⤵
- Executes dropped EXE
-
\??\c:\fnthxn.exec:\fnthxn.exe62⤵
- Executes dropped EXE
-
\??\c:\bpbrtj.exec:\bpbrtj.exe63⤵
- Executes dropped EXE
-
\??\c:\xphbfbv.exec:\xphbfbv.exe64⤵
- Executes dropped EXE
-
\??\c:\hlvhtrj.exec:\hlvhtrj.exe65⤵
- Executes dropped EXE
-
\??\c:\frvrndl.exec:\frvrndl.exe66⤵
-
\??\c:\dnndn.exec:\dnndn.exe67⤵
-
\??\c:\jxbpnb.exec:\jxbpnb.exe68⤵
-
\??\c:\tdrfl.exec:\tdrfl.exe69⤵
-
\??\c:\jjbrnhp.exec:\jjbrnhp.exe70⤵
-
\??\c:\flptlf.exec:\flptlf.exe71⤵
-
\??\c:\brdrjht.exec:\brdrjht.exe72⤵
-
\??\c:\jdxrn.exec:\jdxrn.exe73⤵
-
\??\c:\pvtbhn.exec:\pvtbhn.exe74⤵
-
\??\c:\trbtjrd.exec:\trbtjrd.exe75⤵
-
\??\c:\ppnpr.exec:\ppnpr.exe76⤵
-
\??\c:\vdplv.exec:\vdplv.exe77⤵
-
\??\c:\rdxjhbt.exec:\rdxjhbt.exe78⤵
-
\??\c:\rtvrrt.exec:\rtvrrt.exe79⤵
-
\??\c:\tvjttn.exec:\tvjttn.exe80⤵
-
\??\c:\rntlnj.exec:\rntlnj.exe81⤵
-
\??\c:\rltdhpn.exec:\rltdhpn.exe82⤵
-
\??\c:\jhtdv.exec:\jhtdv.exe83⤵
-
\??\c:\trxtnb.exec:\trxtnb.exe84⤵
-
\??\c:\hjjdx.exec:\hjjdx.exe85⤵
-
\??\c:\xvbrrf.exec:\xvbrrf.exe86⤵
-
\??\c:\nhfbbb.exec:\nhfbbb.exe87⤵
-
\??\c:\fdfhbb.exec:\fdfhbb.exe88⤵
-
\??\c:\vlhdxbl.exec:\vlhdxbl.exe89⤵
-
\??\c:\phfxtb.exec:\phfxtb.exe90⤵
-
\??\c:\lfttdrl.exec:\lfttdrl.exe91⤵
-
\??\c:\hldjlv.exec:\hldjlv.exe92⤵
-
\??\c:\xlldft.exec:\xlldft.exe93⤵
-
\??\c:\nvnjhrl.exec:\nvnjhrl.exe94⤵
-
\??\c:\rdjhvnv.exec:\rdjhvnv.exe95⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hjvjd.exec:\hjvjd.exe96⤵
-
\??\c:\nvbpvnh.exec:\nvbpvnh.exe97⤵
-
\??\c:\dtntb.exec:\dtntb.exe98⤵
-
\??\c:\vhhttp.exec:\vhhttp.exe99⤵
-
\??\c:\nbpbh.exec:\nbpbh.exe100⤵
-
\??\c:\rvfhp.exec:\rvfhp.exe101⤵
-
\??\c:\xlrbph.exec:\xlrbph.exe102⤵
-
\??\c:\tvdptv.exec:\tvdptv.exe103⤵
-
\??\c:\rndjtrl.exec:\rndjtrl.exe104⤵
-
\??\c:\ptpdlf.exec:\ptpdlf.exe105⤵
-
\??\c:\fhnhhbd.exec:\fhnhhbd.exe106⤵
-
\??\c:\xxllnt.exec:\xxllnt.exe107⤵
-
\??\c:\fbpnjj.exec:\fbpnjj.exe108⤵
-
\??\c:\lvrlb.exec:\lvrlb.exe109⤵
-
\??\c:\vhfdr.exec:\vhfdr.exe110⤵
-
\??\c:\brlrnrv.exec:\brlrnrv.exe111⤵
-
\??\c:\rxtptvl.exec:\rxtptvl.exe112⤵
-
\??\c:\dlxvpp.exec:\dlxvpp.exe113⤵
-
\??\c:\hvxvxb.exec:\hvxvxb.exe114⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xjhndtp.exec:\xjhndtp.exe115⤵
-
\??\c:\lprdrd.exec:\lprdrd.exe116⤵
-
\??\c:\ttvjb.exec:\ttvjb.exe117⤵
-
\??\c:\bldnxnn.exec:\bldnxnn.exe118⤵
-
\??\c:\vjvnfp.exec:\vjvnfp.exe119⤵
-
\??\c:\jttbbb.exec:\jttbbb.exe120⤵
-
\??\c:\fhvxv.exec:\fhvxv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-