Analysis
-
max time kernel
120s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
22-11-2024 07:44
General
-
Target
3a0d3d05378db2dd4094ab8db2c263eb08ed485263ea5bf1fcf1256412294c3e.exe
-
Size
335KB
-
MD5
5c607a1bc09df2b598835688cd4bef86
-
SHA1
059ec216e2d5e557570179b623107a8fe7ef5b23
-
SHA256
3a0d3d05378db2dd4094ab8db2c263eb08ed485263ea5bf1fcf1256412294c3e
-
SHA512
44074d20040f262c4f3ebbac6cffd1374042fdbc74570cb6e7c1897351b31c75de67d5951dcde6df2796bab46111af4b5a08c62d8812a0019314d6a3e217f3ae
-
SSDEEP
6144:Lcm4FmowdHoSHt251UriZFwfsDX2UznsaFVNJCMKAbeRp:R4wFHoSHYHUrAwfMp3CDRp
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 40 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3a0d3d05378db2dd4094ab8db2c263eb08ed485263ea5bf1fcf1256412294c3e.exe"C:\Users\Admin\AppData\Local\Temp\3a0d3d05378db2dd4094ab8db2c263eb08ed485263ea5bf1fcf1256412294c3e.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pnlllpr.exec:\pnlllpr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fnhtjb.exec:\fnhtjb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppttb.exec:\ppttb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbpn.exec:\ntbpn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xpxjh.exec:\xpxjh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfhdr.exec:\xfhdr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fbnnprt.exec:\fbnnprt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdljx.exec:\vdljx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jnnxxnp.exec:\jnnxxnp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hxbtb.exec:\hxbtb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tvnlfd.exec:\tvnlfd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvtplx.exec:\jvtplx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrnj.exec:\rxrnj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fjltnb.exec:\fjltnb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxbjt.exec:\fxbjt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lhvfbn.exec:\lhvfbn.exe17⤵
- Executes dropped EXE
-
\??\c:\lxhfdxn.exec:\lxhfdxn.exe18⤵
- Executes dropped EXE
-
\??\c:\hvpdbl.exec:\hvpdbl.exe19⤵
- Executes dropped EXE
-
\??\c:\njvbp.exec:\njvbp.exe20⤵
- Executes dropped EXE
-
\??\c:\dftlht.exec:\dftlht.exe21⤵
- Executes dropped EXE
-
\??\c:\ptpdvd.exec:\ptpdvd.exe22⤵
- Executes dropped EXE
-
\??\c:\nxrlfvj.exec:\nxrlfvj.exe23⤵
- Executes dropped EXE
-
\??\c:\dphpf.exec:\dphpf.exe24⤵
- Executes dropped EXE
-
\??\c:\txthfpb.exec:\txthfpb.exe25⤵
- Executes dropped EXE
-
\??\c:\tdhjt.exec:\tdhjt.exe26⤵
- Executes dropped EXE
-
\??\c:\vrdjx.exec:\vrdjx.exe27⤵
- Executes dropped EXE
-
\??\c:\brtfjd.exec:\brtfjd.exe28⤵
- Executes dropped EXE
-
\??\c:\fvtjlht.exec:\fvtjlht.exe29⤵
- Executes dropped EXE
-
\??\c:\jhvvj.exec:\jhvvj.exe30⤵
- Executes dropped EXE
-
\??\c:\ltvbvhx.exec:\ltvbvhx.exe31⤵
- Executes dropped EXE
-
\??\c:\tfndj.exec:\tfndj.exe32⤵
- Executes dropped EXE
-
\??\c:\bhprf.exec:\bhprf.exe33⤵
- Executes dropped EXE
-
\??\c:\hbfxrpp.exec:\hbfxrpp.exe34⤵
- Executes dropped EXE
-
\??\c:\nlxthpb.exec:\nlxthpb.exe35⤵
- Executes dropped EXE
-
\??\c:\rhphbdh.exec:\rhphbdh.exe36⤵
- Executes dropped EXE
-
\??\c:\ltvjvbx.exec:\ltvjvbx.exe37⤵
- Executes dropped EXE
-
\??\c:\tdlvth.exec:\tdlvth.exe38⤵
- Executes dropped EXE
-
\??\c:\bbxnnf.exec:\bbxnnf.exe39⤵
- Executes dropped EXE
-
\??\c:\pflnp.exec:\pflnp.exe40⤵
- Executes dropped EXE
-
\??\c:\rjdhrx.exec:\rjdhrx.exe41⤵
- Executes dropped EXE
-
\??\c:\ljhplph.exec:\ljhplph.exe42⤵
- Executes dropped EXE
-
\??\c:\tffrb.exec:\tffrb.exe43⤵
- Executes dropped EXE
-
\??\c:\ptndlxt.exec:\ptndlxt.exe44⤵
- Executes dropped EXE
-
\??\c:\brhlpl.exec:\brhlpl.exe45⤵
- Executes dropped EXE
-
\??\c:\jbbrvh.exec:\jbbrvh.exe46⤵
- Executes dropped EXE
-
\??\c:\xpbrtr.exec:\xpbrtr.exe47⤵
- Executes dropped EXE
-
\??\c:\vrvfbt.exec:\vrvfbt.exe48⤵
- Executes dropped EXE
-
\??\c:\fhpjrr.exec:\fhpjrr.exe49⤵
- Executes dropped EXE
-
\??\c:\ddlhxp.exec:\ddlhxp.exe50⤵
- Executes dropped EXE
-
\??\c:\xpddtnl.exec:\xpddtnl.exe51⤵
- Executes dropped EXE
-
\??\c:\jflbt.exec:\jflbt.exe52⤵
- Executes dropped EXE
-
\??\c:\nxdfhhj.exec:\nxdfhhj.exe53⤵
- Executes dropped EXE
-
\??\c:\pfdvd.exec:\pfdvd.exe54⤵
- Executes dropped EXE
-
\??\c:\bfndp.exec:\bfndp.exe55⤵
- Executes dropped EXE
-
\??\c:\bbptnr.exec:\bbptnr.exe56⤵
- Executes dropped EXE
-
\??\c:\fvdrpnn.exec:\fvdrpnn.exe57⤵
- Executes dropped EXE
-
\??\c:\thbnx.exec:\thbnx.exe58⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\vlpxxld.exec:\vlpxxld.exe59⤵
- Executes dropped EXE
-
\??\c:\rxhtd.exec:\rxhtd.exe60⤵
- Executes dropped EXE
-
\??\c:\njvxp.exec:\njvxp.exe61⤵
- Executes dropped EXE
-
\??\c:\bpxdb.exec:\bpxdb.exe62⤵
- Executes dropped EXE
-
\??\c:\lhpfb.exec:\lhpfb.exe63⤵
- Executes dropped EXE
-
\??\c:\plptrpr.exec:\plptrpr.exe64⤵
- Executes dropped EXE
-
\??\c:\rnhpdr.exec:\rnhpdr.exe65⤵
- Executes dropped EXE
-
\??\c:\bvrjhv.exec:\bvrjhv.exe66⤵
-
\??\c:\bxxtfl.exec:\bxxtfl.exe67⤵
-
\??\c:\dtpvxp.exec:\dtpvxp.exe68⤵
-
\??\c:\vlpjbxv.exec:\vlpjbxv.exe69⤵
-
\??\c:\nlfpjjx.exec:\nlfpjjx.exe70⤵
-
\??\c:\ddhrbh.exec:\ddhrbh.exe71⤵
-
\??\c:\hpvthn.exec:\hpvthn.exe72⤵
-
\??\c:\xlbpnpt.exec:\xlbpnpt.exe73⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vhdnb.exec:\vhdnb.exe74⤵
-
\??\c:\rrtxn.exec:\rrtxn.exe75⤵
-
\??\c:\fhvxl.exec:\fhvxl.exe76⤵
-
\??\c:\rjlndbh.exec:\rjlndbh.exe77⤵
-
\??\c:\vbtxr.exec:\vbtxr.exe78⤵
-
\??\c:\lrbnjdv.exec:\lrbnjdv.exe79⤵
-
\??\c:\rhjjn.exec:\rhjjn.exe80⤵
- System Location Discovery: System Language Discovery
-
\??\c:\dvntvj.exec:\dvntvj.exe81⤵
-
\??\c:\vvnjx.exec:\vvnjx.exe82⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xvdrj.exec:\xvdrj.exe83⤵
-
\??\c:\ltvxl.exec:\ltvxl.exe84⤵
-
\??\c:\nxfhfb.exec:\nxfhfb.exe85⤵
-
\??\c:\hjjhb.exec:\hjjhb.exe86⤵
-
\??\c:\vvnbdfd.exec:\vvnbdfd.exe87⤵
-
\??\c:\pbrtxph.exec:\pbrtxph.exe88⤵
-
\??\c:\tbdptvl.exec:\tbdptvl.exe89⤵
-
\??\c:\nlnxvfr.exec:\nlnxvfr.exe90⤵
-
\??\c:\jbbdbl.exec:\jbbdbl.exe91⤵
-
\??\c:\xplhvb.exec:\xplhvb.exe92⤵
-
\??\c:\pdnnlbh.exec:\pdnnlbh.exe93⤵
-
\??\c:\tvndv.exec:\tvndv.exe94⤵
-
\??\c:\fhblvhh.exec:\fhblvhh.exe95⤵
-
\??\c:\jbpvpjv.exec:\jbpvpjv.exe96⤵
-
\??\c:\dhnhlht.exec:\dhnhlht.exe97⤵
- System Location Discovery: System Language Discovery
-
\??\c:\nfvdlt.exec:\nfvdlt.exe98⤵
-
\??\c:\vxtrjhr.exec:\vxtrjhr.exe99⤵
-
\??\c:\pfplxd.exec:\pfplxd.exe100⤵
-
\??\c:\ljbnb.exec:\ljbnb.exe101⤵
-
\??\c:\lrtxbn.exec:\lrtxbn.exe102⤵
-
\??\c:\bnnfbjj.exec:\bnnfbjj.exe103⤵
-
\??\c:\dvtnrtf.exec:\dvtnrtf.exe104⤵
-
\??\c:\tvdnxbp.exec:\tvdnxbp.exe105⤵
-
\??\c:\jtjnl.exec:\jtjnl.exe106⤵
-
\??\c:\pjpbjlp.exec:\pjpbjlp.exe107⤵
-
\??\c:\prtxhb.exec:\prtxhb.exe108⤵
-
\??\c:\hrfpph.exec:\hrfpph.exe109⤵
-
\??\c:\dlvntj.exec:\dlvntj.exe110⤵
-
\??\c:\vjprpn.exec:\vjprpn.exe111⤵
-
\??\c:\bxvhv.exec:\bxvhv.exe112⤵
-
\??\c:\dphlh.exec:\dphlh.exe113⤵
-
\??\c:\jlbpjl.exec:\jlbpjl.exe114⤵
-
\??\c:\jtrhd.exec:\jtrhd.exe115⤵
-
\??\c:\jbnhl.exec:\jbnhl.exe116⤵
-
\??\c:\bvphbt.exec:\bvphbt.exe117⤵
-
\??\c:\nfrjph.exec:\nfrjph.exe118⤵
-
\??\c:\hpdrd.exec:\hpdrd.exe119⤵
-
\??\c:\xxdblhb.exec:\xxdblhb.exe120⤵
-
\??\c:\jldvjrd.exec:\jldvjrd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-