Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
23-11-2024 05:27
General
-
Target
f8c64946fe4314a2ef35fc5f10f6a09cfc30895768aa6ff6d4b966205abb42f6.exe
-
Size
590KB
-
MD5
01335addfaf7aa894ec94da566e642e0
-
SHA1
768a88b356d32849adc5c5c3c17321efc09e1762
-
SHA256
f8c64946fe4314a2ef35fc5f10f6a09cfc30895768aa6ff6d4b966205abb42f6
-
SHA512
b239ae933557748e19127b19b31f26cfde33b29f1d9104175f94be317971178bf33a2e515a3e61b2ddd50865c1378c48c8e24ec352c427ab8b1ef5790365e10b
-
SSDEEP
6144:n3C9BRIj+ebjcSbcY+CaQdaFOY4iGFYtRdzzoyYxJAyfgayh:n3C9Lebz+xt4vFeFmgayh
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f8c64946fe4314a2ef35fc5f10f6a09cfc30895768aa6ff6d4b966205abb42f6.exe"C:\Users\Admin\AppData\Local\Temp\f8c64946fe4314a2ef35fc5f10f6a09cfc30895768aa6ff6d4b966205abb42f6.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1nbhnt.exec:\1nbhnt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjpv.exec:\dvjpv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hbhth.exec:\9hbhth.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflxlrx.exec:\lflxlrx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnhtb.exec:\ttnhtb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfrlrf.exec:\rlfrlrf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnttnn.exec:\tnttnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlxflr.exec:\fxlxflr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpvd.exec:\vvpvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlxrll.exec:\rxlxrll.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbntbn.exec:\tbntbn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrfrrf.exec:\lxrfrrf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbhhh.exec:\hhbhhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxrxff.exec:\rlxrxff.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbtnh.exec:\ntbtnh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxfffl.exec:\xrxfffl.exe17⤵
- Executes dropped EXE
-
\??\c:\bbthbh.exec:\bbthbh.exe18⤵
- Executes dropped EXE
-
\??\c:\ddpvp.exec:\ddpvp.exe19⤵
- Executes dropped EXE
-
\??\c:\llfxlfr.exec:\llfxlfr.exe20⤵
- Executes dropped EXE
-
\??\c:\7tnhnh.exec:\7tnhnh.exe21⤵
- Executes dropped EXE
-
\??\c:\xxlrxfr.exec:\xxlrxfr.exe22⤵
- Executes dropped EXE
-
\??\c:\djvjj.exec:\djvjj.exe23⤵
- Executes dropped EXE
-
\??\c:\5dvvv.exec:\5dvvv.exe24⤵
- Executes dropped EXE
-
\??\c:\hbtbhb.exec:\hbtbhb.exe25⤵
- Executes dropped EXE
-
\??\c:\fxxfrfr.exec:\fxxfrfr.exe26⤵
- Executes dropped EXE
-
\??\c:\rxrxllx.exec:\rxrxllx.exe27⤵
- Executes dropped EXE
-
\??\c:\9rrxfrr.exec:\9rrxfrr.exe28⤵
- Executes dropped EXE
-
\??\c:\tnbbhb.exec:\tnbbhb.exe29⤵
- Executes dropped EXE
-
\??\c:\5tnbnb.exec:\5tnbnb.exe30⤵
- Executes dropped EXE
-
\??\c:\fffrflx.exec:\fffrflx.exe31⤵
- Executes dropped EXE
-
\??\c:\hnthth.exec:\hnthth.exe32⤵
- Executes dropped EXE
-
\??\c:\dvjdj.exec:\dvjdj.exe33⤵
- Executes dropped EXE
-
\??\c:\7flrrff.exec:\7flrrff.exe34⤵
- Executes dropped EXE
-
\??\c:\fxlrxxl.exec:\fxlrxxl.exe35⤵
- Executes dropped EXE
-
\??\c:\thhnbt.exec:\thhnbt.exe36⤵
- Executes dropped EXE
-
\??\c:\dpdjp.exec:\dpdjp.exe37⤵
- Executes dropped EXE
-
\??\c:\xxrflxl.exec:\xxrflxl.exe38⤵
- Executes dropped EXE
-
\??\c:\nhnntn.exec:\nhnntn.exe39⤵
- Executes dropped EXE
-
\??\c:\jpjpd.exec:\jpjpd.exe40⤵
- Executes dropped EXE
-
\??\c:\3lrlrrr.exec:\3lrlrrr.exe41⤵
- Executes dropped EXE
-
\??\c:\frrxrff.exec:\frrxrff.exe42⤵
- Executes dropped EXE
-
\??\c:\hbntht.exec:\hbntht.exe43⤵
- Executes dropped EXE
-
\??\c:\jjdjd.exec:\jjdjd.exe44⤵
- Executes dropped EXE
-
\??\c:\jjpdd.exec:\jjpdd.exe45⤵
- Executes dropped EXE
-
\??\c:\xxxlflx.exec:\xxxlflx.exe46⤵
- Executes dropped EXE
-
\??\c:\rrfrxxl.exec:\rrfrxxl.exe47⤵
- Executes dropped EXE
-
\??\c:\nththt.exec:\nththt.exe48⤵
- Executes dropped EXE
-
\??\c:\5vpdj.exec:\5vpdj.exe49⤵
- Executes dropped EXE
-
\??\c:\dvjjj.exec:\dvjjj.exe50⤵
- Executes dropped EXE
-
\??\c:\fxfrxrf.exec:\fxfrxrf.exe51⤵
- Executes dropped EXE
-
\??\c:\7thbbb.exec:\7thbbb.exe52⤵
- Executes dropped EXE
-
\??\c:\nhthtt.exec:\nhthtt.exe53⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\jjvdp.exec:\jjvdp.exe54⤵
- Executes dropped EXE
-
\??\c:\7jdpv.exec:\7jdpv.exe55⤵
- Executes dropped EXE
-
\??\c:\llxfrfx.exec:\llxfrfx.exe56⤵
- Executes dropped EXE
-
\??\c:\hbbbhn.exec:\hbbbhn.exe57⤵
- Executes dropped EXE
-
\??\c:\hthtbh.exec:\hthtbh.exe58⤵
- Executes dropped EXE
-
\??\c:\vdpjj.exec:\vdpjj.exe59⤵
- Executes dropped EXE
-
\??\c:\9dppd.exec:\9dppd.exe60⤵
- Executes dropped EXE
-
\??\c:\9rflrxf.exec:\9rflrxf.exe61⤵
- Executes dropped EXE
-
\??\c:\tttbnb.exec:\tttbnb.exe62⤵
- Executes dropped EXE
-
\??\c:\tnhthn.exec:\tnhthn.exe63⤵
- Executes dropped EXE
-
\??\c:\vpvvd.exec:\vpvvd.exe64⤵
- Executes dropped EXE
-
\??\c:\vpjvj.exec:\vpjvj.exe65⤵
- Executes dropped EXE
-
\??\c:\ffrxrlr.exec:\ffrxrlr.exe66⤵
-
\??\c:\htbbbh.exec:\htbbbh.exe67⤵
-
\??\c:\dddjj.exec:\dddjj.exe68⤵
-
\??\c:\jddpv.exec:\jddpv.exe69⤵
-
\??\c:\rlfrxfr.exec:\rlfrxfr.exe70⤵
-
\??\c:\rrffllr.exec:\rrffllr.exe71⤵
-
\??\c:\hhhbtn.exec:\hhhbtn.exe72⤵
-
\??\c:\vvdjd.exec:\vvdjd.exe73⤵
-
\??\c:\lffflfr.exec:\lffflfr.exe74⤵
-
\??\c:\1rrlflx.exec:\1rrlflx.exe75⤵
-
\??\c:\btnnbb.exec:\btnnbb.exe76⤵
-
\??\c:\hbtbhb.exec:\hbtbhb.exe77⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe78⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe79⤵
-
\??\c:\rrflrxf.exec:\rrflrxf.exe80⤵
-
\??\c:\bnnbbn.exec:\bnnbbn.exe81⤵
-
\??\c:\1vjvd.exec:\1vjvd.exe82⤵
-
\??\c:\5djpd.exec:\5djpd.exe83⤵
-
\??\c:\3fxfrxl.exec:\3fxfrxl.exe84⤵
-
\??\c:\3rflrrr.exec:\3rflrrr.exe85⤵
-
\??\c:\bnnbtt.exec:\bnnbtt.exe86⤵
-
\??\c:\pdjpv.exec:\pdjpv.exe87⤵
-
\??\c:\frfflxx.exec:\frfflxx.exe88⤵
-
\??\c:\nnbntb.exec:\nnbntb.exe89⤵
-
\??\c:\bhbbbb.exec:\bhbbbb.exe90⤵
- System Location Discovery: System Language Discovery
-
\??\c:\3fxlrlr.exec:\3fxlrlr.exe91⤵
-
\??\c:\3rlflll.exec:\3rlflll.exe92⤵
-
\??\c:\bbthth.exec:\bbthth.exe93⤵
-
\??\c:\ppjvp.exec:\ppjvp.exe94⤵
-
\??\c:\3ppdv.exec:\3ppdv.exe95⤵
-
\??\c:\9hbhnb.exec:\9hbhnb.exe96⤵
-
\??\c:\5dpvd.exec:\5dpvd.exe97⤵
-
\??\c:\5xrffrl.exec:\5xrffrl.exe98⤵
-
\??\c:\fxrfxlf.exec:\fxrfxlf.exe99⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe100⤵
-
\??\c:\lrlxxll.exec:\lrlxxll.exe101⤵
-
\??\c:\1tbhnb.exec:\1tbhnb.exe102⤵
-
\??\c:\3jddj.exec:\3jddj.exe103⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe104⤵
-
\??\c:\llflfrx.exec:\llflfrx.exe105⤵
-
\??\c:\tbnntn.exec:\tbnntn.exe106⤵
-
\??\c:\7vpdp.exec:\7vpdp.exe107⤵
-
\??\c:\rflflxf.exec:\rflflxf.exe108⤵
-
\??\c:\9rlrflx.exec:\9rlrflx.exe109⤵
-
\??\c:\7btbbb.exec:\7btbbb.exe110⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe111⤵
-
\??\c:\lxrfrrf.exec:\lxrfrrf.exe112⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe113⤵
-
\??\c:\llxrflr.exec:\llxrflr.exe114⤵
- System Location Discovery: System Language Discovery
-
\??\c:\nhtthn.exec:\nhtthn.exe115⤵
-
\??\c:\ddvvv.exec:\ddvvv.exe116⤵
-
\??\c:\3xlrrlf.exec:\3xlrrlf.exe117⤵
-
\??\c:\3xxxlff.exec:\3xxxlff.exe118⤵
-
\??\c:\nnhthh.exec:\nnhthh.exe119⤵
-
\??\c:\7xffrfl.exec:\7xffrfl.exe120⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hnhtht.exec:\hnhtht.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-