Analysis
-
max time kernel
120s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
23-11-2024 13:19
General
-
Target
7f64ff1d4813dfe2e0da443ab23eb2a3cf4bbaa19defc8e391790ff012dafa0e.exe
-
Size
74KB
-
MD5
c9cc7f43112a69992bd5c7adc86f70ef
-
SHA1
24bcfef4c7440ae54398e9915ee3c9643da57ca6
-
SHA256
7f64ff1d4813dfe2e0da443ab23eb2a3cf4bbaa19defc8e391790ff012dafa0e
-
SHA512
569d4305f4fc15aecd0475c7e5b03207567508aa3366d62e6939d60794084f48dc9232bf44e6d1e8e85bb70043b0df34b2cac08299d0f9b813842dbd91064444
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDWiekja1br3GGBxfot3eD:ymb3NkkiQ3mdBjFWXkj7afo6
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 35 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7f64ff1d4813dfe2e0da443ab23eb2a3cf4bbaa19defc8e391790ff012dafa0e.exe"C:\Users\Admin\AppData\Local\Temp\7f64ff1d4813dfe2e0da443ab23eb2a3cf4bbaa19defc8e391790ff012dafa0e.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xfflrfr.exec:\xfflrfr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhnh.exec:\hbhhnh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvppd.exec:\jvppd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvpj.exec:\ddvpj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxrrl.exec:\rrxxrrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btthhh.exec:\btthhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jppd.exec:\9jppd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxxxfx.exec:\frxxxfx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1btnhh.exec:\1btnhh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjvv.exec:\ddjvv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppjd.exec:\pppjd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfxrxf.exec:\lxfxrxf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhhhh.exec:\hhhhhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjjd.exec:\ddjjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfrfxl.exec:\xrfrfxl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ttnnn.exec:\3ttnnn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhhbn.exec:\nnhhbn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdjv.exec:\pvdjv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbtn.exec:\nhhbtn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppppj.exec:\ppppj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bbhth.exec:\7bbhth.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbttt.exec:\nbbttt.exe23⤵
- Executes dropped EXE
-
\??\c:\jpvvj.exec:\jpvvj.exe24⤵
- Executes dropped EXE
-
\??\c:\xrrlxfx.exec:\xrrlxfx.exe25⤵
- Executes dropped EXE
-
\??\c:\lrrrlrf.exec:\lrrrlrf.exe26⤵
- Executes dropped EXE
-
\??\c:\nbhbtt.exec:\nbhbtt.exe27⤵
- Executes dropped EXE
-
\??\c:\tnnhbb.exec:\tnnhbb.exe28⤵
- Executes dropped EXE
-
\??\c:\dppdv.exec:\dppdv.exe29⤵
- Executes dropped EXE
-
\??\c:\xxfrxff.exec:\xxfrxff.exe30⤵
- Executes dropped EXE
-
\??\c:\bhtttt.exec:\bhtttt.exe31⤵
- Executes dropped EXE
-
\??\c:\bhbttn.exec:\bhbttn.exe32⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe33⤵
- Executes dropped EXE
-
\??\c:\vdjdv.exec:\vdjdv.exe34⤵
- Executes dropped EXE
-
\??\c:\7xfxxxr.exec:\7xfxxxr.exe35⤵
- Executes dropped EXE
-
\??\c:\btnnht.exec:\btnnht.exe36⤵
- Executes dropped EXE
-
\??\c:\pjddd.exec:\pjddd.exe37⤵
- Executes dropped EXE
-
\??\c:\pvdvj.exec:\pvdvj.exe38⤵
- Executes dropped EXE
-
\??\c:\fxfxxrr.exec:\fxfxxrr.exe39⤵
- Executes dropped EXE
-
\??\c:\hbbbtb.exec:\hbbbtb.exe40⤵
- Executes dropped EXE
-
\??\c:\ttnnhh.exec:\ttnnhh.exe41⤵
- Executes dropped EXE
-
\??\c:\vjvvp.exec:\vjvvp.exe42⤵
- Executes dropped EXE
-
\??\c:\xffxlll.exec:\xffxlll.exe43⤵
- Executes dropped EXE
-
\??\c:\xlrllll.exec:\xlrllll.exe44⤵
- Executes dropped EXE
-
\??\c:\nhhhbn.exec:\nhhhbn.exe45⤵
- Executes dropped EXE
-
\??\c:\bbnhbt.exec:\bbnhbt.exe46⤵
- Executes dropped EXE
-
\??\c:\jjjdv.exec:\jjjdv.exe47⤵
- Executes dropped EXE
-
\??\c:\jvvvj.exec:\jvvvj.exe48⤵
- Executes dropped EXE
-
\??\c:\rxffrrr.exec:\rxffrrr.exe49⤵
- Executes dropped EXE
-
\??\c:\lrxxxfx.exec:\lrxxxfx.exe50⤵
- Executes dropped EXE
-
\??\c:\hhnnhn.exec:\hhnnhn.exe51⤵
- Executes dropped EXE
-
\??\c:\bttthh.exec:\bttthh.exe52⤵
- Executes dropped EXE
-
\??\c:\jjvvj.exec:\jjvvj.exe53⤵
- Executes dropped EXE
-
\??\c:\dvvpd.exec:\dvvpd.exe54⤵
- Executes dropped EXE
-
\??\c:\lxxxxxx.exec:\lxxxxxx.exe55⤵
- Executes dropped EXE
-
\??\c:\fxrrrrl.exec:\fxrrrrl.exe56⤵
- Executes dropped EXE
-
\??\c:\btbtnn.exec:\btbtnn.exe57⤵
- Executes dropped EXE
-
\??\c:\httnth.exec:\httnth.exe58⤵
- Executes dropped EXE
-
\??\c:\djddv.exec:\djddv.exe59⤵
- Executes dropped EXE
-
\??\c:\rrrrlll.exec:\rrrrlll.exe60⤵
- Executes dropped EXE
-
\??\c:\xrrrllx.exec:\xrrrllx.exe61⤵
- Executes dropped EXE
-
\??\c:\bhhhtt.exec:\bhhhtt.exe62⤵
- Executes dropped EXE
-
\??\c:\nbtnhh.exec:\nbtnhh.exe63⤵
- Executes dropped EXE
-
\??\c:\9vdvj.exec:\9vdvj.exe64⤵
- Executes dropped EXE
-
\??\c:\frlfxff.exec:\frlfxff.exe65⤵
- Executes dropped EXE
-
\??\c:\xfxrlfx.exec:\xfxrlfx.exe66⤵
-
\??\c:\bbbbtb.exec:\bbbbtb.exe67⤵
-
\??\c:\hthhbb.exec:\hthhbb.exe68⤵
-
\??\c:\vdjdd.exec:\vdjdd.exe69⤵
-
\??\c:\rlxxlfx.exec:\rlxxlfx.exe70⤵
-
\??\c:\xrlllfx.exec:\xrlllfx.exe71⤵
-
\??\c:\9nhbtt.exec:\9nhbtt.exe72⤵
-
\??\c:\hbbthh.exec:\hbbthh.exe73⤵
-
\??\c:\vjjjv.exec:\vjjjv.exe74⤵
-
\??\c:\9vdvj.exec:\9vdvj.exe75⤵
-
\??\c:\9xfxrlf.exec:\9xfxrlf.exe76⤵
-
\??\c:\hnnntb.exec:\hnnntb.exe77⤵
-
\??\c:\nhhbbb.exec:\nhhbbb.exe78⤵
-
\??\c:\pvdvd.exec:\pvdvd.exe79⤵
-
\??\c:\rrlffff.exec:\rrlffff.exe80⤵
-
\??\c:\vpvpv.exec:\vpvpv.exe81⤵
-
\??\c:\xrfrxrl.exec:\xrfrxrl.exe82⤵
-
\??\c:\1lffxrl.exec:\1lffxrl.exe83⤵
-
\??\c:\5bhhbb.exec:\5bhhbb.exe84⤵
-
\??\c:\bnhnhh.exec:\bnhnhh.exe85⤵
-
\??\c:\7jvpd.exec:\7jvpd.exe86⤵
-
\??\c:\9dpjp.exec:\9dpjp.exe87⤵
-
\??\c:\lxxlrrr.exec:\lxxlrrr.exe88⤵
-
\??\c:\5nttnn.exec:\5nttnn.exe89⤵
-
\??\c:\tnhbtb.exec:\tnhbtb.exe90⤵
-
\??\c:\9jjdv.exec:\9jjdv.exe91⤵
-
\??\c:\fxfxfxx.exec:\fxfxfxx.exe92⤵
-
\??\c:\frrfrlx.exec:\frrfrlx.exe93⤵
-
\??\c:\tnnhtt.exec:\tnnhtt.exe94⤵
-
\??\c:\hbnnbn.exec:\hbnnbn.exe95⤵
-
\??\c:\pddjv.exec:\pddjv.exe96⤵
-
\??\c:\jjvpd.exec:\jjvpd.exe97⤵
-
\??\c:\xxfrfxr.exec:\xxfrfxr.exe98⤵
-
\??\c:\btbbbb.exec:\btbbbb.exe99⤵
-
\??\c:\nbhhtb.exec:\nbhhtb.exe100⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vpdpv.exec:\vpdpv.exe101⤵
-
\??\c:\rrrxlxf.exec:\rrrxlxf.exe102⤵
-
\??\c:\xlrlffx.exec:\xlrlffx.exe103⤵
-
\??\c:\htnnhh.exec:\htnnhh.exe104⤵
-
\??\c:\bhhtth.exec:\bhhtth.exe105⤵
-
\??\c:\jdpdv.exec:\jdpdv.exe106⤵
-
\??\c:\rllfrlf.exec:\rllfrlf.exe107⤵
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe108⤵
-
\??\c:\bthbhb.exec:\bthbhb.exe109⤵
-
\??\c:\nhnhtn.exec:\nhnhtn.exe110⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe111⤵
-
\??\c:\ddjjd.exec:\ddjjd.exe112⤵
-
\??\c:\ffrrrxr.exec:\ffrrrxr.exe113⤵
-
\??\c:\lxffxfr.exec:\lxffxfr.exe114⤵
-
\??\c:\bbnhbb.exec:\bbnhbb.exe115⤵
-
\??\c:\ppjjj.exec:\ppjjj.exe116⤵
-
\??\c:\jvpjp.exec:\jvpjp.exe117⤵
-
\??\c:\lxfxxrr.exec:\lxfxxrr.exe118⤵
-
\??\c:\9ffxfff.exec:\9ffxfff.exe119⤵
-
\??\c:\nhntbb.exec:\nhntbb.exe120⤵
-
\??\c:\vdpjv.exec:\vdpjv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-