Analysis
-
max time kernel
150s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
24/11/2024, 03:54
General
-
Target
d63abe588b87bbbc1854f05ee027b12f613a64ebc031c71044fcefc4a0108606.exe
-
Size
349KB
-
MD5
c127df286098c6e50dcc0f98b10238be
-
SHA1
01493860a0e40fa19b8e9787316dc79f9db6d558
-
SHA256
d63abe588b87bbbc1854f05ee027b12f613a64ebc031c71044fcefc4a0108606
-
SHA512
d005189b32569ca993f161e097f60762db154c053fdd432f1c2dd3c853ffdb8399acfec88e77cef27048b4c7ddbde2e08c2cbcbf7162eda1e5c4615db3f473d1
-
SSDEEP
6144:Xcm7ImGddXgYW5fNZWB5hFfci3Add4kGYA4K:l7TcbWXZshJX2VGd4K
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 41 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 40 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d63abe588b87bbbc1854f05ee027b12f613a64ebc031c71044fcefc4a0108606.exe"C:\Users\Admin\AppData\Local\Temp\d63abe588b87bbbc1854f05ee027b12f613a64ebc031c71044fcefc4a0108606.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pfdfnvj.exec:\pfdfnvj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pptxnd.exec:\pptxnd.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\nxvnfpx.exec:\nxvnfpx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhrhh.exec:\hhrhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxjvxdn.exec:\rxjvxdn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\drfbbx.exec:\drfbbx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhxprdp.exec:\hhxprdp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\npflhtl.exec:\npflhtl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pfbbl.exec:\pfbbl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbpbrf.exec:\nbpbrf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ftvnf.exec:\ftvnf.exe12⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\xhjvjrd.exec:\xhjvjrd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbtvrd.exec:\bnbtvrd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vxxfpt.exec:\vxxfpt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xldbrf.exec:\xldbrf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lpttp.exec:\lpttp.exe17⤵
- Executes dropped EXE
-
\??\c:\htfxdd.exec:\htfxdd.exe18⤵
- Executes dropped EXE
-
\??\c:\bbntnbx.exec:\bbntnbx.exe19⤵
- Executes dropped EXE
-
\??\c:\hljbpdl.exec:\hljbpdl.exe20⤵
- Executes dropped EXE
-
\??\c:\hlxvtfv.exec:\hlxvtfv.exe21⤵
- Executes dropped EXE
-
\??\c:\frrnpr.exec:\frrnpr.exe22⤵
- Executes dropped EXE
-
\??\c:\bhndlnv.exec:\bhndlnv.exe23⤵
- Executes dropped EXE
-
\??\c:\vrrfnx.exec:\vrrfnx.exe24⤵
- Executes dropped EXE
-
\??\c:\xbnnl.exec:\xbnnl.exe25⤵
- Executes dropped EXE
-
\??\c:\btdvltb.exec:\btdvltb.exe26⤵
- Executes dropped EXE
-
\??\c:\fjnpr.exec:\fjnpr.exe27⤵
- Executes dropped EXE
-
\??\c:\rbdblpp.exec:\rbdblpp.exe28⤵
- Executes dropped EXE
-
\??\c:\dhfvj.exec:\dhfvj.exe29⤵
- Executes dropped EXE
-
\??\c:\npjblvv.exec:\npjblvv.exe30⤵
- Executes dropped EXE
-
\??\c:\bprljt.exec:\bprljt.exe31⤵
- Executes dropped EXE
-
\??\c:\flrhnl.exec:\flrhnl.exe32⤵
- Executes dropped EXE
-
\??\c:\fhjtlnb.exec:\fhjtlnb.exe33⤵
- Executes dropped EXE
-
\??\c:\njvrbv.exec:\njvrbv.exe34⤵
- Executes dropped EXE
-
\??\c:\hpxlxtl.exec:\hpxlxtl.exe35⤵
- Executes dropped EXE
-
\??\c:\jnvlvdt.exec:\jnvlvdt.exe36⤵
- Executes dropped EXE
-
\??\c:\brrjll.exec:\brrjll.exe37⤵
- Executes dropped EXE
-
\??\c:\bdvjnhl.exec:\bdvjnhl.exe38⤵
- Executes dropped EXE
-
\??\c:\tlhpxn.exec:\tlhpxn.exe39⤵
- Executes dropped EXE
-
\??\c:\jplbtdn.exec:\jplbtdn.exe40⤵
- Executes dropped EXE
-
\??\c:\tplvjjr.exec:\tplvjjr.exe41⤵
- Executes dropped EXE
-
\??\c:\plbrd.exec:\plbrd.exe42⤵
- Executes dropped EXE
-
\??\c:\ldvfd.exec:\ldvfd.exe43⤵
- Executes dropped EXE
-
\??\c:\tlxnv.exec:\tlxnv.exe44⤵
- Executes dropped EXE
-
\??\c:\lnvxt.exec:\lnvxt.exe45⤵
- Executes dropped EXE
-
\??\c:\pbvrb.exec:\pbvrb.exe46⤵
- Executes dropped EXE
-
\??\c:\flvrphd.exec:\flvrphd.exe47⤵
- Executes dropped EXE
-
\??\c:\nhvrxt.exec:\nhvrxt.exe48⤵
- Executes dropped EXE
-
\??\c:\rdbphv.exec:\rdbphv.exe49⤵
- Executes dropped EXE
-
\??\c:\hrjfftl.exec:\hrjfftl.exe50⤵
- Executes dropped EXE
-
\??\c:\bbblpph.exec:\bbblpph.exe51⤵
- Executes dropped EXE
-
\??\c:\fhbrl.exec:\fhbrl.exe52⤵
- Executes dropped EXE
-
\??\c:\hvttv.exec:\hvttv.exe53⤵
- Executes dropped EXE
-
\??\c:\hrhfhl.exec:\hrhfhl.exe54⤵
- Executes dropped EXE
-
\??\c:\xffjl.exec:\xffjl.exe55⤵
- Executes dropped EXE
-
\??\c:\tthrtdr.exec:\tthrtdr.exe56⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\jrbrbhj.exec:\jrbrbhj.exe57⤵
- Executes dropped EXE
-
\??\c:\rjhdvtn.exec:\rjhdvtn.exe58⤵
- Executes dropped EXE
-
\??\c:\jlbdrfd.exec:\jlbdrfd.exe59⤵
- Executes dropped EXE
-
\??\c:\tdnbxfn.exec:\tdnbxfn.exe60⤵
- Executes dropped EXE
-
\??\c:\vrpthv.exec:\vrpthv.exe61⤵
- Executes dropped EXE
-
\??\c:\rjhhlj.exec:\rjhhlj.exe62⤵
- Executes dropped EXE
-
\??\c:\rtnnxj.exec:\rtnnxj.exe63⤵
- Executes dropped EXE
-
\??\c:\ltnpx.exec:\ltnpx.exe64⤵
- Executes dropped EXE
-
\??\c:\xhtdpt.exec:\xhtdpt.exe65⤵
- Executes dropped EXE
-
\??\c:\ffpnfh.exec:\ffpnfh.exe66⤵
-
\??\c:\jpnhdj.exec:\jpnhdj.exe67⤵
-
\??\c:\tlnllnd.exec:\tlnllnd.exe68⤵
-
\??\c:\hjhpl.exec:\hjhpl.exe69⤵
-
\??\c:\fhrvjd.exec:\fhrvjd.exe70⤵
-
\??\c:\jthftr.exec:\jthftr.exe71⤵
-
\??\c:\rbplhb.exec:\rbplhb.exe72⤵
-
\??\c:\jvpfv.exec:\jvpfv.exe73⤵
-
\??\c:\xbnntx.exec:\xbnntx.exe74⤵
-
\??\c:\dxtrr.exec:\dxtrr.exe75⤵
-
\??\c:\hpvbvnh.exec:\hpvbvnh.exe76⤵
-
\??\c:\hdlxl.exec:\hdlxl.exe77⤵
-
\??\c:\tjfltx.exec:\tjfltx.exe78⤵
-
\??\c:\hpvdpjd.exec:\hpvdpjd.exe79⤵
-
\??\c:\lfvnrnf.exec:\lfvnrnf.exe80⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pvnjxh.exec:\pvnjxh.exe81⤵
-
\??\c:\fdvbx.exec:\fdvbx.exe82⤵
-
\??\c:\lbtlhr.exec:\lbtlhr.exe83⤵
-
\??\c:\fbdlt.exec:\fbdlt.exe84⤵
-
\??\c:\xnjbblb.exec:\xnjbblb.exe85⤵
-
\??\c:\pltprx.exec:\pltprx.exe86⤵
-
\??\c:\hrpjh.exec:\hrpjh.exe87⤵
-
\??\c:\bvnxfd.exec:\bvnxfd.exe88⤵
-
\??\c:\bvhpbjj.exec:\bvhpbjj.exe89⤵
-
\??\c:\rtjhb.exec:\rtjhb.exe90⤵
-
\??\c:\rvtxtr.exec:\rvtxtr.exe91⤵
-
\??\c:\vfjfhv.exec:\vfjfhv.exe92⤵
-
\??\c:\thjdbf.exec:\thjdbf.exe93⤵
-
\??\c:\xjbdtf.exec:\xjbdtf.exe94⤵
-
\??\c:\bpfnlf.exec:\bpfnlf.exe95⤵
-
\??\c:\drjllr.exec:\drjllr.exe96⤵
- System Location Discovery: System Language Discovery
-
\??\c:\fvdpnlr.exec:\fvdpnlr.exe97⤵
-
\??\c:\pbtndhr.exec:\pbtndhr.exe98⤵
-
\??\c:\jdhnr.exec:\jdhnr.exe99⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vvnrb.exec:\vvnrb.exe100⤵
-
\??\c:\jpvxn.exec:\jpvxn.exe101⤵
-
\??\c:\tfljxfr.exec:\tfljxfr.exe102⤵
-
\??\c:\fldtj.exec:\fldtj.exe103⤵
-
\??\c:\xxljp.exec:\xxljp.exe104⤵
-
\??\c:\tnjjv.exec:\tnjjv.exe105⤵
-
\??\c:\dvlhjhj.exec:\dvlhjhj.exe106⤵
-
\??\c:\vfbpfj.exec:\vfbpfj.exe107⤵
-
\??\c:\hffdnnb.exec:\hffdnnb.exe108⤵
-
\??\c:\tddhrbb.exec:\tddhrbb.exe109⤵
-
\??\c:\fthfd.exec:\fthfd.exe110⤵
-
\??\c:\nlppfb.exec:\nlppfb.exe111⤵
-
\??\c:\nptbnb.exec:\nptbnb.exe112⤵
-
\??\c:\xdxdhf.exec:\xdxdhf.exe113⤵
-
\??\c:\nlrdthh.exec:\nlrdthh.exe114⤵
-
\??\c:\ftbxpb.exec:\ftbxpb.exe115⤵
-
\??\c:\tfrjd.exec:\tfrjd.exe116⤵
-
\??\c:\tvrpn.exec:\tvrpn.exe117⤵
-
\??\c:\tnnvv.exec:\tnnvv.exe118⤵
-
\??\c:\nttrnvx.exec:\nttrnvx.exe119⤵
-
\??\c:\rjxvjrp.exec:\rjxvjrp.exe120⤵
-
\??\c:\nrpjv.exec:\nrpjv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-