Analysis
-
max time kernel
120s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
24-11-2024 14:02
General
-
Target
cac7eddd9355c51184f2627ba88948f4a9d78918a2c0814fc1bd10ab52d4da4bN.exe
-
Size
119KB
-
MD5
353f9c3a0b70ecabd365442b70213e10
-
SHA1
594c1301a40519e5e50a8212b2abb75cfb825e96
-
SHA256
cac7eddd9355c51184f2627ba88948f4a9d78918a2c0814fc1bd10ab52d4da4b
-
SHA512
35a17eca735b306be3b8764ac863ad6b4a2bd62489051e51f26cddb79d3da5149b0bced67542c50714ab151831a02887e0f53f30ca10b5ecc9d4464c47018b12
-
SSDEEP
3072:ymb3NkkiQ3mdBjFWXkj7afoHvmQ+EZMYX8XFE:n3C9BRW0j/uVEZF9
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cac7eddd9355c51184f2627ba88948f4a9d78918a2c0814fc1bd10ab52d4da4bN.exe"C:\Users\Admin\AppData\Local\Temp\cac7eddd9355c51184f2627ba88948f4a9d78918a2c0814fc1bd10ab52d4da4bN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjpj.exec:\ppjpj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fllrxf.exec:\9fllrxf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdjp.exec:\ppdjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdvj.exec:\jpdvj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrrrxx.exec:\llrrrxx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrflrr.exec:\llrflrr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppdd.exec:\jppdd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxlflr.exec:\lrxlflr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdjv.exec:\vvdjv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vpvp.exec:\9vpvp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxlfxl.exec:\rrxlfxl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bnbhn.exec:\7bnbhn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjddj.exec:\jjddj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxfflx.exec:\rrxfflx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbhtn.exec:\hhbhtn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntbbb.exec:\tntbbb.exe17⤵
- Executes dropped EXE
-
\??\c:\rllllfl.exec:\rllllfl.exe18⤵
- Executes dropped EXE
-
\??\c:\tntbnb.exec:\tntbnb.exe19⤵
- Executes dropped EXE
-
\??\c:\7bnnbh.exec:\7bnnbh.exe20⤵
- Executes dropped EXE
-
\??\c:\djvjv.exec:\djvjv.exe21⤵
- Executes dropped EXE
-
\??\c:\fllfxrr.exec:\fllfxrr.exe22⤵
- Executes dropped EXE
-
\??\c:\tbnbth.exec:\tbnbth.exe23⤵
- Executes dropped EXE
-
\??\c:\ppvvd.exec:\ppvvd.exe24⤵
- Executes dropped EXE
-
\??\c:\rrxflrx.exec:\rrxflrx.exe25⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\1bntht.exec:\1bntht.exe26⤵
- Executes dropped EXE
-
\??\c:\tthtbh.exec:\tthtbh.exe27⤵
- Executes dropped EXE
-
\??\c:\pppdj.exec:\pppdj.exe28⤵
- Executes dropped EXE
-
\??\c:\fflxrxf.exec:\fflxrxf.exe29⤵
- Executes dropped EXE
-
\??\c:\tthhht.exec:\tthhht.exe30⤵
- Executes dropped EXE
-
\??\c:\3thbhh.exec:\3thbhh.exe31⤵
- Executes dropped EXE
-
\??\c:\ddpdd.exec:\ddpdd.exe32⤵
- Executes dropped EXE
-
\??\c:\7flxflr.exec:\7flxflr.exe33⤵
- Executes dropped EXE
-
\??\c:\tntntt.exec:\tntntt.exe34⤵
- Executes dropped EXE
-
\??\c:\nnthth.exec:\nnthth.exe35⤵
- Executes dropped EXE
-
\??\c:\9pjdp.exec:\9pjdp.exe36⤵
- Executes dropped EXE
-
\??\c:\vdjjd.exec:\vdjjd.exe37⤵
- Executes dropped EXE
-
\??\c:\1rffxlx.exec:\1rffxlx.exe38⤵
- Executes dropped EXE
-
\??\c:\hnbntb.exec:\hnbntb.exe39⤵
- Executes dropped EXE
-
\??\c:\nbbhtb.exec:\nbbhtb.exe40⤵
- Executes dropped EXE
-
\??\c:\9jpdv.exec:\9jpdv.exe41⤵
- Executes dropped EXE
-
\??\c:\5pjpj.exec:\5pjpj.exe42⤵
- Executes dropped EXE
-
\??\c:\flrxlrx.exec:\flrxlrx.exe43⤵
- Executes dropped EXE
-
\??\c:\frxfrxf.exec:\frxfrxf.exe44⤵
- Executes dropped EXE
-
\??\c:\htnbbn.exec:\htnbbn.exe45⤵
- Executes dropped EXE
-
\??\c:\9pjdv.exec:\9pjdv.exe46⤵
- Executes dropped EXE
-
\??\c:\lrrxffl.exec:\lrrxffl.exe47⤵
- Executes dropped EXE
-
\??\c:\7rxllrf.exec:\7rxllrf.exe48⤵
- Executes dropped EXE
-
\??\c:\tttbbn.exec:\tttbbn.exe49⤵
- Executes dropped EXE
-
\??\c:\bhntht.exec:\bhntht.exe50⤵
- Executes dropped EXE
-
\??\c:\ddvvd.exec:\ddvvd.exe51⤵
- Executes dropped EXE
-
\??\c:\jdjpd.exec:\jdjpd.exe52⤵
- Executes dropped EXE
-
\??\c:\fffflrx.exec:\fffflrx.exe53⤵
- Executes dropped EXE
-
\??\c:\rrrxffl.exec:\rrrxffl.exe54⤵
- Executes dropped EXE
-
\??\c:\9hhtth.exec:\9hhtth.exe55⤵
- Executes dropped EXE
-
\??\c:\vvdvj.exec:\vvdvj.exe56⤵
- Executes dropped EXE
-
\??\c:\pdppj.exec:\pdppj.exe57⤵
- Executes dropped EXE
-
\??\c:\xrxxxfl.exec:\xrxxxfl.exe58⤵
- Executes dropped EXE
-
\??\c:\flxxfrx.exec:\flxxfrx.exe59⤵
- Executes dropped EXE
-
\??\c:\7nbbtb.exec:\7nbbtb.exe60⤵
- Executes dropped EXE
-
\??\c:\bbbnbn.exec:\bbbnbn.exe61⤵
- Executes dropped EXE
-
\??\c:\jpjdj.exec:\jpjdj.exe62⤵
- Executes dropped EXE
-
\??\c:\7xlxlfr.exec:\7xlxlfr.exe63⤵
- Executes dropped EXE
-
\??\c:\bhbnbt.exec:\bhbnbt.exe64⤵
- Executes dropped EXE
-
\??\c:\nnnhtb.exec:\nnnhtb.exe65⤵
- Executes dropped EXE
-
\??\c:\ddddj.exec:\ddddj.exe66⤵
-
\??\c:\jjpdj.exec:\jjpdj.exe67⤵
-
\??\c:\1rlrxrf.exec:\1rlrxrf.exe68⤵
-
\??\c:\9nhnnt.exec:\9nhnnt.exe69⤵
-
\??\c:\nbtbht.exec:\nbtbht.exe70⤵
-
\??\c:\jppvj.exec:\jppvj.exe71⤵
-
\??\c:\vvjvp.exec:\vvjvp.exe72⤵
-
\??\c:\5xlrxff.exec:\5xlrxff.exe73⤵
-
\??\c:\lrxfxfx.exec:\lrxfxfx.exe74⤵
-
\??\c:\7nhbbb.exec:\7nhbbb.exe75⤵
-
\??\c:\bbnthn.exec:\bbnthn.exe76⤵
-
\??\c:\pvjpv.exec:\pvjpv.exe77⤵
-
\??\c:\jpddp.exec:\jpddp.exe78⤵
-
\??\c:\ffxfxfr.exec:\ffxfxfr.exe79⤵
-
\??\c:\llrxrxf.exec:\llrxrxf.exe80⤵
-
\??\c:\tbhnbh.exec:\tbhnbh.exe81⤵
-
\??\c:\jvjpv.exec:\jvjpv.exe82⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe83⤵
-
\??\c:\5xlrfxl.exec:\5xlrfxl.exe84⤵
-
\??\c:\9xrxflr.exec:\9xrxflr.exe85⤵
-
\??\c:\ntbbbt.exec:\ntbbbt.exe86⤵
-
\??\c:\vjdjj.exec:\vjdjj.exe87⤵
-
\??\c:\flrfxfr.exec:\flrfxfr.exe88⤵
-
\??\c:\rxrlxxr.exec:\rxrlxxr.exe89⤵
-
\??\c:\7tnthn.exec:\7tnthn.exe90⤵
-
\??\c:\pjvdv.exec:\pjvdv.exe91⤵
-
\??\c:\djjvp.exec:\djjvp.exe92⤵
-
\??\c:\ffrrxfl.exec:\ffrrxfl.exe93⤵
-
\??\c:\tthnnt.exec:\tthnnt.exe94⤵
-
\??\c:\btnnnn.exec:\btnnnn.exe95⤵
-
\??\c:\5ppvp.exec:\5ppvp.exe96⤵
-
\??\c:\frfxrrf.exec:\frfxrrf.exe97⤵
-
\??\c:\7fxrlfx.exec:\7fxrlfx.exe98⤵
-
\??\c:\9nbnnb.exec:\9nbnnb.exe99⤵
-
\??\c:\7vppd.exec:\7vppd.exe100⤵
-
\??\c:\vdvdv.exec:\vdvdv.exe101⤵
-
\??\c:\flffxfr.exec:\flffxfr.exe102⤵
-
\??\c:\lxfxrlr.exec:\lxfxrlr.exe103⤵
-
\??\c:\7bbhbt.exec:\7bbhbt.exe104⤵
-
\??\c:\hnhtnt.exec:\hnhtnt.exe105⤵
-
\??\c:\vvpdd.exec:\vvpdd.exe106⤵
-
\??\c:\vjvdv.exec:\vjvdv.exe107⤵
-
\??\c:\xxxlrxx.exec:\xxxlrxx.exe108⤵
-
\??\c:\thhtnt.exec:\thhtnt.exe109⤵
-
\??\c:\3nbnnb.exec:\3nbnnb.exe110⤵
-
\??\c:\vpdpp.exec:\vpdpp.exe111⤵
-
\??\c:\rrllxfx.exec:\rrllxfx.exe112⤵
-
\??\c:\lrlxllx.exec:\lrlxllx.exe113⤵
-
\??\c:\5htnth.exec:\5htnth.exe114⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe115⤵
-
\??\c:\jjpvp.exec:\jjpvp.exe116⤵
-
\??\c:\lrlxrxl.exec:\lrlxrxl.exe117⤵
-
\??\c:\9hbhnb.exec:\9hbhnb.exe118⤵
-
\??\c:\thtthn.exec:\thtthn.exe119⤵
-
\??\c:\7ddjp.exec:\7ddjp.exe120⤵
-
\??\c:\fxxrrll.exec:\fxxrrll.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-