Analysis
-
max time kernel
120s -
max time network
20s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
25/11/2024, 22:06
General
-
Target
7d7cb1c627c80ab356083e9d22120b49d89ddf06f270d3110eee9c224b27e83aN.exe
-
Size
73KB
-
MD5
eac0a43da39bac5b07ea98d3c514ae80
-
SHA1
a3b85566483e8ca0453f6377ce88cc89301ec996
-
SHA256
7d7cb1c627c80ab356083e9d22120b49d89ddf06f270d3110eee9c224b27e83a
-
SHA512
ec08c0bececa132bb86897758b3d1ffa2b28402e3c4329b4c7792bd96fb9f97630a6b8bdd4b17dcbe15dbd75c2ed5d24498d4d67363cc24423864c6468906a03
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUPqrDZ5RxfVK5DTXA:ymb3NkkiQ3mdBjF0yUmrfVcPA
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7d7cb1c627c80ab356083e9d22120b49d89ddf06f270d3110eee9c224b27e83aN.exe"C:\Users\Admin\AppData\Local\Temp\7d7cb1c627c80ab356083e9d22120b49d89ddf06f270d3110eee9c224b27e83aN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvldtx.exec:\jpvldtx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xvjlftr.exec:\xvjlftr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnphdt.exec:\hnphdt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tjhhvrd.exec:\tjhhvrd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nfjxfn.exec:\nfjxfn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bxltx.exec:\bxltx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpllhlf.exec:\dpllhlf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pbddjrv.exec:\pbddjrv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bdfrlxh.exec:\bdfrlxh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvhnpb.exec:\pvvhnpb.exe11⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\fphlhjt.exec:\fphlhjt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vlvhl.exec:\vlvhl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dlttlpt.exec:\dlttlpt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bdfhrr.exec:\bdfhrr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xhfdx.exec:\xhfdx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvbrbx.exec:\pvbrbx.exe17⤵
- Executes dropped EXE
-
\??\c:\lnprnfj.exec:\lnprnfj.exe18⤵
- Executes dropped EXE
-
\??\c:\jlpdf.exec:\jlpdf.exe19⤵
- Executes dropped EXE
-
\??\c:\dpdxhr.exec:\dpdxhr.exe20⤵
- Executes dropped EXE
-
\??\c:\fddvxt.exec:\fddvxt.exe21⤵
- Executes dropped EXE
-
\??\c:\fhpxr.exec:\fhpxr.exe22⤵
- Executes dropped EXE
-
\??\c:\hnxhj.exec:\hnxhj.exe23⤵
- Executes dropped EXE
-
\??\c:\tlvlx.exec:\tlvlx.exe24⤵
- Executes dropped EXE
-
\??\c:\pdljn.exec:\pdljn.exe25⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\nrnfp.exec:\nrnfp.exe26⤵
- Executes dropped EXE
-
\??\c:\fbddxlb.exec:\fbddxlb.exe27⤵
- Executes dropped EXE
-
\??\c:\pddxb.exec:\pddxb.exe28⤵
- Executes dropped EXE
-
\??\c:\jrdrxf.exec:\jrdrxf.exe29⤵
- Executes dropped EXE
-
\??\c:\jnlfpf.exec:\jnlfpf.exe30⤵
- Executes dropped EXE
-
\??\c:\xhjpdlt.exec:\xhjpdlt.exe31⤵
- Executes dropped EXE
-
\??\c:\hpnxfp.exec:\hpnxfp.exe32⤵
- Executes dropped EXE
-
\??\c:\rrvrht.exec:\rrvrht.exe33⤵
- Executes dropped EXE
-
\??\c:\hddlt.exec:\hddlt.exe34⤵
- Executes dropped EXE
-
\??\c:\jrvxfvn.exec:\jrvxfvn.exe35⤵
- Executes dropped EXE
-
\??\c:\vjfbx.exec:\vjfbx.exe36⤵
- Executes dropped EXE
-
\??\c:\npltpx.exec:\npltpx.exe37⤵
- Executes dropped EXE
-
\??\c:\jxdfxl.exec:\jxdfxl.exe38⤵
- Executes dropped EXE
-
\??\c:\bhppfvd.exec:\bhppfvd.exe39⤵
- Executes dropped EXE
-
\??\c:\lflhld.exec:\lflhld.exe40⤵
- Executes dropped EXE
-
\??\c:\llhlxf.exec:\llhlxf.exe41⤵
- Executes dropped EXE
-
\??\c:\hddnll.exec:\hddnll.exe42⤵
- Executes dropped EXE
-
\??\c:\nnhltjl.exec:\nnhltjl.exe43⤵
- Executes dropped EXE
-
\??\c:\hxxlb.exec:\hxxlb.exe44⤵
- Executes dropped EXE
-
\??\c:\pppjdhx.exec:\pppjdhx.exe45⤵
- Executes dropped EXE
-
\??\c:\hrbrpfh.exec:\hrbrpfh.exe46⤵
- Executes dropped EXE
-
\??\c:\nflpff.exec:\nflpff.exe47⤵
- Executes dropped EXE
-
\??\c:\jtrnpnf.exec:\jtrnpnf.exe48⤵
- Executes dropped EXE
-
\??\c:\tlxdp.exec:\tlxdp.exe49⤵
- Executes dropped EXE
-
\??\c:\bvhfjnh.exec:\bvhfjnh.exe50⤵
- Executes dropped EXE
-
\??\c:\pfdldhx.exec:\pfdldhx.exe51⤵
- Executes dropped EXE
-
\??\c:\tfnfr.exec:\tfnfr.exe52⤵
- Executes dropped EXE
-
\??\c:\jxhpnbp.exec:\jxhpnbp.exe53⤵
- Executes dropped EXE
-
\??\c:\nhhvxj.exec:\nhhvxj.exe54⤵
- Executes dropped EXE
-
\??\c:\tntpl.exec:\tntpl.exe55⤵
- Executes dropped EXE
-
\??\c:\dhptptt.exec:\dhptptt.exe56⤵
- Executes dropped EXE
-
\??\c:\tptjtx.exec:\tptjtx.exe57⤵
- Executes dropped EXE
-
\??\c:\fnnldd.exec:\fnnldd.exe58⤵
- Executes dropped EXE
-
\??\c:\vpprh.exec:\vpprh.exe59⤵
- Executes dropped EXE
-
\??\c:\pddvtfp.exec:\pddvtfp.exe60⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\jhpvxtn.exec:\jhpvxtn.exe61⤵
- Executes dropped EXE
-
\??\c:\rbdlhb.exec:\rbdlhb.exe62⤵
- Executes dropped EXE
-
\??\c:\phjfvv.exec:\phjfvv.exe63⤵
- Executes dropped EXE
-
\??\c:\pxvtbbn.exec:\pxvtbbn.exe64⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rnfhbft.exec:\rnfhbft.exe65⤵
- Executes dropped EXE
-
\??\c:\jxhnhdr.exec:\jxhnhdr.exe66⤵
-
\??\c:\nxfnp.exec:\nxfnp.exe67⤵
-
\??\c:\rbhpth.exec:\rbhpth.exe68⤵
-
\??\c:\nvfjdfl.exec:\nvfjdfl.exe69⤵
-
\??\c:\lxftb.exec:\lxftb.exe70⤵
-
\??\c:\hnbnx.exec:\hnbnx.exe71⤵
-
\??\c:\pttlhx.exec:\pttlhx.exe72⤵
-
\??\c:\vrvjbbl.exec:\vrvjbbl.exe73⤵
-
\??\c:\bljvtdv.exec:\bljvtdv.exe74⤵
-
\??\c:\ndfxbtv.exec:\ndfxbtv.exe75⤵
-
\??\c:\jfxxdv.exec:\jfxxdv.exe76⤵
-
\??\c:\nbjhxrr.exec:\nbjhxrr.exe77⤵
-
\??\c:\tpvbrp.exec:\tpvbrp.exe78⤵
-
\??\c:\tlpdbxf.exec:\tlpdbxf.exe79⤵
-
\??\c:\fpdffh.exec:\fpdffh.exe80⤵
-
\??\c:\xhhnjpl.exec:\xhhnjpl.exe81⤵
-
\??\c:\ftjlnb.exec:\ftjlnb.exe82⤵
-
\??\c:\vjnrbb.exec:\vjnrbb.exe83⤵
-
\??\c:\fhdbfl.exec:\fhdbfl.exe84⤵
-
\??\c:\jtjbbnl.exec:\jtjbbnl.exe85⤵
-
\??\c:\bjdljn.exec:\bjdljn.exe86⤵
-
\??\c:\dxxhv.exec:\dxxhv.exe87⤵
- System Location Discovery: System Language Discovery
-
\??\c:\nfdtt.exec:\nfdtt.exe88⤵
-
\??\c:\bfbpjl.exec:\bfbpjl.exe89⤵
-
\??\c:\rnfjfd.exec:\rnfjfd.exe90⤵
-
\??\c:\vbrbf.exec:\vbrbf.exe91⤵
-
\??\c:\blhtl.exec:\blhtl.exe92⤵
-
\??\c:\dfndl.exec:\dfndl.exe93⤵
-
\??\c:\hfjtfjf.exec:\hfjtfjf.exe94⤵
-
\??\c:\fdfvr.exec:\fdfvr.exe95⤵
-
\??\c:\nbtlxvp.exec:\nbtlxvp.exe96⤵
-
\??\c:\hjfvfn.exec:\hjfvfn.exe97⤵
-
\??\c:\fnvrndv.exec:\fnvrndv.exe98⤵
-
\??\c:\jnrptlx.exec:\jnrptlx.exe99⤵
-
\??\c:\nrxjd.exec:\nrxjd.exe100⤵
-
\??\c:\lrldbhl.exec:\lrldbhl.exe101⤵
-
\??\c:\lxpxdh.exec:\lxpxdh.exe102⤵
-
\??\c:\bhpfjl.exec:\bhpfjl.exe103⤵
-
\??\c:\fbvnp.exec:\fbvnp.exe104⤵
-
\??\c:\rdfldl.exec:\rdfldl.exe105⤵
-
\??\c:\nldfp.exec:\nldfp.exe106⤵
-
\??\c:\vfptv.exec:\vfptv.exe107⤵
-
\??\c:\tdlbth.exec:\tdlbth.exe108⤵
-
\??\c:\frjrnjp.exec:\frjrnjp.exe109⤵
-
\??\c:\flfdtbf.exec:\flfdtbf.exe110⤵
-
\??\c:\vrhxpdr.exec:\vrhxpdr.exe111⤵
-
\??\c:\lbhdxr.exec:\lbhdxr.exe112⤵
-
\??\c:\lnrddt.exec:\lnrddt.exe113⤵
-
\??\c:\lxxndll.exec:\lxxndll.exe114⤵
-
\??\c:\vlhjjn.exec:\vlhjjn.exe115⤵
-
\??\c:\dvlxtb.exec:\dvlxtb.exe116⤵
-
\??\c:\xjdjdd.exec:\xjdjdd.exe117⤵
-
\??\c:\djfvr.exec:\djfvr.exe118⤵
-
\??\c:\xfrnvrn.exec:\xfrnvrn.exe119⤵
-
\??\c:\bxpprhv.exec:\bxpprhv.exe120⤵
-
\??\c:\ltxhhp.exec:\ltxhhp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-