Analysis
-
max time kernel
120s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
25-11-2024 06:52
General
-
Target
c12ae8483a49f306bad04007a1626814ae1facde5a96a635edb68a30739b1ac1.exe
-
Size
83KB
-
MD5
1c21cdf50457cd171983a389f035eb07
-
SHA1
d77cff2de5dfc2594a6c3fc1b66abdfcd9a2ffc6
-
SHA256
c12ae8483a49f306bad04007a1626814ae1facde5a96a635edb68a30739b1ac1
-
SHA512
e07b8aeeda9728f6f22098ac7db46aa17c718c3682de2bd09ac4fef53ddaea59621b43c0d5244022a9dfe4c0a0222e8d70e90e5eb92acb82aa2e4692f9844dd4
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA89Qc:ymb3NkkiQ3mdBjFIIp9L9QrrA8x
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c12ae8483a49f306bad04007a1626814ae1facde5a96a635edb68a30739b1ac1.exe"C:\Users\Admin\AppData\Local\Temp\c12ae8483a49f306bad04007a1626814ae1facde5a96a635edb68a30739b1ac1.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1jppp.exec:\1jppp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3llffll.exec:\3llffll.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnnhh.exec:\bbnnhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vjdj.exec:\5vjdj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjddp.exec:\pjddp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlxlrr.exec:\fxlxlrr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhtbn.exec:\bnhtbn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9djjv.exec:\9djjv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jjjj.exec:\3jjjj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrxxfl.exec:\fxrxxfl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fxfllr.exec:\1fxfllr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbbhn.exec:\thbbhn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvjv.exec:\ddvjv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjj.exec:\vpjjj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxlrxl.exec:\lfxlrxl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ffxfff.exec:\7ffxfff.exe17⤵
- Executes dropped EXE
-
\??\c:\hhtbnb.exec:\hhtbnb.exe18⤵
- Executes dropped EXE
-
\??\c:\dvdjv.exec:\dvdjv.exe19⤵
- Executes dropped EXE
-
\??\c:\9dpvv.exec:\9dpvv.exe20⤵
- Executes dropped EXE
-
\??\c:\3ffrfxr.exec:\3ffrfxr.exe21⤵
- Executes dropped EXE
-
\??\c:\nbbbnn.exec:\nbbbnn.exe22⤵
- Executes dropped EXE
-
\??\c:\bnhbnn.exec:\bnhbnn.exe23⤵
- Executes dropped EXE
-
\??\c:\djddj.exec:\djddj.exe24⤵
- Executes dropped EXE
-
\??\c:\fffrlxf.exec:\fffrlxf.exe25⤵
- Executes dropped EXE
-
\??\c:\1tntbh.exec:\1tntbh.exe26⤵
- Executes dropped EXE
-
\??\c:\tnbbhb.exec:\tnbbhb.exe27⤵
- Executes dropped EXE
-
\??\c:\vjjvv.exec:\vjjvv.exe28⤵
- Executes dropped EXE
-
\??\c:\dpvvj.exec:\dpvvj.exe29⤵
- Executes dropped EXE
-
\??\c:\xrllfrx.exec:\xrllfrx.exe30⤵
- Executes dropped EXE
-
\??\c:\btbhnt.exec:\btbhnt.exe31⤵
- Executes dropped EXE
-
\??\c:\hhtthh.exec:\hhtthh.exe32⤵
- Executes dropped EXE
-
\??\c:\vpddv.exec:\vpddv.exe33⤵
- Executes dropped EXE
-
\??\c:\xxrflxf.exec:\xxrflxf.exe34⤵
- Executes dropped EXE
-
\??\c:\rlfflfr.exec:\rlfflfr.exe35⤵
- Executes dropped EXE
-
\??\c:\9nbhtb.exec:\9nbhtb.exe36⤵
- Executes dropped EXE
-
\??\c:\hbtttt.exec:\hbtttt.exe37⤵
- Executes dropped EXE
-
\??\c:\vpdjj.exec:\vpdjj.exe38⤵
- Executes dropped EXE
-
\??\c:\7jjdj.exec:\7jjdj.exe39⤵
- Executes dropped EXE
-
\??\c:\3rflrxf.exec:\3rflrxf.exe40⤵
- Executes dropped EXE
-
\??\c:\xrrlrrx.exec:\xrrlrrx.exe41⤵
- Executes dropped EXE
-
\??\c:\xrlfrxf.exec:\xrlfrxf.exe42⤵
- Executes dropped EXE
-
\??\c:\bbthnt.exec:\bbthnt.exe43⤵
- Executes dropped EXE
-
\??\c:\3pjpp.exec:\3pjpp.exe44⤵
- Executes dropped EXE
-
\??\c:\7jdvd.exec:\7jdvd.exe45⤵
- Executes dropped EXE
-
\??\c:\lfxffll.exec:\lfxffll.exe46⤵
- Executes dropped EXE
-
\??\c:\tntbbh.exec:\tntbbh.exe47⤵
- Executes dropped EXE
-
\??\c:\nhbnbb.exec:\nhbnbb.exe48⤵
- Executes dropped EXE
-
\??\c:\jdvvd.exec:\jdvvd.exe49⤵
- Executes dropped EXE
-
\??\c:\pjppv.exec:\pjppv.exe50⤵
- Executes dropped EXE
-
\??\c:\lrxffrx.exec:\lrxffrx.exe51⤵
- Executes dropped EXE
-
\??\c:\xxlrxxf.exec:\xxlrxxf.exe52⤵
- Executes dropped EXE
-
\??\c:\htnntt.exec:\htnntt.exe53⤵
- Executes dropped EXE
-
\??\c:\hhhtbb.exec:\hhhtbb.exe54⤵
- Executes dropped EXE
-
\??\c:\vjppv.exec:\vjppv.exe55⤵
- Executes dropped EXE
-
\??\c:\jdjdj.exec:\jdjdj.exe56⤵
- Executes dropped EXE
-
\??\c:\xflrrrx.exec:\xflrrrx.exe57⤵
- Executes dropped EXE
-
\??\c:\ffflrrl.exec:\ffflrrl.exe58⤵
- Executes dropped EXE
-
\??\c:\bbtbtb.exec:\bbtbtb.exe59⤵
- Executes dropped EXE
-
\??\c:\5xrfffr.exec:\5xrfffr.exe60⤵
- Executes dropped EXE
-
\??\c:\xrxflxf.exec:\xrxflxf.exe61⤵
- Executes dropped EXE
-
\??\c:\fflfrfx.exec:\fflfrfx.exe62⤵
- Executes dropped EXE
-
\??\c:\tthbbh.exec:\tthbbh.exe63⤵
- Executes dropped EXE
-
\??\c:\9hbbbb.exec:\9hbbbb.exe64⤵
- Executes dropped EXE
-
\??\c:\ppdjp.exec:\ppdjp.exe65⤵
- Executes dropped EXE
-
\??\c:\ppjpv.exec:\ppjpv.exe66⤵
-
\??\c:\frxxxxl.exec:\frxxxxl.exe67⤵
-
\??\c:\1flllrf.exec:\1flllrf.exe68⤵
-
\??\c:\bbnhtb.exec:\bbnhtb.exe69⤵
-
\??\c:\bthhbh.exec:\bthhbh.exe70⤵
-
\??\c:\3vpvv.exec:\3vpvv.exe71⤵
-
\??\c:\1pjpv.exec:\1pjpv.exe72⤵
-
\??\c:\rfrrxrx.exec:\rfrrxrx.exe73⤵
-
\??\c:\9rllrxl.exec:\9rllrxl.exe74⤵
-
\??\c:\tbtthh.exec:\tbtthh.exe75⤵
-
\??\c:\hbnnbt.exec:\hbnnbt.exe76⤵
-
\??\c:\7jdjj.exec:\7jdjj.exe77⤵
-
\??\c:\jdppd.exec:\jdppd.exe78⤵
-
\??\c:\7lxfffl.exec:\7lxfffl.exe79⤵
-
\??\c:\rfxllrf.exec:\rfxllrf.exe80⤵
-
\??\c:\bnbbbt.exec:\bnbbbt.exe81⤵
-
\??\c:\hhttbb.exec:\hhttbb.exe82⤵
-
\??\c:\nnhntb.exec:\nnhntb.exe83⤵
-
\??\c:\1jjdp.exec:\1jjdp.exe84⤵
-
\??\c:\9pjpv.exec:\9pjpv.exe85⤵
-
\??\c:\9fxfffr.exec:\9fxfffr.exe86⤵
-
\??\c:\fxrxllx.exec:\fxrxllx.exe87⤵
-
\??\c:\nbttbb.exec:\nbttbb.exe88⤵
-
\??\c:\7hhntb.exec:\7hhntb.exe89⤵
-
\??\c:\dvvjj.exec:\dvvjj.exe90⤵
- System Location Discovery: System Language Discovery
-
\??\c:\1jpvd.exec:\1jpvd.exe91⤵
-
\??\c:\jvppv.exec:\jvppv.exe92⤵
-
\??\c:\3frlxlr.exec:\3frlxlr.exe93⤵
-
\??\c:\lfrxrrf.exec:\lfrxrrf.exe94⤵
-
\??\c:\nhnntt.exec:\nhnntt.exe95⤵
-
\??\c:\1btbbb.exec:\1btbbb.exe96⤵
-
\??\c:\5dvpp.exec:\5dvpp.exe97⤵
-
\??\c:\pjjvj.exec:\pjjvj.exe98⤵
-
\??\c:\llfflrr.exec:\llfflrr.exe99⤵
-
\??\c:\llfrfxf.exec:\llfrfxf.exe100⤵
-
\??\c:\nhttht.exec:\nhttht.exe101⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hbbhhh.exec:\hbbhhh.exe102⤵
-
\??\c:\vpddp.exec:\vpddp.exe103⤵
-
\??\c:\3vdvv.exec:\3vdvv.exe104⤵
-
\??\c:\7jvvd.exec:\7jvvd.exe105⤵
-
\??\c:\rrlrxfl.exec:\rrlrxfl.exe106⤵
-
\??\c:\lflrrrr.exec:\lflrrrr.exe107⤵
-
\??\c:\hhthnt.exec:\hhthnt.exe108⤵
-
\??\c:\ttnhhn.exec:\ttnhhn.exe109⤵
-
\??\c:\9pjjp.exec:\9pjjp.exe110⤵
-
\??\c:\pdvvj.exec:\pdvvj.exe111⤵
-
\??\c:\xxrrxfl.exec:\xxrrxfl.exe112⤵
-
\??\c:\9xxflrf.exec:\9xxflrf.exe113⤵
-
\??\c:\btbbhb.exec:\btbbhb.exe114⤵
-
\??\c:\hhbhhh.exec:\hhbhhh.exe115⤵
-
\??\c:\pjjvd.exec:\pjjvd.exe116⤵
- System Location Discovery: System Language Discovery
-
\??\c:\dvddd.exec:\dvddd.exe117⤵
-
\??\c:\xrlrrxf.exec:\xrlrrxf.exe118⤵
-
\??\c:\fxrrxrx.exec:\fxrrxrx.exe119⤵
-
\??\c:\5nttbb.exec:\5nttbb.exe120⤵
-
\??\c:\nnhbbh.exec:\nnhbbh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-