Analysis
-
max time kernel
120s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
25-11-2024 16:51
General
-
Target
62c0ff504b5ccd3a6239bce43f8923f7d0f629d99629c769111eda83ceae6335.exe
-
Size
73KB
-
MD5
42ac32fb9f67792626fb1da62684fd90
-
SHA1
bd9a5eb0c5b1ddf53a4bbdcd77b919aef27d6b7d
-
SHA256
62c0ff504b5ccd3a6239bce43f8923f7d0f629d99629c769111eda83ceae6335
-
SHA512
a2a63d4d928103f37315aef7d4ceb005c9294d82d86617bb3bb1904352447ab3fe2c95942706569754d59091110f99d73f729c68cc3e9d4e212e5cecdc30ed11
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUPqrDZ5RxfVK5DTXw:ymb3NkkiQ3mdBjF0yUmrfVcPw
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\62c0ff504b5ccd3a6239bce43f8923f7d0f629d99629c769111eda83ceae6335.exe"C:\Users\Admin\AppData\Local\Temp\62c0ff504b5ccd3a6239bce43f8923f7d0f629d99629c769111eda83ceae6335.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1nhntb.exec:\1nhntb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvj.exec:\vpdvj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffrlxr.exec:\fffrlxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfrffl.exec:\rlfrffl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddvv.exec:\vddvv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfrxfl.exec:\llfrxfl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lfrfxf.exec:\9lfrfxf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnttt.exec:\thnttt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjpd.exec:\dvjpd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrlrrf.exec:\rlrlrrf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrllllx.exec:\xrllllx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nnbnb.exec:\1nnbnb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpdj.exec:\vjpdj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ddpv.exec:\5ddpv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ddvd.exec:\5ddvd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xxflrf.exec:\9xxflrf.exe17⤵
- Executes dropped EXE
-
\??\c:\tnthnb.exec:\tnthnb.exe18⤵
- Executes dropped EXE
-
\??\c:\vpdjj.exec:\vpdjj.exe19⤵
- Executes dropped EXE
-
\??\c:\5vpjj.exec:\5vpjj.exe20⤵
- Executes dropped EXE
-
\??\c:\lfrrrxx.exec:\lfrrrxx.exe21⤵
- Executes dropped EXE
-
\??\c:\hhhbhn.exec:\hhhbhn.exe22⤵
- Executes dropped EXE
-
\??\c:\3jvdd.exec:\3jvdd.exe23⤵
- Executes dropped EXE
-
\??\c:\pvdpp.exec:\pvdpp.exe24⤵
- Executes dropped EXE
-
\??\c:\frxxfxx.exec:\frxxfxx.exe25⤵
- Executes dropped EXE
-
\??\c:\flfrxff.exec:\flfrxff.exe26⤵
- Executes dropped EXE
-
\??\c:\7bnbnn.exec:\7bnbnn.exe27⤵
- Executes dropped EXE
-
\??\c:\thbnbt.exec:\thbnbt.exe28⤵
- Executes dropped EXE
-
\??\c:\vppvj.exec:\vppvj.exe29⤵
- Executes dropped EXE
-
\??\c:\llrxlrl.exec:\llrxlrl.exe30⤵
- Executes dropped EXE
-
\??\c:\tnbhnt.exec:\tnbhnt.exe31⤵
- Executes dropped EXE
-
\??\c:\7pjjv.exec:\7pjjv.exe32⤵
- Executes dropped EXE
-
\??\c:\9rffxfl.exec:\9rffxfl.exe33⤵
- Executes dropped EXE
-
\??\c:\rxflfrr.exec:\rxflfrr.exe34⤵
- Executes dropped EXE
-
\??\c:\bttbnn.exec:\bttbnn.exe35⤵
- Executes dropped EXE
-
\??\c:\tnhtbh.exec:\tnhtbh.exe36⤵
- Executes dropped EXE
-
\??\c:\jdddd.exec:\jdddd.exe37⤵
- Executes dropped EXE
-
\??\c:\9jjpj.exec:\9jjpj.exe38⤵
- Executes dropped EXE
-
\??\c:\3xrxlll.exec:\3xrxlll.exe39⤵
- Executes dropped EXE
-
\??\c:\1rfxrfr.exec:\1rfxrfr.exe40⤵
- Executes dropped EXE
-
\??\c:\htnnnt.exec:\htnnnt.exe41⤵
- Executes dropped EXE
-
\??\c:\bbbbnt.exec:\bbbbnt.exe42⤵
- Executes dropped EXE
-
\??\c:\9pddj.exec:\9pddj.exe43⤵
- Executes dropped EXE
-
\??\c:\pdvjv.exec:\pdvjv.exe44⤵
- Executes dropped EXE
-
\??\c:\xlrrxxf.exec:\xlrrxxf.exe45⤵
- Executes dropped EXE
-
\??\c:\ffrrffr.exec:\ffrrffr.exe46⤵
- Executes dropped EXE
-
\??\c:\ttnthh.exec:\ttnthh.exe47⤵
- Executes dropped EXE
-
\??\c:\tthtbb.exec:\tthtbb.exe48⤵
- Executes dropped EXE
-
\??\c:\ppjdv.exec:\ppjdv.exe49⤵
- Executes dropped EXE
-
\??\c:\jdjpj.exec:\jdjpj.exe50⤵
- Executes dropped EXE
-
\??\c:\9xflxlr.exec:\9xflxlr.exe51⤵
- Executes dropped EXE
-
\??\c:\rrfrxxl.exec:\rrfrxxl.exe52⤵
- Executes dropped EXE
-
\??\c:\btthtb.exec:\btthtb.exe53⤵
- Executes dropped EXE
-
\??\c:\btnhnt.exec:\btnhnt.exe54⤵
- Executes dropped EXE
-
\??\c:\pjjjj.exec:\pjjjj.exe55⤵
- Executes dropped EXE
-
\??\c:\jpvjj.exec:\jpvjj.exe56⤵
- Executes dropped EXE
-
\??\c:\rlxxxfx.exec:\rlxxxfx.exe57⤵
- Executes dropped EXE
-
\??\c:\fxrfrfx.exec:\fxrfrfx.exe58⤵
- Executes dropped EXE
-
\??\c:\tnbhnt.exec:\tnbhnt.exe59⤵
- Executes dropped EXE
-
\??\c:\tnhnht.exec:\tnhnht.exe60⤵
- Executes dropped EXE
-
\??\c:\pddjv.exec:\pddjv.exe61⤵
- Executes dropped EXE
-
\??\c:\jjpdj.exec:\jjpdj.exe62⤵
- Executes dropped EXE
-
\??\c:\lxrrlrl.exec:\lxrrlrl.exe63⤵
- Executes dropped EXE
-
\??\c:\5bttnt.exec:\5bttnt.exe64⤵
- Executes dropped EXE
-
\??\c:\7bthhn.exec:\7bthhn.exe65⤵
- Executes dropped EXE
-
\??\c:\jpjdp.exec:\jpjdp.exe66⤵
-
\??\c:\1pjjv.exec:\1pjjv.exe67⤵
-
\??\c:\lfxrffr.exec:\lfxrffr.exe68⤵
-
\??\c:\frlrrxf.exec:\frlrrxf.exe69⤵
-
\??\c:\7fflxxl.exec:\7fflxxl.exe70⤵
-
\??\c:\tnnhht.exec:\tnnhht.exe71⤵
-
\??\c:\7pddd.exec:\7pddd.exe72⤵
-
\??\c:\dpvvd.exec:\dpvvd.exe73⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe74⤵
-
\??\c:\rrlrrfl.exec:\rrlrrfl.exe75⤵
-
\??\c:\lfxxrfr.exec:\lfxxrfr.exe76⤵
-
\??\c:\1bhtbh.exec:\1bhtbh.exe77⤵
-
\??\c:\jdvpv.exec:\jdvpv.exe78⤵
-
\??\c:\3dddd.exec:\3dddd.exe79⤵
-
\??\c:\lrlxlrx.exec:\lrlxlrx.exe80⤵
-
\??\c:\llffrll.exec:\llffrll.exe81⤵
-
\??\c:\tnbnnb.exec:\tnbnnb.exe82⤵
-
\??\c:\3hhthn.exec:\3hhthn.exe83⤵
-
\??\c:\dvvpv.exec:\dvvpv.exe84⤵
-
\??\c:\vdvjp.exec:\vdvjp.exe85⤵
-
\??\c:\lfxlrrf.exec:\lfxlrrf.exe86⤵
-
\??\c:\lfflrrx.exec:\lfflrrx.exe87⤵
-
\??\c:\hhhbtb.exec:\hhhbtb.exe88⤵
-
\??\c:\hntntt.exec:\hntntt.exe89⤵
-
\??\c:\9jvjd.exec:\9jvjd.exe90⤵
-
\??\c:\1vvjv.exec:\1vvjv.exe91⤵
-
\??\c:\frllxfr.exec:\frllxfr.exe92⤵
-
\??\c:\rrfxrfx.exec:\rrfxrfx.exe93⤵
-
\??\c:\bthnhh.exec:\bthnhh.exe94⤵
-
\??\c:\hbnthn.exec:\hbnthn.exe95⤵
-
\??\c:\dpdpd.exec:\dpdpd.exe96⤵
-
\??\c:\1jvpv.exec:\1jvpv.exe97⤵
-
\??\c:\xxxlxlr.exec:\xxxlxlr.exe98⤵
-
\??\c:\rflfrrl.exec:\rflfrrl.exe99⤵
-
\??\c:\btnbth.exec:\btnbth.exe100⤵
-
\??\c:\btbhnt.exec:\btbhnt.exe101⤵
-
\??\c:\7hnhhn.exec:\7hnhhn.exe102⤵
-
\??\c:\5jjvv.exec:\5jjvv.exe103⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe104⤵
-
\??\c:\fxlrfxl.exec:\fxlrfxl.exe105⤵
-
\??\c:\rrllrrr.exec:\rrllrrr.exe106⤵
-
\??\c:\bbnttn.exec:\bbnttn.exe107⤵
-
\??\c:\tttbnt.exec:\tttbnt.exe108⤵
-
\??\c:\ddpjj.exec:\ddpjj.exe109⤵
-
\??\c:\ddvjd.exec:\ddvjd.exe110⤵
-
\??\c:\lfxfrrx.exec:\lfxfrrx.exe111⤵
-
\??\c:\7llflxl.exec:\7llflxl.exe112⤵
-
\??\c:\tnhntb.exec:\tnhntb.exe113⤵
-
\??\c:\nhhtbh.exec:\nhhtbh.exe114⤵
-
\??\c:\5jppp.exec:\5jppp.exe115⤵
-
\??\c:\vvvvv.exec:\vvvvv.exe116⤵
-
\??\c:\lflrrrx.exec:\lflrrrx.exe117⤵
-
\??\c:\xxlrxfr.exec:\xxlrxfr.exe118⤵
-
\??\c:\nhhnth.exec:\nhhnth.exe119⤵
- System Location Discovery: System Language Discovery
-
\??\c:\1nbtbh.exec:\1nbtbh.exe120⤵
-
\??\c:\7jpdd.exec:\7jpdd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-