Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
25/11/2024, 16:54
General
-
Target
62c0ff504b5ccd3a6239bce43f8923f7d0f629d99629c769111eda83ceae6335.exe
-
Size
73KB
-
MD5
42ac32fb9f67792626fb1da62684fd90
-
SHA1
bd9a5eb0c5b1ddf53a4bbdcd77b919aef27d6b7d
-
SHA256
62c0ff504b5ccd3a6239bce43f8923f7d0f629d99629c769111eda83ceae6335
-
SHA512
a2a63d4d928103f37315aef7d4ceb005c9294d82d86617bb3bb1904352447ab3fe2c95942706569754d59091110f99d73f729c68cc3e9d4e212e5cecdc30ed11
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUPqrDZ5RxfVK5DTXw:ymb3NkkiQ3mdBjF0yUmrfVcPw
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\62c0ff504b5ccd3a6239bce43f8923f7d0f629d99629c769111eda83ceae6335.exe"C:\Users\Admin\AppData\Local\Temp\62c0ff504b5ccd3a6239bce43f8923f7d0f629d99629c769111eda83ceae6335.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdj.exec:\pjvdj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfllrf.exec:\fxfllrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbntb.exec:\htbntb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjvd.exec:\ppjvd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhttht.exec:\bhttht.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tntht.exec:\5tntht.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dvvv.exec:\7dvvv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxxlxx.exec:\frxxlxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tnbnb.exec:\7tnbnb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhhnn.exec:\bbhhnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jdpv.exec:\1jdpv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xlrffx.exec:\9xlrffx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbhtn.exec:\btbhtn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbttn.exec:\nnbttn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvpv.exec:\ddvpv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vddj.exec:\9vddj.exe17⤵
- Executes dropped EXE
-
\??\c:\xrxfllr.exec:\xrxfllr.exe18⤵
- Executes dropped EXE
-
\??\c:\hhhnbb.exec:\hhhnbb.exe19⤵
- Executes dropped EXE
-
\??\c:\vvdjp.exec:\vvdjp.exe20⤵
- Executes dropped EXE
-
\??\c:\ddjjv.exec:\ddjjv.exe21⤵
- Executes dropped EXE
-
\??\c:\rxffllx.exec:\rxffllx.exe22⤵
- Executes dropped EXE
-
\??\c:\xxflxxx.exec:\xxflxxx.exe23⤵
- Executes dropped EXE
-
\??\c:\5tnbth.exec:\5tnbth.exe24⤵
- Executes dropped EXE
-
\??\c:\vvjdv.exec:\vvjdv.exe25⤵
- Executes dropped EXE
-
\??\c:\ppvvd.exec:\ppvvd.exe26⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rrfffxf.exec:\rrfffxf.exe27⤵
- Executes dropped EXE
-
\??\c:\nhhhhn.exec:\nhhhhn.exe28⤵
- Executes dropped EXE
-
\??\c:\jjppv.exec:\jjppv.exe29⤵
- Executes dropped EXE
-
\??\c:\ffffrxf.exec:\ffffrxf.exe30⤵
- Executes dropped EXE
-
\??\c:\llxfllx.exec:\llxfllx.exe31⤵
- Executes dropped EXE
-
\??\c:\thnbhn.exec:\thnbhn.exe32⤵
- Executes dropped EXE
-
\??\c:\jppdp.exec:\jppdp.exe33⤵
- Executes dropped EXE
-
\??\c:\5jjpd.exec:\5jjpd.exe34⤵
- Executes dropped EXE
-
\??\c:\5xfxflr.exec:\5xfxflr.exe35⤵
- Executes dropped EXE
-
\??\c:\nntthn.exec:\nntthn.exe36⤵
- Executes dropped EXE
-
\??\c:\hhhnth.exec:\hhhnth.exe37⤵
- Executes dropped EXE
-
\??\c:\jjjvd.exec:\jjjvd.exe38⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe39⤵
- Executes dropped EXE
-
\??\c:\rxrrxfr.exec:\rxrrxfr.exe40⤵
- Executes dropped EXE
-
\??\c:\lllrrlr.exec:\lllrrlr.exe41⤵
- Executes dropped EXE
-
\??\c:\9htnbh.exec:\9htnbh.exe42⤵
- Executes dropped EXE
-
\??\c:\5hntbn.exec:\5hntbn.exe43⤵
- Executes dropped EXE
-
\??\c:\pjvpd.exec:\pjvpd.exe44⤵
- Executes dropped EXE
-
\??\c:\jjjjp.exec:\jjjjp.exe45⤵
- Executes dropped EXE
-
\??\c:\rfxxlrx.exec:\rfxxlrx.exe46⤵
- Executes dropped EXE
-
\??\c:\1xlrxxf.exec:\1xlrxxf.exe47⤵
- Executes dropped EXE
-
\??\c:\9bbhth.exec:\9bbhth.exe48⤵
- Executes dropped EXE
-
\??\c:\7hnhnh.exec:\7hnhnh.exe49⤵
- Executes dropped EXE
-
\??\c:\vdpjp.exec:\vdpjp.exe50⤵
- Executes dropped EXE
-
\??\c:\vvdjd.exec:\vvdjd.exe51⤵
- Executes dropped EXE
-
\??\c:\xrxrfrx.exec:\xrxrfrx.exe52⤵
- Executes dropped EXE
-
\??\c:\9xxrllr.exec:\9xxrllr.exe53⤵
- Executes dropped EXE
-
\??\c:\tnbbtb.exec:\tnbbtb.exe54⤵
- Executes dropped EXE
-
\??\c:\nbhhtt.exec:\nbhhtt.exe55⤵
- Executes dropped EXE
-
\??\c:\1jdjd.exec:\1jdjd.exe56⤵
- Executes dropped EXE
-
\??\c:\vvdvv.exec:\vvdvv.exe57⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\xxfrxff.exec:\xxfrxff.exe58⤵
- Executes dropped EXE
-
\??\c:\rrllrxr.exec:\rrllrxr.exe59⤵
- Executes dropped EXE
-
\??\c:\hnhbbb.exec:\hnhbbb.exe60⤵
- Executes dropped EXE
-
\??\c:\7nbbhh.exec:\7nbbhh.exe61⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\ppdjp.exec:\ppdjp.exe62⤵
- Executes dropped EXE
-
\??\c:\ppjjp.exec:\ppjjp.exe63⤵
- Executes dropped EXE
-
\??\c:\3rxfflr.exec:\3rxfflr.exe64⤵
- Executes dropped EXE
-
\??\c:\ffllxff.exec:\ffllxff.exe65⤵
- Executes dropped EXE
-
\??\c:\hnttbb.exec:\hnttbb.exe66⤵
-
\??\c:\bhtnbb.exec:\bhtnbb.exe67⤵
-
\??\c:\pjjpd.exec:\pjjpd.exe68⤵
-
\??\c:\ppddj.exec:\ppddj.exe69⤵
-
\??\c:\llrllff.exec:\llrllff.exe70⤵
-
\??\c:\lrrxxfl.exec:\lrrxxfl.exe71⤵
-
\??\c:\nhntbh.exec:\nhntbh.exe72⤵
-
\??\c:\tttthh.exec:\tttthh.exe73⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe74⤵
-
\??\c:\dddjj.exec:\dddjj.exe75⤵
-
\??\c:\ffrxflr.exec:\ffrxflr.exe76⤵
-
\??\c:\7xrxlfl.exec:\7xrxlfl.exe77⤵
-
\??\c:\bhtbnb.exec:\bhtbnb.exe78⤵
-
\??\c:\5hnntn.exec:\5hnntn.exe79⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe80⤵
-
\??\c:\5jddj.exec:\5jddj.exe81⤵
-
\??\c:\rrxxxfl.exec:\rrxxxfl.exe82⤵
-
\??\c:\lrxxrrr.exec:\lrxxrrr.exe83⤵
-
\??\c:\nhhhnn.exec:\nhhhnn.exe84⤵
-
\??\c:\1tbhtb.exec:\1tbhtb.exe85⤵
-
\??\c:\dvdpv.exec:\dvdpv.exe86⤵
-
\??\c:\vvpvv.exec:\vvpvv.exe87⤵
-
\??\c:\lflfxxf.exec:\lflfxxf.exe88⤵
-
\??\c:\xxffxxf.exec:\xxffxxf.exe89⤵
-
\??\c:\5bttbb.exec:\5bttbb.exe90⤵
-
\??\c:\hhnhhh.exec:\hhnhhh.exe91⤵
-
\??\c:\ppvdp.exec:\ppvdp.exe92⤵
-
\??\c:\djpvj.exec:\djpvj.exe93⤵
-
\??\c:\xxflrxf.exec:\xxflrxf.exe94⤵
-
\??\c:\flllrrr.exec:\flllrrr.exe95⤵
-
\??\c:\bbhbhh.exec:\bbhbhh.exe96⤵
-
\??\c:\5nttnt.exec:\5nttnt.exe97⤵
-
\??\c:\3pjpd.exec:\3pjpd.exe98⤵
-
\??\c:\jjjjp.exec:\jjjjp.exe99⤵
-
\??\c:\rxxrxxx.exec:\rxxrxxx.exe100⤵
-
\??\c:\llrrflr.exec:\llrrflr.exe101⤵
-
\??\c:\hnttbt.exec:\hnttbt.exe102⤵
-
\??\c:\nbbnhh.exec:\nbbnhh.exe103⤵
-
\??\c:\vvddd.exec:\vvddd.exe104⤵
-
\??\c:\9pvdd.exec:\9pvdd.exe105⤵
-
\??\c:\frxxlfr.exec:\frxxlfr.exe106⤵
-
\??\c:\lfllrrf.exec:\lfllrrf.exe107⤵
-
\??\c:\nnhntb.exec:\nnhntb.exe108⤵
-
\??\c:\bbthnt.exec:\bbthnt.exe109⤵
-
\??\c:\jjppd.exec:\jjppd.exe110⤵
-
\??\c:\3ppjj.exec:\3ppjj.exe111⤵
-
\??\c:\lflrxfl.exec:\lflrxfl.exe112⤵
-
\??\c:\5rlrflr.exec:\5rlrflr.exe113⤵
-
\??\c:\ttttbh.exec:\ttttbh.exe114⤵
-
\??\c:\3ntnnh.exec:\3ntnnh.exe115⤵
-
\??\c:\7pvvv.exec:\7pvvv.exe116⤵
-
\??\c:\ddjvj.exec:\ddjvj.exe117⤵
-
\??\c:\lllrrff.exec:\lllrrff.exe118⤵
-
\??\c:\xxrxrrx.exec:\xxrxrrx.exe119⤵
-
\??\c:\nnbhhh.exec:\nnbhhh.exe120⤵
-
\??\c:\tbhnbb.exec:\tbhnbb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-