Analysis
-
max time kernel
120s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
26/11/2024, 01:14
General
-
Target
9729c5c4375579bc75f478d389ee42305aacb2cf555baa5f53d520a096ead167N.exe
-
Size
83KB
-
MD5
67099e34768aa6dc60c27c6519ab8850
-
SHA1
9a8144a735fc0398bde5838e4c5fb7ee6dad25b5
-
SHA256
9729c5c4375579bc75f478d389ee42305aacb2cf555baa5f53d520a096ead167
-
SHA512
977150c14647af428275398f3e95960b099898d982ccb2bb9a89fad6f3cebade1ef30d55bf32a138a2da4fb9ca6df31325c23d1c0aa886a7a942bf02fe046dc4
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA89QM:ymb3NkkiQ3mdBjFIIp9L9QrrA8n
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9729c5c4375579bc75f478d389ee42305aacb2cf555baa5f53d520a096ead167N.exe"C:\Users\Admin\AppData\Local\Temp\9729c5c4375579bc75f478d389ee42305aacb2cf555baa5f53d520a096ead167N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddj.exec:\vpddj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pvvp.exec:\3pvvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddppv.exec:\ddppv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrffxrf.exec:\lrffxrf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbntnh.exec:\tbntnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjpd.exec:\djjpd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdpp.exec:\jvdpp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfrxxl.exec:\rlfrxxl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlrxfr.exec:\lxlrxfr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtttb.exec:\bbtttb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpjp.exec:\pvpjp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frflfxr.exec:\frflfxr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnbhh.exec:\thnbhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhhnt.exec:\tbhhnt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjjp.exec:\ddjjp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrfllr.exec:\flrfllr.exe17⤵
- Executes dropped EXE
-
\??\c:\xffrxlr.exec:\xffrxlr.exe18⤵
- Executes dropped EXE
-
\??\c:\nnttbh.exec:\nnttbh.exe19⤵
- Executes dropped EXE
-
\??\c:\ppvpp.exec:\ppvpp.exe20⤵
- Executes dropped EXE
-
\??\c:\jjdjv.exec:\jjdjv.exe21⤵
- Executes dropped EXE
-
\??\c:\fxxfxfr.exec:\fxxfxfr.exe22⤵
- Executes dropped EXE
-
\??\c:\1ffrlxf.exec:\1ffrlxf.exe23⤵
- Executes dropped EXE
-
\??\c:\ntbtbh.exec:\ntbtbh.exe24⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe25⤵
- Executes dropped EXE
-
\??\c:\jdpvp.exec:\jdpvp.exe26⤵
- Executes dropped EXE
-
\??\c:\lxxlxxl.exec:\lxxlxxl.exe27⤵
- Executes dropped EXE
-
\??\c:\htnnhb.exec:\htnnhb.exe28⤵
- Executes dropped EXE
-
\??\c:\1hhthb.exec:\1hhthb.exe29⤵
- Executes dropped EXE
-
\??\c:\pvppj.exec:\pvppj.exe30⤵
- Executes dropped EXE
-
\??\c:\rfrrfxf.exec:\rfrrfxf.exe31⤵
- Executes dropped EXE
-
\??\c:\bbhbhn.exec:\bbhbhn.exe32⤵
- Executes dropped EXE
-
\??\c:\bbnbnt.exec:\bbnbnt.exe33⤵
- Executes dropped EXE
-
\??\c:\djppp.exec:\djppp.exe34⤵
- Executes dropped EXE
-
\??\c:\5ppdj.exec:\5ppdj.exe35⤵
- Executes dropped EXE
-
\??\c:\lxxlxfx.exec:\lxxlxfx.exe36⤵
- Executes dropped EXE
-
\??\c:\lrxxrfx.exec:\lrxxrfx.exe37⤵
- Executes dropped EXE
-
\??\c:\ntbbhn.exec:\ntbbhn.exe38⤵
- Executes dropped EXE
-
\??\c:\vpvpp.exec:\vpvpp.exe39⤵
- Executes dropped EXE
-
\??\c:\7vvvj.exec:\7vvvj.exe40⤵
- Executes dropped EXE
-
\??\c:\xxrlffl.exec:\xxrlffl.exe41⤵
- Executes dropped EXE
-
\??\c:\xxxrrrf.exec:\xxxrrrf.exe42⤵
- Executes dropped EXE
-
\??\c:\3nhhhn.exec:\3nhhhn.exe43⤵
- Executes dropped EXE
-
\??\c:\bnhbhn.exec:\bnhbhn.exe44⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe45⤵
- Executes dropped EXE
-
\??\c:\jpddj.exec:\jpddj.exe46⤵
- Executes dropped EXE
-
\??\c:\rlxrxxl.exec:\rlxrxxl.exe47⤵
- Executes dropped EXE
-
\??\c:\xfllxrf.exec:\xfllxrf.exe48⤵
- Executes dropped EXE
-
\??\c:\bbnnhh.exec:\bbnnhh.exe49⤵
- Executes dropped EXE
-
\??\c:\rlfrlfr.exec:\rlfrlfr.exe50⤵
- Executes dropped EXE
-
\??\c:\llrxrrx.exec:\llrxrrx.exe51⤵
- Executes dropped EXE
-
\??\c:\rfrlrrl.exec:\rfrlrrl.exe52⤵
- Executes dropped EXE
-
\??\c:\tnbbnn.exec:\tnbbnn.exe53⤵
- Executes dropped EXE
-
\??\c:\pjpvj.exec:\pjpvj.exe54⤵
- Executes dropped EXE
-
\??\c:\9jddj.exec:\9jddj.exe55⤵
- Executes dropped EXE
-
\??\c:\pdjpv.exec:\pdjpv.exe56⤵
- Executes dropped EXE
-
\??\c:\lfrxfxf.exec:\lfrxfxf.exe57⤵
- Executes dropped EXE
-
\??\c:\3flfxlx.exec:\3flfxlx.exe58⤵
- Executes dropped EXE
-
\??\c:\bbtbhh.exec:\bbtbhh.exe59⤵
- Executes dropped EXE
-
\??\c:\ntbbtb.exec:\ntbbtb.exe60⤵
- Executes dropped EXE
-
\??\c:\5jpvd.exec:\5jpvd.exe61⤵
- Executes dropped EXE
-
\??\c:\jjvdp.exec:\jjvdp.exe62⤵
- Executes dropped EXE
-
\??\c:\xlrxlrf.exec:\xlrxlrf.exe63⤵
- Executes dropped EXE
-
\??\c:\rlflfff.exec:\rlflfff.exe64⤵
- Executes dropped EXE
-
\??\c:\thtttt.exec:\thtttt.exe65⤵
- Executes dropped EXE
-
\??\c:\nnhtnh.exec:\nnhtnh.exe66⤵
-
\??\c:\dvdjd.exec:\dvdjd.exe67⤵
-
\??\c:\ppjvj.exec:\ppjvj.exe68⤵
-
\??\c:\rrxxlrf.exec:\rrxxlrf.exe69⤵
-
\??\c:\lxllrff.exec:\lxllrff.exe70⤵
-
\??\c:\1thntb.exec:\1thntb.exe71⤵
-
\??\c:\hbtnhb.exec:\hbtnhb.exe72⤵
-
\??\c:\jpjvp.exec:\jpjvp.exe73⤵
-
\??\c:\xrlxlrx.exec:\xrlxlrx.exe74⤵
- System Location Discovery: System Language Discovery
-
\??\c:\1rlfrxr.exec:\1rlfrxr.exe75⤵
-
\??\c:\9nnbnn.exec:\9nnbnn.exe76⤵
-
\??\c:\bnbtnn.exec:\bnbtnn.exe77⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe78⤵
-
\??\c:\vvdvp.exec:\vvdvp.exe79⤵
-
\??\c:\llxfllx.exec:\llxfllx.exe80⤵
-
\??\c:\hnhhth.exec:\hnhhth.exe81⤵
-
\??\c:\thhbnt.exec:\thhbnt.exe82⤵
-
\??\c:\ttnbhh.exec:\ttnbhh.exe83⤵
-
\??\c:\pjdpj.exec:\pjdpj.exe84⤵
-
\??\c:\vpppv.exec:\vpppv.exe85⤵
-
\??\c:\rxrxxrl.exec:\rxrxxrl.exe86⤵
-
\??\c:\fffxlrx.exec:\fffxlrx.exe87⤵
- System Location Discovery: System Language Discovery
-
\??\c:\5hhhht.exec:\5hhhht.exe88⤵
-
\??\c:\nthtbt.exec:\nthtbt.exe89⤵
-
\??\c:\pvvvd.exec:\pvvvd.exe90⤵
-
\??\c:\lxllrfl.exec:\lxllrfl.exe91⤵
-
\??\c:\xxrxlrx.exec:\xxrxlrx.exe92⤵
-
\??\c:\tthnnb.exec:\tthnnb.exe93⤵
-
\??\c:\bbtbbh.exec:\bbtbbh.exe94⤵
-
\??\c:\dvdjp.exec:\dvdjp.exe95⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe96⤵
-
\??\c:\rlffrxf.exec:\rlffrxf.exe97⤵
-
\??\c:\xrxfrfr.exec:\xrxfrfr.exe98⤵
-
\??\c:\rrllxlr.exec:\rrllxlr.exe99⤵
-
\??\c:\ttnhtt.exec:\ttnhtt.exe100⤵
-
\??\c:\9tthtt.exec:\9tthtt.exe101⤵
-
\??\c:\3djjd.exec:\3djjd.exe102⤵
-
\??\c:\1vjjp.exec:\1vjjp.exe103⤵
-
\??\c:\9xlxffx.exec:\9xlxffx.exe104⤵
-
\??\c:\rlrflfl.exec:\rlrflfl.exe105⤵
-
\??\c:\xfrrlfl.exec:\xfrrlfl.exe106⤵
-
\??\c:\hbtttb.exec:\hbtttb.exe107⤵
-
\??\c:\9thtbh.exec:\9thtbh.exe108⤵
-
\??\c:\1dvdp.exec:\1dvdp.exe109⤵
-
\??\c:\pvjjd.exec:\pvjjd.exe110⤵
-
\??\c:\llrrllx.exec:\llrrllx.exe111⤵
-
\??\c:\xxrxlrf.exec:\xxrxlrf.exe112⤵
-
\??\c:\bntbnt.exec:\bntbnt.exe113⤵
-
\??\c:\btbhhn.exec:\btbhhn.exe114⤵
-
\??\c:\1dddp.exec:\1dddp.exe115⤵
-
\??\c:\jvdjv.exec:\jvdjv.exe116⤵
-
\??\c:\llfrrrx.exec:\llfrrrx.exe117⤵
-
\??\c:\3lflrrf.exec:\3lflrrf.exe118⤵
-
\??\c:\tttbhh.exec:\tttbhh.exe119⤵
-
\??\c:\bbbbbt.exec:\bbbbbt.exe120⤵
-
\??\c:\btnbnn.exec:\btnbnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-