Analysis
-
max time kernel
121s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
16-12-2024 07:08
General
-
Target
ac46bf9fc6c047e8e4d9d73979684b3a45001fd5eab7c366324642ab813797afN.exe
-
Size
3.7MB
-
MD5
c5224cabf04d7988bc114ed5a3c097f0
-
SHA1
3d93a72f46f9032c26a0888cb555335b536024e5
-
SHA256
ac46bf9fc6c047e8e4d9d73979684b3a45001fd5eab7c366324642ab813797af
-
SHA512
f36792651b161f3d4fa5114101df844a30e4ab718e1e7589a5fffb1f675698f17ca581effe5a765a34a58eea6d547fe4955bf18c2c0381c5795c7bd8dcb1a7bb
-
SSDEEP
49152:gCOfN6X5tLLQTg20ITS/PPs/1kS4eKRL/SRsj0Zuur1T75YqVUrmNF98u:U6XLq/qPPslzKx/dJg1ErmNf
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 47 IoCs
-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ac46bf9fc6c047e8e4d9d73979684b3a45001fd5eab7c366324642ab813797afN.exe"C:\Users\Admin\AppData\Local\Temp\ac46bf9fc6c047e8e4d9d73979684b3a45001fd5eab7c366324642ab813797afN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\frfdtf.exec:\frfdtf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ftbhj.exec:\ftbhj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thffjt.exec:\thffjt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\njpdfbf.exec:\njpdfbf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nxhhnp.exec:\nxhhnp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvlnl.exec:\vvlnl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hjrvvf.exec:\hjrvvf.exe8⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\rbbtv.exec:\rbbtv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tphlr.exec:\tphlr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlrdj.exec:\frlrdj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jxldt.exec:\jxldt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvhlhp.exec:\vvhlhp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lhxfxpt.exec:\lhxfxpt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfpbn.exec:\rfpbn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pfvbb.exec:\pfvbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\phxfv.exec:\phxfv.exe17⤵
- Executes dropped EXE
-
\??\c:\jrhdppf.exec:\jrhdppf.exe18⤵
- Executes dropped EXE
-
\??\c:\hlrrbj.exec:\hlrrbj.exe19⤵
- Executes dropped EXE
-
\??\c:\lntrldt.exec:\lntrldt.exe20⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\bjphj.exec:\bjphj.exe21⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\fttxd.exec:\fttxd.exe22⤵
- Executes dropped EXE
-
\??\c:\njnrd.exec:\njnrd.exe23⤵
- Executes dropped EXE
-
\??\c:\hnnvpj.exec:\hnnvpj.exe24⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\vvhvdt.exec:\vvhvdt.exe25⤵
- Executes dropped EXE
-
\??\c:\nrhtthb.exec:\nrhtthb.exe26⤵
- Executes dropped EXE
-
\??\c:\xvrbtt.exec:\xvrbtt.exe27⤵
- Executes dropped EXE
-
\??\c:\lxdrxln.exec:\lxdrxln.exe28⤵
- Executes dropped EXE
-
\??\c:\pvlfhx.exec:\pvlfhx.exe29⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\hlhxrx.exec:\hlhxrx.exe30⤵
- Executes dropped EXE
-
\??\c:\hjjtl.exec:\hjjtl.exe31⤵
- Executes dropped EXE
-
\??\c:\llhdv.exec:\llhdv.exe32⤵
- Executes dropped EXE
-
\??\c:\lxblln.exec:\lxblln.exe33⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\hbjnrnh.exec:\hbjnrnh.exe34⤵
- Executes dropped EXE
-
\??\c:\prpxjr.exec:\prpxjr.exe35⤵
- Executes dropped EXE
-
\??\c:\xpprvnr.exec:\xpprvnr.exe36⤵
- Executes dropped EXE
-
\??\c:\nnlfr.exec:\nnlfr.exe37⤵
- Executes dropped EXE
-
\??\c:\vtdjnjx.exec:\vtdjnjx.exe38⤵
- Executes dropped EXE
-
\??\c:\thjfltb.exec:\thjfltb.exe39⤵
- Executes dropped EXE
-
\??\c:\nhxvp.exec:\nhxvp.exe40⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rdvrxv.exec:\rdvrxv.exe41⤵
- Executes dropped EXE
-
\??\c:\pdljd.exec:\pdljd.exe42⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rfnplr.exec:\rfnplr.exe43⤵
- Executes dropped EXE
-
\??\c:\dftnp.exec:\dftnp.exe44⤵
- Executes dropped EXE
-
\??\c:\dbbtxtp.exec:\dbbtxtp.exe45⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\xfhvvnl.exec:\xfhvvnl.exe46⤵
- Executes dropped EXE
-
\??\c:\xxxnth.exec:\xxxnth.exe47⤵
- Executes dropped EXE
-
\??\c:\ttnrfr.exec:\ttnrfr.exe48⤵
- Executes dropped EXE
-
\??\c:\tnhxvjj.exec:\tnhxvjj.exe49⤵
- Executes dropped EXE
-
\??\c:\pxlbfnr.exec:\pxlbfnr.exe50⤵
- Executes dropped EXE
-
\??\c:\tlfxnn.exec:\tlfxnn.exe51⤵
- Executes dropped EXE
-
\??\c:\vbjddph.exec:\vbjddph.exe52⤵
- Executes dropped EXE
-
\??\c:\vdjjf.exec:\vdjjf.exe53⤵
- Executes dropped EXE
-
\??\c:\lxnjdb.exec:\lxnjdb.exe54⤵
- Executes dropped EXE
-
\??\c:\tvttp.exec:\tvttp.exe55⤵
- Executes dropped EXE
-
\??\c:\bfrhpjx.exec:\bfrhpjx.exe56⤵
- Executes dropped EXE
-
\??\c:\nftpn.exec:\nftpn.exe57⤵
- Executes dropped EXE
-
\??\c:\bhlxptr.exec:\bhlxptr.exe58⤵
- Executes dropped EXE
-
\??\c:\vvfjft.exec:\vvfjft.exe59⤵
- Executes dropped EXE
-
\??\c:\lnrdb.exec:\lnrdb.exe60⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\nllrvf.exec:\nllrvf.exe61⤵
- Executes dropped EXE
-
\??\c:\hntbhp.exec:\hntbhp.exe62⤵
- Executes dropped EXE
-
\??\c:\txprr.exec:\txprr.exe63⤵
- Executes dropped EXE
-
\??\c:\jdjdhb.exec:\jdjdhb.exe64⤵
- Executes dropped EXE
-
\??\c:\dhdplv.exec:\dhdplv.exe65⤵
- Executes dropped EXE
-
\??\c:\bfpbhht.exec:\bfpbhht.exe66⤵
-
\??\c:\ddnffth.exec:\ddnffth.exe67⤵
-
\??\c:\blpbjvt.exec:\blpbjvt.exe68⤵
-
\??\c:\nxtjh.exec:\nxtjh.exe69⤵
-
\??\c:\tvvpdpd.exec:\tvvpdpd.exe70⤵
-
\??\c:\rhnnj.exec:\rhnnj.exe71⤵
-
\??\c:\dxnbxvn.exec:\dxnbxvn.exe72⤵
-
\??\c:\vlbtxll.exec:\vlbtxll.exe73⤵
-
\??\c:\txtxfn.exec:\txtxfn.exe74⤵
-
\??\c:\tlrtthr.exec:\tlrtthr.exe75⤵
-
\??\c:\dbdxpt.exec:\dbdxpt.exe76⤵
-
\??\c:\lpfrl.exec:\lpfrl.exe77⤵
- System Location Discovery: System Language Discovery
-
\??\c:\dfbfx.exec:\dfbfx.exe78⤵
-
\??\c:\dvdpt.exec:\dvdpt.exe79⤵
- System Location Discovery: System Language Discovery
-
\??\c:\htpldd.exec:\htpldd.exe80⤵
-
\??\c:\nvfxfdf.exec:\nvfxfdf.exe81⤵
-
\??\c:\njbtdpr.exec:\njbtdpr.exe82⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jvhvn.exec:\jvhvn.exe83⤵
-
\??\c:\pxdbnv.exec:\pxdbnv.exe84⤵
-
\??\c:\bhhlnb.exec:\bhhlnb.exe85⤵
- System Location Discovery: System Language Discovery
-
\??\c:\tlrdvr.exec:\tlrdvr.exe86⤵
- System Location Discovery: System Language Discovery
-
\??\c:\bhbjhfh.exec:\bhbjhfh.exe87⤵
-
\??\c:\fvtfdlr.exec:\fvtfdlr.exe88⤵
-
\??\c:\bhdpppx.exec:\bhdpppx.exe89⤵
-
\??\c:\xxxbv.exec:\xxxbv.exe90⤵
-
\??\c:\vpvpbvt.exec:\vpvpbvt.exe91⤵
-
\??\c:\phphtdp.exec:\phphtdp.exe92⤵
-
\??\c:\rllxthj.exec:\rllxthj.exe93⤵
-
\??\c:\tlnbx.exec:\tlnbx.exe94⤵
-
\??\c:\bpxxtp.exec:\bpxxtp.exe95⤵
-
\??\c:\dldvt.exec:\dldvt.exe96⤵
-
\??\c:\vjprjl.exec:\vjprjl.exe97⤵
-
\??\c:\rtxdj.exec:\rtxdj.exe98⤵
-
\??\c:\xxfhj.exec:\xxfhj.exe99⤵
-
\??\c:\trxdlf.exec:\trxdlf.exe100⤵
- System Location Discovery: System Language Discovery
-
\??\c:\drppr.exec:\drppr.exe101⤵
-
\??\c:\bpbpfdv.exec:\bpbpfdv.exe102⤵
-
\??\c:\pdphx.exec:\pdphx.exe103⤵
-
\??\c:\lfrlhd.exec:\lfrlhd.exe104⤵
-
\??\c:\bnlbvxr.exec:\bnlbvxr.exe105⤵
-
\??\c:\xjjtrb.exec:\xjjtrb.exe106⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xbvfd.exec:\xbvfd.exe107⤵
-
\??\c:\fnjtlb.exec:\fnjtlb.exe108⤵
-
\??\c:\rhjhdht.exec:\rhjhdht.exe109⤵
-
\??\c:\jpjjdxj.exec:\jpjjdxj.exe110⤵
-
\??\c:\jvvvj.exec:\jvvvj.exe111⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xlhfr.exec:\xlhfr.exe112⤵
-
\??\c:\jnrvpr.exec:\jnrvpr.exe113⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jtthjbr.exec:\jtthjbr.exe114⤵
-
\??\c:\hpjxxx.exec:\hpjxxx.exe115⤵
-
\??\c:\nltpnj.exec:\nltpnj.exe116⤵
-
\??\c:\tlhnn.exec:\tlhnn.exe117⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jltbh.exec:\jltbh.exe118⤵
-
\??\c:\btrxj.exec:\btrxj.exe119⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vdprh.exec:\vdprh.exe120⤵
-
\??\c:\hnrbvfn.exec:\hnrbvfn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-