Analysis
-
max time kernel
120s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
18-12-2024 03:47
General
-
Target
3482ec7f059ffbfe72fe4c8828686c7c3009b17ad72a37d275d4d767bc132994.exe
-
Size
454KB
-
MD5
fe44e91b80a4d7160a68a8620e1ffc0e
-
SHA1
fc90233e18451e40f10de7f0a2503aa56d307031
-
SHA256
3482ec7f059ffbfe72fe4c8828686c7c3009b17ad72a37d275d4d767bc132994
-
SHA512
819087618b66be5831ab5bc6bc927d72649f8ba951b26e07ac0d4ee16f1d7062531b5c8a746447cc09691ae5f3b34eb2c9bfce973a1fd78e0c0f5d85581ec426
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeB:q7Tc2NYHUrAwfMp3CDB
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 42 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 40 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3482ec7f059ffbfe72fe4c8828686c7c3009b17ad72a37d275d4d767bc132994.exe"C:\Users\Admin\AppData\Local\Temp\3482ec7f059ffbfe72fe4c8828686c7c3009b17ad72a37d275d4d767bc132994.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dhvdh.exec:\dhvdh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrpjd.exec:\rfrpjd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\blltnd.exec:\blltnd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tdtvvdv.exec:\tdtvvdv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlplx.exec:\rlplx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlpj.exec:\frlpj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tfxdtb.exec:\tfxdtb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnhhb.exec:\ttnhhb.exe9⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\lfbxvh.exec:\lfbxvh.exe10⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\rpvnx.exec:\rpvnx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hrbvrjj.exec:\hrbvrjj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ljxjblr.exec:\ljxjblr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jhthn.exec:\jhthn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\prdlb.exec:\prdlb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\drpbdt.exec:\drpbdt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjnhfj.exec:\jjnhfj.exe17⤵
- Executes dropped EXE
-
\??\c:\fxtbtx.exec:\fxtbtx.exe18⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\lvvrlnf.exec:\lvvrlnf.exe19⤵
- Executes dropped EXE
-
\??\c:\btrvptt.exec:\btrvptt.exe20⤵
- Executes dropped EXE
-
\??\c:\tnfjx.exec:\tnfjx.exe21⤵
- Executes dropped EXE
-
\??\c:\drnnj.exec:\drnnj.exe22⤵
- Executes dropped EXE
-
\??\c:\pvhbl.exec:\pvhbl.exe23⤵
- Executes dropped EXE
-
\??\c:\ptlpp.exec:\ptlpp.exe24⤵
- Executes dropped EXE
-
\??\c:\tfjvpp.exec:\tfjvpp.exe25⤵
- Executes dropped EXE
-
\??\c:\xdnjhdj.exec:\xdnjhdj.exe26⤵
- Executes dropped EXE
-
\??\c:\dtpxrj.exec:\dtpxrj.exe27⤵
- Executes dropped EXE
-
\??\c:\djbdph.exec:\djbdph.exe28⤵
- Executes dropped EXE
-
\??\c:\pdfjlvh.exec:\pdfjlvh.exe29⤵
- Executes dropped EXE
-
\??\c:\hrfhvpt.exec:\hrfhvpt.exe30⤵
- Executes dropped EXE
-
\??\c:\ltbbrx.exec:\ltbbrx.exe31⤵
- Executes dropped EXE
-
\??\c:\xlntdv.exec:\xlntdv.exe32⤵
- Executes dropped EXE
-
\??\c:\rjhln.exec:\rjhln.exe33⤵
- Executes dropped EXE
-
\??\c:\hdlflx.exec:\hdlflx.exe34⤵
- Executes dropped EXE
-
\??\c:\pjfxldb.exec:\pjfxldb.exe35⤵
- Executes dropped EXE
-
\??\c:\pplhx.exec:\pplhx.exe36⤵
- Executes dropped EXE
-
\??\c:\nlrxd.exec:\nlrxd.exe37⤵
- Executes dropped EXE
-
\??\c:\xtjbft.exec:\xtjbft.exe38⤵
- Executes dropped EXE
-
\??\c:\dvvltff.exec:\dvvltff.exe39⤵
- Executes dropped EXE
-
\??\c:\bfhdtj.exec:\bfhdtj.exe40⤵
- Executes dropped EXE
-
\??\c:\vfrvrft.exec:\vfrvrft.exe41⤵
- Executes dropped EXE
-
\??\c:\fvltd.exec:\fvltd.exe42⤵
- Executes dropped EXE
-
\??\c:\rjrhxfn.exec:\rjrhxfn.exe43⤵
- Executes dropped EXE
-
\??\c:\vlhxxt.exec:\vlhxxt.exe44⤵
- Executes dropped EXE
-
\??\c:\fddxl.exec:\fddxl.exe45⤵
- Executes dropped EXE
-
\??\c:\hrrpx.exec:\hrrpx.exe46⤵
- Executes dropped EXE
-
\??\c:\llpbll.exec:\llpbll.exe47⤵
- Executes dropped EXE
-
\??\c:\ddpxl.exec:\ddpxl.exe48⤵
- Executes dropped EXE
-
\??\c:\vhlvnvf.exec:\vhlvnvf.exe49⤵
- Executes dropped EXE
-
\??\c:\tnvpnb.exec:\tnvpnb.exe50⤵
- Executes dropped EXE
-
\??\c:\xbndxl.exec:\xbndxl.exe51⤵
- Executes dropped EXE
-
\??\c:\hllpl.exec:\hllpl.exe52⤵
- Executes dropped EXE
-
\??\c:\djnnbl.exec:\djnnbl.exe53⤵
- Executes dropped EXE
-
\??\c:\vljdln.exec:\vljdln.exe54⤵
- Executes dropped EXE
-
\??\c:\pjjrvp.exec:\pjjrvp.exe55⤵
- Executes dropped EXE
-
\??\c:\jrhthjl.exec:\jrhthjl.exe56⤵
- Executes dropped EXE
-
\??\c:\tljtb.exec:\tljtb.exe57⤵
- Executes dropped EXE
-
\??\c:\lhdlx.exec:\lhdlx.exe58⤵
- Executes dropped EXE
-
\??\c:\fndrt.exec:\fndrt.exe59⤵
- Executes dropped EXE
-
\??\c:\rxlnlnh.exec:\rxlnlnh.exe60⤵
- Executes dropped EXE
-
\??\c:\fflrv.exec:\fflrv.exe61⤵
- Executes dropped EXE
-
\??\c:\lthjhf.exec:\lthjhf.exe62⤵
- Executes dropped EXE
-
\??\c:\dtxfbd.exec:\dtxfbd.exe63⤵
- Executes dropped EXE
-
\??\c:\tnlbhd.exec:\tnlbhd.exe64⤵
- Executes dropped EXE
-
\??\c:\tbhxj.exec:\tbhxj.exe65⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\dlftf.exec:\dlftf.exe66⤵
-
\??\c:\dnvhb.exec:\dnvhb.exe67⤵
-
\??\c:\vldbjn.exec:\vldbjn.exe68⤵
-
\??\c:\hvxrxx.exec:\hvxrxx.exe69⤵
-
\??\c:\frxff.exec:\frxff.exe70⤵
-
\??\c:\ndbfp.exec:\ndbfp.exe71⤵
-
\??\c:\dbrjrlr.exec:\dbrjrlr.exe72⤵
-
\??\c:\lttdfb.exec:\lttdfb.exe73⤵
-
\??\c:\hfrbbx.exec:\hfrbbx.exe74⤵
-
\??\c:\phpjd.exec:\phpjd.exe75⤵
-
\??\c:\lnfllh.exec:\lnfllh.exe76⤵
-
\??\c:\pjnxrpp.exec:\pjnxrpp.exe77⤵
-
\??\c:\fhhpt.exec:\fhhpt.exe78⤵
-
\??\c:\blxhl.exec:\blxhl.exe79⤵
-
\??\c:\btjrrt.exec:\btjrrt.exe80⤵
-
\??\c:\dxptl.exec:\dxptl.exe81⤵
-
\??\c:\tfrtx.exec:\tfrtx.exe82⤵
-
\??\c:\lxxdfdh.exec:\lxxdfdh.exe83⤵
-
\??\c:\xtjlnbh.exec:\xtjlnbh.exe84⤵
-
\??\c:\bftxth.exec:\bftxth.exe85⤵
-
\??\c:\jhhrlb.exec:\jhhrlb.exe86⤵
-
\??\c:\pdbrtj.exec:\pdbrtj.exe87⤵
-
\??\c:\brdll.exec:\brdll.exe88⤵
-
\??\c:\nbtvt.exec:\nbtvt.exe89⤵
-
\??\c:\lfttbj.exec:\lfttbj.exe90⤵
-
\??\c:\jvrrhhh.exec:\jvrrhhh.exe91⤵
-
\??\c:\rrrnh.exec:\rrrnh.exe92⤵
-
\??\c:\fhjvhj.exec:\fhjvhj.exe93⤵
-
\??\c:\hrxntt.exec:\hrxntt.exe94⤵
-
\??\c:\ltplvrl.exec:\ltplvrl.exe95⤵
-
\??\c:\lvppn.exec:\lvppn.exe96⤵
-
\??\c:\rxfnh.exec:\rxfnh.exe97⤵
-
\??\c:\jdvjdf.exec:\jdvjdf.exe98⤵
-
\??\c:\jddfrpr.exec:\jddfrpr.exe99⤵
-
\??\c:\nfxxtlv.exec:\nfxxtlv.exe100⤵
-
\??\c:\pvpflb.exec:\pvpflb.exe101⤵
-
\??\c:\rdrfpbd.exec:\rdrfpbd.exe102⤵
-
\??\c:\fnfxf.exec:\fnfxf.exe103⤵
-
\??\c:\tpppfl.exec:\tpppfl.exe104⤵
-
\??\c:\ltlrt.exec:\ltlrt.exe105⤵
-
\??\c:\bhlrp.exec:\bhlrp.exe106⤵
-
\??\c:\trxxr.exec:\trxxr.exe107⤵
-
\??\c:\jjjftl.exec:\jjjftl.exe108⤵
-
\??\c:\vfdnvp.exec:\vfdnvp.exe109⤵
-
\??\c:\nrvhbtn.exec:\nrvhbtn.exe110⤵
-
\??\c:\thhjhnj.exec:\thhjhnj.exe111⤵
-
\??\c:\fpxxpj.exec:\fpxxpj.exe112⤵
- System Location Discovery: System Language Discovery
-
\??\c:\dphdxd.exec:\dphdxd.exe113⤵
-
\??\c:\btbvxv.exec:\btbvxv.exe114⤵
-
\??\c:\nxbdhrn.exec:\nxbdhrn.exe115⤵
-
\??\c:\rntvd.exec:\rntvd.exe116⤵
-
\??\c:\hptlvrr.exec:\hptlvrr.exe117⤵
-
\??\c:\rpvbr.exec:\rpvbr.exe118⤵
-
\??\c:\nrtbntr.exec:\nrtbntr.exe119⤵
-
\??\c:\ndnvnp.exec:\ndnvnp.exe120⤵
-
\??\c:\plhxt.exec:\plhxt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-