Analysis
-
max time kernel
120s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
18-12-2024 11:29
General
-
Target
3e916277ce2cead7ba5d6c904646e89d28d5103e4c7e91b8a960ecd32bf2e829N.exe
-
Size
67KB
-
MD5
4ec5e556585cf8ab72044074b67564f0
-
SHA1
9f93105757004fa91d5115070e6c19ac3b1575c8
-
SHA256
3e916277ce2cead7ba5d6c904646e89d28d5103e4c7e91b8a960ecd32bf2e829
-
SHA512
26ea00f1e73d697cc80150cb23d737c0079fb5ee9b31a30cacf667d254cc2394abd34f99c8e16a20d02ab6e7b8132540d092abb7e5f7e6cfc9db7a7b4f365e86
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yU+kbxe7:ymb3NkkiQ3mdBjF0y7kbU7
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3e916277ce2cead7ba5d6c904646e89d28d5103e4c7e91b8a960ecd32bf2e829N.exe"C:\Users\Admin\AppData\Local\Temp\3e916277ce2cead7ba5d6c904646e89d28d5103e4c7e91b8a960ecd32bf2e829N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jlfvr.exec:\jlfvr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hppbrf.exec:\hppbrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdpfp.exec:\dvdpfp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lpntjlh.exec:\lpntjlh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bxtpx.exec:\bxtpx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ndthh.exec:\ndthh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tjtrrvl.exec:\tjtrrvl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pnxht.exec:\pnxht.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dxtdppp.exec:\dxtdppp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnjlvf.exec:\tnjlvf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxrrp.exec:\lxxrrp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxtldh.exec:\llxtldh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxbjvh.exec:\rxbjvh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdrjb.exec:\vdrjb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lpbjlvh.exec:\lpbjlvh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\drlbxfd.exec:\drlbxfd.exe17⤵
- Executes dropped EXE
-
\??\c:\hxplhl.exec:\hxplhl.exe18⤵
- Executes dropped EXE
-
\??\c:\rrbpf.exec:\rrbpf.exe19⤵
- Executes dropped EXE
-
\??\c:\xnvnnvp.exec:\xnvnnvp.exe20⤵
- Executes dropped EXE
-
\??\c:\dhbtl.exec:\dhbtl.exe21⤵
- Executes dropped EXE
-
\??\c:\ldhbln.exec:\ldhbln.exe22⤵
- Executes dropped EXE
-
\??\c:\jdxtbn.exec:\jdxtbn.exe23⤵
- Executes dropped EXE
-
\??\c:\jvjdlh.exec:\jvjdlh.exe24⤵
- Executes dropped EXE
-
\??\c:\tnxpjd.exec:\tnxpjd.exe25⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\jtrphtv.exec:\jtrphtv.exe26⤵
- Executes dropped EXE
-
\??\c:\nfpnpdx.exec:\nfpnpdx.exe27⤵
- Executes dropped EXE
-
\??\c:\tlhdhb.exec:\tlhdhb.exe28⤵
- Executes dropped EXE
-
\??\c:\pvfvhn.exec:\pvfvhn.exe29⤵
- Executes dropped EXE
-
\??\c:\vxxpr.exec:\vxxpr.exe30⤵
- Executes dropped EXE
-
\??\c:\hlndjj.exec:\hlndjj.exe31⤵
- Executes dropped EXE
-
\??\c:\rddpfhx.exec:\rddpfhx.exe32⤵
- Executes dropped EXE
-
\??\c:\vtfbf.exec:\vtfbf.exe33⤵
- Executes dropped EXE
-
\??\c:\plfhpbf.exec:\plfhpbf.exe34⤵
- Executes dropped EXE
-
\??\c:\ntbxlpp.exec:\ntbxlpp.exe35⤵
- Executes dropped EXE
-
\??\c:\nrnhf.exec:\nrnhf.exe36⤵
- Executes dropped EXE
-
\??\c:\tnlvj.exec:\tnlvj.exe37⤵
- Executes dropped EXE
-
\??\c:\vftpfx.exec:\vftpfx.exe38⤵
- Executes dropped EXE
-
\??\c:\ldrrpxh.exec:\ldrrpxh.exe39⤵
- Executes dropped EXE
-
\??\c:\ppjvrrf.exec:\ppjvrrf.exe40⤵
- Executes dropped EXE
-
\??\c:\rllhp.exec:\rllhp.exe41⤵
- Executes dropped EXE
-
\??\c:\pjjprht.exec:\pjjprht.exe42⤵
- Executes dropped EXE
-
\??\c:\htjvvhn.exec:\htjvvhn.exe43⤵
- Executes dropped EXE
-
\??\c:\dttljhf.exec:\dttljhf.exe44⤵
- Executes dropped EXE
-
\??\c:\bllpp.exec:\bllpp.exe45⤵
- Executes dropped EXE
-
\??\c:\hdpntn.exec:\hdpntn.exe46⤵
- Executes dropped EXE
-
\??\c:\rhjttx.exec:\rhjttx.exe47⤵
- Executes dropped EXE
-
\??\c:\vdbndv.exec:\vdbndv.exe48⤵
- Executes dropped EXE
-
\??\c:\hdtnhdf.exec:\hdtnhdf.exe49⤵
- Executes dropped EXE
-
\??\c:\fnhhhht.exec:\fnhhhht.exe50⤵
- Executes dropped EXE
-
\??\c:\jrxdxfp.exec:\jrxdxfp.exe51⤵
- Executes dropped EXE
-
\??\c:\xtdbb.exec:\xtdbb.exe52⤵
- Executes dropped EXE
-
\??\c:\dpjbvr.exec:\dpjbvr.exe53⤵
- Executes dropped EXE
-
\??\c:\vffjrbj.exec:\vffjrbj.exe54⤵
- Executes dropped EXE
-
\??\c:\ptlxr.exec:\ptlxr.exe55⤵
- Executes dropped EXE
-
\??\c:\xjljdpp.exec:\xjljdpp.exe56⤵
- Executes dropped EXE
-
\??\c:\blnpfn.exec:\blnpfn.exe57⤵
- Executes dropped EXE
-
\??\c:\fjjbxnj.exec:\fjjbxnj.exe58⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\ddhdd.exec:\ddhdd.exe59⤵
- Executes dropped EXE
-
\??\c:\pfttxh.exec:\pfttxh.exe60⤵
- Executes dropped EXE
-
\??\c:\nlvhbj.exec:\nlvhbj.exe61⤵
- Executes dropped EXE
-
\??\c:\dbhvt.exec:\dbhvt.exe62⤵
- Executes dropped EXE
-
\??\c:\vfbrhp.exec:\vfbrhp.exe63⤵
- Executes dropped EXE
-
\??\c:\ppfllj.exec:\ppfllj.exe64⤵
- Executes dropped EXE
-
\??\c:\hbndr.exec:\hbndr.exe65⤵
- Executes dropped EXE
-
\??\c:\rvjlbt.exec:\rvjlbt.exe66⤵
-
\??\c:\vthlln.exec:\vthlln.exe67⤵
-
\??\c:\nnlnhj.exec:\nnlnhj.exe68⤵
-
\??\c:\tpfdvl.exec:\tpfdvl.exe69⤵
-
\??\c:\xbdjpj.exec:\xbdjpj.exe70⤵
-
\??\c:\pvbdtt.exec:\pvbdtt.exe71⤵
-
\??\c:\frvdvtx.exec:\frvdvtx.exe72⤵
-
\??\c:\hvjxlhr.exec:\hvjxlhr.exe73⤵
-
\??\c:\dvvrxf.exec:\dvvrxf.exe74⤵
-
\??\c:\frtbplx.exec:\frtbplx.exe75⤵
-
\??\c:\ttntbl.exec:\ttntbl.exe76⤵
-
\??\c:\ntdhl.exec:\ntdhl.exe77⤵
-
\??\c:\nbnvnph.exec:\nbnvnph.exe78⤵
-
\??\c:\xvxdphr.exec:\xvxdphr.exe79⤵
-
\??\c:\xphvdv.exec:\xphvdv.exe80⤵
-
\??\c:\ltlldt.exec:\ltlldt.exe81⤵
-
\??\c:\ftrbn.exec:\ftrbn.exe82⤵
-
\??\c:\dnjnnfl.exec:\dnjnnfl.exe83⤵
-
\??\c:\jljhj.exec:\jljhj.exe84⤵
-
\??\c:\tjrfbh.exec:\tjrfbh.exe85⤵
-
\??\c:\lphtb.exec:\lphtb.exe86⤵
- System Location Discovery: System Language Discovery
-
\??\c:\nvbptr.exec:\nvbptr.exe87⤵
-
\??\c:\bttfbt.exec:\bttfbt.exe88⤵
-
\??\c:\lpvjfxn.exec:\lpvjfxn.exe89⤵
-
\??\c:\rvtdnf.exec:\rvtdnf.exe90⤵
-
\??\c:\lvttdj.exec:\lvttdj.exe91⤵
-
\??\c:\bldvpvb.exec:\bldvpvb.exe92⤵
- System Location Discovery: System Language Discovery
-
\??\c:\tnlfhxt.exec:\tnlfhxt.exe93⤵
-
\??\c:\tvxxxl.exec:\tvxxxl.exe94⤵
-
\??\c:\jnxvph.exec:\jnxvph.exe95⤵
-
\??\c:\djjtjrr.exec:\djjtjrr.exe96⤵
-
\??\c:\pjnll.exec:\pjnll.exe97⤵
-
\??\c:\rpppnjv.exec:\rpppnjv.exe98⤵
-
\??\c:\ttfltd.exec:\ttfltd.exe99⤵
-
\??\c:\jflvfdf.exec:\jflvfdf.exe100⤵
-
\??\c:\lnxtb.exec:\lnxtb.exe101⤵
-
\??\c:\lldvp.exec:\lldvp.exe102⤵
-
\??\c:\tbpbnv.exec:\tbpbnv.exe103⤵
-
\??\c:\pbnfnbp.exec:\pbnfnbp.exe104⤵
-
\??\c:\nnhrrbp.exec:\nnhrrbp.exe105⤵
-
\??\c:\ndvbltl.exec:\ndvbltl.exe106⤵
-
\??\c:\dvfplrb.exec:\dvfplrb.exe107⤵
-
\??\c:\xllnd.exec:\xllnd.exe108⤵
-
\??\c:\xvtjt.exec:\xvtjt.exe109⤵
-
\??\c:\vbntj.exec:\vbntj.exe110⤵
-
\??\c:\hlrpxnr.exec:\hlrpxnr.exe111⤵
-
\??\c:\vllnxt.exec:\vllnxt.exe112⤵
-
\??\c:\pjtlnfd.exec:\pjtlnfd.exe113⤵
-
\??\c:\pnlhxx.exec:\pnlhxx.exe114⤵
-
\??\c:\djlvr.exec:\djlvr.exe115⤵
-
\??\c:\tlptftv.exec:\tlptftv.exe116⤵
-
\??\c:\bvvdn.exec:\bvvdn.exe117⤵
-
\??\c:\jlxnrff.exec:\jlxnrff.exe118⤵
-
\??\c:\xbvjv.exec:\xbvjv.exe119⤵
-
\??\c:\ppbpxv.exec:\ppbpxv.exe120⤵
-
\??\c:\bnrjdf.exec:\bnrjdf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-