Analysis
-
max time kernel
120s -
max time network
20s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
19-12-2024 23:02
General
-
Target
9dcc3d297ccd4eb0c90cfc4902d189cd91c13e29e080e49ecd21b459a5fe927cN.exe
-
Size
454KB
-
MD5
1c71a78ac7790ed0e6520d3d31c1d000
-
SHA1
a48ec9a554f249112d2c45cdd125a555c6a2ddaa
-
SHA256
9dcc3d297ccd4eb0c90cfc4902d189cd91c13e29e080e49ecd21b459a5fe927c
-
SHA512
d2c8d71ea29e98704f675d8c24b581700744a83e7b007f5a0c4c6c037616aa5e7650d6778b79581ae5c78c120ae7bf2388270f1800d2e1be2cea839b731cddfa
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbef:q7Tc2NYHUrAwfMp3CDf
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 41 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 42 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9dcc3d297ccd4eb0c90cfc4902d189cd91c13e29e080e49ecd21b459a5fe927cN.exe"C:\Users\Admin\AppData\Local\Temp\9dcc3d297ccd4eb0c90cfc4902d189cd91c13e29e080e49ecd21b459a5fe927cN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rpdddhd.exec:\rpdddhd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pblrnt.exec:\pblrnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dnfxx.exec:\dnfxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dxxfdx.exec:\dxxfdx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rprnjd.exec:\rprnjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hlnvhhl.exec:\hlnvhhl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nprhdtf.exec:\nprhdtf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bddphxl.exec:\bddphxl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fddvlr.exec:\fddvlr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllbh.exec:\lllbh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vphlfjt.exec:\vphlfjt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ljjdrb.exec:\ljjdrb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\trbdd.exec:\trbdd.exe14⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\bhfjjfd.exec:\bhfjjfd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jbxnv.exec:\jbxnv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pxndjxd.exec:\pxndjxd.exe17⤵
- Executes dropped EXE
-
\??\c:\phnnt.exec:\phnnt.exe18⤵
- Executes dropped EXE
-
\??\c:\rjvftph.exec:\rjvftph.exe19⤵
- Executes dropped EXE
-
\??\c:\jlfbv.exec:\jlfbv.exe20⤵
- Executes dropped EXE
-
\??\c:\tdxbrtn.exec:\tdxbrtn.exe21⤵
- Executes dropped EXE
-
\??\c:\hrvljx.exec:\hrvljx.exe22⤵
- Executes dropped EXE
-
\??\c:\nxtxhfn.exec:\nxtxhfn.exe23⤵
- Executes dropped EXE
-
\??\c:\dhbhh.exec:\dhbhh.exe24⤵
- Executes dropped EXE
-
\??\c:\tlvlv.exec:\tlvlv.exe25⤵
- Executes dropped EXE
-
\??\c:\hlrjfr.exec:\hlrjfr.exe26⤵
- Executes dropped EXE
-
\??\c:\nlbrjxd.exec:\nlbrjxd.exe27⤵
- Executes dropped EXE
-
\??\c:\vrfpn.exec:\vrfpn.exe28⤵
- Executes dropped EXE
-
\??\c:\dpxbrd.exec:\dpxbrd.exe29⤵
- Executes dropped EXE
-
\??\c:\vfxfbl.exec:\vfxfbl.exe30⤵
- Executes dropped EXE
-
\??\c:\fnpblp.exec:\fnpblp.exe31⤵
- Executes dropped EXE
-
\??\c:\bpxlrh.exec:\bpxlrh.exe32⤵
- Executes dropped EXE
-
\??\c:\xddbj.exec:\xddbj.exe33⤵
- Executes dropped EXE
-
\??\c:\vpnjvl.exec:\vpnjvl.exe34⤵
- Executes dropped EXE
-
\??\c:\ddpjr.exec:\ddpjr.exe35⤵
- Executes dropped EXE
-
\??\c:\vdjxjvh.exec:\vdjxjvh.exe36⤵
- Executes dropped EXE
-
\??\c:\dhxvj.exec:\dhxvj.exe37⤵
- Executes dropped EXE
-
\??\c:\xnnbv.exec:\xnnbv.exe38⤵
- Executes dropped EXE
-
\??\c:\bxffv.exec:\bxffv.exe39⤵
- Executes dropped EXE
-
\??\c:\htbrpl.exec:\htbrpl.exe40⤵
- Executes dropped EXE
-
\??\c:\rjfbvrn.exec:\rjfbvrn.exe41⤵
- Executes dropped EXE
-
\??\c:\dvfbt.exec:\dvfbt.exe42⤵
- Executes dropped EXE
-
\??\c:\jtnhtvr.exec:\jtnhtvr.exe43⤵
- Executes dropped EXE
-
\??\c:\xjnrt.exec:\xjnrt.exe44⤵
- Executes dropped EXE
-
\??\c:\pnxfvt.exec:\pnxfvt.exe45⤵
- Executes dropped EXE
-
\??\c:\fplbnr.exec:\fplbnr.exe46⤵
- Executes dropped EXE
-
\??\c:\rtxvhp.exec:\rtxvhp.exe47⤵
- Executes dropped EXE
-
\??\c:\dhpptxj.exec:\dhpptxj.exe48⤵
- Executes dropped EXE
-
\??\c:\bbvvd.exec:\bbvvd.exe49⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\flrbtjr.exec:\flrbtjr.exe50⤵
- Executes dropped EXE
-
\??\c:\xhvpf.exec:\xhvpf.exe51⤵
- Executes dropped EXE
-
\??\c:\htpbjtl.exec:\htpbjtl.exe52⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\njnjpjr.exec:\njnjpjr.exe53⤵
- Executes dropped EXE
-
\??\c:\hjxphv.exec:\hjxphv.exe54⤵
- Executes dropped EXE
-
\??\c:\lhldt.exec:\lhldt.exe55⤵
- Executes dropped EXE
-
\??\c:\fdhlnfd.exec:\fdhlnfd.exe56⤵
- Executes dropped EXE
-
\??\c:\ttxvx.exec:\ttxvx.exe57⤵
- Executes dropped EXE
-
\??\c:\hljtjlv.exec:\hljtjlv.exe58⤵
- Executes dropped EXE
-
\??\c:\hnhnjpx.exec:\hnhnjpx.exe59⤵
- Executes dropped EXE
-
\??\c:\rhdtb.exec:\rhdtb.exe60⤵
- Executes dropped EXE
-
\??\c:\hfnhp.exec:\hfnhp.exe61⤵
- Executes dropped EXE
-
\??\c:\hjbfh.exec:\hjbfh.exe62⤵
- Executes dropped EXE
-
\??\c:\xjldjb.exec:\xjldjb.exe63⤵
- Executes dropped EXE
-
\??\c:\vxfpx.exec:\vxfpx.exe64⤵
- Executes dropped EXE
-
\??\c:\rphpbdf.exec:\rphpbdf.exe65⤵
- Executes dropped EXE
-
\??\c:\ttdljb.exec:\ttdljb.exe66⤵
-
\??\c:\bdltnrn.exec:\bdltnrn.exe67⤵
-
\??\c:\vrrhd.exec:\vrrhd.exe68⤵
-
\??\c:\vlppl.exec:\vlppl.exe69⤵
-
\??\c:\jpdlx.exec:\jpdlx.exe70⤵
-
\??\c:\xtxvtd.exec:\xtxvtd.exe71⤵
-
\??\c:\pfjrj.exec:\pfjrj.exe72⤵
-
\??\c:\jfbpx.exec:\jfbpx.exe73⤵
-
\??\c:\dnndtxl.exec:\dnndtxl.exe74⤵
-
\??\c:\npvhrn.exec:\npvhrn.exe75⤵
-
\??\c:\brrxj.exec:\brrxj.exe76⤵
-
\??\c:\vbpttvd.exec:\vbpttvd.exe77⤵
-
\??\c:\prjbd.exec:\prjbd.exe78⤵
-
\??\c:\nhdpjx.exec:\nhdpjx.exe79⤵
-
\??\c:\fjdddlt.exec:\fjdddlt.exe80⤵
-
\??\c:\jvjrvld.exec:\jvjrvld.exe81⤵
-
\??\c:\xtpxpx.exec:\xtpxpx.exe82⤵
-
\??\c:\ltfbb.exec:\ltfbb.exe83⤵
-
\??\c:\hldvxld.exec:\hldvxld.exe84⤵
-
\??\c:\bbvxt.exec:\bbvxt.exe85⤵
-
\??\c:\llhtfhx.exec:\llhtfhx.exe86⤵
-
\??\c:\htbtpxr.exec:\htbtpxr.exe87⤵
-
\??\c:\phxndt.exec:\phxndt.exe88⤵
-
\??\c:\lpvhlj.exec:\lpvhlj.exe89⤵
-
\??\c:\dbhfbx.exec:\dbhfbx.exe90⤵
-
\??\c:\rdntfbb.exec:\rdntfbb.exe91⤵
-
\??\c:\lnbrln.exec:\lnbrln.exe92⤵
-
\??\c:\pdhdfx.exec:\pdhdfx.exe93⤵
-
\??\c:\fvlbl.exec:\fvlbl.exe94⤵
-
\??\c:\jfhlp.exec:\jfhlp.exe95⤵
-
\??\c:\xbvfnr.exec:\xbvfnr.exe96⤵
-
\??\c:\tjfpd.exec:\tjfpd.exe97⤵
-
\??\c:\txvvvd.exec:\txvvvd.exe98⤵
- System Location Discovery: System Language Discovery
-
\??\c:\dlxhjx.exec:\dlxhjx.exe99⤵
-
\??\c:\frxtplv.exec:\frxtplv.exe100⤵
-
\??\c:\tbfvlxp.exec:\tbfvlxp.exe101⤵
-
\??\c:\hhtbhd.exec:\hhtbhd.exe102⤵
-
\??\c:\jthfv.exec:\jthfv.exe103⤵
-
\??\c:\tdblhbn.exec:\tdblhbn.exe104⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jvlpf.exec:\jvlpf.exe105⤵
-
\??\c:\nltdlbt.exec:\nltdlbt.exe106⤵
-
\??\c:\dhrjpj.exec:\dhrjpj.exe107⤵
-
\??\c:\lppldt.exec:\lppldt.exe108⤵
-
\??\c:\llvvvr.exec:\llvvvr.exe109⤵
-
\??\c:\lrbtnd.exec:\lrbtnd.exe110⤵
-
\??\c:\flbdl.exec:\flbdl.exe111⤵
-
\??\c:\dblrnt.exec:\dblrnt.exe112⤵
-
\??\c:\jdjlr.exec:\jdjlr.exe113⤵
-
\??\c:\bhxlj.exec:\bhxlj.exe114⤵
-
\??\c:\hbdrdj.exec:\hbdrdj.exe115⤵
-
\??\c:\rvbtfhl.exec:\rvbtfhl.exe116⤵
-
\??\c:\tdfrv.exec:\tdfrv.exe117⤵
-
\??\c:\bbrrjr.exec:\bbrrjr.exe118⤵
-
\??\c:\dxddt.exec:\dxddt.exe119⤵
-
\??\c:\rfllfp.exec:\rfllfp.exe120⤵
-
\??\c:\xlftnp.exec:\xlftnp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-