Analysis
-
max time kernel
120s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
19-12-2024 03:33
General
-
Target
acbd911dc571c1941f864db554f136f299d244c8063e17920a29116354b8b701N.exe
-
Size
456KB
-
MD5
53a9ad231bec6142a4da58c197433f60
-
SHA1
f9d86c91c6f4c4ac49fd92484e77c4d015e23447
-
SHA256
acbd911dc571c1941f864db554f136f299d244c8063e17920a29116354b8b701
-
SHA512
357b0c380f675508a5ada860d6a29bdb999b6d3a640569807e750829facd74b2c9567686d0e5b44a09e8607ce3804b0b59e1c1e35a61bcc812e44f7243082b32
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbea:q7Tc2NYHUrAwfMp3CDa
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 45 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 40 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\acbd911dc571c1941f864db554f136f299d244c8063e17920a29116354b8b701N.exe"C:\Users\Admin\AppData\Local\Temp\acbd911dc571c1941f864db554f136f299d244c8063e17920a29116354b8b701N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\2606880.exec:\2606880.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvdj.exec:\pdvdj.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\djvvj.exec:\djvvj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\608062.exec:\608062.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0866624.exec:\0866624.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\42006.exec:\42006.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nbtbh.exec:\7nbtbh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2000644.exec:\2000644.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\g8602.exec:\g8602.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrxxff.exec:\fxrxxff.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hbnbh.exec:\5hbnbh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6602404.exec:\6602404.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjv.exec:\vpdjv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0800228.exec:\0800228.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nhnnt.exec:\5nhnnt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\04246.exec:\04246.exe17⤵
- Executes dropped EXE
-
\??\c:\nnhbht.exec:\nnhbht.exe18⤵
- Executes dropped EXE
-
\??\c:\6080628.exec:\6080628.exe19⤵
- Executes dropped EXE
-
\??\c:\2088040.exec:\2088040.exe20⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\9pdpj.exec:\9pdpj.exe21⤵
- Executes dropped EXE
-
\??\c:\00662.exec:\00662.exe22⤵
- Executes dropped EXE
-
\??\c:\264022.exec:\264022.exe23⤵
- Executes dropped EXE
-
\??\c:\486806.exec:\486806.exe24⤵
- Executes dropped EXE
-
\??\c:\xrllxxf.exec:\xrllxxf.exe25⤵
- Executes dropped EXE
-
\??\c:\0462668.exec:\0462668.exe26⤵
- Executes dropped EXE
-
\??\c:\jdpvd.exec:\jdpvd.exe27⤵
- Executes dropped EXE
-
\??\c:\rlrrxxf.exec:\rlrrxxf.exe28⤵
- Executes dropped EXE
-
\??\c:\k66206.exec:\k66206.exe29⤵
- Executes dropped EXE
-
\??\c:\5nbttt.exec:\5nbttt.exe30⤵
- Executes dropped EXE
-
\??\c:\nntntn.exec:\nntntn.exe31⤵
- Executes dropped EXE
-
\??\c:\ffxlxxl.exec:\ffxlxxl.exe32⤵
- Executes dropped EXE
-
\??\c:\08684.exec:\08684.exe33⤵
- Executes dropped EXE
-
\??\c:\448866.exec:\448866.exe34⤵
- Executes dropped EXE
-
\??\c:\vpjpp.exec:\vpjpp.exe35⤵
- Executes dropped EXE
-
\??\c:\e08084.exec:\e08084.exe36⤵
- Executes dropped EXE
-
\??\c:\8202408.exec:\8202408.exe37⤵
- Executes dropped EXE
-
\??\c:\i208006.exec:\i208006.exe38⤵
- Executes dropped EXE
-
\??\c:\4262468.exec:\4262468.exe39⤵
- Executes dropped EXE
-
\??\c:\rlxlrxf.exec:\rlxlrxf.exe40⤵
- Executes dropped EXE
-
\??\c:\4866486.exec:\4866486.exe41⤵
- Executes dropped EXE
-
\??\c:\a8680.exec:\a8680.exe42⤵
- Executes dropped EXE
-
\??\c:\m8660.exec:\m8660.exe43⤵
- Executes dropped EXE
-
\??\c:\fxfxflx.exec:\fxfxflx.exe44⤵
- Executes dropped EXE
-
\??\c:\fxrfrxr.exec:\fxrfrxr.exe45⤵
- Executes dropped EXE
-
\??\c:\2262468.exec:\2262468.exe46⤵
- Executes dropped EXE
-
\??\c:\lfxfrlf.exec:\lfxfrlf.exe47⤵
- Executes dropped EXE
-
\??\c:\426800.exec:\426800.exe48⤵
- Executes dropped EXE
-
\??\c:\bbbbhn.exec:\bbbbhn.exe49⤵
- Executes dropped EXE
-
\??\c:\6422002.exec:\6422002.exe50⤵
- Executes dropped EXE
-
\??\c:\4862008.exec:\4862008.exe51⤵
- Executes dropped EXE
-
\??\c:\422660.exec:\422660.exe52⤵
- Executes dropped EXE
-
\??\c:\86008.exec:\86008.exe53⤵
- Executes dropped EXE
-
\??\c:\48620.exec:\48620.exe54⤵
- Executes dropped EXE
-
\??\c:\tbnhtb.exec:\tbnhtb.exe55⤵
- Executes dropped EXE
-
\??\c:\jjdpj.exec:\jjdpj.exe56⤵
- Executes dropped EXE
-
\??\c:\e24082.exec:\e24082.exe57⤵
- Executes dropped EXE
-
\??\c:\2644220.exec:\2644220.exe58⤵
- Executes dropped EXE
-
\??\c:\nhbtbh.exec:\nhbtbh.exe59⤵
- Executes dropped EXE
-
\??\c:\00404.exec:\00404.exe60⤵
- Executes dropped EXE
-
\??\c:\08846.exec:\08846.exe61⤵
- Executes dropped EXE
-
\??\c:\o868406.exec:\o868406.exe62⤵
- Executes dropped EXE
-
\??\c:\nhhhnn.exec:\nhhhnn.exe63⤵
- Executes dropped EXE
-
\??\c:\rxxxxrf.exec:\rxxxxrf.exe64⤵
- Executes dropped EXE
-
\??\c:\420400.exec:\420400.exe65⤵
- Executes dropped EXE
-
\??\c:\3ppdp.exec:\3ppdp.exe66⤵
-
\??\c:\nhbbnb.exec:\nhbbnb.exe67⤵
-
\??\c:\xrxrxxl.exec:\xrxrxxl.exe68⤵
-
\??\c:\i202068.exec:\i202068.exe69⤵
-
\??\c:\604688.exec:\604688.exe70⤵
-
\??\c:\200640.exec:\200640.exe71⤵
-
\??\c:\046866.exec:\046866.exe72⤵
-
\??\c:\o868628.exec:\o868628.exe73⤵
-
\??\c:\642868.exec:\642868.exe74⤵
-
\??\c:\k48428.exec:\k48428.exe75⤵
-
\??\c:\08608.exec:\08608.exe76⤵
-
\??\c:\tnhntb.exec:\tnhntb.exe77⤵
-
\??\c:\0828028.exec:\0828028.exe78⤵
-
\??\c:\868466.exec:\868466.exe79⤵
-
\??\c:\xrllxfx.exec:\xrllxfx.exe80⤵
-
\??\c:\64280.exec:\64280.exe81⤵
-
\??\c:\lflxxrf.exec:\lflxxrf.exe82⤵
-
\??\c:\080088.exec:\080088.exe83⤵
-
\??\c:\9tnntb.exec:\9tnntb.exe84⤵
-
\??\c:\8864246.exec:\8864246.exe85⤵
-
\??\c:\1xfrrxf.exec:\1xfrrxf.exe86⤵
-
\??\c:\864622.exec:\864622.exe87⤵
-
\??\c:\9rfxffx.exec:\9rfxffx.exe88⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe89⤵
-
\??\c:\26824.exec:\26824.exe90⤵
-
\??\c:\m8808.exec:\m8808.exe91⤵
-
\??\c:\rlflrxf.exec:\rlflrxf.exe92⤵
-
\??\c:\e80460.exec:\e80460.exe93⤵
-
\??\c:\jdddp.exec:\jdddp.exe94⤵
-
\??\c:\ppvjv.exec:\ppvjv.exe95⤵
-
\??\c:\42068.exec:\42068.exe96⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe97⤵
-
\??\c:\nnhhhh.exec:\nnhhhh.exe98⤵
-
\??\c:\frflrrf.exec:\frflrrf.exe99⤵
-
\??\c:\5jddj.exec:\5jddj.exe100⤵
-
\??\c:\0480280.exec:\0480280.exe101⤵
-
\??\c:\m0424.exec:\m0424.exe102⤵
-
\??\c:\0480668.exec:\0480668.exe103⤵
-
\??\c:\ppjdp.exec:\ppjdp.exe104⤵
-
\??\c:\ddpvp.exec:\ddpvp.exe105⤵
-
\??\c:\u644068.exec:\u644068.exe106⤵
-
\??\c:\vjvdv.exec:\vjvdv.exe107⤵
-
\??\c:\vvjpv.exec:\vvjpv.exe108⤵
-
\??\c:\lxrllxx.exec:\lxrllxx.exe109⤵
-
\??\c:\86488.exec:\86488.exe110⤵
-
\??\c:\vvpjp.exec:\vvpjp.exe111⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe112⤵
-
\??\c:\lfrxlrx.exec:\lfrxlrx.exe113⤵
-
\??\c:\60802.exec:\60802.exe114⤵
-
\??\c:\fxrrflf.exec:\fxrrflf.exe115⤵
-
\??\c:\60668.exec:\60668.exe116⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe117⤵
-
\??\c:\k42600.exec:\k42600.exe118⤵
-
\??\c:\2684668.exec:\2684668.exe119⤵
-
\??\c:\7jjjv.exec:\7jjjv.exe120⤵
-
\??\c:\0844268.exec:\0844268.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-