Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
19-12-2024 04:38
General
-
Target
d4adf484f02c6e93bd0759ed341b66fee884f9af9fcd5226ff96a25a1b6421c5.exe
-
Size
454KB
-
MD5
bab647ed6b219dc5cf40af47a6f6796a
-
SHA1
215e1c77d9b35bdcaa112de681d81a47f9c56db5
-
SHA256
d4adf484f02c6e93bd0759ed341b66fee884f9af9fcd5226ff96a25a1b6421c5
-
SHA512
17cae0ce2242c1dc5e0cf232e821881cf3cd14defcd09ab6a219696cf0b70132741dd51b2e9cf59df65a2181ae1f546216f2a37aa5cc041d793ef13a827558f3
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbex:q7Tc2NYHUrAwfMp3CDx
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 36 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 46 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d4adf484f02c6e93bd0759ed341b66fee884f9af9fcd5226ff96a25a1b6421c5.exe"C:\Users\Admin\AppData\Local\Temp\d4adf484f02c6e93bd0759ed341b66fee884f9af9fcd5226ff96a25a1b6421c5.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppj.exec:\dvppj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllfrrl.exec:\lllfrrl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnthh.exec:\hbnthh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jdjv.exec:\5jdjv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrxllx.exec:\rxrxllx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hbntt.exec:\7hbntt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppd.exec:\dvppd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vppd.exec:\5vppd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrflf.exec:\xrlrflf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3htbbh.exec:\3htbbh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrffrrx.exec:\xrffrrx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbhnn.exec:\btbhnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1htbhh.exec:\1htbhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvvd.exec:\jdvvd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fxxxxl.exec:\1fxxxxl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxlxff.exec:\rfxlxff.exe17⤵
- Executes dropped EXE
-
\??\c:\nnthbh.exec:\nnthbh.exe18⤵
- Executes dropped EXE
-
\??\c:\thbbnn.exec:\thbbnn.exe19⤵
- Executes dropped EXE
-
\??\c:\dpjjp.exec:\dpjjp.exe20⤵
- Executes dropped EXE
-
\??\c:\fxxrxxf.exec:\fxxrxxf.exe21⤵
- Executes dropped EXE
-
\??\c:\bnbtnt.exec:\bnbtnt.exe22⤵
- Executes dropped EXE
-
\??\c:\tntnth.exec:\tntnth.exe23⤵
- Executes dropped EXE
-
\??\c:\pjvpj.exec:\pjvpj.exe24⤵
- Executes dropped EXE
-
\??\c:\rrfllrr.exec:\rrfllrr.exe25⤵
- Executes dropped EXE
-
\??\c:\tbnbhb.exec:\tbnbhb.exe26⤵
- Executes dropped EXE
-
\??\c:\hbhnbb.exec:\hbhnbb.exe27⤵
- Executes dropped EXE
-
\??\c:\xfxfxfr.exec:\xfxfxfr.exe28⤵
- Executes dropped EXE
-
\??\c:\bbttbt.exec:\bbttbt.exe29⤵
- Executes dropped EXE
-
\??\c:\bttbnn.exec:\bttbnn.exe30⤵
- Executes dropped EXE
-
\??\c:\dvdjp.exec:\dvdjp.exe31⤵
- Executes dropped EXE
-
\??\c:\1xrlllr.exec:\1xrlllr.exe32⤵
- Executes dropped EXE
-
\??\c:\nbtbbb.exec:\nbtbbb.exe33⤵
- Executes dropped EXE
-
\??\c:\tbnbbh.exec:\tbnbbh.exe34⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\fxxxflf.exec:\fxxxflf.exe35⤵
- Executes dropped EXE
-
\??\c:\fxrrrxx.exec:\fxrrrxx.exe36⤵
- Executes dropped EXE
-
\??\c:\thtnnh.exec:\thtnnh.exe37⤵
- Executes dropped EXE
-
\??\c:\vpdjj.exec:\vpdjj.exe38⤵
- Executes dropped EXE
-
\??\c:\dpjjd.exec:\dpjjd.exe39⤵
- Executes dropped EXE
-
\??\c:\llrxlrf.exec:\llrxlrf.exe40⤵
- Executes dropped EXE
-
\??\c:\rrflllx.exec:\rrflllx.exe41⤵
- Executes dropped EXE
-
\??\c:\5tnnbn.exec:\5tnnbn.exe42⤵
- Executes dropped EXE
-
\??\c:\5dpvp.exec:\5dpvp.exe43⤵
- Executes dropped EXE
-
\??\c:\fxrfflf.exec:\fxrfflf.exe44⤵
- Executes dropped EXE
-
\??\c:\3rllrfl.exec:\3rllrfl.exe45⤵
- Executes dropped EXE
-
\??\c:\hhnnbn.exec:\hhnnbn.exe46⤵
- Executes dropped EXE
-
\??\c:\vvpvd.exec:\vvpvd.exe47⤵
- Executes dropped EXE
-
\??\c:\dpjpv.exec:\dpjpv.exe48⤵
- Executes dropped EXE
-
\??\c:\5bntnt.exec:\5bntnt.exe49⤵
- Executes dropped EXE
-
\??\c:\nbntbb.exec:\nbntbb.exe50⤵
- Executes dropped EXE
-
\??\c:\pdpjd.exec:\pdpjd.exe51⤵
- Executes dropped EXE
-
\??\c:\lrlxxxf.exec:\lrlxxxf.exe52⤵
- Executes dropped EXE
-
\??\c:\tttnnb.exec:\tttnnb.exe53⤵
- Executes dropped EXE
-
\??\c:\jpjdd.exec:\jpjdd.exe54⤵
- Executes dropped EXE
-
\??\c:\xfxfllf.exec:\xfxfllf.exe55⤵
- Executes dropped EXE
-
\??\c:\bttbbh.exec:\bttbbh.exe56⤵
- Executes dropped EXE
-
\??\c:\vjjjv.exec:\vjjjv.exe57⤵
- Executes dropped EXE
-
\??\c:\xxrrxfl.exec:\xxrrxfl.exe58⤵
- Executes dropped EXE
-
\??\c:\tnttbb.exec:\tnttbb.exe59⤵
- Executes dropped EXE
-
\??\c:\3nhhhh.exec:\3nhhhh.exe60⤵
- Executes dropped EXE
-
\??\c:\jvjdd.exec:\jvjdd.exe61⤵
- Executes dropped EXE
-
\??\c:\fxlffff.exec:\fxlffff.exe62⤵
- Executes dropped EXE
-
\??\c:\3tnnhn.exec:\3tnnhn.exe63⤵
- Executes dropped EXE
-
\??\c:\nhnttb.exec:\nhnttb.exe64⤵
- Executes dropped EXE
-
\??\c:\9pdvd.exec:\9pdvd.exe65⤵
- Executes dropped EXE
-
\??\c:\7xxxxrr.exec:\7xxxxrr.exe66⤵
-
\??\c:\nbnttb.exec:\nbnttb.exe67⤵
-
\??\c:\1hbbbn.exec:\1hbbbn.exe68⤵
-
\??\c:\7dvvd.exec:\7dvvd.exe69⤵
-
\??\c:\3fxflrr.exec:\3fxflrr.exe70⤵
-
\??\c:\7bntnn.exec:\7bntnn.exe71⤵
-
\??\c:\3nhnnt.exec:\3nhnnt.exe72⤵
-
\??\c:\pvvdv.exec:\pvvdv.exe73⤵
-
\??\c:\xlxxxxf.exec:\xlxxxxf.exe74⤵
-
\??\c:\nbtttb.exec:\nbtttb.exe75⤵
-
\??\c:\5nbtbb.exec:\5nbtbb.exe76⤵
- System Location Discovery: System Language Discovery
-
\??\c:\lfrflrx.exec:\lfrflrx.exe77⤵
-
\??\c:\5lfllfl.exec:\5lfllfl.exe78⤵
-
\??\c:\nhbhnt.exec:\nhbhnt.exe79⤵
-
\??\c:\nhntnn.exec:\nhntnn.exe80⤵
-
\??\c:\5vppv.exec:\5vppv.exe81⤵
-
\??\c:\7rlxflx.exec:\7rlxflx.exe82⤵
-
\??\c:\rrlxllx.exec:\rrlxllx.exe83⤵
-
\??\c:\5bttbb.exec:\5bttbb.exe84⤵
-
\??\c:\vvjjj.exec:\vvjjj.exe85⤵
-
\??\c:\xrffflx.exec:\xrffflx.exe86⤵
-
\??\c:\ffxflrf.exec:\ffxflrf.exe87⤵
-
\??\c:\9hbhtb.exec:\9hbhtb.exe88⤵
-
\??\c:\djdpd.exec:\djdpd.exe89⤵
-
\??\c:\pjddj.exec:\pjddj.exe90⤵
-
\??\c:\lfxfxlx.exec:\lfxfxlx.exe91⤵
-
\??\c:\frfxfxf.exec:\frfxfxf.exe92⤵
-
\??\c:\nnhnhn.exec:\nnhnhn.exe93⤵
-
\??\c:\dvppj.exec:\dvppj.exe94⤵
-
\??\c:\1xrxlrr.exec:\1xrxlrr.exe95⤵
-
\??\c:\1lflrfl.exec:\1lflrfl.exe96⤵
-
\??\c:\1tnnth.exec:\1tnnth.exe97⤵
-
\??\c:\ddvvd.exec:\ddvvd.exe98⤵
-
\??\c:\jdjvj.exec:\jdjvj.exe99⤵
-
\??\c:\rllfrxf.exec:\rllfrxf.exe100⤵
-
\??\c:\nttntt.exec:\nttntt.exe101⤵
-
\??\c:\bbbbhh.exec:\bbbbhh.exe102⤵
-
\??\c:\vvvjv.exec:\vvvjv.exe103⤵
-
\??\c:\xrlllrx.exec:\xrlllrx.exe104⤵
-
\??\c:\rxxflrf.exec:\rxxflrf.exe105⤵
-
\??\c:\nhbhhn.exec:\nhbhhn.exe106⤵
-
\??\c:\jpdvv.exec:\jpdvv.exe107⤵
-
\??\c:\rfrxxxx.exec:\rfrxxxx.exe108⤵
-
\??\c:\7fxfxfx.exec:\7fxfxfx.exe109⤵
-
\??\c:\hthntt.exec:\hthntt.exe110⤵
-
\??\c:\dpppd.exec:\dpppd.exe111⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe112⤵
-
\??\c:\fxxflrf.exec:\fxxflrf.exe113⤵
-
\??\c:\rllfflf.exec:\rllfflf.exe114⤵
-
\??\c:\tnhntb.exec:\tnhntb.exe115⤵
-
\??\c:\7pdjv.exec:\7pdjv.exe116⤵
-
\??\c:\7xxlxfr.exec:\7xxlxfr.exe117⤵
-
\??\c:\xrflrrx.exec:\xrflrrx.exe118⤵
-
\??\c:\htntnt.exec:\htntnt.exe119⤵
-
\??\c:\jjvpv.exec:\jjvpv.exe120⤵
-
\??\c:\djjvj.exec:\djjvj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-