Analysis
-
max time kernel
119s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
19-12-2024 05:43
General
-
Target
354031771af37f4cfe7d31435341e5c8e420f1479edb343476681c4c82029e4c.exe
-
Size
82KB
-
MD5
7b9f0a7b90de77b4940357127d5be098
-
SHA1
95c14897730771404ce4afe3748ff5ac5341fb61
-
SHA256
354031771af37f4cfe7d31435341e5c8e420f1479edb343476681c4c82029e4c
-
SHA512
a4d1e321aa4caedda459290e7ed690c45db5bd141bf565732a70231ec5669fd6ee6a2d64c13e2bc9d89b3886d5472ab244767180424610fe709c4781fd8d4548
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqC5rINFE4yeqB:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqCu4rJ
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\354031771af37f4cfe7d31435341e5c8e420f1479edb343476681c4c82029e4c.exe"C:\Users\Admin\AppData\Local\Temp\354031771af37f4cfe7d31435341e5c8e420f1479edb343476681c4c82029e4c.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrxxl.exec:\rlrrxxl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbhn.exec:\tnbbhn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjdp.exec:\dpjdp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpvp.exec:\pjpvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrlrrf.exec:\lfrlrrf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbnbn.exec:\nhbnbn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnnbb.exec:\hbnnbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppdv.exec:\pppdv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxllrx.exec:\xrxllrx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrllxxl.exec:\lrllxxl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhthtb.exec:\nhthtb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnnnb.exec:\hnnnnb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jjpj.exec:\3jjpj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxlrxf.exec:\lfxlrxf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflrrrl.exec:\xflrrrl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthntt.exec:\bthntt.exe17⤵
- Executes dropped EXE
-
\??\c:\9nhhnb.exec:\9nhhnb.exe18⤵
- Executes dropped EXE
-
\??\c:\jjjpv.exec:\jjjpv.exe19⤵
- Executes dropped EXE
-
\??\c:\vjjjp.exec:\vjjjp.exe20⤵
- Executes dropped EXE
-
\??\c:\fxfxxrx.exec:\fxfxxrx.exe21⤵
- Executes dropped EXE
-
\??\c:\lrrfrrx.exec:\lrrfrrx.exe22⤵
- Executes dropped EXE
-
\??\c:\5ttnht.exec:\5ttnht.exe23⤵
- Executes dropped EXE
-
\??\c:\btnnbb.exec:\btnnbb.exe24⤵
- Executes dropped EXE
-
\??\c:\jvvpp.exec:\jvvpp.exe25⤵
- Executes dropped EXE
-
\??\c:\lfxxffl.exec:\lfxxffl.exe26⤵
- Executes dropped EXE
-
\??\c:\fffxrxl.exec:\fffxrxl.exe27⤵
- Executes dropped EXE
-
\??\c:\nnnntb.exec:\nnnntb.exe28⤵
- Executes dropped EXE
-
\??\c:\7pjjj.exec:\7pjjj.exe29⤵
- Executes dropped EXE
-
\??\c:\7jdpd.exec:\7jdpd.exe30⤵
- Executes dropped EXE
-
\??\c:\xxllxlf.exec:\xxllxlf.exe31⤵
- Executes dropped EXE
-
\??\c:\xrrlrrx.exec:\xrrlrrx.exe32⤵
- Executes dropped EXE
-
\??\c:\nhtthb.exec:\nhtthb.exe33⤵
- Executes dropped EXE
-
\??\c:\htnntb.exec:\htnntb.exe34⤵
- Executes dropped EXE
-
\??\c:\jjddp.exec:\jjddp.exe35⤵
- Executes dropped EXE
-
\??\c:\3vvvj.exec:\3vvvj.exe36⤵
- Executes dropped EXE
-
\??\c:\xxrrxfl.exec:\xxrrxfl.exe37⤵
- Executes dropped EXE
-
\??\c:\xrxrfxf.exec:\xrxrfxf.exe38⤵
- Executes dropped EXE
-
\??\c:\hbntnb.exec:\hbntnb.exe39⤵
- Executes dropped EXE
-
\??\c:\hbtbbh.exec:\hbtbbh.exe40⤵
- Executes dropped EXE
-
\??\c:\ppjjv.exec:\ppjjv.exe41⤵
- Executes dropped EXE
-
\??\c:\3ddvd.exec:\3ddvd.exe42⤵
- Executes dropped EXE
-
\??\c:\dvjpj.exec:\dvjpj.exe43⤵
- Executes dropped EXE
-
\??\c:\ffllrxf.exec:\ffllrxf.exe44⤵
- Executes dropped EXE
-
\??\c:\rrflrrr.exec:\rrflrrr.exe45⤵
- Executes dropped EXE
-
\??\c:\hbthtb.exec:\hbthtb.exe46⤵
- Executes dropped EXE
-
\??\c:\btntbh.exec:\btntbh.exe47⤵
- Executes dropped EXE
-
\??\c:\dvjjv.exec:\dvjjv.exe48⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe49⤵
- Executes dropped EXE
-
\??\c:\fxlrffl.exec:\fxlrffl.exe50⤵
- Executes dropped EXE
-
\??\c:\xfflrlr.exec:\xfflrlr.exe51⤵
- Executes dropped EXE
-
\??\c:\3nhnhn.exec:\3nhnhn.exe52⤵
- Executes dropped EXE
-
\??\c:\djjvv.exec:\djjvv.exe53⤵
- Executes dropped EXE
-
\??\c:\7djjd.exec:\7djjd.exe54⤵
- Executes dropped EXE
-
\??\c:\frfrrlf.exec:\frfrrlf.exe55⤵
- Executes dropped EXE
-
\??\c:\tnhntt.exec:\tnhntt.exe56⤵
- Executes dropped EXE
-
\??\c:\nbhbbb.exec:\nbhbbb.exe57⤵
- Executes dropped EXE
-
\??\c:\pvjdj.exec:\pvjdj.exe58⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe59⤵
- Executes dropped EXE
-
\??\c:\7fxfllx.exec:\7fxfllx.exe60⤵
- Executes dropped EXE
-
\??\c:\9xrxxfr.exec:\9xrxxfr.exe61⤵
- Executes dropped EXE
-
\??\c:\5nhtnt.exec:\5nhtnt.exe62⤵
- Executes dropped EXE
-
\??\c:\bthnbh.exec:\bthnbh.exe63⤵
- Executes dropped EXE
-
\??\c:\7dddj.exec:\7dddj.exe64⤵
- Executes dropped EXE
-
\??\c:\jvvpp.exec:\jvvpp.exe65⤵
- Executes dropped EXE
-
\??\c:\9fxxxxf.exec:\9fxxxxf.exe66⤵
-
\??\c:\nbthhn.exec:\nbthhn.exe67⤵
-
\??\c:\1bbbhh.exec:\1bbbhh.exe68⤵
-
\??\c:\nbnttb.exec:\nbnttb.exe69⤵
-
\??\c:\pdpvp.exec:\pdpvp.exe70⤵
-
\??\c:\pvdvv.exec:\pvdvv.exe71⤵
-
\??\c:\1xrllxf.exec:\1xrllxf.exe72⤵
-
\??\c:\tnthnb.exec:\tnthnb.exe73⤵
-
\??\c:\7nttbt.exec:\7nttbt.exe74⤵
-
\??\c:\7pjvv.exec:\7pjvv.exe75⤵
-
\??\c:\ddppd.exec:\ddppd.exe76⤵
-
\??\c:\xrflrxf.exec:\xrflrxf.exe77⤵
-
\??\c:\fxrxxfl.exec:\fxrxxfl.exe78⤵
-
\??\c:\nhbhhn.exec:\nhbhhn.exe79⤵
-
\??\c:\ttntht.exec:\ttntht.exe80⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe81⤵
-
\??\c:\3pjjp.exec:\3pjjp.exe82⤵
-
\??\c:\llllrxf.exec:\llllrxf.exe83⤵
-
\??\c:\xxfxffl.exec:\xxfxffl.exe84⤵
-
\??\c:\thbbbt.exec:\thbbbt.exe85⤵
-
\??\c:\bbntbh.exec:\bbntbh.exe86⤵
-
\??\c:\dpjjd.exec:\dpjjd.exe87⤵
-
\??\c:\vjjjp.exec:\vjjjp.exe88⤵
-
\??\c:\xrflfxf.exec:\xrflfxf.exe89⤵
-
\??\c:\rrxxlrf.exec:\rrxxlrf.exe90⤵
-
\??\c:\5bbbhb.exec:\5bbbhb.exe91⤵
-
\??\c:\tnhbbh.exec:\tnhbbh.exe92⤵
-
\??\c:\9dpdj.exec:\9dpdj.exe93⤵
-
\??\c:\fxfxrxx.exec:\fxfxrxx.exe94⤵
-
\??\c:\rlxlrrf.exec:\rlxlrrf.exe95⤵
-
\??\c:\ttbbnn.exec:\ttbbnn.exe96⤵
-
\??\c:\nhbhhn.exec:\nhbhhn.exe97⤵
-
\??\c:\9pddp.exec:\9pddp.exe98⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe99⤵
-
\??\c:\rfrrxxl.exec:\rfrrxxl.exe100⤵
-
\??\c:\xlrlllf.exec:\xlrlllf.exe101⤵
-
\??\c:\hhbhhn.exec:\hhbhhn.exe102⤵
-
\??\c:\htbnnh.exec:\htbnnh.exe103⤵
-
\??\c:\7vdjp.exec:\7vdjp.exe104⤵
-
\??\c:\1lfrxll.exec:\1lfrxll.exe105⤵
-
\??\c:\5rrfrrf.exec:\5rrfrrf.exe106⤵
-
\??\c:\tnbhth.exec:\tnbhth.exe107⤵
-
\??\c:\3hbnnt.exec:\3hbnnt.exe108⤵
-
\??\c:\nbnhnb.exec:\nbnhnb.exe109⤵
-
\??\c:\dvdjd.exec:\dvdjd.exe110⤵
-
\??\c:\vpdjd.exec:\vpdjd.exe111⤵
-
\??\c:\rfrfrrl.exec:\rfrfrrl.exe112⤵
-
\??\c:\rllfflr.exec:\rllfflr.exe113⤵
-
\??\c:\bnbbhh.exec:\bnbbhh.exe114⤵
-
\??\c:\thhnbt.exec:\thhnbt.exe115⤵
-
\??\c:\7jdjv.exec:\7jdjv.exe116⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe117⤵
-
\??\c:\rrflrxf.exec:\rrflrxf.exe118⤵
-
\??\c:\xrlxrlf.exec:\xrlxrlf.exe119⤵
-
\??\c:\1tnthh.exec:\1tnthh.exe120⤵
-
\??\c:\nbnnnt.exec:\nbnnnt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-