Analysis
-
max time kernel
120s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
19-12-2024 20:44
General
-
Target
f98cc284f2ffbb1251875f8470a94fe7408bc69590f0161bec6c66162eb6273aN.exe
-
Size
454KB
-
MD5
c2a6cf711c7dd1a203202a4bccabfea0
-
SHA1
ce800c6238ffc5172615a8d60d6070ba17c31ed9
-
SHA256
f98cc284f2ffbb1251875f8470a94fe7408bc69590f0161bec6c66162eb6273a
-
SHA512
3076e135782908258e296b748d31b2e44dc245666e02f18879823134d5ca3a7a5bbc7afbc9f3928ea5323c423d33bfeaa6d7d0c9bf719001ea508f26c6381e91
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbe5:q7Tc2NYHUrAwfMp3CD5
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 42 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 43 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f98cc284f2ffbb1251875f8470a94fe7408bc69590f0161bec6c66162eb6273aN.exe"C:\Users\Admin\AppData\Local\Temp\f98cc284f2ffbb1251875f8470a94fe7408bc69590f0161bec6c66162eb6273aN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fnxvrd.exec:\fnxvrd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvlnr.exec:\jvlnr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hltdxhj.exec:\hltdxhj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lhbbdx.exec:\lhbbdx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvbnh.exec:\dvbnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnprth.exec:\btnprth.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bvphpr.exec:\bvphpr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dxvnj.exec:\dxvnj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dntpbnd.exec:\dntpbnd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\phnrv.exec:\phnrv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxtltjn.exec:\xxtltjn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvdll.exec:\dpvdll.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dblvdh.exec:\dblvdh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpxxjn.exec:\dvpxxjn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffpfl.exec:\lffpfl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bjvftv.exec:\bjvftv.exe17⤵
- Executes dropped EXE
-
\??\c:\xhtlxj.exec:\xhtlxj.exe18⤵
- Executes dropped EXE
-
\??\c:\vlrfvl.exec:\vlrfvl.exe19⤵
- Executes dropped EXE
-
\??\c:\tvdldh.exec:\tvdldh.exe20⤵
- Executes dropped EXE
-
\??\c:\tbnrbvr.exec:\tbnrbvr.exe21⤵
- Executes dropped EXE
-
\??\c:\txbxjx.exec:\txbxjx.exe22⤵
- Executes dropped EXE
-
\??\c:\pbhrrbp.exec:\pbhrrbp.exe23⤵
- Executes dropped EXE
-
\??\c:\xphdv.exec:\xphdv.exe24⤵
- Executes dropped EXE
-
\??\c:\hbdnp.exec:\hbdnp.exe25⤵
- Executes dropped EXE
-
\??\c:\pbxrjt.exec:\pbxrjt.exe26⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\ltbrx.exec:\ltbrx.exe27⤵
- Executes dropped EXE
-
\??\c:\dtthf.exec:\dtthf.exe28⤵
- Executes dropped EXE
-
\??\c:\xljdr.exec:\xljdr.exe29⤵
- Executes dropped EXE
-
\??\c:\nbrjj.exec:\nbrjj.exe30⤵
- Executes dropped EXE
-
\??\c:\rfhfxtv.exec:\rfhfxtv.exe31⤵
- Executes dropped EXE
-
\??\c:\pjhdv.exec:\pjhdv.exe32⤵
- Executes dropped EXE
-
\??\c:\ntvjhfb.exec:\ntvjhfb.exe33⤵
- Executes dropped EXE
-
\??\c:\lrjjd.exec:\lrjjd.exe34⤵
- Executes dropped EXE
-
\??\c:\vhnbjv.exec:\vhnbjv.exe35⤵
- Executes dropped EXE
-
\??\c:\bnjhpv.exec:\bnjhpv.exe36⤵
- Executes dropped EXE
-
\??\c:\rbtnjfl.exec:\rbtnjfl.exe37⤵
- Executes dropped EXE
-
\??\c:\jfnvhn.exec:\jfnvhn.exe38⤵
- Executes dropped EXE
-
\??\c:\nrlhplh.exec:\nrlhplh.exe39⤵
- Executes dropped EXE
-
\??\c:\dbtnn.exec:\dbtnn.exe40⤵
- Executes dropped EXE
-
\??\c:\rvdrvhp.exec:\rvdrvhp.exe41⤵
- Executes dropped EXE
-
\??\c:\vfpxtr.exec:\vfpxtr.exe42⤵
- Executes dropped EXE
-
\??\c:\vvbhfvf.exec:\vvbhfvf.exe43⤵
- Executes dropped EXE
-
\??\c:\ffxnppr.exec:\ffxnppr.exe44⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\fxjtt.exec:\fxjtt.exe45⤵
- Executes dropped EXE
-
\??\c:\ddbfnj.exec:\ddbfnj.exe46⤵
- Executes dropped EXE
-
\??\c:\jhtlb.exec:\jhtlb.exe47⤵
- Executes dropped EXE
-
\??\c:\vphfbjr.exec:\vphfbjr.exe48⤵
- Executes dropped EXE
-
\??\c:\nnpnp.exec:\nnpnp.exe49⤵
- Executes dropped EXE
-
\??\c:\tjrbf.exec:\tjrbf.exe50⤵
- Executes dropped EXE
-
\??\c:\rvdrjrx.exec:\rvdrjrx.exe51⤵
- Executes dropped EXE
-
\??\c:\bvhdjxf.exec:\bvhdjxf.exe52⤵
- Executes dropped EXE
-
\??\c:\vvnnlx.exec:\vvnnlx.exe53⤵
- Executes dropped EXE
-
\??\c:\njlfj.exec:\njlfj.exe54⤵
- Executes dropped EXE
-
\??\c:\nlrfrfb.exec:\nlrfrfb.exe55⤵
- Executes dropped EXE
-
\??\c:\pjxxd.exec:\pjxxd.exe56⤵
- Executes dropped EXE
-
\??\c:\tvvnrn.exec:\tvvnrn.exe57⤵
- Executes dropped EXE
-
\??\c:\rfjnp.exec:\rfjnp.exe58⤵
- Executes dropped EXE
-
\??\c:\rvhdh.exec:\rvhdh.exe59⤵
- Executes dropped EXE
-
\??\c:\tvfpjjp.exec:\tvfpjjp.exe60⤵
- Executes dropped EXE
-
\??\c:\trljhdd.exec:\trljhdd.exe61⤵
- Executes dropped EXE
-
\??\c:\djnltxr.exec:\djnltxr.exe62⤵
- Executes dropped EXE
-
\??\c:\hrrlj.exec:\hrrlj.exe63⤵
- Executes dropped EXE
-
\??\c:\bflrtnp.exec:\bflrtnp.exe64⤵
- Executes dropped EXE
-
\??\c:\hhbrbf.exec:\hhbrbf.exe65⤵
- Executes dropped EXE
-
\??\c:\jvdxpjb.exec:\jvdxpjb.exe66⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xfbtb.exec:\xfbtb.exe67⤵
-
\??\c:\rfxrrnh.exec:\rfxrrnh.exe68⤵
-
\??\c:\trrrb.exec:\trrrb.exe69⤵
-
\??\c:\thtfljn.exec:\thtfljn.exe70⤵
-
\??\c:\vdrtb.exec:\vdrtb.exe71⤵
-
\??\c:\xltpv.exec:\xltpv.exe72⤵
-
\??\c:\rrlhjp.exec:\rrlhjp.exe73⤵
-
\??\c:\nbxvl.exec:\nbxvl.exe74⤵
-
\??\c:\fxnjvd.exec:\fxnjvd.exe75⤵
-
\??\c:\lphbdn.exec:\lphbdn.exe76⤵
-
\??\c:\jjnhtx.exec:\jjnhtx.exe77⤵
-
\??\c:\bljlrlt.exec:\bljlrlt.exe78⤵
-
\??\c:\xdbhfnn.exec:\xdbhfnn.exe79⤵
-
\??\c:\rttnd.exec:\rttnd.exe80⤵
-
\??\c:\jtpnjvt.exec:\jtpnjvt.exe81⤵
-
\??\c:\xhlhhl.exec:\xhlhhl.exe82⤵
-
\??\c:\tlpvx.exec:\tlpvx.exe83⤵
-
\??\c:\xldvl.exec:\xldvl.exe84⤵
-
\??\c:\rvnht.exec:\rvnht.exe85⤵
-
\??\c:\dhrlh.exec:\dhrlh.exe86⤵
-
\??\c:\htjjjrl.exec:\htjjjrl.exe87⤵
-
\??\c:\xvvpxdn.exec:\xvvpxdn.exe88⤵
-
\??\c:\rnblf.exec:\rnblf.exe89⤵
-
\??\c:\jjbjtn.exec:\jjbjtn.exe90⤵
-
\??\c:\vjhbvx.exec:\vjhbvx.exe91⤵
-
\??\c:\hlldrl.exec:\hlldrl.exe92⤵
-
\??\c:\hpjdfxr.exec:\hpjdfxr.exe93⤵
-
\??\c:\xjvtlb.exec:\xjvtlb.exe94⤵
-
\??\c:\xjtxl.exec:\xjtxl.exe95⤵
-
\??\c:\ftbjdn.exec:\ftbjdn.exe96⤵
-
\??\c:\lhhxd.exec:\lhhxd.exe97⤵
-
\??\c:\xpnvjnf.exec:\xpnvjnf.exe98⤵
-
\??\c:\ttpjpb.exec:\ttpjpb.exe99⤵
-
\??\c:\vlrlnb.exec:\vlrlnb.exe100⤵
-
\??\c:\hjbfpp.exec:\hjbfpp.exe101⤵
-
\??\c:\ntxnn.exec:\ntxnn.exe102⤵
-
\??\c:\hhrxfpd.exec:\hhrxfpd.exe103⤵
-
\??\c:\jdrdv.exec:\jdrdv.exe104⤵
-
\??\c:\dnltj.exec:\dnltj.exe105⤵
-
\??\c:\vvpnpbh.exec:\vvpnpbh.exe106⤵
-
\??\c:\jppvxhh.exec:\jppvxhh.exe107⤵
-
\??\c:\jrvhxv.exec:\jrvhxv.exe108⤵
-
\??\c:\ffrhtb.exec:\ffrhtb.exe109⤵
-
\??\c:\fnhffb.exec:\fnhffb.exe110⤵
-
\??\c:\dvddlfn.exec:\dvddlfn.exe111⤵
-
\??\c:\jpnnbx.exec:\jpnnbx.exe112⤵
-
\??\c:\jldltb.exec:\jldltb.exe113⤵
-
\??\c:\trblv.exec:\trblv.exe114⤵
-
\??\c:\lhprbj.exec:\lhprbj.exe115⤵
-
\??\c:\lnrjf.exec:\lnrjf.exe116⤵
-
\??\c:\vflnrtt.exec:\vflnrtt.exe117⤵
-
\??\c:\nnplhbx.exec:\nnplhbx.exe118⤵
-
\??\c:\fnrnh.exec:\fnrnh.exe119⤵
-
\??\c:\lnlvvvh.exec:\lnlvvvh.exe120⤵
-
\??\c:\xrjhvx.exec:\xrjhvx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-