Analysis
-
max time kernel
120s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
19-12-2024 20:59
General
-
Target
10edaea87b9eaf2e19f4fb94271d8d742b41f1a98a3354d7b54b8c4d13e1bc7cN.exe
-
Size
453KB
-
MD5
158dcbfc6c9d9db047e1397ffb2c5860
-
SHA1
2900eef7504a2e065290e3fd4223fedfa1498307
-
SHA256
10edaea87b9eaf2e19f4fb94271d8d742b41f1a98a3354d7b54b8c4d13e1bc7c
-
SHA512
c57ffa5bafe1f1e4380766c3ade8a43d95a38681abc39d75d17a0bfa782e1a26da50a5253d4601ee19c0e67f36637cac6165dc3d544de393a5aa1b4e1b2b7c08
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeD:q7Tc2NYHUrAwfMp3CDD
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 41 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 48 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\10edaea87b9eaf2e19f4fb94271d8d742b41f1a98a3354d7b54b8c4d13e1bc7cN.exe"C:\Users\Admin\AppData\Local\Temp\10edaea87b9eaf2e19f4fb94271d8d742b41f1a98a3354d7b54b8c4d13e1bc7cN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pxnrhn.exec:\pxnrhn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fbfpp.exec:\fbfpp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bffvr.exec:\bffvr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jthjpjv.exec:\jthjpjv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dxrdnvh.exec:\dxrdnvh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\njjnb.exec:\njjnb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vbftvb.exec:\vbftvb.exe8⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\hppbf.exec:\hppbf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bldbnn.exec:\bldbnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffnjnh.exec:\ffnjnh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rdtbn.exec:\rdtbn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ldhdfn.exec:\ldhdfn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ldfdlnd.exec:\ldfdlnd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjrpvpd.exec:\jjrpvpd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tpfptt.exec:\tpfptt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fpljjxr.exec:\fpljjxr.exe17⤵
- Executes dropped EXE
-
\??\c:\rfpjd.exec:\rfpjd.exe18⤵
- Executes dropped EXE
-
\??\c:\vvvrhd.exec:\vvvrhd.exe19⤵
- Executes dropped EXE
-
\??\c:\lrnnrf.exec:\lrnnrf.exe20⤵
- Executes dropped EXE
-
\??\c:\drvdxr.exec:\drvdxr.exe21⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\bhtflxb.exec:\bhtflxb.exe22⤵
- Executes dropped EXE
-
\??\c:\xhlrx.exec:\xhlrx.exe23⤵
- Executes dropped EXE
-
\??\c:\jhvvtt.exec:\jhvvtt.exe24⤵
- Executes dropped EXE
-
\??\c:\jnrxdtp.exec:\jnrxdtp.exe25⤵
- Executes dropped EXE
-
\??\c:\xjllp.exec:\xjllp.exe26⤵
- Executes dropped EXE
-
\??\c:\tvdxjnd.exec:\tvdxjnd.exe27⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\jhbvrht.exec:\jhbvrht.exe28⤵
- Executes dropped EXE
-
\??\c:\ffxpv.exec:\ffxpv.exe29⤵
- Executes dropped EXE
-
\??\c:\xtdxn.exec:\xtdxn.exe30⤵
- Executes dropped EXE
-
\??\c:\nrlpj.exec:\nrlpj.exe31⤵
- Executes dropped EXE
-
\??\c:\jjrxhp.exec:\jjrxhp.exe32⤵
- Executes dropped EXE
-
\??\c:\pdjpv.exec:\pdjpv.exe33⤵
- Executes dropped EXE
-
\??\c:\lbfphlb.exec:\lbfphlb.exe34⤵
- Executes dropped EXE
-
\??\c:\xpffx.exec:\xpffx.exe35⤵
- Executes dropped EXE
-
\??\c:\ththtp.exec:\ththtp.exe36⤵
- Executes dropped EXE
-
\??\c:\ftrtln.exec:\ftrtln.exe37⤵
- Executes dropped EXE
-
\??\c:\xtxndn.exec:\xtxndn.exe38⤵
- Executes dropped EXE
-
\??\c:\ldbpnpx.exec:\ldbpnpx.exe39⤵
- Executes dropped EXE
-
\??\c:\xbprnt.exec:\xbprnt.exe40⤵
- Executes dropped EXE
-
\??\c:\fxvxbn.exec:\fxvxbn.exe41⤵
- Executes dropped EXE
-
\??\c:\lhpnt.exec:\lhpnt.exe42⤵
- Executes dropped EXE
-
\??\c:\lvxdn.exec:\lvxdn.exe43⤵
- Executes dropped EXE
-
\??\c:\hjjnddd.exec:\hjjnddd.exe44⤵
- Executes dropped EXE
-
\??\c:\bdjbpnf.exec:\bdjbpnf.exe45⤵
- Executes dropped EXE
-
\??\c:\jxxnlp.exec:\jxxnlp.exe46⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\jptvx.exec:\jptvx.exe47⤵
- Executes dropped EXE
-
\??\c:\hhpvlx.exec:\hhpvlx.exe48⤵
- Executes dropped EXE
-
\??\c:\tnxnbph.exec:\tnxnbph.exe49⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\vbtprd.exec:\vbtprd.exe50⤵
- Executes dropped EXE
-
\??\c:\jbhjvv.exec:\jbhjvv.exe51⤵
- Executes dropped EXE
-
\??\c:\tdbbn.exec:\tdbbn.exe52⤵
- Executes dropped EXE
-
\??\c:\drjpd.exec:\drjpd.exe53⤵
- Executes dropped EXE
-
\??\c:\nvhntf.exec:\nvhntf.exe54⤵
- Executes dropped EXE
-
\??\c:\vvxdvv.exec:\vvxdvv.exe55⤵
- Executes dropped EXE
-
\??\c:\jjnht.exec:\jjnht.exe56⤵
- Executes dropped EXE
-
\??\c:\xxxxp.exec:\xxxxp.exe57⤵
- Executes dropped EXE
-
\??\c:\jxdjpnr.exec:\jxdjpnr.exe58⤵
- Executes dropped EXE
-
\??\c:\jbxfxjn.exec:\jbxfxjn.exe59⤵
- Executes dropped EXE
-
\??\c:\ndlrl.exec:\ndlrl.exe60⤵
- Executes dropped EXE
-
\??\c:\pbhxrd.exec:\pbhxrd.exe61⤵
- Executes dropped EXE
-
\??\c:\jrptx.exec:\jrptx.exe62⤵
- Executes dropped EXE
-
\??\c:\pvxfh.exec:\pvxfh.exe63⤵
- Executes dropped EXE
-
\??\c:\fbphlnn.exec:\fbphlnn.exe64⤵
- Executes dropped EXE
-
\??\c:\lvpvhfh.exec:\lvpvhfh.exe65⤵
- Executes dropped EXE
-
\??\c:\bnhjf.exec:\bnhjf.exe66⤵
-
\??\c:\vxjjx.exec:\vxjjx.exe67⤵
-
\??\c:\tpfdvfd.exec:\tpfdvfd.exe68⤵
-
\??\c:\ffntt.exec:\ffntt.exe69⤵
-
\??\c:\pdjvr.exec:\pdjvr.exe70⤵
-
\??\c:\lhrvf.exec:\lhrvf.exe71⤵
-
\??\c:\tpvdhjf.exec:\tpvdhjf.exe72⤵
-
\??\c:\jvfdfx.exec:\jvfdfx.exe73⤵
-
\??\c:\tnfjbjl.exec:\tnfjbjl.exe74⤵
-
\??\c:\brllx.exec:\brllx.exe75⤵
-
\??\c:\tjrjb.exec:\tjrjb.exe76⤵
-
\??\c:\plhnx.exec:\plhnx.exe77⤵
-
\??\c:\bnnxtff.exec:\bnnxtff.exe78⤵
-
\??\c:\lxbvt.exec:\lxbvt.exe79⤵
-
\??\c:\bdxdt.exec:\bdxdt.exe80⤵
-
\??\c:\jdxppl.exec:\jdxppl.exe81⤵
-
\??\c:\lbbdh.exec:\lbbdh.exe82⤵
-
\??\c:\vpvpnf.exec:\vpvpnf.exe83⤵
-
\??\c:\vrprphv.exec:\vrprphv.exe84⤵
-
\??\c:\jntpf.exec:\jntpf.exe85⤵
-
\??\c:\ntdtp.exec:\ntdtp.exe86⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xjfxld.exec:\xjfxld.exe87⤵
-
\??\c:\xdbvldj.exec:\xdbvldj.exe88⤵
-
\??\c:\tfvdrdf.exec:\tfvdrdf.exe89⤵
-
\??\c:\xvtffd.exec:\xvtffd.exe90⤵
-
\??\c:\nldxnht.exec:\nldxnht.exe91⤵
-
\??\c:\hxvvv.exec:\hxvvv.exe92⤵
-
\??\c:\nlvbv.exec:\nlvbv.exe93⤵
-
\??\c:\nhjxn.exec:\nhjxn.exe94⤵
-
\??\c:\vpftll.exec:\vpftll.exe95⤵
-
\??\c:\hhnvdpp.exec:\hhnvdpp.exe96⤵
-
\??\c:\pjtjjt.exec:\pjtjjt.exe97⤵
-
\??\c:\pldlnt.exec:\pldlnt.exe98⤵
-
\??\c:\lhfpl.exec:\lhfpl.exe99⤵
-
\??\c:\txlth.exec:\txlth.exe100⤵
-
\??\c:\tvvjtp.exec:\tvvjtp.exe101⤵
-
\??\c:\rxbpt.exec:\rxbpt.exe102⤵
-
\??\c:\ddntdfp.exec:\ddntdfp.exe103⤵
-
\??\c:\bpvpx.exec:\bpvpx.exe104⤵
-
\??\c:\pjtrhbn.exec:\pjtrhbn.exe105⤵
-
\??\c:\xfxjrl.exec:\xfxjrl.exe106⤵
-
\??\c:\fhhdh.exec:\fhhdh.exe107⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vbhphb.exec:\vbhphb.exe108⤵
-
\??\c:\dhldj.exec:\dhldj.exe109⤵
-
\??\c:\tbrffhr.exec:\tbrffhr.exe110⤵
-
\??\c:\nlntp.exec:\nlntp.exe111⤵
-
\??\c:\fxlbvjx.exec:\fxlbvjx.exe112⤵
-
\??\c:\fhxplb.exec:\fhxplb.exe113⤵
-
\??\c:\xjfnlf.exec:\xjfnlf.exe114⤵
-
\??\c:\dthvvjf.exec:\dthvvjf.exe115⤵
-
\??\c:\bppthxv.exec:\bppthxv.exe116⤵
-
\??\c:\rdnlvr.exec:\rdnlvr.exe117⤵
-
\??\c:\fddjb.exec:\fddjb.exe118⤵
-
\??\c:\dvpnpj.exec:\dvpnpj.exe119⤵
-
\??\c:\tfjjpt.exec:\tfjjpt.exe120⤵
-
\??\c:\rhrpf.exec:\rhrpf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-