Analysis
-
max time kernel
120s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
20-12-2024 01:09
General
-
Target
aea21d85085e6171ee3ab3d0523666c9a1fc96f9f137c63c48558cc955427634N.exe
-
Size
453KB
-
MD5
2c62a0e9528ad681d332fe7cbfb47b90
-
SHA1
2309b65c6d9e57019a29ce0601e6c170332f4621
-
SHA256
aea21d85085e6171ee3ab3d0523666c9a1fc96f9f137c63c48558cc955427634
-
SHA512
d9618bd088aaf17f3da0c040da070a41771d7f66f5dd06863dab8e4ef0a54ea5bd034ae407608b80e43fe506b23f39bd308230ad77df35bb14bad7fa9e8a103b
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeJ5:q7Tc2NYHUrAwfMp3CDJ5
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 40 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 44 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\aea21d85085e6171ee3ab3d0523666c9a1fc96f9f137c63c48558cc955427634N.exe"C:\Users\Admin\AppData\Local\Temp\aea21d85085e6171ee3ab3d0523666c9a1fc96f9f137c63c48558cc955427634N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9rrxlxr.exec:\9rrxlxr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhnhn.exec:\bhhnhn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbtbnt.exec:\tbtbnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxlxrl.exec:\xxxlxrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthtbh.exec:\tthtbh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7fxllrr.exec:\7fxllrr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xrfrfx.exec:\9xrfrfx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttbbn.exec:\nttbbn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrfrxl.exec:\fxrfrxl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rfxfrr.exec:\5rfxfrr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxxrxr.exec:\xfxxrxr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjd.exec:\pjdjd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrlfxx.exec:\llrlfxx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbhnt.exec:\hbbhnt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvj.exec:\jdpvj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxlxff.exec:\xfxlxff.exe17⤵
- Executes dropped EXE
-
\??\c:\jddpd.exec:\jddpd.exe18⤵
- Executes dropped EXE
-
\??\c:\hbhthh.exec:\hbhthh.exe19⤵
- Executes dropped EXE
-
\??\c:\pppvp.exec:\pppvp.exe20⤵
- Executes dropped EXE
-
\??\c:\llfxlrf.exec:\llfxlrf.exe21⤵
- Executes dropped EXE
-
\??\c:\5tnthh.exec:\5tnthh.exe22⤵
- Executes dropped EXE
-
\??\c:\1jdjv.exec:\1jdjv.exe23⤵
- Executes dropped EXE
-
\??\c:\nthnbh.exec:\nthnbh.exe24⤵
- Executes dropped EXE
-
\??\c:\7jpjv.exec:\7jpjv.exe25⤵
- Executes dropped EXE
-
\??\c:\1xlxffl.exec:\1xlxffl.exe26⤵
- Executes dropped EXE
-
\??\c:\hnbtth.exec:\hnbtth.exe27⤵
- Executes dropped EXE
-
\??\c:\ntnhbn.exec:\ntnhbn.exe28⤵
- Executes dropped EXE
-
\??\c:\btnbnt.exec:\btnbnt.exe29⤵
- Executes dropped EXE
-
\??\c:\5tbbtt.exec:\5tbbtt.exe30⤵
- Executes dropped EXE
-
\??\c:\pjjvj.exec:\pjjvj.exe31⤵
- Executes dropped EXE
-
\??\c:\xxxlfrl.exec:\xxxlfrl.exe32⤵
- Executes dropped EXE
-
\??\c:\dpvdp.exec:\dpvdp.exe33⤵
- Executes dropped EXE
-
\??\c:\5jjjv.exec:\5jjjv.exe34⤵
- Executes dropped EXE
-
\??\c:\7xllrxl.exec:\7xllrxl.exe35⤵
- Executes dropped EXE
-
\??\c:\bhbtnb.exec:\bhbtnb.exe36⤵
- Executes dropped EXE
-
\??\c:\jdvjv.exec:\jdvjv.exe37⤵
- Executes dropped EXE
-
\??\c:\llrxlrf.exec:\llrxlrf.exe38⤵
- Executes dropped EXE
-
\??\c:\nhttbb.exec:\nhttbb.exe39⤵
- Executes dropped EXE
-
\??\c:\tbtnbt.exec:\tbtnbt.exe40⤵
- Executes dropped EXE
-
\??\c:\1dvpp.exec:\1dvpp.exe41⤵
- Executes dropped EXE
-
\??\c:\rrrfxlf.exec:\rrrfxlf.exe42⤵
- Executes dropped EXE
-
\??\c:\nnbnbn.exec:\nnbnbn.exe43⤵
- Executes dropped EXE
-
\??\c:\vvdpj.exec:\vvdpj.exe44⤵
- Executes dropped EXE
-
\??\c:\9frrflx.exec:\9frrflx.exe45⤵
- Executes dropped EXE
-
\??\c:\lrrfxfr.exec:\lrrfxfr.exe46⤵
- Executes dropped EXE
-
\??\c:\9vvpd.exec:\9vvpd.exe47⤵
- Executes dropped EXE
-
\??\c:\flrrlxl.exec:\flrrlxl.exe48⤵
- Executes dropped EXE
-
\??\c:\hnnhnt.exec:\hnnhnt.exe49⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\vvjvj.exec:\vvjvj.exe50⤵
- Executes dropped EXE
-
\??\c:\rrlfxxf.exec:\rrlfxxf.exe51⤵
- Executes dropped EXE
-
\??\c:\lxfxrrf.exec:\lxfxrrf.exe52⤵
- Executes dropped EXE
-
\??\c:\ddvdp.exec:\ddvdp.exe53⤵
- Executes dropped EXE
-
\??\c:\jpvjj.exec:\jpvjj.exe54⤵
- Executes dropped EXE
-
\??\c:\thbtbn.exec:\thbtbn.exe55⤵
- Executes dropped EXE
-
\??\c:\9ppdv.exec:\9ppdv.exe56⤵
- Executes dropped EXE
-
\??\c:\5vddd.exec:\5vddd.exe57⤵
- Executes dropped EXE
-
\??\c:\9xflxlf.exec:\9xflxlf.exe58⤵
- Executes dropped EXE
-
\??\c:\bbnthh.exec:\bbnthh.exe59⤵
- Executes dropped EXE
-
\??\c:\7tthnb.exec:\7tthnb.exe60⤵
- Executes dropped EXE
-
\??\c:\jvpjp.exec:\jvpjp.exe61⤵
- Executes dropped EXE
-
\??\c:\fflfxlx.exec:\fflfxlx.exe62⤵
- Executes dropped EXE
-
\??\c:\7hntht.exec:\7hntht.exe63⤵
- Executes dropped EXE
-
\??\c:\jjvjv.exec:\jjvjv.exe64⤵
- Executes dropped EXE
-
\??\c:\vpdvd.exec:\vpdvd.exe65⤵
- Executes dropped EXE
-
\??\c:\5rlxrfl.exec:\5rlxrfl.exe66⤵
-
\??\c:\bnntnn.exec:\bnntnn.exe67⤵
-
\??\c:\nnhbnb.exec:\nnhbnb.exe68⤵
-
\??\c:\1pdvv.exec:\1pdvv.exe69⤵
-
\??\c:\llflxfr.exec:\llflxfr.exe70⤵
-
\??\c:\nhbnbb.exec:\nhbnbb.exe71⤵
-
\??\c:\9bnbnb.exec:\9bnbnb.exe72⤵
-
\??\c:\vddjd.exec:\vddjd.exe73⤵
-
\??\c:\3lfllrx.exec:\3lfllrx.exe74⤵
-
\??\c:\bnbhnt.exec:\bnbhnt.exe75⤵
-
\??\c:\dppvp.exec:\dppvp.exe76⤵
-
\??\c:\pdvvj.exec:\pdvvj.exe77⤵
-
\??\c:\xffrrlr.exec:\xffrrlr.exe78⤵
-
\??\c:\hbttbh.exec:\hbttbh.exe79⤵
-
\??\c:\vpppd.exec:\vpppd.exe80⤵
- System Location Discovery: System Language Discovery
-
\??\c:\9xlffxf.exec:\9xlffxf.exe81⤵
-
\??\c:\xlffffr.exec:\xlffffr.exe82⤵
-
\??\c:\5nbhnb.exec:\5nbhnb.exe83⤵
-
\??\c:\9pjpv.exec:\9pjpv.exe84⤵
-
\??\c:\xlxflxf.exec:\xlxflxf.exe85⤵
-
\??\c:\9ffrlxx.exec:\9ffrlxx.exe86⤵
-
\??\c:\bhhtbn.exec:\bhhtbn.exe87⤵
-
\??\c:\1jppd.exec:\1jppd.exe88⤵
-
\??\c:\lfxlrxf.exec:\lfxlrxf.exe89⤵
-
\??\c:\rrlrxxr.exec:\rrlrxxr.exe90⤵
-
\??\c:\1nnthb.exec:\1nnthb.exe91⤵
-
\??\c:\jpjpd.exec:\jpjpd.exe92⤵
-
\??\c:\rlfrxxr.exec:\rlfrxxr.exe93⤵
-
\??\c:\tthtbh.exec:\tthtbh.exe94⤵
-
\??\c:\ddvvd.exec:\ddvvd.exe95⤵
-
\??\c:\vjddp.exec:\vjddp.exe96⤵
-
\??\c:\1rxlrrf.exec:\1rxlrrf.exe97⤵
-
\??\c:\hbnhnn.exec:\hbnhnn.exe98⤵
-
\??\c:\7pjdd.exec:\7pjdd.exe99⤵
-
\??\c:\7ppdp.exec:\7ppdp.exe100⤵
-
\??\c:\lfxflrf.exec:\lfxflrf.exe101⤵
-
\??\c:\1xxlrfr.exec:\1xxlrfr.exe102⤵
-
\??\c:\bttbnt.exec:\bttbnt.exe103⤵
-
\??\c:\pdppd.exec:\pdppd.exe104⤵
-
\??\c:\lxxfxlx.exec:\lxxfxlx.exe105⤵
-
\??\c:\rlflxfx.exec:\rlflxfx.exe106⤵
-
\??\c:\3hhhtb.exec:\3hhhtb.exe107⤵
-
\??\c:\5dvpv.exec:\5dvpv.exe108⤵
-
\??\c:\1xxlfrl.exec:\1xxlfrl.exe109⤵
-
\??\c:\9xlrxfr.exec:\9xlrxfr.exe110⤵
-
\??\c:\ttnbnt.exec:\ttnbnt.exe111⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe112⤵
-
\??\c:\5pdpv.exec:\5pdpv.exe113⤵
-
\??\c:\lxrflrf.exec:\lxrflrf.exe114⤵
-
\??\c:\nhbthn.exec:\nhbthn.exe115⤵
-
\??\c:\vppjj.exec:\vppjj.exe116⤵
-
\??\c:\9llfxrf.exec:\9llfxrf.exe117⤵
-
\??\c:\1ppdp.exec:\1ppdp.exe118⤵
-
\??\c:\lrrxrxr.exec:\lrrxrxr.exe119⤵
-
\??\c:\rxfllfr.exec:\rxfllfr.exe120⤵
-
\??\c:\ttbthh.exec:\ttbthh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-