Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
20-12-2024 06:52
General
-
Target
0c7265eb92231c0232d3b983bc08ec1efb8cb9b650214b46cb973ca4f22e9c1aN.exe
-
Size
93KB
-
MD5
d0894c5dc08ea0b08316156d50f75a60
-
SHA1
fd380798628466a2d84001735e0b967666b1ecd3
-
SHA256
0c7265eb92231c0232d3b983bc08ec1efb8cb9b650214b46cb973ca4f22e9c1a
-
SHA512
a7f8385bdd95435ba7110934d0a2a85bd264e400029261f18d537e4e3cf4bdcb9fa6e7dfae7d103995e299a0bedbe7d3278da91207edc423b3eb99e42c2ba516
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73t6MlYqn+jMp99zx/A0Utg8:ymb3NkkiQ3mdBjFo73tvn+Yp99zDuP
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0c7265eb92231c0232d3b983bc08ec1efb8cb9b650214b46cb973ca4f22e9c1aN.exe"C:\Users\Admin\AppData\Local\Temp\0c7265eb92231c0232d3b983bc08ec1efb8cb9b650214b46cb973ca4f22e9c1aN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhttn.exec:\nbhttn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjpv.exec:\vdjpv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flllfff.exec:\flllfff.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbnnh.exec:\nhbnnh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjvd.exec:\vpjvd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rrflrx.exec:\5rrflrx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbtbh.exec:\tnbtbh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdpv.exec:\jvdpv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffflxfx.exec:\ffflxfx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnthh.exec:\hhnthh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhtt.exec:\bthhtt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrxlxl.exec:\ffrxlxl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrlxfl.exec:\lxrlxfl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvvv.exec:\ppvvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdd.exec:\pdjdd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflflff.exec:\lflflff.exe17⤵
- Executes dropped EXE
-
\??\c:\hbbnhn.exec:\hbbnhn.exe18⤵
- Executes dropped EXE
-
\??\c:\1jjvp.exec:\1jjvp.exe19⤵
- Executes dropped EXE
-
\??\c:\xfllllr.exec:\xfllllr.exe20⤵
- Executes dropped EXE
-
\??\c:\ffrxfxl.exec:\ffrxfxl.exe21⤵
- Executes dropped EXE
-
\??\c:\tbtbhn.exec:\tbtbhn.exe22⤵
- Executes dropped EXE
-
\??\c:\pvjvj.exec:\pvjvj.exe23⤵
- Executes dropped EXE
-
\??\c:\llrrflr.exec:\llrrflr.exe24⤵
- Executes dropped EXE
-
\??\c:\1lrlxlx.exec:\1lrlxlx.exe25⤵
- Executes dropped EXE
-
\??\c:\bbthtb.exec:\bbthtb.exe26⤵
- Executes dropped EXE
-
\??\c:\5ppjd.exec:\5ppjd.exe27⤵
- Executes dropped EXE
-
\??\c:\jpjdj.exec:\jpjdj.exe28⤵
- Executes dropped EXE
-
\??\c:\xfrxflx.exec:\xfrxflx.exe29⤵
- Executes dropped EXE
-
\??\c:\tnbntb.exec:\tnbntb.exe30⤵
- Executes dropped EXE
-
\??\c:\jdvdv.exec:\jdvdv.exe31⤵
- Executes dropped EXE
-
\??\c:\rxrrlxr.exec:\rxrrlxr.exe32⤵
- Executes dropped EXE
-
\??\c:\9bbbnt.exec:\9bbbnt.exe33⤵
- Executes dropped EXE
-
\??\c:\7thttb.exec:\7thttb.exe34⤵
- Executes dropped EXE
-
\??\c:\1tnbtt.exec:\1tnbtt.exe35⤵
- Executes dropped EXE
-
\??\c:\djvdp.exec:\djvdp.exe36⤵
- Executes dropped EXE
-
\??\c:\5xrfxfr.exec:\5xrfxfr.exe37⤵
- Executes dropped EXE
-
\??\c:\7xrxrxf.exec:\7xrxrxf.exe38⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\5bthth.exec:\5bthth.exe39⤵
- Executes dropped EXE
-
\??\c:\nhhthn.exec:\nhhthn.exe40⤵
- Executes dropped EXE
-
\??\c:\jdjjd.exec:\jdjjd.exe41⤵
- Executes dropped EXE
-
\??\c:\jpdjp.exec:\jpdjp.exe42⤵
- Executes dropped EXE
-
\??\c:\xxffrxf.exec:\xxffrxf.exe43⤵
- Executes dropped EXE
-
\??\c:\nhthbh.exec:\nhthbh.exe44⤵
- Executes dropped EXE
-
\??\c:\5thbhn.exec:\5thbhn.exe45⤵
- Executes dropped EXE
-
\??\c:\1jvdj.exec:\1jvdj.exe46⤵
- Executes dropped EXE
-
\??\c:\pjpvj.exec:\pjpvj.exe47⤵
- Executes dropped EXE
-
\??\c:\lrflrxl.exec:\lrflrxl.exe48⤵
- Executes dropped EXE
-
\??\c:\5xrrfll.exec:\5xrrfll.exe49⤵
- Executes dropped EXE
-
\??\c:\nnttbt.exec:\nnttbt.exe50⤵
- Executes dropped EXE
-
\??\c:\vvdjj.exec:\vvdjj.exe51⤵
- Executes dropped EXE
-
\??\c:\ppddp.exec:\ppddp.exe52⤵
- Executes dropped EXE
-
\??\c:\llxlflx.exec:\llxlflx.exe53⤵
- Executes dropped EXE
-
\??\c:\7lllxlr.exec:\7lllxlr.exe54⤵
- Executes dropped EXE
-
\??\c:\nnnhbt.exec:\nnnhbt.exe55⤵
- Executes dropped EXE
-
\??\c:\hntbtb.exec:\hntbtb.exe56⤵
- Executes dropped EXE
-
\??\c:\vdppd.exec:\vdppd.exe57⤵
- Executes dropped EXE
-
\??\c:\pvpdj.exec:\pvpdj.exe58⤵
- Executes dropped EXE
-
\??\c:\hbnnhn.exec:\hbnnhn.exe59⤵
- Executes dropped EXE
-
\??\c:\bbnbtb.exec:\bbnbtb.exe60⤵
- Executes dropped EXE
-
\??\c:\vdvvd.exec:\vdvvd.exe61⤵
- Executes dropped EXE
-
\??\c:\jjjpj.exec:\jjjpj.exe62⤵
- Executes dropped EXE
-
\??\c:\fxfrfrx.exec:\fxfrfrx.exe63⤵
- Executes dropped EXE
-
\??\c:\flrlllr.exec:\flrlllr.exe64⤵
- Executes dropped EXE
-
\??\c:\thntnb.exec:\thntnb.exe65⤵
- Executes dropped EXE
-
\??\c:\nbnthh.exec:\nbnthh.exe66⤵
-
\??\c:\ddpvp.exec:\ddpvp.exe67⤵
-
\??\c:\ddjpd.exec:\ddjpd.exe68⤵
-
\??\c:\7xflxfl.exec:\7xflxfl.exe69⤵
-
\??\c:\xrffflr.exec:\xrffflr.exe70⤵
-
\??\c:\hnhtbb.exec:\hnhtbb.exe71⤵
-
\??\c:\bbhbth.exec:\bbhbth.exe72⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe73⤵
-
\??\c:\djpvj.exec:\djpvj.exe74⤵
-
\??\c:\rxxxrxf.exec:\rxxxrxf.exe75⤵
-
\??\c:\rlxflrr.exec:\rlxflrr.exe76⤵
-
\??\c:\hhtbhn.exec:\hhtbhn.exe77⤵
-
\??\c:\hntbnt.exec:\hntbnt.exe78⤵
-
\??\c:\vdpdd.exec:\vdpdd.exe79⤵
-
\??\c:\pvvjj.exec:\pvvjj.exe80⤵
-
\??\c:\ffrxlrx.exec:\ffrxlrx.exe81⤵
-
\??\c:\ffrflxf.exec:\ffrflxf.exe82⤵
-
\??\c:\1bnbnb.exec:\1bnbnb.exe83⤵
-
\??\c:\btnbth.exec:\btnbth.exe84⤵
-
\??\c:\jjjpd.exec:\jjjpd.exe85⤵
-
\??\c:\ppdpj.exec:\ppdpj.exe86⤵
-
\??\c:\1fffrfr.exec:\1fffrfr.exe87⤵
-
\??\c:\7fxllrx.exec:\7fxllrx.exe88⤵
-
\??\c:\thbttt.exec:\thbttt.exe89⤵
-
\??\c:\tbbhhb.exec:\tbbhhb.exe90⤵
-
\??\c:\7jvjp.exec:\7jvjp.exe91⤵
-
\??\c:\jjvvd.exec:\jjvvd.exe92⤵
-
\??\c:\rfllrxf.exec:\rfllrxf.exe93⤵
-
\??\c:\ffxfflx.exec:\ffxfflx.exe94⤵
-
\??\c:\7nhtnt.exec:\7nhtnt.exe95⤵
-
\??\c:\hnhttb.exec:\hnhttb.exe96⤵
-
\??\c:\pdpvj.exec:\pdpvj.exe97⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe98⤵
-
\??\c:\rrffrxl.exec:\rrffrxl.exe99⤵
-
\??\c:\7llrfrx.exec:\7llrfrx.exe100⤵
-
\??\c:\nthttn.exec:\nthttn.exe101⤵
-
\??\c:\1bhtnh.exec:\1bhtnh.exe102⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe103⤵
-
\??\c:\jpdjv.exec:\jpdjv.exe104⤵
-
\??\c:\rxrxxlf.exec:\rxrxxlf.exe105⤵
-
\??\c:\xxfflrf.exec:\xxfflrf.exe106⤵
-
\??\c:\hntbhh.exec:\hntbhh.exe107⤵
-
\??\c:\7tthnn.exec:\7tthnn.exe108⤵
-
\??\c:\ddvjv.exec:\ddvjv.exe109⤵
-
\??\c:\dpddv.exec:\dpddv.exe110⤵
-
\??\c:\rlxfllr.exec:\rlxfllr.exe111⤵
-
\??\c:\llffrxf.exec:\llffrxf.exe112⤵
-
\??\c:\nhtnbn.exec:\nhtnbn.exe113⤵
-
\??\c:\tntbnt.exec:\tntbnt.exe114⤵
-
\??\c:\1pjvv.exec:\1pjvv.exe115⤵
-
\??\c:\3ddpp.exec:\3ddpp.exe116⤵
-
\??\c:\3rffrxl.exec:\3rffrxl.exe117⤵
-
\??\c:\xxlrxlf.exec:\xxlrxlf.exe118⤵
-
\??\c:\5btnnb.exec:\5btnnb.exe119⤵
-
\??\c:\bnbnbn.exec:\bnbnbn.exe120⤵
-
\??\c:\7dvpv.exec:\7dvpv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-