Analysis
-
max time kernel
120s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
22-12-2024 01:39
General
-
Target
eeb3700ee8411f5e443a216be195118854eba93c051874cc970a09f0f08b1d7f.exe
-
Size
53KB
-
MD5
f3622e4e42e6f564563caac3d1962a6f
-
SHA1
adc685342fc780f8a57438415418df24368d7112
-
SHA256
eeb3700ee8411f5e443a216be195118854eba93c051874cc970a09f0f08b1d7f
-
SHA512
77733aa15f07624fd471ce384486947e2a219cf80dec9a3ef5ff19fce0f5ee7c014b542d1f13185ea79b711f37c08579ac7d7befd3b8114e96a64d80cecfbed4
-
SSDEEP
1536:mAocdpeVoBDulhzHMb7xNAa04Mcg5IKvlW:0cdpeeBSHHMHLf9RyIT
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 47 IoCs
-
Executes dropped EXE 64 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\eeb3700ee8411f5e443a216be195118854eba93c051874cc970a09f0f08b1d7f.exe"C:\Users\Admin\AppData\Local\Temp\eeb3700ee8411f5e443a216be195118854eba93c051874cc970a09f0f08b1d7f.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tthtnt.exec:\tthtnt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vvvj.exec:\3vvvj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjdp.exec:\jpjdp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjdp.exec:\jvjdp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lfxlxl.exec:\1lfxlxl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthtnt.exec:\nthtnt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvppd.exec:\pvppd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pppp.exec:\1pppp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lfrxll.exec:\9lfrxll.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllfxlf.exec:\fllfxlf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnhhb.exec:\thnhhb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjjv.exec:\djjjv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjvp.exec:\pvjvp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bhtbn.exec:\1bhtbn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbtntt.exec:\tbtntt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ddpp.exec:\1ddpp.exe17⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\xlxxflf.exec:\xlxxflf.exe18⤵
- Executes dropped EXE
-
\??\c:\hhbnbh.exec:\hhbnbh.exe19⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\9tthnb.exec:\9tthnb.exe20⤵
- Executes dropped EXE
-
\??\c:\pvjpj.exec:\pvjpj.exe21⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe22⤵
- Executes dropped EXE
-
\??\c:\llllxrr.exec:\llllxrr.exe23⤵
- Executes dropped EXE
-
\??\c:\nbntnt.exec:\nbntnt.exe24⤵
- Executes dropped EXE
-
\??\c:\vvvdp.exec:\vvvdp.exe25⤵
- Executes dropped EXE
-
\??\c:\vvpvp.exec:\vvpvp.exe26⤵
- Executes dropped EXE
-
\??\c:\rxlffrf.exec:\rxlffrf.exe27⤵
- Executes dropped EXE
-
\??\c:\9nhtht.exec:\9nhtht.exe28⤵
- Executes dropped EXE
-
\??\c:\ppdvj.exec:\ppdvj.exe29⤵
- Executes dropped EXE
-
\??\c:\djdvd.exec:\djdvd.exe30⤵
- Executes dropped EXE
-
\??\c:\xxrxlrf.exec:\xxrxlrf.exe31⤵
- Executes dropped EXE
-
\??\c:\7xflrrf.exec:\7xflrrf.exe32⤵
- Executes dropped EXE
-
\??\c:\ntnnbn.exec:\ntnnbn.exe33⤵
- Executes dropped EXE
-
\??\c:\vjjjd.exec:\vjjjd.exe34⤵
- Executes dropped EXE
-
\??\c:\dpjjv.exec:\dpjjv.exe35⤵
- Executes dropped EXE
-
\??\c:\lllxrxr.exec:\lllxrxr.exe36⤵
- Executes dropped EXE
-
\??\c:\thnnht.exec:\thnnht.exe37⤵
- Executes dropped EXE
-
\??\c:\hnnthn.exec:\hnnthn.exe38⤵
- Executes dropped EXE
-
\??\c:\vvvdj.exec:\vvvdj.exe39⤵
- Executes dropped EXE
-
\??\c:\5xlxrrx.exec:\5xlxrrx.exe40⤵
- Executes dropped EXE
-
\??\c:\xfxrlxl.exec:\xfxrlxl.exe41⤵
- Executes dropped EXE
-
\??\c:\9httbb.exec:\9httbb.exe42⤵
- Executes dropped EXE
-
\??\c:\hbnntt.exec:\hbnntt.exe43⤵
- Executes dropped EXE
-
\??\c:\ddpjj.exec:\ddpjj.exe44⤵
- Executes dropped EXE
-
\??\c:\vddpd.exec:\vddpd.exe45⤵
- Executes dropped EXE
-
\??\c:\frxllff.exec:\frxllff.exe46⤵
- Executes dropped EXE
-
\??\c:\7bhntb.exec:\7bhntb.exe47⤵
- Executes dropped EXE
-
\??\c:\nntntn.exec:\nntntn.exe48⤵
- Executes dropped EXE
-
\??\c:\djdjp.exec:\djdjp.exe49⤵
- Executes dropped EXE
-
\??\c:\dvdpd.exec:\dvdpd.exe50⤵
- Executes dropped EXE
-
\??\c:\lfllrrx.exec:\lfllrrx.exe51⤵
- Executes dropped EXE
-
\??\c:\fxlrrrx.exec:\fxlrrrx.exe52⤵
- Executes dropped EXE
-
\??\c:\tbbnth.exec:\tbbnth.exe53⤵
- Executes dropped EXE
-
\??\c:\7hbhhn.exec:\7hbhhn.exe54⤵
- Executes dropped EXE
-
\??\c:\pvvvj.exec:\pvvvj.exe55⤵
- Executes dropped EXE
-
\??\c:\djvdj.exec:\djvdj.exe56⤵
- Executes dropped EXE
-
\??\c:\lrlrfrf.exec:\lrlrfrf.exe57⤵
- Executes dropped EXE
-
\??\c:\rrlfrrx.exec:\rrlfrrx.exe58⤵
- Executes dropped EXE
-
\??\c:\bbbhnn.exec:\bbbhnn.exe59⤵
- Executes dropped EXE
-
\??\c:\ttbtbt.exec:\ttbtbt.exe60⤵
- Executes dropped EXE
-
\??\c:\3djjj.exec:\3djjj.exe61⤵
- Executes dropped EXE
-
\??\c:\djdjp.exec:\djdjp.exe62⤵
- Executes dropped EXE
-
\??\c:\xfxfllx.exec:\xfxfllx.exe63⤵
- Executes dropped EXE
-
\??\c:\xrxrrrx.exec:\xrxrrrx.exe64⤵
- Executes dropped EXE
-
\??\c:\hnnbtb.exec:\hnnbtb.exe65⤵
- Executes dropped EXE
-
\??\c:\bbbhnn.exec:\bbbhnn.exe66⤵
-
\??\c:\ddpvd.exec:\ddpvd.exe67⤵
-
\??\c:\pvdjv.exec:\pvdjv.exe68⤵
-
\??\c:\fllxrxl.exec:\fllxrxl.exe69⤵
-
\??\c:\lrflxfr.exec:\lrflxfr.exe70⤵
-
\??\c:\1htbnt.exec:\1htbnt.exe71⤵
-
\??\c:\5bnbhh.exec:\5bnbhh.exe72⤵
-
\??\c:\jppjp.exec:\jppjp.exe73⤵
-
\??\c:\9ddvd.exec:\9ddvd.exe74⤵
-
\??\c:\xxfrxxr.exec:\xxfrxxr.exe75⤵
-
\??\c:\rrrrxxx.exec:\rrrrxxx.exe76⤵
-
\??\c:\bhbthh.exec:\bhbthh.exe77⤵
-
\??\c:\hnbbtn.exec:\hnbbtn.exe78⤵
-
\??\c:\7dpvv.exec:\7dpvv.exe79⤵
-
\??\c:\vdjjd.exec:\vdjjd.exe80⤵
-
\??\c:\xflxrxl.exec:\xflxrxl.exe81⤵
-
\??\c:\3xfllxx.exec:\3xfllxx.exe82⤵
-
\??\c:\hbhbhh.exec:\hbhbhh.exe83⤵
-
\??\c:\9hhhnn.exec:\9hhhnn.exe84⤵
-
\??\c:\pvppd.exec:\pvppd.exe85⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe86⤵
-
\??\c:\lrrflrx.exec:\lrrflrx.exe87⤵
-
\??\c:\fxlrlxf.exec:\fxlrlxf.exe88⤵
-
\??\c:\hhhntb.exec:\hhhntb.exe89⤵
-
\??\c:\7thnnn.exec:\7thnnn.exe90⤵
-
\??\c:\pvvvd.exec:\pvvvd.exe91⤵
-
\??\c:\ddjjj.exec:\ddjjj.exe92⤵
-
\??\c:\5fxlrfr.exec:\5fxlrfr.exe93⤵
-
\??\c:\3frfrfl.exec:\3frfrfl.exe94⤵
-
\??\c:\9hbnth.exec:\9hbnth.exe95⤵
-
\??\c:\bbtbnb.exec:\bbtbnb.exe96⤵
-
\??\c:\jpjjv.exec:\jpjjv.exe97⤵
-
\??\c:\pdpvj.exec:\pdpvj.exe98⤵
-
\??\c:\xxxlxfl.exec:\xxxlxfl.exe99⤵
-
\??\c:\7xxfxfx.exec:\7xxfxfx.exe100⤵
-
\??\c:\1nttbh.exec:\1nttbh.exe101⤵
-
\??\c:\vvjjv.exec:\vvjjv.exe102⤵
-
\??\c:\djdjj.exec:\djdjj.exe103⤵
-
\??\c:\rrxxxfr.exec:\rrxxxfr.exe104⤵
-
\??\c:\llfllxr.exec:\llfllxr.exe105⤵
-
\??\c:\xrrllrf.exec:\xrrllrf.exe106⤵
-
\??\c:\thhnbn.exec:\thhnbn.exe107⤵
-
\??\c:\ntthbt.exec:\ntthbt.exe108⤵
-
\??\c:\vvvdj.exec:\vvvdj.exe109⤵
-
\??\c:\9lxxflf.exec:\9lxxflf.exe110⤵
-
\??\c:\flflrxl.exec:\flflrxl.exe111⤵
-
\??\c:\bbtbhh.exec:\bbtbhh.exe112⤵
-
\??\c:\thhntb.exec:\thhntb.exe113⤵
-
\??\c:\pjvdv.exec:\pjvdv.exe114⤵
-
\??\c:\ddppp.exec:\ddppp.exe115⤵
-
\??\c:\flxfrrl.exec:\flxfrrl.exe116⤵
-
\??\c:\7lflfrx.exec:\7lflfrx.exe117⤵
-
\??\c:\tbttbn.exec:\tbttbn.exe118⤵
-
\??\c:\hnnhbn.exec:\hnnhbn.exe119⤵
-
\??\c:\jjvjj.exec:\jjvjj.exe120⤵
-
\??\c:\jpdjj.exec:\jpdjj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-