Analysis
-
max time kernel
120s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
22-12-2024 01:34
General
-
Target
2e70e908ea274ffc35386dd27c8a5d32436c0632645b5fe790fc270aa375f868N.exe
-
Size
53KB
-
MD5
cd9c76370ebe37b8d2d902152a1ec5a0
-
SHA1
c288247da3b94aec5ba18f96880d23bb1bab3c6f
-
SHA256
2e70e908ea274ffc35386dd27c8a5d32436c0632645b5fe790fc270aa375f868
-
SHA512
10a3f131e93b15f2a3038b0027fed277ee196291a85027c48aa3c0a603beb3f19db68b78d2a5df3dcc1de509dc6fa5b4b48efcd04279e9844be3e2ea983755c1
-
SSDEEP
1536:mAocdpeVoBDulhzHMb7xNAa04Mcg5IKvlS:0cdpeeBSHHMHLf9RyIb
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 51 IoCs
-
Executes dropped EXE 64 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2e70e908ea274ffc35386dd27c8a5d32436c0632645b5fe790fc270aa375f868N.exe"C:\Users\Admin\AppData\Local\Temp\2e70e908ea274ffc35386dd27c8a5d32436c0632645b5fe790fc270aa375f868N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlxfll.exec:\rxlxfll.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xlfllx.exec:\1xlfllx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bntbh.exec:\1bntbh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpdv.exec:\jdpdv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvvd.exec:\jjvvd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrffr.exec:\ffrrffr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfxffl.exec:\rrfxffl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttthh.exec:\nttthh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnbbb.exec:\hhnbbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjpd.exec:\vdjpd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvvj.exec:\vpvvj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfrrxr.exec:\rrfrrxr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xffxlfr.exec:\xffxlfr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbnn.exec:\bbtbnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pjjp.exec:\9pjjp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfllrf.exec:\rrfllrf.exe17⤵
- Executes dropped EXE
-
\??\c:\hhttbb.exec:\hhttbb.exe18⤵
- Executes dropped EXE
-
\??\c:\ntnthh.exec:\ntnthh.exe19⤵
- Executes dropped EXE
-
\??\c:\vpvdj.exec:\vpvdj.exe20⤵
- Executes dropped EXE
-
\??\c:\9fllxxf.exec:\9fllxxf.exe21⤵
- Executes dropped EXE
-
\??\c:\bbtbnt.exec:\bbtbnt.exe22⤵
- Executes dropped EXE
-
\??\c:\nnbbnn.exec:\nnbbnn.exe23⤵
- Executes dropped EXE
-
\??\c:\vvpvv.exec:\vvpvv.exe24⤵
- Executes dropped EXE
-
\??\c:\rlrrlrx.exec:\rlrrlrx.exe25⤵
- Executes dropped EXE
-
\??\c:\hhntbb.exec:\hhntbb.exe26⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe27⤵
- Executes dropped EXE
-
\??\c:\rrlxxrr.exec:\rrlxxrr.exe28⤵
- Executes dropped EXE
-
\??\c:\bthnbb.exec:\bthnbb.exe29⤵
- Executes dropped EXE
-
\??\c:\hhhnnt.exec:\hhhnnt.exe30⤵
- Executes dropped EXE
-
\??\c:\jjppv.exec:\jjppv.exe31⤵
- Executes dropped EXE
-
\??\c:\5xflrrf.exec:\5xflrrf.exe32⤵
- Executes dropped EXE
-
\??\c:\xflfrrx.exec:\xflfrrx.exe33⤵
- Executes dropped EXE
-
\??\c:\hbhbbh.exec:\hbhbbh.exe34⤵
- Executes dropped EXE
-
\??\c:\vvppj.exec:\vvppj.exe35⤵
- Executes dropped EXE
-
\??\c:\ddjpv.exec:\ddjpv.exe36⤵
- Executes dropped EXE
-
\??\c:\fflrlfr.exec:\fflrlfr.exe37⤵
- Executes dropped EXE
-
\??\c:\xxlrxxl.exec:\xxlrxxl.exe38⤵
- Executes dropped EXE
-
\??\c:\bbnbhn.exec:\bbnbhn.exe39⤵
- Executes dropped EXE
-
\??\c:\pjppv.exec:\pjppv.exe40⤵
- Executes dropped EXE
-
\??\c:\1vvvd.exec:\1vvvd.exe41⤵
- Executes dropped EXE
-
\??\c:\rlrxflx.exec:\rlrxflx.exe42⤵
- Executes dropped EXE
-
\??\c:\9rxllll.exec:\9rxllll.exe43⤵
- Executes dropped EXE
-
\??\c:\nnnhnt.exec:\nnnhnt.exe44⤵
- Executes dropped EXE
-
\??\c:\5thbbb.exec:\5thbbb.exe45⤵
- Executes dropped EXE
-
\??\c:\pjppv.exec:\pjppv.exe46⤵
- Executes dropped EXE
-
\??\c:\vdpvj.exec:\vdpvj.exe47⤵
- Executes dropped EXE
-
\??\c:\xfrxfrf.exec:\xfrxfrf.exe48⤵
- Executes dropped EXE
-
\??\c:\rlxfrrf.exec:\rlxfrrf.exe49⤵
- Executes dropped EXE
-
\??\c:\hnbntt.exec:\hnbntt.exe50⤵
- Executes dropped EXE
-
\??\c:\nhbbnt.exec:\nhbbnt.exe51⤵
- Executes dropped EXE
-
\??\c:\pvjjv.exec:\pvjjv.exe52⤵
- Executes dropped EXE
-
\??\c:\3pvvd.exec:\3pvvd.exe53⤵
- Executes dropped EXE
-
\??\c:\5xffxfx.exec:\5xffxfx.exe54⤵
- Executes dropped EXE
-
\??\c:\bhtbhn.exec:\bhtbhn.exe55⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe56⤵
- Executes dropped EXE
-
\??\c:\7rlxfxl.exec:\7rlxfxl.exe57⤵
- Executes dropped EXE
-
\??\c:\fxlxflx.exec:\fxlxflx.exe58⤵
- Executes dropped EXE
-
\??\c:\bbnntb.exec:\bbnntb.exe59⤵
- Executes dropped EXE
-
\??\c:\tnhnbh.exec:\tnhnbh.exe60⤵
- Executes dropped EXE
-
\??\c:\bbtbtt.exec:\bbtbtt.exe61⤵
- Executes dropped EXE
-
\??\c:\pvddj.exec:\pvddj.exe62⤵
- Executes dropped EXE
-
\??\c:\pvpvj.exec:\pvpvj.exe63⤵
- Executes dropped EXE
-
\??\c:\rrlrxlx.exec:\rrlrxlx.exe64⤵
- Executes dropped EXE
-
\??\c:\rrflrrf.exec:\rrflrrf.exe65⤵
- Executes dropped EXE
-
\??\c:\hnbhtb.exec:\hnbhtb.exe66⤵
-
\??\c:\bhthhn.exec:\bhthhn.exe67⤵
-
\??\c:\pvjpv.exec:\pvjpv.exe68⤵
-
\??\c:\3xrflxf.exec:\3xrflxf.exe69⤵
-
\??\c:\9ffrllx.exec:\9ffrllx.exe70⤵
-
\??\c:\tthnbb.exec:\tthnbb.exe71⤵
-
\??\c:\1nnthh.exec:\1nnthh.exe72⤵
-
\??\c:\7hbhnt.exec:\7hbhnt.exe73⤵
-
\??\c:\pdjvj.exec:\pdjvj.exe74⤵
-
\??\c:\7dppv.exec:\7dppv.exe75⤵
-
\??\c:\ffxlllf.exec:\ffxlllf.exe76⤵
-
\??\c:\ffxxlxl.exec:\ffxxlxl.exe77⤵
-
\??\c:\ttnntn.exec:\ttnntn.exe78⤵
-
\??\c:\hhnhbb.exec:\hhnhbb.exe79⤵
-
\??\c:\ddvjp.exec:\ddvjp.exe80⤵
-
\??\c:\3jdpp.exec:\3jdpp.exe81⤵
-
\??\c:\ffflrxf.exec:\ffflrxf.exe82⤵
-
\??\c:\bbnnhn.exec:\bbnnhn.exe83⤵
-
\??\c:\1nhntt.exec:\1nhntt.exe84⤵
-
\??\c:\hnbhth.exec:\hnbhth.exe85⤵
-
\??\c:\djdpj.exec:\djdpj.exe86⤵
-
\??\c:\xxfxllx.exec:\xxfxllx.exe87⤵
-
\??\c:\1llxffl.exec:\1llxffl.exe88⤵
-
\??\c:\nhnntn.exec:\nhnntn.exe89⤵
-
\??\c:\bhbhhh.exec:\bhbhhh.exe90⤵
-
\??\c:\9vpdp.exec:\9vpdp.exe91⤵
-
\??\c:\ddjdd.exec:\ddjdd.exe92⤵
-
\??\c:\lfrxxfl.exec:\lfrxxfl.exe93⤵
-
\??\c:\lffrxxl.exec:\lffrxxl.exe94⤵
-
\??\c:\1hhtbn.exec:\1hhtbn.exe95⤵
-
\??\c:\bhhnth.exec:\bhhnth.exe96⤵
-
\??\c:\9dpvv.exec:\9dpvv.exe97⤵
-
\??\c:\1dvvj.exec:\1dvvj.exe98⤵
-
\??\c:\llxxfxr.exec:\llxxfxr.exe99⤵
-
\??\c:\nnbtbn.exec:\nnbtbn.exe100⤵
-
\??\c:\hhhhhh.exec:\hhhhhh.exe101⤵
-
\??\c:\ntnnnt.exec:\ntnnnt.exe102⤵
-
\??\c:\3jdjj.exec:\3jdjj.exe103⤵
-
\??\c:\vvjjv.exec:\vvjjv.exe104⤵
-
\??\c:\llxflrf.exec:\llxflrf.exe105⤵
-
\??\c:\xxflrrf.exec:\xxflrrf.exe106⤵
-
\??\c:\tbbtbn.exec:\tbbtbn.exe107⤵
-
\??\c:\bhtthn.exec:\bhtthn.exe108⤵
-
\??\c:\vvddj.exec:\vvddj.exe109⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe110⤵
-
\??\c:\lrxfflr.exec:\lrxfflr.exe111⤵
-
\??\c:\xxfxllx.exec:\xxfxllx.exe112⤵
-
\??\c:\tthhbb.exec:\tthhbb.exe113⤵
-
\??\c:\httbnh.exec:\httbnh.exe114⤵
-
\??\c:\9djvv.exec:\9djvv.exe115⤵
-
\??\c:\vvjpd.exec:\vvjpd.exe116⤵
-
\??\c:\rrxxrrf.exec:\rrxxrrf.exe117⤵
-
\??\c:\ffxflxf.exec:\ffxflxf.exe118⤵
-
\??\c:\hhbbnh.exec:\hhbbnh.exe119⤵
-
\??\c:\vvppv.exec:\vvppv.exe120⤵
-
\??\c:\ppvjd.exec:\ppvjd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-