Analysis
-
max time kernel
120s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
22-12-2024 02:01
General
-
Target
110fd24f8b5be837137b074536d0f9b7c0dcf6b6f2ca1eb996bfbc1bbb1a09dcN.exe
-
Size
83KB
-
MD5
d1d3e9489add38205e2bb5a88cdc7d00
-
SHA1
cd4b6082f7330245c821ea876beeca3891aa488f
-
SHA256
110fd24f8b5be837137b074536d0f9b7c0dcf6b6f2ca1eb996bfbc1bbb1a09dc
-
SHA512
c0fdafa7447b52a17575c0c10a9a6cd3088b498ec7b59f1413ed76b79729b5249bb30d68a72e5b8cbf9b73efaf4b692db2721cad90df301e4d5a41f173b9291a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA89QD:ymb3NkkiQ3mdBjFIIp9L9QrrA8k
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\110fd24f8b5be837137b074536d0f9b7c0dcf6b6f2ca1eb996bfbc1bbb1a09dcN.exe"C:\Users\Admin\AppData\Local\Temp\110fd24f8b5be837137b074536d0f9b7c0dcf6b6f2ca1eb996bfbc1bbb1a09dcN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9pjpj.exec:\9pjpj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxxfff.exec:\xlxxfff.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnbnh.exec:\nhnbnh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjp.exec:\dvjjp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrxxxl.exec:\lfrxxxl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnntt.exec:\nhnntt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pddd.exec:\3pddd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrfflr.exec:\fxrfflr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rllrfl.exec:\1rllrfl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtbnt.exec:\hbtbnt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pjjp.exec:\3pjjp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrflxxl.exec:\xrflxxl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xlrfrr.exec:\1xlrfrr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbntt.exec:\btbntt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhhnh.exec:\nbhhnh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppp.exec:\jdppp.exe17⤵
- Executes dropped EXE
-
\??\c:\rlfxxfr.exec:\rlfxxfr.exe18⤵
- Executes dropped EXE
-
\??\c:\3lxflll.exec:\3lxflll.exe19⤵
- Executes dropped EXE
-
\??\c:\bbnbtt.exec:\bbnbtt.exe20⤵
- Executes dropped EXE
-
\??\c:\jjjvj.exec:\jjjvj.exe21⤵
- Executes dropped EXE
-
\??\c:\9vjpp.exec:\9vjpp.exe22⤵
- Executes dropped EXE
-
\??\c:\5frrflr.exec:\5frrflr.exe23⤵
- Executes dropped EXE
-
\??\c:\xlrrxff.exec:\xlrrxff.exe24⤵
- Executes dropped EXE
-
\??\c:\1bttbh.exec:\1bttbh.exe25⤵
- Executes dropped EXE
-
\??\c:\jvpjj.exec:\jvpjj.exe26⤵
- Executes dropped EXE
-
\??\c:\pjppj.exec:\pjppj.exe27⤵
- Executes dropped EXE
-
\??\c:\llrrxxx.exec:\llrrxxx.exe28⤵
- Executes dropped EXE
-
\??\c:\nhtthb.exec:\nhtthb.exe29⤵
- Executes dropped EXE
-
\??\c:\nbhhhn.exec:\nbhhhn.exe30⤵
- Executes dropped EXE
-
\??\c:\pjppv.exec:\pjppv.exe31⤵
- Executes dropped EXE
-
\??\c:\rflllff.exec:\rflllff.exe32⤵
- Executes dropped EXE
-
\??\c:\lfxfrrl.exec:\lfxfrrl.exe33⤵
- Executes dropped EXE
-
\??\c:\1nbhtt.exec:\1nbhtt.exe34⤵
- Executes dropped EXE
-
\??\c:\vvpdj.exec:\vvpdj.exe35⤵
- Executes dropped EXE
-
\??\c:\pjjjj.exec:\pjjjj.exe36⤵
- Executes dropped EXE
-
\??\c:\rflrfrx.exec:\rflrfrx.exe37⤵
- Executes dropped EXE
-
\??\c:\rffrxrx.exec:\rffrxrx.exe38⤵
- Executes dropped EXE
-
\??\c:\bbbhnn.exec:\bbbhnn.exe39⤵
- Executes dropped EXE
-
\??\c:\bnbhnh.exec:\bnbhnh.exe40⤵
- Executes dropped EXE
-
\??\c:\7vjpv.exec:\7vjpv.exe41⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe42⤵
- Executes dropped EXE
-
\??\c:\lxrrffr.exec:\lxrrffr.exe43⤵
- Executes dropped EXE
-
\??\c:\xrxxxrr.exec:\xrxxxrr.exe44⤵
- Executes dropped EXE
-
\??\c:\btbhnh.exec:\btbhnh.exe45⤵
- Executes dropped EXE
-
\??\c:\tntttn.exec:\tntttn.exe46⤵
- Executes dropped EXE
-
\??\c:\5dddj.exec:\5dddj.exe47⤵
- Executes dropped EXE
-
\??\c:\vpvdp.exec:\vpvdp.exe48⤵
- Executes dropped EXE
-
\??\c:\xrrrffr.exec:\xrrrffr.exe49⤵
- Executes dropped EXE
-
\??\c:\lfrxxxf.exec:\lfrxxxf.exe50⤵
- Executes dropped EXE
-
\??\c:\3xrflrr.exec:\3xrflrr.exe51⤵
- Executes dropped EXE
-
\??\c:\htbbnn.exec:\htbbnn.exe52⤵
- Executes dropped EXE
-
\??\c:\nbhhnh.exec:\nbhhnh.exe53⤵
- Executes dropped EXE
-
\??\c:\vpvvd.exec:\vpvvd.exe54⤵
- Executes dropped EXE
-
\??\c:\vjpvp.exec:\vjpvp.exe55⤵
- Executes dropped EXE
-
\??\c:\xxllxxl.exec:\xxllxxl.exe56⤵
- Executes dropped EXE
-
\??\c:\lxxflrl.exec:\lxxflrl.exe57⤵
- Executes dropped EXE
-
\??\c:\5hnnnb.exec:\5hnnnb.exe58⤵
- Executes dropped EXE
-
\??\c:\thbbhn.exec:\thbbhn.exe59⤵
- Executes dropped EXE
-
\??\c:\5jvvd.exec:\5jvvd.exe60⤵
- Executes dropped EXE
-
\??\c:\jdvvj.exec:\jdvvj.exe61⤵
- Executes dropped EXE
-
\??\c:\rlrfxrl.exec:\rlrfxrl.exe62⤵
- Executes dropped EXE
-
\??\c:\3xrxllr.exec:\3xrxllr.exe63⤵
- Executes dropped EXE
-
\??\c:\thtntt.exec:\thtntt.exe64⤵
- Executes dropped EXE
-
\??\c:\bntthh.exec:\bntthh.exe65⤵
- Executes dropped EXE
-
\??\c:\pjdjp.exec:\pjdjp.exe66⤵
-
\??\c:\dpdvv.exec:\dpdvv.exe67⤵
-
\??\c:\9rxxfxf.exec:\9rxxfxf.exe68⤵
-
\??\c:\5lffrrf.exec:\5lffrrf.exe69⤵
-
\??\c:\5bttbn.exec:\5bttbn.exe70⤵
-
\??\c:\nbhbbt.exec:\nbhbbt.exe71⤵
-
\??\c:\vpddd.exec:\vpddd.exe72⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe73⤵
-
\??\c:\fxrlrrx.exec:\fxrlrrx.exe74⤵
-
\??\c:\1fllrlx.exec:\1fllrlx.exe75⤵
-
\??\c:\9tnthn.exec:\9tnthn.exe76⤵
-
\??\c:\1bttbh.exec:\1bttbh.exe77⤵
-
\??\c:\dvppv.exec:\dvppv.exe78⤵
-
\??\c:\5dppp.exec:\5dppp.exe79⤵
-
\??\c:\lfrfrrf.exec:\lfrfrrf.exe80⤵
-
\??\c:\xrfflrx.exec:\xrfflrx.exe81⤵
-
\??\c:\tttthh.exec:\tttthh.exe82⤵
-
\??\c:\tnbnnn.exec:\tnbnnn.exe83⤵
-
\??\c:\5djpp.exec:\5djpp.exe84⤵
-
\??\c:\vpddp.exec:\vpddp.exe85⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe86⤵
-
\??\c:\xrlrrxf.exec:\xrlrrxf.exe87⤵
-
\??\c:\fxlxflf.exec:\fxlxflf.exe88⤵
-
\??\c:\7bthnn.exec:\7bthnn.exe89⤵
-
\??\c:\nhtnnn.exec:\nhtnnn.exe90⤵
-
\??\c:\jvjdj.exec:\jvjdj.exe91⤵
-
\??\c:\ppvvv.exec:\ppvvv.exe92⤵
-
\??\c:\frflfxl.exec:\frflfxl.exe93⤵
-
\??\c:\7xrlrrx.exec:\7xrlrrx.exe94⤵
-
\??\c:\xlxxrrx.exec:\xlxxrrx.exe95⤵
-
\??\c:\1thnbb.exec:\1thnbb.exe96⤵
-
\??\c:\btbbbt.exec:\btbbbt.exe97⤵
-
\??\c:\ppjvv.exec:\ppjvv.exe98⤵
-
\??\c:\jdppv.exec:\jdppv.exe99⤵
-
\??\c:\rlfxlfr.exec:\rlfxlfr.exe100⤵
-
\??\c:\lflxrff.exec:\lflxrff.exe101⤵
-
\??\c:\hbtnnn.exec:\hbtnnn.exe102⤵
-
\??\c:\btnthh.exec:\btnthh.exe103⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vjppp.exec:\vjppp.exe104⤵
-
\??\c:\vvdpj.exec:\vvdpj.exe105⤵
-
\??\c:\5frrrfl.exec:\5frrrfl.exe106⤵
-
\??\c:\7fxllrx.exec:\7fxllrx.exe107⤵
-
\??\c:\1hbtnn.exec:\1hbtnn.exe108⤵
-
\??\c:\tthttt.exec:\tthttt.exe109⤵
-
\??\c:\thtbnn.exec:\thtbnn.exe110⤵
-
\??\c:\dvvjp.exec:\dvvjp.exe111⤵
-
\??\c:\5pdpv.exec:\5pdpv.exe112⤵
-
\??\c:\rlxlxxr.exec:\rlxlxxr.exe113⤵
-
\??\c:\xrlxxfx.exec:\xrlxxfx.exe114⤵
-
\??\c:\9htttt.exec:\9htttt.exe115⤵
-
\??\c:\jvpjd.exec:\jvpjd.exe116⤵
-
\??\c:\jvjpv.exec:\jvjpv.exe117⤵
-
\??\c:\7vppv.exec:\7vppv.exe118⤵
-
\??\c:\1lffxxl.exec:\1lffxxl.exe119⤵
-
\??\c:\rlrrflr.exec:\rlrrflr.exe120⤵
-
\??\c:\bnbbht.exec:\bnbbht.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-