Analysis
-
max time kernel
150s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
22-12-2024 20:29
General
-
Target
2004f7c71878aa601b35c543d3134e37839b536fb305162b2ebcf1c602c9dc25.exe
-
Size
456KB
-
MD5
671231fc6158870f2a2d6cd41136fe6e
-
SHA1
3150012d1855c4e9ce9d3340f44688a5218b49df
-
SHA256
2004f7c71878aa601b35c543d3134e37839b536fb305162b2ebcf1c602c9dc25
-
SHA512
c7fde17396ad8b73a79adf7d576b4e11490642b2060955db211547eaf08d785a43c1b6c96bc397bbd506340c1f8d4665c17a635763c577837ffb90d04c54b81d
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeRV:q7Tc2NYHUrAwfMp3CDRV
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 37 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 51 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2004f7c71878aa601b35c543d3134e37839b536fb305162b2ebcf1c602c9dc25.exe"C:\Users\Admin\AppData\Local\Temp\2004f7c71878aa601b35c543d3134e37839b536fb305162b2ebcf1c602c9dc25.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vdhfjf.exec:\vdhfjf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnrxfrf.exec:\hnrxfrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fjftl.exec:\fjftl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rpnxd.exec:\rpnxd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ldvjd.exec:\ldvjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xjtrjr.exec:\xjtrjr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdxpb.exec:\pdxpb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fhxbjh.exec:\fhxbjh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xvnndj.exec:\xvnndj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rtpbd.exec:\rtpbd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lnnddfd.exec:\lnnddfd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hjfjtvl.exec:\hjfjtvl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htfjh.exec:\htfjh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tvjljn.exec:\tvjljn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tvvjrjr.exec:\tvvjrjr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttpvlfp.exec:\ttpvlfp.exe17⤵
- Executes dropped EXE
-
\??\c:\fxtlplt.exec:\fxtlplt.exe18⤵
- Executes dropped EXE
-
\??\c:\vjfjbv.exec:\vjfjbv.exe19⤵
- Executes dropped EXE
-
\??\c:\tdfbfjh.exec:\tdfbfjh.exe20⤵
- Executes dropped EXE
-
\??\c:\jpflv.exec:\jpflv.exe21⤵
- Executes dropped EXE
-
\??\c:\fjrlrr.exec:\fjrlrr.exe22⤵
- Executes dropped EXE
-
\??\c:\bbhjnxf.exec:\bbhjnxf.exe23⤵
- Executes dropped EXE
-
\??\c:\njxvd.exec:\njxvd.exe24⤵
- Executes dropped EXE
-
\??\c:\nbhbh.exec:\nbhbh.exe25⤵
- Executes dropped EXE
-
\??\c:\pjvxxlr.exec:\pjvxxlr.exe26⤵
- Executes dropped EXE
-
\??\c:\lrlbn.exec:\lrlbn.exe27⤵
- Executes dropped EXE
-
\??\c:\pnnvtbb.exec:\pnnvtbb.exe28⤵
- Executes dropped EXE
-
\??\c:\brffpb.exec:\brffpb.exe29⤵
- Executes dropped EXE
-
\??\c:\fpjxhp.exec:\fpjxhp.exe30⤵
- Executes dropped EXE
-
\??\c:\ftfdfvh.exec:\ftfdfvh.exe31⤵
- Executes dropped EXE
-
\??\c:\vvpld.exec:\vvpld.exe32⤵
- Executes dropped EXE
-
\??\c:\hpvntb.exec:\hpvntb.exe33⤵
- Executes dropped EXE
-
\??\c:\jrjfnfj.exec:\jrjfnfj.exe34⤵
- Executes dropped EXE
-
\??\c:\nrntpvj.exec:\nrntpvj.exe35⤵
- Executes dropped EXE
-
\??\c:\fpdbh.exec:\fpdbh.exe36⤵
- Executes dropped EXE
-
\??\c:\tljpn.exec:\tljpn.exe37⤵
- Executes dropped EXE
-
\??\c:\bjhxd.exec:\bjhxd.exe38⤵
- Executes dropped EXE
-
\??\c:\dbbdpd.exec:\dbbdpd.exe39⤵
- Executes dropped EXE
-
\??\c:\pbtfndt.exec:\pbtfndt.exe40⤵
- Executes dropped EXE
-
\??\c:\hnpvdj.exec:\hnpvdj.exe41⤵
- Executes dropped EXE
-
\??\c:\dnbpr.exec:\dnbpr.exe42⤵
- Executes dropped EXE
-
\??\c:\ntfrh.exec:\ntfrh.exe43⤵
- Executes dropped EXE
-
\??\c:\vvllh.exec:\vvllh.exe44⤵
- Executes dropped EXE
-
\??\c:\trrhl.exec:\trrhl.exe45⤵
- Executes dropped EXE
-
\??\c:\rplrtfv.exec:\rplrtfv.exe46⤵
- Executes dropped EXE
-
\??\c:\rbxxbbn.exec:\rbxxbbn.exe47⤵
- Executes dropped EXE
-
\??\c:\llrhl.exec:\llrhl.exe48⤵
- Executes dropped EXE
-
\??\c:\xhnhpfp.exec:\xhnhpfp.exe49⤵
- Executes dropped EXE
-
\??\c:\lxhndvr.exec:\lxhndvr.exe50⤵
- Executes dropped EXE
-
\??\c:\bbjxdj.exec:\bbjxdj.exe51⤵
- Executes dropped EXE
-
\??\c:\bndnr.exec:\bndnr.exe52⤵
- Executes dropped EXE
-
\??\c:\pxdxpr.exec:\pxdxpr.exe53⤵
- Executes dropped EXE
-
\??\c:\vlvpxjn.exec:\vlvpxjn.exe54⤵
- Executes dropped EXE
-
\??\c:\jhrjh.exec:\jhrjh.exe55⤵
- Executes dropped EXE
-
\??\c:\jxdtpjh.exec:\jxdtpjh.exe56⤵
- Executes dropped EXE
-
\??\c:\fdbbp.exec:\fdbbp.exe57⤵
- Executes dropped EXE
-
\??\c:\hdlpb.exec:\hdlpb.exe58⤵
- Executes dropped EXE
-
\??\c:\bhfpv.exec:\bhfpv.exe59⤵
- Executes dropped EXE
-
\??\c:\rfjxp.exec:\rfjxp.exe60⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\prdxt.exec:\prdxt.exe61⤵
- Executes dropped EXE
-
\??\c:\fddplh.exec:\fddplh.exe62⤵
- Executes dropped EXE
-
\??\c:\jjlxhr.exec:\jjlxhr.exe63⤵
- Executes dropped EXE
-
\??\c:\ljlph.exec:\ljlph.exe64⤵
- Executes dropped EXE
-
\??\c:\lvdxnlf.exec:\lvdxnlf.exe65⤵
- Executes dropped EXE
-
\??\c:\jlpjbj.exec:\jlpjbj.exe66⤵
-
\??\c:\flbrbj.exec:\flbrbj.exe67⤵
-
\??\c:\hpppllx.exec:\hpppllx.exe68⤵
-
\??\c:\xdpjjrl.exec:\xdpjjrl.exe69⤵
-
\??\c:\rrbbf.exec:\rrbbf.exe70⤵
-
\??\c:\dpjddpx.exec:\dpjddpx.exe71⤵
-
\??\c:\hbpnp.exec:\hbpnp.exe72⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xtlhrhb.exec:\xtlhrhb.exe73⤵
-
\??\c:\fjlhb.exec:\fjlhb.exe74⤵
-
\??\c:\hxxhdv.exec:\hxxhdv.exe75⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ldnfh.exec:\ldnfh.exe76⤵
-
\??\c:\rffljjd.exec:\rffljjd.exe77⤵
-
\??\c:\bptjl.exec:\bptjl.exe78⤵
-
\??\c:\hrrjxj.exec:\hrrjxj.exe79⤵
-
\??\c:\dlptr.exec:\dlptr.exe80⤵
-
\??\c:\jdrrjl.exec:\jdrrjl.exe81⤵
-
\??\c:\tvxhjvf.exec:\tvxhjvf.exe82⤵
-
\??\c:\rnblxrd.exec:\rnblxrd.exe83⤵
-
\??\c:\hllpjb.exec:\hllpjb.exe84⤵
-
\??\c:\bdfxd.exec:\bdfxd.exe85⤵
-
\??\c:\xjdhphx.exec:\xjdhphx.exe86⤵
-
\??\c:\hjtttbd.exec:\hjtttbd.exe87⤵
-
\??\c:\tfpxjtd.exec:\tfpxjtd.exe88⤵
-
\??\c:\rbtdn.exec:\rbtdn.exe89⤵
-
\??\c:\nrrprbp.exec:\nrrprbp.exe90⤵
-
\??\c:\vnrtjvh.exec:\vnrtjvh.exe91⤵
-
\??\c:\nlpfh.exec:\nlpfh.exe92⤵
-
\??\c:\jdfdvhj.exec:\jdfdvhj.exe93⤵
-
\??\c:\fxpvnr.exec:\fxpvnr.exe94⤵
-
\??\c:\nplhrdp.exec:\nplhrdp.exe95⤵
-
\??\c:\nnbrr.exec:\nnbrr.exe96⤵
-
\??\c:\dbvhlx.exec:\dbvhlx.exe97⤵
-
\??\c:\dnnbj.exec:\dnnbj.exe98⤵
-
\??\c:\jhfnpl.exec:\jhfnpl.exe99⤵
-
\??\c:\vnhrdpb.exec:\vnhrdpb.exe100⤵
-
\??\c:\lxndrv.exec:\lxndrv.exe101⤵
-
\??\c:\tvdfl.exec:\tvdfl.exe102⤵
-
\??\c:\lrrlprv.exec:\lrrlprv.exe103⤵
-
\??\c:\fjfnlpp.exec:\fjfnlpp.exe104⤵
-
\??\c:\pplppxh.exec:\pplppxh.exe105⤵
-
\??\c:\nbjvn.exec:\nbjvn.exe106⤵
-
\??\c:\pnpjx.exec:\pnpjx.exe107⤵
-
\??\c:\rnrfv.exec:\rnrfv.exe108⤵
-
\??\c:\bvnjr.exec:\bvnjr.exe109⤵
-
\??\c:\nlfhbpp.exec:\nlfhbpp.exe110⤵
-
\??\c:\tdxxlbn.exec:\tdxxlbn.exe111⤵
-
\??\c:\lvvjj.exec:\lvvjj.exe112⤵
-
\??\c:\rthxd.exec:\rthxd.exe113⤵
-
\??\c:\jfpbtx.exec:\jfpbtx.exe114⤵
-
\??\c:\tnbrdf.exec:\tnbrdf.exe115⤵
-
\??\c:\njldpp.exec:\njldpp.exe116⤵
-
\??\c:\jhvnv.exec:\jhvnv.exe117⤵
-
\??\c:\pvpnpj.exec:\pvpnpj.exe118⤵
-
\??\c:\fbnfvld.exec:\fbnfvld.exe119⤵
-
\??\c:\lvnvnv.exec:\lvnvnv.exe120⤵
-
\??\c:\bdxbppb.exec:\bdxbppb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-