Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
23-12-2024 03:52
General
-
Target
db19bf2fbdefa3906ce1c0f5e163d96db101e0116d42032f1febe79f450fa61c.exe
-
Size
454KB
-
MD5
22de0ac9b93345e4b13913035fe0b3cf
-
SHA1
2129c6e6a5fc00548b6a4e19e95b35a0f08b2427
-
SHA256
db19bf2fbdefa3906ce1c0f5e163d96db101e0116d42032f1febe79f450fa61c
-
SHA512
04e34c950fc1fce9717018eb2d0edbbdbc9cb502984e3ba028bff3b8de19c3a9366e8e219e88d62a340f1c0eb1e566b12398813899a3d58fc2fd7f45b106bc8d
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeToD:q7Tc2NYHUrAwfMp3CDcD
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 37 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 38 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\db19bf2fbdefa3906ce1c0f5e163d96db101e0116d42032f1febe79f450fa61c.exe"C:\Users\Admin\AppData\Local\Temp\db19bf2fbdefa3906ce1c0f5e163d96db101e0116d42032f1febe79f450fa61c.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjv.exec:\ppjjv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rllfrf.exec:\7rllfrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpvd.exec:\pjpvd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nhbbh.exec:\1nhbbh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vjjj.exec:\7vjjj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthhnn.exec:\tthhnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflfflr.exec:\fflfflr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxrxfl.exec:\flxrxfl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htntnn.exec:\htntnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrfxlr.exec:\rlrfxlr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbnnn.exec:\ttbnnn.exe12⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\3xrxrxl.exec:\3xrxrxl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhthtb.exec:\hhthtb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjp.exec:\vpjjp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxxlxl.exec:\xfxxlxl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1djpv.exec:\1djpv.exe17⤵
- Executes dropped EXE
-
\??\c:\3hthhb.exec:\3hthhb.exe18⤵
- Executes dropped EXE
-
\??\c:\vpvdj.exec:\vpvdj.exe19⤵
- Executes dropped EXE
-
\??\c:\5lrxflr.exec:\5lrxflr.exe20⤵
- Executes dropped EXE
-
\??\c:\7ttbhh.exec:\7ttbhh.exe21⤵
- Executes dropped EXE
-
\??\c:\hnbnbb.exec:\hnbnbb.exe22⤵
- Executes dropped EXE
-
\??\c:\ntbbnt.exec:\ntbbnt.exe23⤵
- Executes dropped EXE
-
\??\c:\pvdjp.exec:\pvdjp.exe24⤵
- Executes dropped EXE
-
\??\c:\rrfrfxl.exec:\rrfrfxl.exe25⤵
- Executes dropped EXE
-
\??\c:\7xfxfff.exec:\7xfxfff.exe26⤵
- Executes dropped EXE
-
\??\c:\3bbhtt.exec:\3bbhtt.exe27⤵
- Executes dropped EXE
-
\??\c:\jjvjv.exec:\jjvjv.exe28⤵
- Executes dropped EXE
-
\??\c:\hhttbb.exec:\hhttbb.exe29⤵
- Executes dropped EXE
-
\??\c:\bhhbbt.exec:\bhhbbt.exe30⤵
- Executes dropped EXE
-
\??\c:\nnbbnn.exec:\nnbbnn.exe31⤵
- Executes dropped EXE
-
\??\c:\vdvpv.exec:\vdvpv.exe32⤵
- Executes dropped EXE
-
\??\c:\3thbhb.exec:\3thbhb.exe33⤵
- Executes dropped EXE
-
\??\c:\xxlrflr.exec:\xxlrflr.exe34⤵
- Executes dropped EXE
-
\??\c:\rfrxfrx.exec:\rfrxfrx.exe35⤵
- Executes dropped EXE
-
\??\c:\hnttbb.exec:\hnttbb.exe36⤵
- Executes dropped EXE
-
\??\c:\3dpdp.exec:\3dpdp.exe37⤵
- Executes dropped EXE
-
\??\c:\3rlrfll.exec:\3rlrfll.exe38⤵
- Executes dropped EXE
-
\??\c:\xllxxlr.exec:\xllxxlr.exe39⤵
- Executes dropped EXE
-
\??\c:\bhbhht.exec:\bhbhht.exe40⤵
- Executes dropped EXE
-
\??\c:\jpjvd.exec:\jpjvd.exe41⤵
- Executes dropped EXE
-
\??\c:\xlllrxl.exec:\xlllrxl.exe42⤵
- Executes dropped EXE
-
\??\c:\5tnbhn.exec:\5tnbhn.exe43⤵
- Executes dropped EXE
-
\??\c:\3hnthn.exec:\3hnthn.exe44⤵
- Executes dropped EXE
-
\??\c:\ppdvj.exec:\ppdvj.exe45⤵
- Executes dropped EXE
-
\??\c:\7xxxlrf.exec:\7xxxlrf.exe46⤵
- Executes dropped EXE
-
\??\c:\bhntnn.exec:\bhntnn.exe47⤵
- Executes dropped EXE
-
\??\c:\jdppp.exec:\jdppp.exe48⤵
- Executes dropped EXE
-
\??\c:\rxllxfr.exec:\rxllxfr.exe49⤵
- Executes dropped EXE
-
\??\c:\llllffr.exec:\llllffr.exe50⤵
- Executes dropped EXE
-
\??\c:\7nnbnt.exec:\7nnbnt.exe51⤵
- Executes dropped EXE
-
\??\c:\5jdjv.exec:\5jdjv.exe52⤵
- Executes dropped EXE
-
\??\c:\xxflrfr.exec:\xxflrfr.exe53⤵
- Executes dropped EXE
-
\??\c:\hhtbnn.exec:\hhtbnn.exe54⤵
- Executes dropped EXE
-
\??\c:\htbnhb.exec:\htbnhb.exe55⤵
- Executes dropped EXE
-
\??\c:\ppvdp.exec:\ppvdp.exe56⤵
- Executes dropped EXE
-
\??\c:\llrxrrr.exec:\llrxrrr.exe57⤵
- Executes dropped EXE
-
\??\c:\ttbbhh.exec:\ttbbhh.exe58⤵
- Executes dropped EXE
-
\??\c:\jpjpp.exec:\jpjpp.exe59⤵
- Executes dropped EXE
-
\??\c:\pvvpp.exec:\pvvpp.exe60⤵
- Executes dropped EXE
-
\??\c:\fxrxrfl.exec:\fxrxrfl.exe61⤵
- Executes dropped EXE
-
\??\c:\bhtbhn.exec:\bhtbhn.exe62⤵
- Executes dropped EXE
-
\??\c:\pjdvj.exec:\pjdvj.exe63⤵
- Executes dropped EXE
-
\??\c:\vvpjv.exec:\vvpjv.exe64⤵
- Executes dropped EXE
-
\??\c:\lffrxff.exec:\lffrxff.exe65⤵
- Executes dropped EXE
-
\??\c:\1nhttb.exec:\1nhttb.exe66⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe67⤵
-
\??\c:\7xrlxfl.exec:\7xrlxfl.exe68⤵
-
\??\c:\rrflfrx.exec:\rrflfrx.exe69⤵
-
\??\c:\nnhhtb.exec:\nnhhtb.exe70⤵
-
\??\c:\5jdjd.exec:\5jdjd.exe71⤵
-
\??\c:\3lxxflx.exec:\3lxxflx.exe72⤵
-
\??\c:\rrlfllf.exec:\rrlfllf.exe73⤵
-
\??\c:\ttnbtb.exec:\ttnbtb.exe74⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe75⤵
-
\??\c:\xllfflx.exec:\xllfflx.exe76⤵
-
\??\c:\3tnbtb.exec:\3tnbtb.exe77⤵
-
\??\c:\nthnhh.exec:\nthnhh.exe78⤵
-
\??\c:\vppdp.exec:\vppdp.exe79⤵
-
\??\c:\rllrflx.exec:\rllrflx.exe80⤵
-
\??\c:\fxrfllr.exec:\fxrfllr.exe81⤵
-
\??\c:\bbbbth.exec:\bbbbth.exe82⤵
-
\??\c:\pdvvd.exec:\pdvvd.exe83⤵
-
\??\c:\5rlxllf.exec:\5rlxllf.exe84⤵
-
\??\c:\rrlxffr.exec:\rrlxffr.exe85⤵
-
\??\c:\bbhthn.exec:\bbhthn.exe86⤵
-
\??\c:\9vjvj.exec:\9vjvj.exe87⤵
-
\??\c:\flflflf.exec:\flflflf.exe88⤵
-
\??\c:\5lrxllf.exec:\5lrxllf.exe89⤵
-
\??\c:\9nnntb.exec:\9nnntb.exe90⤵
-
\??\c:\pvpjv.exec:\pvpjv.exe91⤵
-
\??\c:\xfllxlx.exec:\xfllxlx.exe92⤵
-
\??\c:\9bhhtb.exec:\9bhhtb.exe93⤵
-
\??\c:\nbttnt.exec:\nbttnt.exe94⤵
-
\??\c:\jvjvj.exec:\jvjvj.exe95⤵
-
\??\c:\rrrrrxf.exec:\rrrrrxf.exe96⤵
-
\??\c:\9ttthn.exec:\9ttthn.exe97⤵
-
\??\c:\1btthn.exec:\1btthn.exe98⤵
-
\??\c:\pvpvd.exec:\pvpvd.exe99⤵
-
\??\c:\fxlxxlx.exec:\fxlxxlx.exe100⤵
-
\??\c:\bhtnbn.exec:\bhtnbn.exe101⤵
-
\??\c:\vjjvv.exec:\vjjvv.exe102⤵
-
\??\c:\7dvvp.exec:\7dvvp.exe103⤵
-
\??\c:\xfffffl.exec:\xfffffl.exe104⤵
-
\??\c:\bhtbtb.exec:\bhtbtb.exe105⤵
-
\??\c:\1bnbht.exec:\1bnbht.exe106⤵
-
\??\c:\3dpvj.exec:\3dpvj.exe107⤵
-
\??\c:\llrlrlf.exec:\llrlrlf.exe108⤵
-
\??\c:\nnbnth.exec:\nnbnth.exe109⤵
-
\??\c:\bhbhnn.exec:\bhbhnn.exe110⤵
- System Location Discovery: System Language Discovery
-
\??\c:\dppdp.exec:\dppdp.exe111⤵
-
\??\c:\xffrllf.exec:\xffrllf.exe112⤵
-
\??\c:\hthtth.exec:\hthtth.exe113⤵
-
\??\c:\vdpvj.exec:\vdpvj.exe114⤵
-
\??\c:\fflrrrf.exec:\fflrrrf.exe115⤵
- System Location Discovery: System Language Discovery
-
\??\c:\9bnthh.exec:\9bnthh.exe116⤵
-
\??\c:\hnhhhh.exec:\hnhhhh.exe117⤵
-
\??\c:\ddjjj.exec:\ddjjj.exe118⤵
-
\??\c:\rrllxxr.exec:\rrllxxr.exe119⤵
-
\??\c:\nnttbb.exec:\nnttbb.exe120⤵
-
\??\c:\bbhntb.exec:\bbhntb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-