Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
23-12-2024 04:50
General
-
Target
fae5a57922f30e51062af129e682d364be707a58001ee81ee57467fe3f2675b0.exe
-
Size
453KB
-
MD5
c5b5de336ea7eef236a9288b6b151c58
-
SHA1
cddfbc4f2a763e854eab6c59a006e5cfa9112f2b
-
SHA256
fae5a57922f30e51062af129e682d364be707a58001ee81ee57467fe3f2675b0
-
SHA512
5b5f8fc1d03318b05da3d5d3aefdc320d98a3c880f50c0706c66b404acb0bff96f13e590ea2ee19fd6af50f96dc5a81eec3f75add2e13913eb1667f1cbf8e81e
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbe+:q7Tc2NYHUrAwfMp3CD+
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 40 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 44 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fae5a57922f30e51062af129e682d364be707a58001ee81ee57467fe3f2675b0.exe"C:\Users\Admin\AppData\Local\Temp\fae5a57922f30e51062af129e682d364be707a58001ee81ee57467fe3f2675b0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvvj.exec:\jjvvj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnbhh.exec:\hbnbhh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xrrxxl.exec:\3xrrxxl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dpdp.exec:\5dpdp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrrxxl.exec:\lfrrxxl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthtbb.exec:\hthtbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dpjp.exec:\3dpjp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xllxrf.exec:\5xllxrf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvddd.exec:\pvddd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrlrxx.exec:\xlrlrxx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3btbhh.exec:\3btbhh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppd.exec:\jdppd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbhh.exec:\tnbbhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jvdd.exec:\3jvdd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhnn.exec:\bnnhnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvvv.exec:\pvvvv.exe17⤵
- Executes dropped EXE
-
\??\c:\thnthh.exec:\thnthh.exe18⤵
- Executes dropped EXE
-
\??\c:\hbbnbb.exec:\hbbnbb.exe19⤵
- Executes dropped EXE
-
\??\c:\ffxfrrx.exec:\ffxfrrx.exe20⤵
- Executes dropped EXE
-
\??\c:\5hbhnb.exec:\5hbhnb.exe21⤵
- Executes dropped EXE
-
\??\c:\xrfxlfl.exec:\xrfxlfl.exe22⤵
- Executes dropped EXE
-
\??\c:\7pdjp.exec:\7pdjp.exe23⤵
- Executes dropped EXE
-
\??\c:\rlflrxl.exec:\rlflrxl.exe24⤵
- Executes dropped EXE
-
\??\c:\hbnnbb.exec:\hbnnbb.exe25⤵
- Executes dropped EXE
-
\??\c:\9xrlxxl.exec:\9xrlxxl.exe26⤵
- Executes dropped EXE
-
\??\c:\hthbhb.exec:\hthbhb.exe27⤵
- Executes dropped EXE
-
\??\c:\7dpdp.exec:\7dpdp.exe28⤵
- Executes dropped EXE
-
\??\c:\vpvdp.exec:\vpvdp.exe29⤵
- Executes dropped EXE
-
\??\c:\lxlrrlx.exec:\lxlrrlx.exe30⤵
- Executes dropped EXE
-
\??\c:\pdddd.exec:\pdddd.exe31⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pjdjj.exec:\pjdjj.exe32⤵
- Executes dropped EXE
-
\??\c:\dvjvd.exec:\dvjvd.exe33⤵
- Executes dropped EXE
-
\??\c:\xrfxxxf.exec:\xrfxxxf.exe34⤵
- Executes dropped EXE
-
\??\c:\thbthb.exec:\thbthb.exe35⤵
- Executes dropped EXE
-
\??\c:\7flflfl.exec:\7flflfl.exe36⤵
- Executes dropped EXE
-
\??\c:\hthhtb.exec:\hthhtb.exe37⤵
- Executes dropped EXE
-
\??\c:\httntb.exec:\httntb.exe38⤵
- Executes dropped EXE
-
\??\c:\djvpp.exec:\djvpp.exe39⤵
- Executes dropped EXE
-
\??\c:\1xlxrll.exec:\1xlxrll.exe40⤵
- Executes dropped EXE
-
\??\c:\tnbhnn.exec:\tnbhnn.exe41⤵
- Executes dropped EXE
-
\??\c:\tthhtb.exec:\tthhtb.exe42⤵
- Executes dropped EXE
-
\??\c:\3vjpv.exec:\3vjpv.exe43⤵
- Executes dropped EXE
-
\??\c:\rxlfrlr.exec:\rxlfrlr.exe44⤵
- Executes dropped EXE
-
\??\c:\nbhhtn.exec:\nbhhtn.exe45⤵
- Executes dropped EXE
-
\??\c:\9djjj.exec:\9djjj.exe46⤵
- Executes dropped EXE
-
\??\c:\3pjdd.exec:\3pjdd.exe47⤵
- Executes dropped EXE
-
\??\c:\xrrrffr.exec:\xrrrffr.exe48⤵
- Executes dropped EXE
-
\??\c:\xrrxrff.exec:\xrrxrff.exe49⤵
- Executes dropped EXE
-
\??\c:\htbbbb.exec:\htbbbb.exe50⤵
- Executes dropped EXE
-
\??\c:\vpjdj.exec:\vpjdj.exe51⤵
- Executes dropped EXE
-
\??\c:\rfflfxx.exec:\rfflfxx.exe52⤵
- Executes dropped EXE
-
\??\c:\5lrrxrr.exec:\5lrrxrr.exe53⤵
- Executes dropped EXE
-
\??\c:\thbntt.exec:\thbntt.exe54⤵
- Executes dropped EXE
-
\??\c:\1jppp.exec:\1jppp.exe55⤵
- Executes dropped EXE
-
\??\c:\1jjjj.exec:\1jjjj.exe56⤵
- Executes dropped EXE
-
\??\c:\rfrxffl.exec:\rfrxffl.exe57⤵
- Executes dropped EXE
-
\??\c:\btbhhn.exec:\btbhhn.exe58⤵
- Executes dropped EXE
-
\??\c:\vppvd.exec:\vppvd.exe59⤵
- Executes dropped EXE
-
\??\c:\5vjvj.exec:\5vjvj.exe60⤵
- Executes dropped EXE
-
\??\c:\7xrfxrx.exec:\7xrfxrx.exe61⤵
- Executes dropped EXE
-
\??\c:\7xlfffl.exec:\7xlfffl.exe62⤵
- Executes dropped EXE
-
\??\c:\httnnh.exec:\httnnh.exe63⤵
- Executes dropped EXE
-
\??\c:\vjppp.exec:\vjppp.exe64⤵
- Executes dropped EXE
-
\??\c:\3djjj.exec:\3djjj.exe65⤵
- Executes dropped EXE
-
\??\c:\lxlrfxf.exec:\lxlrfxf.exe66⤵
- Executes dropped EXE
-
\??\c:\1nbttt.exec:\1nbttt.exe67⤵
-
\??\c:\9bnhhh.exec:\9bnhhh.exe68⤵
-
\??\c:\5dvvv.exec:\5dvvv.exe69⤵
-
\??\c:\3lxflrr.exec:\3lxflrr.exe70⤵
-
\??\c:\frxrrrx.exec:\frxrrrx.exe71⤵
-
\??\c:\9nnbhh.exec:\9nnbhh.exe72⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe73⤵
-
\??\c:\xxxxxff.exec:\xxxxxff.exe74⤵
-
\??\c:\fxrxxrr.exec:\fxrxxrr.exe75⤵
-
\??\c:\thbhtb.exec:\thbhtb.exe76⤵
-
\??\c:\pdjjp.exec:\pdjjp.exe77⤵
-
\??\c:\lxrfffl.exec:\lxrfffl.exe78⤵
-
\??\c:\xrflrlx.exec:\xrflrlx.exe79⤵
-
\??\c:\nbhntb.exec:\nbhntb.exe80⤵
-
\??\c:\7dddd.exec:\7dddd.exe81⤵
-
\??\c:\jjddd.exec:\jjddd.exe82⤵
-
\??\c:\5fflllr.exec:\5fflllr.exe83⤵
-
\??\c:\hbhbbb.exec:\hbhbbb.exe84⤵
-
\??\c:\3djjv.exec:\3djjv.exe85⤵
-
\??\c:\3frrrrf.exec:\3frrrrf.exe86⤵
-
\??\c:\9ffxrll.exec:\9ffxrll.exe87⤵
-
\??\c:\bnbbhh.exec:\bnbbhh.exe88⤵
-
\??\c:\3vjjj.exec:\3vjjj.exe89⤵
-
\??\c:\llxxxxf.exec:\llxxxxf.exe90⤵
-
\??\c:\1rxrxxx.exec:\1rxrxxx.exe91⤵
-
\??\c:\3htthn.exec:\3htthn.exe92⤵
-
\??\c:\9pdvd.exec:\9pdvd.exe93⤵
-
\??\c:\lxlfffr.exec:\lxlfffr.exe94⤵
-
\??\c:\9xrrrxx.exec:\9xrrrxx.exe95⤵
-
\??\c:\nttbnb.exec:\nttbnb.exe96⤵
-
\??\c:\7pjjd.exec:\7pjjd.exe97⤵
-
\??\c:\3dpvj.exec:\3dpvj.exe98⤵
-
\??\c:\1rxxflr.exec:\1rxxflr.exe99⤵
-
\??\c:\nhbhtb.exec:\nhbhtb.exe100⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe101⤵
-
\??\c:\vjdvj.exec:\vjdvj.exe102⤵
-
\??\c:\rllfllr.exec:\rllfllr.exe103⤵
-
\??\c:\nbnnbb.exec:\nbnnbb.exe104⤵
-
\??\c:\nbnnnt.exec:\nbnnnt.exe105⤵
-
\??\c:\pjpvj.exec:\pjpvj.exe106⤵
- System Location Discovery: System Language Discovery
-
\??\c:\frllrxl.exec:\frllrxl.exe107⤵
-
\??\c:\lflrfxl.exec:\lflrfxl.exe108⤵
-
\??\c:\nhhntb.exec:\nhhntb.exe109⤵
-
\??\c:\dvpdj.exec:\dvpdj.exe110⤵
-
\??\c:\pdppp.exec:\pdppp.exe111⤵
-
\??\c:\9rxrrxf.exec:\9rxrrxf.exe112⤵
-
\??\c:\1tnnbh.exec:\1tnnbh.exe113⤵
-
\??\c:\nnhnht.exec:\nnhnht.exe114⤵
-
\??\c:\jdppp.exec:\jdppp.exe115⤵
-
\??\c:\llllrxf.exec:\llllrxf.exe116⤵
-
\??\c:\3xlfllx.exec:\3xlfllx.exe117⤵
-
\??\c:\hbnhbb.exec:\hbnhbb.exe118⤵
-
\??\c:\vvpvd.exec:\vvpvd.exe119⤵
-
\??\c:\xxlrflx.exec:\xxlrflx.exe120⤵
-
\??\c:\tthnbh.exec:\tthnbh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-