Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
23-12-2024 21:09
General
-
Target
45928bd41becf97a265b366f383790d17a9b6ec477f488d395cb6cdecc531ae4.exe
-
Size
454KB
-
MD5
ca175a8654e17740060bd3dc7beecc4c
-
SHA1
1fca61813a09a03bc15d5d3e8904ac619cd66949
-
SHA256
45928bd41becf97a265b366f383790d17a9b6ec477f488d395cb6cdecc531ae4
-
SHA512
7b2ebc19b512ae2c36f8c9a52d2ac70ec60bfaf72ce8bb910ad43ba2eb694d79ad10d09b8535d52d8803608da17b304b54da9af807bfc20412773917138842e1
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeTx:q7Tc2NYHUrAwfMp3CDd
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 36 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 45 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\45928bd41becf97a265b366f383790d17a9b6ec477f488d395cb6cdecc531ae4.exe"C:\Users\Admin\AppData\Local\Temp\45928bd41becf97a265b366f383790d17a9b6ec477f488d395cb6cdecc531ae4.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bnthtrh.exec:\bnthtrh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhfvpbl.exec:\nhfvpbl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fhlnhx.exec:\fhlnhx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrddrh.exec:\lrddrh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thdnh.exec:\thdnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxdhn.exec:\fxxdhn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxnvhnr.exec:\rxnvhnr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lhlxflb.exec:\lhlxflb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nblvflx.exec:\nblvflx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dbdhhf.exec:\dbdhhf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nxhvxx.exec:\nxhvxx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rpllx.exec:\rpllx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vxvhrvf.exec:\vxvhrvf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hdrfpn.exec:\hdrfpn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rvnbrhr.exec:\rvnbrhr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdlnrvd.exec:\vdlnrvd.exe17⤵
- Executes dropped EXE
-
\??\c:\nbtvvr.exec:\nbtvvr.exe18⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\pplvvp.exec:\pplvvp.exe19⤵
- Executes dropped EXE
-
\??\c:\vbhbjd.exec:\vbhbjd.exe20⤵
- Executes dropped EXE
-
\??\c:\vvdrl.exec:\vvdrl.exe21⤵
- Executes dropped EXE
-
\??\c:\vbhnht.exec:\vbhnht.exe22⤵
- Executes dropped EXE
-
\??\c:\jhrbnrf.exec:\jhrbnrf.exe23⤵
- Executes dropped EXE
-
\??\c:\brfjvjb.exec:\brfjvjb.exe24⤵
- Executes dropped EXE
-
\??\c:\dfrbj.exec:\dfrbj.exe25⤵
- Executes dropped EXE
-
\??\c:\txdftl.exec:\txdftl.exe26⤵
- Executes dropped EXE
-
\??\c:\rnjbpv.exec:\rnjbpv.exe27⤵
- Executes dropped EXE
-
\??\c:\pjbtxpj.exec:\pjbtxpj.exe28⤵
- Executes dropped EXE
-
\??\c:\djddxh.exec:\djddxh.exe29⤵
- Executes dropped EXE
-
\??\c:\rbjtlb.exec:\rbjtlb.exe30⤵
- Executes dropped EXE
-
\??\c:\pttjpv.exec:\pttjpv.exe31⤵
- Executes dropped EXE
-
\??\c:\pnbtl.exec:\pnbtl.exe32⤵
- Executes dropped EXE
-
\??\c:\brhdth.exec:\brhdth.exe33⤵
- Executes dropped EXE
-
\??\c:\lfndpv.exec:\lfndpv.exe34⤵
- Executes dropped EXE
-
\??\c:\hplfvd.exec:\hplfvd.exe35⤵
- Executes dropped EXE
-
\??\c:\brvbtb.exec:\brvbtb.exe36⤵
- Executes dropped EXE
-
\??\c:\jfbrnp.exec:\jfbrnp.exe37⤵
- Executes dropped EXE
-
\??\c:\jdblxp.exec:\jdblxp.exe38⤵
- Executes dropped EXE
-
\??\c:\bljnj.exec:\bljnj.exe39⤵
- Executes dropped EXE
-
\??\c:\pdjdx.exec:\pdjdx.exe40⤵
- Executes dropped EXE
-
\??\c:\vvdvxn.exec:\vvdvxn.exe41⤵
- Executes dropped EXE
-
\??\c:\xjnvllb.exec:\xjnvllb.exe42⤵
- Executes dropped EXE
-
\??\c:\rxfjdd.exec:\rxfjdd.exe43⤵
- Executes dropped EXE
-
\??\c:\jnxdj.exec:\jnxdj.exe44⤵
- Executes dropped EXE
-
\??\c:\pdrnbp.exec:\pdrnbp.exe45⤵
- Executes dropped EXE
-
\??\c:\dhxfd.exec:\dhxfd.exe46⤵
- Executes dropped EXE
-
\??\c:\rjnrx.exec:\rjnrx.exe47⤵
- Executes dropped EXE
-
\??\c:\ntbxrnh.exec:\ntbxrnh.exe48⤵
- Executes dropped EXE
-
\??\c:\fjjfh.exec:\fjjfh.exe49⤵
- Executes dropped EXE
-
\??\c:\tdtvp.exec:\tdtvp.exe50⤵
- Executes dropped EXE
-
\??\c:\thdnr.exec:\thdnr.exe51⤵
- Executes dropped EXE
-
\??\c:\pxjhhhh.exec:\pxjhhhh.exe52⤵
- Executes dropped EXE
-
\??\c:\rjjhhd.exec:\rjjhhd.exe53⤵
- Executes dropped EXE
-
\??\c:\hpntl.exec:\hpntl.exe54⤵
- Executes dropped EXE
-
\??\c:\rjlhv.exec:\rjlhv.exe55⤵
- Executes dropped EXE
-
\??\c:\rpndjt.exec:\rpndjt.exe56⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\nbdftdn.exec:\nbdftdn.exe57⤵
- Executes dropped EXE
-
\??\c:\bhxvj.exec:\bhxvj.exe58⤵
- Executes dropped EXE
-
\??\c:\ptrbl.exec:\ptrbl.exe59⤵
- Executes dropped EXE
-
\??\c:\vftvjnj.exec:\vftvjnj.exe60⤵
- Executes dropped EXE
-
\??\c:\lbjxhbt.exec:\lbjxhbt.exe61⤵
- Executes dropped EXE
-
\??\c:\pvvjr.exec:\pvvjr.exe62⤵
- Executes dropped EXE
-
\??\c:\ndntbrj.exec:\ndntbrj.exe63⤵
- Executes dropped EXE
-
\??\c:\ntxld.exec:\ntxld.exe64⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\thnrbx.exec:\thnrbx.exe65⤵
- Executes dropped EXE
-
\??\c:\ndnhrdh.exec:\ndnhrdh.exe66⤵
-
\??\c:\jjrpdjn.exec:\jjrpdjn.exe67⤵
-
\??\c:\lvdlxdl.exec:\lvdlxdl.exe68⤵
-
\??\c:\btnlfd.exec:\btnlfd.exe69⤵
-
\??\c:\rtftvt.exec:\rtftvt.exe70⤵
-
\??\c:\dhvxpb.exec:\dhvxpb.exe71⤵
-
\??\c:\nxbxv.exec:\nxbxv.exe72⤵
-
\??\c:\hhbxprr.exec:\hhbxprr.exe73⤵
-
\??\c:\lpjrr.exec:\lpjrr.exe74⤵
-
\??\c:\vnrnrx.exec:\vnrnrx.exe75⤵
-
\??\c:\vvpdxf.exec:\vvpdxf.exe76⤵
-
\??\c:\rdjvd.exec:\rdjvd.exe77⤵
-
\??\c:\rhdhx.exec:\rhdhx.exe78⤵
-
\??\c:\rtfpn.exec:\rtfpn.exe79⤵
-
\??\c:\fjhdtdl.exec:\fjhdtdl.exe80⤵
-
\??\c:\hflphpr.exec:\hflphpr.exe81⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rhvrrlx.exec:\rhvrrlx.exe82⤵
-
\??\c:\bnxpjv.exec:\bnxpjv.exe83⤵
-
\??\c:\lddndhb.exec:\lddndhb.exe84⤵
-
\??\c:\pntvt.exec:\pntvt.exe85⤵
-
\??\c:\lrlpjt.exec:\lrlpjt.exe86⤵
-
\??\c:\nnjjnxj.exec:\nnjjnxj.exe87⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pfhbft.exec:\pfhbft.exe88⤵
-
\??\c:\rnflh.exec:\rnflh.exe89⤵
-
\??\c:\ftxpvxr.exec:\ftxpvxr.exe90⤵
-
\??\c:\lpprdjv.exec:\lpprdjv.exe91⤵
-
\??\c:\lffpbrj.exec:\lffpbrj.exe92⤵
-
\??\c:\jlvljx.exec:\jlvljx.exe93⤵
- System Location Discovery: System Language Discovery
-
\??\c:\phtnv.exec:\phtnv.exe94⤵
-
\??\c:\hldlpb.exec:\hldlpb.exe95⤵
-
\??\c:\vldpp.exec:\vldpp.exe96⤵
-
\??\c:\vjdbn.exec:\vjdbn.exe97⤵
-
\??\c:\prlpjb.exec:\prlpjb.exe98⤵
-
\??\c:\bhjhnxv.exec:\bhjhnxv.exe99⤵
-
\??\c:\ftxtp.exec:\ftxtp.exe100⤵
-
\??\c:\jrrvtlx.exec:\jrrvtlx.exe101⤵
-
\??\c:\blrtpt.exec:\blrtpt.exe102⤵
-
\??\c:\nlfhb.exec:\nlfhb.exe103⤵
-
\??\c:\xffrr.exec:\xffrr.exe104⤵
-
\??\c:\tbhnpnv.exec:\tbhnpnv.exe105⤵
-
\??\c:\dfhjvl.exec:\dfhjvl.exe106⤵
-
\??\c:\rlltp.exec:\rlltp.exe107⤵
-
\??\c:\fxdxdr.exec:\fxdxdr.exe108⤵
-
\??\c:\tndxt.exec:\tndxt.exe109⤵
-
\??\c:\pfhprh.exec:\pfhprh.exe110⤵
-
\??\c:\rtfhvbp.exec:\rtfhvbp.exe111⤵
-
\??\c:\jfpdtl.exec:\jfpdtl.exe112⤵
-
\??\c:\pblhrv.exec:\pblhrv.exe113⤵
-
\??\c:\nrbxvpn.exec:\nrbxvpn.exe114⤵
-
\??\c:\hfxlvfr.exec:\hfxlvfr.exe115⤵
-
\??\c:\xjxdrb.exec:\xjxdrb.exe116⤵
-
\??\c:\bdrxr.exec:\bdrxr.exe117⤵
-
\??\c:\bhnfph.exec:\bhnfph.exe118⤵
-
\??\c:\xnlhbp.exec:\xnlhbp.exe119⤵
-
\??\c:\jbtlvf.exec:\jbtlvf.exe120⤵
-
\??\c:\fjhfn.exec:\fjhfn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-