Analysis
-
max time kernel
120s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
25-12-2024 14:48
General
-
Target
23dae8ac2c6b6fbcfc3d92db1ebf5a917b8246bab467fcfafb211ced4939e07fN.exe
-
Size
454KB
-
MD5
a7937f4f2f9201749842748e63920370
-
SHA1
981d3c1fa0053d8d93fd0ad720676498695ea4f1
-
SHA256
23dae8ac2c6b6fbcfc3d92db1ebf5a917b8246bab467fcfafb211ced4939e07f
-
SHA512
62b344d5310dddfb40b79c4e637f77e91ce6d28f9d4ef6991aa790ac8557502853da371ed5c2991a2018b657533a1f72b6a9be7e7096c448d881071dd056cd86
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbes:q7Tc2NYHUrAwfMp3CDs
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 39 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 45 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\23dae8ac2c6b6fbcfc3d92db1ebf5a917b8246bab467fcfafb211ced4939e07fN.exe"C:\Users\Admin\AppData\Local\Temp\23dae8ac2c6b6fbcfc3d92db1ebf5a917b8246bab467fcfafb211ced4939e07fN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\htjlbtt.exec:\htjlbtt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ldxjvpn.exec:\ldxjvpn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjnbrjl.exec:\jjnbrjl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fdxvldv.exec:\fdxvldv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jrdhhlb.exec:\jrdhhlb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxhfd.exec:\lxhfd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\brdppp.exec:\brdppp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvnjn.exec:\dvnjn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dttjphd.exec:\dttjphd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbjrfj.exec:\nbjrfj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bjrxb.exec:\bjrxb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lhhpdhv.exec:\lhhpdhv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pfhfnl.exec:\pfhfnl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrxv.exec:\rxrxv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lpdfb.exec:\lpdfb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdlr.exec:\dvdlr.exe17⤵
- Executes dropped EXE
-
\??\c:\jxlbl.exec:\jxlbl.exe18⤵
- Executes dropped EXE
-
\??\c:\xrtxf.exec:\xrtxf.exe19⤵
- Executes dropped EXE
-
\??\c:\lhhtfnd.exec:\lhhtfnd.exe20⤵
- Executes dropped EXE
-
\??\c:\bfxpthr.exec:\bfxpthr.exe21⤵
- Executes dropped EXE
-
\??\c:\lvfljvj.exec:\lvfljvj.exe22⤵
- Executes dropped EXE
-
\??\c:\nrxfd.exec:\nrxfd.exe23⤵
- Executes dropped EXE
-
\??\c:\rhvnbv.exec:\rhvnbv.exe24⤵
- Executes dropped EXE
-
\??\c:\ndblr.exec:\ndblr.exe25⤵
- Executes dropped EXE
-
\??\c:\dnhftvb.exec:\dnhftvb.exe26⤵
- Executes dropped EXE
-
\??\c:\bhbvfr.exec:\bhbvfr.exe27⤵
- Executes dropped EXE
-
\??\c:\ntlhn.exec:\ntlhn.exe28⤵
- Executes dropped EXE
-
\??\c:\dpdpp.exec:\dpdpp.exe29⤵
- Executes dropped EXE
-
\??\c:\hjvlbx.exec:\hjvlbx.exe30⤵
- Executes dropped EXE
-
\??\c:\lthxbx.exec:\lthxbx.exe31⤵
- Executes dropped EXE
-
\??\c:\vxxdhjl.exec:\vxxdhjl.exe32⤵
- Executes dropped EXE
-
\??\c:\xxjnhh.exec:\xxjnhh.exe33⤵
- Executes dropped EXE
-
\??\c:\dplljrr.exec:\dplljrr.exe34⤵
- Executes dropped EXE
-
\??\c:\xxllht.exec:\xxllht.exe35⤵
- Executes dropped EXE
-
\??\c:\fvvhvf.exec:\fvvhvf.exe36⤵
- Executes dropped EXE
-
\??\c:\nfjhr.exec:\nfjhr.exe37⤵
- Executes dropped EXE
-
\??\c:\llrfllt.exec:\llrfllt.exe38⤵
- Executes dropped EXE
-
\??\c:\brlpjhv.exec:\brlpjhv.exe39⤵
- Executes dropped EXE
-
\??\c:\rlptt.exec:\rlptt.exe40⤵
- Executes dropped EXE
-
\??\c:\vdvnh.exec:\vdvnh.exe41⤵
- Executes dropped EXE
-
\??\c:\tjvnnj.exec:\tjvnnj.exe42⤵
- Executes dropped EXE
-
\??\c:\hvndprh.exec:\hvndprh.exe43⤵
- Executes dropped EXE
-
\??\c:\tfvll.exec:\tfvll.exe44⤵
- Executes dropped EXE
-
\??\c:\hhpvt.exec:\hhpvt.exe45⤵
- Executes dropped EXE
-
\??\c:\jbhjd.exec:\jbhjd.exe46⤵
- Executes dropped EXE
-
\??\c:\tfjlxhn.exec:\tfjlxhn.exe47⤵
- Executes dropped EXE
-
\??\c:\tptrxt.exec:\tptrxt.exe48⤵
- Executes dropped EXE
-
\??\c:\fdjxxh.exec:\fdjxxh.exe49⤵
- Executes dropped EXE
-
\??\c:\jrjjj.exec:\jrjjj.exe50⤵
- Executes dropped EXE
-
\??\c:\ndrnt.exec:\ndrnt.exe51⤵
- Executes dropped EXE
-
\??\c:\vtpndh.exec:\vtpndh.exe52⤵
- Executes dropped EXE
-
\??\c:\dtffj.exec:\dtffj.exe53⤵
- Executes dropped EXE
-
\??\c:\tfpjv.exec:\tfpjv.exe54⤵
- Executes dropped EXE
-
\??\c:\rfrpdpn.exec:\rfrpdpn.exe55⤵
- Executes dropped EXE
-
\??\c:\vjflh.exec:\vjflh.exe56⤵
- Executes dropped EXE
-
\??\c:\vlfdhnx.exec:\vlfdhnx.exe57⤵
- Executes dropped EXE
-
\??\c:\pbdvh.exec:\pbdvh.exe58⤵
- Executes dropped EXE
-
\??\c:\dndpbf.exec:\dndpbf.exe59⤵
- Executes dropped EXE
-
\??\c:\jbvnnv.exec:\jbvnnv.exe60⤵
- Executes dropped EXE
-
\??\c:\nxvnft.exec:\nxvnft.exe61⤵
- Executes dropped EXE
-
\??\c:\pvjtn.exec:\pvjtn.exe62⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\ljlxb.exec:\ljlxb.exe63⤵
- Executes dropped EXE
-
\??\c:\tflrd.exec:\tflrd.exe64⤵
- Executes dropped EXE
-
\??\c:\bdbnvbv.exec:\bdbnvbv.exe65⤵
- Executes dropped EXE
-
\??\c:\flvplnp.exec:\flvplnp.exe66⤵
-
\??\c:\nptlp.exec:\nptlp.exe67⤵
-
\??\c:\hddrnrj.exec:\hddrnrj.exe68⤵
-
\??\c:\hdlrnvh.exec:\hdlrnvh.exe69⤵
-
\??\c:\lvldv.exec:\lvldv.exe70⤵
-
\??\c:\hjlht.exec:\hjlht.exe71⤵
-
\??\c:\xxvth.exec:\xxvth.exe72⤵
-
\??\c:\nfppjxv.exec:\nfppjxv.exe73⤵
-
\??\c:\lpdtf.exec:\lpdtf.exe74⤵
-
\??\c:\lxddlt.exec:\lxddlt.exe75⤵
-
\??\c:\lflvbff.exec:\lflvbff.exe76⤵
-
\??\c:\xnfnvnj.exec:\xnfnvnj.exe77⤵
-
\??\c:\pxfdb.exec:\pxfdb.exe78⤵
-
\??\c:\bxflxdh.exec:\bxflxdh.exe79⤵
-
\??\c:\pxpxnbv.exec:\pxpxnbv.exe80⤵
-
\??\c:\hrhjj.exec:\hrhjj.exe81⤵
-
\??\c:\lnbhv.exec:\lnbhv.exe82⤵
- System Location Discovery: System Language Discovery
-
\??\c:\bbblff.exec:\bbblff.exe83⤵
-
\??\c:\hfrrntj.exec:\hfrrntj.exe84⤵
-
\??\c:\hjlldv.exec:\hjlldv.exe85⤵
-
\??\c:\nnrdll.exec:\nnrdll.exe86⤵
-
\??\c:\vlbbbp.exec:\vlbbbp.exe87⤵
-
\??\c:\fnndp.exec:\fnndp.exe88⤵
-
\??\c:\bbxbjxv.exec:\bbxbjxv.exe89⤵
-
\??\c:\rjdpr.exec:\rjdpr.exe90⤵
-
\??\c:\rdhnt.exec:\rdhnt.exe91⤵
-
\??\c:\nfbxh.exec:\nfbxh.exe92⤵
-
\??\c:\fbxtxf.exec:\fbxtxf.exe93⤵
-
\??\c:\dfppjl.exec:\dfppjl.exe94⤵
-
\??\c:\hdbpvn.exec:\hdbpvn.exe95⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hltjpjx.exec:\hltjpjx.exe96⤵
-
\??\c:\fxrxv.exec:\fxrxv.exe97⤵
-
\??\c:\xxtvnn.exec:\xxtvnn.exe98⤵
-
\??\c:\pjntx.exec:\pjntx.exe99⤵
-
\??\c:\dvvdvpv.exec:\dvvdvpv.exe100⤵
-
\??\c:\fblbxt.exec:\fblbxt.exe101⤵
-
\??\c:\djhfj.exec:\djhfj.exe102⤵
-
\??\c:\pjvjhx.exec:\pjvjhx.exe103⤵
-
\??\c:\pxxdphn.exec:\pxxdphn.exe104⤵
-
\??\c:\lhtvd.exec:\lhtvd.exe105⤵
-
\??\c:\htvfr.exec:\htvfr.exe106⤵
-
\??\c:\fpnvxf.exec:\fpnvxf.exe107⤵
-
\??\c:\jfrdxp.exec:\jfrdxp.exe108⤵
-
\??\c:\tdhhlf.exec:\tdhhlf.exe109⤵
-
\??\c:\xppfnpr.exec:\xppfnpr.exe110⤵
-
\??\c:\tjdtd.exec:\tjdtd.exe111⤵
-
\??\c:\rntfpf.exec:\rntfpf.exe112⤵
-
\??\c:\hvlfpn.exec:\hvlfpn.exe113⤵
-
\??\c:\hdxpfx.exec:\hdxpfx.exe114⤵
-
\??\c:\lxftxxj.exec:\lxftxxj.exe115⤵
-
\??\c:\rhddlp.exec:\rhddlp.exe116⤵
-
\??\c:\rhjlj.exec:\rhjlj.exe117⤵
-
\??\c:\bxpdrjt.exec:\bxpdrjt.exe118⤵
-
\??\c:\jxbrn.exec:\jxbrn.exe119⤵
-
\??\c:\rhlhl.exec:\rhlhl.exe120⤵
-
\??\c:\bxlrphv.exec:\bxlrphv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-