Analysis
-
max time kernel
120s -
max time network
20s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
25-12-2024 15:46
General
-
Target
86b75aa205cc9a8b086dc79d9d76f08260fbec4daceaf8245f274f46c6545a15N.exe
-
Size
456KB
-
MD5
abc45e7e40bded452877935ebac8a4f0
-
SHA1
777244ab61d2fcb45f499325cc8e615aafe55560
-
SHA256
86b75aa205cc9a8b086dc79d9d76f08260fbec4daceaf8245f274f46c6545a15
-
SHA512
bbda582bbaff8c3fa546bebaff30223bc84b8539104c40b53bd91fd31f346c04c6f89048c4e991aa9eee9a19dd03d8766b6a775b5b52aa301d15e18cd87138c4
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeRl:q7Tc2NYHUrAwfMp3CDRl
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 43 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 47 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\86b75aa205cc9a8b086dc79d9d76f08260fbec4daceaf8245f274f46c6545a15N.exe"C:\Users\Admin\AppData\Local\Temp\86b75aa205cc9a8b086dc79d9d76f08260fbec4daceaf8245f274f46c6545a15N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vtjbnx.exec:\vtjbnx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xvljllh.exec:\xvljllh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ltxjx.exec:\ltxjx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lhpxv.exec:\lhpxv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtlh.exec:\hhtlh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddphb.exec:\ddphb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tjhnpv.exec:\tjhnpv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dxdtpdd.exec:\dxdtpdd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hjrprll.exec:\hjrprll.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hxxdxj.exec:\hxxdxj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\njhpdff.exec:\njhpdff.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dtnxtxj.exec:\dtnxtxj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjxxb.exec:\vjxxb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhrlbr.exec:\bhrlbr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvntv.exec:\jvntv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnjbb.exec:\hnjbb.exe17⤵
- Executes dropped EXE
-
\??\c:\vrrjlf.exec:\vrrjlf.exe18⤵
- Executes dropped EXE
-
\??\c:\ndnbtvl.exec:\ndnbtvl.exe19⤵
- Executes dropped EXE
-
\??\c:\nxpfnnt.exec:\nxpfnnt.exe20⤵
- Executes dropped EXE
-
\??\c:\xdjphr.exec:\xdjphr.exe21⤵
- Executes dropped EXE
-
\??\c:\bvvnjrn.exec:\bvvnjrn.exe22⤵
- Executes dropped EXE
-
\??\c:\dljtfp.exec:\dljtfp.exe23⤵
- Executes dropped EXE
-
\??\c:\jffjrd.exec:\jffjrd.exe24⤵
- Executes dropped EXE
-
\??\c:\hhfxp.exec:\hhfxp.exe25⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\dljnvv.exec:\dljnvv.exe26⤵
- Executes dropped EXE
-
\??\c:\xrlptn.exec:\xrlptn.exe27⤵
- Executes dropped EXE
-
\??\c:\jvdxvr.exec:\jvdxvr.exe28⤵
- Executes dropped EXE
-
\??\c:\lfftnbf.exec:\lfftnbf.exe29⤵
- Executes dropped EXE
-
\??\c:\xlxhxlv.exec:\xlxhxlv.exe30⤵
- Executes dropped EXE
-
\??\c:\lbfxf.exec:\lbfxf.exe31⤵
- Executes dropped EXE
-
\??\c:\pphfvd.exec:\pphfvd.exe32⤵
- Executes dropped EXE
-
\??\c:\rvfpp.exec:\rvfpp.exe33⤵
- Executes dropped EXE
-
\??\c:\nhhrtpl.exec:\nhhrtpl.exe34⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\xxnrdrt.exec:\xxnrdrt.exe35⤵
- Executes dropped EXE
-
\??\c:\dpxjjj.exec:\dpxjjj.exe36⤵
- Executes dropped EXE
-
\??\c:\hxphrv.exec:\hxphrv.exe37⤵
- Executes dropped EXE
-
\??\c:\pfndh.exec:\pfndh.exe38⤵
- Executes dropped EXE
-
\??\c:\bpvjf.exec:\bpvjf.exe39⤵
- Executes dropped EXE
-
\??\c:\bvbddpx.exec:\bvbddpx.exe40⤵
- Executes dropped EXE
-
\??\c:\frrxvd.exec:\frrxvd.exe41⤵
- Executes dropped EXE
-
\??\c:\fdtbhp.exec:\fdtbhp.exe42⤵
- Executes dropped EXE
-
\??\c:\tvlxhbr.exec:\tvlxhbr.exe43⤵
- Executes dropped EXE
-
\??\c:\vvnrpt.exec:\vvnrpt.exe44⤵
- Executes dropped EXE
-
\??\c:\tpdhd.exec:\tpdhd.exe45⤵
- Executes dropped EXE
-
\??\c:\hnvtlx.exec:\hnvtlx.exe46⤵
- Executes dropped EXE
-
\??\c:\bvrbpj.exec:\bvrbpj.exe47⤵
- Executes dropped EXE
-
\??\c:\pbtrjnn.exec:\pbtrjnn.exe48⤵
- Executes dropped EXE
-
\??\c:\vlfhdpx.exec:\vlfhdpx.exe49⤵
- Executes dropped EXE
-
\??\c:\xpldh.exec:\xpldh.exe50⤵
- Executes dropped EXE
-
\??\c:\rbbhrpx.exec:\rbbhrpx.exe51⤵
- Executes dropped EXE
-
\??\c:\fhhvnn.exec:\fhhvnn.exe52⤵
- Executes dropped EXE
-
\??\c:\thljtjl.exec:\thljtjl.exe53⤵
- Executes dropped EXE
-
\??\c:\jjrpfpf.exec:\jjrpfpf.exe54⤵
- Executes dropped EXE
-
\??\c:\trxflvn.exec:\trxflvn.exe55⤵
- Executes dropped EXE
-
\??\c:\jfbxl.exec:\jfbxl.exe56⤵
- Executes dropped EXE
-
\??\c:\frvfj.exec:\frvfj.exe57⤵
- Executes dropped EXE
-
\??\c:\lnlptb.exec:\lnlptb.exe58⤵
- Executes dropped EXE
-
\??\c:\pbjdxx.exec:\pbjdxx.exe59⤵
- Executes dropped EXE
-
\??\c:\rdxhhh.exec:\rdxhhh.exe60⤵
- Executes dropped EXE
-
\??\c:\pllpn.exec:\pllpn.exe61⤵
- Executes dropped EXE
-
\??\c:\rxbpjnt.exec:\rxbpjnt.exe62⤵
- Executes dropped EXE
-
\??\c:\rhbjdl.exec:\rhbjdl.exe63⤵
- Executes dropped EXE
-
\??\c:\dhbvb.exec:\dhbvb.exe64⤵
- Executes dropped EXE
-
\??\c:\vbjbtv.exec:\vbjbtv.exe65⤵
- Executes dropped EXE
-
\??\c:\hvjjvf.exec:\hvjjvf.exe66⤵
-
\??\c:\rxdntt.exec:\rxdntt.exe67⤵
-
\??\c:\txtxnv.exec:\txtxnv.exe68⤵
-
\??\c:\jfnlx.exec:\jfnlx.exe69⤵
-
\??\c:\txpltfl.exec:\txpltfl.exe70⤵
-
\??\c:\ltvjjj.exec:\ltvjjj.exe71⤵
- System Location Discovery: System Language Discovery
-
\??\c:\bjjjbpn.exec:\bjjjbpn.exe72⤵
-
\??\c:\vdvnb.exec:\vdvnb.exe73⤵
-
\??\c:\jbdjxr.exec:\jbdjxr.exe74⤵
-
\??\c:\djndnpb.exec:\djndnpb.exe75⤵
-
\??\c:\vnjfnd.exec:\vnjfnd.exe76⤵
-
\??\c:\rpnpr.exec:\rpnpr.exe77⤵
-
\??\c:\tlxpr.exec:\tlxpr.exe78⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hdvvp.exec:\hdvvp.exe79⤵
-
\??\c:\tffntxx.exec:\tffntxx.exe80⤵
-
\??\c:\vdpjbn.exec:\vdpjbn.exe81⤵
-
\??\c:\rxlvd.exec:\rxlvd.exe82⤵
-
\??\c:\hppttj.exec:\hppttj.exe83⤵
-
\??\c:\npxpffv.exec:\npxpffv.exe84⤵
-
\??\c:\bpltjp.exec:\bpltjp.exe85⤵
-
\??\c:\tvbnddn.exec:\tvbnddn.exe86⤵
-
\??\c:\rbrtldn.exec:\rbrtldn.exe87⤵
-
\??\c:\bfrhf.exec:\bfrhf.exe88⤵
-
\??\c:\dntdhdv.exec:\dntdhdv.exe89⤵
-
\??\c:\djtphb.exec:\djtphb.exe90⤵
-
\??\c:\bjhdvbj.exec:\bjhdvbj.exe91⤵
-
\??\c:\lbtbdvv.exec:\lbtbdvv.exe92⤵
-
\??\c:\txhfll.exec:\txhfll.exe93⤵
-
\??\c:\htntlv.exec:\htntlv.exe94⤵
-
\??\c:\xnbjx.exec:\xnbjx.exe95⤵
-
\??\c:\bvndb.exec:\bvndb.exe96⤵
-
\??\c:\hlnthn.exec:\hlnthn.exe97⤵
-
\??\c:\vjrbn.exec:\vjrbn.exe98⤵
-
\??\c:\lxhnx.exec:\lxhnx.exe99⤵
-
\??\c:\pdxlr.exec:\pdxlr.exe100⤵
-
\??\c:\rjflrjp.exec:\rjflrjp.exe101⤵
-
\??\c:\rvpjh.exec:\rvpjh.exe102⤵
-
\??\c:\vdthnnd.exec:\vdthnnd.exe103⤵
-
\??\c:\bdpjd.exec:\bdpjd.exe104⤵
-
\??\c:\vlvpnh.exec:\vlvpnh.exe105⤵
-
\??\c:\jdhnj.exec:\jdhnj.exe106⤵
-
\??\c:\hpvdfn.exec:\hpvdfn.exe107⤵
-
\??\c:\jhfjdlv.exec:\jhfjdlv.exe108⤵
-
\??\c:\trdptl.exec:\trdptl.exe109⤵
-
\??\c:\lxxtx.exec:\lxxtx.exe110⤵
-
\??\c:\tlnxbx.exec:\tlnxbx.exe111⤵
-
\??\c:\nnvxj.exec:\nnvxj.exe112⤵
-
\??\c:\lxxrhlx.exec:\lxxrhlx.exe113⤵
-
\??\c:\fxbpp.exec:\fxbpp.exe114⤵
-
\??\c:\xljhlp.exec:\xljhlp.exe115⤵
-
\??\c:\nbjhd.exec:\nbjhd.exe116⤵
-
\??\c:\jtvpt.exec:\jtvpt.exe117⤵
-
\??\c:\xjxjr.exec:\xjxjr.exe118⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vjvrvd.exec:\vjvrvd.exe119⤵
-
\??\c:\njvvlp.exec:\njvvlp.exe120⤵
-
\??\c:\bjpnb.exec:\bjpnb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-