Analysis
-
max time kernel
120s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
25-12-2024 15:07
General
-
Target
495b6a5ed851b7f9f546c678fa1ec2d8cbbe192c5fd226689fc4240d303d5ef2N.exe
-
Size
453KB
-
MD5
0a934ccef2ab6b50cb57efd237e0c220
-
SHA1
34a6e1d72e63cc4e61da2b458f8491fbbab60364
-
SHA256
495b6a5ed851b7f9f546c678fa1ec2d8cbbe192c5fd226689fc4240d303d5ef2
-
SHA512
4fbd04e2d512845d2945ba52d591cbd0e74640c5363245278d792c3c71a094a4db757b97510c1c8df08e2ad7cb902ff2792f001e41d36a0a70c9b6c0fc502164
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeY:q7Tc2NYHUrAwfMp3CDY
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 41 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 44 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\495b6a5ed851b7f9f546c678fa1ec2d8cbbe192c5fd226689fc4240d303d5ef2N.exe"C:\Users\Admin\AppData\Local\Temp\495b6a5ed851b7f9f546c678fa1ec2d8cbbe192c5fd226689fc4240d303d5ef2N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lhvdxf.exec:\lhvdxf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhfjtb.exec:\hbhfjtb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddtrb.exec:\vddtrb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vltbxr.exec:\vltbxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rhxll.exec:\rhxll.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vxnhbd.exec:\vxnhbd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xljxht.exec:\xljxht.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xpfnt.exec:\xpfnt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bltxjfj.exec:\bltxjfj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bdtfvll.exec:\bdtfvll.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fnvppf.exec:\fnvppf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xdttlv.exec:\xdttlv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vtbjvlx.exec:\vtbjvlx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lhrtjpb.exec:\lhrtjpb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vxdrt.exec:\vxdrt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xpllht.exec:\xpllht.exe17⤵
- Executes dropped EXE
-
\??\c:\bttvn.exec:\bttvn.exe18⤵
- Executes dropped EXE
-
\??\c:\hvhhnt.exec:\hvhhnt.exe19⤵
- Executes dropped EXE
-
\??\c:\tvprxj.exec:\tvprxj.exe20⤵
- Executes dropped EXE
-
\??\c:\npfpr.exec:\npfpr.exe21⤵
- Executes dropped EXE
-
\??\c:\tvpxlp.exec:\tvpxlp.exe22⤵
- Executes dropped EXE
-
\??\c:\lpltr.exec:\lpltr.exe23⤵
- Executes dropped EXE
-
\??\c:\jjjbbx.exec:\jjjbbx.exe24⤵
- Executes dropped EXE
-
\??\c:\xntrdpd.exec:\xntrdpd.exe25⤵
- Executes dropped EXE
-
\??\c:\pxxxpt.exec:\pxxxpt.exe26⤵
- Executes dropped EXE
-
\??\c:\vlpfvrh.exec:\vlpfvrh.exe27⤵
- Executes dropped EXE
-
\??\c:\vxxndl.exec:\vxxndl.exe28⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\phlbf.exec:\phlbf.exe29⤵
- Executes dropped EXE
-
\??\c:\fdtjj.exec:\fdtjj.exe30⤵
- Executes dropped EXE
-
\??\c:\jvxrbl.exec:\jvxrbl.exe31⤵
- Executes dropped EXE
-
\??\c:\djnxv.exec:\djnxv.exe32⤵
- Executes dropped EXE
-
\??\c:\ltvtbb.exec:\ltvtbb.exe33⤵
- Executes dropped EXE
-
\??\c:\tntdbxt.exec:\tntdbxt.exe34⤵
- Executes dropped EXE
-
\??\c:\ldnbrb.exec:\ldnbrb.exe35⤵
- Executes dropped EXE
-
\??\c:\xnpndxn.exec:\xnpndxn.exe36⤵
- Executes dropped EXE
-
\??\c:\vvhljn.exec:\vvhljn.exe37⤵
- Executes dropped EXE
-
\??\c:\xxjxx.exec:\xxjxx.exe38⤵
- Executes dropped EXE
-
\??\c:\npvdlh.exec:\npvdlh.exe39⤵
- Executes dropped EXE
-
\??\c:\vbpfjt.exec:\vbpfjt.exe40⤵
- Executes dropped EXE
-
\??\c:\vjjhntp.exec:\vjjhntp.exe41⤵
- Executes dropped EXE
-
\??\c:\nltbplb.exec:\nltbplb.exe42⤵
- Executes dropped EXE
-
\??\c:\rhfrh.exec:\rhfrh.exe43⤵
- Executes dropped EXE
-
\??\c:\vrvjdv.exec:\vrvjdv.exe44⤵
- Executes dropped EXE
-
\??\c:\xlnjdp.exec:\xlnjdp.exe45⤵
- Executes dropped EXE
-
\??\c:\fbhrdn.exec:\fbhrdn.exe46⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\fdbhnrr.exec:\fdbhnrr.exe47⤵
- Executes dropped EXE
-
\??\c:\dvnvblx.exec:\dvnvblx.exe48⤵
- Executes dropped EXE
-
\??\c:\nrdbhn.exec:\nrdbhn.exe49⤵
- Executes dropped EXE
-
\??\c:\tlxdtl.exec:\tlxdtl.exe50⤵
- Executes dropped EXE
-
\??\c:\nrdbvvr.exec:\nrdbvvr.exe51⤵
- Executes dropped EXE
-
\??\c:\jhvdpr.exec:\jhvdpr.exe52⤵
- Executes dropped EXE
-
\??\c:\tnbjxpf.exec:\tnbjxpf.exe53⤵
- Executes dropped EXE
-
\??\c:\tbxxtnl.exec:\tbxxtnl.exe54⤵
- Executes dropped EXE
-
\??\c:\jppxdb.exec:\jppxdb.exe55⤵
- Executes dropped EXE
-
\??\c:\rrxvd.exec:\rrxvd.exe56⤵
- Executes dropped EXE
-
\??\c:\nvbrdf.exec:\nvbrdf.exe57⤵
- Executes dropped EXE
-
\??\c:\tntpd.exec:\tntpd.exe58⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\htrvjxt.exec:\htrvjxt.exe59⤵
- Executes dropped EXE
-
\??\c:\nxhnt.exec:\nxhnt.exe60⤵
- Executes dropped EXE
-
\??\c:\hfdnv.exec:\hfdnv.exe61⤵
- Executes dropped EXE
-
\??\c:\tllhlpt.exec:\tllhlpt.exe62⤵
- Executes dropped EXE
-
\??\c:\tvxhj.exec:\tvxhj.exe63⤵
- Executes dropped EXE
-
\??\c:\frhrd.exec:\frhrd.exe64⤵
- Executes dropped EXE
-
\??\c:\xfnfhvh.exec:\xfnfhvh.exe65⤵
- Executes dropped EXE
-
\??\c:\tvrvj.exec:\tvrvj.exe66⤵
-
\??\c:\tvxdhd.exec:\tvxdhd.exe67⤵
-
\??\c:\bhvfn.exec:\bhvfn.exe68⤵
-
\??\c:\txrvbdn.exec:\txrvbdn.exe69⤵
-
\??\c:\vdrvd.exec:\vdrvd.exe70⤵
-
\??\c:\hjplbb.exec:\hjplbb.exe71⤵
-
\??\c:\rlxfph.exec:\rlxfph.exe72⤵
-
\??\c:\bjhtp.exec:\bjhtp.exe73⤵
-
\??\c:\tflphtf.exec:\tflphtf.exe74⤵
-
\??\c:\bhnph.exec:\bhnph.exe75⤵
-
\??\c:\fbjfhnp.exec:\fbjfhnp.exe76⤵
-
\??\c:\bxntn.exec:\bxntn.exe77⤵
-
\??\c:\pjhvv.exec:\pjhvv.exe78⤵
-
\??\c:\npljlnx.exec:\npljlnx.exe79⤵
-
\??\c:\jjhvtvd.exec:\jjhvtvd.exe80⤵
-
\??\c:\pndln.exec:\pndln.exe81⤵
-
\??\c:\txvpppx.exec:\txvpppx.exe82⤵
-
\??\c:\rnhlhp.exec:\rnhlhp.exe83⤵
-
\??\c:\pnnpphx.exec:\pnnpphx.exe84⤵
-
\??\c:\jhndfh.exec:\jhndfh.exe85⤵
-
\??\c:\pptnpn.exec:\pptnpn.exe86⤵
-
\??\c:\fnnjpl.exec:\fnnjpl.exe87⤵
-
\??\c:\dvprphf.exec:\dvprphf.exe88⤵
-
\??\c:\txbvphb.exec:\txbvphb.exe89⤵
-
\??\c:\ppbtxlj.exec:\ppbtxlj.exe90⤵
-
\??\c:\rpdddl.exec:\rpdddl.exe91⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe92⤵
-
\??\c:\rtxbh.exec:\rtxbh.exe93⤵
-
\??\c:\vjhdnt.exec:\vjhdnt.exe94⤵
-
\??\c:\fjvjpfh.exec:\fjvjpfh.exe95⤵
-
\??\c:\drrhfpx.exec:\drrhfpx.exe96⤵
-
\??\c:\lrndf.exec:\lrndf.exe97⤵
-
\??\c:\tpxtlll.exec:\tpxtlll.exe98⤵
-
\??\c:\ppfpjl.exec:\ppfpjl.exe99⤵
-
\??\c:\tdddt.exec:\tdddt.exe100⤵
-
\??\c:\nrpxbjj.exec:\nrpxbjj.exe101⤵
-
\??\c:\pntxfx.exec:\pntxfx.exe102⤵
-
\??\c:\bxndjl.exec:\bxndjl.exe103⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xbftn.exec:\xbftn.exe104⤵
-
\??\c:\thdtxj.exec:\thdtxj.exe105⤵
-
\??\c:\hdxhjx.exec:\hdxhjx.exe106⤵
-
\??\c:\ddjjjv.exec:\ddjjjv.exe107⤵
-
\??\c:\fjllh.exec:\fjllh.exe108⤵
-
\??\c:\txvljph.exec:\txvljph.exe109⤵
-
\??\c:\vtrrrxp.exec:\vtrrrxp.exe110⤵
-
\??\c:\vtrnnl.exec:\vtrnnl.exe111⤵
-
\??\c:\htftfdv.exec:\htftfdv.exe112⤵
- System Location Discovery: System Language Discovery
-
\??\c:\nvnfj.exec:\nvnfj.exe113⤵
-
\??\c:\xfdtvrv.exec:\xfdtvrv.exe114⤵
-
\??\c:\xlppdvx.exec:\xlppdvx.exe115⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rjfdpf.exec:\rjfdpf.exe116⤵
-
\??\c:\jbpfvr.exec:\jbpfvr.exe117⤵
-
\??\c:\dnltrf.exec:\dnltrf.exe118⤵
-
\??\c:\vvddtn.exec:\vvddtn.exe119⤵
-
\??\c:\vxbpd.exec:\vxbpd.exe120⤵
-
\??\c:\tphfdpd.exec:\tphfdpd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-