Analysis
-
max time kernel
120s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
25-12-2024 15:10
General
-
Target
a329da412d79fda5b7f1a67b901f471e399111de884263e0a508ca53e9d1978f.exe
-
Size
454KB
-
MD5
c0392c0ff101d60b76bfb77cc11a67e5
-
SHA1
e01deb98191bc1816ffc673dd02f4a3f6214e4c6
-
SHA256
a329da412d79fda5b7f1a67b901f471e399111de884263e0a508ca53e9d1978f
-
SHA512
3051f5e8afe40ec5e8ce33ceba06f491dde3df1e27428419545c09086f0667642adbecbd827c6eeb6ee9047ced2b3c048542940de06ffd5700ed3ceb1db950ec
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeTl:q7Tc2NYHUrAwfMp3CDJ
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 40 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 48 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a329da412d79fda5b7f1a67b901f471e399111de884263e0a508ca53e9d1978f.exe"C:\Users\Admin\AppData\Local\Temp\a329da412d79fda5b7f1a67b901f471e399111de884263e0a508ca53e9d1978f.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jlxrhjl.exec:\jlxrhjl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjjpll.exec:\jpjjpll.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jbpffp.exec:\jbpffp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jnjvp.exec:\jnjvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbdxpfp.exec:\tbdxpfp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddhpb.exec:\ddhpb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bllnv.exec:\bllnv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rnjjttj.exec:\rnjjttj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrhbj.exec:\xrhbj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ldvfh.exec:\ldvfh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rvrdrn.exec:\rvrdrn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vlhjjb.exec:\vlhjjb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bvdthd.exec:\bvdthd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dfnljr.exec:\dfnljr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pndbh.exec:\pndbh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdrdbl.exec:\ppdrdbl.exe17⤵
- Executes dropped EXE
-
\??\c:\rrrvp.exec:\rrrvp.exe18⤵
- Executes dropped EXE
-
\??\c:\bdrxxn.exec:\bdrxxn.exe19⤵
- Executes dropped EXE
-
\??\c:\tbxbpt.exec:\tbxbpt.exe20⤵
- Executes dropped EXE
-
\??\c:\blnxb.exec:\blnxb.exe21⤵
- Executes dropped EXE
-
\??\c:\pllljtl.exec:\pllljtl.exe22⤵
- Executes dropped EXE
-
\??\c:\npjjr.exec:\npjjr.exe23⤵
- Executes dropped EXE
-
\??\c:\lrfdxlp.exec:\lrfdxlp.exe24⤵
- Executes dropped EXE
-
\??\c:\rpxltt.exec:\rpxltt.exe25⤵
- Executes dropped EXE
-
\??\c:\fdhrtl.exec:\fdhrtl.exe26⤵
- Executes dropped EXE
-
\??\c:\bltpl.exec:\bltpl.exe27⤵
- Executes dropped EXE
-
\??\c:\tfvvfhj.exec:\tfvvfhj.exe28⤵
- Executes dropped EXE
-
\??\c:\fjddt.exec:\fjddt.exe29⤵
- Executes dropped EXE
-
\??\c:\tvphnfl.exec:\tvphnfl.exe30⤵
- Executes dropped EXE
-
\??\c:\hnpdpvb.exec:\hnpdpvb.exe31⤵
- Executes dropped EXE
-
\??\c:\rxxvn.exec:\rxxvn.exe32⤵
- Executes dropped EXE
-
\??\c:\dhtlxt.exec:\dhtlxt.exe33⤵
- Executes dropped EXE
-
\??\c:\ntvvx.exec:\ntvvx.exe34⤵
- Executes dropped EXE
-
\??\c:\ddbvbnf.exec:\ddbvbnf.exe35⤵
- Executes dropped EXE
-
\??\c:\lpjfj.exec:\lpjfj.exe36⤵
- Executes dropped EXE
-
\??\c:\lhjtlfj.exec:\lhjtlfj.exe37⤵
- Executes dropped EXE
-
\??\c:\xhlrb.exec:\xhlrb.exe38⤵
- Executes dropped EXE
-
\??\c:\hlntjtt.exec:\hlntjtt.exe39⤵
- Executes dropped EXE
-
\??\c:\txrnb.exec:\txrnb.exe40⤵
- Executes dropped EXE
-
\??\c:\pxxrd.exec:\pxxrd.exe41⤵
- Executes dropped EXE
-
\??\c:\pjnvdb.exec:\pjnvdb.exe42⤵
- Executes dropped EXE
-
\??\c:\bxbvj.exec:\bxbvj.exe43⤵
- Executes dropped EXE
-
\??\c:\rvbblrd.exec:\rvbblrd.exe44⤵
- Executes dropped EXE
-
\??\c:\jlhldph.exec:\jlhldph.exe45⤵
- Executes dropped EXE
-
\??\c:\ddvjrrb.exec:\ddvjrrb.exe46⤵
- Executes dropped EXE
-
\??\c:\hpnhbdp.exec:\hpnhbdp.exe47⤵
- Executes dropped EXE
-
\??\c:\pblbjx.exec:\pblbjx.exe48⤵
- Executes dropped EXE
-
\??\c:\dbdtdbn.exec:\dbdtdbn.exe49⤵
- Executes dropped EXE
-
\??\c:\ttnjrrn.exec:\ttnjrrn.exe50⤵
- Executes dropped EXE
-
\??\c:\jhrxrxl.exec:\jhrxrxl.exe51⤵
- Executes dropped EXE
-
\??\c:\hhbrt.exec:\hhbrt.exe52⤵
- Executes dropped EXE
-
\??\c:\hnxxj.exec:\hnxxj.exe53⤵
- Executes dropped EXE
-
\??\c:\dxdrrb.exec:\dxdrrb.exe54⤵
- Executes dropped EXE
-
\??\c:\dptnx.exec:\dptnx.exe55⤵
- Executes dropped EXE
-
\??\c:\nvdhvff.exec:\nvdhvff.exe56⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\ntfth.exec:\ntfth.exe57⤵
- Executes dropped EXE
-
\??\c:\hfjpndr.exec:\hfjpndr.exe58⤵
- Executes dropped EXE
-
\??\c:\txhjpb.exec:\txhjpb.exe59⤵
- Executes dropped EXE
-
\??\c:\tvtlj.exec:\tvtlj.exe60⤵
- Executes dropped EXE
-
\??\c:\dfjpthh.exec:\dfjpthh.exe61⤵
- Executes dropped EXE
-
\??\c:\pdbrhfd.exec:\pdbrhfd.exe62⤵
- Executes dropped EXE
-
\??\c:\htbbl.exec:\htbbl.exe63⤵
- Executes dropped EXE
-
\??\c:\dxpjrp.exec:\dxpjrp.exe64⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\fbjnll.exec:\fbjnll.exe65⤵
- Executes dropped EXE
-
\??\c:\pbhdjb.exec:\pbhdjb.exe66⤵
-
\??\c:\tbvpjv.exec:\tbvpjv.exe67⤵
-
\??\c:\jjjvbd.exec:\jjjvbd.exe68⤵
-
\??\c:\dnntltb.exec:\dnntltb.exe69⤵
-
\??\c:\lvvlln.exec:\lvvlln.exe70⤵
-
\??\c:\lrpprxr.exec:\lrpprxr.exe71⤵
-
\??\c:\bfbjnv.exec:\bfbjnv.exe72⤵
-
\??\c:\vjfbld.exec:\vjfbld.exe73⤵
-
\??\c:\tvptfb.exec:\tvptfb.exe74⤵
-
\??\c:\rbtxf.exec:\rbtxf.exe75⤵
-
\??\c:\txjnb.exec:\txjnb.exe76⤵
-
\??\c:\fvvlj.exec:\fvvlj.exe77⤵
-
\??\c:\nhvlhp.exec:\nhvlhp.exe78⤵
-
\??\c:\ppvrrrl.exec:\ppvrrrl.exe79⤵
-
\??\c:\xtjpl.exec:\xtjpl.exe80⤵
-
\??\c:\dflxltt.exec:\dflxltt.exe81⤵
-
\??\c:\dllvl.exec:\dllvl.exe82⤵
-
\??\c:\rvxnvlr.exec:\rvxnvlr.exe83⤵
-
\??\c:\dptjpx.exec:\dptjpx.exe84⤵
-
\??\c:\vftbb.exec:\vftbb.exe85⤵
-
\??\c:\xbltrt.exec:\xbltrt.exe86⤵
-
\??\c:\rnjbxd.exec:\rnjbxd.exe87⤵
-
\??\c:\htfvfdp.exec:\htfvfdp.exe88⤵
-
\??\c:\bbhnv.exec:\bbhnv.exe89⤵
-
\??\c:\vfftbp.exec:\vfftbp.exe90⤵
-
\??\c:\prbxn.exec:\prbxn.exe91⤵
-
\??\c:\xjbbbpr.exec:\xjbbbpr.exe92⤵
-
\??\c:\hntprjv.exec:\hntprjv.exe93⤵
-
\??\c:\frrrblj.exec:\frrrblj.exe94⤵
-
\??\c:\jxnfdxb.exec:\jxnfdxb.exe95⤵
-
\??\c:\ntnrpft.exec:\ntnrpft.exe96⤵
-
\??\c:\jhflvvv.exec:\jhflvvv.exe97⤵
-
\??\c:\xpvpd.exec:\xpvpd.exe98⤵
-
\??\c:\prdptpl.exec:\prdptpl.exe99⤵
-
\??\c:\lbjxl.exec:\lbjxl.exe100⤵
-
\??\c:\vrtddr.exec:\vrtddr.exe101⤵
-
\??\c:\vdtpv.exec:\vdtpv.exe102⤵
-
\??\c:\dtnjn.exec:\dtnjn.exe103⤵
-
\??\c:\vbddrb.exec:\vbddrb.exe104⤵
-
\??\c:\tbdfh.exec:\tbdfh.exe105⤵
-
\??\c:\dlbjlvx.exec:\dlbjlvx.exe106⤵
-
\??\c:\jhhfdp.exec:\jhhfdp.exe107⤵
-
\??\c:\bbthhvt.exec:\bbthhvt.exe108⤵
-
\??\c:\nnhtlhl.exec:\nnhtlhl.exe109⤵
-
\??\c:\blbpdv.exec:\blbpdv.exe110⤵
-
\??\c:\dvhbtv.exec:\dvhbtv.exe111⤵
-
\??\c:\dnbhrj.exec:\dnbhrj.exe112⤵
-
\??\c:\fpftfd.exec:\fpftfd.exe113⤵
- System Location Discovery: System Language Discovery
-
\??\c:\nvtnnh.exec:\nvtnnh.exe114⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xntlxvx.exec:\xntlxvx.exe115⤵
-
\??\c:\dnhfb.exec:\dnhfb.exe116⤵
-
\??\c:\jptbxd.exec:\jptbxd.exe117⤵
-
\??\c:\lhhlxx.exec:\lhhlxx.exe118⤵
-
\??\c:\dfxppl.exec:\dfxppl.exe119⤵
-
\??\c:\rvprjp.exec:\rvprjp.exe120⤵
-
\??\c:\hvhrd.exec:\hvhrd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-