Analysis
-
max time kernel
120s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
25-12-2024 16:09
General
-
Target
7d52ee2dc3a610d6126a4444642d90ca635a9771f40819c3d1a1c4d33ba80046N.exe
-
Size
454KB
-
MD5
0a89748e243f601b1128f7725b4944d0
-
SHA1
12f2e4a1b67e1ce2375f8b866e36c8a49dab3ca1
-
SHA256
7d52ee2dc3a610d6126a4444642d90ca635a9771f40819c3d1a1c4d33ba80046
-
SHA512
63ce7a9b8fa0282cf377a18124ad4604a4c29ed06cf9cb0d4aaa8cbfb9c9d776b7e2cc296612de9f1545b1ee754a9e39745e0664e65f01062f4eb2c680e2a257
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbe1WH:q7Tc2NYHUrAwfMp3CD1WH
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 35 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 49 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7d52ee2dc3a610d6126a4444642d90ca635a9771f40819c3d1a1c4d33ba80046N.exe"C:\Users\Admin\AppData\Local\Temp\7d52ee2dc3a610d6126a4444642d90ca635a9771f40819c3d1a1c4d33ba80046N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjjv.exec:\pdjjv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frffllr.exec:\frffllr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvppj.exec:\jvppj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlflxr.exec:\lxlflxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnntn.exec:\tnnntn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rffrxf.exec:\9rffrxf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbhnn.exec:\tnbhnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rfffxx.exec:\5rfffxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ntnnh.exec:\7ntnnh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7djdd.exec:\7djdd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xllflr.exec:\7xllflr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhntt.exec:\hbhntt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdppp.exec:\pdppp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtntb.exec:\bbtntb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbnnn.exec:\bnbnnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlxffx.exec:\fxlxffx.exe17⤵
- Executes dropped EXE
-
\??\c:\3httnn.exec:\3httnn.exe18⤵
- Executes dropped EXE
-
\??\c:\ddddp.exec:\ddddp.exe19⤵
- Executes dropped EXE
-
\??\c:\xrffllr.exec:\xrffllr.exe20⤵
- Executes dropped EXE
-
\??\c:\jjddj.exec:\jjddj.exe21⤵
- Executes dropped EXE
-
\??\c:\jvdvp.exec:\jvdvp.exe22⤵
- Executes dropped EXE
-
\??\c:\3htbbb.exec:\3htbbb.exe23⤵
- Executes dropped EXE
-
\??\c:\9jpjj.exec:\9jpjj.exe24⤵
- Executes dropped EXE
-
\??\c:\9bbhhh.exec:\9bbhhh.exe25⤵
- Executes dropped EXE
-
\??\c:\ththnt.exec:\ththnt.exe26⤵
- Executes dropped EXE
-
\??\c:\pdvvp.exec:\pdvvp.exe27⤵
- Executes dropped EXE
-
\??\c:\htbbbb.exec:\htbbbb.exe28⤵
- Executes dropped EXE
-
\??\c:\jdjdd.exec:\jdjdd.exe29⤵
- Executes dropped EXE
-
\??\c:\lfrllff.exec:\lfrllff.exe30⤵
- Executes dropped EXE
-
\??\c:\jdvpv.exec:\jdvpv.exe31⤵
- Executes dropped EXE
-
\??\c:\flflrrx.exec:\flflrrx.exe32⤵
- Executes dropped EXE
-
\??\c:\hthttn.exec:\hthttn.exe33⤵
- Executes dropped EXE
-
\??\c:\9pvdv.exec:\9pvdv.exe34⤵
- Executes dropped EXE
-
\??\c:\lffxrlf.exec:\lffxrlf.exe35⤵
- Executes dropped EXE
-
\??\c:\lrxrrrx.exec:\lrxrrrx.exe36⤵
- Executes dropped EXE
-
\??\c:\pdjdv.exec:\pdjdv.exe37⤵
- Executes dropped EXE
-
\??\c:\5dpvd.exec:\5dpvd.exe38⤵
- Executes dropped EXE
-
\??\c:\fxlxxrr.exec:\fxlxxrr.exe39⤵
- Executes dropped EXE
-
\??\c:\bbtbnh.exec:\bbtbnh.exe40⤵
- Executes dropped EXE
-
\??\c:\jvddd.exec:\jvddd.exe41⤵
- Executes dropped EXE
-
\??\c:\pjdpj.exec:\pjdpj.exe42⤵
- Executes dropped EXE
-
\??\c:\lxxrrfx.exec:\lxxrrfx.exe43⤵
- Executes dropped EXE
-
\??\c:\thtbtt.exec:\thtbtt.exe44⤵
- Executes dropped EXE
-
\??\c:\pdjpj.exec:\pdjpj.exe45⤵
- Executes dropped EXE
-
\??\c:\jpdjd.exec:\jpdjd.exe46⤵
- Executes dropped EXE
-
\??\c:\rflfxrx.exec:\rflfxrx.exe47⤵
- Executes dropped EXE
-
\??\c:\bntthb.exec:\bntthb.exe48⤵
- Executes dropped EXE
-
\??\c:\pdjjp.exec:\pdjjp.exe49⤵
- Executes dropped EXE
-
\??\c:\pdjjp.exec:\pdjjp.exe50⤵
- Executes dropped EXE
-
\??\c:\frrllff.exec:\frrllff.exe51⤵
- Executes dropped EXE
-
\??\c:\thtnbt.exec:\thtnbt.exe52⤵
- Executes dropped EXE
-
\??\c:\thtntt.exec:\thtntt.exe53⤵
- Executes dropped EXE
-
\??\c:\jdppp.exec:\jdppp.exe54⤵
- Executes dropped EXE
-
\??\c:\xflfxrl.exec:\xflfxrl.exe55⤵
- Executes dropped EXE
-
\??\c:\hbhtnb.exec:\hbhtnb.exe56⤵
- Executes dropped EXE
-
\??\c:\bhhbtn.exec:\bhhbtn.exe57⤵
- Executes dropped EXE
-
\??\c:\dvjjv.exec:\dvjjv.exe58⤵
- Executes dropped EXE
-
\??\c:\7lfffxx.exec:\7lfffxx.exe59⤵
- Executes dropped EXE
-
\??\c:\bnbntt.exec:\bnbntt.exe60⤵
- Executes dropped EXE
-
\??\c:\1hnhtt.exec:\1hnhtt.exe61⤵
- Executes dropped EXE
-
\??\c:\7vddv.exec:\7vddv.exe62⤵
- Executes dropped EXE
-
\??\c:\3fxxfrr.exec:\3fxxfrr.exe63⤵
- Executes dropped EXE
-
\??\c:\hbhnhn.exec:\hbhnhn.exe64⤵
- Executes dropped EXE
-
\??\c:\tnbbbt.exec:\tnbbbt.exe65⤵
- Executes dropped EXE
-
\??\c:\jvvvv.exec:\jvvvv.exe66⤵
-
\??\c:\jvjpv.exec:\jvjpv.exe67⤵
-
\??\c:\rlxxxrr.exec:\rlxxxrr.exe68⤵
-
\??\c:\thbhbt.exec:\thbhbt.exe69⤵
-
\??\c:\pvjjj.exec:\pvjjj.exe70⤵
-
\??\c:\pdddd.exec:\pdddd.exe71⤵
-
\??\c:\frxrlff.exec:\frxrlff.exe72⤵
-
\??\c:\bnnhbt.exec:\bnnhbt.exe73⤵
- System Location Discovery: System Language Discovery
-
\??\c:\nhnntt.exec:\nhnntt.exe74⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe75⤵
-
\??\c:\rxxxxrl.exec:\rxxxxrl.exe76⤵
-
\??\c:\1xlrlff.exec:\1xlrlff.exe77⤵
-
\??\c:\5hbnnh.exec:\5hbnnh.exe78⤵
-
\??\c:\nhnthh.exec:\nhnthh.exe79⤵
-
\??\c:\dpppj.exec:\dpppj.exe80⤵
-
\??\c:\frfrrll.exec:\frfrrll.exe81⤵
-
\??\c:\lfxrlfx.exec:\lfxrlfx.exe82⤵
-
\??\c:\3tntnh.exec:\3tntnh.exe83⤵
-
\??\c:\3vjpp.exec:\3vjpp.exe84⤵
-
\??\c:\7vjdj.exec:\7vjdj.exe85⤵
-
\??\c:\lrxrrll.exec:\lrxrrll.exe86⤵
-
\??\c:\httntn.exec:\httntn.exe87⤵
-
\??\c:\hthnnn.exec:\hthnnn.exe88⤵
-
\??\c:\vdjvp.exec:\vdjvp.exe89⤵
-
\??\c:\jvvvd.exec:\jvvvd.exe90⤵
-
\??\c:\rfxlrll.exec:\rfxlrll.exe91⤵
-
\??\c:\ntbtnh.exec:\ntbtnh.exe92⤵
-
\??\c:\dpvdp.exec:\dpvdp.exe93⤵
-
\??\c:\dvddd.exec:\dvddd.exe94⤵
-
\??\c:\5rxlrlr.exec:\5rxlrlr.exe95⤵
-
\??\c:\nbhbhh.exec:\nbhbhh.exe96⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe97⤵
-
\??\c:\1vjjj.exec:\1vjjj.exe98⤵
-
\??\c:\rlxfxxf.exec:\rlxfxxf.exe99⤵
-
\??\c:\xlxrrrx.exec:\xlxrrrx.exe100⤵
-
\??\c:\nhtbbt.exec:\nhtbbt.exe101⤵
-
\??\c:\vpddj.exec:\vpddj.exe102⤵
-
\??\c:\dpjdd.exec:\dpjdd.exe103⤵
-
\??\c:\rlrflrx.exec:\rlrflrx.exe104⤵
-
\??\c:\5rrxxxl.exec:\5rrxxxl.exe105⤵
-
\??\c:\1hnthb.exec:\1hnthb.exe106⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe107⤵
-
\??\c:\vvjjv.exec:\vvjjv.exe108⤵
-
\??\c:\9rlxrrx.exec:\9rlxrrx.exe109⤵
-
\??\c:\hthbbt.exec:\hthbbt.exe110⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe111⤵
-
\??\c:\7vdvv.exec:\7vdvv.exe112⤵
-
\??\c:\rxllxxl.exec:\rxllxxl.exe113⤵
-
\??\c:\tbnthh.exec:\tbnthh.exe114⤵
-
\??\c:\nbhhnn.exec:\nbhhnn.exe115⤵
-
\??\c:\jvdpv.exec:\jvdpv.exe116⤵
-
\??\c:\rfxflfl.exec:\rfxflfl.exe117⤵
-
\??\c:\rlfxflf.exec:\rlfxflf.exe118⤵
-
\??\c:\5nttbh.exec:\5nttbh.exe119⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe120⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-