Analysis
-
max time kernel
120s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
25-12-2024 18:18
General
-
Target
39fa248de863162216428501232d39b99623a08f6eb16f8fa7909f443f774360N.exe
-
Size
453KB
-
MD5
98cb0a158548c7cda262ffc37792cd90
-
SHA1
f141c3a389cfe7c6abea200a93c8ea40d61e8d04
-
SHA256
39fa248de863162216428501232d39b99623a08f6eb16f8fa7909f443f774360
-
SHA512
eb95fa137179f219a1771eccf61d1a30f87a064757eff8ff0bc519584708894bfb2055ddcec06655a7c9bcf547f9fec58c9a0983c6ab0a80dc071d4ecd6f9624
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeV:q7Tc2NYHUrAwfMp3CDV
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 41 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 43 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\39fa248de863162216428501232d39b99623a08f6eb16f8fa7909f443f774360N.exe"C:\Users\Admin\AppData\Local\Temp\39fa248de863162216428501232d39b99623a08f6eb16f8fa7909f443f774360N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bbthth.exec:\bbthth.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nhnhh.exec:\9nhnhh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpdd.exec:\jvpdd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrfxlx.exec:\ffrfxlx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bntnn.exec:\9bntnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vjjp.exec:\5vjjp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nhthh.exec:\3nhthh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxxffl.exec:\rfxxffl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntthn.exec:\bntthn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxllxfr.exec:\xxllxfr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhtnt.exec:\bhhtnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxflxl.exec:\fxxflxl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bntht.exec:\9bntht.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xxfllx.exec:\7xxfllx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btntbh.exec:\btntbh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5fxlrfr.exec:\5fxlrfr.exe17⤵
- Executes dropped EXE
-
\??\c:\3nbhbb.exec:\3nbhbb.exe18⤵
- Executes dropped EXE
-
\??\c:\nhbnbh.exec:\nhbnbh.exe19⤵
- Executes dropped EXE
-
\??\c:\jdddj.exec:\jdddj.exe20⤵
- Executes dropped EXE
-
\??\c:\bbbbtb.exec:\bbbbtb.exe21⤵
- Executes dropped EXE
-
\??\c:\vdvdv.exec:\vdvdv.exe22⤵
- Executes dropped EXE
-
\??\c:\bhbhhn.exec:\bhbhhn.exe23⤵
- Executes dropped EXE
-
\??\c:\5nhhtb.exec:\5nhhtb.exe24⤵
- Executes dropped EXE
-
\??\c:\frlrxfx.exec:\frlrxfx.exe25⤵
- Executes dropped EXE
-
\??\c:\hnbnhn.exec:\hnbnhn.exe26⤵
- Executes dropped EXE
-
\??\c:\llffrxr.exec:\llffrxr.exe27⤵
- Executes dropped EXE
-
\??\c:\ntnhtn.exec:\ntnhtn.exe28⤵
- Executes dropped EXE
-
\??\c:\fxrxlxr.exec:\fxrxlxr.exe29⤵
- Executes dropped EXE
-
\??\c:\hnnnhh.exec:\hnnnhh.exe30⤵
- Executes dropped EXE
-
\??\c:\llrfrxl.exec:\llrfrxl.exe31⤵
- Executes dropped EXE
-
\??\c:\nnhnbh.exec:\nnhnbh.exe32⤵
- Executes dropped EXE
-
\??\c:\5xlrxlx.exec:\5xlrxlx.exe33⤵
- Executes dropped EXE
-
\??\c:\9tnbnt.exec:\9tnbnt.exe34⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe35⤵
- Executes dropped EXE
-
\??\c:\3lxfllr.exec:\3lxfllr.exe36⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\tnhnth.exec:\tnhnth.exe37⤵
- Executes dropped EXE
-
\??\c:\9jdpv.exec:\9jdpv.exe38⤵
- Executes dropped EXE
-
\??\c:\jvppv.exec:\jvppv.exe39⤵
- Executes dropped EXE
-
\??\c:\rflxflx.exec:\rflxflx.exe40⤵
- Executes dropped EXE
-
\??\c:\bhnhhb.exec:\bhnhhb.exe41⤵
- Executes dropped EXE
-
\??\c:\dvpvd.exec:\dvpvd.exe42⤵
- Executes dropped EXE
-
\??\c:\flffrrx.exec:\flffrrx.exe43⤵
- Executes dropped EXE
-
\??\c:\5ntnhh.exec:\5ntnhh.exe44⤵
- Executes dropped EXE
-
\??\c:\thbbhb.exec:\thbbhb.exe45⤵
- Executes dropped EXE
-
\??\c:\ddpdv.exec:\ddpdv.exe46⤵
- Executes dropped EXE
-
\??\c:\3xlrfrf.exec:\3xlrfrf.exe47⤵
- Executes dropped EXE
-
\??\c:\tnhthn.exec:\tnhthn.exe48⤵
- Executes dropped EXE
-
\??\c:\5nhnbh.exec:\5nhnbh.exe49⤵
- Executes dropped EXE
-
\??\c:\dddpj.exec:\dddpj.exe50⤵
- Executes dropped EXE
-
\??\c:\lfxfrfr.exec:\lfxfrfr.exe51⤵
- Executes dropped EXE
-
\??\c:\bthtbb.exec:\bthtbb.exe52⤵
- Executes dropped EXE
-
\??\c:\vvjpd.exec:\vvjpd.exe53⤵
- Executes dropped EXE
-
\??\c:\7jppv.exec:\7jppv.exe54⤵
- Executes dropped EXE
-
\??\c:\frrxrrf.exec:\frrxrrf.exe55⤵
- Executes dropped EXE
-
\??\c:\ntnthh.exec:\ntnthh.exe56⤵
- Executes dropped EXE
-
\??\c:\jdvvd.exec:\jdvvd.exe57⤵
- Executes dropped EXE
-
\??\c:\xxffrfl.exec:\xxffrfl.exe58⤵
- Executes dropped EXE
-
\??\c:\hnhtnn.exec:\hnhtnn.exe59⤵
- Executes dropped EXE
-
\??\c:\bbthnb.exec:\bbthnb.exe60⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe61⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\9frfxfl.exec:\9frfxfl.exe62⤵
- Executes dropped EXE
-
\??\c:\tnbhtt.exec:\tnbhtt.exe63⤵
- Executes dropped EXE
-
\??\c:\nthnbb.exec:\nthnbb.exe64⤵
- Executes dropped EXE
-
\??\c:\3dpvj.exec:\3dpvj.exe65⤵
- Executes dropped EXE
-
\??\c:\7fllflr.exec:\7fllflr.exe66⤵
-
\??\c:\nnbhtb.exec:\nnbhtb.exe67⤵
-
\??\c:\nbbttt.exec:\nbbttt.exe68⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pjvpj.exec:\pjvpj.exe69⤵
-
\??\c:\fxxrlxl.exec:\fxxrlxl.exe70⤵
-
\??\c:\3btnnb.exec:\3btnnb.exe71⤵
-
\??\c:\1ttnnn.exec:\1ttnnn.exe72⤵
-
\??\c:\ppdjp.exec:\ppdjp.exe73⤵
-
\??\c:\xrlrlrl.exec:\xrlrlrl.exe74⤵
-
\??\c:\lflrlfr.exec:\lflrlfr.exe75⤵
-
\??\c:\nntbnb.exec:\nntbnb.exe76⤵
-
\??\c:\jpdvp.exec:\jpdvp.exe77⤵
-
\??\c:\9vvdj.exec:\9vvdj.exe78⤵
-
\??\c:\9rxfrxf.exec:\9rxfrxf.exe79⤵
-
\??\c:\nhhtbh.exec:\nhhtbh.exe80⤵
-
\??\c:\5dvjp.exec:\5dvjp.exe81⤵
-
\??\c:\9lxlffr.exec:\9lxlffr.exe82⤵
-
\??\c:\nhnbnt.exec:\nhnbnt.exe83⤵
-
\??\c:\nnhnhn.exec:\nnhnhn.exe84⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe85⤵
-
\??\c:\rrlrlrf.exec:\rrlrlrf.exe86⤵
- System Location Discovery: System Language Discovery
-
\??\c:\thhnnn.exec:\thhnnn.exe87⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe88⤵
-
\??\c:\5pdjj.exec:\5pdjj.exe89⤵
-
\??\c:\llffxfx.exec:\llffxfx.exe90⤵
-
\??\c:\nhhbtb.exec:\nhhbtb.exe91⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe92⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe93⤵
-
\??\c:\lrrrlrl.exec:\lrrrlrl.exe94⤵
-
\??\c:\btnthh.exec:\btnthh.exe95⤵
-
\??\c:\bhbhbb.exec:\bhbhbb.exe96⤵
-
\??\c:\3jjvv.exec:\3jjvv.exe97⤵
-
\??\c:\fxrlflf.exec:\fxrlflf.exe98⤵
-
\??\c:\1bthth.exec:\1bthth.exe99⤵
-
\??\c:\hbthtb.exec:\hbthtb.exe100⤵
-
\??\c:\pvvpv.exec:\pvvpv.exe101⤵
-
\??\c:\xrlflxl.exec:\xrlflxl.exe102⤵
-
\??\c:\hbbbtt.exec:\hbbbtt.exe103⤵
-
\??\c:\nhhhtb.exec:\nhhhtb.exe104⤵
-
\??\c:\ddpvp.exec:\ddpvp.exe105⤵
-
\??\c:\rrrxllx.exec:\rrrxllx.exe106⤵
-
\??\c:\3ttbnt.exec:\3ttbnt.exe107⤵
-
\??\c:\bbthbb.exec:\bbthbb.exe108⤵
-
\??\c:\vvvdj.exec:\vvvdj.exe109⤵
-
\??\c:\fxlxrrl.exec:\fxlxrrl.exe110⤵
-
\??\c:\ttnbtb.exec:\ttnbtb.exe111⤵
-
\??\c:\pdddp.exec:\pdddp.exe112⤵
-
\??\c:\lfxfxxr.exec:\lfxfxxr.exe113⤵
-
\??\c:\9hbnbh.exec:\9hbnbh.exe114⤵
-
\??\c:\tttbnn.exec:\tttbnn.exe115⤵
-
\??\c:\vvvjj.exec:\vvvjj.exe116⤵
-
\??\c:\flrfrrf.exec:\flrfrrf.exe117⤵
-
\??\c:\rrfrflx.exec:\rrfrflx.exe118⤵
-
\??\c:\5nthth.exec:\5nthth.exe119⤵
-
\??\c:\ppdjj.exec:\ppdjj.exe120⤵
-
\??\c:\3lxxxlx.exec:\3lxxxlx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-