Analysis
-
max time kernel
120s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
25-12-2024 18:58
General
-
Target
75b8cec517b6b471073e3cad11cea785f3bd7a813f8b52fe8ee2b9b1eee027e6N.exe
-
Size
454KB
-
MD5
771da170f23dba886528cc3a03963340
-
SHA1
91bf98d83f4328c2d300059af58cbc33bc2bf164
-
SHA256
75b8cec517b6b471073e3cad11cea785f3bd7a813f8b52fe8ee2b9b1eee027e6
-
SHA512
5383160e325fcab7eb81ad35daac2727cc3eec6c3705d71ac487b97cfea61cf0c11d4d15bb7670457b186d5aa8ea5828b68078166f74b1a9ac13d382068295a3
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeOo:q7Tc2NYHUrAwfMp3CDOo
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 40 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 46 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\75b8cec517b6b471073e3cad11cea785f3bd7a813f8b52fe8ee2b9b1eee027e6N.exe"C:\Users\Admin\AppData\Local\Temp\75b8cec517b6b471073e3cad11cea785f3bd7a813f8b52fe8ee2b9b1eee027e6N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ljfvb.exec:\ljfvb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxvbx.exec:\xxvbx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfhbh.exec:\rfhbh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\brbffv.exec:\brbffv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nlfrph.exec:\nlfrph.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dhtnh.exec:\dhtnh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdllbf.exec:\jdllbf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nvjlh.exec:\nvjlh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdbtvn.exec:\pdbtvn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hlbjlv.exec:\hlbjlv.exe11⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\xrdrj.exec:\xrdrj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pprjrn.exec:\pprjrn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jtfpjt.exec:\jtfpjt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffvvn.exec:\ffvvn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fbtjndt.exec:\fbtjndt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dbjxph.exec:\dbjxph.exe17⤵
- Executes dropped EXE
-
\??\c:\tjnxn.exec:\tjnxn.exe18⤵
- Executes dropped EXE
-
\??\c:\hvpjvh.exec:\hvpjvh.exe19⤵
- Executes dropped EXE
-
\??\c:\flvpjj.exec:\flvpjj.exe20⤵
- Executes dropped EXE
-
\??\c:\lnrbh.exec:\lnrbh.exe21⤵
- Executes dropped EXE
-
\??\c:\drpxlxf.exec:\drpxlxf.exe22⤵
- Executes dropped EXE
-
\??\c:\hlxnld.exec:\hlxnld.exe23⤵
- Executes dropped EXE
-
\??\c:\xjjjxh.exec:\xjjjxh.exe24⤵
- Executes dropped EXE
-
\??\c:\nxlnt.exec:\nxlnt.exe25⤵
- Executes dropped EXE
-
\??\c:\jdhdt.exec:\jdhdt.exe26⤵
- Executes dropped EXE
-
\??\c:\dxbpxlv.exec:\dxbpxlv.exe27⤵
- Executes dropped EXE
-
\??\c:\bfvprlp.exec:\bfvprlp.exe28⤵
- Executes dropped EXE
-
\??\c:\vjfttt.exec:\vjfttt.exe29⤵
- Executes dropped EXE
-
\??\c:\bnbvtn.exec:\bnbvtn.exe30⤵
- Executes dropped EXE
-
\??\c:\trfrp.exec:\trfrp.exe31⤵
- Executes dropped EXE
-
\??\c:\lbjtj.exec:\lbjtj.exe32⤵
- Executes dropped EXE
-
\??\c:\pdjrthv.exec:\pdjrthv.exe33⤵
- Executes dropped EXE
-
\??\c:\bjxrhlp.exec:\bjxrhlp.exe34⤵
- Executes dropped EXE
-
\??\c:\vthxlj.exec:\vthxlj.exe35⤵
- Executes dropped EXE
-
\??\c:\hhxfjr.exec:\hhxfjr.exe36⤵
- Executes dropped EXE
-
\??\c:\brxjvp.exec:\brxjvp.exe37⤵
- Executes dropped EXE
-
\??\c:\bnfrfhv.exec:\bnfrfhv.exe38⤵
- Executes dropped EXE
-
\??\c:\tnxtld.exec:\tnxtld.exe39⤵
- Executes dropped EXE
-
\??\c:\rptrf.exec:\rptrf.exe40⤵
- Executes dropped EXE
-
\??\c:\nbtdh.exec:\nbtdh.exe41⤵
- Executes dropped EXE
-
\??\c:\tvbrfj.exec:\tvbrfj.exe42⤵
- Executes dropped EXE
-
\??\c:\nbjnvr.exec:\nbjnvr.exe43⤵
- Executes dropped EXE
-
\??\c:\fpnfr.exec:\fpnfr.exe44⤵
- Executes dropped EXE
-
\??\c:\xtxxp.exec:\xtxxp.exe45⤵
- Executes dropped EXE
-
\??\c:\xdltrbj.exec:\xdltrbj.exe46⤵
- Executes dropped EXE
-
\??\c:\dpfpx.exec:\dpfpx.exe47⤵
- Executes dropped EXE
-
\??\c:\bbdbxb.exec:\bbdbxb.exe48⤵
- Executes dropped EXE
-
\??\c:\dtdpl.exec:\dtdpl.exe49⤵
- Executes dropped EXE
-
\??\c:\prjnfvd.exec:\prjnfvd.exe50⤵
- Executes dropped EXE
-
\??\c:\hvxjpd.exec:\hvxjpd.exe51⤵
- Executes dropped EXE
-
\??\c:\ptdhbr.exec:\ptdhbr.exe52⤵
- Executes dropped EXE
-
\??\c:\djfjfx.exec:\djfjfx.exe53⤵
- Executes dropped EXE
-
\??\c:\bjhrdhb.exec:\bjhrdhb.exe54⤵
- Executes dropped EXE
-
\??\c:\jnfxp.exec:\jnfxp.exe55⤵
- Executes dropped EXE
-
\??\c:\jlfjd.exec:\jlfjd.exe56⤵
- Executes dropped EXE
-
\??\c:\nvdpttv.exec:\nvdpttv.exe57⤵
- Executes dropped EXE
-
\??\c:\vjbvvl.exec:\vjbvvl.exe58⤵
- Executes dropped EXE
-
\??\c:\blpprx.exec:\blpprx.exe59⤵
- Executes dropped EXE
-
\??\c:\tbblx.exec:\tbblx.exe60⤵
- Executes dropped EXE
-
\??\c:\lxrdx.exec:\lxrdx.exe61⤵
- Executes dropped EXE
-
\??\c:\hjdjtbp.exec:\hjdjtbp.exe62⤵
- Executes dropped EXE
-
\??\c:\jxfpj.exec:\jxfpj.exe63⤵
- Executes dropped EXE
-
\??\c:\lvhjnb.exec:\lvhjnb.exe64⤵
- Executes dropped EXE
-
\??\c:\phlddv.exec:\phlddv.exe65⤵
- Executes dropped EXE
-
\??\c:\vtlprj.exec:\vtlprj.exe66⤵
-
\??\c:\hhhbf.exec:\hhhbf.exe67⤵
-
\??\c:\hthlv.exec:\hthlv.exe68⤵
-
\??\c:\lxrxbp.exec:\lxrxbp.exe69⤵
-
\??\c:\rfdvvb.exec:\rfdvvb.exe70⤵
-
\??\c:\dfptt.exec:\dfptt.exe71⤵
-
\??\c:\bxdnnn.exec:\bxdnnn.exe72⤵
-
\??\c:\jjtffr.exec:\jjtffr.exe73⤵
-
\??\c:\xjhbn.exec:\xjhbn.exe74⤵
-
\??\c:\fbnnjd.exec:\fbnnjd.exe75⤵
-
\??\c:\fnhjp.exec:\fnhjp.exe76⤵
-
\??\c:\njbhxr.exec:\njbhxr.exe77⤵
-
\??\c:\dblrb.exec:\dblrb.exe78⤵
-
\??\c:\lxfrjx.exec:\lxfrjx.exe79⤵
-
\??\c:\ptnhxnd.exec:\ptnhxnd.exe80⤵
-
\??\c:\rtlpl.exec:\rtlpl.exe81⤵
- System Location Discovery: System Language Discovery
-
\??\c:\bnblr.exec:\bnblr.exe82⤵
-
\??\c:\lhbtxl.exec:\lhbtxl.exe83⤵
-
\??\c:\jbrxxbl.exec:\jbrxxbl.exe84⤵
-
\??\c:\lntdfbt.exec:\lntdfbt.exe85⤵
-
\??\c:\pfnprh.exec:\pfnprh.exe86⤵
-
\??\c:\htpxnnv.exec:\htpxnnv.exe87⤵
-
\??\c:\vrbrln.exec:\vrbrln.exe88⤵
-
\??\c:\jbfbjl.exec:\jbfbjl.exe89⤵
-
\??\c:\jprffrt.exec:\jprffrt.exe90⤵
-
\??\c:\lhjfr.exec:\lhjfr.exe91⤵
-
\??\c:\pjnthl.exec:\pjnthl.exe92⤵
-
\??\c:\nrjtp.exec:\nrjtp.exe93⤵
-
\??\c:\dpjdbh.exec:\dpjdbh.exe94⤵
-
\??\c:\bhbbf.exec:\bhbbf.exe95⤵
-
\??\c:\xhnxj.exec:\xhnxj.exe96⤵
-
\??\c:\xbblrr.exec:\xbblrr.exe97⤵
-
\??\c:\rpxfpnn.exec:\rpxfpnn.exe98⤵
-
\??\c:\rrdxj.exec:\rrdxj.exe99⤵
-
\??\c:\rbfbdfx.exec:\rbfbdfx.exe100⤵
-
\??\c:\ttjldtf.exec:\ttjldtf.exe101⤵
-
\??\c:\ltljvl.exec:\ltljvl.exe102⤵
-
\??\c:\nvjtxbt.exec:\nvjtxbt.exe103⤵
-
\??\c:\lptpn.exec:\lptpn.exe104⤵
-
\??\c:\bhjtrl.exec:\bhjtrl.exe105⤵
-
\??\c:\jnbpjt.exec:\jnbpjt.exe106⤵
-
\??\c:\pxtdhn.exec:\pxtdhn.exe107⤵
-
\??\c:\hfjrjl.exec:\hfjrjl.exe108⤵
-
\??\c:\xljndpn.exec:\xljndpn.exe109⤵
-
\??\c:\bxjfdvj.exec:\bxjfdvj.exe110⤵
-
\??\c:\fttjhn.exec:\fttjhn.exe111⤵
-
\??\c:\pnlbhn.exec:\pnlbhn.exe112⤵
-
\??\c:\htvpr.exec:\htvpr.exe113⤵
-
\??\c:\fpfxf.exec:\fpfxf.exe114⤵
-
\??\c:\rrnjppd.exec:\rrnjppd.exe115⤵
-
\??\c:\nbnfvpb.exec:\nbnfvpb.exe116⤵
-
\??\c:\jjxdvtn.exec:\jjxdvtn.exe117⤵
-
\??\c:\dhvnrl.exec:\dhvnrl.exe118⤵
-
\??\c:\jpffb.exec:\jpffb.exe119⤵
-
\??\c:\vlxvbj.exec:\vlxvbj.exe120⤵
-
\??\c:\tntljj.exec:\tntljj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-