Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
25-12-2024 20:42
General
-
Target
46f370f3213bba71920902e4de5b4391392cd1f6187d1daee70d27c53736dccaN.exe
-
Size
454KB
-
MD5
cb541ec2a28989289fef87d3782263b0
-
SHA1
c28992dd0262ac4a09a79e47b309018a76a84fb8
-
SHA256
46f370f3213bba71920902e4de5b4391392cd1f6187d1daee70d27c53736dcca
-
SHA512
abd16473ae59adfc9387c53f1f9a8a9005e29ca0f9b41a5bc16dc090c45be84355b92ae36cc68ac961499e88ba3f68f2281f3c9e7f19afdf6340affaac32897b
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeT:q7Tc2NYHUrAwfMp3CDT
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 39 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 39 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\46f370f3213bba71920902e4de5b4391392cd1f6187d1daee70d27c53736dccaN.exe"C:\Users\Admin\AppData\Local\Temp\46f370f3213bba71920902e4de5b4391392cd1f6187d1daee70d27c53736dccaN.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9vpjd.exec:\9vpjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffrrfx.exec:\fffrrfx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvjj.exec:\dvvjj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvjd.exec:\pvvjd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxlrlr.exec:\lxxlrlr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbnnh.exec:\htbnnh.exe7⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\bbttnb.exec:\bbttnb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpjj.exec:\vdpjj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbnt.exec:\bbtbnt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrxllf.exec:\rrrxllf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hhthn.exec:\1hhthn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfrxxf.exec:\rxfrxxf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbthh.exec:\hnbthh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrfrfr.exec:\ffrfrfr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nhhhn.exec:\3nhhhn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xxlxlx.exec:\5xxlxlx.exe17⤵
- Executes dropped EXE
-
\??\c:\hhtbnn.exec:\hhtbnn.exe18⤵
- Executes dropped EXE
-
\??\c:\rrxlxfr.exec:\rrxlxfr.exe19⤵
- Executes dropped EXE
-
\??\c:\bnbhhb.exec:\bnbhhb.exe20⤵
- Executes dropped EXE
-
\??\c:\ffrrffl.exec:\ffrrffl.exe21⤵
- Executes dropped EXE
-
\??\c:\tnbntb.exec:\tnbntb.exe22⤵
- Executes dropped EXE
-
\??\c:\5jjvd.exec:\5jjvd.exe23⤵
- Executes dropped EXE
-
\??\c:\bttthh.exec:\bttthh.exe24⤵
- Executes dropped EXE
-
\??\c:\bbbnbh.exec:\bbbnbh.exe25⤵
- Executes dropped EXE
-
\??\c:\djvdd.exec:\djvdd.exe26⤵
- Executes dropped EXE
-
\??\c:\5fxrlrl.exec:\5fxrlrl.exe27⤵
- Executes dropped EXE
-
\??\c:\dpjjp.exec:\dpjjp.exe28⤵
- Executes dropped EXE
-
\??\c:\7thhhn.exec:\7thhhn.exe29⤵
- Executes dropped EXE
-
\??\c:\1tnbnn.exec:\1tnbnn.exe30⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\lflxlxl.exec:\lflxlxl.exe31⤵
- Executes dropped EXE
-
\??\c:\9nbhnn.exec:\9nbhnn.exe32⤵
- Executes dropped EXE
-
\??\c:\lfrlflx.exec:\lfrlflx.exe33⤵
- Executes dropped EXE
-
\??\c:\3bhnbt.exec:\3bhnbt.exe34⤵
- Executes dropped EXE
-
\??\c:\3jjpd.exec:\3jjpd.exe35⤵
- Executes dropped EXE
-
\??\c:\lfxfrfx.exec:\lfxfrfx.exe36⤵
- Executes dropped EXE
-
\??\c:\hbthnt.exec:\hbthnt.exe37⤵
- Executes dropped EXE
-
\??\c:\1djjp.exec:\1djjp.exe38⤵
- Executes dropped EXE
-
\??\c:\1rflxlf.exec:\1rflxlf.exe39⤵
- Executes dropped EXE
-
\??\c:\fxlrxfl.exec:\fxlrxfl.exe40⤵
- Executes dropped EXE
-
\??\c:\bnhnhn.exec:\bnhnhn.exe41⤵
- Executes dropped EXE
-
\??\c:\ddpvd.exec:\ddpvd.exe42⤵
- Executes dropped EXE
-
\??\c:\xrflrxl.exec:\xrflrxl.exe43⤵
- Executes dropped EXE
-
\??\c:\hbbnbh.exec:\hbbnbh.exe44⤵
- Executes dropped EXE
-
\??\c:\ppjjv.exec:\ppjjv.exe45⤵
- Executes dropped EXE
-
\??\c:\dvvdp.exec:\dvvdp.exe46⤵
- Executes dropped EXE
-
\??\c:\ffrfrrl.exec:\ffrfrrl.exe47⤵
- Executes dropped EXE
-
\??\c:\5hbbnt.exec:\5hbbnt.exe48⤵
- Executes dropped EXE
-
\??\c:\vppvd.exec:\vppvd.exe49⤵
- Executes dropped EXE
-
\??\c:\vpjvd.exec:\vpjvd.exe50⤵
- Executes dropped EXE
-
\??\c:\lfxxllx.exec:\lfxxllx.exe51⤵
- Executes dropped EXE
-
\??\c:\1hhhbb.exec:\1hhhbb.exe52⤵
- Executes dropped EXE
-
\??\c:\jjvdp.exec:\jjvdp.exe53⤵
- Executes dropped EXE
-
\??\c:\1xxlxlf.exec:\1xxlxlf.exe54⤵
- Executes dropped EXE
-
\??\c:\btnthn.exec:\btnthn.exe55⤵
- Executes dropped EXE
-
\??\c:\jjdpd.exec:\jjdpd.exe56⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe57⤵
- Executes dropped EXE
-
\??\c:\lfxrlxx.exec:\lfxrlxx.exe58⤵
- Executes dropped EXE
-
\??\c:\tbntbb.exec:\tbntbb.exe59⤵
- Executes dropped EXE
-
\??\c:\5vpvp.exec:\5vpvp.exe60⤵
- Executes dropped EXE
-
\??\c:\xrlxrrx.exec:\xrlxrrx.exe61⤵
- Executes dropped EXE
-
\??\c:\nbnbhn.exec:\nbnbhn.exe62⤵
- Executes dropped EXE
-
\??\c:\hnbnnn.exec:\hnbnnn.exe63⤵
- Executes dropped EXE
-
\??\c:\9jppv.exec:\9jppv.exe64⤵
- Executes dropped EXE
-
\??\c:\5lfllfl.exec:\5lfllfl.exe65⤵
- Executes dropped EXE
-
\??\c:\tnbhbh.exec:\tnbhbh.exe66⤵
-
\??\c:\jjdjp.exec:\jjdjp.exe67⤵
-
\??\c:\pdpvd.exec:\pdpvd.exe68⤵
-
\??\c:\xrfllrf.exec:\xrfllrf.exe69⤵
-
\??\c:\nnbhnt.exec:\nnbhnt.exe70⤵
-
\??\c:\1pjvv.exec:\1pjvv.exe71⤵
-
\??\c:\9lxlrrx.exec:\9lxlrrx.exe72⤵
-
\??\c:\1thhhn.exec:\1thhhn.exe73⤵
-
\??\c:\ppjvd.exec:\ppjvd.exe74⤵
-
\??\c:\3lfrxfr.exec:\3lfrxfr.exe75⤵
-
\??\c:\hbnntt.exec:\hbnntt.exe76⤵
-
\??\c:\3jdjp.exec:\3jdjp.exe77⤵
-
\??\c:\rlxxxfx.exec:\rlxxxfx.exe78⤵
-
\??\c:\5tthht.exec:\5tthht.exe79⤵
-
\??\c:\5htnbb.exec:\5htnbb.exe80⤵
-
\??\c:\dddjd.exec:\dddjd.exe81⤵
-
\??\c:\rlfrxfl.exec:\rlfrxfl.exe82⤵
-
\??\c:\3bbhnb.exec:\3bbhnb.exe83⤵
-
\??\c:\hnnthn.exec:\hnnthn.exe84⤵
-
\??\c:\jjdpd.exec:\jjdpd.exe85⤵
-
\??\c:\rlxfffr.exec:\rlxfffr.exe86⤵
-
\??\c:\nhttnh.exec:\nhttnh.exe87⤵
-
\??\c:\vdddj.exec:\vdddj.exe88⤵
-
\??\c:\rrflxrf.exec:\rrflxrf.exe89⤵
-
\??\c:\1rllrlf.exec:\1rllrlf.exe90⤵
-
\??\c:\1tnthn.exec:\1tnthn.exe91⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe92⤵
-
\??\c:\7rrxxfl.exec:\7rrxxfl.exe93⤵
-
\??\c:\9rlxrrx.exec:\9rlxrrx.exe94⤵
-
\??\c:\pjdpj.exec:\pjdpj.exe95⤵
-
\??\c:\jjdjp.exec:\jjdjp.exe96⤵
-
\??\c:\1rlrxrf.exec:\1rlrxrf.exe97⤵
-
\??\c:\nnntnb.exec:\nnntnb.exe98⤵
-
\??\c:\pvvjd.exec:\pvvjd.exe99⤵
-
\??\c:\3flxrlx.exec:\3flxrlx.exe100⤵
-
\??\c:\5thhtb.exec:\5thhtb.exe101⤵
-
\??\c:\nnnbht.exec:\nnnbht.exe102⤵
-
\??\c:\pjdjd.exec:\pjdjd.exe103⤵
-
\??\c:\1rflrrx.exec:\1rflrrx.exe104⤵
-
\??\c:\xfrflfr.exec:\xfrflfr.exe105⤵
-
\??\c:\5nnttb.exec:\5nnttb.exe106⤵
-
\??\c:\7vpvj.exec:\7vpvj.exe107⤵
-
\??\c:\rllrxfx.exec:\rllrxfx.exe108⤵
-
\??\c:\tbthnt.exec:\tbthnt.exe109⤵
-
\??\c:\7jjvd.exec:\7jjvd.exe110⤵
-
\??\c:\rlflflr.exec:\rlflflr.exe111⤵
-
\??\c:\bhbnbb.exec:\bhbnbb.exe112⤵
-
\??\c:\hnbhnn.exec:\hnbhnn.exe113⤵
-
\??\c:\5ddjp.exec:\5ddjp.exe114⤵
-
\??\c:\1llxflr.exec:\1llxflr.exe115⤵
-
\??\c:\9nbhnt.exec:\9nbhnt.exe116⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe117⤵
-
\??\c:\9ppjv.exec:\9ppjv.exe118⤵
-
\??\c:\ffxlrfx.exec:\ffxlrfx.exe119⤵
-
\??\c:\tnhnbb.exec:\tnhnbb.exe120⤵
-
\??\c:\5tnbnn.exec:\5tnbnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-