Analysis
-
max time kernel
120s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
26-12-2024 01:18
General
-
Target
9b2dca201b20107f2263ef202815d8f0d1a9091b1fcf28d8507965b08a131673.exe
-
Size
454KB
-
MD5
56e75b960fa28cf112e4ec4af67256ac
-
SHA1
8d83c919a3339465ccc53732b176bfc44b3983c9
-
SHA256
9b2dca201b20107f2263ef202815d8f0d1a9091b1fcf28d8507965b08a131673
-
SHA512
190c83660c7de82c2123ce1242a06f70687e721ae09c550d744ac8f87df7d7fbe24615d14f1c8c93d721c40a17b65cd029172faec7545ecedb078ab8e3c4a6e3
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeg:q7Tc2NYHUrAwfMp3CDg
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 37 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 53 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9b2dca201b20107f2263ef202815d8f0d1a9091b1fcf28d8507965b08a131673.exe"C:\Users\Admin\AppData\Local\Temp\9b2dca201b20107f2263ef202815d8f0d1a9091b1fcf28d8507965b08a131673.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tdlhf.exec:\tdlhf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ldfdp.exec:\ldfdp.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\fdhjd.exec:\fdhjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvxbnx.exec:\vvxbnx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ftpbtx.exec:\ftpbtx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllxp.exec:\xllxp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dtbbxnn.exec:\dtbbxnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\trjlhv.exec:\trjlhv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pxhlv.exec:\pxhlv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pntdh.exec:\pntdh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvjpbn.exec:\dpvjpbn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbfjfd.exec:\hbfjfd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vtrhp.exec:\vtrhp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jlttd.exec:\jlttd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pphlpn.exec:\pphlpn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jnrfbh.exec:\jnrfbh.exe17⤵
- Executes dropped EXE
-
\??\c:\nxdxrl.exec:\nxdxrl.exe18⤵
- Executes dropped EXE
-
\??\c:\rfbft.exec:\rfbft.exe19⤵
- Executes dropped EXE
-
\??\c:\fhhrxjd.exec:\fhhrxjd.exe20⤵
- Executes dropped EXE
-
\??\c:\lpnpj.exec:\lpnpj.exe21⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\frvfffv.exec:\frvfffv.exe22⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\plfvnhl.exec:\plfvnhl.exe23⤵
- Executes dropped EXE
-
\??\c:\xjdxv.exec:\xjdxv.exe24⤵
- Executes dropped EXE
-
\??\c:\hhjbf.exec:\hhjbf.exe25⤵
- Executes dropped EXE
-
\??\c:\plhtpx.exec:\plhtpx.exe26⤵
- Executes dropped EXE
-
\??\c:\vpptfnd.exec:\vpptfnd.exe27⤵
- Executes dropped EXE
-
\??\c:\trjnflt.exec:\trjnflt.exe28⤵
- Executes dropped EXE
-
\??\c:\dbddxp.exec:\dbddxp.exe29⤵
- Executes dropped EXE
-
\??\c:\hbdlbhl.exec:\hbdlbhl.exe30⤵
- Executes dropped EXE
-
\??\c:\plltn.exec:\plltn.exe31⤵
- Executes dropped EXE
-
\??\c:\hrdtdnd.exec:\hrdtdnd.exe32⤵
- Executes dropped EXE
-
\??\c:\dlxfr.exec:\dlxfr.exe33⤵
- Executes dropped EXE
-
\??\c:\vfrxbb.exec:\vfrxbb.exe34⤵
- Executes dropped EXE
-
\??\c:\fnvhh.exec:\fnvhh.exe35⤵
- Executes dropped EXE
-
\??\c:\bndhbp.exec:\bndhbp.exe36⤵
- Executes dropped EXE
-
\??\c:\nfthvbd.exec:\nfthvbd.exe37⤵
- Executes dropped EXE
-
\??\c:\hjxxlxt.exec:\hjxxlxt.exe38⤵
- Executes dropped EXE
-
\??\c:\bvbjb.exec:\bvbjb.exe39⤵
- Executes dropped EXE
-
\??\c:\lnrvfv.exec:\lnrvfv.exe40⤵
- Executes dropped EXE
-
\??\c:\njvxhd.exec:\njvxhd.exe41⤵
- Executes dropped EXE
-
\??\c:\pxbnj.exec:\pxbnj.exe42⤵
- Executes dropped EXE
-
\??\c:\dxbxrlt.exec:\dxbxrlt.exe43⤵
- Executes dropped EXE
-
\??\c:\pbntjt.exec:\pbntjt.exe44⤵
- Executes dropped EXE
-
\??\c:\tplpfnv.exec:\tplpfnv.exe45⤵
- Executes dropped EXE
-
\??\c:\fjxpjl.exec:\fjxpjl.exe46⤵
- Executes dropped EXE
-
\??\c:\hrbxlv.exec:\hrbxlv.exe47⤵
- Executes dropped EXE
-
\??\c:\flxjvjd.exec:\flxjvjd.exe48⤵
- Executes dropped EXE
-
\??\c:\dfpln.exec:\dfpln.exe49⤵
- Executes dropped EXE
-
\??\c:\jdpvrx.exec:\jdpvrx.exe50⤵
- Executes dropped EXE
-
\??\c:\ddbjflx.exec:\ddbjflx.exe51⤵
- Executes dropped EXE
-
\??\c:\fvvxttt.exec:\fvvxttt.exe52⤵
- Executes dropped EXE
-
\??\c:\xpfpl.exec:\xpfpl.exe53⤵
- Executes dropped EXE
-
\??\c:\rrbthj.exec:\rrbthj.exe54⤵
- Executes dropped EXE
-
\??\c:\tbpnp.exec:\tbpnp.exe55⤵
- Executes dropped EXE
-
\??\c:\nbhbpxf.exec:\nbhbpxf.exe56⤵
- Executes dropped EXE
-
\??\c:\xvbdvv.exec:\xvbdvv.exe57⤵
- Executes dropped EXE
-
\??\c:\bdxbp.exec:\bdxbp.exe58⤵
- Executes dropped EXE
-
\??\c:\pltjtn.exec:\pltjtn.exe59⤵
- Executes dropped EXE
-
\??\c:\dpbnrxv.exec:\dpbnrxv.exe60⤵
- Executes dropped EXE
-
\??\c:\tlhlp.exec:\tlhlp.exe61⤵
- Executes dropped EXE
-
\??\c:\tpftp.exec:\tpftp.exe62⤵
- Executes dropped EXE
-
\??\c:\nftrj.exec:\nftrj.exe63⤵
- Executes dropped EXE
-
\??\c:\vtxnnpj.exec:\vtxnnpj.exe64⤵
- Executes dropped EXE
-
\??\c:\xxtnfb.exec:\xxtnfb.exe65⤵
- Executes dropped EXE
-
\??\c:\fbrnpr.exec:\fbrnpr.exe66⤵
-
\??\c:\rxtfjlj.exec:\rxtfjlj.exe67⤵
-
\??\c:\njfvl.exec:\njfvl.exe68⤵
-
\??\c:\thtbxr.exec:\thtbxr.exe69⤵
-
\??\c:\pljljl.exec:\pljljl.exe70⤵
- System Location Discovery: System Language Discovery
-
\??\c:\llhflh.exec:\llhflh.exe71⤵
-
\??\c:\dpdrlf.exec:\dpdrlf.exe72⤵
-
\??\c:\hvjfjn.exec:\hvjfjn.exe73⤵
-
\??\c:\xbnrhn.exec:\xbnrhn.exe74⤵
-
\??\c:\nfxlld.exec:\nfxlld.exe75⤵
-
\??\c:\httphft.exec:\httphft.exe76⤵
-
\??\c:\nplxpn.exec:\nplxpn.exe77⤵
-
\??\c:\dnnftf.exec:\dnnftf.exe78⤵
-
\??\c:\hxfjn.exec:\hxfjn.exe79⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hvtdffj.exec:\hvtdffj.exe80⤵
-
\??\c:\jdhdvll.exec:\jdhdvll.exe81⤵
-
\??\c:\nftptbn.exec:\nftptbn.exe82⤵
-
\??\c:\rplbxr.exec:\rplbxr.exe83⤵
-
\??\c:\lhrhn.exec:\lhrhn.exe84⤵
-
\??\c:\vbrntfp.exec:\vbrntfp.exe85⤵
-
\??\c:\njvprhf.exec:\njvprhf.exe86⤵
-
\??\c:\dthjll.exec:\dthjll.exe87⤵
-
\??\c:\rfnbx.exec:\rfnbx.exe88⤵
-
\??\c:\jpvhndl.exec:\jpvhndl.exe89⤵
-
\??\c:\ljhdbv.exec:\ljhdbv.exe90⤵
-
\??\c:\blthpvr.exec:\blthpvr.exe91⤵
-
\??\c:\pbfpx.exec:\pbfpx.exe92⤵
-
\??\c:\fvbjt.exec:\fvbjt.exe93⤵
-
\??\c:\ttpnrlr.exec:\ttpnrlr.exe94⤵
-
\??\c:\xdvtv.exec:\xdvtv.exe95⤵
-
\??\c:\xvvbxbp.exec:\xvvbxbp.exe96⤵
-
\??\c:\xjjddl.exec:\xjjddl.exe97⤵
-
\??\c:\rnhtdl.exec:\rnhtdl.exe98⤵
-
\??\c:\bbjfdx.exec:\bbjfdx.exe99⤵
-
\??\c:\jnthj.exec:\jnthj.exe100⤵
-
\??\c:\fjtjfb.exec:\fjtjfb.exe101⤵
-
\??\c:\ndvvh.exec:\ndvvh.exe102⤵
-
\??\c:\dphbln.exec:\dphbln.exe103⤵
-
\??\c:\dtvvl.exec:\dtvvl.exe104⤵
-
\??\c:\rtvvrth.exec:\rtvvrth.exe105⤵
-
\??\c:\prnjjd.exec:\prnjjd.exe106⤵
-
\??\c:\tbpnf.exec:\tbpnf.exe107⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jbvbbp.exec:\jbvbbp.exe108⤵
-
\??\c:\ptxth.exec:\ptxth.exe109⤵
-
\??\c:\hjffv.exec:\hjffv.exe110⤵
-
\??\c:\thdhj.exec:\thdhj.exe111⤵
-
\??\c:\dblnf.exec:\dblnf.exe112⤵
-
\??\c:\bpnrnnf.exec:\bpnrnnf.exe113⤵
-
\??\c:\jrvxx.exec:\jrvxx.exe114⤵
-
\??\c:\rnhpvbx.exec:\rnhpvbx.exe115⤵
-
\??\c:\jrhpp.exec:\jrhpp.exe116⤵
-
\??\c:\ntdvj.exec:\ntdvj.exe117⤵
-
\??\c:\fjxpfxp.exec:\fjxpfxp.exe118⤵
-
\??\c:\rfljrtf.exec:\rfljrtf.exe119⤵
-
\??\c:\tnphdp.exec:\tnphdp.exe120⤵
-
\??\c:\rdfnb.exec:\rdfnb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-