Analysis
-
max time kernel
120s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
26-12-2024 02:08
General
-
Target
9c059894896c499cadf8ca3265ba39dd7bec47b1f2d21e62cdea37fef5267702N.exe
-
Size
452KB
-
MD5
7b434dc381b5a737263c719962e86440
-
SHA1
3c7ba530cc310322cb46b1d88ac62038a5ae1260
-
SHA256
9c059894896c499cadf8ca3265ba39dd7bec47b1f2d21e62cdea37fef5267702
-
SHA512
b7b1e1b9d13d13cfcad09bdef10a422cf6d560b922b6d3e46f5ab51e6558ce581198b3f290f756c814875a923050f337f6c03bff05041dbe83014a3a30a462f8
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbev:q7Tc2NYHUrAwfMp3CDv
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 41 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 44 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9c059894896c499cadf8ca3265ba39dd7bec47b1f2d21e62cdea37fef5267702N.exe"C:\Users\Admin\AppData\Local\Temp\9c059894896c499cadf8ca3265ba39dd7bec47b1f2d21e62cdea37fef5267702N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbhtb.exec:\nbbhtb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppd.exec:\pjppd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvvj.exec:\jdvvj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvdj.exec:\ddvdj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbhb.exec:\nhtbhb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vjpp.exec:\1vjpp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhtbbb.exec:\bhtbbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxllxxf.exec:\lxllxxf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbhnh.exec:\bnbhnh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjvd.exec:\vpjvd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dvpp.exec:\7dvpp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhtnnb.exec:\bhtnnb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdjp.exec:\jjdjp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhntb.exec:\bbhntb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jdjj.exec:\9jdjj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdpv.exec:\pjdpv.exe17⤵
- Executes dropped EXE
-
\??\c:\ffrflfl.exec:\ffrflfl.exe18⤵
- Executes dropped EXE
-
\??\c:\3vddd.exec:\3vddd.exe19⤵
- Executes dropped EXE
-
\??\c:\xxlrxxr.exec:\xxlrxxr.exe20⤵
- Executes dropped EXE
-
\??\c:\ddppv.exec:\ddppv.exe21⤵
- Executes dropped EXE
-
\??\c:\nhbnhh.exec:\nhbnhh.exe22⤵
- Executes dropped EXE
-
\??\c:\9jvjd.exec:\9jvjd.exe23⤵
- Executes dropped EXE
-
\??\c:\7bttht.exec:\7bttht.exe24⤵
- Executes dropped EXE
-
\??\c:\vpjvd.exec:\vpjvd.exe25⤵
- Executes dropped EXE
-
\??\c:\7xxlrxl.exec:\7xxlrxl.exe26⤵
- Executes dropped EXE
-
\??\c:\nnhbth.exec:\nnhbth.exe27⤵
- Executes dropped EXE
-
\??\c:\5rlrxxr.exec:\5rlrxxr.exe28⤵
- Executes dropped EXE
-
\??\c:\9thhhn.exec:\9thhhn.exe29⤵
- Executes dropped EXE
-
\??\c:\vjdjv.exec:\vjdjv.exe30⤵
- Executes dropped EXE
-
\??\c:\1llrrxx.exec:\1llrrxx.exe31⤵
- Executes dropped EXE
-
\??\c:\nnbnhh.exec:\nnbnhh.exe32⤵
- Executes dropped EXE
-
\??\c:\9xlrxrx.exec:\9xlrxrx.exe33⤵
- Executes dropped EXE
-
\??\c:\7pvdv.exec:\7pvdv.exe34⤵
- Executes dropped EXE
-
\??\c:\5jdpv.exec:\5jdpv.exe35⤵
- Executes dropped EXE
-
\??\c:\llxrxfl.exec:\llxrxfl.exe36⤵
- Executes dropped EXE
-
\??\c:\hhnthn.exec:\hhnthn.exe37⤵
- Executes dropped EXE
-
\??\c:\jvpjp.exec:\jvpjp.exe38⤵
- Executes dropped EXE
-
\??\c:\xxxxllx.exec:\xxxxllx.exe39⤵
- Executes dropped EXE
-
\??\c:\frfrrll.exec:\frfrrll.exe40⤵
- Executes dropped EXE
-
\??\c:\bnbbhb.exec:\bnbbhb.exe41⤵
- Executes dropped EXE
-
\??\c:\9vvdp.exec:\9vvdp.exe42⤵
- Executes dropped EXE
-
\??\c:\xrrxlrx.exec:\xrrxlrx.exe43⤵
- Executes dropped EXE
-
\??\c:\rlfxllr.exec:\rlfxllr.exe44⤵
- Executes dropped EXE
-
\??\c:\tbhtbt.exec:\tbhtbt.exe45⤵
- Executes dropped EXE
-
\??\c:\vvjpp.exec:\vvjpp.exe46⤵
- Executes dropped EXE
-
\??\c:\pvpvj.exec:\pvpvj.exe47⤵
- Executes dropped EXE
-
\??\c:\ffxxlxf.exec:\ffxxlxf.exe48⤵
- Executes dropped EXE
-
\??\c:\5htbhn.exec:\5htbhn.exe49⤵
- Executes dropped EXE
-
\??\c:\dpjdj.exec:\dpjdj.exe50⤵
- Executes dropped EXE
-
\??\c:\flxrlff.exec:\flxrlff.exe51⤵
- Executes dropped EXE
-
\??\c:\rflxffl.exec:\rflxffl.exe52⤵
- Executes dropped EXE
-
\??\c:\tnttbb.exec:\tnttbb.exe53⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe54⤵
- Executes dropped EXE
-
\??\c:\lfrxflx.exec:\lfrxflx.exe55⤵
- Executes dropped EXE
-
\??\c:\fxxxffr.exec:\fxxxffr.exe56⤵
- Executes dropped EXE
-
\??\c:\1nbbhh.exec:\1nbbhh.exe57⤵
- Executes dropped EXE
-
\??\c:\jjdjv.exec:\jjdjv.exe58⤵
- Executes dropped EXE
-
\??\c:\jvpvv.exec:\jvpvv.exe59⤵
- Executes dropped EXE
-
\??\c:\rlxxrrx.exec:\rlxxrrx.exe60⤵
- Executes dropped EXE
-
\??\c:\hthhnt.exec:\hthhnt.exe61⤵
- Executes dropped EXE
-
\??\c:\pjdjp.exec:\pjdjp.exe62⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe63⤵
- Executes dropped EXE
-
\??\c:\rlxlxrx.exec:\rlxlxrx.exe64⤵
- Executes dropped EXE
-
\??\c:\tbbbhb.exec:\tbbbhb.exe65⤵
- Executes dropped EXE
-
\??\c:\3thhhn.exec:\3thhhn.exe66⤵
-
\??\c:\5jvjv.exec:\5jvjv.exe67⤵
-
\??\c:\lxlrxff.exec:\lxlrxff.exe68⤵
-
\??\c:\thnnbt.exec:\thnnbt.exe69⤵
-
\??\c:\3hnhbb.exec:\3hnhbb.exe70⤵
-
\??\c:\ppvpv.exec:\ppvpv.exe71⤵
-
\??\c:\rfxxfxl.exec:\rfxxfxl.exe72⤵
-
\??\c:\hhhhtb.exec:\hhhhtb.exe73⤵
-
\??\c:\nnhbnh.exec:\nnhbnh.exe74⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe75⤵
-
\??\c:\xxrxlxr.exec:\xxrxlxr.exe76⤵
-
\??\c:\xrlfrxr.exec:\xrlfrxr.exe77⤵
-
\??\c:\tbnbhh.exec:\tbnbhh.exe78⤵
-
\??\c:\ddvvj.exec:\ddvvj.exe79⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe80⤵
-
\??\c:\fxrxffr.exec:\fxrxffr.exe81⤵
-
\??\c:\3bttbh.exec:\3bttbh.exe82⤵
-
\??\c:\3vjpv.exec:\3vjpv.exe83⤵
-
\??\c:\dpdjj.exec:\dpdjj.exe84⤵
-
\??\c:\ffrfxll.exec:\ffrfxll.exe85⤵
-
\??\c:\nnhthn.exec:\nnhthn.exe86⤵
-
\??\c:\1htttt.exec:\1htttt.exe87⤵
- System Location Discovery: System Language Discovery
-
\??\c:\djvdv.exec:\djvdv.exe88⤵
-
\??\c:\fflrxfx.exec:\fflrxfx.exe89⤵
-
\??\c:\5xrrxxl.exec:\5xrrxxl.exe90⤵
-
\??\c:\hhnbtt.exec:\hhnbtt.exe91⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe92⤵
-
\??\c:\vddjd.exec:\vddjd.exe93⤵
-
\??\c:\1llrrxl.exec:\1llrrxl.exe94⤵
-
\??\c:\bnbhbb.exec:\bnbhbb.exe95⤵
-
\??\c:\nnbbhh.exec:\nnbbhh.exe96⤵
-
\??\c:\vjdjv.exec:\vjdjv.exe97⤵
-
\??\c:\rfrxllr.exec:\rfrxllr.exe98⤵
-
\??\c:\htbthb.exec:\htbthb.exe99⤵
-
\??\c:\5nbttt.exec:\5nbttt.exe100⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe101⤵
-
\??\c:\lffrffr.exec:\lffrffr.exe102⤵
-
\??\c:\9ffrrll.exec:\9ffrrll.exe103⤵
-
\??\c:\nbtthn.exec:\nbtthn.exe104⤵
-
\??\c:\dddjd.exec:\dddjd.exe105⤵
-
\??\c:\lxlllrf.exec:\lxlllrf.exe106⤵
-
\??\c:\lfxxlfr.exec:\lfxxlfr.exe107⤵
-
\??\c:\nhbnbh.exec:\nhbnbh.exe108⤵
-
\??\c:\ppjvd.exec:\ppjvd.exe109⤵
-
\??\c:\rrrxlrl.exec:\rrrxlrl.exe110⤵
-
\??\c:\fxllxfl.exec:\fxllxfl.exe111⤵
-
\??\c:\thbbnn.exec:\thbbnn.exe112⤵
-
\??\c:\5dpjj.exec:\5dpjj.exe113⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe114⤵
-
\??\c:\fffrfxl.exec:\fffrfxl.exe115⤵
-
\??\c:\nbtbnt.exec:\nbtbnt.exe116⤵
-
\??\c:\nhbntb.exec:\nhbntb.exe117⤵
-
\??\c:\7vpvv.exec:\7vpvv.exe118⤵
-
\??\c:\7xrfrxf.exec:\7xrfrxf.exe119⤵
-
\??\c:\5fxxffl.exec:\5fxxffl.exe120⤵
-
\??\c:\tnbntt.exec:\tnbntt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-