Analysis
-
max time kernel
120s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
26-12-2024 04:24
General
-
Target
928d6c636ab4f9792cc4c9b48c51b2fcd9edb5dcd74a86b2708b1d82a57c01f4N.exe
-
Size
454KB
-
MD5
488df8f12423650a8438ea013368e290
-
SHA1
4a7190acb923a512f6ebd836ccdc0a8cea3dc39b
-
SHA256
928d6c636ab4f9792cc4c9b48c51b2fcd9edb5dcd74a86b2708b1d82a57c01f4
-
SHA512
7d732bb692a7a9814fdc4fef1bd0d259da2190ab0d57e3d2a798d7b3375d8b6ca3957c11fa09f5b9ac6f13e5bb22606d315220cdf091a957eed97aa4a8a7a178
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbe3:q7Tc2NYHUrAwfMp3CD3
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 37 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 51 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\928d6c636ab4f9792cc4c9b48c51b2fcd9edb5dcd74a86b2708b1d82a57c01f4N.exe"C:\Users\Admin\AppData\Local\Temp\928d6c636ab4f9792cc4c9b48c51b2fcd9edb5dcd74a86b2708b1d82a57c01f4N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrffl.exec:\fxlrffl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxfrxx.exec:\xrxfrxx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pdjv.exec:\9pdjv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlxflx.exec:\rrlxflx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1thnhh.exec:\1thnhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnthh.exec:\hbnthh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nbhtt.exec:\1nbhtt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxfrxx.exec:\fxxfrxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bnntb.exec:\9bnntb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rllllr.exec:\3rllllr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhbnn.exec:\thhbnn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrrll.exec:\rlrrrll.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tnttt.exec:\5tnttt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xflrrr.exec:\1xflrrr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ntthh.exec:\1ntthh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlfrxf.exec:\xxlfrxf.exe17⤵
- Executes dropped EXE
-
\??\c:\7thnth.exec:\7thnth.exe18⤵
- Executes dropped EXE
-
\??\c:\rfxlrxr.exec:\rfxlrxr.exe19⤵
- Executes dropped EXE
-
\??\c:\tnnnbh.exec:\tnnnbh.exe20⤵
- Executes dropped EXE
-
\??\c:\jjdjv.exec:\jjdjv.exe21⤵
- Executes dropped EXE
-
\??\c:\lfxflfr.exec:\lfxflfr.exe22⤵
- Executes dropped EXE
-
\??\c:\pjvjp.exec:\pjvjp.exe23⤵
- Executes dropped EXE
-
\??\c:\lxxxxrl.exec:\lxxxxrl.exe24⤵
- Executes dropped EXE
-
\??\c:\7dpjv.exec:\7dpjv.exe25⤵
- Executes dropped EXE
-
\??\c:\xlrrxxl.exec:\xlrrxxl.exe26⤵
- Executes dropped EXE
-
\??\c:\ppjpd.exec:\ppjpd.exe27⤵
- Executes dropped EXE
-
\??\c:\lfrrxrx.exec:\lfrrxrx.exe28⤵
- Executes dropped EXE
-
\??\c:\ppjpj.exec:\ppjpj.exe29⤵
- Executes dropped EXE
-
\??\c:\3rlrlrx.exec:\3rlrlrx.exe30⤵
- Executes dropped EXE
-
\??\c:\1hnhbt.exec:\1hnhbt.exe31⤵
- Executes dropped EXE
-
\??\c:\rlxfrrf.exec:\rlxfrrf.exe32⤵
- Executes dropped EXE
-
\??\c:\5nbthb.exec:\5nbthb.exe33⤵
- Executes dropped EXE
-
\??\c:\9jppp.exec:\9jppp.exe34⤵
- Executes dropped EXE
-
\??\c:\3bnhnt.exec:\3bnhnt.exe35⤵
- Executes dropped EXE
-
\??\c:\7bnhhh.exec:\7bnhhh.exe36⤵
- Executes dropped EXE
-
\??\c:\vpdvv.exec:\vpdvv.exe37⤵
- Executes dropped EXE
-
\??\c:\1lffffl.exec:\1lffffl.exe38⤵
- Executes dropped EXE
-
\??\c:\nbhbnn.exec:\nbhbnn.exe39⤵
- Executes dropped EXE
-
\??\c:\5jpjp.exec:\5jpjp.exe40⤵
- Executes dropped EXE
-
\??\c:\xxrlxxf.exec:\xxrlxxf.exe41⤵
- Executes dropped EXE
-
\??\c:\fxxxxxf.exec:\fxxxxxf.exe42⤵
- Executes dropped EXE
-
\??\c:\hbnthh.exec:\hbnthh.exe43⤵
- Executes dropped EXE
-
\??\c:\pjvpj.exec:\pjvpj.exe44⤵
- Executes dropped EXE
-
\??\c:\fxrrffr.exec:\fxrrffr.exe45⤵
- Executes dropped EXE
-
\??\c:\9ntbtt.exec:\9ntbtt.exe46⤵
- Executes dropped EXE
-
\??\c:\pvddv.exec:\pvddv.exe47⤵
- Executes dropped EXE
-
\??\c:\rrxlxfl.exec:\rrxlxfl.exe48⤵
- Executes dropped EXE
-
\??\c:\lxrlxxr.exec:\lxrlxxr.exe49⤵
- Executes dropped EXE
-
\??\c:\7tbhtn.exec:\7tbhtn.exe50⤵
- Executes dropped EXE
-
\??\c:\jvdjj.exec:\jvdjj.exe51⤵
- Executes dropped EXE
-
\??\c:\5xllflr.exec:\5xllflr.exe52⤵
- Executes dropped EXE
-
\??\c:\tnnnbb.exec:\tnnnbb.exe53⤵
- Executes dropped EXE
-
\??\c:\bbnntt.exec:\bbnntt.exe54⤵
- Executes dropped EXE
-
\??\c:\dvvjv.exec:\dvvjv.exe55⤵
- Executes dropped EXE
-
\??\c:\1lllffr.exec:\1lllffr.exe56⤵
- Executes dropped EXE
-
\??\c:\tnhnbh.exec:\tnhnbh.exe57⤵
- Executes dropped EXE
-
\??\c:\pdppp.exec:\pdppp.exe58⤵
- Executes dropped EXE
-
\??\c:\xlxfflx.exec:\xlxfflx.exe59⤵
- Executes dropped EXE
-
\??\c:\llfrflx.exec:\llfrflx.exe60⤵
- Executes dropped EXE
-
\??\c:\nthnhh.exec:\nthnhh.exe61⤵
- Executes dropped EXE
-
\??\c:\7vjjv.exec:\7vjjv.exe62⤵
- Executes dropped EXE
-
\??\c:\5rlfflf.exec:\5rlfflf.exe63⤵
- Executes dropped EXE
-
\??\c:\fxfxxll.exec:\fxfxxll.exe64⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\bntttt.exec:\bntttt.exe65⤵
- Executes dropped EXE
-
\??\c:\pjdvd.exec:\pjdvd.exe66⤵
-
\??\c:\lfrlffl.exec:\lfrlffl.exe67⤵
-
\??\c:\ttnnhn.exec:\ttnnhn.exe68⤵
-
\??\c:\hbhhhh.exec:\hbhhhh.exe69⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe70⤵
-
\??\c:\frfxlfl.exec:\frfxlfl.exe71⤵
-
\??\c:\nhnhnn.exec:\nhnhnn.exe72⤵
-
\??\c:\bnhbbh.exec:\bnhbbh.exe73⤵
-
\??\c:\3vpjj.exec:\3vpjj.exe74⤵
-
\??\c:\rlxfrrf.exec:\rlxfrrf.exe75⤵
-
\??\c:\rlrrrlr.exec:\rlrrrlr.exe76⤵
-
\??\c:\btntnt.exec:\btntnt.exe77⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe78⤵
-
\??\c:\llflxxf.exec:\llflxxf.exe79⤵
-
\??\c:\1lrrxrx.exec:\1lrrxrx.exe80⤵
-
\??\c:\bbtbtt.exec:\bbtbtt.exe81⤵
-
\??\c:\1vpvd.exec:\1vpvd.exe82⤵
-
\??\c:\vvjjd.exec:\vvjjd.exe83⤵
-
\??\c:\rffxrrx.exec:\rffxrrx.exe84⤵
-
\??\c:\1hbhnn.exec:\1hbhnn.exe85⤵
-
\??\c:\jdppv.exec:\jdppv.exe86⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rrflxxl.exec:\rrflxxl.exe87⤵
- System Location Discovery: System Language Discovery
-
\??\c:\1tntbt.exec:\1tntbt.exe88⤵
-
\??\c:\btttbb.exec:\btttbb.exe89⤵
-
\??\c:\jvjjj.exec:\jvjjj.exe90⤵
-
\??\c:\3lxxfxl.exec:\3lxxfxl.exe91⤵
-
\??\c:\tnbbnt.exec:\tnbbnt.exe92⤵
-
\??\c:\nhbttt.exec:\nhbttt.exe93⤵
-
\??\c:\dvvdp.exec:\dvvdp.exe94⤵
-
\??\c:\lxrlrll.exec:\lxrlrll.exe95⤵
-
\??\c:\9nbhth.exec:\9nbhth.exe96⤵
-
\??\c:\jjvvv.exec:\jjvvv.exe97⤵
-
\??\c:\jvpvv.exec:\jvpvv.exe98⤵
-
\??\c:\frllxfx.exec:\frllxfx.exe99⤵
-
\??\c:\hhbntt.exec:\hhbntt.exe100⤵
-
\??\c:\vdppd.exec:\vdppd.exe101⤵
-
\??\c:\jvdjj.exec:\jvdjj.exe102⤵
-
\??\c:\rxrrrxf.exec:\rxrrrxf.exe103⤵
-
\??\c:\bbttbb.exec:\bbttbb.exe104⤵
-
\??\c:\btnttt.exec:\btnttt.exe105⤵
-
\??\c:\7vjdj.exec:\7vjdj.exe106⤵
-
\??\c:\fxrrxfl.exec:\fxrrxfl.exe107⤵
-
\??\c:\bthhhn.exec:\bthhhn.exe108⤵
-
\??\c:\jjjpd.exec:\jjjpd.exe109⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe110⤵
-
\??\c:\lfxxflx.exec:\lfxxflx.exe111⤵
-
\??\c:\tnbbnt.exec:\tnbbnt.exe112⤵
-
\??\c:\dpdjp.exec:\dpdjp.exe113⤵
-
\??\c:\bnhhbb.exec:\bnhhbb.exe114⤵
-
\??\c:\btnhbb.exec:\btnhbb.exe115⤵
-
\??\c:\9jppd.exec:\9jppd.exe116⤵
-
\??\c:\xlxfllr.exec:\xlxfllr.exe117⤵
-
\??\c:\frrrxfr.exec:\frrrxfr.exe118⤵
-
\??\c:\bhbbtb.exec:\bhbbtb.exe119⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe120⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-