Analysis
-
max time kernel
120s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
26/12/2024, 04:16
General
-
Target
a7224fb2f175128346d36be98edaf2bec8a866f863126223155a1dfc3f1fe6c2.exe
-
Size
453KB
-
MD5
84c842440c7a4c2d36db43bc1d018005
-
SHA1
f81db179b3401747130914396e96966fd3235fdd
-
SHA256
a7224fb2f175128346d36be98edaf2bec8a866f863126223155a1dfc3f1fe6c2
-
SHA512
8e7e999fcb24497c17eab0f1ad808121aebb76fe770deba48599df81b15de91e0741ebe8ddafcd32ca28ea52e6c06e1694e27cef73a0dde2d818246b44dfd2c4
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeP:q7Tc2NYHUrAwfMp3CDP
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 32 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 44 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a7224fb2f175128346d36be98edaf2bec8a866f863126223155a1dfc3f1fe6c2.exe"C:\Users\Admin\AppData\Local\Temp\a7224fb2f175128346d36be98edaf2bec8a866f863126223155a1dfc3f1fe6c2.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hfdrbn.exec:\hfdrbn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djbdt.exec:\djbdt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xbldlnd.exec:\xbldlnd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfdjlhr.exec:\xfdjlhr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jtlpbx.exec:\jtlpbx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dnrnt.exec:\dnrnt.exe7⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvhd.exec:\dvvhd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ljfbv.exec:\ljfbv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fjhfx.exec:\fjhfx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ltrrtnt.exec:\ltrrtnt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbvnxbt.exec:\tbvnxbt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hfdtr.exec:\hfdtr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxxhjx.exec:\frxxhjx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnpfj.exec:\hnpfj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hlrhxrr.exec:\hlrhxrr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnlntx.exec:\bnlntx.exe17⤵
- Executes dropped EXE
-
\??\c:\njvpndd.exec:\njvpndd.exe18⤵
- Executes dropped EXE
-
\??\c:\jhrlxh.exec:\jhrlxh.exe19⤵
- Executes dropped EXE
-
\??\c:\pbbpndx.exec:\pbbpndx.exe20⤵
- Executes dropped EXE
-
\??\c:\nvbhbj.exec:\nvbhbj.exe21⤵
- Executes dropped EXE
-
\??\c:\nntfff.exec:\nntfff.exe22⤵
- Executes dropped EXE
-
\??\c:\jbdhp.exec:\jbdhp.exe23⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rpvpdh.exec:\rpvpdh.exe24⤵
- Executes dropped EXE
-
\??\c:\trntlbf.exec:\trntlbf.exe25⤵
- Executes dropped EXE
-
\??\c:\nrftvbh.exec:\nrftvbh.exe26⤵
- Executes dropped EXE
-
\??\c:\dtxxv.exec:\dtxxv.exe27⤵
- Executes dropped EXE
-
\??\c:\xpppxxd.exec:\xpppxxd.exe28⤵
- Executes dropped EXE
-
\??\c:\fftjf.exec:\fftjf.exe29⤵
- Executes dropped EXE
-
\??\c:\xrdnd.exec:\xrdnd.exe30⤵
- Executes dropped EXE
-
\??\c:\pjtjld.exec:\pjtjld.exe31⤵
- Executes dropped EXE
-
\??\c:\hpdxxrx.exec:\hpdxxrx.exe32⤵
- Executes dropped EXE
-
\??\c:\xdllr.exec:\xdllr.exe33⤵
- Executes dropped EXE
-
\??\c:\xdhft.exec:\xdhft.exe34⤵
- Executes dropped EXE
-
\??\c:\pdhlrvb.exec:\pdhlrvb.exe35⤵
- Executes dropped EXE
-
\??\c:\xtntltt.exec:\xtntltt.exe36⤵
- Executes dropped EXE
-
\??\c:\nvpxjr.exec:\nvpxjr.exe37⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\drhbdh.exec:\drhbdh.exe38⤵
- Executes dropped EXE
-
\??\c:\rxtdfvh.exec:\rxtdfvh.exe39⤵
- Executes dropped EXE
-
\??\c:\lxdnrjb.exec:\lxdnrjb.exe40⤵
- Executes dropped EXE
-
\??\c:\vbfjvv.exec:\vbfjvv.exe41⤵
- Executes dropped EXE
-
\??\c:\jhlbxj.exec:\jhlbxj.exe42⤵
- Executes dropped EXE
-
\??\c:\tbbnv.exec:\tbbnv.exe43⤵
- Executes dropped EXE
-
\??\c:\vjdxv.exec:\vjdxv.exe44⤵
- Executes dropped EXE
-
\??\c:\npvhnn.exec:\npvhnn.exe45⤵
- Executes dropped EXE
-
\??\c:\rbxrpl.exec:\rbxrpl.exe46⤵
- Executes dropped EXE
-
\??\c:\vrblxfb.exec:\vrblxfb.exe47⤵
- Executes dropped EXE
-
\??\c:\jthvx.exec:\jthvx.exe48⤵
- Executes dropped EXE
-
\??\c:\bvjxb.exec:\bvjxb.exe49⤵
- Executes dropped EXE
-
\??\c:\ffrrfvh.exec:\ffrrfvh.exe50⤵
- Executes dropped EXE
-
\??\c:\xxlnppf.exec:\xxlnppf.exe51⤵
- Executes dropped EXE
-
\??\c:\tjrjrfb.exec:\tjrjrfb.exe52⤵
- Executes dropped EXE
-
\??\c:\dhdfbbd.exec:\dhdfbbd.exe53⤵
- Executes dropped EXE
-
\??\c:\dpvblh.exec:\dpvblh.exe54⤵
- Executes dropped EXE
-
\??\c:\brjvtn.exec:\brjvtn.exe55⤵
- Executes dropped EXE
-
\??\c:\hphhpdl.exec:\hphhpdl.exe56⤵
- Executes dropped EXE
-
\??\c:\vnbnnf.exec:\vnbnnf.exe57⤵
- Executes dropped EXE
-
\??\c:\xxbnh.exec:\xxbnh.exe58⤵
- Executes dropped EXE
-
\??\c:\phvplrl.exec:\phvplrl.exe59⤵
- Executes dropped EXE
-
\??\c:\hjxnpnv.exec:\hjxnpnv.exe60⤵
- Executes dropped EXE
-
\??\c:\nrnhv.exec:\nrnhv.exe61⤵
- Executes dropped EXE
-
\??\c:\rpffb.exec:\rpffb.exe62⤵
- Executes dropped EXE
-
\??\c:\djnvr.exec:\djnvr.exe63⤵
- Executes dropped EXE
-
\??\c:\dbbrhfp.exec:\dbbrhfp.exe64⤵
- Executes dropped EXE
-
\??\c:\vlrtlbp.exec:\vlrtlbp.exe65⤵
- Executes dropped EXE
-
\??\c:\lfbnvfr.exec:\lfbnvfr.exe66⤵
-
\??\c:\dxrfbhb.exec:\dxrfbhb.exe67⤵
-
\??\c:\jxrjt.exec:\jxrjt.exe68⤵
-
\??\c:\rxrrv.exec:\rxrrv.exe69⤵
-
\??\c:\jfjrfvr.exec:\jfjrfvr.exe70⤵
-
\??\c:\bbvnp.exec:\bbvnp.exe71⤵
-
\??\c:\hvrdht.exec:\hvrdht.exe72⤵
-
\??\c:\hvjvh.exec:\hvjvh.exe73⤵
-
\??\c:\rhnvl.exec:\rhnvl.exe74⤵
-
\??\c:\xpbrlxb.exec:\xpbrlxb.exe75⤵
-
\??\c:\jrplrd.exec:\jrplrd.exe76⤵
-
\??\c:\rvfvxl.exec:\rvfvxl.exe77⤵
-
\??\c:\jrjnxt.exec:\jrjnxt.exe78⤵
-
\??\c:\fbjtfh.exec:\fbjtfh.exe79⤵
-
\??\c:\xtpjjx.exec:\xtpjjx.exe80⤵
-
\??\c:\fllrr.exec:\fllrr.exe81⤵
-
\??\c:\xfdfpj.exec:\xfdfpj.exe82⤵
-
\??\c:\fptffrn.exec:\fptffrn.exe83⤵
-
\??\c:\fvtbbrn.exec:\fvtbbrn.exe84⤵
-
\??\c:\jtpjp.exec:\jtpjp.exe85⤵
-
\??\c:\pppxnj.exec:\pppxnj.exe86⤵
-
\??\c:\vbtxl.exec:\vbtxl.exe87⤵
-
\??\c:\lnbnn.exec:\lnbnn.exe88⤵
-
\??\c:\ntrpt.exec:\ntrpt.exe89⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rjrtxx.exec:\rjrtxx.exe90⤵
-
\??\c:\rllvfr.exec:\rllvfr.exe91⤵
-
\??\c:\jblnlvn.exec:\jblnlvn.exe92⤵
-
\??\c:\rdntx.exec:\rdntx.exe93⤵
-
\??\c:\hjhfrdr.exec:\hjhfrdr.exe94⤵
-
\??\c:\txnnl.exec:\txnnl.exe95⤵
-
\??\c:\fljfjlp.exec:\fljfjlp.exe96⤵
-
\??\c:\lvxxt.exec:\lvxxt.exe97⤵
-
\??\c:\nhdht.exec:\nhdht.exe98⤵
-
\??\c:\xlddbx.exec:\xlddbx.exe99⤵
-
\??\c:\jvrfpv.exec:\jvrfpv.exe100⤵
-
\??\c:\tjplrn.exec:\tjplrn.exe101⤵
-
\??\c:\btrvvpf.exec:\btrvvpf.exe102⤵
-
\??\c:\djtbfj.exec:\djtbfj.exe103⤵
-
\??\c:\nhbvxhn.exec:\nhbvxhn.exe104⤵
-
\??\c:\bjnrth.exec:\bjnrth.exe105⤵
-
\??\c:\ttvhl.exec:\ttvhl.exe106⤵
-
\??\c:\fbtrh.exec:\fbtrh.exe107⤵
-
\??\c:\hbtxp.exec:\hbtxp.exe108⤵
-
\??\c:\lhlhrt.exec:\lhlhrt.exe109⤵
-
\??\c:\nbpbtvp.exec:\nbpbtvp.exe110⤵
-
\??\c:\fbnbtt.exec:\fbnbtt.exe111⤵
-
\??\c:\xtrhll.exec:\xtrhll.exe112⤵
-
\??\c:\jrpjj.exec:\jrpjj.exe113⤵
-
\??\c:\dpxxxfh.exec:\dpxxxfh.exe114⤵
-
\??\c:\xfvpplr.exec:\xfvpplr.exe115⤵
-
\??\c:\prxdpdh.exec:\prxdpdh.exe116⤵
-
\??\c:\hhltll.exec:\hhltll.exe117⤵
-
\??\c:\rnftnx.exec:\rnftnx.exe118⤵
-
\??\c:\brrtnbr.exec:\brrtnbr.exe119⤵
-
\??\c:\lxnblt.exec:\lxnblt.exe120⤵
-
\??\c:\pdpvhhr.exec:\pdpvhhr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-