Analysis
-
max time kernel
120s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
26-12-2024 04:52
General
-
Target
8dda96d9d077081b72322a1bebd1d1fc1fd9cb46906d0839300ddb519e4cc5f1.exe
-
Size
456KB
-
MD5
9fa14e964c3b6a4992d5f4b80a178191
-
SHA1
aa93eac8e562c1e57182c69997f426b21f0e7f6a
-
SHA256
8dda96d9d077081b72322a1bebd1d1fc1fd9cb46906d0839300ddb519e4cc5f1
-
SHA512
6a6cea25820611121e83632fc43dc95db6b422feffc1ed2a92418aa0a9fc8c0f1c80d8da398445668f2982f842bc3b531ed021607bf7a5214464e20f15a20ded
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeRn:q7Tc2NYHUrAwfMp3CDRn
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 41 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 44 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8dda96d9d077081b72322a1bebd1d1fc1fd9cb46906d0839300ddb519e4cc5f1.exe"C:\Users\Admin\AppData\Local\Temp\8dda96d9d077081b72322a1bebd1d1fc1fd9cb46906d0839300ddb519e4cc5f1.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\trtprf.exec:\trtprf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dbnxjn.exec:\dbnxjn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjrpdh.exec:\jjrpdh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tpxvd.exec:\tpxvd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbttv.exec:\tbttv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bxpnbrr.exec:\bxpnbrr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fbrpjp.exec:\fbrpjp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xppjtxh.exec:\xppjtxh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrjbldj.exec:\xrjbldj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rpxjt.exec:\rpxjt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfbbbb.exec:\rfbbbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nxpjvf.exec:\nxpjvf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nvbtxh.exec:\nvbtxh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nxfbhvv.exec:\nxfbhvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tpbtpt.exec:\tpbtpt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hjtfh.exec:\hjtfh.exe17⤵
- Executes dropped EXE
-
\??\c:\nxnhnpb.exec:\nxnhnpb.exe18⤵
- Executes dropped EXE
-
\??\c:\nrjhl.exec:\nrjhl.exe19⤵
- Executes dropped EXE
-
\??\c:\lnvxrnj.exec:\lnvxrnj.exe20⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\dhhdb.exec:\dhhdb.exe21⤵
- Executes dropped EXE
-
\??\c:\xfbrr.exec:\xfbrr.exe22⤵
- Executes dropped EXE
-
\??\c:\tppbfxx.exec:\tppbfxx.exe23⤵
- Executes dropped EXE
-
\??\c:\hjpfbff.exec:\hjpfbff.exe24⤵
- Executes dropped EXE
-
\??\c:\vtdbbl.exec:\vtdbbl.exe25⤵
- Executes dropped EXE
-
\??\c:\bttlr.exec:\bttlr.exe26⤵
- Executes dropped EXE
-
\??\c:\pvjjvf.exec:\pvjjvf.exe27⤵
- Executes dropped EXE
-
\??\c:\rlnxtfv.exec:\rlnxtfv.exe28⤵
- Executes dropped EXE
-
\??\c:\nvnfxl.exec:\nvnfxl.exe29⤵
- Executes dropped EXE
-
\??\c:\fvdrt.exec:\fvdrt.exe30⤵
- Executes dropped EXE
-
\??\c:\hlfnj.exec:\hlfnj.exe31⤵
- Executes dropped EXE
-
\??\c:\vvjrlj.exec:\vvjrlj.exe32⤵
- Executes dropped EXE
-
\??\c:\xvvvj.exec:\xvvvj.exe33⤵
- Executes dropped EXE
-
\??\c:\ppbpn.exec:\ppbpn.exe34⤵
- Executes dropped EXE
-
\??\c:\nrrbh.exec:\nrrbh.exe35⤵
- Executes dropped EXE
-
\??\c:\fxrbxln.exec:\fxrbxln.exe36⤵
- Executes dropped EXE
-
\??\c:\pxnbx.exec:\pxnbx.exe37⤵
- Executes dropped EXE
-
\??\c:\bfnphr.exec:\bfnphr.exe38⤵
- Executes dropped EXE
-
\??\c:\tjxrxl.exec:\tjxrxl.exe39⤵
- Executes dropped EXE
-
\??\c:\vrvtft.exec:\vrvtft.exe40⤵
- Executes dropped EXE
-
\??\c:\nfhdr.exec:\nfhdr.exe41⤵
- Executes dropped EXE
-
\??\c:\hfdfhl.exec:\hfdfhl.exe42⤵
- Executes dropped EXE
-
\??\c:\ndhhl.exec:\ndhhl.exe43⤵
- Executes dropped EXE
-
\??\c:\jnjfv.exec:\jnjfv.exe44⤵
- Executes dropped EXE
-
\??\c:\xhrdvrn.exec:\xhrdvrn.exe45⤵
- Executes dropped EXE
-
\??\c:\hlddh.exec:\hlddh.exe46⤵
- Executes dropped EXE
-
\??\c:\tpttv.exec:\tpttv.exe47⤵
- Executes dropped EXE
-
\??\c:\hxhxhth.exec:\hxhxhth.exe48⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\thfxdhl.exec:\thfxdhl.exe49⤵
- Executes dropped EXE
-
\??\c:\jhhtx.exec:\jhhtx.exe50⤵
- Executes dropped EXE
-
\??\c:\ftxbbrn.exec:\ftxbbrn.exe51⤵
- Executes dropped EXE
-
\??\c:\xxdbrt.exec:\xxdbrt.exe52⤵
- Executes dropped EXE
-
\??\c:\ljbbb.exec:\ljbbb.exe53⤵
- Executes dropped EXE
-
\??\c:\rpjhtnp.exec:\rpjhtnp.exe54⤵
- Executes dropped EXE
-
\??\c:\dlfpd.exec:\dlfpd.exe55⤵
- Executes dropped EXE
-
\??\c:\lrjxxx.exec:\lrjxxx.exe56⤵
- Executes dropped EXE
-
\??\c:\fvbbxd.exec:\fvbbxd.exe57⤵
- Executes dropped EXE
-
\??\c:\rlnljp.exec:\rlnljp.exe58⤵
- Executes dropped EXE
-
\??\c:\pbflf.exec:\pbflf.exe59⤵
- Executes dropped EXE
-
\??\c:\bdnxdn.exec:\bdnxdn.exe60⤵
- Executes dropped EXE
-
\??\c:\rbbfxdl.exec:\rbbfxdl.exe61⤵
- Executes dropped EXE
-
\??\c:\htjnjvd.exec:\htjnjvd.exe62⤵
- Executes dropped EXE
-
\??\c:\ldrhp.exec:\ldrhp.exe63⤵
- Executes dropped EXE
-
\??\c:\ppfnj.exec:\ppfnj.exe64⤵
- Executes dropped EXE
-
\??\c:\xrhdjbl.exec:\xrhdjbl.exe65⤵
- Executes dropped EXE
-
\??\c:\tljxxlx.exec:\tljxxlx.exe66⤵
-
\??\c:\dbxbb.exec:\dbxbb.exe67⤵
-
\??\c:\lprjrf.exec:\lprjrf.exe68⤵
-
\??\c:\fxvnhx.exec:\fxvnhx.exe69⤵
-
\??\c:\njllhv.exec:\njllhv.exe70⤵
-
\??\c:\vtpxf.exec:\vtpxf.exe71⤵
-
\??\c:\lrdjpbn.exec:\lrdjpbn.exe72⤵
-
\??\c:\rfxnp.exec:\rfxnp.exe73⤵
-
\??\c:\tpprtt.exec:\tpprtt.exe74⤵
-
\??\c:\rbtrvn.exec:\rbtrvn.exe75⤵
-
\??\c:\bthhlh.exec:\bthhlh.exe76⤵
-
\??\c:\hhbdpbl.exec:\hhbdpbl.exe77⤵
-
\??\c:\vrjrndh.exec:\vrjrndh.exe78⤵
-
\??\c:\xhjftb.exec:\xhjftb.exe79⤵
-
\??\c:\xfpjl.exec:\xfpjl.exe80⤵
-
\??\c:\fpjtb.exec:\fpjtb.exe81⤵
-
\??\c:\rnpxr.exec:\rnpxr.exe82⤵
-
\??\c:\hjhrxd.exec:\hjhrxd.exe83⤵
-
\??\c:\xvrnj.exec:\xvrnj.exe84⤵
-
\??\c:\jvnntj.exec:\jvnntj.exe85⤵
-
\??\c:\phlrn.exec:\phlrn.exe86⤵
-
\??\c:\nfdtflv.exec:\nfdtflv.exe87⤵
-
\??\c:\ldvrjxl.exec:\ldvrjxl.exe88⤵
-
\??\c:\hjltxl.exec:\hjltxl.exe89⤵
-
\??\c:\bnrrpp.exec:\bnrrpp.exe90⤵
-
\??\c:\jbhjv.exec:\jbhjv.exe91⤵
-
\??\c:\dfvxv.exec:\dfvxv.exe92⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hrptj.exec:\hrptj.exe93⤵
-
\??\c:\vxxjtfx.exec:\vxxjtfx.exe94⤵
-
\??\c:\vnnrx.exec:\vnnrx.exe95⤵
-
\??\c:\vbplnd.exec:\vbplnd.exe96⤵
-
\??\c:\rhdtl.exec:\rhdtl.exe97⤵
-
\??\c:\fbtpp.exec:\fbtpp.exe98⤵
-
\??\c:\fpntlv.exec:\fpntlv.exe99⤵
-
\??\c:\lrxdvl.exec:\lrxdvl.exe100⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jlpnrb.exec:\jlpnrb.exe101⤵
-
\??\c:\rfxtbx.exec:\rfxtbx.exe102⤵
-
\??\c:\hfrhblv.exec:\hfrhblv.exe103⤵
-
\??\c:\tfvxjnt.exec:\tfvxjnt.exe104⤵
-
\??\c:\lthbb.exec:\lthbb.exe105⤵
-
\??\c:\btvbbb.exec:\btvbbb.exe106⤵
-
\??\c:\vtdxvjd.exec:\vtdxvjd.exe107⤵
-
\??\c:\lhdvrnb.exec:\lhdvrnb.exe108⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jthrr.exec:\jthrr.exe109⤵
-
\??\c:\tjdhpv.exec:\tjdhpv.exe110⤵
-
\??\c:\dnldp.exec:\dnldp.exe111⤵
-
\??\c:\pnbxvvt.exec:\pnbxvvt.exe112⤵
-
\??\c:\hfndj.exec:\hfndj.exe113⤵
-
\??\c:\bdnlp.exec:\bdnlp.exe114⤵
-
\??\c:\jrppnbr.exec:\jrppnbr.exe115⤵
-
\??\c:\ptnhxnr.exec:\ptnhxnr.exe116⤵
-
\??\c:\ptddljp.exec:\ptddljp.exe117⤵
-
\??\c:\hvpndd.exec:\hvpndd.exe118⤵
-
\??\c:\fxbtj.exec:\fxbtj.exe119⤵
-
\??\c:\blnpt.exec:\blnpt.exe120⤵
-
\??\c:\xndpffj.exec:\xndpffj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-