Analysis
-
max time kernel
120s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
26-12-2024 12:15
General
-
Target
43b11c1aed3239751598eb1d50118576067accec4b0197a338b3205449cb6a1f.exe
-
Size
456KB
-
MD5
064a819bed9a53bf2ee7eff80c79efa0
-
SHA1
77224ff128faa864bedb73de7561ed3c3e32ea4a
-
SHA256
43b11c1aed3239751598eb1d50118576067accec4b0197a338b3205449cb6a1f
-
SHA512
48f4c654f51396ad6d07eae2b92fa40e12d891eaebcff08616bd057adaf84a714ab3d7d5d3495d2e12ad0ddede7789f7141273cc6f649f3e42e5ed0cbc7551ac
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeRo:q7Tc2NYHUrAwfMp3CDRo
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 41 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 47 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\43b11c1aed3239751598eb1d50118576067accec4b0197a338b3205449cb6a1f.exe"C:\Users\Admin\AppData\Local\Temp\43b11c1aed3239751598eb1d50118576067accec4b0197a338b3205449cb6a1f.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xfpdv.exec:\xfpdv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rdhnxf.exec:\rdhnxf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjxtn.exec:\pjxtn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bfxnfvd.exec:\bfxnfvd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rprnxn.exec:\rprnxn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hpfpn.exec:\hpfpn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ndxnl.exec:\ndxnl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dltdtl.exec:\dltdtl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hxpvt.exec:\hxpvt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ltbvff.exec:\ltbvff.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\prffpnj.exec:\prffpnj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffnlnh.exec:\fffnlnh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dbbfnn.exec:\dbbfnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lndrxpl.exec:\lndrxpl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pnxbjdl.exec:\pnxbjdl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hlbbfnp.exec:\hlbbfnp.exe17⤵
- Executes dropped EXE
-
\??\c:\xfpld.exec:\xfpld.exe18⤵
- Executes dropped EXE
-
\??\c:\xrlpbtd.exec:\xrlpbtd.exe19⤵
- Executes dropped EXE
-
\??\c:\bfdrpl.exec:\bfdrpl.exe20⤵
- Executes dropped EXE
-
\??\c:\ptftxp.exec:\ptftxp.exe21⤵
- Executes dropped EXE
-
\??\c:\dvjdbf.exec:\dvjdbf.exe22⤵
- Executes dropped EXE
-
\??\c:\pbppb.exec:\pbppb.exe23⤵
- Executes dropped EXE
-
\??\c:\vrjrn.exec:\vrjrn.exe24⤵
- Executes dropped EXE
-
\??\c:\ppptn.exec:\ppptn.exe25⤵
- Executes dropped EXE
-
\??\c:\dnvnhl.exec:\dnvnhl.exe26⤵
- Executes dropped EXE
-
\??\c:\fltxl.exec:\fltxl.exe27⤵
- Executes dropped EXE
-
\??\c:\ppttrvh.exec:\ppttrvh.exe28⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\jrtph.exec:\jrtph.exe29⤵
- Executes dropped EXE
-
\??\c:\jjjjln.exec:\jjjjln.exe30⤵
- Executes dropped EXE
-
\??\c:\nhbllfp.exec:\nhbllfp.exe31⤵
- Executes dropped EXE
-
\??\c:\lvjrdx.exec:\lvjrdx.exe32⤵
- Executes dropped EXE
-
\??\c:\jjdhpb.exec:\jjdhpb.exe33⤵
- Executes dropped EXE
-
\??\c:\pldxfr.exec:\pldxfr.exe34⤵
- Executes dropped EXE
-
\??\c:\vjfhr.exec:\vjfhr.exe35⤵
- Executes dropped EXE
-
\??\c:\jnvrdl.exec:\jnvrdl.exe36⤵
- Executes dropped EXE
-
\??\c:\xrjxfp.exec:\xrjxfp.exe37⤵
- Executes dropped EXE
-
\??\c:\rpxhv.exec:\rpxhv.exe38⤵
- Executes dropped EXE
-
\??\c:\fhfvj.exec:\fhfvj.exe39⤵
- Executes dropped EXE
-
\??\c:\vbnrr.exec:\vbnrr.exe40⤵
- Executes dropped EXE
-
\??\c:\dddthp.exec:\dddthp.exe41⤵
- Executes dropped EXE
-
\??\c:\xnndb.exec:\xnndb.exe42⤵
- Executes dropped EXE
-
\??\c:\fjbvnll.exec:\fjbvnll.exe43⤵
- Executes dropped EXE
-
\??\c:\dbbdbnt.exec:\dbbdbnt.exe44⤵
- Executes dropped EXE
-
\??\c:\bxrrp.exec:\bxrrp.exe45⤵
- Executes dropped EXE
-
\??\c:\xrlhtbb.exec:\xrlhtbb.exe46⤵
- Executes dropped EXE
-
\??\c:\xjnhdvh.exec:\xjnhdvh.exe47⤵
- Executes dropped EXE
-
\??\c:\pdjtpb.exec:\pdjtpb.exe48⤵
- Executes dropped EXE
-
\??\c:\vtvjl.exec:\vtvjl.exe49⤵
- Executes dropped EXE
-
\??\c:\pjldnv.exec:\pjldnv.exe50⤵
- Executes dropped EXE
-
\??\c:\ftxjlt.exec:\ftxjlt.exe51⤵
- Executes dropped EXE
-
\??\c:\frpprjh.exec:\frpprjh.exe52⤵
- Executes dropped EXE
-
\??\c:\vrnjpt.exec:\vrnjpt.exe53⤵
- Executes dropped EXE
-
\??\c:\rpfjt.exec:\rpfjt.exe54⤵
- Executes dropped EXE
-
\??\c:\tdjllpl.exec:\tdjllpl.exe55⤵
- Executes dropped EXE
-
\??\c:\nlxtph.exec:\nlxtph.exe56⤵
- Executes dropped EXE
-
\??\c:\tfvtndj.exec:\tfvtndj.exe57⤵
- Executes dropped EXE
-
\??\c:\lnndrx.exec:\lnndrx.exe58⤵
- Executes dropped EXE
-
\??\c:\rdvbxd.exec:\rdvbxd.exe59⤵
- Executes dropped EXE
-
\??\c:\npjdtb.exec:\npjdtb.exe60⤵
- Executes dropped EXE
-
\??\c:\phptld.exec:\phptld.exe61⤵
- Executes dropped EXE
-
\??\c:\lrfbtnj.exec:\lrfbtnj.exe62⤵
- Executes dropped EXE
-
\??\c:\hdrbr.exec:\hdrbr.exe63⤵
- Executes dropped EXE
-
\??\c:\hvbrd.exec:\hvbrd.exe64⤵
- Executes dropped EXE
-
\??\c:\jdbjvdt.exec:\jdbjvdt.exe65⤵
- Executes dropped EXE
-
\??\c:\ptrxhp.exec:\ptrxhp.exe66⤵
-
\??\c:\rldffd.exec:\rldffd.exe67⤵
- System Location Discovery: System Language Discovery
-
\??\c:\tdnrphf.exec:\tdnrphf.exe68⤵
-
\??\c:\hvjvrdj.exec:\hvjvrdj.exe69⤵
-
\??\c:\nxvvftv.exec:\nxvvftv.exe70⤵
-
\??\c:\bttdj.exec:\bttdj.exe71⤵
-
\??\c:\bbxtxrd.exec:\bbxtxrd.exe72⤵
-
\??\c:\jhvxlbf.exec:\jhvxlbf.exe73⤵
-
\??\c:\njnvl.exec:\njnvl.exe74⤵
-
\??\c:\pppjxdn.exec:\pppjxdn.exe75⤵
-
\??\c:\hrvfrtd.exec:\hrvfrtd.exe76⤵
-
\??\c:\vfnrlp.exec:\vfnrlp.exe77⤵
-
\??\c:\hhnltbl.exec:\hhnltbl.exe78⤵
-
\??\c:\vlptxfp.exec:\vlptxfp.exe79⤵
-
\??\c:\pdlbdft.exec:\pdlbdft.exe80⤵
-
\??\c:\bjhlxd.exec:\bjhlxd.exe81⤵
-
\??\c:\dphntb.exec:\dphntb.exe82⤵
-
\??\c:\xpbfljd.exec:\xpbfljd.exe83⤵
-
\??\c:\vvxdhhb.exec:\vvxdhhb.exe84⤵
-
\??\c:\hhbbvh.exec:\hhbbvh.exe85⤵
-
\??\c:\ldtttpb.exec:\ldtttpb.exe86⤵
-
\??\c:\ndvvxfj.exec:\ndvvxfj.exe87⤵
-
\??\c:\xxntxd.exec:\xxntxd.exe88⤵
-
\??\c:\xfjnn.exec:\xfjnn.exe89⤵
-
\??\c:\hptlfjn.exec:\hptlfjn.exe90⤵
-
\??\c:\vffxx.exec:\vffxx.exe91⤵
-
\??\c:\xjfvv.exec:\xjfvv.exe92⤵
-
\??\c:\tvhvl.exec:\tvhvl.exe93⤵
-
\??\c:\rnltpn.exec:\rnltpn.exe94⤵
-
\??\c:\vbvdjl.exec:\vbvdjl.exe95⤵
-
\??\c:\jdvbtfb.exec:\jdvbtfb.exe96⤵
-
\??\c:\lxflrf.exec:\lxflrf.exe97⤵
-
\??\c:\thppbpd.exec:\thppbpd.exe98⤵
-
\??\c:\bbthxhn.exec:\bbthxhn.exe99⤵
-
\??\c:\brnrnj.exec:\brnrnj.exe100⤵
-
\??\c:\tfthj.exec:\tfthj.exe101⤵
-
\??\c:\bjbjbfl.exec:\bjbjbfl.exe102⤵
-
\??\c:\vnbprp.exec:\vnbprp.exe103⤵
-
\??\c:\nhllfp.exec:\nhllfp.exe104⤵
-
\??\c:\jlnpt.exec:\jlnpt.exe105⤵
-
\??\c:\ppthpp.exec:\ppthpp.exe106⤵
-
\??\c:\brxfh.exec:\brxfh.exe107⤵
-
\??\c:\dhhpndj.exec:\dhhpndj.exe108⤵
-
\??\c:\ldxvrdb.exec:\ldxvrdb.exe109⤵
-
\??\c:\tdfvbdv.exec:\tdfvbdv.exe110⤵
-
\??\c:\tvnhd.exec:\tvnhd.exe111⤵
-
\??\c:\dplbv.exec:\dplbv.exe112⤵
-
\??\c:\rjtnld.exec:\rjtnld.exe113⤵
-
\??\c:\fdddx.exec:\fdddx.exe114⤵
- System Location Discovery: System Language Discovery
-
\??\c:\trrvl.exec:\trrvl.exe115⤵
-
\??\c:\ppxtp.exec:\ppxtp.exe116⤵
-
\??\c:\jvxlf.exec:\jvxlf.exe117⤵
-
\??\c:\rpldfdx.exec:\rpldfdx.exe118⤵
-
\??\c:\tvldjx.exec:\tvldjx.exe119⤵
-
\??\c:\pdnlvxn.exec:\pdnlvxn.exe120⤵
-
\??\c:\ttfvvp.exec:\ttfvvp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-