Analysis
-
max time kernel
120s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
26-12-2024 13:26
General
-
Target
0d48ff702ffb59321bb76741d6b48e0770925dfd07fff2d68f37427d9ef5906c.exe
-
Size
454KB
-
MD5
7c63140b443573a20d178d86a2245dd0
-
SHA1
ffae22655d5dc93fd3ac0a9ff8c5ee7ed58ea7c7
-
SHA256
0d48ff702ffb59321bb76741d6b48e0770925dfd07fff2d68f37427d9ef5906c
-
SHA512
a56556bfe785d562f31c35c71b4bf3bda55d7b7c549b35d6c1de6a4afcbac38569b92e0582977f5d4280d8783db31dfb8978af3b1c8be6db477647d6c7dcac51
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbek:q7Tc2NYHUrAwfMp3CDk
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 46 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 40 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0d48ff702ffb59321bb76741d6b48e0770925dfd07fff2d68f37427d9ef5906c.exe"C:\Users\Admin\AppData\Local\Temp\0d48ff702ffb59321bb76741d6b48e0770925dfd07fff2d68f37427d9ef5906c.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvdp.exec:\dvvdp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frllffl.exec:\frllffl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtbhh.exec:\nbtbhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlflxx.exec:\xxlflxx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvjv.exec:\jpvjv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvpp.exec:\vjvpp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bnbnt.exec:\1bnbnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfrfxf.exec:\llfrfxf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pjdv.exec:\1pjdv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxrlff.exec:\lrxrlff.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpv.exec:\jdvpv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbnbh.exec:\hhbnbh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrflfx.exec:\llrflfx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnbtb.exec:\ntnbtb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rfrlrx.exec:\1rfrlrx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflxffl.exec:\xflxffl.exe17⤵
- Executes dropped EXE
-
\??\c:\5thntb.exec:\5thntb.exe18⤵
- Executes dropped EXE
-
\??\c:\fxflrxf.exec:\fxflrxf.exe19⤵
- Executes dropped EXE
-
\??\c:\btbtnt.exec:\btbtnt.exe20⤵
- Executes dropped EXE
-
\??\c:\llrxrxl.exec:\llrxrxl.exe21⤵
- Executes dropped EXE
-
\??\c:\nhbnnt.exec:\nhbnnt.exe22⤵
- Executes dropped EXE
-
\??\c:\vjppv.exec:\vjppv.exe23⤵
- Executes dropped EXE
-
\??\c:\3nhnbh.exec:\3nhnbh.exe24⤵
- Executes dropped EXE
-
\??\c:\jdpjj.exec:\jdpjj.exe25⤵
- Executes dropped EXE
-
\??\c:\rfxxffx.exec:\rfxxffx.exe26⤵
- Executes dropped EXE
-
\??\c:\bbthtb.exec:\bbthtb.exe27⤵
- Executes dropped EXE
-
\??\c:\lflxllf.exec:\lflxllf.exe28⤵
- Executes dropped EXE
-
\??\c:\9bthtt.exec:\9bthtt.exe29⤵
- Executes dropped EXE
-
\??\c:\fxlxlrl.exec:\fxlxlrl.exe30⤵
- Executes dropped EXE
-
\??\c:\tbntnn.exec:\tbntnn.exe31⤵
- Executes dropped EXE
-
\??\c:\9vppp.exec:\9vppp.exe32⤵
- Executes dropped EXE
-
\??\c:\5xrxflx.exec:\5xrxflx.exe33⤵
- Executes dropped EXE
-
\??\c:\bnhhtb.exec:\bnhhtb.exe34⤵
- Executes dropped EXE
-
\??\c:\ddvjp.exec:\ddvjp.exe35⤵
- Executes dropped EXE
-
\??\c:\nbbnnb.exec:\nbbnnb.exe36⤵
- Executes dropped EXE
-
\??\c:\jvpjp.exec:\jvpjp.exe37⤵
- Executes dropped EXE
-
\??\c:\rfllfxl.exec:\rfllfxl.exe38⤵
- Executes dropped EXE
-
\??\c:\bbhnht.exec:\bbhnht.exe39⤵
- Executes dropped EXE
-
\??\c:\3hnnth.exec:\3hnnth.exe40⤵
- Executes dropped EXE
-
\??\c:\7ppvv.exec:\7ppvv.exe41⤵
- Executes dropped EXE
-
\??\c:\fxrlflx.exec:\fxrlflx.exe42⤵
- Executes dropped EXE
-
\??\c:\htbthn.exec:\htbthn.exe43⤵
- Executes dropped EXE
-
\??\c:\pvjdd.exec:\pvjdd.exe44⤵
- Executes dropped EXE
-
\??\c:\lxxrxlr.exec:\lxxrxlr.exe45⤵
- Executes dropped EXE
-
\??\c:\3nnhnt.exec:\3nnhnt.exe46⤵
- Executes dropped EXE
-
\??\c:\vvpjj.exec:\vvpjj.exe47⤵
- Executes dropped EXE
-
\??\c:\xrfflrx.exec:\xrfflrx.exe48⤵
- Executes dropped EXE
-
\??\c:\hbtbnn.exec:\hbtbnn.exe49⤵
- Executes dropped EXE
-
\??\c:\hbthnt.exec:\hbthnt.exe50⤵
- Executes dropped EXE
-
\??\c:\9djjv.exec:\9djjv.exe51⤵
- Executes dropped EXE
-
\??\c:\rlrfrxr.exec:\rlrfrxr.exe52⤵
- Executes dropped EXE
-
\??\c:\nhbhtt.exec:\nhbhtt.exe53⤵
- Executes dropped EXE
-
\??\c:\vvjvj.exec:\vvjvj.exe54⤵
- Executes dropped EXE
-
\??\c:\jdvjj.exec:\jdvjj.exe55⤵
- Executes dropped EXE
-
\??\c:\3rlxfxl.exec:\3rlxfxl.exe56⤵
- Executes dropped EXE
-
\??\c:\9nhtbn.exec:\9nhtbn.exe57⤵
- Executes dropped EXE
-
\??\c:\pdpvd.exec:\pdpvd.exe58⤵
- Executes dropped EXE
-
\??\c:\lllrflr.exec:\lllrflr.exe59⤵
- Executes dropped EXE
-
\??\c:\1rlrflx.exec:\1rlrflx.exe60⤵
- Executes dropped EXE
-
\??\c:\hbhbnt.exec:\hbhbnt.exe61⤵
- Executes dropped EXE
-
\??\c:\7pdjv.exec:\7pdjv.exe62⤵
- Executes dropped EXE
-
\??\c:\xxrlfrl.exec:\xxrlfrl.exe63⤵
- Executes dropped EXE
-
\??\c:\httbht.exec:\httbht.exe64⤵
- Executes dropped EXE
-
\??\c:\dvjdd.exec:\dvjdd.exe65⤵
- Executes dropped EXE
-
\??\c:\rlxfrfr.exec:\rlxfrfr.exe66⤵
-
\??\c:\tbbhbh.exec:\tbbhbh.exe67⤵
-
\??\c:\vpppd.exec:\vpppd.exe68⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rlxfrxl.exec:\rlxfrxl.exe69⤵
-
\??\c:\5nttht.exec:\5nttht.exe70⤵
-
\??\c:\3tbbhh.exec:\3tbbhh.exe71⤵
-
\??\c:\vpddj.exec:\vpddj.exe72⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe73⤵
-
\??\c:\fxrxflr.exec:\fxrxflr.exe74⤵
-
\??\c:\1ththn.exec:\1ththn.exe75⤵
-
\??\c:\tnhhnn.exec:\tnhhnn.exe76⤵
-
\??\c:\vvpjp.exec:\vvpjp.exe77⤵
-
\??\c:\fxrfflf.exec:\fxrfflf.exe78⤵
-
\??\c:\tbnntn.exec:\tbnntn.exe79⤵
-
\??\c:\pjjvj.exec:\pjjvj.exe80⤵
-
\??\c:\rfffllr.exec:\rfffllr.exe81⤵
-
\??\c:\nhtnbn.exec:\nhtnbn.exe82⤵
-
\??\c:\nnnhtt.exec:\nnnhtt.exe83⤵
-
\??\c:\ddjpj.exec:\ddjpj.exe84⤵
-
\??\c:\9lrffxx.exec:\9lrffxx.exe85⤵
-
\??\c:\hbntnt.exec:\hbntnt.exe86⤵
-
\??\c:\9vddv.exec:\9vddv.exe87⤵
-
\??\c:\9jvjj.exec:\9jvjj.exe88⤵
-
\??\c:\xllrlrx.exec:\xllrlrx.exe89⤵
-
\??\c:\bhbbth.exec:\bhbbth.exe90⤵
-
\??\c:\jvvjd.exec:\jvvjd.exe91⤵
-
\??\c:\fflfrll.exec:\fflfrll.exe92⤵
-
\??\c:\nhtnhh.exec:\nhtnhh.exe93⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe94⤵
-
\??\c:\pjdjj.exec:\pjdjj.exe95⤵
-
\??\c:\7xxfrfl.exec:\7xxfrfl.exe96⤵
-
\??\c:\5htbbb.exec:\5htbbb.exe97⤵
- System Location Discovery: System Language Discovery
-
\??\c:\dpdvd.exec:\dpdvd.exe98⤵
-
\??\c:\pddpd.exec:\pddpd.exe99⤵
-
\??\c:\1xlrrrf.exec:\1xlrrrf.exe100⤵
-
\??\c:\nnhbhh.exec:\nnhbhh.exe101⤵
-
\??\c:\vvpvv.exec:\vvpvv.exe102⤵
-
\??\c:\9pvvv.exec:\9pvvv.exe103⤵
-
\??\c:\ffrxrlf.exec:\ffrxrlf.exe104⤵
- System Location Discovery: System Language Discovery
-
\??\c:\9htntb.exec:\9htntb.exe105⤵
-
\??\c:\vdvvd.exec:\vdvvd.exe106⤵
-
\??\c:\xrxlrrf.exec:\xrxlrrf.exe107⤵
-
\??\c:\tbnbhn.exec:\tbnbhn.exe108⤵
-
\??\c:\7pddd.exec:\7pddd.exe109⤵
-
\??\c:\fxfrflx.exec:\fxfrflx.exe110⤵
-
\??\c:\tnbbhn.exec:\tnbbhn.exe111⤵
-
\??\c:\7jvpv.exec:\7jvpv.exe112⤵
-
\??\c:\lxxxfrr.exec:\lxxxfrr.exe113⤵
-
\??\c:\hbthtn.exec:\hbthtn.exe114⤵
-
\??\c:\9hhbnt.exec:\9hhbnt.exe115⤵
-
\??\c:\jdvdv.exec:\jdvdv.exe116⤵
-
\??\c:\rlfflll.exec:\rlfflll.exe117⤵
-
\??\c:\xxfrfxf.exec:\xxfrfxf.exe118⤵
-
\??\c:\ntnntt.exec:\ntnntt.exe119⤵
-
\??\c:\pdjpd.exec:\pdjpd.exe120⤵
-
\??\c:\xfllrff.exec:\xfllrff.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-