Analysis
-
max time kernel
150s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
26-12-2024 14:27
General
-
Target
7c01a20f70c987c2415a0cd0c73a90a014b38ee26ff78c30ee455d19f22cb0f5.exe
-
Size
454KB
-
MD5
7b0c9c367910c90454a69fb8b17421f5
-
SHA1
e7e20e03f5d4772b4e1859a787805f3ae49d9f13
-
SHA256
7c01a20f70c987c2415a0cd0c73a90a014b38ee26ff78c30ee455d19f22cb0f5
-
SHA512
7927fafebf36e08ec19eff9c3d723b1f5bee78bc90c7ea4f9a876a134eada76f66311e91f8f14ac79d2443e610a8c4934899ca70cb9671997178169a1dd6e200
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbe3:q7Tc2NYHUrAwfMp3CD3
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 37 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 49 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7c01a20f70c987c2415a0cd0c73a90a014b38ee26ff78c30ee455d19f22cb0f5.exe"C:\Users\Admin\AppData\Local\Temp\7c01a20f70c987c2415a0cd0c73a90a014b38ee26ff78c30ee455d19f22cb0f5.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dbvlp.exec:\dbvlp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xhnjt.exec:\xhnjt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rvndtfp.exec:\rvndtfp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlltf.exec:\xlltf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dntvxj.exec:\dntvxj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnvdvl.exec:\bnvdvl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lnnfbpp.exec:\lnnfbpp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xjflbpv.exec:\xjflbpv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbjjnnf.exec:\hbjjnnf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bvtdblh.exec:\bvtdblh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jlndfp.exec:\jlndfp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bdffdj.exec:\bdffdj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdhrvv.exec:\vdhrvv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lvxfl.exec:\lvxfl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dbbllpj.exec:\dbbllpj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jtjvf.exec:\jtjvf.exe17⤵
- Executes dropped EXE
-
\??\c:\bdxvnjl.exec:\bdxvnjl.exe18⤵
- Executes dropped EXE
-
\??\c:\nrbnp.exec:\nrbnp.exe19⤵
- Executes dropped EXE
-
\??\c:\vxbvpv.exec:\vxbvpv.exe20⤵
- Executes dropped EXE
-
\??\c:\brrjvv.exec:\brrjvv.exe21⤵
- Executes dropped EXE
-
\??\c:\lttnvd.exec:\lttnvd.exe22⤵
- Executes dropped EXE
-
\??\c:\jnndnlh.exec:\jnndnlh.exe23⤵
- Executes dropped EXE
-
\??\c:\brrtv.exec:\brrtv.exe24⤵
- Executes dropped EXE
-
\??\c:\fhvllnl.exec:\fhvllnl.exe25⤵
- Executes dropped EXE
-
\??\c:\lvtxdvt.exec:\lvtxdvt.exe26⤵
- Executes dropped EXE
-
\??\c:\plldvbn.exec:\plldvbn.exe27⤵
- Executes dropped EXE
-
\??\c:\bjrfxf.exec:\bjrfxf.exe28⤵
- Executes dropped EXE
-
\??\c:\ljlvxxb.exec:\ljlvxxb.exe29⤵
- Executes dropped EXE
-
\??\c:\bdvpb.exec:\bdvpb.exe30⤵
- Executes dropped EXE
-
\??\c:\lfxln.exec:\lfxln.exe31⤵
- Executes dropped EXE
-
\??\c:\bdrdpl.exec:\bdrdpl.exe32⤵
- Executes dropped EXE
-
\??\c:\vfjvnhr.exec:\vfjvnhr.exe33⤵
- Executes dropped EXE
-
\??\c:\fbhjp.exec:\fbhjp.exe34⤵
- Executes dropped EXE
-
\??\c:\xvtxnn.exec:\xvtxnn.exe35⤵
- Executes dropped EXE
-
\??\c:\tdvbn.exec:\tdvbn.exe36⤵
- Executes dropped EXE
-
\??\c:\pxtvjf.exec:\pxtvjf.exe37⤵
- Executes dropped EXE
-
\??\c:\fdjpxdn.exec:\fdjpxdn.exe38⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\htfvntb.exec:\htfvntb.exe39⤵
- Executes dropped EXE
-
\??\c:\ppvvpph.exec:\ppvvpph.exe40⤵
- Executes dropped EXE
-
\??\c:\nnvfphd.exec:\nnvfphd.exe41⤵
- Executes dropped EXE
-
\??\c:\plxrrr.exec:\plxrrr.exe42⤵
- Executes dropped EXE
-
\??\c:\bdnjlnd.exec:\bdnjlnd.exe43⤵
- Executes dropped EXE
-
\??\c:\lxhhn.exec:\lxhhn.exe44⤵
- Executes dropped EXE
-
\??\c:\dxlnvl.exec:\dxlnvl.exe45⤵
- Executes dropped EXE
-
\??\c:\jxrnhvr.exec:\jxrnhvr.exe46⤵
- Executes dropped EXE
-
\??\c:\jvhtfbj.exec:\jvhtfbj.exe47⤵
- Executes dropped EXE
-
\??\c:\jrxrnv.exec:\jrxrnv.exe48⤵
- Executes dropped EXE
-
\??\c:\lbnblb.exec:\lbnblb.exe49⤵
- Executes dropped EXE
-
\??\c:\lbltrhn.exec:\lbltrhn.exe50⤵
- Executes dropped EXE
-
\??\c:\vxpthx.exec:\vxpthx.exe51⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\htvtfhh.exec:\htvtfhh.exe52⤵
- Executes dropped EXE
-
\??\c:\bhnhvdf.exec:\bhnhvdf.exe53⤵
- Executes dropped EXE
-
\??\c:\vjlnvp.exec:\vjlnvp.exe54⤵
- Executes dropped EXE
-
\??\c:\fhdtpt.exec:\fhdtpt.exe55⤵
- Executes dropped EXE
-
\??\c:\hnrbnht.exec:\hnrbnht.exe56⤵
- Executes dropped EXE
-
\??\c:\jjrbflb.exec:\jjrbflb.exe57⤵
- Executes dropped EXE
-
\??\c:\nlxxbv.exec:\nlxxbv.exe58⤵
- Executes dropped EXE
-
\??\c:\bxvdhl.exec:\bxvdhl.exe59⤵
- Executes dropped EXE
-
\??\c:\nrvndx.exec:\nrvndx.exe60⤵
- Executes dropped EXE
-
\??\c:\bjnhbnp.exec:\bjnhbnp.exe61⤵
- Executes dropped EXE
-
\??\c:\xbjbfx.exec:\xbjbfx.exe62⤵
- Executes dropped EXE
-
\??\c:\rpthpj.exec:\rpthpj.exe63⤵
- Executes dropped EXE
-
\??\c:\tfltbl.exec:\tfltbl.exe64⤵
- Executes dropped EXE
-
\??\c:\nfnfnpd.exec:\nfnfnpd.exe65⤵
- Executes dropped EXE
-
\??\c:\djrxnpv.exec:\djrxnpv.exe66⤵
-
\??\c:\vffntn.exec:\vffntn.exe67⤵
-
\??\c:\ljpdbd.exec:\ljpdbd.exe68⤵
-
\??\c:\hblxjjr.exec:\hblxjjr.exe69⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jfnxdbv.exec:\jfnxdbv.exe70⤵
-
\??\c:\lvddj.exec:\lvddj.exe71⤵
-
\??\c:\htdfbt.exec:\htdfbt.exe72⤵
-
\??\c:\ldrff.exec:\ldrff.exe73⤵
-
\??\c:\jfjvjn.exec:\jfjvjn.exe74⤵
-
\??\c:\hxxtxvh.exec:\hxxtxvh.exe75⤵
-
\??\c:\pxtdxn.exec:\pxtdxn.exe76⤵
-
\??\c:\xpfrbp.exec:\xpfrbp.exe77⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pbrdpd.exec:\pbrdpd.exe78⤵
-
\??\c:\bvphxhb.exec:\bvphxhb.exe79⤵
-
\??\c:\rvhvtd.exec:\rvhvtd.exe80⤵
- System Location Discovery: System Language Discovery
-
\??\c:\fjnfll.exec:\fjnfll.exe81⤵
-
\??\c:\nflpnnp.exec:\nflpnnp.exe82⤵
-
\??\c:\pdphdvd.exec:\pdphdvd.exe83⤵
-
\??\c:\hbdxxv.exec:\hbdxxv.exe84⤵
-
\??\c:\njjrvl.exec:\njjrvl.exe85⤵
-
\??\c:\brbxxb.exec:\brbxxb.exe86⤵
-
\??\c:\fnjrrtj.exec:\fnjrrtj.exe87⤵
-
\??\c:\thlrrpp.exec:\thlrrpp.exe88⤵
-
\??\c:\hjpdnfr.exec:\hjpdnfr.exe89⤵
-
\??\c:\dbnxlt.exec:\dbnxlt.exe90⤵
-
\??\c:\vdtfbfp.exec:\vdtfbfp.exe91⤵
-
\??\c:\xrrvhhb.exec:\xrrvhhb.exe92⤵
-
\??\c:\brfdvpr.exec:\brfdvpr.exe93⤵
-
\??\c:\ljpbdlj.exec:\ljpbdlj.exe94⤵
-
\??\c:\lnjfvjl.exec:\lnjfvjl.exe95⤵
-
\??\c:\xxrdv.exec:\xxrdv.exe96⤵
-
\??\c:\jpjrr.exec:\jpjrr.exe97⤵
-
\??\c:\rhlfv.exec:\rhlfv.exe98⤵
-
\??\c:\tnxhr.exec:\tnxhr.exe99⤵
-
\??\c:\tbtjhx.exec:\tbtjhx.exe100⤵
-
\??\c:\hdlrl.exec:\hdlrl.exe101⤵
-
\??\c:\tnxhj.exec:\tnxhj.exe102⤵
-
\??\c:\ltrxtlj.exec:\ltrxtlj.exe103⤵
-
\??\c:\fljbjb.exec:\fljbjb.exe104⤵
-
\??\c:\xxlfn.exec:\xxlfn.exe105⤵
-
\??\c:\ppxpbbp.exec:\ppxpbbp.exe106⤵
-
\??\c:\tphrv.exec:\tphrv.exe107⤵
-
\??\c:\vxllvjn.exec:\vxllvjn.exe108⤵
-
\??\c:\ntbfn.exec:\ntbfn.exe109⤵
-
\??\c:\nttxdf.exec:\nttxdf.exe110⤵
-
\??\c:\dpjhrh.exec:\dpjhrh.exe111⤵
-
\??\c:\lvbtd.exec:\lvbtd.exe112⤵
- System Location Discovery: System Language Discovery
-
\??\c:\nbfbb.exec:\nbfbb.exe113⤵
-
\??\c:\lnfxvnj.exec:\lnfxvnj.exe114⤵
-
\??\c:\trjfnd.exec:\trjfnd.exe115⤵
-
\??\c:\rdpvn.exec:\rdpvn.exe116⤵
-
\??\c:\bvvfnx.exec:\bvvfnx.exe117⤵
-
\??\c:\lpllplx.exec:\lpllplx.exe118⤵
-
\??\c:\tlptnjb.exec:\tlptnjb.exe119⤵
-
\??\c:\nxrjb.exec:\nxrjb.exe120⤵
-
\??\c:\ftptr.exec:\ftptr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-