Analysis
-
max time kernel
120s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
26-12-2024 15:14
General
-
Target
9219a3239c6e5b34498a33c730b0dd03e441996b5ea6a1644a786b9ddedff059N.exe
-
Size
456KB
-
MD5
8fb5f6692d9909919dd6780b65403a80
-
SHA1
092d88cb7ee8861a46cace994165119633414b9d
-
SHA256
9219a3239c6e5b34498a33c730b0dd03e441996b5ea6a1644a786b9ddedff059
-
SHA512
4b3ea023b38f100010404b77c2518ba7a21d4f881b505fa08daf2b965adcbcfef7927b82fc641715eeefbc5f18e570ccff85711995125c630835351fd6aa5a1e
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeRe:q7Tc2NYHUrAwfMp3CDRe
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 40 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 45 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9219a3239c6e5b34498a33c730b0dd03e441996b5ea6a1644a786b9ddedff059N.exe"C:\Users\Admin\AppData\Local\Temp\9219a3239c6e5b34498a33c730b0dd03e441996b5ea6a1644a786b9ddedff059N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9nnbbb.exec:\9nnbbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvpd.exec:\pdvpd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hbbhn.exec:\1hbbhn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrffrrf.exec:\rrffrrf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbbhh.exec:\nnbbhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jvvv.exec:\3jvvv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bbhtt.exec:\3bbhtt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvdj.exec:\ddvdj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lfxxxf.exec:\3lfxxxf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tnthn.exec:\7tnthn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxfllx.exec:\ffxfllx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthhhn.exec:\nthhhn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rlrxfr.exec:\3rlrxfr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnnnn.exec:\btnnnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdpv.exec:\pjdpv.exe16⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\xrflrrx.exec:\xrflrrx.exe17⤵
- Executes dropped EXE
-
\??\c:\dvjjv.exec:\dvjjv.exe18⤵
- Executes dropped EXE
-
\??\c:\5ffxlrx.exec:\5ffxlrx.exe19⤵
- Executes dropped EXE
-
\??\c:\bttthn.exec:\bttthn.exe20⤵
- Executes dropped EXE
-
\??\c:\5vjdj.exec:\5vjdj.exe21⤵
- Executes dropped EXE
-
\??\c:\5rlxflf.exec:\5rlxflf.exe22⤵
- Executes dropped EXE
-
\??\c:\1tttbh.exec:\1tttbh.exe23⤵
- Executes dropped EXE
-
\??\c:\rlllrxl.exec:\rlllrxl.exe24⤵
- Executes dropped EXE
-
\??\c:\lfxfllx.exec:\lfxfllx.exe25⤵
- Executes dropped EXE
-
\??\c:\dvppv.exec:\dvppv.exe26⤵
- Executes dropped EXE
-
\??\c:\rlrfrxl.exec:\rlrfrxl.exe27⤵
- Executes dropped EXE
-
\??\c:\3vjvd.exec:\3vjvd.exe28⤵
- Executes dropped EXE
-
\??\c:\lllrfxl.exec:\lllrfxl.exe29⤵
- Executes dropped EXE
-
\??\c:\1thnnt.exec:\1thnnt.exe30⤵
- Executes dropped EXE
-
\??\c:\dvppv.exec:\dvppv.exe31⤵
- Executes dropped EXE
-
\??\c:\5nhbnt.exec:\5nhbnt.exe32⤵
- Executes dropped EXE
-
\??\c:\1vjdj.exec:\1vjdj.exe33⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\fxlllrl.exec:\fxlllrl.exe34⤵
- Executes dropped EXE
-
\??\c:\tnhhnt.exec:\tnhhnt.exe35⤵
- Executes dropped EXE
-
\??\c:\dvvvj.exec:\dvvvj.exe36⤵
- Executes dropped EXE
-
\??\c:\jdvdp.exec:\jdvdp.exe37⤵
- Executes dropped EXE
-
\??\c:\lffrrrx.exec:\lffrrrx.exe38⤵
- Executes dropped EXE
-
\??\c:\bbtbhh.exec:\bbtbhh.exe39⤵
- Executes dropped EXE
-
\??\c:\pjjdj.exec:\pjjdj.exe40⤵
- Executes dropped EXE
-
\??\c:\rfxfrxl.exec:\rfxfrxl.exe41⤵
- Executes dropped EXE
-
\??\c:\bbtbnn.exec:\bbtbnn.exe42⤵
- Executes dropped EXE
-
\??\c:\jvjdj.exec:\jvjdj.exe43⤵
- Executes dropped EXE
-
\??\c:\9rllrxf.exec:\9rllrxf.exe44⤵
- Executes dropped EXE
-
\??\c:\9fxxlrf.exec:\9fxxlrf.exe45⤵
- Executes dropped EXE
-
\??\c:\nhbnhh.exec:\nhbnhh.exe46⤵
- Executes dropped EXE
-
\??\c:\5dvdj.exec:\5dvdj.exe47⤵
- Executes dropped EXE
-
\??\c:\lrrfxlx.exec:\lrrfxlx.exe48⤵
- Executes dropped EXE
-
\??\c:\5frrflx.exec:\5frrflx.exe49⤵
- Executes dropped EXE
-
\??\c:\htnbhh.exec:\htnbhh.exe50⤵
- Executes dropped EXE
-
\??\c:\dvvpd.exec:\dvvpd.exe51⤵
- Executes dropped EXE
-
\??\c:\xfffxfx.exec:\xfffxfx.exe52⤵
- Executes dropped EXE
-
\??\c:\1xrlllr.exec:\1xrlllr.exe53⤵
- Executes dropped EXE
-
\??\c:\hbtbnn.exec:\hbtbnn.exe54⤵
- Executes dropped EXE
-
\??\c:\vpdpp.exec:\vpdpp.exe55⤵
- Executes dropped EXE
-
\??\c:\llfrflx.exec:\llfrflx.exe56⤵
- Executes dropped EXE
-
\??\c:\bnbbhn.exec:\bnbbhn.exe57⤵
- Executes dropped EXE
-
\??\c:\dvjpv.exec:\dvjpv.exe58⤵
- Executes dropped EXE
-
\??\c:\llfflrx.exec:\llfflrx.exe59⤵
- Executes dropped EXE
-
\??\c:\7rfflrf.exec:\7rfflrf.exe60⤵
- Executes dropped EXE
-
\??\c:\hbhtbt.exec:\hbhtbt.exe61⤵
- Executes dropped EXE
-
\??\c:\pjjjp.exec:\pjjjp.exe62⤵
- Executes dropped EXE
-
\??\c:\3xrxffr.exec:\3xrxffr.exe63⤵
- Executes dropped EXE
-
\??\c:\thhbht.exec:\thhbht.exe64⤵
- Executes dropped EXE
-
\??\c:\pjvjd.exec:\pjvjd.exe65⤵
- Executes dropped EXE
-
\??\c:\vjvpp.exec:\vjvpp.exe66⤵
-
\??\c:\rxxxrrf.exec:\rxxxrrf.exe67⤵
-
\??\c:\bnnnhb.exec:\bnnnhb.exe68⤵
-
\??\c:\dvddd.exec:\dvddd.exe69⤵
-
\??\c:\frfrrrx.exec:\frfrrrx.exe70⤵
-
\??\c:\nbnnnb.exec:\nbnnnb.exe71⤵
-
\??\c:\hbbtbt.exec:\hbbtbt.exe72⤵
-
\??\c:\pppjj.exec:\pppjj.exe73⤵
-
\??\c:\xlfllfx.exec:\xlfllfx.exe74⤵
-
\??\c:\rlrrxxf.exec:\rlrrxxf.exe75⤵
-
\??\c:\3hbbhh.exec:\3hbbhh.exe76⤵
-
\??\c:\7dpjj.exec:\7dpjj.exe77⤵
-
\??\c:\lxlffxr.exec:\lxlffxr.exe78⤵
-
\??\c:\bhnbbt.exec:\bhnbbt.exe79⤵
-
\??\c:\hbnttt.exec:\hbnttt.exe80⤵
-
\??\c:\1pjpj.exec:\1pjpj.exe81⤵
-
\??\c:\flrxlrx.exec:\flrxlrx.exe82⤵
-
\??\c:\nbnhhb.exec:\nbnhhb.exe83⤵
-
\??\c:\jjdjd.exec:\jjdjd.exe84⤵
-
\??\c:\ppvpp.exec:\ppvpp.exe85⤵
-
\??\c:\3xfxrlr.exec:\3xfxrlr.exe86⤵
-
\??\c:\nbttnh.exec:\nbttnh.exe87⤵
-
\??\c:\bnbtth.exec:\bnbtth.exe88⤵
-
\??\c:\vjjpv.exec:\vjjpv.exe89⤵
-
\??\c:\rffrlfx.exec:\rffrlfx.exe90⤵
-
\??\c:\xflflxr.exec:\xflflxr.exe91⤵
-
\??\c:\nhtnnn.exec:\nhtnnn.exe92⤵
-
\??\c:\nthhth.exec:\nthhth.exe93⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe94⤵
-
\??\c:\rfrxffl.exec:\rfrxffl.exe95⤵
-
\??\c:\bbthnh.exec:\bbthnh.exe96⤵
-
\??\c:\thbnnn.exec:\thbnnn.exe97⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe98⤵
-
\??\c:\rffxrll.exec:\rffxrll.exe99⤵
-
\??\c:\hhnbnn.exec:\hhnbnn.exe100⤵
-
\??\c:\bnbttt.exec:\bnbttt.exe101⤵
-
\??\c:\vdvdp.exec:\vdvdp.exe102⤵
-
\??\c:\fflrfxx.exec:\fflrfxx.exe103⤵
-
\??\c:\lflfrlx.exec:\lflfrlx.exe104⤵
-
\??\c:\7bnnbt.exec:\7bnnbt.exe105⤵
-
\??\c:\pvjvp.exec:\pvjvp.exe106⤵
-
\??\c:\lxlffxx.exec:\lxlffxx.exe107⤵
-
\??\c:\rflffxf.exec:\rflffxf.exe108⤵
-
\??\c:\3hnntb.exec:\3hnntb.exe109⤵
-
\??\c:\9ddvv.exec:\9ddvv.exe110⤵
-
\??\c:\9vdpp.exec:\9vdpp.exe111⤵
-
\??\c:\rlrxrll.exec:\rlrxrll.exe112⤵
-
\??\c:\5hhbtt.exec:\5hhbtt.exe113⤵
-
\??\c:\hbtbbt.exec:\hbtbbt.exe114⤵
-
\??\c:\vdpdd.exec:\vdpdd.exe115⤵
-
\??\c:\3xfxrrr.exec:\3xfxrrr.exe116⤵
-
\??\c:\rfrllfr.exec:\rfrllfr.exe117⤵
-
\??\c:\ttbbnn.exec:\ttbbnn.exe118⤵
-
\??\c:\3htntn.exec:\3htntn.exe119⤵
-
\??\c:\7jdjv.exec:\7jdjv.exe120⤵
-
\??\c:\xrflrxf.exec:\xrflrxf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-