Analysis
-
max time kernel
120s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
26-12-2024 19:24
General
-
Target
95c8e539630b8edf258114fb57c4241a9ae8a9e1d3c03bf2c3f8c1f5efaf32a2N.exe
-
Size
454KB
-
MD5
59859c3a14a2f2ce896f7a287b277c50
-
SHA1
f993b0eba18aafcf985843d285935f8c84682fe0
-
SHA256
95c8e539630b8edf258114fb57c4241a9ae8a9e1d3c03bf2c3f8c1f5efaf32a2
-
SHA512
6113c5ec2dde22e30dcfd9fbdd7d66ec7ea4f1e7753f809f3e6b6d076b2745f244b5cfe63d48e5f8ce46491c9d0f7befdb25e26e20c2c8bd98902e3ba55f68e1
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeT8:q7Tc2NYHUrAwfMp3CDo
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 39 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 47 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\95c8e539630b8edf258114fb57c4241a9ae8a9e1d3c03bf2c3f8c1f5efaf32a2N.exe"C:\Users\Admin\AppData\Local\Temp\95c8e539630b8edf258114fb57c4241a9ae8a9e1d3c03bf2c3f8c1f5efaf32a2N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hbfvr.exec:\hbfvr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xdrvb.exec:\xdrvb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xtndr.exec:\xtndr.exe4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\vfdrpvd.exec:\vfdrpvd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llvffl.exec:\llvffl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xnrll.exec:\xnrll.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tlvdvhx.exec:\tlvdvhx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rpxptbj.exec:\rpxptbj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xtrdp.exec:\xtrdp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flbbh.exec:\flbbh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvrbxrx.exec:\jvrbxrx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rvvthxv.exec:\rvvthxv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fnhxd.exec:\fnhxd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fnpvd.exec:\fnpvd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfblfl.exec:\xfblfl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ljbbfn.exec:\ljbbfn.exe17⤵
- Executes dropped EXE
-
\??\c:\vjfntt.exec:\vjfntt.exe18⤵
- Executes dropped EXE
-
\??\c:\tvrxf.exec:\tvrxf.exe19⤵
- Executes dropped EXE
-
\??\c:\lrtvj.exec:\lrtvj.exe20⤵
- Executes dropped EXE
-
\??\c:\xdjbx.exec:\xdjbx.exe21⤵
- Executes dropped EXE
-
\??\c:\hfdlvb.exec:\hfdlvb.exe22⤵
- Executes dropped EXE
-
\??\c:\jbfvfll.exec:\jbfvfll.exe23⤵
- Executes dropped EXE
-
\??\c:\jxlftd.exec:\jxlftd.exe24⤵
- Executes dropped EXE
-
\??\c:\hvrpf.exec:\hvrpf.exe25⤵
- Executes dropped EXE
-
\??\c:\pnrvnfx.exec:\pnrvnfx.exe26⤵
- Executes dropped EXE
-
\??\c:\bnlvhp.exec:\bnlvhp.exe27⤵
- Executes dropped EXE
-
\??\c:\njjpjl.exec:\njjpjl.exe28⤵
- Executes dropped EXE
-
\??\c:\jdpxd.exec:\jdpxd.exe29⤵
- Executes dropped EXE
-
\??\c:\xltlt.exec:\xltlt.exe30⤵
- Executes dropped EXE
-
\??\c:\hnbjt.exec:\hnbjt.exe31⤵
- Executes dropped EXE
-
\??\c:\pvtlfvf.exec:\pvtlfvf.exe32⤵
- Executes dropped EXE
-
\??\c:\lpddp.exec:\lpddp.exe33⤵
- Executes dropped EXE
-
\??\c:\tlhlhv.exec:\tlhlhv.exe34⤵
- Executes dropped EXE
-
\??\c:\nndjffj.exec:\nndjffj.exe35⤵
- Executes dropped EXE
-
\??\c:\nrntlxj.exec:\nrntlxj.exe36⤵
- Executes dropped EXE
-
\??\c:\nhrhnxx.exec:\nhrhnxx.exe37⤵
- Executes dropped EXE
-
\??\c:\pdlfpf.exec:\pdlfpf.exe38⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\pxdljjl.exec:\pxdljjl.exe39⤵
- Executes dropped EXE
-
\??\c:\dljxfp.exec:\dljxfp.exe40⤵
- Executes dropped EXE
-
\??\c:\ltvvldd.exec:\ltvvldd.exe41⤵
- Executes dropped EXE
-
\??\c:\hxltpp.exec:\hxltpp.exe42⤵
- Executes dropped EXE
-
\??\c:\fvpdn.exec:\fvpdn.exe43⤵
- Executes dropped EXE
-
\??\c:\xxnjj.exec:\xxnjj.exe44⤵
- Executes dropped EXE
-
\??\c:\tbnnx.exec:\tbnnx.exe45⤵
- Executes dropped EXE
-
\??\c:\fpvvrn.exec:\fpvvrn.exe46⤵
- Executes dropped EXE
-
\??\c:\drbpdhd.exec:\drbpdhd.exe47⤵
- Executes dropped EXE
-
\??\c:\dbvbd.exec:\dbvbd.exe48⤵
- Executes dropped EXE
-
\??\c:\fdjlhxx.exec:\fdjlhxx.exe49⤵
- Executes dropped EXE
-
\??\c:\vdpbj.exec:\vdpbj.exe50⤵
- Executes dropped EXE
-
\??\c:\pbplt.exec:\pbplt.exe51⤵
- Executes dropped EXE
-
\??\c:\rdlblt.exec:\rdlblt.exe52⤵
- Executes dropped EXE
-
\??\c:\bxdrnbh.exec:\bxdrnbh.exe53⤵
- Executes dropped EXE
-
\??\c:\lbvnttf.exec:\lbvnttf.exe54⤵
- Executes dropped EXE
-
\??\c:\nxvfv.exec:\nxvfv.exe55⤵
- Executes dropped EXE
-
\??\c:\bjbdf.exec:\bjbdf.exe56⤵
- Executes dropped EXE
-
\??\c:\bhvphd.exec:\bhvphd.exe57⤵
- Executes dropped EXE
-
\??\c:\jrnln.exec:\jrnln.exe58⤵
- Executes dropped EXE
-
\??\c:\njthf.exec:\njthf.exe59⤵
- Executes dropped EXE
-
\??\c:\vjhvt.exec:\vjhvt.exe60⤵
- Executes dropped EXE
-
\??\c:\xlbdf.exec:\xlbdf.exe61⤵
- Executes dropped EXE
-
\??\c:\brhvxjv.exec:\brhvxjv.exe62⤵
- Executes dropped EXE
-
\??\c:\xrnjxv.exec:\xrnjxv.exe63⤵
- Executes dropped EXE
-
\??\c:\jntnp.exec:\jntnp.exe64⤵
- Executes dropped EXE
-
\??\c:\jjbpb.exec:\jjbpb.exe65⤵
- Executes dropped EXE
-
\??\c:\trdjx.exec:\trdjx.exe66⤵
-
\??\c:\xntdj.exec:\xntdj.exe67⤵
-
\??\c:\dltrbjh.exec:\dltrbjh.exe68⤵
-
\??\c:\bnjhdn.exec:\bnjhdn.exe69⤵
-
\??\c:\lddxdn.exec:\lddxdn.exe70⤵
-
\??\c:\hhtvjvx.exec:\hhtvjvx.exe71⤵
-
\??\c:\djdxrxl.exec:\djdxrxl.exe72⤵
-
\??\c:\tnvvh.exec:\tnvvh.exe73⤵
-
\??\c:\pvjfhf.exec:\pvjfhf.exe74⤵
-
\??\c:\jbfrvtn.exec:\jbfrvtn.exe75⤵
-
\??\c:\ttrdpht.exec:\ttrdpht.exe76⤵
-
\??\c:\ldxxhh.exec:\ldxxhh.exe77⤵
-
\??\c:\nnnhpvv.exec:\nnnhpvv.exe78⤵
-
\??\c:\nrrvtxx.exec:\nrrvtxx.exe79⤵
-
\??\c:\lrbth.exec:\lrbth.exe80⤵
-
\??\c:\fbjxxhb.exec:\fbjxxhb.exe81⤵
-
\??\c:\xphnd.exec:\xphnd.exe82⤵
-
\??\c:\hrtxb.exec:\hrtxb.exe83⤵
-
\??\c:\dhrdvj.exec:\dhrdvj.exe84⤵
-
\??\c:\xbflh.exec:\xbflh.exe85⤵
-
\??\c:\vrvxnht.exec:\vrvxnht.exe86⤵
-
\??\c:\blxrvl.exec:\blxrvl.exe87⤵
-
\??\c:\rlxjdpt.exec:\rlxjdpt.exe88⤵
-
\??\c:\jvtxh.exec:\jvtxh.exe89⤵
-
\??\c:\nxjdjrn.exec:\nxjdjrn.exe90⤵
-
\??\c:\trpdt.exec:\trpdt.exe91⤵
-
\??\c:\xfblxd.exec:\xfblxd.exe92⤵
-
\??\c:\vrljfpx.exec:\vrljfpx.exe93⤵
-
\??\c:\lxdnhj.exec:\lxdnhj.exe94⤵
-
\??\c:\xvhfxn.exec:\xvhfxn.exe95⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ldjdn.exec:\ldjdn.exe96⤵
-
\??\c:\htbbt.exec:\htbbt.exe97⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vfjtff.exec:\vfjtff.exe98⤵
-
\??\c:\vbbxl.exec:\vbbxl.exe99⤵
-
\??\c:\jppvpx.exec:\jppvpx.exe100⤵
-
\??\c:\rhxft.exec:\rhxft.exe101⤵
-
\??\c:\dflrhx.exec:\dflrhx.exe102⤵
-
\??\c:\hlpln.exec:\hlpln.exe103⤵
-
\??\c:\phxrrv.exec:\phxrrv.exe104⤵
-
\??\c:\tdvdvvx.exec:\tdvdvvx.exe105⤵
-
\??\c:\bjtxvl.exec:\bjtxvl.exe106⤵
-
\??\c:\fnrvpp.exec:\fnrvpp.exe107⤵
-
\??\c:\pfvjpt.exec:\pfvjpt.exe108⤵
-
\??\c:\lfhbvn.exec:\lfhbvn.exe109⤵
-
\??\c:\vhvhjj.exec:\vhvhjj.exe110⤵
-
\??\c:\nfxtd.exec:\nfxtd.exe111⤵
-
\??\c:\xrfflnj.exec:\xrfflnj.exe112⤵
-
\??\c:\jnlphh.exec:\jnlphh.exe113⤵
-
\??\c:\fffpbl.exec:\fffpbl.exe114⤵
-
\??\c:\vrjnbb.exec:\vrjnbb.exe115⤵
-
\??\c:\rxfrxnt.exec:\rxfrxnt.exe116⤵
-
\??\c:\dvrhrf.exec:\dvrhrf.exe117⤵
-
\??\c:\dtdbjf.exec:\dtdbjf.exe118⤵
-
\??\c:\htdjrf.exec:\htdjrf.exe119⤵
-
\??\c:\fvbrj.exec:\fvbrj.exe120⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hpxpnd.exec:\hpxpnd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-