Analysis
-
max time kernel
120s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
26-12-2024 19:43
General
-
Target
c23d69935b7a5ae99c2fa15b91498535b61df5085f3df1346a2142d3dec3794c.exe
-
Size
456KB
-
MD5
fc5935424aaef52eea079a9bad859b6b
-
SHA1
6613b8a5ee772874a828764c14cd2b4677cbc2f8
-
SHA256
c23d69935b7a5ae99c2fa15b91498535b61df5085f3df1346a2142d3dec3794c
-
SHA512
0a915d8fde35eb9f3ecbdc94d8b76583988a760db8a214977d63c7d00a91421064a6ce558e075134aa3e47704f997c7fe818e927fd3e27feedabd0b0bc2f8fae
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeR0:q7Tc2NYHUrAwfMp3CDR0
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 45 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 45 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c23d69935b7a5ae99c2fa15b91498535b61df5085f3df1346a2142d3dec3794c.exe"C:\Users\Admin\AppData\Local\Temp\c23d69935b7a5ae99c2fa15b91498535b61df5085f3df1346a2142d3dec3794c.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\phfflhb.exec:\phfflhb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dldvf.exec:\dldvf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vptbhtd.exec:\vptbhtd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlbplbb.exec:\rlbplbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnpdnd.exec:\tnpdnd.exe6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\nltvdhp.exec:\nltvdhp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xhlrpfn.exec:\xhlrpfn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vfxpj.exec:\vfxpj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfvf.exec:\xxfvf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dtvvdtj.exec:\dtvvdtj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fjjvjrp.exec:\fjjvjrp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nlvblj.exec:\nlvblj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tdxtl.exec:\tdxtl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hdxjtth.exec:\hdxjtth.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flnjvdl.exec:\flnjvdl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlnlnh.exec:\xlnlnh.exe17⤵
- Executes dropped EXE
-
\??\c:\pdddjlp.exec:\pdddjlp.exe18⤵
- Executes dropped EXE
-
\??\c:\dfdprrf.exec:\dfdprrf.exe19⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\blnjx.exec:\blnjx.exe20⤵
- Executes dropped EXE
-
\??\c:\tvrlxjl.exec:\tvrlxjl.exe21⤵
- Executes dropped EXE
-
\??\c:\rjdbfxx.exec:\rjdbfxx.exe22⤵
- Executes dropped EXE
-
\??\c:\dpbhhl.exec:\dpbhhl.exe23⤵
- Executes dropped EXE
-
\??\c:\djdhppx.exec:\djdhppx.exe24⤵
- Executes dropped EXE
-
\??\c:\rplnj.exec:\rplnj.exe25⤵
- Executes dropped EXE
-
\??\c:\jfdhlnb.exec:\jfdhlnb.exe26⤵
- Executes dropped EXE
-
\??\c:\rlxrbht.exec:\rlxrbht.exe27⤵
- Executes dropped EXE
-
\??\c:\rrjllld.exec:\rrjllld.exe28⤵
- Executes dropped EXE
-
\??\c:\xtljvpp.exec:\xtljvpp.exe29⤵
- Executes dropped EXE
-
\??\c:\xbvlvjd.exec:\xbvlvjd.exe30⤵
- Executes dropped EXE
-
\??\c:\ljjxxvb.exec:\ljjxxvb.exe31⤵
- Executes dropped EXE
-
\??\c:\jdjvtt.exec:\jdjvtt.exe32⤵
- Executes dropped EXE
-
\??\c:\fnbntp.exec:\fnbntp.exe33⤵
- Executes dropped EXE
-
\??\c:\xffvnbx.exec:\xffvnbx.exe34⤵
- Executes dropped EXE
-
\??\c:\dxdxlp.exec:\dxdxlp.exe35⤵
- Executes dropped EXE
-
\??\c:\fdxxt.exec:\fdxxt.exe36⤵
- Executes dropped EXE
-
\??\c:\vhlrtt.exec:\vhlrtt.exe37⤵
- Executes dropped EXE
-
\??\c:\dhnlxft.exec:\dhnlxft.exe38⤵
- Executes dropped EXE
-
\??\c:\rnfhxfd.exec:\rnfhxfd.exe39⤵
- Executes dropped EXE
-
\??\c:\lxhjdxp.exec:\lxhjdxp.exe40⤵
- Executes dropped EXE
-
\??\c:\tfbltr.exec:\tfbltr.exe41⤵
- Executes dropped EXE
-
\??\c:\lhtrttb.exec:\lhtrttb.exe42⤵
- Executes dropped EXE
-
\??\c:\ndjltj.exec:\ndjltj.exe43⤵
- Executes dropped EXE
-
\??\c:\rhrxr.exec:\rhrxr.exe44⤵
- Executes dropped EXE
-
\??\c:\jjdxdrb.exec:\jjdxdrb.exe45⤵
- Executes dropped EXE
-
\??\c:\bnfvlj.exec:\bnfvlj.exe46⤵
- Executes dropped EXE
-
\??\c:\nlbxhtn.exec:\nlbxhtn.exe47⤵
- Executes dropped EXE
-
\??\c:\jrnxtr.exec:\jrnxtr.exe48⤵
- Executes dropped EXE
-
\??\c:\fvjdbr.exec:\fvjdbr.exe49⤵
- Executes dropped EXE
-
\??\c:\drblbt.exec:\drblbt.exe50⤵
- Executes dropped EXE
-
\??\c:\ffrhbtf.exec:\ffrhbtf.exe51⤵
- Executes dropped EXE
-
\??\c:\tfdfj.exec:\tfdfj.exe52⤵
- Executes dropped EXE
-
\??\c:\xvxfjd.exec:\xvxfjd.exe53⤵
- Executes dropped EXE
-
\??\c:\vhnvldl.exec:\vhnvldl.exe54⤵
- Executes dropped EXE
-
\??\c:\brrvpxb.exec:\brrvpxb.exe55⤵
- Executes dropped EXE
-
\??\c:\drffpj.exec:\drffpj.exe56⤵
- Executes dropped EXE
-
\??\c:\jjjbntn.exec:\jjjbntn.exe57⤵
- Executes dropped EXE
-
\??\c:\nrrhtn.exec:\nrrhtn.exe58⤵
- Executes dropped EXE
-
\??\c:\dftxnvv.exec:\dftxnvv.exe59⤵
- Executes dropped EXE
-
\??\c:\fxnlxb.exec:\fxnlxb.exe60⤵
- Executes dropped EXE
-
\??\c:\dbvjlt.exec:\dbvjlt.exe61⤵
- Executes dropped EXE
-
\??\c:\ltfdn.exec:\ltfdn.exe62⤵
- Executes dropped EXE
-
\??\c:\jrhhpf.exec:\jrhhpf.exe63⤵
- Executes dropped EXE
-
\??\c:\ptxntp.exec:\ptxntp.exe64⤵
- Executes dropped EXE
-
\??\c:\ldlfjrn.exec:\ldlfjrn.exe65⤵
- Executes dropped EXE
-
\??\c:\pxdjfr.exec:\pxdjfr.exe66⤵
-
\??\c:\hplnd.exec:\hplnd.exe67⤵
-
\??\c:\ntpxtrn.exec:\ntpxtrn.exe68⤵
-
\??\c:\dnnfpxp.exec:\dnnfpxp.exe69⤵
-
\??\c:\nlxhf.exec:\nlxhf.exe70⤵
-
\??\c:\vndjb.exec:\vndjb.exe71⤵
-
\??\c:\dlrpjv.exec:\dlrpjv.exe72⤵
-
\??\c:\xlpxb.exec:\xlpxb.exe73⤵
-
\??\c:\tjvjd.exec:\tjvjd.exe74⤵
-
\??\c:\ndnjj.exec:\ndnjj.exe75⤵
-
\??\c:\pfjvfft.exec:\pfjvfft.exe76⤵
- System Location Discovery: System Language Discovery
-
\??\c:\nrvpf.exec:\nrvpf.exe77⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hnhbjx.exec:\hnhbjx.exe78⤵
-
\??\c:\vpjvh.exec:\vpjvh.exe79⤵
-
\??\c:\xpxrh.exec:\xpxrh.exe80⤵
-
\??\c:\ljhptf.exec:\ljhptf.exe81⤵
-
\??\c:\xjdjttt.exec:\xjdjttt.exe82⤵
-
\??\c:\lvllpht.exec:\lvllpht.exe83⤵
-
\??\c:\lfnhtj.exec:\lfnhtj.exe84⤵
-
\??\c:\bltnp.exec:\bltnp.exe85⤵
-
\??\c:\xxxvd.exec:\xxxvd.exe86⤵
-
\??\c:\vpjfb.exec:\vpjfb.exe87⤵
-
\??\c:\jjpfx.exec:\jjpfx.exe88⤵
-
\??\c:\xfdtv.exec:\xfdtv.exe89⤵
-
\??\c:\frvbhv.exec:\frvbhv.exe90⤵
-
\??\c:\fdblp.exec:\fdblp.exe91⤵
-
\??\c:\jxprf.exec:\jxprf.exe92⤵
-
\??\c:\httlhxp.exec:\httlhxp.exe93⤵
-
\??\c:\ltbjr.exec:\ltbjr.exe94⤵
-
\??\c:\hlrvdd.exec:\hlrvdd.exe95⤵
-
\??\c:\fhjvj.exec:\fhjvj.exe96⤵
-
\??\c:\ffjtnp.exec:\ffjtnp.exe97⤵
-
\??\c:\trppb.exec:\trppb.exe98⤵
-
\??\c:\drrdxp.exec:\drrdxp.exe99⤵
-
\??\c:\bdjtpb.exec:\bdjtpb.exe100⤵
-
\??\c:\llbnrhl.exec:\llbnrhl.exe101⤵
-
\??\c:\nxhjjr.exec:\nxhjjr.exe102⤵
-
\??\c:\jtvpj.exec:\jtvpj.exe103⤵
-
\??\c:\jthxrf.exec:\jthxrf.exe104⤵
-
\??\c:\rrhdhjh.exec:\rrhdhjh.exe105⤵
-
\??\c:\vnhtld.exec:\vnhtld.exe106⤵
- System Location Discovery: System Language Discovery
-
\??\c:\lpdjj.exec:\lpdjj.exe107⤵
-
\??\c:\pxbndlr.exec:\pxbndlr.exe108⤵
-
\??\c:\fbjjndl.exec:\fbjjndl.exe109⤵
-
\??\c:\dbbxnxn.exec:\dbbxnxn.exe110⤵
-
\??\c:\jrtfpb.exec:\jrtfpb.exe111⤵
-
\??\c:\vpfxtl.exec:\vpfxtl.exe112⤵
-
\??\c:\pjnvlhh.exec:\pjnvlhh.exe113⤵
-
\??\c:\lpvrxnv.exec:\lpvrxnv.exe114⤵
-
\??\c:\tvlpb.exec:\tvlpb.exe115⤵
- System Location Discovery: System Language Discovery
-
\??\c:\blphn.exec:\blphn.exe116⤵
-
\??\c:\jjrhlb.exec:\jjrhlb.exe117⤵
-
\??\c:\rdlhr.exec:\rdlhr.exe118⤵
-
\??\c:\fdjtdx.exec:\fdjtdx.exe119⤵
-
\??\c:\ddvdhjp.exec:\ddvdhjp.exe120⤵
-
\??\c:\nvlnp.exec:\nvlnp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-