Analysis
-
max time kernel
150s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
28/12/2024, 21:30
General
-
Target
3210c3918d8a2e5314503f462ae9452330b2b7eb91c70f7ffab4e5a0d00f9569.exe
-
Size
454KB
-
MD5
03db74dc8c7e7bdbe52708f3c26456dd
-
SHA1
4a93d11b06893b905e96550d5371e7d2e4e39c2e
-
SHA256
3210c3918d8a2e5314503f462ae9452330b2b7eb91c70f7ffab4e5a0d00f9569
-
SHA512
51c1e8fae242707ed0ff46a97b1de176e10cf4e61b104e5af6dde84c3ab96f412d60ade0980bdf924f0b4147bf26eca8cc5b86ec22443e441f33a2479bf3da80
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbebs:q7Tc2NYHUrAwfMp3CDbs
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 39 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 49 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3210c3918d8a2e5314503f462ae9452330b2b7eb91c70f7ffab4e5a0d00f9569.exe"C:\Users\Admin\AppData\Local\Temp\3210c3918d8a2e5314503f462ae9452330b2b7eb91c70f7ffab4e5a0d00f9569.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vjbhl.exec:\vjbhl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjphvpp.exec:\jjphvpp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rbrjpb.exec:\rbrjpb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rhnjr.exec:\rhnjr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdfhfb.exec:\vdfhfb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lbpnr.exec:\lbpnr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dxpnrt.exec:\dxpnrt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lbhbt.exec:\lbhbt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xtljnrv.exec:\xtljnrv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbvvht.exec:\tbvvht.exe11⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\llhrrdd.exec:\llhrrdd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hddxvf.exec:\hddxvf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlfhj.exec:\rrlfhj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tphnpdp.exec:\tphnpdp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jfdlpb.exec:\jfdlpb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvntvp.exec:\pvntvp.exe17⤵
- Executes dropped EXE
-
\??\c:\xxtnjv.exec:\xxtnjv.exe18⤵
- Executes dropped EXE
-
\??\c:\lbhbh.exec:\lbhbh.exe19⤵
- Executes dropped EXE
-
\??\c:\dbnvfp.exec:\dbnvfp.exe20⤵
- Executes dropped EXE
-
\??\c:\pxtdtfp.exec:\pxtdtfp.exe21⤵
- Executes dropped EXE
-
\??\c:\nnbfh.exec:\nnbfh.exe22⤵
- Executes dropped EXE
-
\??\c:\txldtx.exec:\txldtx.exe23⤵
- Executes dropped EXE
-
\??\c:\vplff.exec:\vplff.exe24⤵
- Executes dropped EXE
-
\??\c:\fvrvdl.exec:\fvrvdl.exe25⤵
- Executes dropped EXE
-
\??\c:\jxnhxr.exec:\jxnhxr.exe26⤵
- Executes dropped EXE
-
\??\c:\rdfbvhh.exec:\rdfbvhh.exe27⤵
- Executes dropped EXE
-
\??\c:\nvhrpht.exec:\nvhrpht.exe28⤵
- Executes dropped EXE
-
\??\c:\fxdnvrj.exec:\fxdnvrj.exe29⤵
- Executes dropped EXE
-
\??\c:\ftbld.exec:\ftbld.exe30⤵
- Executes dropped EXE
-
\??\c:\prbxlvp.exec:\prbxlvp.exe31⤵
- Executes dropped EXE
-
\??\c:\hxpvxn.exec:\hxpvxn.exe32⤵
- Executes dropped EXE
-
\??\c:\xjjnvbl.exec:\xjjnvbl.exe33⤵
- Executes dropped EXE
-
\??\c:\lxntxf.exec:\lxntxf.exe34⤵
- Executes dropped EXE
-
\??\c:\fvdjvp.exec:\fvdjvp.exe35⤵
- Executes dropped EXE
-
\??\c:\xnfvnfj.exec:\xnfvnfj.exe36⤵
- Executes dropped EXE
-
\??\c:\xlvfxj.exec:\xlvfxj.exe37⤵
- Executes dropped EXE
-
\??\c:\njbrnl.exec:\njbrnl.exe38⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\pfvnhl.exec:\pfvnhl.exe39⤵
- Executes dropped EXE
-
\??\c:\tlrpbvv.exec:\tlrpbvv.exe40⤵
- Executes dropped EXE
-
\??\c:\vldbpn.exec:\vldbpn.exe41⤵
- Executes dropped EXE
-
\??\c:\tljftnn.exec:\tljftnn.exe42⤵
- Executes dropped EXE
-
\??\c:\bjdjh.exec:\bjdjh.exe43⤵
- Executes dropped EXE
-
\??\c:\djplnbt.exec:\djplnbt.exe44⤵
- Executes dropped EXE
-
\??\c:\hlprljh.exec:\hlprljh.exe45⤵
- Executes dropped EXE
-
\??\c:\jtjvxlt.exec:\jtjvxlt.exe46⤵
- Executes dropped EXE
-
\??\c:\pxdhfdj.exec:\pxdhfdj.exe47⤵
- Executes dropped EXE
-
\??\c:\bddhdnv.exec:\bddhdnv.exe48⤵
- Executes dropped EXE
-
\??\c:\dnlnlp.exec:\dnlnlp.exe49⤵
- Executes dropped EXE
-
\??\c:\njfjhl.exec:\njfjhl.exe50⤵
- Executes dropped EXE
-
\??\c:\hphjhxr.exec:\hphjhxr.exe51⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\xhrtndp.exec:\xhrtndp.exe52⤵
- Executes dropped EXE
-
\??\c:\bvrfrpx.exec:\bvrfrpx.exe53⤵
- Executes dropped EXE
-
\??\c:\ffvttdx.exec:\ffvttdx.exe54⤵
- Executes dropped EXE
-
\??\c:\lbfpt.exec:\lbfpt.exe55⤵
- Executes dropped EXE
-
\??\c:\pbhpvpj.exec:\pbhpvpj.exe56⤵
- Executes dropped EXE
-
\??\c:\jhbxrnh.exec:\jhbxrnh.exe57⤵
- Executes dropped EXE
-
\??\c:\hxfdpbp.exec:\hxfdpbp.exe58⤵
- Executes dropped EXE
-
\??\c:\fbvbbd.exec:\fbvbbd.exe59⤵
- Executes dropped EXE
-
\??\c:\hnlnln.exec:\hnlnln.exe60⤵
- Executes dropped EXE
-
\??\c:\rxdhnd.exec:\rxdhnd.exe61⤵
- Executes dropped EXE
-
\??\c:\hfrjrdr.exec:\hfrjrdr.exe62⤵
- Executes dropped EXE
-
\??\c:\nlnhtjh.exec:\nlnhtjh.exe63⤵
- Executes dropped EXE
-
\??\c:\xrtjnhr.exec:\xrtjnhr.exe64⤵
- Executes dropped EXE
-
\??\c:\dtthh.exec:\dtthh.exe65⤵
- Executes dropped EXE
-
\??\c:\hvjlb.exec:\hvjlb.exe66⤵
-
\??\c:\nnhrlh.exec:\nnhrlh.exe67⤵
-
\??\c:\bnrxhd.exec:\bnrxhd.exe68⤵
-
\??\c:\fhthp.exec:\fhthp.exe69⤵
-
\??\c:\jtnjb.exec:\jtnjb.exe70⤵
-
\??\c:\nfvntl.exec:\nfvntl.exe71⤵
-
\??\c:\hffdfd.exec:\hffdfd.exe72⤵
-
\??\c:\ldtjnp.exec:\ldtjnp.exe73⤵
-
\??\c:\xhfxbfr.exec:\xhfxbfr.exe74⤵
-
\??\c:\vnpjx.exec:\vnpjx.exe75⤵
-
\??\c:\nthtljv.exec:\nthtljv.exe76⤵
-
\??\c:\ppxrvj.exec:\ppxrvj.exe77⤵
-
\??\c:\nxxbn.exec:\nxxbn.exe78⤵
-
\??\c:\npdfj.exec:\npdfj.exe79⤵
-
\??\c:\htlphbf.exec:\htlphbf.exe80⤵
-
\??\c:\nlrpfd.exec:\nlrpfd.exe81⤵
-
\??\c:\hjnvx.exec:\hjnvx.exe82⤵
-
\??\c:\blbtnv.exec:\blbtnv.exe83⤵
-
\??\c:\dtvjd.exec:\dtvjd.exe84⤵
-
\??\c:\nxtvvb.exec:\nxtvvb.exe85⤵
-
\??\c:\tpfdhtv.exec:\tpfdhtv.exe86⤵
-
\??\c:\tndxvd.exec:\tndxvd.exe87⤵
-
\??\c:\ltvxdt.exec:\ltvxdt.exe88⤵
-
\??\c:\jnfjxn.exec:\jnfjxn.exe89⤵
-
\??\c:\tvbtpd.exec:\tvbtpd.exe90⤵
-
\??\c:\vrxbbv.exec:\vrxbbv.exe91⤵
-
\??\c:\vlrfb.exec:\vlrfb.exe92⤵
-
\??\c:\ddhvpf.exec:\ddhvpf.exe93⤵
-
\??\c:\pbrhx.exec:\pbrhx.exe94⤵
-
\??\c:\tnprt.exec:\tnprt.exe95⤵
-
\??\c:\lvdbj.exec:\lvdbj.exe96⤵
-
\??\c:\xhhtl.exec:\xhhtl.exe97⤵
-
\??\c:\dphnp.exec:\dphnp.exe98⤵
-
\??\c:\vxbpnr.exec:\vxbpnr.exe99⤵
- System Location Discovery: System Language Discovery
-
\??\c:\dlfpt.exec:\dlfpt.exe100⤵
-
\??\c:\bdfpjnd.exec:\bdfpjnd.exe101⤵
-
\??\c:\ttdtd.exec:\ttdtd.exe102⤵
-
\??\c:\lffhhpd.exec:\lffhhpd.exe103⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pnpbvv.exec:\pnpbvv.exe104⤵
-
\??\c:\ptflff.exec:\ptflff.exe105⤵
-
\??\c:\ptlrf.exec:\ptlrf.exe106⤵
-
\??\c:\pbvvln.exec:\pbvvln.exe107⤵
-
\??\c:\bfdpl.exec:\bfdpl.exe108⤵
-
\??\c:\xxnpn.exec:\xxnpn.exe109⤵
-
\??\c:\lpjvh.exec:\lpjvh.exe110⤵
-
\??\c:\xfphxtn.exec:\xfphxtn.exe111⤵
-
\??\c:\hdlhxv.exec:\hdlhxv.exe112⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hrlhdlr.exec:\hrlhdlr.exe113⤵
-
\??\c:\jffjhj.exec:\jffjhj.exe114⤵
-
\??\c:\trlffl.exec:\trlffl.exe115⤵
- System Location Discovery: System Language Discovery
-
\??\c:\dfdxb.exec:\dfdxb.exe116⤵
-
\??\c:\hlxrfv.exec:\hlxrfv.exe117⤵
-
\??\c:\tdjft.exec:\tdjft.exe118⤵
-
\??\c:\fvllfh.exec:\fvllfh.exe119⤵
-
\??\c:\hdxbbvr.exec:\hdxbbvr.exe120⤵
-
\??\c:\xbjtpf.exec:\xbjtpf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-