Analysis
-
max time kernel
150s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
28/12/2024, 21:12
General
-
Target
2ad39224ce558f5943897b8f24faa88006edfd5c118e6a0792d501f23c1e7b39.exe
-
Size
454KB
-
MD5
be7921a406d588b299bd44790020616f
-
SHA1
be50e71289be2158afe8e30795722c0e7b43a477
-
SHA256
2ad39224ce558f5943897b8f24faa88006edfd5c118e6a0792d501f23c1e7b39
-
SHA512
4afabc0c7ec2102b9eb67401f326adc2394d341a102bedaa4304da208983b4719dfb48394a70372bf78c676584a6266a51323c6698ce66b1f7c99f628eecc248
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeVV:q7Tc2NYHUrAwfMp3CDVV
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 44 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 47 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2ad39224ce558f5943897b8f24faa88006edfd5c118e6a0792d501f23c1e7b39.exe"C:\Users\Admin\AppData\Local\Temp\2ad39224ce558f5943897b8f24faa88006edfd5c118e6a0792d501f23c1e7b39.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ftbpl.exec:\ftbpl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjfxv.exec:\pdjfxv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxjlpl.exec:\xfxjlpl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rbtdv.exec:\rbtdv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnjxlb.exec:\hnjxlb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\phjtndd.exec:\phjtndd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pnvxbt.exec:\pnvxbt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xjbfj.exec:\xjbfj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nxbdfht.exec:\nxbdfht.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lppbfbn.exec:\lppbfbn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hvrhhb.exec:\hvrhhb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btppdb.exec:\btppdb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ljdpl.exec:\ljdpl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xjfvxdl.exec:\xjfvxdl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dnlvxv.exec:\dnlvxv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hjtfb.exec:\hjtfb.exe17⤵
- Executes dropped EXE
-
\??\c:\ttfxdd.exec:\ttfxdd.exe18⤵
- Executes dropped EXE
-
\??\c:\thfdlrn.exec:\thfdlrn.exe19⤵
- Executes dropped EXE
-
\??\c:\bffrtdj.exec:\bffrtdj.exe20⤵
- Executes dropped EXE
-
\??\c:\lnrrflt.exec:\lnrrflt.exe21⤵
- Executes dropped EXE
-
\??\c:\rfplbf.exec:\rfplbf.exe22⤵
- Executes dropped EXE
-
\??\c:\txbtx.exec:\txbtx.exe23⤵
- Executes dropped EXE
-
\??\c:\pxdxt.exec:\pxdxt.exe24⤵
- Executes dropped EXE
-
\??\c:\hfpjpv.exec:\hfpjpv.exe25⤵
- Executes dropped EXE
-
\??\c:\phtfxdf.exec:\phtfxdf.exe26⤵
- Executes dropped EXE
-
\??\c:\pprtnpt.exec:\pprtnpt.exe27⤵
- Executes dropped EXE
-
\??\c:\nbpxxx.exec:\nbpxxx.exe28⤵
- Executes dropped EXE
-
\??\c:\dtrpxp.exec:\dtrpxp.exe29⤵
- Executes dropped EXE
-
\??\c:\tdlnvdj.exec:\tdlnvdj.exe30⤵
- Executes dropped EXE
-
\??\c:\rpjvpj.exec:\rpjvpj.exe31⤵
- Executes dropped EXE
-
\??\c:\jthdxpx.exec:\jthdxpx.exe32⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\drrnlp.exec:\drrnlp.exe33⤵
- Executes dropped EXE
-
\??\c:\fvvpvxd.exec:\fvvpvxd.exe34⤵
- Executes dropped EXE
-
\??\c:\bljnrnv.exec:\bljnrnv.exe35⤵
- Executes dropped EXE
-
\??\c:\hpfhd.exec:\hpfhd.exe36⤵
- Executes dropped EXE
-
\??\c:\xfdhrnb.exec:\xfdhrnb.exe37⤵
- Executes dropped EXE
-
\??\c:\djpjhtt.exec:\djpjhtt.exe38⤵
- Executes dropped EXE
-
\??\c:\nrfnbn.exec:\nrfnbn.exe39⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\vpfdpn.exec:\vpfdpn.exe40⤵
- Executes dropped EXE
-
\??\c:\vdxxbb.exec:\vdxxbb.exe41⤵
- Executes dropped EXE
-
\??\c:\hhhvlx.exec:\hhhvlx.exe42⤵
- Executes dropped EXE
-
\??\c:\jhxhjf.exec:\jhxhjf.exe43⤵
- Executes dropped EXE
-
\??\c:\htfrbl.exec:\htfrbl.exe44⤵
- Executes dropped EXE
-
\??\c:\jjlrb.exec:\jjlrb.exe45⤵
- Executes dropped EXE
-
\??\c:\djftb.exec:\djftb.exe46⤵
- Executes dropped EXE
-
\??\c:\dhprbn.exec:\dhprbn.exe47⤵
- Executes dropped EXE
-
\??\c:\hndbhj.exec:\hndbhj.exe48⤵
- Executes dropped EXE
-
\??\c:\bxjrtfx.exec:\bxjrtfx.exe49⤵
- Executes dropped EXE
-
\??\c:\fxtdrxj.exec:\fxtdrxj.exe50⤵
- Executes dropped EXE
-
\??\c:\hrltj.exec:\hrltj.exe51⤵
- Executes dropped EXE
-
\??\c:\trhvlf.exec:\trhvlf.exe52⤵
- Executes dropped EXE
-
\??\c:\pfnpth.exec:\pfnpth.exe53⤵
- Executes dropped EXE
-
\??\c:\vndpldn.exec:\vndpldn.exe54⤵
- Executes dropped EXE
-
\??\c:\xbtdfj.exec:\xbtdfj.exe55⤵
- Executes dropped EXE
-
\??\c:\lbblj.exec:\lbblj.exe56⤵
- Executes dropped EXE
-
\??\c:\tvpdpt.exec:\tvpdpt.exe57⤵
- Executes dropped EXE
-
\??\c:\frnxfln.exec:\frnxfln.exe58⤵
- Executes dropped EXE
-
\??\c:\hllvt.exec:\hllvt.exe59⤵
- Executes dropped EXE
-
\??\c:\djrnj.exec:\djrnj.exe60⤵
- Executes dropped EXE
-
\??\c:\xjnrn.exec:\xjnrn.exe61⤵
- Executes dropped EXE
-
\??\c:\dddtr.exec:\dddtr.exe62⤵
- Executes dropped EXE
-
\??\c:\lhfjlb.exec:\lhfjlb.exe63⤵
- Executes dropped EXE
-
\??\c:\vlvdvdd.exec:\vlvdvdd.exe64⤵
- Executes dropped EXE
-
\??\c:\xdltrv.exec:\xdltrv.exe65⤵
- Executes dropped EXE
-
\??\c:\pttrl.exec:\pttrl.exe66⤵
-
\??\c:\rptvbbv.exec:\rptvbbv.exe67⤵
-
\??\c:\jdhxfpp.exec:\jdhxfpp.exe68⤵
-
\??\c:\bvbdnv.exec:\bvbdnv.exe69⤵
-
\??\c:\txdjr.exec:\txdjr.exe70⤵
-
\??\c:\tltvbh.exec:\tltvbh.exe71⤵
-
\??\c:\fxddjf.exec:\fxddjf.exe72⤵
-
\??\c:\dbvnpx.exec:\dbvnpx.exe73⤵
-
\??\c:\vtnphh.exec:\vtnphh.exe74⤵
-
\??\c:\dbnjfr.exec:\dbnjfr.exe75⤵
-
\??\c:\bhjvtrb.exec:\bhjvtrb.exe76⤵
-
\??\c:\vvxxvlf.exec:\vvxxvlf.exe77⤵
-
\??\c:\jljfrjl.exec:\jljfrjl.exe78⤵
-
\??\c:\bnftnp.exec:\bnftnp.exe79⤵
-
\??\c:\xpjdfx.exec:\xpjdfx.exe80⤵
-
\??\c:\bthdhbr.exec:\bthdhbr.exe81⤵
-
\??\c:\bbbtl.exec:\bbbtl.exe82⤵
-
\??\c:\flxpvlp.exec:\flxpvlp.exe83⤵
-
\??\c:\xnflfd.exec:\xnflfd.exe84⤵
-
\??\c:\lxpndv.exec:\lxpndv.exe85⤵
-
\??\c:\bpbdbn.exec:\bpbdbn.exe86⤵
-
\??\c:\rlxhhp.exec:\rlxhhp.exe87⤵
-
\??\c:\tlnhn.exec:\tlnhn.exe88⤵
-
\??\c:\fptjdtx.exec:\fptjdtx.exe89⤵
-
\??\c:\tnnxnh.exec:\tnnxnh.exe90⤵
-
\??\c:\hbxjhfn.exec:\hbxjhfn.exe91⤵
-
\??\c:\rnvxhhh.exec:\rnvxhhh.exe92⤵
-
\??\c:\tvtvftf.exec:\tvtvftf.exe93⤵
-
\??\c:\nhnnhxh.exec:\nhnnhxh.exe94⤵
-
\??\c:\fjjpb.exec:\fjjpb.exe95⤵
-
\??\c:\rvxnvjr.exec:\rvxnvjr.exe96⤵
-
\??\c:\phjbp.exec:\phjbp.exe97⤵
-
\??\c:\lhlvx.exec:\lhlvx.exe98⤵
-
\??\c:\ppldxf.exec:\ppldxf.exe99⤵
-
\??\c:\rhpttlh.exec:\rhpttlh.exe100⤵
-
\??\c:\rrnfpv.exec:\rrnfpv.exe101⤵
-
\??\c:\ntjxdp.exec:\ntjxdp.exe102⤵
-
\??\c:\jxfjdf.exec:\jxfjdf.exe103⤵
-
\??\c:\hlhtjf.exec:\hlhtjf.exe104⤵
-
\??\c:\ffftflx.exec:\ffftflx.exe105⤵
-
\??\c:\xdlhxdn.exec:\xdlhxdn.exe106⤵
-
\??\c:\lpfjd.exec:\lpfjd.exe107⤵
-
\??\c:\lppfvjh.exec:\lppfvjh.exe108⤵
-
\??\c:\xddnbnf.exec:\xddnbnf.exe109⤵
-
\??\c:\nbrlrnd.exec:\nbrlrnd.exe110⤵
- System Location Discovery: System Language Discovery
-
\??\c:\nnfvjhb.exec:\nnfvjhb.exe111⤵
-
\??\c:\thtlphr.exec:\thtlphr.exe112⤵
-
\??\c:\tdxvpr.exec:\tdxvpr.exe113⤵
-
\??\c:\xlxrntl.exec:\xlxrntl.exe114⤵
-
\??\c:\xxxrpnn.exec:\xxxrpnn.exe115⤵
-
\??\c:\dbvhf.exec:\dbvhf.exe116⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rdrth.exec:\rdrth.exe117⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xjndb.exec:\xjndb.exe118⤵
-
\??\c:\prxrth.exec:\prxrth.exe119⤵
-
\??\c:\hpjlhh.exec:\hpjlhh.exe120⤵
-
\??\c:\vlvbppf.exec:\vlvbppf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-