Analysis
-
max time kernel
150s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
29/12/2024, 01:09
General
-
Target
7c7df757953bd6ee8d38ffb390111c97f5b5ed685bdbfa082773a37ed2f2b453.exe
-
Size
455KB
-
MD5
6b13ece23985bc38347e0bb7993024dd
-
SHA1
c0d50b1d5f9b3f988ee93932855eacdde942692b
-
SHA256
7c7df757953bd6ee8d38ffb390111c97f5b5ed685bdbfa082773a37ed2f2b453
-
SHA512
8855a75c2ec200aa68212ef6ce1d56081f9361249971cc128c930132a641df30b71fd7b1fe048f5d6e0fc939b334159f749f7c39ef0f21d4e3fe1e86b8443ed8
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbe/:q7Tc2NYHUrAwfMp3CD/
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 41 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 44 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7c7df757953bd6ee8d38ffb390111c97f5b5ed685bdbfa082773a37ed2f2b453.exe"C:\Users\Admin\AppData\Local\Temp\7c7df757953bd6ee8d38ffb390111c97f5b5ed685bdbfa082773a37ed2f2b453.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bdphtlv.exec:\bdphtlv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vblrpv.exec:\vblrpv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nxpdpnf.exec:\nxpdpnf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vbvlvtv.exec:\vbvlvtv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ldhftj.exec:\ldhftj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hvjdjrj.exec:\hvjdjrj.exe7⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\btvnb.exec:\btvnb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvffbt.exec:\vjvffbt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnpdj.exec:\bnpdj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tptnphb.exec:\tptnphb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrtdb.exec:\lrrtdb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\brhpb.exec:\brhpb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hlxnjpv.exec:\hlxnjpv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rpdpxp.exec:\rpdpxp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djhrn.exec:\djhrn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hxrxhb.exec:\hxrxhb.exe17⤵
- Executes dropped EXE
-
\??\c:\pphbvvn.exec:\pphbvvn.exe18⤵
- Executes dropped EXE
-
\??\c:\tdxppl.exec:\tdxppl.exe19⤵
- Executes dropped EXE
-
\??\c:\vnnpxlj.exec:\vnnpxlj.exe20⤵
- Executes dropped EXE
-
\??\c:\nfblbl.exec:\nfblbl.exe21⤵
- Executes dropped EXE
-
\??\c:\djbdlvp.exec:\djbdlvp.exe22⤵
- Executes dropped EXE
-
\??\c:\hlffb.exec:\hlffb.exe23⤵
- Executes dropped EXE
-
\??\c:\llhbdfd.exec:\llhbdfd.exe24⤵
- Executes dropped EXE
-
\??\c:\dlfvj.exec:\dlfvj.exe25⤵
- Executes dropped EXE
-
\??\c:\ptjfxr.exec:\ptjfxr.exe26⤵
- Executes dropped EXE
-
\??\c:\rdhdxrl.exec:\rdhdxrl.exe27⤵
- Executes dropped EXE
-
\??\c:\xdhlp.exec:\xdhlp.exe28⤵
- Executes dropped EXE
-
\??\c:\bdbpxd.exec:\bdbpxd.exe29⤵
- Executes dropped EXE
-
\??\c:\flrvn.exec:\flrvn.exe30⤵
- Executes dropped EXE
-
\??\c:\ndlnh.exec:\ndlnh.exe31⤵
- Executes dropped EXE
-
\??\c:\dhdvvhj.exec:\dhdvvhj.exe32⤵
- Executes dropped EXE
-
\??\c:\tffvrlj.exec:\tffvrlj.exe33⤵
- Executes dropped EXE
-
\??\c:\jxxlf.exec:\jxxlf.exe34⤵
- Executes dropped EXE
-
\??\c:\jjpndxf.exec:\jjpndxf.exe35⤵
- Executes dropped EXE
-
\??\c:\jdtbh.exec:\jdtbh.exe36⤵
- Executes dropped EXE
-
\??\c:\jfphf.exec:\jfphf.exe37⤵
- Executes dropped EXE
-
\??\c:\frntxp.exec:\frntxp.exe38⤵
- Executes dropped EXE
-
\??\c:\httvp.exec:\httvp.exe39⤵
- Executes dropped EXE
-
\??\c:\ttftdtn.exec:\ttftdtn.exe40⤵
- Executes dropped EXE
-
\??\c:\pnjnv.exec:\pnjnv.exe41⤵
- Executes dropped EXE
-
\??\c:\pnrrl.exec:\pnrrl.exe42⤵
- Executes dropped EXE
-
\??\c:\ftrdjx.exec:\ftrdjx.exe43⤵
- Executes dropped EXE
-
\??\c:\xbldj.exec:\xbldj.exe44⤵
- Executes dropped EXE
-
\??\c:\fvdtj.exec:\fvdtj.exe45⤵
- Executes dropped EXE
-
\??\c:\bndpd.exec:\bndpd.exe46⤵
- Executes dropped EXE
-
\??\c:\dfffltx.exec:\dfffltx.exe47⤵
- Executes dropped EXE
-
\??\c:\rxlbv.exec:\rxlbv.exe48⤵
- Executes dropped EXE
-
\??\c:\lbndxp.exec:\lbndxp.exe49⤵
- Executes dropped EXE
-
\??\c:\rrdht.exec:\rrdht.exe50⤵
- Executes dropped EXE
-
\??\c:\xjrjdj.exec:\xjrjdj.exe51⤵
- Executes dropped EXE
-
\??\c:\vrjjrxj.exec:\vrjjrxj.exe52⤵
- Executes dropped EXE
-
\??\c:\hnpdt.exec:\hnpdt.exe53⤵
- Executes dropped EXE
-
\??\c:\bvptx.exec:\bvptx.exe54⤵
- Executes dropped EXE
-
\??\c:\dhthf.exec:\dhthf.exe55⤵
- Executes dropped EXE
-
\??\c:\hbjjbbj.exec:\hbjjbbj.exe56⤵
- Executes dropped EXE
-
\??\c:\btfrx.exec:\btfrx.exe57⤵
- Executes dropped EXE
-
\??\c:\pdtnhv.exec:\pdtnhv.exe58⤵
- Executes dropped EXE
-
\??\c:\thpndv.exec:\thpndv.exe59⤵
- Executes dropped EXE
-
\??\c:\pdnhdt.exec:\pdnhdt.exe60⤵
- Executes dropped EXE
-
\??\c:\xjtdhxn.exec:\xjtdhxn.exe61⤵
- Executes dropped EXE
-
\??\c:\flldl.exec:\flldl.exe62⤵
- Executes dropped EXE
-
\??\c:\lvxjf.exec:\lvxjf.exe63⤵
- Executes dropped EXE
-
\??\c:\tpljj.exec:\tpljj.exe64⤵
- Executes dropped EXE
-
\??\c:\vxnnpbv.exec:\vxnnpbv.exe65⤵
- Executes dropped EXE
-
\??\c:\ppfhxlt.exec:\ppfhxlt.exe66⤵
-
\??\c:\xdtvphx.exec:\xdtvphx.exe67⤵
-
\??\c:\xptldp.exec:\xptldp.exe68⤵
-
\??\c:\vdlplnf.exec:\vdlplnf.exe69⤵
-
\??\c:\rjdlb.exec:\rjdlb.exe70⤵
-
\??\c:\nbnbj.exec:\nbnbj.exe71⤵
-
\??\c:\tdlnt.exec:\tdlnt.exe72⤵
-
\??\c:\lvjhhv.exec:\lvjhhv.exe73⤵
-
\??\c:\bxrjtd.exec:\bxrjtd.exe74⤵
-
\??\c:\jxpbj.exec:\jxpbj.exe75⤵
-
\??\c:\vlblhpr.exec:\vlblhpr.exe76⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rnnjjv.exec:\rnnjjv.exe77⤵
-
\??\c:\pjltffx.exec:\pjltffx.exe78⤵
-
\??\c:\dfxprh.exec:\dfxprh.exe79⤵
-
\??\c:\bjlvftl.exec:\bjlvftl.exe80⤵
-
\??\c:\xrtjh.exec:\xrtjh.exe81⤵
-
\??\c:\hrrjdbr.exec:\hrrjdbr.exe82⤵
-
\??\c:\fhpll.exec:\fhpll.exe83⤵
-
\??\c:\xprjx.exec:\xprjx.exe84⤵
-
\??\c:\nntpprn.exec:\nntpprn.exe85⤵
-
\??\c:\rfptd.exec:\rfptd.exe86⤵
-
\??\c:\lbndtr.exec:\lbndtr.exe87⤵
-
\??\c:\vtblb.exec:\vtblb.exe88⤵
-
\??\c:\jtnrh.exec:\jtnrh.exe89⤵
-
\??\c:\pttxpl.exec:\pttxpl.exe90⤵
-
\??\c:\lvpnnjh.exec:\lvpnnjh.exe91⤵
-
\??\c:\jpbnvd.exec:\jpbnvd.exe92⤵
-
\??\c:\rrhfx.exec:\rrhfx.exe93⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jlhftft.exec:\jlhftft.exe94⤵
-
\??\c:\njljl.exec:\njljl.exe95⤵
-
\??\c:\dljftp.exec:\dljftp.exe96⤵
-
\??\c:\vldhfb.exec:\vldhfb.exe97⤵
-
\??\c:\dtdhppp.exec:\dtdhppp.exe98⤵
-
\??\c:\xfthl.exec:\xfthl.exe99⤵
-
\??\c:\rbtvtf.exec:\rbtvtf.exe100⤵
-
\??\c:\jtdxvl.exec:\jtdxvl.exe101⤵
-
\??\c:\pdhxrh.exec:\pdhxrh.exe102⤵
-
\??\c:\btbfnh.exec:\btbfnh.exe103⤵
-
\??\c:\hxvxxl.exec:\hxvxxl.exe104⤵
-
\??\c:\jllnnhh.exec:\jllnnhh.exe105⤵
-
\??\c:\tvphd.exec:\tvphd.exe106⤵
-
\??\c:\hbhlthj.exec:\hbhlthj.exe107⤵
-
\??\c:\pbrfxbv.exec:\pbrfxbv.exe108⤵
-
\??\c:\rrxnxd.exec:\rrxnxd.exe109⤵
-
\??\c:\xlftp.exec:\xlftp.exe110⤵
-
\??\c:\tnrxrf.exec:\tnrxrf.exe111⤵
-
\??\c:\thxjn.exec:\thxjn.exe112⤵
-
\??\c:\fdtdr.exec:\fdtdr.exe113⤵
-
\??\c:\xttbjlh.exec:\xttbjlh.exe114⤵
-
\??\c:\hdfdnbj.exec:\hdfdnbj.exe115⤵
-
\??\c:\vxbltvh.exec:\vxbltvh.exe116⤵
-
\??\c:\vtjtp.exec:\vtjtp.exe117⤵
-
\??\c:\rjlbdd.exec:\rjlbdd.exe118⤵
-
\??\c:\bhhlvd.exec:\bhhlvd.exe119⤵
-
\??\c:\tftdvp.exec:\tftdvp.exe120⤵
-
\??\c:\flpxp.exec:\flpxp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-