Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
29/12/2024, 01:10
General
-
Target
7ce5f9993366d7c4204750fac9dea2cea74a68ac19c76b628964a08b31cdc3f1.exe
-
Size
454KB
-
MD5
34e136b6e0a5194c2fbf75b4190e2428
-
SHA1
11984032f83f3422e253591378fd5bf3a4d8c9ae
-
SHA256
7ce5f9993366d7c4204750fac9dea2cea74a68ac19c76b628964a08b31cdc3f1
-
SHA512
eddbb0bfbd3e847893e5e1b851f1a7c5e6d51a0ed2e01e29c8f4f8fcbb572ab2a33db1c4f474910e055e97836cc7aa34973b413451890f24f405fc95e33184a6
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeTS:q7Tc2NYHUrAwfMp3CDG
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 42 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 45 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7ce5f9993366d7c4204750fac9dea2cea74a68ac19c76b628964a08b31cdc3f1.exe"C:\Users\Admin\AppData\Local\Temp\7ce5f9993366d7c4204750fac9dea2cea74a68ac19c76b628964a08b31cdc3f1.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\btbhtt.exec:\btbhtt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddd.exec:\jdddd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnthh.exec:\htnthh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpp.exec:\ppvpp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lxrrrx.exec:\7lxrrrx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7flfrll.exec:\7flfrll.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnntbh.exec:\tnntbh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdjj.exec:\dpdjj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dvvd.exec:\1dvvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3fxlrrx.exec:\3fxlrrx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnbnn.exec:\nhnbnn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbhhh.exec:\bnbhhh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lxrrlr.exec:\7lxrrlr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhhb.exec:\bnnhhb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lrffrx.exec:\9lrffrx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nnthn.exec:\7nnthn.exe17⤵
- Executes dropped EXE
-
\??\c:\tthhhn.exec:\tthhhn.exe18⤵
- Executes dropped EXE
-
\??\c:\hthnnn.exec:\hthnnn.exe19⤵
- Executes dropped EXE
-
\??\c:\3jpjp.exec:\3jpjp.exe20⤵
- Executes dropped EXE
-
\??\c:\9frrxff.exec:\9frrxff.exe21⤵
- Executes dropped EXE
-
\??\c:\nbnhnn.exec:\nbnhnn.exe22⤵
- Executes dropped EXE
-
\??\c:\3jppv.exec:\3jppv.exe23⤵
- Executes dropped EXE
-
\??\c:\rxxfxrx.exec:\rxxfxrx.exe24⤵
- Executes dropped EXE
-
\??\c:\nthnhh.exec:\nthnhh.exe25⤵
- Executes dropped EXE
-
\??\c:\pjppd.exec:\pjppd.exe26⤵
- Executes dropped EXE
-
\??\c:\frxxxrx.exec:\frxxxrx.exe27⤵
- Executes dropped EXE
-
\??\c:\thbhtn.exec:\thbhtn.exe28⤵
- Executes dropped EXE
-
\??\c:\9jjpv.exec:\9jjpv.exe29⤵
- Executes dropped EXE
-
\??\c:\fxxfrxl.exec:\fxxfrxl.exe30⤵
- Executes dropped EXE
-
\??\c:\5nhhnt.exec:\5nhhnt.exe31⤵
- Executes dropped EXE
-
\??\c:\vpjpv.exec:\vpjpv.exe32⤵
- Executes dropped EXE
-
\??\c:\frllrrx.exec:\frllrrx.exe33⤵
- Executes dropped EXE
-
\??\c:\rrflxxl.exec:\rrflxxl.exe34⤵
- Executes dropped EXE
-
\??\c:\nhbhnn.exec:\nhbhnn.exe35⤵
- Executes dropped EXE
-
\??\c:\xlllxfr.exec:\xlllxfr.exe36⤵
- Executes dropped EXE
-
\??\c:\xllllfx.exec:\xllllfx.exe37⤵
- Executes dropped EXE
-
\??\c:\1bbbhh.exec:\1bbbhh.exe38⤵
- Executes dropped EXE
-
\??\c:\dvjjj.exec:\dvjjj.exe39⤵
- Executes dropped EXE
-
\??\c:\5lffffr.exec:\5lffffr.exe40⤵
- Executes dropped EXE
-
\??\c:\rlxxxrr.exec:\rlxxxrr.exe41⤵
- Executes dropped EXE
-
\??\c:\nnbhhb.exec:\nnbhhb.exe42⤵
- Executes dropped EXE
-
\??\c:\9pvjj.exec:\9pvjj.exe43⤵
- Executes dropped EXE
-
\??\c:\3dppv.exec:\3dppv.exe44⤵
- Executes dropped EXE
-
\??\c:\7flxxxr.exec:\7flxxxr.exe45⤵
- Executes dropped EXE
-
\??\c:\nhtnnn.exec:\nhtnnn.exe46⤵
- Executes dropped EXE
-
\??\c:\jvvpv.exec:\jvvpv.exe47⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe48⤵
- Executes dropped EXE
-
\??\c:\9lffllr.exec:\9lffllr.exe49⤵
- Executes dropped EXE
-
\??\c:\1nnbhb.exec:\1nnbhb.exe50⤵
- Executes dropped EXE
-
\??\c:\nnbhht.exec:\nnbhht.exe51⤵
- Executes dropped EXE
-
\??\c:\pjddd.exec:\pjddd.exe52⤵
- Executes dropped EXE
-
\??\c:\ppjpv.exec:\ppjpv.exe53⤵
- Executes dropped EXE
-
\??\c:\fxffxfr.exec:\fxffxfr.exe54⤵
- Executes dropped EXE
-
\??\c:\9nbhhh.exec:\9nbhhh.exe55⤵
- Executes dropped EXE
-
\??\c:\nbhhnh.exec:\nbhhnh.exe56⤵
- Executes dropped EXE
-
\??\c:\dvjdd.exec:\dvjdd.exe57⤵
- Executes dropped EXE
-
\??\c:\jdpjd.exec:\jdpjd.exe58⤵
- Executes dropped EXE
-
\??\c:\fxxfffl.exec:\fxxfffl.exe59⤵
- Executes dropped EXE
-
\??\c:\lffxxxf.exec:\lffxxxf.exe60⤵
- Executes dropped EXE
-
\??\c:\thnttn.exec:\thnttn.exe61⤵
- Executes dropped EXE
-
\??\c:\jpdpv.exec:\jpdpv.exe62⤵
- Executes dropped EXE
-
\??\c:\dpjjp.exec:\dpjjp.exe63⤵
- Executes dropped EXE
-
\??\c:\lfrrxxr.exec:\lfrrxxr.exe64⤵
- Executes dropped EXE
-
\??\c:\frfxxrr.exec:\frfxxrr.exe65⤵
- Executes dropped EXE
-
\??\c:\3pddj.exec:\3pddj.exe66⤵
-
\??\c:\fxlrxxf.exec:\fxlrxxf.exe67⤵
-
\??\c:\1bnntn.exec:\1bnntn.exe68⤵
-
\??\c:\pjppd.exec:\pjppd.exe69⤵
- System Location Discovery: System Language Discovery
-
\??\c:\3tbhnn.exec:\3tbhnn.exe70⤵
-
\??\c:\vdpjd.exec:\vdpjd.exe71⤵
-
\??\c:\nhhnbb.exec:\nhhnbb.exe72⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe73⤵
-
\??\c:\3ntnbt.exec:\3ntnbt.exe74⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hhbnnt.exec:\hhbnnt.exe75⤵
-
\??\c:\xrxxfll.exec:\xrxxfll.exe76⤵
-
\??\c:\7xrrrff.exec:\7xrrrff.exe77⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe78⤵
-
\??\c:\7vvdv.exec:\7vvdv.exe79⤵
-
\??\c:\xrllrxf.exec:\xrllrxf.exe80⤵
-
\??\c:\7hbnnt.exec:\7hbnnt.exe81⤵
-
\??\c:\jdvjp.exec:\jdvjp.exe82⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe83⤵
-
\??\c:\ffxlrxl.exec:\ffxlrxl.exe84⤵
-
\??\c:\5tntbb.exec:\5tntbb.exe85⤵
-
\??\c:\7hnntt.exec:\7hnntt.exe86⤵
-
\??\c:\vdvdj.exec:\vdvdj.exe87⤵
-
\??\c:\rxrxxlx.exec:\rxrxxlx.exe88⤵
-
\??\c:\hbthth.exec:\hbthth.exe89⤵
-
\??\c:\hbthnt.exec:\hbthnt.exe90⤵
-
\??\c:\jppdv.exec:\jppdv.exe91⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe92⤵
-
\??\c:\llrrxlr.exec:\llrrxlr.exe93⤵
-
\??\c:\nhhnbh.exec:\nhhnbh.exe94⤵
-
\??\c:\1tntbb.exec:\1tntbb.exe95⤵
-
\??\c:\dvppd.exec:\dvppd.exe96⤵
-
\??\c:\9xllrrr.exec:\9xllrrr.exe97⤵
-
\??\c:\ffflxxl.exec:\ffflxxl.exe98⤵
-
\??\c:\nthnbt.exec:\nthnbt.exe99⤵
-
\??\c:\pppjp.exec:\pppjp.exe100⤵
-
\??\c:\ffxlxll.exec:\ffxlxll.exe101⤵
-
\??\c:\lrlxrfx.exec:\lrlxrfx.exe102⤵
-
\??\c:\httbbh.exec:\httbbh.exe103⤵
-
\??\c:\ntnnhn.exec:\ntnnhn.exe104⤵
-
\??\c:\ddjpv.exec:\ddjpv.exe105⤵
-
\??\c:\frxrxrf.exec:\frxrxrf.exe106⤵
-
\??\c:\lllrffl.exec:\lllrffl.exe107⤵
-
\??\c:\1ttbnt.exec:\1ttbnt.exe108⤵
-
\??\c:\9jvdv.exec:\9jvdv.exe109⤵
-
\??\c:\pppvp.exec:\pppvp.exe110⤵
-
\??\c:\xrflrxf.exec:\xrflrxf.exe111⤵
-
\??\c:\hbnthb.exec:\hbnthb.exe112⤵
-
\??\c:\9jddj.exec:\9jddj.exe113⤵
-
\??\c:\5xrrfff.exec:\5xrrfff.exe114⤵
-
\??\c:\rrlrrxf.exec:\rrlrrxf.exe115⤵
-
\??\c:\hhhbtb.exec:\hhhbtb.exe116⤵
-
\??\c:\hhthtb.exec:\hhthtb.exe117⤵
-
\??\c:\7pdjj.exec:\7pdjj.exe118⤵
-
\??\c:\7fxfxfr.exec:\7fxfxfr.exe119⤵
-
\??\c:\1nhntt.exec:\1nhntt.exe120⤵
-
\??\c:\ttttnn.exec:\ttttnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-