Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
29/12/2024, 01:32
General
-
Target
84655e5521931ea7a3fa77304ff757d282a6abf8db02f246da0807af8744a683.exe
-
Size
456KB
-
MD5
7c5ae6140ef8bdf10df5bff29e5eaa3d
-
SHA1
5e67f88f4c47fd7f230a393a5ede8bbbdc0b5e6a
-
SHA256
84655e5521931ea7a3fa77304ff757d282a6abf8db02f246da0807af8744a683
-
SHA512
d9c85c3aa5bf2c03b0eda75ef9fb2cf1449304c6023b9e24c1e77b1afcc95c7786136ad92a1ece457c855da0accf1a5a093efc4bccfd52a7396f90154f75e27e
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbe1:q7Tc2NYHUrAwfMp3CD1
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 38 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 40 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\84655e5521931ea7a3fa77304ff757d282a6abf8db02f246da0807af8744a683.exe"C:\Users\Admin\AppData\Local\Temp\84655e5521931ea7a3fa77304ff757d282a6abf8db02f246da0807af8744a683.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bvphfhl.exec:\bvphfhl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vljbjlb.exec:\vljbjlb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jbbpxvh.exec:\jbbpxvh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bxffr.exec:\bxffr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xnjrff.exec:\xnjrff.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vlrxjdl.exec:\vlrxjdl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htxrtnb.exec:\htxrtnb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tlxxlph.exec:\tlxxlph.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xjbddt.exec:\xjbddt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\phxxvp.exec:\phxxvp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxrjjp.exec:\lrxrjjp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjpv.exec:\jvjpv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rbfnr.exec:\rbfnr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xhjfvvn.exec:\xhjfvvn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pbnfj.exec:\pbnfj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bptnnl.exec:\bptnnl.exe17⤵
- Executes dropped EXE
-
\??\c:\fxvtnxv.exec:\fxvtnxv.exe18⤵
- Executes dropped EXE
-
\??\c:\hbbpr.exec:\hbbpr.exe19⤵
- Executes dropped EXE
-
\??\c:\prxfrr.exec:\prxfrr.exe20⤵
- Executes dropped EXE
-
\??\c:\hrhbrh.exec:\hrhbrh.exe21⤵
- Executes dropped EXE
-
\??\c:\hhhhdl.exec:\hhhhdl.exe22⤵
- Executes dropped EXE
-
\??\c:\vffnjnl.exec:\vffnjnl.exe23⤵
- Executes dropped EXE
-
\??\c:\lrndjj.exec:\lrndjj.exe24⤵
- Executes dropped EXE
-
\??\c:\ffbjfdt.exec:\ffbjfdt.exe25⤵
- Executes dropped EXE
-
\??\c:\dlptxbt.exec:\dlptxbt.exe26⤵
- Executes dropped EXE
-
\??\c:\nrntvv.exec:\nrntvv.exe27⤵
- Executes dropped EXE
-
\??\c:\ndrtd.exec:\ndrtd.exe28⤵
- Executes dropped EXE
-
\??\c:\tfblhd.exec:\tfblhd.exe29⤵
- Executes dropped EXE
-
\??\c:\drnvn.exec:\drnvn.exe30⤵
- Executes dropped EXE
-
\??\c:\rhrrtn.exec:\rhrrtn.exe31⤵
- Executes dropped EXE
-
\??\c:\rjrplpd.exec:\rjrplpd.exe32⤵
- Executes dropped EXE
-
\??\c:\fbdftd.exec:\fbdftd.exe33⤵
- Executes dropped EXE
-
\??\c:\vvtpx.exec:\vvtpx.exe34⤵
- Executes dropped EXE
-
\??\c:\nhnlt.exec:\nhnlt.exe35⤵
- Executes dropped EXE
-
\??\c:\ntxxjpn.exec:\ntxxjpn.exe36⤵
- Executes dropped EXE
-
\??\c:\nfrhv.exec:\nfrhv.exe37⤵
- Executes dropped EXE
-
\??\c:\vjpvx.exec:\vjpvx.exe38⤵
- Executes dropped EXE
-
\??\c:\bbdbnv.exec:\bbdbnv.exe39⤵
- Executes dropped EXE
-
\??\c:\fhfrlth.exec:\fhfrlth.exe40⤵
- Executes dropped EXE
-
\??\c:\dlhbtl.exec:\dlhbtl.exe41⤵
- Executes dropped EXE
-
\??\c:\vdtrt.exec:\vdtrt.exe42⤵
- Executes dropped EXE
-
\??\c:\jbntld.exec:\jbntld.exe43⤵
- Executes dropped EXE
-
\??\c:\tbhrd.exec:\tbhrd.exe44⤵
- Executes dropped EXE
-
\??\c:\prhvlxr.exec:\prhvlxr.exe45⤵
- Executes dropped EXE
-
\??\c:\jjbhxjj.exec:\jjbhxjj.exe46⤵
- Executes dropped EXE
-
\??\c:\lvdbxv.exec:\lvdbxv.exe47⤵
- Executes dropped EXE
-
\??\c:\xbhdrtf.exec:\xbhdrtf.exe48⤵
- Executes dropped EXE
-
\??\c:\xvbxxx.exec:\xvbxxx.exe49⤵
- Executes dropped EXE
-
\??\c:\bnrnrf.exec:\bnrnrf.exe50⤵
- Executes dropped EXE
-
\??\c:\tnplr.exec:\tnplr.exe51⤵
- Executes dropped EXE
-
\??\c:\xnfxj.exec:\xnfxj.exe52⤵
- Executes dropped EXE
-
\??\c:\fdtnlx.exec:\fdtnlx.exe53⤵
- Executes dropped EXE
-
\??\c:\dfbjxjx.exec:\dfbjxjx.exe54⤵
- Executes dropped EXE
-
\??\c:\fbnvt.exec:\fbnvt.exe55⤵
- Executes dropped EXE
-
\??\c:\bhjbfbv.exec:\bhjbfbv.exe56⤵
- Executes dropped EXE
-
\??\c:\phnhxdj.exec:\phnhxdj.exe57⤵
- Executes dropped EXE
-
\??\c:\xphdvbj.exec:\xphdvbj.exe58⤵
- Executes dropped EXE
-
\??\c:\vbvvbdb.exec:\vbvvbdb.exe59⤵
- Executes dropped EXE
-
\??\c:\xdtxx.exec:\xdtxx.exe60⤵
- Executes dropped EXE
-
\??\c:\jrffvb.exec:\jrffvb.exe61⤵
- Executes dropped EXE
-
\??\c:\pfnvhr.exec:\pfnvhr.exe62⤵
- Executes dropped EXE
-
\??\c:\ddvbnl.exec:\ddvbnl.exe63⤵
- Executes dropped EXE
-
\??\c:\hvfvtnf.exec:\hvfvtnf.exe64⤵
- Executes dropped EXE
-
\??\c:\dlhllhp.exec:\dlhllhp.exe65⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\jtltfn.exec:\jtltfn.exe66⤵
-
\??\c:\jxndxpf.exec:\jxndxpf.exe67⤵
-
\??\c:\lpnvbl.exec:\lpnvbl.exe68⤵
- System Location Discovery: System Language Discovery
-
\??\c:\bhndj.exec:\bhndj.exe69⤵
-
\??\c:\pnjtdvf.exec:\pnjtdvf.exe70⤵
-
\??\c:\rjldfnt.exec:\rjldfnt.exe71⤵
-
\??\c:\xdrfl.exec:\xdrfl.exe72⤵
-
\??\c:\fvdtpt.exec:\fvdtpt.exe73⤵
-
\??\c:\ljnpppt.exec:\ljnpppt.exe74⤵
-
\??\c:\jfpxf.exec:\jfpxf.exe75⤵
-
\??\c:\btpfxfx.exec:\btpfxfx.exe76⤵
-
\??\c:\vlxrhf.exec:\vlxrhf.exe77⤵
-
\??\c:\vxbbnt.exec:\vxbbnt.exe78⤵
-
\??\c:\jjbrjdx.exec:\jjbrjdx.exe79⤵
-
\??\c:\fdpnhnt.exec:\fdpnhnt.exe80⤵
-
\??\c:\dhtlhj.exec:\dhtlhj.exe81⤵
-
\??\c:\nddpj.exec:\nddpj.exe82⤵
-
\??\c:\rvtnbjr.exec:\rvtnbjr.exe83⤵
-
\??\c:\djprdv.exec:\djprdv.exe84⤵
-
\??\c:\rffdjlf.exec:\rffdjlf.exe85⤵
-
\??\c:\fpvbh.exec:\fpvbh.exe86⤵
-
\??\c:\lnllb.exec:\lnllb.exe87⤵
-
\??\c:\ttnjljp.exec:\ttnjljp.exe88⤵
-
\??\c:\rxbnll.exec:\rxbnll.exe89⤵
-
\??\c:\vtbnbnp.exec:\vtbnbnp.exe90⤵
-
\??\c:\nhdxl.exec:\nhdxl.exe91⤵
-
\??\c:\bltddtv.exec:\bltddtv.exe92⤵
-
\??\c:\nplbxxh.exec:\nplbxxh.exe93⤵
-
\??\c:\njphhd.exec:\njphhd.exe94⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rhjhjd.exec:\rhjhjd.exe95⤵
-
\??\c:\hjtnnnp.exec:\hjtnnnp.exe96⤵
-
\??\c:\bvbjvbx.exec:\bvbjvbx.exe97⤵
-
\??\c:\dtnvd.exec:\dtnvd.exe98⤵
-
\??\c:\tfhtfl.exec:\tfhtfl.exe99⤵
- System Location Discovery: System Language Discovery
-
\??\c:\rjjhf.exec:\rjjhf.exe100⤵
-
\??\c:\pvvvxfj.exec:\pvvvxfj.exe101⤵
-
\??\c:\fdjdbrt.exec:\fdjdbrt.exe102⤵
-
\??\c:\dfvtll.exec:\dfvtll.exe103⤵
-
\??\c:\vdjxl.exec:\vdjxl.exe104⤵
-
\??\c:\npfrxlx.exec:\npfrxlx.exe105⤵
-
\??\c:\dplpnpd.exec:\dplpnpd.exe106⤵
-
\??\c:\dxdnnv.exec:\dxdnnv.exe107⤵
-
\??\c:\llhxxt.exec:\llhxxt.exe108⤵
-
\??\c:\nvdrr.exec:\nvdrr.exe109⤵
-
\??\c:\pljhr.exec:\pljhr.exe110⤵
-
\??\c:\dhxbdf.exec:\dhxbdf.exe111⤵
-
\??\c:\jfrdlpv.exec:\jfrdlpv.exe112⤵
-
\??\c:\vrhpxnn.exec:\vrhpxnn.exe113⤵
-
\??\c:\xxvvv.exec:\xxvvv.exe114⤵
-
\??\c:\frthlft.exec:\frthlft.exe115⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hjdjbfh.exec:\hjdjbfh.exe116⤵
-
\??\c:\tfnhfrh.exec:\tfnhfrh.exe117⤵
-
\??\c:\dnvxh.exec:\dnvxh.exe118⤵
-
\??\c:\thlpvxf.exec:\thlpvxf.exe119⤵
-
\??\c:\rjxrx.exec:\rjxrx.exe120⤵
-
\??\c:\txlbtv.exec:\txlbtv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-