Analysis
-
max time kernel
150s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
29/12/2024, 02:11
General
-
Target
972e75bb4fff6ba8e120df57289ef8df93b34e7a303726f016281398caea4aa9.exe
-
Size
456KB
-
MD5
a7f9ade8b35a7ab920f0611e01a25578
-
SHA1
81bb778fdb969dbeae54c7fcfe0937afd84ccfc8
-
SHA256
972e75bb4fff6ba8e120df57289ef8df93b34e7a303726f016281398caea4aa9
-
SHA512
0b39e4d98dff04c06a5a22c65017e2ac6e3b833e54ad261e78ca114f0478aeb2df06787ea60a55632c78f0a75ecfd1cc477e9a39d0cf6d68cb3dcfa62d7d3878
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeRwr:q7Tc2NYHUrAwfMp3CDRwr
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 36 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 44 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\972e75bb4fff6ba8e120df57289ef8df93b34e7a303726f016281398caea4aa9.exe"C:\Users\Admin\AppData\Local\Temp\972e75bb4fff6ba8e120df57289ef8df93b34e7a303726f016281398caea4aa9.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pffvnrf.exec:\pffvnrf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\npxrbn.exec:\npxrbn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hrtdjfx.exec:\hrtdjfx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jlxtt.exec:\jlxtt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnpbh.exec:\bnpbh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bxdprh.exec:\bxdprh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jhptnbv.exec:\jhptnbv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhthjpx.exec:\bhthjpx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nxphvn.exec:\nxphvn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hxhpfjt.exec:\hxhpfjt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vxbrbp.exec:\vxbrbp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vnvrdpv.exec:\vnvrdpv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lhtbf.exec:\lhtbf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrhpd.exec:\xrhpd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lbrvb.exec:\lbrvb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xdbpp.exec:\xdbpp.exe17⤵
- Executes dropped EXE
-
\??\c:\vhltv.exec:\vhltv.exe18⤵
- Executes dropped EXE
-
\??\c:\bnlppd.exec:\bnlppd.exe19⤵
- Executes dropped EXE
-
\??\c:\nvxfv.exec:\nvxfv.exe20⤵
- Executes dropped EXE
-
\??\c:\jrxprd.exec:\jrxprd.exe21⤵
- Executes dropped EXE
-
\??\c:\hrptf.exec:\hrptf.exe22⤵
- Executes dropped EXE
-
\??\c:\lndvv.exec:\lndvv.exe23⤵
- Executes dropped EXE
-
\??\c:\djblvvx.exec:\djblvvx.exe24⤵
- Executes dropped EXE
-
\??\c:\lphtvd.exec:\lphtvd.exe25⤵
- Executes dropped EXE
-
\??\c:\pbnllld.exec:\pbnllld.exe26⤵
- Executes dropped EXE
-
\??\c:\vlvxpb.exec:\vlvxpb.exe27⤵
- Executes dropped EXE
-
\??\c:\tdfvh.exec:\tdfvh.exe28⤵
- Executes dropped EXE
-
\??\c:\ddbbv.exec:\ddbbv.exe29⤵
- Executes dropped EXE
-
\??\c:\xxpfh.exec:\xxpfh.exe30⤵
- Executes dropped EXE
-
\??\c:\bvxhjp.exec:\bvxhjp.exe31⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\xdttr.exec:\xdttr.exe32⤵
- Executes dropped EXE
-
\??\c:\lfbprdh.exec:\lfbprdh.exe33⤵
- Executes dropped EXE
-
\??\c:\nbdvxj.exec:\nbdvxj.exe34⤵
- Executes dropped EXE
-
\??\c:\lbrlxrp.exec:\lbrlxrp.exe35⤵
- Executes dropped EXE
-
\??\c:\trxddtp.exec:\trxddtp.exe36⤵
- Executes dropped EXE
-
\??\c:\bnpbv.exec:\bnpbv.exe37⤵
- Executes dropped EXE
-
\??\c:\hxhrhb.exec:\hxhrhb.exe38⤵
- Executes dropped EXE
-
\??\c:\dxnnvr.exec:\dxnnvr.exe39⤵
- Executes dropped EXE
-
\??\c:\jvdbnrn.exec:\jvdbnrn.exe40⤵
- Executes dropped EXE
-
\??\c:\ljffll.exec:\ljffll.exe41⤵
- Executes dropped EXE
-
\??\c:\djtpp.exec:\djtpp.exe42⤵
- Executes dropped EXE
-
\??\c:\jrvbv.exec:\jrvbv.exe43⤵
- Executes dropped EXE
-
\??\c:\tjdxvl.exec:\tjdxvl.exe44⤵
- Executes dropped EXE
-
\??\c:\nppxjxl.exec:\nppxjxl.exe45⤵
- Executes dropped EXE
-
\??\c:\rtnldvh.exec:\rtnldvh.exe46⤵
- Executes dropped EXE
-
\??\c:\lrvljt.exec:\lrvljt.exe47⤵
- Executes dropped EXE
-
\??\c:\jrbnvtl.exec:\jrbnvtl.exe48⤵
- Executes dropped EXE
-
\??\c:\nxxxd.exec:\nxxxd.exe49⤵
- Executes dropped EXE
-
\??\c:\djbpj.exec:\djbpj.exe50⤵
- Executes dropped EXE
-
\??\c:\nrjljd.exec:\nrjljd.exe51⤵
- Executes dropped EXE
-
\??\c:\xltxj.exec:\xltxj.exe52⤵
- Executes dropped EXE
-
\??\c:\xddfld.exec:\xddfld.exe53⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\hjbvtv.exec:\hjbvtv.exe54⤵
- Executes dropped EXE
-
\??\c:\xlnrphb.exec:\xlnrphb.exe55⤵
- Executes dropped EXE
-
\??\c:\rdndp.exec:\rdndp.exe56⤵
- Executes dropped EXE
-
\??\c:\dhtpln.exec:\dhtpln.exe57⤵
- Executes dropped EXE
-
\??\c:\vvxrl.exec:\vvxrl.exe58⤵
- Executes dropped EXE
-
\??\c:\dnnvhr.exec:\dnnvhr.exe59⤵
- Executes dropped EXE
-
\??\c:\jxjdr.exec:\jxjdr.exe60⤵
- Executes dropped EXE
-
\??\c:\xjrxj.exec:\xjrxj.exe61⤵
- Executes dropped EXE
-
\??\c:\tlbfr.exec:\tlbfr.exe62⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\nfrtff.exec:\nfrtff.exe63⤵
- Executes dropped EXE
-
\??\c:\vhrnf.exec:\vhrnf.exe64⤵
- Executes dropped EXE
-
\??\c:\pjdff.exec:\pjdff.exe65⤵
- Executes dropped EXE
-
\??\c:\thbjl.exec:\thbjl.exe66⤵
-
\??\c:\jflrvhf.exec:\jflrvhf.exe67⤵
-
\??\c:\brpjv.exec:\brpjv.exe68⤵
-
\??\c:\bdvlf.exec:\bdvlf.exe69⤵
-
\??\c:\dvlhfx.exec:\dvlhfx.exe70⤵
-
\??\c:\ppthtjd.exec:\ppthtjd.exe71⤵
-
\??\c:\trvpnf.exec:\trvpnf.exe72⤵
-
\??\c:\rjxft.exec:\rjxft.exe73⤵
-
\??\c:\dvnrtrh.exec:\dvnrtrh.exe74⤵
-
\??\c:\nptvbtv.exec:\nptvbtv.exe75⤵
-
\??\c:\jxjxn.exec:\jxjxn.exe76⤵
-
\??\c:\vphdbx.exec:\vphdbx.exe77⤵
-
\??\c:\vvjndhj.exec:\vvjndhj.exe78⤵
-
\??\c:\pxjrdfr.exec:\pxjrdfr.exe79⤵
-
\??\c:\ltlfpv.exec:\ltlfpv.exe80⤵
-
\??\c:\bbblhr.exec:\bbblhr.exe81⤵
-
\??\c:\rnrfnxj.exec:\rnrfnxj.exe82⤵
-
\??\c:\plpjn.exec:\plpjn.exe83⤵
-
\??\c:\rbvnd.exec:\rbvnd.exe84⤵
-
\??\c:\xtxpfb.exec:\xtxpfb.exe85⤵
-
\??\c:\dlrdb.exec:\dlrdb.exe86⤵
-
\??\c:\rhfpv.exec:\rhfpv.exe87⤵
-
\??\c:\bxxfp.exec:\bxxfp.exe88⤵
-
\??\c:\xbtrb.exec:\xbtrb.exe89⤵
- System Location Discovery: System Language Discovery
-
\??\c:\fpdff.exec:\fpdff.exe90⤵
-
\??\c:\vnxtx.exec:\vnxtx.exe91⤵
-
\??\c:\rrplrv.exec:\rrplrv.exe92⤵
-
\??\c:\fbjbdj.exec:\fbjbdj.exe93⤵
-
\??\c:\nhlbhrx.exec:\nhlbhrx.exe94⤵
-
\??\c:\tfdpdl.exec:\tfdpdl.exe95⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jvtbbb.exec:\jvtbbb.exe96⤵
-
\??\c:\rjvfxr.exec:\rjvfxr.exe97⤵
-
\??\c:\dpvfr.exec:\dpvfr.exe98⤵
-
\??\c:\ptjfr.exec:\ptjfr.exe99⤵
-
\??\c:\dflfjbx.exec:\dflfjbx.exe100⤵
-
\??\c:\drhnpdn.exec:\drhnpdn.exe101⤵
-
\??\c:\pbbfrvr.exec:\pbbfrvr.exe102⤵
-
\??\c:\lplrpd.exec:\lplrpd.exe103⤵
-
\??\c:\hxvhtd.exec:\hxvhtd.exe104⤵
-
\??\c:\lfnnpfl.exec:\lfnnpfl.exe105⤵
-
\??\c:\pnnjtbl.exec:\pnnjtbl.exe106⤵
-
\??\c:\rdjtb.exec:\rdjtb.exe107⤵
-
\??\c:\vntdhd.exec:\vntdhd.exe108⤵
-
\??\c:\tvhfjpd.exec:\tvhfjpd.exe109⤵
-
\??\c:\fxlrrhd.exec:\fxlrrhd.exe110⤵
- System Location Discovery: System Language Discovery
-
\??\c:\nbdbpl.exec:\nbdbpl.exe111⤵
-
\??\c:\hxhnh.exec:\hxhnh.exe112⤵
-
\??\c:\pxhflpt.exec:\pxhflpt.exe113⤵
-
\??\c:\lhdrvdr.exec:\lhdrvdr.exe114⤵
-
\??\c:\dbnxn.exec:\dbnxn.exe115⤵
-
\??\c:\bxrbbn.exec:\bxrbbn.exe116⤵
-
\??\c:\hjnxdnh.exec:\hjnxdnh.exe117⤵
-
\??\c:\vxrnn.exec:\vxrnn.exe118⤵
-
\??\c:\rbdjn.exec:\rbdjn.exe119⤵
-
\??\c:\dthvn.exec:\dthvn.exe120⤵
-
\??\c:\xhpln.exec:\xhpln.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-