Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
29/12/2024, 03:14
General
-
Target
b4ccb52eb1660f7883a2501894ab81a58eacc702506c5917e52f9d9f183aadad.exe
-
Size
455KB
-
MD5
e1f5421a7824f8a21213a42eb6906b73
-
SHA1
3d523fbea75e02325fdfab4963f54e85d0d834f1
-
SHA256
b4ccb52eb1660f7883a2501894ab81a58eacc702506c5917e52f9d9f183aadad
-
SHA512
b2f25feed71382b8ebd53e52083fd8af653debbf925a3d71894f479b192d1a13fff2a4906041e7a7095f0f23434c8246ae00f14985eb7defa95a0711eb075c10
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeJ:q7Tc2NYHUrAwfMp3CDJ
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 44 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 44 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b4ccb52eb1660f7883a2501894ab81a58eacc702506c5917e52f9d9f183aadad.exe"C:\Users\Admin\AppData\Local\Temp\b4ccb52eb1660f7883a2501894ab81a58eacc702506c5917e52f9d9f183aadad.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nhflnp.exec:\nhflnp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbdhl.exec:\nbbdhl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ltbnh.exec:\ltbnh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btthr.exec:\btthr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\phhpjd.exec:\phhpjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pfnjv.exec:\pfnjv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntdvnv.exec:\ntdvnv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jbxlt.exec:\jbxlt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\prptnlv.exec:\prptnlv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xbvfff.exec:\xbvfff.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvbjh.exec:\pvbjh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lvbxpb.exec:\lvbxpb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vxdjxdf.exec:\vxdjxdf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nfbfvdt.exec:\nfbfvdt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pxpdft.exec:\pxpdft.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bdfbxv.exec:\bdfbxv.exe17⤵
- Executes dropped EXE
-
\??\c:\hnxxv.exec:\hnxxv.exe18⤵
- Executes dropped EXE
-
\??\c:\pdbrx.exec:\pdbrx.exe19⤵
- Executes dropped EXE
-
\??\c:\nnvjn.exec:\nnvjn.exe20⤵
- Executes dropped EXE
-
\??\c:\hfpvjv.exec:\hfpvjv.exe21⤵
- Executes dropped EXE
-
\??\c:\tblvph.exec:\tblvph.exe22⤵
- Executes dropped EXE
-
\??\c:\nnvnvv.exec:\nnvnvv.exe23⤵
- Executes dropped EXE
-
\??\c:\hhndjrv.exec:\hhndjrv.exe24⤵
- Executes dropped EXE
-
\??\c:\dffhb.exec:\dffhb.exe25⤵
- Executes dropped EXE
-
\??\c:\fllvlfj.exec:\fllvlfj.exe26⤵
- Executes dropped EXE
-
\??\c:\drvdbt.exec:\drvdbt.exe27⤵
- Executes dropped EXE
-
\??\c:\nvljlvd.exec:\nvljlvd.exe28⤵
- Executes dropped EXE
-
\??\c:\hnpptth.exec:\hnpptth.exe29⤵
- Executes dropped EXE
-
\??\c:\tbdrl.exec:\tbdrl.exe30⤵
- Executes dropped EXE
-
\??\c:\hltxnl.exec:\hltxnl.exe31⤵
- Executes dropped EXE
-
\??\c:\trpjpp.exec:\trpjpp.exe32⤵
- Executes dropped EXE
-
\??\c:\hjjfvp.exec:\hjjfvp.exe33⤵
- Executes dropped EXE
-
\??\c:\phnbn.exec:\phnbn.exe34⤵
- Executes dropped EXE
-
\??\c:\dlbnn.exec:\dlbnn.exe35⤵
- Executes dropped EXE
-
\??\c:\vrfpb.exec:\vrfpb.exe36⤵
- Executes dropped EXE
-
\??\c:\frjrd.exec:\frjrd.exe37⤵
- Executes dropped EXE
-
\??\c:\bfjff.exec:\bfjff.exe38⤵
- Executes dropped EXE
-
\??\c:\rxfdf.exec:\rxfdf.exe39⤵
- Executes dropped EXE
-
\??\c:\dbtdhf.exec:\dbtdhf.exe40⤵
- Executes dropped EXE
-
\??\c:\vjbpnph.exec:\vjbpnph.exe41⤵
- Executes dropped EXE
-
\??\c:\dvnvdjt.exec:\dvnvdjt.exe42⤵
- Executes dropped EXE
-
\??\c:\rhxpxnt.exec:\rhxpxnt.exe43⤵
- Executes dropped EXE
-
\??\c:\nbvvxh.exec:\nbvvxh.exe44⤵
- Executes dropped EXE
-
\??\c:\pjxnrd.exec:\pjxnrd.exe45⤵
- Executes dropped EXE
-
\??\c:\ptxdnn.exec:\ptxdnn.exe46⤵
- Executes dropped EXE
-
\??\c:\vhbprl.exec:\vhbprl.exe47⤵
- Executes dropped EXE
-
\??\c:\lxfdt.exec:\lxfdt.exe48⤵
- Executes dropped EXE
-
\??\c:\fjfvr.exec:\fjfvr.exe49⤵
- Executes dropped EXE
-
\??\c:\lxrrjt.exec:\lxrrjt.exe50⤵
- Executes dropped EXE
-
\??\c:\fbxjf.exec:\fbxjf.exe51⤵
- Executes dropped EXE
-
\??\c:\nnxfjrr.exec:\nnxfjrr.exe52⤵
- Executes dropped EXE
-
\??\c:\fplvx.exec:\fplvx.exe53⤵
- Executes dropped EXE
-
\??\c:\phnphbp.exec:\phnphbp.exe54⤵
- Executes dropped EXE
-
\??\c:\fbfxh.exec:\fbfxh.exe55⤵
- Executes dropped EXE
-
\??\c:\vppnvnv.exec:\vppnvnv.exe56⤵
- Executes dropped EXE
-
\??\c:\pxnjdjn.exec:\pxnjdjn.exe57⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\lfhxvhb.exec:\lfhxvhb.exe58⤵
- Executes dropped EXE
-
\??\c:\njnpphl.exec:\njnpphl.exe59⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\rhjnn.exec:\rhjnn.exe60⤵
- Executes dropped EXE
-
\??\c:\flnvvlv.exec:\flnvvlv.exe61⤵
- Executes dropped EXE
-
\??\c:\lhdndtt.exec:\lhdndtt.exe62⤵
- Executes dropped EXE
-
\??\c:\xphff.exec:\xphff.exe63⤵
- Executes dropped EXE
-
\??\c:\bdjlnd.exec:\bdjlnd.exe64⤵
- Executes dropped EXE
-
\??\c:\xvnlb.exec:\xvnlb.exe65⤵
- Executes dropped EXE
-
\??\c:\lbrphv.exec:\lbrphv.exe66⤵
-
\??\c:\rlltbtx.exec:\rlltbtx.exe67⤵
-
\??\c:\txvrpb.exec:\txvrpb.exe68⤵
-
\??\c:\tvpxfr.exec:\tvpxfr.exe69⤵
-
\??\c:\fjllnt.exec:\fjllnt.exe70⤵
-
\??\c:\jnxln.exec:\jnxln.exe71⤵
-
\??\c:\pxldnpp.exec:\pxldnpp.exe72⤵
-
\??\c:\fxhjb.exec:\fxhjb.exe73⤵
-
\??\c:\fvhhl.exec:\fvhhl.exe74⤵
-
\??\c:\ddthp.exec:\ddthp.exe75⤵
-
\??\c:\rjdbfr.exec:\rjdbfr.exe76⤵
-
\??\c:\bjhfdx.exec:\bjhfdx.exe77⤵
-
\??\c:\vjnbr.exec:\vjnbr.exe78⤵
-
\??\c:\ftvlt.exec:\ftvlt.exe79⤵
-
\??\c:\pdxdlv.exec:\pdxdlv.exe80⤵
-
\??\c:\rvnvpbp.exec:\rvnvpbp.exe81⤵
-
\??\c:\jdldpdt.exec:\jdldpdt.exe82⤵
-
\??\c:\bhtrdfr.exec:\bhtrdfr.exe83⤵
-
\??\c:\pbjfr.exec:\pbjfr.exe84⤵
-
\??\c:\txbbptl.exec:\txbbptl.exe85⤵
-
\??\c:\rfpnb.exec:\rfpnb.exe86⤵
-
\??\c:\xprjhf.exec:\xprjhf.exe87⤵
-
\??\c:\bjrdvlp.exec:\bjrdvlp.exe88⤵
-
\??\c:\jxpntrn.exec:\jxpntrn.exe89⤵
-
\??\c:\djllrx.exec:\djllrx.exe90⤵
-
\??\c:\vrbrb.exec:\vrbrb.exe91⤵
-
\??\c:\llnbffh.exec:\llnbffh.exe92⤵
-
\??\c:\vtdlnn.exec:\vtdlnn.exe93⤵
-
\??\c:\ddrhjb.exec:\ddrhjb.exe94⤵
-
\??\c:\brxnld.exec:\brxnld.exe95⤵
-
\??\c:\plxpvrt.exec:\plxpvrt.exe96⤵
-
\??\c:\nbnvfv.exec:\nbnvfv.exe97⤵
-
\??\c:\htjtp.exec:\htjtp.exe98⤵
-
\??\c:\vfhlnh.exec:\vfhlnh.exe99⤵
-
\??\c:\vlhxvpl.exec:\vlhxvpl.exe100⤵
-
\??\c:\xntdp.exec:\xntdp.exe101⤵
-
\??\c:\vbfrtdp.exec:\vbfrtdp.exe102⤵
-
\??\c:\rrpdpl.exec:\rrpdpl.exe103⤵
-
\??\c:\xfvbdn.exec:\xfvbdn.exe104⤵
-
\??\c:\ljrvxnv.exec:\ljrvxnv.exe105⤵
-
\??\c:\vblrxth.exec:\vblrxth.exe106⤵
-
\??\c:\prxvftl.exec:\prxvftl.exe107⤵
-
\??\c:\xxdjdt.exec:\xxdjdt.exe108⤵
-
\??\c:\rvrvbn.exec:\rvrvbn.exe109⤵
-
\??\c:\jlhfx.exec:\jlhfx.exe110⤵
-
\??\c:\jvlrj.exec:\jvlrj.exe111⤵
-
\??\c:\hjdvxlt.exec:\hjdvxlt.exe112⤵
-
\??\c:\xbrjjp.exec:\xbrjjp.exe113⤵
-
\??\c:\bnbjl.exec:\bnbjl.exe114⤵
-
\??\c:\dhxxf.exec:\dhxxf.exe115⤵
-
\??\c:\bhrvpn.exec:\bhrvpn.exe116⤵
-
\??\c:\rtnbb.exec:\rtnbb.exe117⤵
-
\??\c:\jlvfr.exec:\jlvfr.exe118⤵
-
\??\c:\npxbdhb.exec:\npxbdhb.exe119⤵
-
\??\c:\bhdhd.exec:\bhdhd.exe120⤵
-
\??\c:\tnpllvj.exec:\tnpllvj.exe121⤵
- System Location Discovery: System Language Discovery
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-