Analysis
-
max time kernel
150s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
29/12/2024, 03:27
General
-
Target
b9387d176de595230f4a48f07791ed19d3f0dabc1ecae807fa8eaf0dae870e55.exe
-
Size
454KB
-
MD5
84eddb140b1c8b34a2b934c8f2f65984
-
SHA1
5a6d69b674d0a23eef9c3bdf29f0729662999db0
-
SHA256
b9387d176de595230f4a48f07791ed19d3f0dabc1ecae807fa8eaf0dae870e55
-
SHA512
3496cfdab8853e656d2543802c7c26a9d81faaf7cc3efa8c8d588076f96bf32a01426de85a91b29ca4dd69cc2a574f6266ba290e827af63d88acb2b449c5367e
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbej:q7Tc2NYHUrAwfMp3CDj
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 38 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 44 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b9387d176de595230f4a48f07791ed19d3f0dabc1ecae807fa8eaf0dae870e55.exe"C:\Users\Admin\AppData\Local\Temp\b9387d176de595230f4a48f07791ed19d3f0dabc1ecae807fa8eaf0dae870e55.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xphdlr.exec:\xphdlr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pnnjfh.exec:\pnnjfh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ftlhjp.exec:\ftlhjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hvhrf.exec:\hvhrf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\phhph.exec:\phhph.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdppvj.exec:\pdppvj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\plxnn.exec:\plxnn.exe8⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\xvxlr.exec:\xvxlr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tfvjnfb.exec:\tfvjnfb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xpdtpx.exec:\xpdtpx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pbplf.exec:\pbplf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vhbff.exec:\vhbff.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdnxtx.exec:\pdnxtx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfnvb.exec:\rfnvb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xvpbbth.exec:\xvpbbth.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbphp.exec:\nbphp.exe17⤵
- Executes dropped EXE
-
\??\c:\fvvxd.exec:\fvvxd.exe18⤵
- Executes dropped EXE
-
\??\c:\bxxdtfl.exec:\bxxdtfl.exe19⤵
- Executes dropped EXE
-
\??\c:\nxbjb.exec:\nxbjb.exe20⤵
- Executes dropped EXE
-
\??\c:\ppvth.exec:\ppvth.exe21⤵
- Executes dropped EXE
-
\??\c:\phttrpl.exec:\phttrpl.exe22⤵
- Executes dropped EXE
-
\??\c:\jxdfhrn.exec:\jxdfhrn.exe23⤵
- Executes dropped EXE
-
\??\c:\bdflrj.exec:\bdflrj.exe24⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\tnphj.exec:\tnphj.exe25⤵
- Executes dropped EXE
-
\??\c:\njxbrx.exec:\njxbrx.exe26⤵
- Executes dropped EXE
-
\??\c:\vbnnr.exec:\vbnnr.exe27⤵
- Executes dropped EXE
-
\??\c:\hltltt.exec:\hltltt.exe28⤵
- Executes dropped EXE
-
\??\c:\vtlvhr.exec:\vtlvhr.exe29⤵
- Executes dropped EXE
-
\??\c:\jhrxf.exec:\jhrxf.exe30⤵
- Executes dropped EXE
-
\??\c:\dhhnhhb.exec:\dhhnhhb.exe31⤵
- Executes dropped EXE
-
\??\c:\lpvpbpr.exec:\lpvpbpr.exe32⤵
- Executes dropped EXE
-
\??\c:\fpfxn.exec:\fpfxn.exe33⤵
- Executes dropped EXE
-
\??\c:\vfvhltl.exec:\vfvhltl.exe34⤵
- Executes dropped EXE
-
\??\c:\rffndb.exec:\rffndb.exe35⤵
- Executes dropped EXE
-
\??\c:\dbxrn.exec:\dbxrn.exe36⤵
- Executes dropped EXE
-
\??\c:\rdxpj.exec:\rdxpj.exe37⤵
- Executes dropped EXE
-
\??\c:\vvbpx.exec:\vvbpx.exe38⤵
- Executes dropped EXE
-
\??\c:\llxbx.exec:\llxbx.exe39⤵
- Executes dropped EXE
-
\??\c:\xjlbx.exec:\xjlbx.exe40⤵
- Executes dropped EXE
-
\??\c:\phphb.exec:\phphb.exe41⤵
- Executes dropped EXE
-
\??\c:\hpdlhjn.exec:\hpdlhjn.exe42⤵
- Executes dropped EXE
-
\??\c:\nnrblb.exec:\nnrblb.exe43⤵
- Executes dropped EXE
-
\??\c:\hfjjfd.exec:\hfjjfd.exe44⤵
- Executes dropped EXE
-
\??\c:\rpttb.exec:\rpttb.exe45⤵
- Executes dropped EXE
-
\??\c:\dxvtp.exec:\dxvtp.exe46⤵
- Executes dropped EXE
-
\??\c:\jbpptf.exec:\jbpptf.exe47⤵
- Executes dropped EXE
-
\??\c:\tjhljln.exec:\tjhljln.exe48⤵
- Executes dropped EXE
-
\??\c:\tltndl.exec:\tltndl.exe49⤵
- Executes dropped EXE
-
\??\c:\hxhjb.exec:\hxhjb.exe50⤵
- Executes dropped EXE
-
\??\c:\bppdx.exec:\bppdx.exe51⤵
- Executes dropped EXE
-
\??\c:\pptvxjf.exec:\pptvxjf.exe52⤵
- Executes dropped EXE
-
\??\c:\hlxjn.exec:\hlxjn.exe53⤵
- Executes dropped EXE
-
\??\c:\txdntn.exec:\txdntn.exe54⤵
- Executes dropped EXE
-
\??\c:\thphhrt.exec:\thphhrt.exe55⤵
- Executes dropped EXE
-
\??\c:\ltdrd.exec:\ltdrd.exe56⤵
- Executes dropped EXE
-
\??\c:\txpxxd.exec:\txpxxd.exe57⤵
- Executes dropped EXE
-
\??\c:\lbldtrj.exec:\lbldtrj.exe58⤵
- Executes dropped EXE
-
\??\c:\brrpbv.exec:\brrpbv.exe59⤵
- Executes dropped EXE
-
\??\c:\nntfdd.exec:\nntfdd.exe60⤵
- Executes dropped EXE
-
\??\c:\fhtlt.exec:\fhtlt.exe61⤵
- Executes dropped EXE
-
\??\c:\jtpvv.exec:\jtpvv.exe62⤵
- Executes dropped EXE
-
\??\c:\xrbfjxl.exec:\xrbfjxl.exe63⤵
- Executes dropped EXE
-
\??\c:\phfvhl.exec:\phfvhl.exe64⤵
- Executes dropped EXE
-
\??\c:\ftjjp.exec:\ftjjp.exe65⤵
- Executes dropped EXE
-
\??\c:\ljtdflj.exec:\ljtdflj.exe66⤵
-
\??\c:\nvjlt.exec:\nvjlt.exe67⤵
-
\??\c:\fxrjdj.exec:\fxrjdj.exe68⤵
-
\??\c:\xnvlxtx.exec:\xnvlxtx.exe69⤵
-
\??\c:\lphdxvr.exec:\lphdxvr.exe70⤵
-
\??\c:\jnnbd.exec:\jnnbd.exe71⤵
-
\??\c:\jtffdl.exec:\jtffdl.exe72⤵
-
\??\c:\rrhfpht.exec:\rrhfpht.exe73⤵
-
\??\c:\vxxnxj.exec:\vxxnxj.exe74⤵
-
\??\c:\lntdhfv.exec:\lntdhfv.exe75⤵
-
\??\c:\fpbtnvv.exec:\fpbtnvv.exe76⤵
-
\??\c:\trtvjtv.exec:\trtvjtv.exe77⤵
-
\??\c:\pphprlx.exec:\pphprlx.exe78⤵
-
\??\c:\ndrtp.exec:\ndrtp.exe79⤵
-
\??\c:\hpxht.exec:\hpxht.exe80⤵
-
\??\c:\vrxdfn.exec:\vrxdfn.exe81⤵
- System Location Discovery: System Language Discovery
-
\??\c:\jhrbjl.exec:\jhrbjl.exe82⤵
-
\??\c:\rfhdlbx.exec:\rfhdlbx.exe83⤵
-
\??\c:\vtrvlp.exec:\vtrvlp.exe84⤵
-
\??\c:\pttfj.exec:\pttfj.exe85⤵
-
\??\c:\nbplvfp.exec:\nbplvfp.exe86⤵
-
\??\c:\bdjjfx.exec:\bdjjfx.exe87⤵
-
\??\c:\vdxphf.exec:\vdxphf.exe88⤵
-
\??\c:\pfttl.exec:\pfttl.exe89⤵
-
\??\c:\rbvnhp.exec:\rbvnhp.exe90⤵
- System Location Discovery: System Language Discovery
-
\??\c:\fjdxhxp.exec:\fjdxhxp.exe91⤵
- System Location Discovery: System Language Discovery
-
\??\c:\ntdbpj.exec:\ntdbpj.exe92⤵
-
\??\c:\rtxpxn.exec:\rtxpxn.exe93⤵
-
\??\c:\ndtfbrv.exec:\ndtfbrv.exe94⤵
-
\??\c:\tpnnd.exec:\tpnnd.exe95⤵
-
\??\c:\xhhpr.exec:\xhhpr.exe96⤵
-
\??\c:\dpxlbx.exec:\dpxlbx.exe97⤵
-
\??\c:\pxrhx.exec:\pxrhx.exe98⤵
-
\??\c:\btblbnt.exec:\btblbnt.exe99⤵
-
\??\c:\ndbdb.exec:\ndbdb.exe100⤵
-
\??\c:\fhjll.exec:\fhjll.exe101⤵
-
\??\c:\ffxbbvx.exec:\ffxbbvx.exe102⤵
-
\??\c:\trjbx.exec:\trjbx.exe103⤵
-
\??\c:\xjnhl.exec:\xjnhl.exe104⤵
-
\??\c:\tdddlf.exec:\tdddlf.exe105⤵
-
\??\c:\rftnldv.exec:\rftnldv.exe106⤵
-
\??\c:\hjvhxf.exec:\hjvhxf.exe107⤵
-
\??\c:\xfnnr.exec:\xfnnr.exe108⤵
-
\??\c:\pflpdbx.exec:\pflpdbx.exe109⤵
-
\??\c:\jlpvh.exec:\jlpvh.exe110⤵
-
\??\c:\jfjxdd.exec:\jfjxdd.exe111⤵
-
\??\c:\pdnfhf.exec:\pdnfhf.exe112⤵
-
\??\c:\pjxxrjt.exec:\pjxxrjt.exe113⤵
-
\??\c:\lrljt.exec:\lrljt.exe114⤵
-
\??\c:\jbvjfv.exec:\jbvjfv.exe115⤵
-
\??\c:\xxvxp.exec:\xxvxp.exe116⤵
-
\??\c:\tphttth.exec:\tphttth.exe117⤵
-
\??\c:\hfnlpx.exec:\hfnlpx.exe118⤵
-
\??\c:\txffflf.exec:\txffflf.exe119⤵
-
\??\c:\bvbtj.exec:\bvbtj.exe120⤵
-
\??\c:\ndjftj.exec:\ndjftj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-