Analysis
-
max time kernel
120s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
20-01-2025 09:18
General
-
Target
7bc1aeb94b1d8de06240d0efbc1f8115e5a2a7eca12be740de879385d574c1ee.exe
-
Size
454KB
-
MD5
bc3a3ff9eb2723ce1444598f6407afea
-
SHA1
beaa3d6574f6ba744483abef7a3cfc0234770e33
-
SHA256
7bc1aeb94b1d8de06240d0efbc1f8115e5a2a7eca12be740de879385d574c1ee
-
SHA512
e68ccfa1ee5d5a488af3aae73410c8b4367963a2c37e833fd1d343beb1d644fbfc97f831f08c7804e1c435252495c41f69c6c4d85b6652d97b9935e0f166b0b6
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbe7:q7Tc2NYHUrAwfMp3CD7
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 38 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 43 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7bc1aeb94b1d8de06240d0efbc1f8115e5a2a7eca12be740de879385d574c1ee.exe"C:\Users\Admin\AppData\Local\Temp\7bc1aeb94b1d8de06240d0efbc1f8115e5a2a7eca12be740de879385d574c1ee.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxrxfl.exec:\ffxrxfl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ddjp.exec:\7ddjp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnbnn.exec:\tbnbnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvvd.exec:\djvvd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xlxrrf.exec:\1xlxrrf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnntb.exec:\hbnntb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrflrf.exec:\fxrflrf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pjpd.exec:\1pjpd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxfflr.exec:\lfxfflr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvdp.exec:\jvvdp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lfrxfl.exec:\7lfrxfl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhntnb.exec:\hhntnb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlrfl.exec:\fxrlrfl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhthn.exec:\bbhthn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfrffr.exec:\xlfrffr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnhnt.exec:\hhnhnt.exe17⤵
- Executes dropped EXE
-
\??\c:\vjdpd.exec:\vjdpd.exe18⤵
- Executes dropped EXE
-
\??\c:\xrfrrfr.exec:\xrfrrfr.exe19⤵
- Executes dropped EXE
-
\??\c:\dpvdj.exec:\dpvdj.exe20⤵
- Executes dropped EXE
-
\??\c:\xrxrxfr.exec:\xrxrxfr.exe21⤵
- Executes dropped EXE
-
\??\c:\nbnttt.exec:\nbnttt.exe22⤵
- Executes dropped EXE
-
\??\c:\xlxflff.exec:\xlxflff.exe23⤵
- Executes dropped EXE
-
\??\c:\bbtbhn.exec:\bbtbhn.exe24⤵
- Executes dropped EXE
-
\??\c:\xrrlllx.exec:\xrrlllx.exe25⤵
- Executes dropped EXE
-
\??\c:\5tbhtb.exec:\5tbhtb.exe26⤵
- Executes dropped EXE
-
\??\c:\xlffllr.exec:\xlffllr.exe27⤵
- Executes dropped EXE
-
\??\c:\hhbthn.exec:\hhbthn.exe28⤵
- Executes dropped EXE
-
\??\c:\fxlxxxl.exec:\fxlxxxl.exe29⤵
- Executes dropped EXE
-
\??\c:\hbthnn.exec:\hbthnn.exe30⤵
- Executes dropped EXE
-
\??\c:\1xrfllr.exec:\1xrfllr.exe31⤵
- Executes dropped EXE
-
\??\c:\thbhnn.exec:\thbhnn.exe32⤵
- Executes dropped EXE
-
\??\c:\9dvvj.exec:\9dvvj.exe33⤵
- Executes dropped EXE
-
\??\c:\llxlxfx.exec:\llxlxfx.exe34⤵
- Executes dropped EXE
-
\??\c:\vjvpv.exec:\vjvpv.exe35⤵
- Executes dropped EXE
-
\??\c:\7jdvv.exec:\7jdvv.exe36⤵
- Executes dropped EXE
-
\??\c:\rxllllr.exec:\rxllllr.exe37⤵
- Executes dropped EXE
-
\??\c:\thnntn.exec:\thnntn.exe38⤵
- Executes dropped EXE
-
\??\c:\vpvvj.exec:\vpvvj.exe39⤵
- Executes dropped EXE
-
\??\c:\jdppp.exec:\jdppp.exe40⤵
- Executes dropped EXE
-
\??\c:\5fxlfff.exec:\5fxlfff.exe41⤵
- Executes dropped EXE
-
\??\c:\hbbbnn.exec:\hbbbnn.exe42⤵
- Executes dropped EXE
-
\??\c:\vjppj.exec:\vjppj.exe43⤵
- Executes dropped EXE
-
\??\c:\pjddd.exec:\pjddd.exe44⤵
- Executes dropped EXE
-
\??\c:\xrfllfl.exec:\xrfllfl.exe45⤵
- Executes dropped EXE
-
\??\c:\tnhnbb.exec:\tnhnbb.exe46⤵
- Executes dropped EXE
-
\??\c:\dvjpj.exec:\dvjpj.exe47⤵
- Executes dropped EXE
-
\??\c:\1pppv.exec:\1pppv.exe48⤵
- Executes dropped EXE
-
\??\c:\xrlxrxx.exec:\xrlxrxx.exe49⤵
- Executes dropped EXE
-
\??\c:\nbnhhh.exec:\nbnhhh.exe50⤵
- Executes dropped EXE
-
\??\c:\9jpjp.exec:\9jpjp.exe51⤵
- Executes dropped EXE
-
\??\c:\pjddp.exec:\pjddp.exe52⤵
- Executes dropped EXE
-
\??\c:\llffxll.exec:\llffxll.exe53⤵
- Executes dropped EXE
-
\??\c:\nhtbhn.exec:\nhtbhn.exe54⤵
- Executes dropped EXE
-
\??\c:\jdpvd.exec:\jdpvd.exe55⤵
- Executes dropped EXE
-
\??\c:\9jvvj.exec:\9jvvj.exe56⤵
- Executes dropped EXE
-
\??\c:\9rxlrll.exec:\9rxlrll.exe57⤵
- Executes dropped EXE
-
\??\c:\nhthtt.exec:\nhthtt.exe58⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\bnhhhb.exec:\bnhhhb.exe59⤵
- Executes dropped EXE
-
\??\c:\vpdpd.exec:\vpdpd.exe60⤵
- Executes dropped EXE
-
\??\c:\xlxxxrx.exec:\xlxxxrx.exe61⤵
- Executes dropped EXE
-
\??\c:\hbnntb.exec:\hbnntb.exe62⤵
- Executes dropped EXE
-
\??\c:\5pvjd.exec:\5pvjd.exe63⤵
- Executes dropped EXE
-
\??\c:\vpdpv.exec:\vpdpv.exe64⤵
- Executes dropped EXE
-
\??\c:\ffxllrr.exec:\ffxllrr.exe65⤵
- Executes dropped EXE
-
\??\c:\btbhnn.exec:\btbhnn.exe66⤵
-
\??\c:\jvjvp.exec:\jvjvp.exe67⤵
-
\??\c:\vjdvv.exec:\vjdvv.exe68⤵
-
\??\c:\5xxrxxr.exec:\5xxrxxr.exe69⤵
-
\??\c:\fxrxlfl.exec:\fxrxlfl.exe70⤵
-
\??\c:\5tthhh.exec:\5tthhh.exe71⤵
-
\??\c:\9ddpd.exec:\9ddpd.exe72⤵
-
\??\c:\fxrlrlr.exec:\fxrlrlr.exe73⤵
-
\??\c:\xflrllr.exec:\xflrllr.exe74⤵
-
\??\c:\btnnnn.exec:\btnnnn.exe75⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe76⤵
-
\??\c:\lfxfrxx.exec:\lfxfrxx.exe77⤵
-
\??\c:\lflrffx.exec:\lflrffx.exe78⤵
-
\??\c:\5hhbhn.exec:\5hhbhn.exe79⤵
-
\??\c:\3pdvd.exec:\3pdvd.exe80⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xrfxfff.exec:\xrfxfff.exe81⤵
-
\??\c:\7rlrrrx.exec:\7rlrrrx.exe82⤵
- System Location Discovery: System Language Discovery
-
\??\c:\hbhhhn.exec:\hbhhhn.exe83⤵
-
\??\c:\5hbnbh.exec:\5hbnbh.exe84⤵
-
\??\c:\ddjjv.exec:\ddjjv.exe85⤵
-
\??\c:\rlxxfxf.exec:\rlxxfxf.exe86⤵
-
\??\c:\1bbttb.exec:\1bbttb.exe87⤵
-
\??\c:\hbnnnn.exec:\hbnnnn.exe88⤵
-
\??\c:\jvppd.exec:\jvppd.exe89⤵
-
\??\c:\7vvdv.exec:\7vvdv.exe90⤵
-
\??\c:\fxllxfl.exec:\fxllxfl.exe91⤵
-
\??\c:\3nbbhh.exec:\3nbbhh.exe92⤵
-
\??\c:\nhnhhh.exec:\nhnhhh.exe93⤵
-
\??\c:\pvdvv.exec:\pvdvv.exe94⤵
-
\??\c:\xlrlfxl.exec:\xlrlfxl.exe95⤵
-
\??\c:\fxllllr.exec:\fxllllr.exe96⤵
-
\??\c:\3nhbnt.exec:\3nhbnt.exe97⤵
-
\??\c:\dpdvd.exec:\dpdvd.exe98⤵
-
\??\c:\vjpjp.exec:\vjpjp.exe99⤵
-
\??\c:\xllxfff.exec:\xllxfff.exe100⤵
-
\??\c:\bhnbbt.exec:\bhnbbt.exe101⤵
-
\??\c:\3hhtbt.exec:\3hhtbt.exe102⤵
-
\??\c:\7ddjj.exec:\7ddjj.exe103⤵
-
\??\c:\rlxxfxx.exec:\rlxxfxx.exe104⤵
-
\??\c:\rfrrffl.exec:\rfrrffl.exe105⤵
-
\??\c:\nhbnnn.exec:\nhbnnn.exe106⤵
-
\??\c:\vjvdv.exec:\vjvdv.exe107⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe108⤵
-
\??\c:\ffrxfxf.exec:\ffrxfxf.exe109⤵
-
\??\c:\7bnntt.exec:\7bnntt.exe110⤵
-
\??\c:\1thbtt.exec:\1thbtt.exe111⤵
-
\??\c:\7jppp.exec:\7jppp.exe112⤵
-
\??\c:\frllrlr.exec:\frllrlr.exe113⤵
-
\??\c:\rflfrlf.exec:\rflfrlf.exe114⤵
-
\??\c:\hhntnt.exec:\hhntnt.exe115⤵
-
\??\c:\7vjdj.exec:\7vjdj.exe116⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe117⤵
-
\??\c:\5xfxxrr.exec:\5xfxxrr.exe118⤵
-
\??\c:\9flffff.exec:\9flffff.exe119⤵
-
\??\c:\thbhnn.exec:\thbhnn.exe120⤵
-
\??\c:\9jppv.exec:\9jppv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-