Analysis
-
max time kernel
120s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
20-01-2025 08:59
General
-
Target
36624dbffc154942c4f1c06c003b9f99acc4e1d40973f67e9d0a51237d9264a2.exe
-
Size
455KB
-
MD5
5a74dab6f88cfa0c99e739bc2802e2b4
-
SHA1
a5701cd3b62d2c5a40068e0b574ac65b885869e6
-
SHA256
36624dbffc154942c4f1c06c003b9f99acc4e1d40973f67e9d0a51237d9264a2
-
SHA512
1c8d1f03de8a8c8f8ae0a3fe64317979b6c3c3020cc1920be54d92a3bb3a35a48ac87dc3d76572a71458d9338f07b2a0393535db291ea93cfb609ab3eb507617
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbej:q7Tc2NYHUrAwfMp3CDj
Score
10/10
Malware Config
Signatures
-
Blackmoon family
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 40 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 43 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\36624dbffc154942c4f1c06c003b9f99acc4e1d40973f67e9d0a51237d9264a2.exe"C:\Users\Admin\AppData\Local\Temp\36624dbffc154942c4f1c06c003b9f99acc4e1d40973f67e9d0a51237d9264a2.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rffrrfl.exec:\rffrrfl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3fxfllx.exec:\3fxfllx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjvj.exec:\ppjvj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9llxrrf.exec:\9llxrrf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jdjp.exec:\9jdjp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlflxfr.exec:\rlflxfr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdpd.exec:\vvdpd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrxflr.exec:\xfrxflr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbnt.exec:\hhhbnt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlxxrr.exec:\lrlxxrr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bhbbh.exec:\5bhbbh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbhbh.exec:\tbbhbh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dvvd.exec:\5dvvd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bbhnt.exec:\1bbhnt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjddv.exec:\pjddv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdpj.exec:\pjdpj.exe17⤵
- Executes dropped EXE
-
\??\c:\fffffxl.exec:\fffffxl.exe18⤵
- Executes dropped EXE
-
\??\c:\ttnbbh.exec:\ttnbbh.exe19⤵
- Executes dropped EXE
-
\??\c:\dddpd.exec:\dddpd.exe20⤵
- Executes dropped EXE
-
\??\c:\ttnbnn.exec:\ttnbnn.exe21⤵
- Executes dropped EXE
-
\??\c:\ppjdp.exec:\ppjdp.exe22⤵
- Executes dropped EXE
-
\??\c:\rrrxlxr.exec:\rrrxlxr.exe23⤵
- Executes dropped EXE
-
\??\c:\thbttn.exec:\thbttn.exe24⤵
- Executes dropped EXE
-
\??\c:\hbhhbh.exec:\hbhhbh.exe25⤵
- Executes dropped EXE
-
\??\c:\bbtbtb.exec:\bbtbtb.exe26⤵
- Executes dropped EXE
-
\??\c:\5tntbh.exec:\5tntbh.exe27⤵
- Executes dropped EXE
-
\??\c:\9djjv.exec:\9djjv.exe28⤵
- Executes dropped EXE
-
\??\c:\hhbhnt.exec:\hhbhnt.exe29⤵
- Executes dropped EXE
-
\??\c:\dvvdp.exec:\dvvdp.exe30⤵
- Executes dropped EXE
-
\??\c:\3thhnt.exec:\3thhnt.exe31⤵
- Executes dropped EXE
-
\??\c:\dvjpd.exec:\dvjpd.exe32⤵
- Executes dropped EXE
-
\??\c:\hnnbnh.exec:\hnnbnh.exe33⤵
- Executes dropped EXE
-
\??\c:\vdddv.exec:\vdddv.exe34⤵
- Executes dropped EXE
-
\??\c:\nnhntb.exec:\nnhntb.exe35⤵
- Executes dropped EXE
-
\??\c:\hnnbbn.exec:\hnnbbn.exe36⤵
- Executes dropped EXE
-
\??\c:\vvjjv.exec:\vvjjv.exe37⤵
- Executes dropped EXE
-
\??\c:\rffrrxr.exec:\rffrrxr.exe38⤵
- Executes dropped EXE
-
\??\c:\hhhtnt.exec:\hhhtnt.exe39⤵
- Executes dropped EXE
-
\??\c:\vppvj.exec:\vppvj.exe40⤵
- Executes dropped EXE
-
\??\c:\jjjpv.exec:\jjjpv.exe41⤵
- Executes dropped EXE
-
\??\c:\fllrfrr.exec:\fllrfrr.exe42⤵
- Executes dropped EXE
-
\??\c:\tnhhth.exec:\tnhhth.exe43⤵
- Executes dropped EXE
-
\??\c:\pppjp.exec:\pppjp.exe44⤵
- Executes dropped EXE
-
\??\c:\xrflxxl.exec:\xrflxxl.exe45⤵
- Executes dropped EXE
-
\??\c:\hhhnbb.exec:\hhhnbb.exe46⤵
- Executes dropped EXE
-
\??\c:\djdjd.exec:\djdjd.exe47⤵
- Executes dropped EXE
-
\??\c:\9llxxfx.exec:\9llxxfx.exe48⤵
- Executes dropped EXE
-
\??\c:\fffrxlr.exec:\fffrxlr.exe49⤵
- Executes dropped EXE
-
\??\c:\bnttht.exec:\bnttht.exe50⤵
- Executes dropped EXE
-
\??\c:\5ppvd.exec:\5ppvd.exe51⤵
- Executes dropped EXE
-
\??\c:\fxrlrxl.exec:\fxrlrxl.exe52⤵
- Executes dropped EXE
-
\??\c:\1hntht.exec:\1hntht.exe53⤵
- Executes dropped EXE
-
\??\c:\vjvdp.exec:\vjvdp.exe54⤵
- Executes dropped EXE
-
\??\c:\rllffrf.exec:\rllffrf.exe55⤵
- Executes dropped EXE
-
\??\c:\btnbth.exec:\btnbth.exe56⤵
- Executes dropped EXE
-
\??\c:\ddpdp.exec:\ddpdp.exe57⤵
- Executes dropped EXE
-
\??\c:\jddpd.exec:\jddpd.exe58⤵
- Executes dropped EXE
-
\??\c:\llrfxfr.exec:\llrfxfr.exe59⤵
- Executes dropped EXE
-
\??\c:\7tnhtb.exec:\7tnhtb.exe60⤵
- Executes dropped EXE
-
\??\c:\9vddj.exec:\9vddj.exe61⤵
- Executes dropped EXE
-
\??\c:\1llxflx.exec:\1llxflx.exe62⤵
- Executes dropped EXE
-
\??\c:\bthtnt.exec:\bthtnt.exe63⤵
- Executes dropped EXE
-
\??\c:\jddjv.exec:\jddjv.exe64⤵
- Executes dropped EXE
-
\??\c:\pvvpd.exec:\pvvpd.exe65⤵
- Executes dropped EXE
-
\??\c:\llrfrfx.exec:\llrfrfx.exe66⤵
-
\??\c:\tbthnt.exec:\tbthnt.exe67⤵
-
\??\c:\djjjv.exec:\djjjv.exe68⤵
-
\??\c:\lfxrlxl.exec:\lfxrlxl.exe69⤵
-
\??\c:\llfrxrl.exec:\llfrxrl.exe70⤵
-
\??\c:\hhnbht.exec:\hhnbht.exe71⤵
-
\??\c:\pvvdv.exec:\pvvdv.exe72⤵
-
\??\c:\lfxfrrf.exec:\lfxfrrf.exe73⤵
-
\??\c:\lllfrfx.exec:\lllfrfx.exe74⤵
-
\??\c:\3nbbhn.exec:\3nbbhn.exe75⤵
-
\??\c:\vvpdv.exec:\vvpdv.exe76⤵
-
\??\c:\ffxlrfr.exec:\ffxlrfr.exe77⤵
-
\??\c:\fflxfxf.exec:\fflxfxf.exe78⤵
-
\??\c:\nhhbth.exec:\nhhbth.exe79⤵
-
\??\c:\jjpvj.exec:\jjpvj.exe80⤵
-
\??\c:\xxrxflr.exec:\xxrxflr.exe81⤵
-
\??\c:\ttbhtb.exec:\ttbhtb.exe82⤵
-
\??\c:\7jdvj.exec:\7jdvj.exe83⤵
-
\??\c:\pvvdp.exec:\pvvdp.exe84⤵
-
\??\c:\7frlrfr.exec:\7frlrfr.exe85⤵
-
\??\c:\nbtntt.exec:\nbtntt.exe86⤵
-
\??\c:\jddvj.exec:\jddvj.exe87⤵
-
\??\c:\3jvdp.exec:\3jvdp.exe88⤵
- System Location Discovery: System Language Discovery
-
\??\c:\xrlrxfl.exec:\xrlrxfl.exe89⤵
-
\??\c:\ttntbt.exec:\ttntbt.exe90⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vvvvp.exec:\vvvvp.exe91⤵
-
\??\c:\xrlxllx.exec:\xrlxllx.exe92⤵
-
\??\c:\nhtbtb.exec:\nhtbtb.exe93⤵
-
\??\c:\3vddd.exec:\3vddd.exe94⤵
-
\??\c:\xrrrxrf.exec:\xrrrxrf.exe95⤵
-
\??\c:\7xlrlll.exec:\7xlrlll.exe96⤵
-
\??\c:\hhbhtt.exec:\hhbhtt.exe97⤵
-
\??\c:\jjdvj.exec:\jjdvj.exe98⤵
-
\??\c:\9jdjv.exec:\9jdjv.exe99⤵
-
\??\c:\llfrxxf.exec:\llfrxxf.exe100⤵
-
\??\c:\ntnbbh.exec:\ntnbbh.exe101⤵
-
\??\c:\bbbbhb.exec:\bbbbhb.exe102⤵
-
\??\c:\vvppj.exec:\vvppj.exe103⤵
-
\??\c:\xxrxrrf.exec:\xxrxrrf.exe104⤵
-
\??\c:\rrlxlxl.exec:\rrlxlxl.exe105⤵
-
\??\c:\5hbbbh.exec:\5hbbbh.exe106⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe107⤵
-
\??\c:\7lxlxff.exec:\7lxlxff.exe108⤵
-
\??\c:\rfxfxlx.exec:\rfxfxlx.exe109⤵
-
\??\c:\7bnttb.exec:\7bnttb.exe110⤵
-
\??\c:\hthhth.exec:\hthhth.exe111⤵
-
\??\c:\9ppdj.exec:\9ppdj.exe112⤵
-
\??\c:\5rllrxf.exec:\5rllrxf.exe113⤵
-
\??\c:\bthbnt.exec:\bthbnt.exe114⤵
-
\??\c:\jjdpj.exec:\jjdpj.exe115⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe116⤵
-
\??\c:\xlrlfrl.exec:\xlrlfrl.exe117⤵
-
\??\c:\nhbhbh.exec:\nhbhbh.exe118⤵
- System Location Discovery: System Language Discovery
-
\??\c:\3vddp.exec:\3vddp.exe119⤵
-
\??\c:\vvppd.exec:\vvppd.exe120⤵
-
\??\c:\lllrflx.exec:\lllrflx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-