Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
03-05-2024 21:30
General
-
Target
4c6b50afc7759605ef9c7de7655f50a360a8b9e269cbf029cc40554b7bc15063.exe
-
Size
185KB
-
MD5
1c08e3717aa730854c5f4bc299c8ae25
-
SHA1
1a33707b47a79ba6be08311128ab592632f77994
-
SHA256
4c6b50afc7759605ef9c7de7655f50a360a8b9e269cbf029cc40554b7bc15063
-
SHA512
0bbcd8d6ac74079912ac1b40b3cd90a44c79e05ed900c2375ac92f6aa812d5d7f3f161ba774e0f4c31186cf9510d49c670913e06ff7abc77edb0ff8d4859fdc1
-
SSDEEP
3072:3hOmTsF93UYfwC6GIoutw8YcvrqrE66kropO6BWlPFH4tw1D43eMz:3cm4FmowdHoSzhraHcpOFltH4twl43vz
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 37 IoCs
-
UPX dump on OEP (original entry point) 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4c6b50afc7759605ef9c7de7655f50a360a8b9e269cbf029cc40554b7bc15063.exe"C:\Users\Admin\AppData\Local\Temp\4c6b50afc7759605ef9c7de7655f50a360a8b9e269cbf029cc40554b7bc15063.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7thhnh.exec:\7thhnh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjddv.exec:\pjddv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7htttn.exec:\7htttn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpj.exec:\ppvpj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfffxf.exec:\fxfffxf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thttbn.exec:\thttbn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbnbt.exec:\ntbnbt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jvvj.exec:\1jvvj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lxxxxx.exec:\1lxxxxx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrxffl.exec:\lfrxffl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthntt.exec:\tthntt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjp.exec:\dvjjp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rfffxx.exec:\7rfffxx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttbnt.exec:\bttbnt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btttbt.exec:\btttbt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dvvp.exec:\1dvvp.exe17⤵
- Executes dropped EXE
-
\??\c:\7rrrrrx.exec:\7rrrrrx.exe18⤵
- Executes dropped EXE
-
\??\c:\httthb.exec:\httthb.exe19⤵
- Executes dropped EXE
-
\??\c:\nhtthn.exec:\nhtthn.exe20⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe21⤵
- Executes dropped EXE
-
\??\c:\9fxfrrr.exec:\9fxfrrr.exe22⤵
- Executes dropped EXE
-
\??\c:\btbbbh.exec:\btbbbh.exe23⤵
- Executes dropped EXE
-
\??\c:\1nbhhh.exec:\1nbhhh.exe24⤵
- Executes dropped EXE
-
\??\c:\1vdpp.exec:\1vdpp.exe25⤵
- Executes dropped EXE
-
\??\c:\frfxffr.exec:\frfxffr.exe26⤵
- Executes dropped EXE
-
\??\c:\5hntbt.exec:\5hntbt.exe27⤵
- Executes dropped EXE
-
\??\c:\7jdvv.exec:\7jdvv.exe28⤵
- Executes dropped EXE
-
\??\c:\xrfffff.exec:\xrfffff.exe29⤵
- Executes dropped EXE
-
\??\c:\fxllrll.exec:\fxllrll.exe30⤵
- Executes dropped EXE
-
\??\c:\tnbtbn.exec:\tnbtbn.exe31⤵
- Executes dropped EXE
-
\??\c:\pjvjj.exec:\pjvjj.exe32⤵
- Executes dropped EXE
-
\??\c:\pddvd.exec:\pddvd.exe33⤵
- Executes dropped EXE
-
\??\c:\pdddj.exec:\pdddj.exe34⤵
- Executes dropped EXE
-
\??\c:\fxfllff.exec:\fxfllff.exe35⤵
- Executes dropped EXE
-
\??\c:\nbhhnh.exec:\nbhhnh.exe36⤵
- Executes dropped EXE
-
\??\c:\3djjp.exec:\3djjp.exe37⤵
- Executes dropped EXE
-
\??\c:\pddvd.exec:\pddvd.exe38⤵
- Executes dropped EXE
-
\??\c:\7jppp.exec:\7jppp.exe39⤵
- Executes dropped EXE
-
\??\c:\rfrxfrl.exec:\rfrxfrl.exe40⤵
- Executes dropped EXE
-
\??\c:\nnbhtt.exec:\nnbhtt.exe41⤵
- Executes dropped EXE
-
\??\c:\bntntn.exec:\bntntn.exe42⤵
- Executes dropped EXE
-
\??\c:\dpppv.exec:\dpppv.exe43⤵
- Executes dropped EXE
-
\??\c:\dvvdj.exec:\dvvdj.exe44⤵
- Executes dropped EXE
-
\??\c:\fxllllx.exec:\fxllllx.exe45⤵
- Executes dropped EXE
-
\??\c:\5frflfl.exec:\5frflfl.exe46⤵
- Executes dropped EXE
-
\??\c:\7bhbhb.exec:\7bhbhb.exe47⤵
- Executes dropped EXE
-
\??\c:\9ttnhh.exec:\9ttnhh.exe48⤵
- Executes dropped EXE
-
\??\c:\pvvjd.exec:\pvvjd.exe49⤵
- Executes dropped EXE
-
\??\c:\pvjpp.exec:\pvjpp.exe50⤵
- Executes dropped EXE
-
\??\c:\lrxxrfr.exec:\lrxxrfr.exe51⤵
- Executes dropped EXE
-
\??\c:\frxrxxr.exec:\frxrxxr.exe52⤵
- Executes dropped EXE
-
\??\c:\5hnhhb.exec:\5hnhhb.exe53⤵
- Executes dropped EXE
-
\??\c:\thbbbt.exec:\thbbbt.exe54⤵
- Executes dropped EXE
-
\??\c:\vppvv.exec:\vppvv.exe55⤵
- Executes dropped EXE
-
\??\c:\9flffll.exec:\9flffll.exe56⤵
- Executes dropped EXE
-
\??\c:\9llfrrr.exec:\9llfrrr.exe57⤵
- Executes dropped EXE
-
\??\c:\nbtttt.exec:\nbtttt.exe58⤵
- Executes dropped EXE
-
\??\c:\tntnnn.exec:\tntnnn.exe59⤵
- Executes dropped EXE
-
\??\c:\jdddj.exec:\jdddj.exe60⤵
- Executes dropped EXE
-
\??\c:\vjppd.exec:\vjppd.exe61⤵
- Executes dropped EXE
-
\??\c:\7xrlflx.exec:\7xrlflx.exe62⤵
- Executes dropped EXE
-
\??\c:\rflffxx.exec:\rflffxx.exe63⤵
- Executes dropped EXE
-
\??\c:\thnnbb.exec:\thnnbb.exe64⤵
- Executes dropped EXE
-
\??\c:\btbbhh.exec:\btbbhh.exe65⤵
- Executes dropped EXE
-
\??\c:\dvdvv.exec:\dvdvv.exe66⤵
-
\??\c:\lxffxxf.exec:\lxffxxf.exe67⤵
-
\??\c:\xlxrxrx.exec:\xlxrxrx.exe68⤵
-
\??\c:\bnthhh.exec:\bnthhh.exe69⤵
-
\??\c:\hbtbhh.exec:\hbtbhh.exe70⤵
-
\??\c:\pvjjd.exec:\pvjjd.exe71⤵
-
\??\c:\vddvp.exec:\vddvp.exe72⤵
-
\??\c:\frrllff.exec:\frrllff.exe73⤵
-
\??\c:\rflrffl.exec:\rflrffl.exe74⤵
-
\??\c:\3hnntn.exec:\3hnntn.exe75⤵
-
\??\c:\vdjdd.exec:\vdjdd.exe76⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe77⤵
-
\??\c:\xlxrffl.exec:\xlxrffl.exe78⤵
-
\??\c:\lfrrxxx.exec:\lfrrxxx.exe79⤵
-
\??\c:\htbnbb.exec:\htbnbb.exe80⤵
-
\??\c:\bnbbbt.exec:\bnbbbt.exe81⤵
-
\??\c:\pdjjp.exec:\pdjjp.exe82⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe83⤵
-
\??\c:\xlrrxxx.exec:\xlrrxxx.exe84⤵
-
\??\c:\fxxxxrf.exec:\fxxxxrf.exe85⤵
-
\??\c:\thtnnh.exec:\thtnnh.exe86⤵
-
\??\c:\nhnnhh.exec:\nhnnhh.exe87⤵
-
\??\c:\vjdvv.exec:\vjdvv.exe88⤵
-
\??\c:\7jvpp.exec:\7jvpp.exe89⤵
-
\??\c:\frllllx.exec:\frllllx.exe90⤵
-
\??\c:\fxlrrll.exec:\fxlrrll.exe91⤵
-
\??\c:\5flllxx.exec:\5flllxx.exe92⤵
-
\??\c:\htbthb.exec:\htbthb.exe93⤵
-
\??\c:\7htbhh.exec:\7htbhh.exe94⤵
-
\??\c:\5jddj.exec:\5jddj.exe95⤵
-
\??\c:\pdjjp.exec:\pdjjp.exe96⤵
-
\??\c:\xrxrrrr.exec:\xrxrrrr.exe97⤵
-
\??\c:\xrrfffl.exec:\xrrfffl.exe98⤵
-
\??\c:\5xfxrll.exec:\5xfxrll.exe99⤵
-
\??\c:\nbhtbh.exec:\nbhtbh.exe100⤵
-
\??\c:\3vpvv.exec:\3vpvv.exe101⤵
-
\??\c:\5dpvd.exec:\5dpvd.exe102⤵
-
\??\c:\vjppp.exec:\vjppp.exe103⤵
-
\??\c:\xxrxrlr.exec:\xxrxrlr.exe104⤵
-
\??\c:\frfflff.exec:\frfflff.exe105⤵
-
\??\c:\httbht.exec:\httbht.exe106⤵
-
\??\c:\ntbtnn.exec:\ntbtnn.exe107⤵
-
\??\c:\jvddd.exec:\jvddd.exe108⤵
-
\??\c:\djvvj.exec:\djvvj.exe109⤵
-
\??\c:\lxxxrlr.exec:\lxxxrlr.exe110⤵
-
\??\c:\rlxrrxf.exec:\rlxrrxf.exe111⤵
-
\??\c:\bnthnh.exec:\bnthnh.exe112⤵
-
\??\c:\1bnhbt.exec:\1bnhbt.exe113⤵
-
\??\c:\3bnbbt.exec:\3bnbbt.exe114⤵
-
\??\c:\3jvdp.exec:\3jvdp.exe115⤵
-
\??\c:\3dvpp.exec:\3dvpp.exe116⤵
-
\??\c:\frfrlff.exec:\frfrlff.exe117⤵
-
\??\c:\htbhnn.exec:\htbhnn.exe118⤵
-
\??\c:\nbhhhb.exec:\nbhhhb.exe119⤵
-
\??\c:\bnbbbb.exec:\bnbbbb.exe120⤵
-
\??\c:\dvdjd.exec:\dvdjd.exe121⤵
-
\??\c:\1fxxfff.exec:\1fxxfff.exe122⤵
-
\??\c:\7frrfll.exec:\7frrfll.exe123⤵
-
\??\c:\nbbnnn.exec:\nbbnnn.exe124⤵
-
\??\c:\bhhnht.exec:\bhhnht.exe125⤵
-
\??\c:\1bnntn.exec:\1bnntn.exe126⤵
-
\??\c:\jjjpd.exec:\jjjpd.exe127⤵
-
\??\c:\xrfllrr.exec:\xrfllrr.exe128⤵
-
\??\c:\rrxxxrr.exec:\rrxxxrr.exe129⤵
-
\??\c:\bhtttn.exec:\bhtttn.exe130⤵
-
\??\c:\btbbtn.exec:\btbbtn.exe131⤵
-
\??\c:\1jvvv.exec:\1jvvv.exe132⤵
-
\??\c:\jpppj.exec:\jpppj.exe133⤵
-
\??\c:\fxlrlfl.exec:\fxlrlfl.exe134⤵
-
\??\c:\rrlrrxf.exec:\rrlrrxf.exe135⤵
-
\??\c:\nbhhhn.exec:\nbhhhn.exe136⤵
-
\??\c:\bnbtnh.exec:\bnbtnh.exe137⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe138⤵
-
\??\c:\vjvjd.exec:\vjvjd.exe139⤵
-
\??\c:\pdjjv.exec:\pdjjv.exe140⤵
-
\??\c:\frxfxxf.exec:\frxfxxf.exe141⤵
-
\??\c:\hbnnnh.exec:\hbnnnh.exe142⤵
-
\??\c:\bhnbtt.exec:\bhnbtt.exe143⤵
-
\??\c:\pvvdd.exec:\pvvdd.exe144⤵
-
\??\c:\dpddp.exec:\dpddp.exe145⤵
-
\??\c:\rxllfff.exec:\rxllfff.exe146⤵
-
\??\c:\7rrfxxl.exec:\7rrfxxl.exe147⤵
-
\??\c:\fxlrxlr.exec:\fxlrxlr.exe148⤵
-
\??\c:\1hnttn.exec:\1hnttn.exe149⤵
-
\??\c:\hbntbb.exec:\hbntbb.exe150⤵
-
\??\c:\dvdpp.exec:\dvdpp.exe151⤵
-
\??\c:\1vvvj.exec:\1vvvj.exe152⤵
-
\??\c:\xlxrlff.exec:\xlxrlff.exe153⤵
-
\??\c:\rfrrxxf.exec:\rfrrxxf.exe154⤵
-
\??\c:\htnthh.exec:\htnthh.exe155⤵
-
\??\c:\tnhbhh.exec:\tnhbhh.exe156⤵
-
\??\c:\pdpvv.exec:\pdpvv.exe157⤵
-
\??\c:\3dddd.exec:\3dddd.exe158⤵
-
\??\c:\rlrrrlr.exec:\rlrrrlr.exe159⤵
-
\??\c:\1flrrlr.exec:\1flrrlr.exe160⤵
-
\??\c:\5tnnnh.exec:\5tnnnh.exe161⤵
-
\??\c:\bhnnnn.exec:\bhnnnn.exe162⤵
-
\??\c:\ddddp.exec:\ddddp.exe163⤵
-
\??\c:\9djdj.exec:\9djdj.exe164⤵
-
\??\c:\pdvvd.exec:\pdvvd.exe165⤵
-
\??\c:\xxfrfxl.exec:\xxfrfxl.exe166⤵
-
\??\c:\1bbtth.exec:\1bbtth.exe167⤵
-
\??\c:\htbnbt.exec:\htbnbt.exe168⤵
-
\??\c:\1bhbbh.exec:\1bhbbh.exe169⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe170⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe171⤵
-
\??\c:\rxfrrrx.exec:\rxfrrrx.exe172⤵
-
\??\c:\xflflff.exec:\xflflff.exe173⤵
-
\??\c:\nbttbt.exec:\nbttbt.exe174⤵
-
\??\c:\tntnhh.exec:\tntnhh.exe175⤵
-
\??\c:\btbbtn.exec:\btbbtn.exe176⤵
-
\??\c:\3dpdv.exec:\3dpdv.exe177⤵
-
\??\c:\1vddj.exec:\1vddj.exe178⤵
-
\??\c:\3xxrlfx.exec:\3xxrlfx.exe179⤵
-
\??\c:\lffffff.exec:\lffffff.exe180⤵
-
\??\c:\lrxxrll.exec:\lrxxrll.exe181⤵
-
\??\c:\hbnbbt.exec:\hbnbbt.exe182⤵
-
\??\c:\7nbhhh.exec:\7nbhhh.exe183⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe184⤵
-
\??\c:\pvvvv.exec:\pvvvv.exe185⤵
-
\??\c:\rfllfff.exec:\rfllfff.exe186⤵
-
\??\c:\rlxrrlr.exec:\rlxrrlr.exe187⤵
-
\??\c:\3nnntn.exec:\3nnntn.exe188⤵
-
\??\c:\hthnhn.exec:\hthnhn.exe189⤵
-
\??\c:\dvjpj.exec:\dvjpj.exe190⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe191⤵
-
\??\c:\rxfrxrf.exec:\rxfrxrf.exe192⤵
-
\??\c:\lfrxxxf.exec:\lfrxxxf.exe193⤵
-
\??\c:\rfrrrrr.exec:\rfrrrrr.exe194⤵
-
\??\c:\5btnnn.exec:\5btnnn.exe195⤵
-
\??\c:\bntntn.exec:\bntntn.exe196⤵
-
\??\c:\btbnhn.exec:\btbnhn.exe197⤵
-
\??\c:\1vdjj.exec:\1vdjj.exe198⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe199⤵
-
\??\c:\lxxxrlr.exec:\lxxxrlr.exe200⤵
-
\??\c:\frxfffr.exec:\frxfffr.exe201⤵
-
\??\c:\bbbbht.exec:\bbbbht.exe202⤵
-
\??\c:\nhtttt.exec:\nhtttt.exe203⤵
-
\??\c:\djjvp.exec:\djjvp.exe204⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe205⤵
-
\??\c:\5xflllx.exec:\5xflllx.exe206⤵
-
\??\c:\tnnhhh.exec:\tnnhhh.exe207⤵
-
\??\c:\hnttbb.exec:\hnttbb.exe208⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe209⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe210⤵
-
\??\c:\rfllffl.exec:\rfllffl.exe211⤵
-
\??\c:\nthbbt.exec:\nthbbt.exe212⤵
-
\??\c:\7nbtbn.exec:\7nbtbn.exe213⤵
-
\??\c:\hbhbnh.exec:\hbhbnh.exe214⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe215⤵
-
\??\c:\1vdjp.exec:\1vdjp.exe216⤵
-
\??\c:\rfxlxrx.exec:\rfxlxrx.exe217⤵
-
\??\c:\lrfrxrr.exec:\lrfrxrr.exe218⤵
-
\??\c:\nhnntt.exec:\nhnntt.exe219⤵
-
\??\c:\tnhttn.exec:\tnhttn.exe220⤵
-
\??\c:\7pjdj.exec:\7pjdj.exe221⤵
-
\??\c:\jvddd.exec:\jvddd.exe222⤵
-
\??\c:\rlffffl.exec:\rlffffl.exe223⤵
-
\??\c:\9xrxrlx.exec:\9xrxrlx.exe224⤵
-
\??\c:\rfxllxf.exec:\rfxllxf.exe225⤵
-
\??\c:\thntbt.exec:\thntbt.exe226⤵
-
\??\c:\thhbnn.exec:\thhbnn.exe227⤵
-
\??\c:\pddvp.exec:\pddvp.exe228⤵
-
\??\c:\dpddd.exec:\dpddd.exe229⤵
-
\??\c:\xlrxfff.exec:\xlrxfff.exe230⤵
-
\??\c:\1frrxfl.exec:\1frrxfl.exe231⤵
-
\??\c:\1bnbnn.exec:\1bnbnn.exe232⤵
-
\??\c:\5nnttn.exec:\5nnttn.exe233⤵
-
\??\c:\vpppp.exec:\vpppp.exe234⤵
-
\??\c:\7djvv.exec:\7djvv.exe235⤵
-
\??\c:\flllrxx.exec:\flllrxx.exe236⤵
-
\??\c:\5xfxfxx.exec:\5xfxfxx.exe237⤵
-
\??\c:\htbbhb.exec:\htbbhb.exe238⤵
-
\??\c:\tntttn.exec:\tntttn.exe239⤵
-
\??\c:\vjvpv.exec:\vjvpv.exe240⤵