Analysis
-
max time kernel
150s -
max time network
104s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
-
submitted
03-05-2024 18:20
General
-
Target
050f45028831717259d3270306c7cfae152289af950abcf7b83548ea3e8b4c38.exe
-
Size
232KB
-
MD5
50fc3d172fd66f7aaab43f8fe1f20d71
-
SHA1
bd393ab0e814c7440a58dac646dfa1384a129ac6
-
SHA256
050f45028831717259d3270306c7cfae152289af950abcf7b83548ea3e8b4c38
-
SHA512
d22210087e5017349c77f0e0921a9c2cb1ed6d50f5c85b991ee9797ea91a7a179bae0127fa7e8f2b8dd5b4252d41a971e63ef028444041d4e3718a7f3fc1b662
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo7LAIRUohTF/SjSrbzLAuBjfwFOmoFzMvUpGqC5n+4:n3C9BRo/AIuuFSjA8uBjwI7FjpjC5+4
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
UPX dump on OEP (original entry point) 57 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\050f45028831717259d3270306c7cfae152289af950abcf7b83548ea3e8b4c38.exe"C:\Users\Admin\AppData\Local\Temp\050f45028831717259d3270306c7cfae152289af950abcf7b83548ea3e8b4c38.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ffllfxr.exec:\ffllfxr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnhbt.exec:\tbnhbt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvj.exec:\vpdvj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rxxrxr.exec:\1rxxrxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnnnn.exec:\tnnnnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhbh.exec:\nhhhbh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvvv.exec:\djvvv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lrlfff.exec:\9lrlfff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vdvp.exec:\3vdvp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jdjj.exec:\1jdjj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvp.exec:\vpdvp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jvpj.exec:\9jvpj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rxrrrr.exec:\1rxrrrr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvppj.exec:\vvppj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlllrr.exec:\xrlllrr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnnhb.exec:\hnnnhb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhhh.exec:\hbhhhh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlfllr.exec:\xrlfllr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nttbb.exec:\5nttbb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppvv.exec:\vppvv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppp.exec:\pjppp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tnbtt.exec:\1tnbtt.exe23⤵
- Executes dropped EXE
-
\??\c:\jpddv.exec:\jpddv.exe24⤵
- Executes dropped EXE
-
\??\c:\vpdvp.exec:\vpdvp.exe25⤵
- Executes dropped EXE
-
\??\c:\fxxfrlx.exec:\fxxfrlx.exe26⤵
- Executes dropped EXE
-
\??\c:\tnhnhn.exec:\tnhnhn.exe27⤵
- Executes dropped EXE
-
\??\c:\frfxrxf.exec:\frfxrxf.exe28⤵
- Executes dropped EXE
-
\??\c:\btnhnh.exec:\btnhnh.exe29⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe30⤵
- Executes dropped EXE
-
\??\c:\pvdjd.exec:\pvdjd.exe31⤵
- Executes dropped EXE
-
\??\c:\tbnbbb.exec:\tbnbbb.exe32⤵
- Executes dropped EXE
-
\??\c:\7vvvv.exec:\7vvvv.exe33⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe34⤵
- Executes dropped EXE
-
\??\c:\1frlxxl.exec:\1frlxxl.exe35⤵
- Executes dropped EXE
-
\??\c:\3lxrllf.exec:\3lxrllf.exe36⤵
- Executes dropped EXE
-
\??\c:\hbhnbt.exec:\hbhnbt.exe37⤵
- Executes dropped EXE
-
\??\c:\vpdvp.exec:\vpdvp.exe38⤵
- Executes dropped EXE
-
\??\c:\1vdjd.exec:\1vdjd.exe39⤵
- Executes dropped EXE
-
\??\c:\5xfxflr.exec:\5xfxflr.exe40⤵
- Executes dropped EXE
-
\??\c:\bbttnn.exec:\bbttnn.exe41⤵
- Executes dropped EXE
-
\??\c:\vjppj.exec:\vjppj.exe42⤵
- Executes dropped EXE
-
\??\c:\3ppjd.exec:\3ppjd.exe43⤵
- Executes dropped EXE
-
\??\c:\lffrlll.exec:\lffrlll.exe44⤵
- Executes dropped EXE
-
\??\c:\bntbtn.exec:\bntbtn.exe45⤵
- Executes dropped EXE
-
\??\c:\7btbtt.exec:\7btbtt.exe46⤵
- Executes dropped EXE
-
\??\c:\7vvvj.exec:\7vvvj.exe47⤵
- Executes dropped EXE
-
\??\c:\dvpjj.exec:\dvpjj.exe48⤵
- Executes dropped EXE
-
\??\c:\1lrlfff.exec:\1lrlfff.exe49⤵
- Executes dropped EXE
-
\??\c:\hhnhbb.exec:\hhnhbb.exe50⤵
- Executes dropped EXE
-
\??\c:\pppdd.exec:\pppdd.exe51⤵
- Executes dropped EXE
-
\??\c:\1jpjd.exec:\1jpjd.exe52⤵
- Executes dropped EXE
-
\??\c:\xxfrxrx.exec:\xxfrxrx.exe53⤵
- Executes dropped EXE
-
\??\c:\ntnnth.exec:\ntnnth.exe54⤵
- Executes dropped EXE
-
\??\c:\tbhhbb.exec:\tbhhbb.exe55⤵
- Executes dropped EXE
-
\??\c:\7vvvp.exec:\7vvvp.exe56⤵
- Executes dropped EXE
-
\??\c:\jpvvv.exec:\jpvvv.exe57⤵
- Executes dropped EXE
-
\??\c:\xrrllfx.exec:\xrrllfx.exe58⤵
- Executes dropped EXE
-
\??\c:\rllfffx.exec:\rllfffx.exe59⤵
- Executes dropped EXE
-
\??\c:\hthbbb.exec:\hthbbb.exe60⤵
- Executes dropped EXE
-
\??\c:\httnhh.exec:\httnhh.exe61⤵
- Executes dropped EXE
-
\??\c:\7jjvp.exec:\7jjvp.exe62⤵
- Executes dropped EXE
-
\??\c:\7rrlrrr.exec:\7rrlrrr.exe63⤵
- Executes dropped EXE
-
\??\c:\xxrllfx.exec:\xxrllfx.exe64⤵
- Executes dropped EXE
-
\??\c:\3nbtnh.exec:\3nbtnh.exe65⤵
- Executes dropped EXE
-
\??\c:\vpvdd.exec:\vpvdd.exe66⤵
-
\??\c:\5dvpp.exec:\5dvpp.exe67⤵
-
\??\c:\5rrlffl.exec:\5rrlffl.exe68⤵
-
\??\c:\frxrrlf.exec:\frxrrlf.exe69⤵
-
\??\c:\tnhhbb.exec:\tnhhbb.exe70⤵
-
\??\c:\ddpjj.exec:\ddpjj.exe71⤵
-
\??\c:\djjjd.exec:\djjjd.exe72⤵
-
\??\c:\lfxrlfx.exec:\lfxrlfx.exe73⤵
-
\??\c:\hhhtnt.exec:\hhhtnt.exe74⤵
-
\??\c:\tntnnn.exec:\tntnnn.exe75⤵
-
\??\c:\vvppp.exec:\vvppp.exe76⤵
-
\??\c:\7rlfffx.exec:\7rlfffx.exe77⤵
-
\??\c:\nhtnhb.exec:\nhtnhb.exe78⤵
-
\??\c:\hhhhhn.exec:\hhhhhn.exe79⤵
-
\??\c:\bthbtt.exec:\bthbtt.exe80⤵
-
\??\c:\pvdvv.exec:\pvdvv.exe81⤵
-
\??\c:\lxxxxxr.exec:\lxxxxxr.exe82⤵
-
\??\c:\lrxxrrl.exec:\lrxxrrl.exe83⤵
-
\??\c:\nbhbtn.exec:\nbhbtn.exe84⤵
-
\??\c:\ntbttb.exec:\ntbttb.exe85⤵
-
\??\c:\9jppd.exec:\9jppd.exe86⤵
-
\??\c:\jdjvv.exec:\jdjvv.exe87⤵
-
\??\c:\lxllxxx.exec:\lxllxxx.exe88⤵
-
\??\c:\xlrlffx.exec:\xlrlffx.exe89⤵
-
\??\c:\httnnn.exec:\httnnn.exe90⤵
-
\??\c:\htnbnt.exec:\htnbnt.exe91⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe92⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe93⤵
-
\??\c:\5fffrrr.exec:\5fffrrr.exe94⤵
-
\??\c:\3llfxxr.exec:\3llfxxr.exe95⤵
-
\??\c:\7bnttb.exec:\7bnttb.exe96⤵
-
\??\c:\jddvv.exec:\jddvv.exe97⤵
-
\??\c:\vpvdv.exec:\vpvdv.exe98⤵
-
\??\c:\fxxrrrr.exec:\fxxrrrr.exe99⤵
-
\??\c:\frfxxxx.exec:\frfxxxx.exe100⤵
-
\??\c:\1bbntt.exec:\1bbntt.exe101⤵
-
\??\c:\tnthbb.exec:\tnthbb.exe102⤵
-
\??\c:\jjvpv.exec:\jjvpv.exe103⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe104⤵
-
\??\c:\5ffxflx.exec:\5ffxflx.exe105⤵
-
\??\c:\fxxffff.exec:\fxxffff.exe106⤵
-
\??\c:\3bbttt.exec:\3bbttt.exe107⤵
-
\??\c:\tnhhhb.exec:\tnhhhb.exe108⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe109⤵
-
\??\c:\7djdv.exec:\7djdv.exe110⤵
-
\??\c:\lfffxxr.exec:\lfffxxr.exe111⤵
-
\??\c:\xxfffff.exec:\xxfffff.exe112⤵
-
\??\c:\hhtnnn.exec:\hhtnnn.exe113⤵
-
\??\c:\hbbttt.exec:\hbbttt.exe114⤵
-
\??\c:\ddddj.exec:\ddddj.exe115⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe116⤵
-
\??\c:\3flfllf.exec:\3flfllf.exe117⤵
-
\??\c:\flrlflx.exec:\flrlflx.exe118⤵
-
\??\c:\nbnntt.exec:\nbnntt.exe119⤵
-
\??\c:\hnnhbt.exec:\hnnhbt.exe120⤵
-
\??\c:\vvpjj.exec:\vvpjj.exe121⤵
-
\??\c:\7jjdp.exec:\7jjdp.exe122⤵
-
\??\c:\xllffff.exec:\xllffff.exe123⤵
-
\??\c:\9xrlllx.exec:\9xrlllx.exe124⤵
-
\??\c:\btbbtt.exec:\btbbtt.exe125⤵
-
\??\c:\jpdvp.exec:\jpdvp.exe126⤵
-
\??\c:\xrffffx.exec:\xrffffx.exe127⤵
-
\??\c:\ffffxff.exec:\ffffxff.exe128⤵
-
\??\c:\1nnnhn.exec:\1nnnhn.exe129⤵
-
\??\c:\nnhnht.exec:\nnhnht.exe130⤵
-
\??\c:\7jpvd.exec:\7jpvd.exe131⤵
-
\??\c:\jvpjd.exec:\jvpjd.exe132⤵
-
\??\c:\lxxrlff.exec:\lxxrlff.exe133⤵
-
\??\c:\bnhtnh.exec:\bnhtnh.exe134⤵
-
\??\c:\btbbbt.exec:\btbbbt.exe135⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe136⤵
-
\??\c:\jddvp.exec:\jddvp.exe137⤵
-
\??\c:\rlrrlll.exec:\rlrrlll.exe138⤵
-
\??\c:\5fxxxxf.exec:\5fxxxxf.exe139⤵
-
\??\c:\nbhhbt.exec:\nbhhbt.exe140⤵
-
\??\c:\bbbtnn.exec:\bbbtnn.exe141⤵
-
\??\c:\pjvpj.exec:\pjvpj.exe142⤵
-
\??\c:\3frlrrx.exec:\3frlrrx.exe143⤵
-
\??\c:\rfrlffx.exec:\rfrlffx.exe144⤵
-
\??\c:\bbtnhn.exec:\bbtnhn.exe145⤵
-
\??\c:\hhhbbb.exec:\hhhbbb.exe146⤵
-
\??\c:\jvjjj.exec:\jvjjj.exe147⤵
-
\??\c:\lfrrrrx.exec:\lfrrrrx.exe148⤵
-
\??\c:\7flllll.exec:\7flllll.exe149⤵
-
\??\c:\bnttnb.exec:\bnttnb.exe150⤵
-
\??\c:\bttbtt.exec:\bttbtt.exe151⤵
-
\??\c:\vvddd.exec:\vvddd.exe152⤵
-
\??\c:\vpdvd.exec:\vpdvd.exe153⤵
-
\??\c:\xfrflrr.exec:\xfrflrr.exe154⤵
-
\??\c:\3nhbtn.exec:\3nhbtn.exe155⤵
-
\??\c:\bbhnht.exec:\bbhnht.exe156⤵
-
\??\c:\5jjpd.exec:\5jjpd.exe157⤵
-
\??\c:\9jppp.exec:\9jppp.exe158⤵
-
\??\c:\1lrrlrx.exec:\1lrrlrx.exe159⤵
-
\??\c:\9lrrxxl.exec:\9lrrxxl.exe160⤵
-
\??\c:\thtttt.exec:\thtttt.exe161⤵
-
\??\c:\7ppjd.exec:\7ppjd.exe162⤵
-
\??\c:\vvjpp.exec:\vvjpp.exe163⤵
-
\??\c:\rrxxxxx.exec:\rrxxxxx.exe164⤵
-
\??\c:\rrrlrrf.exec:\rrrlrrf.exe165⤵
-
\??\c:\nhnbbb.exec:\nhnbbb.exe166⤵
-
\??\c:\7ttnhh.exec:\7ttnhh.exe167⤵
-
\??\c:\3ppjp.exec:\3ppjp.exe168⤵
-
\??\c:\djdpj.exec:\djdpj.exe169⤵
-
\??\c:\rrfxffl.exec:\rrfxffl.exe170⤵
-
\??\c:\7frlfrf.exec:\7frlfrf.exe171⤵
-
\??\c:\ntthht.exec:\ntthht.exe172⤵
-
\??\c:\vvjvp.exec:\vvjvp.exe173⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe174⤵
-
\??\c:\5rlfxxl.exec:\5rlfxxl.exe175⤵
-
\??\c:\tntttt.exec:\tntttt.exe176⤵
-
\??\c:\pvpjv.exec:\pvpjv.exe177⤵
-
\??\c:\ppjdv.exec:\ppjdv.exe178⤵
-
\??\c:\5xxrflf.exec:\5xxrflf.exe179⤵
-
\??\c:\hhnnth.exec:\hhnnth.exe180⤵
-
\??\c:\hhnhbb.exec:\hhnhbb.exe181⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe182⤵
-
\??\c:\9ffffff.exec:\9ffffff.exe183⤵
-
\??\c:\hntttt.exec:\hntttt.exe184⤵
-
\??\c:\tnnhhh.exec:\tnnhhh.exe185⤵
-
\??\c:\1vddp.exec:\1vddp.exe186⤵
-
\??\c:\ntbttb.exec:\ntbttb.exe187⤵
-
\??\c:\bbhhtt.exec:\bbhhtt.exe188⤵
-
\??\c:\5djjd.exec:\5djjd.exe189⤵
-
\??\c:\pjjjj.exec:\pjjjj.exe190⤵
-
\??\c:\rrfxxxf.exec:\rrfxxxf.exe191⤵
-
\??\c:\fxxrffl.exec:\fxxrffl.exe192⤵
-
\??\c:\ttnnhh.exec:\ttnnhh.exe193⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe194⤵
-
\??\c:\ppppd.exec:\ppppd.exe195⤵
-
\??\c:\frrrrrr.exec:\frrrrrr.exe196⤵
-
\??\c:\fxrlffx.exec:\fxrlffx.exe197⤵
-
\??\c:\9tttnn.exec:\9tttnn.exe198⤵
-
\??\c:\bnbbbb.exec:\bnbbbb.exe199⤵
-
\??\c:\jvvvv.exec:\jvvvv.exe200⤵
-
\??\c:\ddvvv.exec:\ddvvv.exe201⤵
-
\??\c:\fxfxrrr.exec:\fxfxrrr.exe202⤵
-
\??\c:\rfxrrrr.exec:\rfxrrrr.exe203⤵
-
\??\c:\hbtnhh.exec:\hbtnhh.exe204⤵
-
\??\c:\thtntt.exec:\thtntt.exe205⤵
-
\??\c:\pjvpj.exec:\pjvpj.exe206⤵
-
\??\c:\1vjdj.exec:\1vjdj.exe207⤵
-
\??\c:\xrrrrxr.exec:\xrrrrxr.exe208⤵
-
\??\c:\9llxrlx.exec:\9llxrlx.exe209⤵
-
\??\c:\7tthbb.exec:\7tthbb.exe210⤵
-
\??\c:\7vdvp.exec:\7vdvp.exe211⤵
-
\??\c:\7jdvj.exec:\7jdvj.exe212⤵
-
\??\c:\rlffrrx.exec:\rlffrrx.exe213⤵
-
\??\c:\lfllllf.exec:\lfllllf.exe214⤵
-
\??\c:\nbnttb.exec:\nbnttb.exe215⤵
-
\??\c:\5bhbtb.exec:\5bhbtb.exe216⤵
-
\??\c:\vdvpp.exec:\vdvpp.exe217⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe218⤵
-
\??\c:\1xrfxff.exec:\1xrfxff.exe219⤵
-
\??\c:\3lrxxxr.exec:\3lrxxxr.exe220⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe221⤵
-
\??\c:\hntnhb.exec:\hntnhb.exe222⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe223⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe224⤵
-
\??\c:\xxrxxll.exec:\xxrxxll.exe225⤵
-
\??\c:\5lfxxxr.exec:\5lfxxxr.exe226⤵
-
\??\c:\bbhhhh.exec:\bbhhhh.exe227⤵
-
\??\c:\hthbhh.exec:\hthbhh.exe228⤵
-
\??\c:\nththb.exec:\nththb.exe229⤵
-
\??\c:\dvppj.exec:\dvppj.exe230⤵
-
\??\c:\9flllrl.exec:\9flllrl.exe231⤵
-
\??\c:\frlllrl.exec:\frlllrl.exe232⤵
-
\??\c:\rffxrrl.exec:\rffxrrl.exe233⤵
-
\??\c:\ttbbhb.exec:\ttbbhb.exe234⤵
-
\??\c:\bthnnb.exec:\bthnnb.exe235⤵
-
\??\c:\3dddd.exec:\3dddd.exe236⤵
-
\??\c:\dvddv.exec:\dvddv.exe237⤵
-
\??\c:\lrrlxxr.exec:\lrrlxxr.exe238⤵
-
\??\c:\fxxxrxf.exec:\fxxxrxf.exe239⤵
-
\??\c:\nntttt.exec:\nntttt.exe240⤵