Analysis
-
max time kernel
153s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
06/11/2022, 04:25
General
-
Target
2204f69c21a2879a979596a2df59a6dd283cde2b40cbf5051547329f0cfed407.exe
-
Size
51KB
-
MD5
39c3acec9ffa8fac3d57b0e7880f2c20
-
SHA1
2aa16281a1508708d3ebcacf67ce42da5d4fe83e
-
SHA256
2204f69c21a2879a979596a2df59a6dd283cde2b40cbf5051547329f0cfed407
-
SHA512
ec71aadebcd4e06c5b89b4b6ebb46feb516d395d678a57058d67b11114465a450df036026c7d852092aa91f6ad8972790f3142dc4a2fd48058f758b2f96710ca
-
SSDEEP
1536:0vQBeOGtrYS3srx93UBWfwC6Ggnouy8CUYj7rc1:0hOmTsF93UYfwC6GIoutXIc1
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 61 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2204f69c21a2879a979596a2df59a6dd283cde2b40cbf5051547329f0cfed407.exe"C:\Users\Admin\AppData\Local\Temp\2204f69c21a2879a979596a2df59a6dd283cde2b40cbf5051547329f0cfed407.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\8i193.exec:\8i193.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\178l51.exec:\178l51.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\65wjs.exec:\65wjs.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\563hc.exec:\563hc.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2e6ip9.exec:\2e6ip9.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8w50q.exec:\8w50q.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\67b1so.exec:\67b1so.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\j5o5ska.exec:\j5o5ska.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\st3p1.exec:\st3p1.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6okaws.exec:\6okaws.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\99htsq.exec:\99htsq.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\85c7q.exec:\85c7q.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\63ab1o.exec:\63ab1o.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w1s157.exec:\w1s157.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a5m5n08.exec:\a5m5n08.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\31937el.exec:\31937el.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5p6cb.exec:\5p6cb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\81957i.exec:\81957i.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\asko94a.exec:\asko94a.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6v9w9.exec:\6v9w9.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8u9m2a.exec:\8u9m2a.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ps27rdr.exec:\ps27rdr.exe23⤵
- Executes dropped EXE
-
\??\c:\k2o16gd.exec:\k2o16gd.exe24⤵
- Executes dropped EXE
-
\??\c:\8g65na5.exec:\8g65na5.exe25⤵
- Executes dropped EXE
-
\??\c:\hg378.exec:\hg378.exe26⤵
- Executes dropped EXE
-
\??\c:\1e9eg.exec:\1e9eg.exe27⤵
- Executes dropped EXE
-
\??\c:\r59r6w.exec:\r59r6w.exe28⤵
- Executes dropped EXE
-
\??\c:\av94h02.exec:\av94h02.exe29⤵
- Executes dropped EXE
-
\??\c:\u2c78.exec:\u2c78.exe30⤵
- Executes dropped EXE
-
\??\c:\e822j8h.exec:\e822j8h.exe31⤵
- Executes dropped EXE
-
\??\c:\35lt6nt.exec:\35lt6nt.exe32⤵
- Executes dropped EXE
-
\??\c:\ui12l.exec:\ui12l.exe33⤵
- Executes dropped EXE
-
\??\c:\j8u769.exec:\j8u769.exe34⤵
- Executes dropped EXE
-
\??\c:\53s97.exec:\53s97.exe35⤵
- Executes dropped EXE
-
\??\c:\5cau2as.exec:\5cau2as.exe36⤵
- Executes dropped EXE
-
\??\c:\1ox4h9.exec:\1ox4h9.exe37⤵
- Executes dropped EXE
-
\??\c:\njrfic.exec:\njrfic.exe38⤵
- Executes dropped EXE
-
\??\c:\7592f.exec:\7592f.exe39⤵
- Executes dropped EXE
-
\??\c:\23c37d.exec:\23c37d.exe40⤵
- Executes dropped EXE
-
\??\c:\1622731.exec:\1622731.exe41⤵
- Executes dropped EXE
-
\??\c:\391711p.exec:\391711p.exe42⤵
- Executes dropped EXE
-
\??\c:\o32m7u.exec:\o32m7u.exe43⤵
- Executes dropped EXE
-
\??\c:\ew3of58.exec:\ew3of58.exe44⤵
- Executes dropped EXE
-
\??\c:\5c46o6.exec:\5c46o6.exe45⤵
- Executes dropped EXE
-
\??\c:\4205v3.exec:\4205v3.exe46⤵
- Executes dropped EXE
-
\??\c:\9t6m9.exec:\9t6m9.exe47⤵
- Executes dropped EXE
-
\??\c:\0c1tw.exec:\0c1tw.exe48⤵
- Executes dropped EXE
-
\??\c:\kot07.exec:\kot07.exe49⤵
- Executes dropped EXE
-
\??\c:\691040r.exec:\691040r.exe50⤵
- Executes dropped EXE
-
\??\c:\a9i74.exec:\a9i74.exe51⤵
- Executes dropped EXE
-
\??\c:\0r8mdo2.exec:\0r8mdo2.exe52⤵
- Executes dropped EXE
-
\??\c:\95krq6.exec:\95krq6.exe53⤵
- Executes dropped EXE
-
\??\c:\6931d.exec:\6931d.exe54⤵
- Executes dropped EXE
-
\??\c:\hajcb.exec:\hajcb.exe55⤵
- Executes dropped EXE
-
\??\c:\cp559t.exec:\cp559t.exe56⤵
- Executes dropped EXE
-
\??\c:\c9753.exec:\c9753.exe57⤵
- Executes dropped EXE
-
\??\c:\cw78e1.exec:\cw78e1.exe58⤵
- Executes dropped EXE
-
\??\c:\8995kk9.exec:\8995kk9.exe59⤵
- Executes dropped EXE
-
\??\c:\n2cb67.exec:\n2cb67.exe60⤵
- Executes dropped EXE
-
\??\c:\4l2062.exec:\4l2062.exe61⤵
- Executes dropped EXE
-
\??\c:\h8a40.exec:\h8a40.exe62⤵
- Executes dropped EXE
-
\??\c:\2d1r5kl.exec:\2d1r5kl.exe63⤵
- Executes dropped EXE
-
\??\c:\pe124.exec:\pe124.exe64⤵
- Executes dropped EXE
-
\??\c:\gc9wct7.exec:\gc9wct7.exe65⤵
- Executes dropped EXE
-
\??\c:\gdg5pw.exec:\gdg5pw.exe66⤵
-
\??\c:\x92m1.exec:\x92m1.exe67⤵
-
\??\c:\r48d7.exec:\r48d7.exe68⤵
-
\??\c:\hp88g1.exec:\hp88g1.exe69⤵
-
\??\c:\nb66s9.exec:\nb66s9.exe70⤵
-
\??\c:\qd71357.exec:\qd71357.exe71⤵
-
\??\c:\h5r54t.exec:\h5r54t.exe72⤵
-
\??\c:\sm70330.exec:\sm70330.exe73⤵
-
\??\c:\em17359.exec:\em17359.exe74⤵
-
\??\c:\46b3tgv.exec:\46b3tgv.exe75⤵
-
\??\c:\774tp4.exec:\774tp4.exe76⤵
-
\??\c:\f99k9uh.exec:\f99k9uh.exe77⤵
-
\??\c:\439f42.exec:\439f42.exe78⤵
-
\??\c:\u35e991.exec:\u35e991.exe79⤵
-
\??\c:\f3i75p.exec:\f3i75p.exe80⤵
-
\??\c:\i99ci.exec:\i99ci.exe81⤵
-
\??\c:\94x48nf.exec:\94x48nf.exe82⤵
-
\??\c:\14b4cr.exec:\14b4cr.exe83⤵
-
\??\c:\086l8d.exec:\086l8d.exe84⤵
-
\??\c:\w3f64.exec:\w3f64.exe85⤵
-
\??\c:\n47ok.exec:\n47ok.exe86⤵
-
\??\c:\x9iaew.exec:\x9iaew.exe87⤵
-
\??\c:\6d3khu.exec:\6d3khu.exe88⤵
-
\??\c:\4n0sa.exec:\4n0sa.exe89⤵
-
\??\c:\1t0e30.exec:\1t0e30.exe90⤵
-
\??\c:\h4rnwa6.exec:\h4rnwa6.exe91⤵
-
\??\c:\ippi1p.exec:\ippi1p.exe92⤵
-
\??\c:\u47jxv.exec:\u47jxv.exe93⤵
-
\??\c:\55c33.exec:\55c33.exe94⤵
-
\??\c:\qqt8s.exec:\qqt8s.exe95⤵
-
\??\c:\8kj6l.exec:\8kj6l.exe96⤵
-
\??\c:\5uqggug.exec:\5uqggug.exe97⤵
-
\??\c:\5p9nos.exec:\5p9nos.exe98⤵
-
\??\c:\0wn7q.exec:\0wn7q.exe99⤵
-
\??\c:\eu930a9.exec:\eu930a9.exe100⤵
-
\??\c:\29a1q5.exec:\29a1q5.exe101⤵
-
\??\c:\64rbsaq.exec:\64rbsaq.exe102⤵
-
\??\c:\j18tdok.exec:\j18tdok.exe103⤵
-
\??\c:\2swi9.exec:\2swi9.exe104⤵
-
\??\c:\x2mggi.exec:\x2mggi.exe105⤵
-
\??\c:\3dwbr.exec:\3dwbr.exe106⤵
-
\??\c:\7pb2g.exec:\7pb2g.exe107⤵
-
\??\c:\8b1exg.exec:\8b1exg.exe108⤵
-
\??\c:\7f4533.exec:\7f4533.exe109⤵
-
\??\c:\xdii1.exec:\xdii1.exe110⤵
-
\??\c:\114u19.exec:\114u19.exe111⤵
-
\??\c:\r0a19gx.exec:\r0a19gx.exe112⤵
-
\??\c:\921d312.exec:\921d312.exe113⤵
-
\??\c:\sh78h5k.exec:\sh78h5k.exe114⤵
-
\??\c:\w2gs0.exec:\w2gs0.exe115⤵
-
\??\c:\pgd7u1.exec:\pgd7u1.exe116⤵
-
\??\c:\aw4mr1.exec:\aw4mr1.exe117⤵
-
\??\c:\u1qnq.exec:\u1qnq.exe118⤵
-
\??\c:\l7s743r.exec:\l7s743r.exe119⤵
-
\??\c:\49108.exec:\49108.exe120⤵
-
\??\c:\p8cs42l.exec:\p8cs42l.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-