Analysis
-
max time kernel
151s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
07-11-2022 05:37
General
-
Target
ddce74347d53f88c83beaeb75991284c9fca6dbfe90e3839774256f74909fd0d.exe
-
Size
74KB
-
MD5
13015d8663a6504d2e772c5f9c47bb30
-
SHA1
9b981d550564494fe2d7274475cb6e71390178a0
-
SHA256
ddce74347d53f88c83beaeb75991284c9fca6dbfe90e3839774256f74909fd0d
-
SHA512
3ec821ccdd19420c5dd63d6a7c9607e45a4e80a7536cf21bd8da0799f66e638cbd38b6420ebc485a4408f90fda281f33b33a7e45c6a0b1d48b4ef61d6604c1b0
-
SSDEEP
1536:0vQBeOGtrYS3srx93UBWfwC6Ggnouy8CUYj7FHVNK+tRlBkRU7:0hOmTsF93UYfwC6GIoutXwjPRlBk4
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 33 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ddce74347d53f88c83beaeb75991284c9fca6dbfe90e3839774256f74909fd0d.exe"C:\Users\Admin\AppData\Local\Temp\ddce74347d53f88c83beaeb75991284c9fca6dbfe90e3839774256f74909fd0d.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\8l1hl.exec:\8l1hl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\96st461.exec:\96st461.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rwpn4.exec:\rwpn4.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\l6upt.exec:\l6upt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\r1xw6j.exec:\r1xw6j.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2bc9986.exec:\2bc9986.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jgi69.exec:\jgi69.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8ii5970.exec:\8ii5970.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dis1et.exec:\dis1et.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qk1q740.exec:\qk1q740.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\594s7.exec:\594s7.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\71wo9.exec:\71wo9.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qp38h7.exec:\qp38h7.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\01qx2wo.exec:\01qx2wo.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\p80o71.exec:\p80o71.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\20289.exec:\20289.exe17⤵
- Executes dropped EXE
-
\??\c:\6ww77.exec:\6ww77.exe18⤵
- Executes dropped EXE
-
\??\c:\x58j937.exec:\x58j937.exe19⤵
- Executes dropped EXE
-
\??\c:\1k196c7.exec:\1k196c7.exe20⤵
- Executes dropped EXE
-
\??\c:\pe9mr1q.exec:\pe9mr1q.exe21⤵
- Executes dropped EXE
-
\??\c:\65eq37m.exec:\65eq37m.exe22⤵
- Executes dropped EXE
-
\??\c:\7sr4ax3.exec:\7sr4ax3.exe23⤵
- Executes dropped EXE
-
\??\c:\631u9.exec:\631u9.exe24⤵
- Executes dropped EXE
-
\??\c:\oi3q3.exec:\oi3q3.exe25⤵
- Executes dropped EXE
-
\??\c:\6f3df2.exec:\6f3df2.exe26⤵
- Executes dropped EXE
-
\??\c:\uomv359.exec:\uomv359.exe27⤵
- Executes dropped EXE
-
\??\c:\i9do9.exec:\i9do9.exe28⤵
- Executes dropped EXE
-
\??\c:\4o0220.exec:\4o0220.exe29⤵
- Executes dropped EXE
-
\??\c:\628m36.exec:\628m36.exe30⤵
- Executes dropped EXE
-
\??\c:\5w5xrx.exec:\5w5xrx.exe31⤵
- Executes dropped EXE
-
\??\c:\8v8ij5a.exec:\8v8ij5a.exe32⤵
- Executes dropped EXE
-
\??\c:\2eibv3k.exec:\2eibv3k.exe33⤵
- Executes dropped EXE
-
\??\c:\ddjf2.exec:\ddjf2.exe34⤵
- Executes dropped EXE
-
\??\c:\490mw.exec:\490mw.exe35⤵
- Executes dropped EXE
-
\??\c:\kah3762.exec:\kah3762.exe36⤵
- Executes dropped EXE
-
\??\c:\6te6vo.exec:\6te6vo.exe37⤵
- Executes dropped EXE
-
\??\c:\xl6rk.exec:\xl6rk.exe38⤵
- Executes dropped EXE
-
\??\c:\1i10h1.exec:\1i10h1.exe39⤵
- Executes dropped EXE
-
\??\c:\9g74n9.exec:\9g74n9.exe40⤵
- Executes dropped EXE
-
\??\c:\ss1kg7.exec:\ss1kg7.exe41⤵
- Executes dropped EXE
-
\??\c:\0b33iv6.exec:\0b33iv6.exe42⤵
- Executes dropped EXE
-
\??\c:\5x1up3g.exec:\5x1up3g.exe43⤵
- Executes dropped EXE
-
\??\c:\8p7q7.exec:\8p7q7.exe44⤵
- Executes dropped EXE
-
\??\c:\j4ab5d.exec:\j4ab5d.exe45⤵
- Executes dropped EXE
-
\??\c:\095e023.exec:\095e023.exe46⤵
- Executes dropped EXE
-
\??\c:\3ah902.exec:\3ah902.exe47⤵
- Executes dropped EXE
-
\??\c:\1x5l6f.exec:\1x5l6f.exe48⤵
- Executes dropped EXE
-
\??\c:\4422s.exec:\4422s.exe49⤵
- Executes dropped EXE
-
\??\c:\pp76v12.exec:\pp76v12.exe50⤵
- Executes dropped EXE
-
\??\c:\91edf00.exec:\91edf00.exe51⤵
- Executes dropped EXE
-
\??\c:\9rl28.exec:\9rl28.exe52⤵
- Executes dropped EXE
-
\??\c:\78s2pwc.exec:\78s2pwc.exe53⤵
- Executes dropped EXE
-
\??\c:\0tc3sv.exec:\0tc3sv.exe54⤵
- Executes dropped EXE
-
\??\c:\l79mcuw.exec:\l79mcuw.exe55⤵
- Executes dropped EXE
-
\??\c:\1747n48.exec:\1747n48.exe56⤵
- Executes dropped EXE
-
\??\c:\5s62u.exec:\5s62u.exe57⤵
- Executes dropped EXE
-
\??\c:\2k31e.exec:\2k31e.exe58⤵
- Executes dropped EXE
-
\??\c:\3or54e.exec:\3or54e.exe59⤵
- Executes dropped EXE
-
\??\c:\7b0g9.exec:\7b0g9.exe60⤵
- Executes dropped EXE
-
\??\c:\rx56n0.exec:\rx56n0.exe61⤵
- Executes dropped EXE
-
\??\c:\j2m8xh.exec:\j2m8xh.exe62⤵
- Executes dropped EXE
-
\??\c:\dp2c9g.exec:\dp2c9g.exe63⤵
- Executes dropped EXE
-
\??\c:\4k2l0.exec:\4k2l0.exe64⤵
- Executes dropped EXE
-
\??\c:\x07796n.exec:\x07796n.exe65⤵
- Executes dropped EXE
-
\??\c:\ec59rb7.exec:\ec59rb7.exe66⤵
-
\??\c:\t9lb002.exec:\t9lb002.exe67⤵
-
\??\c:\7k8jk08.exec:\7k8jk08.exe68⤵
-
\??\c:\h33u2q.exec:\h33u2q.exe69⤵
-
\??\c:\4ihkh8.exec:\4ihkh8.exe70⤵
-
\??\c:\0621u.exec:\0621u.exe71⤵
-
\??\c:\2u932f.exec:\2u932f.exe72⤵
-
\??\c:\6awwm14.exec:\6awwm14.exe73⤵
-
\??\c:\6sm7t1m.exec:\6sm7t1m.exe74⤵
-
\??\c:\vll19w.exec:\vll19w.exe75⤵
-
\??\c:\3b8an.exec:\3b8an.exe76⤵
-
\??\c:\la65f86.exec:\la65f86.exe77⤵
-
\??\c:\hhr8o0.exec:\hhr8o0.exe78⤵
-
\??\c:\216eat4.exec:\216eat4.exe79⤵
-
\??\c:\c2iloo1.exec:\c2iloo1.exe80⤵
-
\??\c:\q94kw.exec:\q94kw.exe81⤵
-
\??\c:\v0t7431.exec:\v0t7431.exe82⤵
-
\??\c:\105c8c1.exec:\105c8c1.exe83⤵
-
\??\c:\xcj9j.exec:\xcj9j.exe84⤵
-
\??\c:\4mi3h8.exec:\4mi3h8.exe85⤵
-
\??\c:\x41aq5.exec:\x41aq5.exe86⤵
-
\??\c:\nu4t042.exec:\nu4t042.exe87⤵
-
\??\c:\v0ti5k.exec:\v0ti5k.exe88⤵
-
\??\c:\0fp21h6.exec:\0fp21h6.exe89⤵
-
\??\c:\oe1lhf.exec:\oe1lhf.exe90⤵
-
\??\c:\1n5mf.exec:\1n5mf.exe91⤵
-
\??\c:\l8pjx.exec:\l8pjx.exe92⤵
-
\??\c:\v1mmfm.exec:\v1mmfm.exe93⤵
-
\??\c:\l4j1g74.exec:\l4j1g74.exe94⤵
-
\??\c:\3588ba.exec:\3588ba.exe95⤵
-
\??\c:\jv1sq74.exec:\jv1sq74.exe96⤵
-
\??\c:\ggk69.exec:\ggk69.exe97⤵
-
\??\c:\34dhc.exec:\34dhc.exe98⤵
-
\??\c:\8wlb4.exec:\8wlb4.exe99⤵
-
\??\c:\66482.exec:\66482.exe100⤵
-
\??\c:\c2f0w5.exec:\c2f0w5.exe101⤵
-
\??\c:\vn217wi.exec:\vn217wi.exe102⤵
-
\??\c:\hp0463.exec:\hp0463.exe103⤵
-
\??\c:\01rtja0.exec:\01rtja0.exe104⤵
-
\??\c:\fqao70.exec:\fqao70.exe105⤵
-
\??\c:\qf0ri.exec:\qf0ri.exe106⤵
-
\??\c:\67kvl.exec:\67kvl.exe107⤵
-
\??\c:\re7nfn.exec:\re7nfn.exe108⤵
-
\??\c:\stt8k.exec:\stt8k.exe109⤵
-
\??\c:\8h422fb.exec:\8h422fb.exe110⤵
-
\??\c:\74ad1xr.exec:\74ad1xr.exe111⤵
-
\??\c:\d88up98.exec:\d88up98.exe112⤵
-
\??\c:\4567l.exec:\4567l.exe113⤵
-
\??\c:\nh813nn.exec:\nh813nn.exe114⤵
-
\??\c:\7h54eid.exec:\7h54eid.exe115⤵
-
\??\c:\ee7ra3.exec:\ee7ra3.exe116⤵
-
\??\c:\8heqca.exec:\8heqca.exe117⤵
-
\??\c:\jx0w1.exec:\jx0w1.exe118⤵
-
\??\c:\31262.exec:\31262.exe119⤵
-
\??\c:\nsq7wc.exec:\nsq7wc.exe120⤵
-
\??\c:\94a0a.exec:\94a0a.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-