Analysis
-
max time kernel
152s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
07/11/2022, 05:38
General
-
Target
a6839c3f7a1951e733a0fc64c80e48c0e9e3c99f261d257e8175ce0d276736b6.exe
-
Size
62KB
-
MD5
12572e804d954c1b67fc8c4aabafc870
-
SHA1
d19a99d7ad024bd67bad339e7e1f4cf08f9ebdae
-
SHA256
a6839c3f7a1951e733a0fc64c80e48c0e9e3c99f261d257e8175ce0d276736b6
-
SHA512
47266c0418e04ebc5b8985ad238969dc38e6ef190153fc27d636d49250c86a00ef1874e3a50e17af914bc8d94f1c9919a1118c6b8bccf9b0a5c470d5b0530e07
-
SSDEEP
1536:0vQBeOGtrYS3srx93UBWfwC6Ggnouy8CUYj7qQAN:0hOmTsF93UYfwC6GIoutX0O
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 61 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a6839c3f7a1951e733a0fc64c80e48c0e9e3c99f261d257e8175ce0d276736b6.exe"C:\Users\Admin\AppData\Local\Temp\a6839c3f7a1951e733a0fc64c80e48c0e9e3c99f261d257e8175ce0d276736b6.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\h9t0g4.exec:\h9t0g4.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\484hh.exec:\484hh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2sh5u.exec:\2sh5u.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\imvdd05.exec:\imvdd05.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jer0.exec:\9jer0.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2qp63aq.exec:\2qp63aq.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\27usw.exec:\27usw.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qq347hh.exec:\qq347hh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6wo4u2w.exec:\6wo4u2w.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\p087k7e.exec:\p087k7e.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ew9ex.exec:\ew9ex.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\25914he.exec:\25914he.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\j361x33.exec:\j361x33.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q35l6.exec:\q35l6.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pv1031.exec:\pv1031.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\kb9h99.exec:\kb9h99.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\19dg6.exec:\19dg6.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4n68406.exec:\4n68406.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ioqc9.exec:\ioqc9.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3l3aj9.exec:\3l3aj9.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rjkqqh.exec:\rjkqqh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v180d1.exec:\v180d1.exe23⤵
- Executes dropped EXE
-
\??\c:\k9017.exec:\k9017.exe24⤵
- Executes dropped EXE
-
\??\c:\31ilm3.exec:\31ilm3.exe25⤵
- Executes dropped EXE
-
\??\c:\t14s7x5.exec:\t14s7x5.exe26⤵
- Executes dropped EXE
-
\??\c:\nw453.exec:\nw453.exe27⤵
- Executes dropped EXE
-
\??\c:\3bb5782.exec:\3bb5782.exe28⤵
- Executes dropped EXE
-
\??\c:\t6767.exec:\t6767.exe29⤵
- Executes dropped EXE
-
\??\c:\538vwcs.exec:\538vwcs.exe30⤵
- Executes dropped EXE
-
\??\c:\vnnjfrt.exec:\vnnjfrt.exe31⤵
- Executes dropped EXE
-
\??\c:\255cx.exec:\255cx.exe32⤵
- Executes dropped EXE
-
\??\c:\71t6s.exec:\71t6s.exe33⤵
- Executes dropped EXE
-
\??\c:\m5l1i4.exec:\m5l1i4.exe34⤵
- Executes dropped EXE
-
\??\c:\22ccgen.exec:\22ccgen.exe35⤵
- Executes dropped EXE
-
\??\c:\2oc6j.exec:\2oc6j.exe36⤵
- Executes dropped EXE
-
\??\c:\n2342x3.exec:\n2342x3.exe37⤵
- Executes dropped EXE
-
\??\c:\013m1.exec:\013m1.exe38⤵
- Executes dropped EXE
-
\??\c:\5ap9m7.exec:\5ap9m7.exe39⤵
- Executes dropped EXE
-
\??\c:\rsse3bb.exec:\rsse3bb.exe40⤵
- Executes dropped EXE
-
\??\c:\vgmq9w.exec:\vgmq9w.exe41⤵
- Executes dropped EXE
-
\??\c:\2mffmpb.exec:\2mffmpb.exe42⤵
- Executes dropped EXE
-
\??\c:\0kl39a.exec:\0kl39a.exe43⤵
- Executes dropped EXE
-
\??\c:\b1kjk.exec:\b1kjk.exe44⤵
- Executes dropped EXE
-
\??\c:\xt99k.exec:\xt99k.exe45⤵
- Executes dropped EXE
-
\??\c:\tc9a1.exec:\tc9a1.exe46⤵
- Executes dropped EXE
-
\??\c:\43sbwc.exec:\43sbwc.exe47⤵
- Executes dropped EXE
-
\??\c:\3119k3.exec:\3119k3.exe48⤵
- Executes dropped EXE
-
\??\c:\n3ifsbx.exec:\n3ifsbx.exe49⤵
- Executes dropped EXE
-
\??\c:\7op17.exec:\7op17.exe50⤵
- Executes dropped EXE
-
\??\c:\9ip6660.exec:\9ip6660.exe51⤵
- Executes dropped EXE
-
\??\c:\6u4fms.exec:\6u4fms.exe52⤵
- Executes dropped EXE
-
\??\c:\f1n59co.exec:\f1n59co.exe53⤵
- Executes dropped EXE
-
\??\c:\1g72dw5.exec:\1g72dw5.exe54⤵
- Executes dropped EXE
-
\??\c:\skn675.exec:\skn675.exe55⤵
- Executes dropped EXE
-
\??\c:\3316dp.exec:\3316dp.exe56⤵
- Executes dropped EXE
-
\??\c:\xt7894.exec:\xt7894.exe57⤵
- Executes dropped EXE
-
\??\c:\l93lsei.exec:\l93lsei.exe58⤵
- Executes dropped EXE
-
\??\c:\krp3t39.exec:\krp3t39.exe59⤵
- Executes dropped EXE
-
\??\c:\0xtq3q.exec:\0xtq3q.exe60⤵
- Executes dropped EXE
-
\??\c:\gei9pb.exec:\gei9pb.exe61⤵
- Executes dropped EXE
-
\??\c:\l454q4c.exec:\l454q4c.exe62⤵
- Executes dropped EXE
-
\??\c:\n5jsa.exec:\n5jsa.exe63⤵
- Executes dropped EXE
-
\??\c:\fp4f2q6.exec:\fp4f2q6.exe64⤵
- Executes dropped EXE
-
\??\c:\n3c0h8.exec:\n3c0h8.exe65⤵
- Executes dropped EXE
-
\??\c:\235rla.exec:\235rla.exe66⤵
-
\??\c:\04q0i.exec:\04q0i.exe67⤵
-
\??\c:\831h93.exec:\831h93.exe68⤵
-
\??\c:\bq56wc.exec:\bq56wc.exe69⤵
-
\??\c:\om28l78.exec:\om28l78.exe70⤵
-
\??\c:\sewi5.exec:\sewi5.exe71⤵
-
\??\c:\xdvn3.exec:\xdvn3.exe72⤵
-
\??\c:\ktwi3.exec:\ktwi3.exe73⤵
-
\??\c:\gvjt99.exec:\gvjt99.exe74⤵
-
\??\c:\a23du5r.exec:\a23du5r.exe75⤵
-
\??\c:\49d94r.exec:\49d94r.exe76⤵
-
\??\c:\6u12874.exec:\6u12874.exe77⤵
-
\??\c:\6bq4r.exec:\6bq4r.exe78⤵
-
\??\c:\1g13p8.exec:\1g13p8.exe79⤵
-
\??\c:\37p7mf8.exec:\37p7mf8.exe80⤵
-
\??\c:\8d1o309.exec:\8d1o309.exe81⤵
-
\??\c:\qn62r6.exec:\qn62r6.exe82⤵
-
\??\c:\7ld9w4.exec:\7ld9w4.exe83⤵
-
\??\c:\e990t.exec:\e990t.exe84⤵
-
\??\c:\8l4cp69.exec:\8l4cp69.exe85⤵
-
\??\c:\6tosucs.exec:\6tosucs.exe86⤵
-
\??\c:\o69i9.exec:\o69i9.exe87⤵
-
\??\c:\hhd2228.exec:\hhd2228.exe88⤵
-
\??\c:\43j9e2.exec:\43j9e2.exe89⤵
-
\??\c:\k7va0.exec:\k7va0.exe90⤵
-
\??\c:\73omb.exec:\73omb.exe91⤵
-
\??\c:\hxise4q.exec:\hxise4q.exe92⤵
-
\??\c:\4i994l.exec:\4i994l.exe93⤵
-
\??\c:\1lhu5up.exec:\1lhu5up.exe94⤵
-
\??\c:\l98f2c.exec:\l98f2c.exe95⤵
-
\??\c:\71keixw.exec:\71keixw.exe96⤵
-
\??\c:\ov5gl86.exec:\ov5gl86.exe97⤵
-
\??\c:\6kiu8d.exec:\6kiu8d.exe98⤵
-
\??\c:\65c6f5.exec:\65c6f5.exe99⤵
-
\??\c:\t8w4x.exec:\t8w4x.exe100⤵
-
\??\c:\1j5bk.exec:\1j5bk.exe101⤵
-
\??\c:\l28hww.exec:\l28hww.exe102⤵
-
\??\c:\4b8qc.exec:\4b8qc.exe103⤵
-
\??\c:\b9r23we.exec:\b9r23we.exe104⤵
-
\??\c:\v2h0sl.exec:\v2h0sl.exe105⤵
-
\??\c:\1027g.exec:\1027g.exe106⤵
-
\??\c:\hah82i.exec:\hah82i.exe107⤵
-
\??\c:\9085f.exec:\9085f.exe108⤵
-
\??\c:\27cakw.exec:\27cakw.exe109⤵
-
\??\c:\699sev.exec:\699sev.exe110⤵
-
\??\c:\u2169.exec:\u2169.exe111⤵
-
\??\c:\3c91j.exec:\3c91j.exe112⤵
-
\??\c:\551499u.exec:\551499u.exe113⤵
-
\??\c:\svw79de.exec:\svw79de.exe114⤵
-
\??\c:\273b2u.exec:\273b2u.exe115⤵
-
\??\c:\0nmg7q6.exec:\0nmg7q6.exe116⤵
-
\??\c:\sd63n17.exec:\sd63n17.exe117⤵
-
\??\c:\13cgp5r.exec:\13cgp5r.exe118⤵
-
\??\c:\3dhb8.exec:\3dhb8.exe119⤵
-
\??\c:\bnniah3.exec:\bnniah3.exe120⤵
-
\??\c:\6d9nio5.exec:\6d9nio5.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-