Analysis
-
max time kernel
98s -
max time network
161s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
15/10/2023, 16:03
General
-
Target
04c87d03a20b05ea756db5c9e6929750_exe32_JC.exe
-
Size
460KB
-
MD5
04c87d03a20b05ea756db5c9e6929750
-
SHA1
81fa2292e6f6461c9debf488011bb0d2855b3511
-
SHA256
1e1bcaafe725c67d9d57bc2965657d97cde8362c250c19a2c18017c68723dc91
-
SHA512
270278357f537a4f5f34a4891d110e1a74144c77685d866fdb25647ee060369d63fd027f23b26645308222da62d9d0ef06a5d7285595e5cf2a3b8565e54d589f
-
SSDEEP
12288:J4wFHoSTeR0oQRkay+eFp3IDvSbh5nPVP+OKaf1V5:VeR0oykayRFp3lztP+OKaf1V5
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\04c87d03a20b05ea756db5c9e6929750_exe32_JC.exe"C:\Users\Admin\AppData\Local\Temp\04c87d03a20b05ea756db5c9e6929750_exe32_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\n551n.exec:\n551n.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ljfo9.exec:\ljfo9.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\h5rtxtf.exec:\h5rtxtf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\et887.exec:\et887.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\facio.exec:\facio.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\56g0ve6.exec:\56g0ve6.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bla3oe.exec:\bla3oe.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\owe77.exec:\owe77.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\d19wu.exec:\d19wu.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6gg9n1.exec:\6gg9n1.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\06095.exec:\06095.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ruoo0.exec:\ruoo0.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2og737.exec:\2og737.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\harp3p.exec:\harp3p.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\icx15o.exec:\icx15o.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\13024.exec:\13024.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6n9skx9.exec:\6n9skx9.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ib6oqjc.exec:\ib6oqjc.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\35v8smx.exec:\35v8smx.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lgbu9.exec:\lgbu9.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8rm089.exec:\8rm089.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2oe2fn.exec:\2oe2fn.exe4⤵
- Executes dropped EXE
-
-
-
-
\??\c:\7ub3ao.exec:\7ub3ao.exe1⤵
- Executes dropped EXE
-
\??\c:\6kdob5l.exec:\6kdob5l.exe2⤵
- Executes dropped EXE
-
\??\c:\o8h9ri.exec:\o8h9ri.exe3⤵
- Executes dropped EXE
-
\??\c:\n0l345.exec:\n0l345.exe4⤵
- Executes dropped EXE
-
\??\c:\2i0l0.exec:\2i0l0.exe5⤵
- Executes dropped EXE
-
\??\c:\eql9t7.exec:\eql9t7.exe6⤵
- Executes dropped EXE
-
\??\c:\e65lg.exec:\e65lg.exe7⤵
- Executes dropped EXE
-
\??\c:\1793g.exec:\1793g.exe8⤵
- Executes dropped EXE
-
\??\c:\9v633.exec:\9v633.exe9⤵
- Executes dropped EXE
-
\??\c:\16285.exec:\16285.exe10⤵
- Executes dropped EXE
-
\??\c:\xxo9f.exec:\xxo9f.exe11⤵
- Executes dropped EXE
-
\??\c:\8dttr2s.exec:\8dttr2s.exe12⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\q00m2.exec:\q00m2.exe1⤵
- Executes dropped EXE
-
\??\c:\f2boo3.exec:\f2boo3.exe1⤵
- Executes dropped EXE
-
\??\c:\j4s41.exec:\j4s41.exe2⤵
- Executes dropped EXE
-
\??\c:\4v738f.exec:\4v738f.exe3⤵
- Executes dropped EXE
-
\??\c:\0u9dk.exec:\0u9dk.exe4⤵
- Executes dropped EXE
-
\??\c:\e962rpo.exec:\e962rpo.exe5⤵
- Executes dropped EXE
-
\??\c:\474ms.exec:\474ms.exe6⤵
- Executes dropped EXE
-
\??\c:\1g7cm.exec:\1g7cm.exe7⤵
- Executes dropped EXE
-
\??\c:\85s67.exec:\85s67.exe8⤵
- Executes dropped EXE
-
\??\c:\8g7rcu.exec:\8g7rcu.exe9⤵
- Executes dropped EXE
-
\??\c:\7p363n6.exec:\7p363n6.exe10⤵
- Executes dropped EXE
-
\??\c:\kltsca.exec:\kltsca.exe11⤵
- Executes dropped EXE
-
\??\c:\hkthod5.exec:\hkthod5.exe12⤵
- Executes dropped EXE
-
\??\c:\84g25.exec:\84g25.exe13⤵
- Executes dropped EXE
-
\??\c:\e06fvlp.exec:\e06fvlp.exe14⤵
- Executes dropped EXE
-
\??\c:\5k5c2.exec:\5k5c2.exe15⤵
-
\??\c:\pge9bk.exec:\pge9bk.exe16⤵
- Executes dropped EXE
-
\??\c:\d1rv1.exec:\d1rv1.exe17⤵
- Executes dropped EXE
-
\??\c:\xhplx.exec:\xhplx.exe18⤵
- Executes dropped EXE
-
\??\c:\dj65972.exec:\dj65972.exe19⤵
- Executes dropped EXE
-
\??\c:\r50045d.exec:\r50045d.exe20⤵
- Executes dropped EXE
-
\??\c:\397hp.exec:\397hp.exe21⤵
- Executes dropped EXE
-
\??\c:\qemjp.exec:\qemjp.exe22⤵
- Executes dropped EXE
-
\??\c:\231u3d.exec:\231u3d.exe23⤵
- Executes dropped EXE
-
\??\c:\b2q88h4.exec:\b2q88h4.exe24⤵
- Executes dropped EXE
-
\??\c:\h4wh98i.exec:\h4wh98i.exe25⤵
- Executes dropped EXE
-
\??\c:\l89ip.exec:\l89ip.exe26⤵
- Executes dropped EXE
-
\??\c:\33327.exec:\33327.exe27⤵
- Executes dropped EXE
-
\??\c:\1i5qd78.exec:\1i5qd78.exe28⤵
- Executes dropped EXE
-
\??\c:\232w0n6.exec:\232w0n6.exe29⤵
- Executes dropped EXE
-
\??\c:\q6633l.exec:\q6633l.exe30⤵
- Executes dropped EXE
-
\??\c:\2m8j2.exec:\2m8j2.exe31⤵
-
\??\c:\1du81a.exec:\1du81a.exe32⤵
-
\??\c:\p7mqc0.exec:\p7mqc0.exe33⤵
-
\??\c:\nb5u28.exec:\nb5u28.exe34⤵
-
\??\c:\70mu8.exec:\70mu8.exe35⤵
-
\??\c:\v7emeu.exec:\v7emeu.exe36⤵
-
\??\c:\7cf54k.exec:\7cf54k.exe37⤵
-
\??\c:\l8ppfsa.exec:\l8ppfsa.exe38⤵
-
\??\c:\20kk3t3.exec:\20kk3t3.exe39⤵
-
\??\c:\5xdif.exec:\5xdif.exe40⤵
-
\??\c:\4xq18.exec:\4xq18.exe41⤵
-
\??\c:\8b6m08j.exec:\8b6m08j.exe42⤵
-
\??\c:\19kwp84.exec:\19kwp84.exe43⤵
-
\??\c:\kuvv6e.exec:\kuvv6e.exe44⤵
-
\??\c:\ji50v.exec:\ji50v.exe45⤵
-
\??\c:\6a15dw.exec:\6a15dw.exe46⤵
-
\??\c:\u58fwi.exec:\u58fwi.exe47⤵
-
\??\c:\mxxan1x.exec:\mxxan1x.exe48⤵
-
\??\c:\08pde.exec:\08pde.exe49⤵
-
\??\c:\h3a9uv.exec:\h3a9uv.exe50⤵
-
\??\c:\4tt08f4.exec:\4tt08f4.exe51⤵
-
\??\c:\xufc7.exec:\xufc7.exe52⤵
-
\??\c:\htlxd.exec:\htlxd.exe53⤵
-
\??\c:\nfg8ui.exec:\nfg8ui.exe54⤵
-
\??\c:\og2ga11.exec:\og2ga11.exe55⤵
-
\??\c:\44n689g.exec:\44n689g.exe56⤵
-
\??\c:\59ufj91.exec:\59ufj91.exe57⤵
-
\??\c:\4rsxm9.exec:\4rsxm9.exe58⤵
-
\??\c:\8cc1j.exec:\8cc1j.exe59⤵
-
\??\c:\rdrxo.exec:\rdrxo.exe60⤵
-
\??\c:\vav53d.exec:\vav53d.exe61⤵
-
\??\c:\0g8fv2r.exec:\0g8fv2r.exe62⤵
-
\??\c:\5gmr2a.exec:\5gmr2a.exe63⤵
-
\??\c:\ass35w8.exec:\ass35w8.exe64⤵
-
\??\c:\jp121g2.exec:\jp121g2.exe65⤵
-
\??\c:\vbpar3.exec:\vbpar3.exe66⤵
-
\??\c:\og4as1.exec:\og4as1.exe67⤵
-
\??\c:\61k1f.exec:\61k1f.exe68⤵
-
\??\c:\4832xx.exec:\4832xx.exe69⤵
-
\??\c:\o2jbu6.exec:\o2jbu6.exe70⤵
-
\??\c:\gb53m.exec:\gb53m.exe71⤵
-
\??\c:\02h684.exec:\02h684.exe72⤵
-
\??\c:\172g2t.exec:\172g2t.exe73⤵
-
\??\c:\l3us30.exec:\l3us30.exe74⤵
-
\??\c:\33d69.exec:\33d69.exe75⤵
-
\??\c:\8rlk6.exec:\8rlk6.exe76⤵
-
\??\c:\u593d.exec:\u593d.exe77⤵
-
\??\c:\8ii4173.exec:\8ii4173.exe78⤵
-
\??\c:\l3kke94.exec:\l3kke94.exe79⤵
-
\??\c:\k9t47.exec:\k9t47.exe80⤵
-
\??\c:\i9clw9.exec:\i9clw9.exe81⤵
-
\??\c:\5d3rr.exec:\5d3rr.exe82⤵
-
\??\c:\lp51881.exec:\lp51881.exe83⤵
-
\??\c:\b87jd.exec:\b87jd.exe84⤵
-
\??\c:\7wml95.exec:\7wml95.exe85⤵
-
\??\c:\1b3037.exec:\1b3037.exe86⤵
-
\??\c:\866774.exec:\866774.exe87⤵
-
\??\c:\uip0fw.exec:\uip0fw.exe88⤵
-
\??\c:\27g17vq.exec:\27g17vq.exe89⤵
-
\??\c:\rd1bwr3.exec:\rd1bwr3.exe90⤵
-
\??\c:\7n65co.exec:\7n65co.exe91⤵
-
\??\c:\22sw88.exec:\22sw88.exe92⤵
-
\??\c:\e5w34.exec:\e5w34.exe93⤵
-
\??\c:\b879n.exec:\b879n.exe94⤵
-
\??\c:\54ljw.exec:\54ljw.exe95⤵
-
\??\c:\1277371.exec:\1277371.exe96⤵
-
\??\c:\vmwp9.exec:\vmwp9.exe97⤵
-
\??\c:\9qh847t.exec:\9qh847t.exe98⤵
-
\??\c:\1f18ke1.exec:\1f18ke1.exe99⤵
-
\??\c:\xg30cdk.exec:\xg30cdk.exe100⤵
-
\??\c:\sr7j29b.exec:\sr7j29b.exe101⤵
-
\??\c:\q57xl3.exec:\q57xl3.exe102⤵
-
\??\c:\0l1v6wf.exec:\0l1v6wf.exe103⤵
-
\??\c:\2dnlta.exec:\2dnlta.exe104⤵
-
\??\c:\115q36.exec:\115q36.exe105⤵
-
\??\c:\24jp3.exec:\24jp3.exe106⤵
-
\??\c:\4s94e8.exec:\4s94e8.exe107⤵
-
\??\c:\xshgk7.exec:\xshgk7.exe108⤵
-
\??\c:\sq8j49.exec:\sq8j49.exe109⤵
-
\??\c:\9r085q.exec:\9r085q.exe110⤵
-
\??\c:\77b7lv5.exec:\77b7lv5.exe111⤵
-
\??\c:\22b8x.exec:\22b8x.exe112⤵
-
\??\c:\vs27h.exec:\vs27h.exe113⤵
-
\??\c:\e2h769.exec:\e2h769.exe114⤵
-
\??\c:\d2gc3hh.exec:\d2gc3hh.exe115⤵
-
\??\c:\5cf717.exec:\5cf717.exe116⤵
-
\??\c:\f0m8v.exec:\f0m8v.exe117⤵
-
\??\c:\0k3tvu.exec:\0k3tvu.exe118⤵
-
\??\c:\rj13r.exec:\rj13r.exe119⤵
-
\??\c:\clj373p.exec:\clj373p.exe120⤵
-
\??\c:\wgiw888.exec:\wgiw888.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-