Analysis
-
max time kernel
100s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
-
submitted
15-10-2023 19:40
Errors
Reason
Machine shutdown
General
-
Target
81b2f02b654b9a429a052e3566432420_exe32.exe
-
Size
109KB
-
MD5
81b2f02b654b9a429a052e3566432420
-
SHA1
68db8751f9b50a208ff2e4f9b76e63a5fba3fedf
-
SHA256
4e18614f43d1223d852f914b847a3b826801f07e3c6fc3cb77ac816d9ba023f2
-
SHA512
04126f47df78fae81c7fa40cc3a6d46a5b7d6014eb968d9d419303e1e37b97b51afdbda1c94a32f9e8c0e36429795bec57d141a3df19a38511d0ffec82cfe3dd
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIJUeDZos5ZNOEX64C:ymb3NkkiQ3mdBjFI6ix5ZNOENC
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 31 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 63 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\81b2f02b654b9a429a052e3566432420_exe32.exe"C:\Users\Admin\AppData\Local\Temp\81b2f02b654b9a429a052e3566432420_exe32.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hlbljx.exec:\hlbljx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ltjjnv.exec:\ltjjnv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thvvjjj.exec:\thvvjjj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntxpl.exec:\nntxpl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhpfvl.exec:\hhpfvl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thjljbx.exec:\thjljbx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbjnl.exec:\hbjnl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pfdrprl.exec:\pfdrprl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vtvrlnb.exec:\vtvrlnb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
-
\??\c:\npfjlj.exec:\npfjlj.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xvflfrh.exec:\xvflfrh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttxffr.exec:\ttxffr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
\??\c:\ntbpdxn.exec:\ntbpdxn.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hvhphr.exec:\hvhphr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttvdhv.exec:\ttvdhv.exe3⤵
- Executes dropped EXE
-
\??\c:\hrtjn.exec:\hrtjn.exe4⤵
- Executes dropped EXE
-
\??\c:\bdnhjnv.exec:\bdnhjnv.exe5⤵
- Executes dropped EXE
-
\??\c:\nvrbxd.exec:\nvrbxd.exe6⤵
- Executes dropped EXE
-
\??\c:\pbdjnlp.exec:\pbdjnlp.exe7⤵
- Executes dropped EXE
-
\??\c:\nbljhfb.exec:\nbljhfb.exe8⤵
- Executes dropped EXE
-
\??\c:\jjlxrpd.exec:\jjlxrpd.exe9⤵
- Executes dropped EXE
-
\??\c:\jbpjtr.exec:\jbpjtr.exe10⤵
- Executes dropped EXE
-
\??\c:\jvfbntb.exec:\jvfbntb.exe11⤵
- Executes dropped EXE
-
\??\c:\lrvrf.exec:\lrvrf.exe12⤵
- Executes dropped EXE
-
\??\c:\tbxfbdd.exec:\tbxfbdd.exe13⤵
- Executes dropped EXE
-
\??\c:\hxtvt.exec:\hxtvt.exe14⤵
- Executes dropped EXE
-
\??\c:\dxxfnvn.exec:\dxxfnvn.exe15⤵
- Executes dropped EXE
-
\??\c:\vnfrtlr.exec:\vnfrtlr.exe16⤵
- Executes dropped EXE
-
\??\c:\vvbrftv.exec:\vvbrftv.exe17⤵
- Executes dropped EXE
-
\??\c:\bbdttd.exec:\bbdttd.exe18⤵
- Executes dropped EXE
-
\??\c:\vfjnrld.exec:\vfjnrld.exe19⤵
- Executes dropped EXE
-
\??\c:\pddtxl.exec:\pddtxl.exe20⤵
- Executes dropped EXE
-
\??\c:\xbdtbb.exec:\xbdtbb.exe21⤵
- Executes dropped EXE
-
\??\c:\ffbdd.exec:\ffbdd.exe22⤵
- Executes dropped EXE
-
\??\c:\fbtxddd.exec:\fbtxddd.exe23⤵
- Executes dropped EXE
-
\??\c:\hlllfd.exec:\hlllfd.exe24⤵
- Executes dropped EXE
-
\??\c:\fnffxl.exec:\fnffxl.exe25⤵
- Executes dropped EXE
-
\??\c:\lhvjh.exec:\lhvjh.exe26⤵
- Executes dropped EXE
-
\??\c:\lvfrv.exec:\lvfrv.exe27⤵
- Executes dropped EXE
-
\??\c:\bdlnvh.exec:\bdlnvh.exe28⤵
- Executes dropped EXE
-
\??\c:\vrdtl.exec:\vrdtl.exe29⤵
- Executes dropped EXE
-
\??\c:\xvlvlp.exec:\xvlvlp.exe30⤵
- Executes dropped EXE
-
\??\c:\lhhvb.exec:\lhhvb.exe31⤵
- Executes dropped EXE
-
\??\c:\plvhdd.exec:\plvhdd.exe32⤵
- Executes dropped EXE
-
\??\c:\vbdrffp.exec:\vbdrffp.exe33⤵
- Executes dropped EXE
-
\??\c:\jttrvb.exec:\jttrvb.exe34⤵
- Executes dropped EXE
-
\??\c:\xdrrnv.exec:\xdrrnv.exe35⤵
- Executes dropped EXE
-
\??\c:\bdxtdlf.exec:\bdxtdlf.exe36⤵
- Executes dropped EXE
-
\??\c:\fxfnlt.exec:\fxfnlt.exe37⤵
- Executes dropped EXE
-
\??\c:\ppbtlb.exec:\ppbtlb.exe38⤵
- Executes dropped EXE
-
\??\c:\tbtpplf.exec:\tbtpplf.exe39⤵
- Executes dropped EXE
-
\??\c:\jxnrbd.exec:\jxnrbd.exe40⤵
- Executes dropped EXE
-
\??\c:\pnvvrlx.exec:\pnvvrlx.exe41⤵
- Executes dropped EXE
-
\??\c:\frvnj.exec:\frvnj.exe42⤵
- Executes dropped EXE
-
\??\c:\xvtvbht.exec:\xvtvbht.exe43⤵
- Executes dropped EXE
-
\??\c:\lvrldf.exec:\lvrldf.exe44⤵
- Executes dropped EXE
-
\??\c:\vbdnfr.exec:\vbdnfr.exe45⤵
- Executes dropped EXE
-
\??\c:\tfnxv.exec:\tfnxv.exe46⤵
- Executes dropped EXE
-
\??\c:\bfjtbbp.exec:\bfjtbbp.exe47⤵
- Executes dropped EXE
-
\??\c:\rlltlv.exec:\rlltlv.exe48⤵
- Executes dropped EXE
-
\??\c:\djfrvfh.exec:\djfrvfh.exe49⤵
- Executes dropped EXE
-
\??\c:\phpvpf.exec:\phpvpf.exe50⤵
- Executes dropped EXE
-
\??\c:\xfjjb.exec:\xfjjb.exe51⤵
- Executes dropped EXE
-
\??\c:\vdfrbr.exec:\vdfrbr.exe52⤵
-
\??\c:\ltbblxj.exec:\ltbblxj.exe53⤵
-
\??\c:\bxvpv.exec:\bxvpv.exe54⤵
-
\??\c:\dhjtfjl.exec:\dhjtfjl.exe55⤵
-
\??\c:\tljtdl.exec:\tljtdl.exe56⤵
-
\??\c:\tpdbdl.exec:\tpdbdl.exe57⤵
-
\??\c:\hjttrp.exec:\hjttrp.exe58⤵
-
\??\c:\jjtrbn.exec:\jjtrbn.exe59⤵
-
\??\c:\tbhxb.exec:\tbhxb.exe60⤵
-
\??\c:\tdjrx.exec:\tdjrx.exe61⤵
-
\??\c:\bfnprb.exec:\bfnprb.exe62⤵
-
\??\c:\htbfjvn.exec:\htbfjvn.exe63⤵
-
\??\c:\nvnvrpn.exec:\nvnvrpn.exe64⤵
-
\??\c:\bnxhxjn.exec:\bnxhxjn.exe65⤵
-
\??\c:\lfnxf.exec:\lfnxf.exe66⤵
-
\??\c:\njfxn.exec:\njfxn.exe67⤵
-
\??\c:\nlnlb.exec:\nlnlb.exe68⤵
-
\??\c:\pvvlftd.exec:\pvvlftd.exe69⤵
-
\??\c:\tvbplp.exec:\tvbplp.exe70⤵
-
\??\c:\xntntdh.exec:\xntntdh.exe71⤵
-
\??\c:\hnrbrl.exec:\hnrbrl.exe72⤵
-
\??\c:\pxlld.exec:\pxlld.exe73⤵
-
\??\c:\jnljf.exec:\jnljf.exe74⤵
-
\??\c:\vbddjft.exec:\vbddjft.exe75⤵
-
\??\c:\jffptbd.exec:\jffptbd.exe76⤵
-
\??\c:\tljbnpv.exec:\tljbnpv.exe77⤵
-
\??\c:\ttnpv.exec:\ttnpv.exe78⤵
-
\??\c:\dldnn.exec:\dldnn.exe79⤵
-
\??\c:\rvvrlt.exec:\rvvrlt.exe80⤵
-
\??\c:\fvjvnjt.exec:\fvjvnjt.exe81⤵
-
\??\c:\dpvbfr.exec:\dpvbfr.exe82⤵
-
\??\c:\xndnxld.exec:\xndnxld.exe83⤵
-
\??\c:\pvbbhj.exec:\pvbbhj.exe84⤵
-
\??\c:\jxpfnr.exec:\jxpfnr.exe85⤵
-
\??\c:\bbjvx.exec:\bbjvx.exe86⤵
-
\??\c:\fflbrjr.exec:\fflbrjr.exe87⤵
-
\??\c:\hjllj.exec:\hjllj.exe88⤵
-
\??\c:\llnvp.exec:\llnvp.exe89⤵
-
\??\c:\bvhffnb.exec:\bvhffnb.exe90⤵
-
\??\c:\jfjnnf.exec:\jfjnnf.exe91⤵
-
\??\c:\jjbljvj.exec:\jjbljvj.exe92⤵
-
\??\c:\xflnbd.exec:\xflnbd.exe93⤵
-
\??\c:\jrxjlv.exec:\jrxjlv.exe94⤵
-
\??\c:\dntbbx.exec:\dntbbx.exe95⤵
-
\??\c:\xxtbbrr.exec:\xxtbbrr.exe96⤵
-
\??\c:\dlfdtv.exec:\dlfdtv.exe97⤵
-
\??\c:\rfpvbr.exec:\rfpvbr.exe98⤵
-
\??\c:\hnvnjfl.exec:\hnvnjfl.exe99⤵
-
\??\c:\pjnrjb.exec:\pjnrjb.exe100⤵
-
\??\c:\jlbrhrj.exec:\jlbrhrj.exe101⤵
-
\??\c:\xrfdf.exec:\xrfdf.exe102⤵
-
\??\c:\jjhdpvr.exec:\jjhdpvr.exe103⤵
-
\??\c:\ljhptv.exec:\ljhptv.exe104⤵
-
\??\c:\jvprhfn.exec:\jvprhfn.exe105⤵
-
\??\c:\dvbtdpn.exec:\dvbtdpn.exe106⤵
-
\??\c:\nrbvnxx.exec:\nrbvnxx.exe107⤵
-
\??\c:\drrvf.exec:\drrvf.exe108⤵
-
\??\c:\vvtnlvb.exec:\vvtnlvb.exe109⤵
-
\??\c:\nlfbt.exec:\nlfbt.exe110⤵
-
\??\c:\drhrrj.exec:\drhrrj.exe111⤵
-
\??\c:\frjpr.exec:\frjpr.exe112⤵
-
\??\c:\pdxxjtl.exec:\pdxxjtl.exe113⤵
-
\??\c:\plldnv.exec:\plldnv.exe114⤵
-
\??\c:\pplrt.exec:\pplrt.exe115⤵
-
\??\c:\fdlvffr.exec:\fdlvffr.exe116⤵
-
\??\c:\trvfvp.exec:\trvfvp.exe117⤵
-
\??\c:\fjnlrp.exec:\fjnlrp.exe118⤵
-
\??\c:\flljjv.exec:\flljjv.exe119⤵
-
\??\c:\flvxrt.exec:\flvxrt.exe120⤵
-
\??\c:\drrxfn.exec:\drrxfn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-