Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
19/12/2023, 12:29
General
-
Target
2263240a6f2466525df127c0ed2bc58f.exe
-
Size
240KB
-
MD5
2263240a6f2466525df127c0ed2bc58f
-
SHA1
680affe42065601959965aa13eb8615a50fa973f
-
SHA256
990f4dd9408f59104a9a2a296f058c9471967155ee9cc94544cd87e3d2669c99
-
SHA512
8e6369457739dec263fee203279452dc194a5a1bc4d19bcf09d4c0ebb4a65ba4f8180080866b09b5e96e4724047423f3a9bc2a038c074122731e4d4cff604285
-
SSDEEP
6144:n3C9BRo7tvnJ9oEz2Eu9XgcVyDOoZU0wG:n3C9ytvnV2NQAo20wG
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 32 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 59 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2263240a6f2466525df127c0ed2bc58f.exe"C:\Users\Admin\AppData\Local\Temp\2263240a6f2466525df127c0ed2bc58f.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1jddp.exec:\1jddp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvjp.exec:\jdvjp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfflllx.exec:\lfflllx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvd.exec:\jdpvd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnnn.exec:\bntnnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdj.exec:\pjvdj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbbn.exec:\nhhbbn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdppv.exec:\pdppv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7thnnb.exec:\7thnnb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lxrlfl.exec:\5lxrlfl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpvv.exec:\pdpvv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrllff.exec:\xrrllff.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vpjv.exec:\7vpjv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfxrr.exec:\rllfxrr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjvp.exec:\pvjvp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nnhnb.exec:\9nnhnb.exe17⤵
- Executes dropped EXE
-
\??\c:\5pdvv.exec:\5pdvv.exe18⤵
- Executes dropped EXE
-
\??\c:\httnbt.exec:\httnbt.exe19⤵
- Executes dropped EXE
-
\??\c:\7vddv.exec:\7vddv.exe20⤵
- Executes dropped EXE
-
\??\c:\3bthbb.exec:\3bthbb.exe21⤵
- Executes dropped EXE
-
\??\c:\7rffrrx.exec:\7rffrrx.exe22⤵
- Executes dropped EXE
-
\??\c:\pjjpj.exec:\pjjpj.exe23⤵
- Executes dropped EXE
-
\??\c:\7rrrrrx.exec:\7rrrrrx.exe24⤵
- Executes dropped EXE
-
\??\c:\dpddv.exec:\dpddv.exe25⤵
- Executes dropped EXE
-
\??\c:\xlrlrll.exec:\xlrlrll.exe26⤵
- Executes dropped EXE
-
\??\c:\dpddj.exec:\dpddj.exe27⤵
- Executes dropped EXE
-
\??\c:\thhhhh.exec:\thhhhh.exe28⤵
- Executes dropped EXE
-
\??\c:\lfflrlr.exec:\lfflrlr.exe29⤵
- Executes dropped EXE
-
\??\c:\5vjvp.exec:\5vjvp.exe30⤵
- Executes dropped EXE
-
\??\c:\lfrrxxl.exec:\lfrrxxl.exe31⤵
- Executes dropped EXE
-
\??\c:\1ddpv.exec:\1ddpv.exe32⤵
- Executes dropped EXE
-
\??\c:\tnbbht.exec:\tnbbht.exe33⤵
- Executes dropped EXE
-
\??\c:\rflrffl.exec:\rflrffl.exe34⤵
- Executes dropped EXE
-
\??\c:\3tbbhh.exec:\3tbbhh.exe35⤵
- Executes dropped EXE
-
\??\c:\ddpdj.exec:\ddpdj.exe36⤵
- Executes dropped EXE
-
\??\c:\tnhthh.exec:\tnhthh.exe37⤵
- Executes dropped EXE
-
\??\c:\pdpvj.exec:\pdpvj.exe38⤵
- Executes dropped EXE
-
\??\c:\bnhbbb.exec:\bnhbbb.exe39⤵
- Executes dropped EXE
-
\??\c:\9jvvv.exec:\9jvvv.exe40⤵
- Executes dropped EXE
-
\??\c:\tthntb.exec:\tthntb.exe41⤵
- Executes dropped EXE
-
\??\c:\7pvpj.exec:\7pvpj.exe42⤵
- Executes dropped EXE
-
\??\c:\bthntb.exec:\bthntb.exe43⤵
- Executes dropped EXE
-
\??\c:\lxflxxf.exec:\lxflxxf.exe44⤵
- Executes dropped EXE
-
\??\c:\9tnntt.exec:\9tnntt.exe45⤵
- Executes dropped EXE
-
\??\c:\3lxflrl.exec:\3lxflrl.exe46⤵
- Executes dropped EXE
-
\??\c:\xxlrllr.exec:\xxlrllr.exe47⤵
- Executes dropped EXE
-
\??\c:\pjjjv.exec:\pjjjv.exe48⤵
- Executes dropped EXE
-
\??\c:\3hhtth.exec:\3hhtth.exe49⤵
- Executes dropped EXE
-
\??\c:\xxxrflr.exec:\xxxrflr.exe50⤵
- Executes dropped EXE
-
\??\c:\nnhnnt.exec:\nnhnnt.exe51⤵
- Executes dropped EXE
-
\??\c:\9fffllf.exec:\9fffllf.exe52⤵
- Executes dropped EXE
-
\??\c:\tntbhh.exec:\tntbhh.exe53⤵
- Executes dropped EXE
-
\??\c:\7rllrlr.exec:\7rllrlr.exe54⤵
- Executes dropped EXE
-
\??\c:\bnttbb.exec:\bnttbb.exe55⤵
- Executes dropped EXE
-
\??\c:\5djjv.exec:\5djjv.exe56⤵
- Executes dropped EXE
-
\??\c:\xrlrxxf.exec:\xrlrxxf.exe57⤵
- Executes dropped EXE
-
\??\c:\9bnnnn.exec:\9bnnnn.exe58⤵
- Executes dropped EXE
-
\??\c:\3rllrlx.exec:\3rllrlx.exe59⤵
- Executes dropped EXE
-
\??\c:\9hhhnh.exec:\9hhhnh.exe60⤵
- Executes dropped EXE
-
\??\c:\rlrrxxf.exec:\rlrrxxf.exe61⤵
- Executes dropped EXE
-
\??\c:\bnbttt.exec:\bnbttt.exe62⤵
- Executes dropped EXE
-
\??\c:\rlxfflr.exec:\rlxfflr.exe63⤵
- Executes dropped EXE
-
\??\c:\1hnnnn.exec:\1hnnnn.exe64⤵
- Executes dropped EXE
-
\??\c:\btbhbn.exec:\btbhbn.exe65⤵
- Executes dropped EXE
-
\??\c:\frxllff.exec:\frxllff.exe66⤵
-
\??\c:\pvvjd.exec:\pvvjd.exe67⤵
-
\??\c:\xlrxffr.exec:\xlrxffr.exe68⤵
-
\??\c:\nbhhtb.exec:\nbhhtb.exe69⤵
-
\??\c:\xrflrlr.exec:\xrflrlr.exe70⤵
-
\??\c:\nbnnnn.exec:\nbnnnn.exe71⤵
-
\??\c:\lflflrf.exec:\lflflrf.exe72⤵
-
\??\c:\hbnbhb.exec:\hbnbhb.exe73⤵
-
\??\c:\7llllrx.exec:\7llllrx.exe74⤵
-
\??\c:\9bnnbb.exec:\9bnnbb.exe75⤵
-
\??\c:\3frrxrx.exec:\3frrxrx.exe76⤵
-
\??\c:\7hhnhn.exec:\7hhnhn.exe77⤵
-
\??\c:\lfxxlff.exec:\lfxxlff.exe78⤵
-
\??\c:\nhbbth.exec:\nhbbth.exe79⤵
-
\??\c:\jvdpj.exec:\jvdpj.exe80⤵
-
\??\c:\hbnntb.exec:\hbnntb.exe81⤵
-
\??\c:\djjjp.exec:\djjjp.exe82⤵
-
\??\c:\rfrxllr.exec:\rfrxllr.exe83⤵
-
\??\c:\1djvd.exec:\1djvd.exe84⤵
-
\??\c:\btbntb.exec:\btbntb.exe85⤵
-
\??\c:\pdpvj.exec:\pdpvj.exe86⤵
-
\??\c:\frfxfxf.exec:\frfxfxf.exe87⤵
-
\??\c:\djdvd.exec:\djdvd.exe88⤵
-
\??\c:\9nbbbt.exec:\9nbbbt.exe89⤵
-
\??\c:\jvpdv.exec:\jvpdv.exe90⤵
-
\??\c:\nbhbhb.exec:\nbhbhb.exe91⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe92⤵
-
\??\c:\thtthn.exec:\thtthn.exe93⤵
-
\??\c:\9ddjd.exec:\9ddjd.exe94⤵
-
\??\c:\xrffllr.exec:\xrffllr.exe95⤵
-
\??\c:\5bbbtb.exec:\5bbbtb.exe96⤵
-
\??\c:\3vjjj.exec:\3vjjj.exe97⤵
-
\??\c:\7rxllll.exec:\7rxllll.exe98⤵
-
\??\c:\jdpdj.exec:\jdpdj.exe99⤵
-
\??\c:\9rllrxf.exec:\9rllrxf.exe100⤵
-
\??\c:\pdddj.exec:\pdddj.exe101⤵
-
\??\c:\rffflrx.exec:\rffflrx.exe102⤵
-
\??\c:\9nhbhh.exec:\9nhbhh.exe103⤵
-
\??\c:\lflxffr.exec:\lflxffr.exe104⤵
-
\??\c:\nhnbnt.exec:\nhnbnt.exe105⤵
-
\??\c:\xrxrxrx.exec:\xrxrxrx.exe106⤵
-
\??\c:\nbbttt.exec:\nbbttt.exe107⤵
-
\??\c:\rlxxfff.exec:\rlxxfff.exe108⤵
-
\??\c:\1hnntt.exec:\1hnntt.exe109⤵
-
\??\c:\dvvpv.exec:\dvvpv.exe110⤵
-
\??\c:\9xxrrrf.exec:\9xxrrrf.exe111⤵
-
\??\c:\ppdjj.exec:\ppdjj.exe112⤵
-
\??\c:\fxfllxr.exec:\fxfllxr.exe113⤵
-
\??\c:\pvppv.exec:\pvppv.exe114⤵
-
\??\c:\xrxrrrx.exec:\xrxrrrx.exe115⤵
-
\??\c:\9nntbh.exec:\9nntbh.exe116⤵
-
\??\c:\xrlrxxf.exec:\xrlrxxf.exe117⤵
-
\??\c:\5hhnhn.exec:\5hhnhn.exe118⤵
-
\??\c:\xlxxxxf.exec:\xlxxxxf.exe119⤵
-
\??\c:\hbnhhh.exec:\hbnhhh.exe120⤵
-
\??\c:\3ddjj.exec:\3ddjj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-