Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
25/12/2023, 23:33
General
-
Target
4382cc5cba3c53b8b7df40f46f3d8927.exe
-
Size
130KB
-
MD5
4382cc5cba3c53b8b7df40f46f3d8927
-
SHA1
ceaea59ba473551752b83db0d74cea575a045805
-
SHA256
e021ea7ae5d899173073b97bbf0ffb60d0ac3e021571585ae4fd5534439f9396
-
SHA512
aeae07c480a6de6b19e3af53d669652e4a395087c5eec43fffc876c1e73eda8f243314a85249f14babf91b8599af0ff2b7fa7f5defb53e9d9a8bea3f60d401bc
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73tvn+Yp9ggGQGGqOOPcJC:n3C9BRo7tvnJ90Gq/0JC
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 33 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 62 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4382cc5cba3c53b8b7df40f46f3d8927.exe"C:\Users\Admin\AppData\Local\Temp\4382cc5cba3c53b8b7df40f46f3d8927.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rvpht.exec:\rvpht.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jlnxjfh.exec:\jlnxjfh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\trnvpv.exec:\trnvpv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jljbnd.exec:\jljbnd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xhrvrh.exec:\xhrvrh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nxnjr.exec:\nxnjr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnnt.exec:\tbnnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrlj.exec:\xxrlj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tdvfdjx.exec:\tdvfdjx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ldfbrp.exec:\ldfbrp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vnvxft.exec:\vnvxft.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lbpprj.exec:\lbpprj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbjvrv.exec:\nbjvrv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vxbvxf.exec:\vxbvxf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\phhdttx.exec:\phhdttx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\npfjbxb.exec:\npfjbxb.exe17⤵
- Executes dropped EXE
-
\??\c:\nbnvl.exec:\nbnvl.exe18⤵
- Executes dropped EXE
-
\??\c:\rvnbh.exec:\rvnbh.exe19⤵
- Executes dropped EXE
-
\??\c:\ljtdf.exec:\ljtdf.exe20⤵
- Executes dropped EXE
-
\??\c:\phtndbx.exec:\phtndbx.exe21⤵
- Executes dropped EXE
-
\??\c:\xnnbdr.exec:\xnnbdr.exe22⤵
- Executes dropped EXE
-
\??\c:\dtxnhft.exec:\dtxnhft.exe23⤵
- Executes dropped EXE
-
\??\c:\rrtpdbl.exec:\rrtpdbl.exe24⤵
- Executes dropped EXE
-
\??\c:\rnljvd.exec:\rnljvd.exe25⤵
- Executes dropped EXE
-
\??\c:\pvtdl.exec:\pvtdl.exe26⤵
- Executes dropped EXE
-
\??\c:\dxdxdx.exec:\dxdxdx.exe27⤵
- Executes dropped EXE
-
\??\c:\rrrtphf.exec:\rrrtphf.exe28⤵
- Executes dropped EXE
-
\??\c:\fxxvxl.exec:\fxxvxl.exe29⤵
- Executes dropped EXE
-
\??\c:\pthdrx.exec:\pthdrx.exe30⤵
- Executes dropped EXE
-
\??\c:\dphprv.exec:\dphprv.exe31⤵
- Executes dropped EXE
-
\??\c:\bjbjl.exec:\bjbjl.exe32⤵
- Executes dropped EXE
-
\??\c:\lptxlfp.exec:\lptxlfp.exe33⤵
- Executes dropped EXE
-
\??\c:\vhjnpf.exec:\vhjnpf.exe34⤵
- Executes dropped EXE
-
\??\c:\vhthh.exec:\vhthh.exe35⤵
- Executes dropped EXE
-
\??\c:\xvpvhd.exec:\xvpvhd.exe36⤵
- Executes dropped EXE
-
\??\c:\ltbntt.exec:\ltbntt.exe37⤵
- Executes dropped EXE
-
\??\c:\pvnvpl.exec:\pvnvpl.exe38⤵
- Executes dropped EXE
-
\??\c:\nhbbxhf.exec:\nhbbxhf.exe39⤵
- Executes dropped EXE
-
\??\c:\xfdnr.exec:\xfdnr.exe40⤵
- Executes dropped EXE
-
\??\c:\bvtnr.exec:\bvtnr.exe41⤵
- Executes dropped EXE
-
\??\c:\hjlfnxl.exec:\hjlfnxl.exe42⤵
- Executes dropped EXE
-
\??\c:\dfdrdx.exec:\dfdrdx.exe43⤵
- Executes dropped EXE
-
\??\c:\ptbtvr.exec:\ptbtvr.exe44⤵
- Executes dropped EXE
-
\??\c:\lvdhr.exec:\lvdhr.exe45⤵
- Executes dropped EXE
-
\??\c:\nrpnrxr.exec:\nrpnrxr.exe46⤵
- Executes dropped EXE
-
\??\c:\nntnvxv.exec:\nntnvxv.exe47⤵
- Executes dropped EXE
-
\??\c:\hrfhh.exec:\hrfhh.exe48⤵
- Executes dropped EXE
-
\??\c:\hxjnfjn.exec:\hxjnfjn.exe49⤵
- Executes dropped EXE
-
\??\c:\pfnjftj.exec:\pfnjftj.exe50⤵
- Executes dropped EXE
-
\??\c:\flnlh.exec:\flnlh.exe51⤵
- Executes dropped EXE
-
\??\c:\nxbbtln.exec:\nxbbtln.exe52⤵
- Executes dropped EXE
-
\??\c:\fpjdtlh.exec:\fpjdtlh.exe53⤵
- Executes dropped EXE
-
\??\c:\rbjjtnp.exec:\rbjjtnp.exe54⤵
- Executes dropped EXE
-
\??\c:\jphvnhd.exec:\jphvnhd.exe55⤵
- Executes dropped EXE
-
\??\c:\lbdpph.exec:\lbdpph.exe56⤵
- Executes dropped EXE
-
\??\c:\vhjxpr.exec:\vhjxpr.exe57⤵
- Executes dropped EXE
-
\??\c:\hthtbhv.exec:\hthtbhv.exe58⤵
- Executes dropped EXE
-
\??\c:\dtlrd.exec:\dtlrd.exe59⤵
- Executes dropped EXE
-
\??\c:\ptlnf.exec:\ptlnf.exe60⤵
- Executes dropped EXE
-
\??\c:\nprbfdn.exec:\nprbfdn.exe61⤵
- Executes dropped EXE
-
\??\c:\fhxrxpr.exec:\fhxrxpr.exe62⤵
- Executes dropped EXE
-
\??\c:\tjrbxbl.exec:\tjrbxbl.exe63⤵
- Executes dropped EXE
-
\??\c:\htdpnv.exec:\htdpnv.exe64⤵
- Executes dropped EXE
-
\??\c:\bhjntj.exec:\bhjntj.exe65⤵
- Executes dropped EXE
-
\??\c:\jxrrxr.exec:\jxrrxr.exe66⤵
-
\??\c:\ppnvvlv.exec:\ppnvvlv.exe67⤵
-
\??\c:\bnhdjx.exec:\bnhdjx.exe68⤵
-
\??\c:\tpflbd.exec:\tpflbd.exe69⤵
-
\??\c:\lbtrb.exec:\lbtrb.exe70⤵
-
\??\c:\pdtdf.exec:\pdtdf.exe71⤵
-
\??\c:\djlbd.exec:\djlbd.exe72⤵
-
\??\c:\nlflx.exec:\nlflx.exe73⤵
-
\??\c:\hlbpxp.exec:\hlbpxp.exe74⤵
-
\??\c:\lppdp.exec:\lppdp.exe75⤵
-
\??\c:\bnhnp.exec:\bnhnp.exe76⤵
-
\??\c:\pftxrpl.exec:\pftxrpl.exe77⤵
-
\??\c:\dfblvxx.exec:\dfblvxx.exe78⤵
-
\??\c:\htdnr.exec:\htdnr.exe79⤵
-
\??\c:\xvvdh.exec:\xvvdh.exe80⤵
-
\??\c:\hvxtl.exec:\hvxtl.exe81⤵
-
\??\c:\pnhxnx.exec:\pnhxnx.exe82⤵
-
\??\c:\ppxxtff.exec:\ppxxtff.exe83⤵
-
\??\c:\jxrfxr.exec:\jxrfxr.exe84⤵
-
\??\c:\rtlhd.exec:\rtlhd.exe85⤵
-
\??\c:\xlrjv.exec:\xlrjv.exe86⤵
-
\??\c:\lpjtvx.exec:\lpjtvx.exe87⤵
-
\??\c:\hjrpr.exec:\hjrpr.exe88⤵
-
\??\c:\rbrtbp.exec:\rbrtbp.exe89⤵
-
\??\c:\dlrprrd.exec:\dlrprrd.exe90⤵
-
\??\c:\ljrfnlf.exec:\ljrfnlf.exe91⤵
-
\??\c:\fhvlpxv.exec:\fhvlpxv.exe92⤵
-
\??\c:\fjjdd.exec:\fjjdd.exe93⤵
-
\??\c:\dxbrp.exec:\dxbrp.exe94⤵
-
\??\c:\rnxnddh.exec:\rnxnddh.exe95⤵
-
\??\c:\drhlfrh.exec:\drhlfrh.exe96⤵
-
\??\c:\rdlff.exec:\rdlff.exe97⤵
-
\??\c:\fvbphhp.exec:\fvbphhp.exe98⤵
-
\??\c:\rhjlrd.exec:\rhjlrd.exe99⤵
-
\??\c:\prdpvjf.exec:\prdpvjf.exe100⤵
-
\??\c:\hhpfhjh.exec:\hhpfhjh.exe101⤵
-
\??\c:\nbnxr.exec:\nbnxr.exe102⤵
-
\??\c:\nvlvpn.exec:\nvlvpn.exe103⤵
-
\??\c:\nxbxh.exec:\nxbxh.exe104⤵
-
\??\c:\vrbvxf.exec:\vrbvxf.exe105⤵
-
\??\c:\hthbjtj.exec:\hthbjtj.exe106⤵
-
\??\c:\rrbpb.exec:\rrbpb.exe107⤵
-
\??\c:\pdnljln.exec:\pdnljln.exe108⤵
-
\??\c:\pvlhbnn.exec:\pvlhbnn.exe109⤵
-
\??\c:\nnbhvpn.exec:\nnbhvpn.exe110⤵
-
\??\c:\hdvjdrf.exec:\hdvjdrf.exe111⤵
-
\??\c:\npdxphh.exec:\npdxphh.exe112⤵
-
\??\c:\vplrt.exec:\vplrt.exe113⤵
-
\??\c:\lxfhd.exec:\lxfhd.exe114⤵
-
\??\c:\pxjxnx.exec:\pxjxnx.exe115⤵
-
\??\c:\vnrhjr.exec:\vnrhjr.exe116⤵
-
\??\c:\dxtlrlj.exec:\dxtlrlj.exe117⤵
-
\??\c:\dtjlnvl.exec:\dtjlnvl.exe118⤵
-
\??\c:\htdrn.exec:\htdrn.exe119⤵
-
\??\c:\xxbhfn.exec:\xxbhfn.exe120⤵
-
\??\c:\ljhxxj.exec:\ljhxxj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-