Analysis
-
max time kernel
150s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
02/02/2024, 05:20
General
-
Target
88a871d4b447bb4d89dfebefb227e844.exe
-
Size
108KB
-
MD5
88a871d4b447bb4d89dfebefb227e844
-
SHA1
091d23777a3dec688806adcd7adb85b9bbeb1296
-
SHA256
5d5c7ae429a9d3f0e4eb10fbf1af2c7ebbe2e88b776f517d9547e5ebb2d993da
-
SHA512
1005198dae08f75c3cd7f1f1d3bba980f439499775bbdb3cc20020701a06eece9c5348ce40af941885c0264659955a67a784f3919a45b0f534617a09d3ca5dd2
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73tvn+Yp9ggGQEUIEP:n3C9BRo7tvnJ9iUIA
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 40 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 46 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\88a871d4b447bb4d89dfebefb227e844.exe"C:\Users\Admin\AppData\Local\Temp\88a871d4b447bb4d89dfebefb227e844.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjjp.exec:\pvjjp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
\??\c:\vpdpd.exec:\vpdpd.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhhtb.exec:\nnhhtb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
\??\c:\5thbnh.exec:\5thbnh.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfrllf.exec:\xlfrllf.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbthbn.exec:\hbthbn.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlffr.exec:\fxrlffr.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjj.exec:\pjpjj.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflflfr.exec:\fflflfr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdvd.exec:\vjdvd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxlxrl.exec:\xfxlxrl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hnhtn.exec:\1hnhtn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hhhhb.exec:\7hhhhb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdddd.exec:\pdddd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxrrfx.exec:\lfxrrfx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjpp.exec:\jvjpp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfrlxl.exec:\xlfrlxl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfxrl.exec:\xllfxrl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbttn.exec:\tnbttn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbntn.exec:\tnbntn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfxxr.exec:\xllfxxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjpp.exec:\jpjpp.exe15⤵
- Executes dropped EXE
-
\??\c:\nthtth.exec:\nthtth.exe16⤵
- Executes dropped EXE
-
\??\c:\dppjp.exec:\dppjp.exe17⤵
- Executes dropped EXE
-
\??\c:\1nnhth.exec:\1nnhth.exe18⤵
- Executes dropped EXE
-
\??\c:\lfxlrll.exec:\lfxlrll.exe19⤵
- Executes dropped EXE
-
\??\c:\nbtbbt.exec:\nbtbbt.exe20⤵
- Executes dropped EXE
-
\??\c:\5lxlffr.exec:\5lxlffr.exe21⤵
- Executes dropped EXE
-
\??\c:\hbhbhb.exec:\hbhbhb.exe22⤵
- Executes dropped EXE
-
\??\c:\lrrrfxl.exec:\lrrrfxl.exe23⤵
- Executes dropped EXE
-
\??\c:\htnhtn.exec:\htnhtn.exe24⤵
- Executes dropped EXE
-
\??\c:\xxrlfxr.exec:\xxrlfxr.exe25⤵
- Executes dropped EXE
-
\??\c:\jddjv.exec:\jddjv.exe26⤵
- Executes dropped EXE
-
\??\c:\lrffxff.exec:\lrffxff.exe27⤵
- Executes dropped EXE
-
\??\c:\lflffff.exec:\lflffff.exe28⤵
- Executes dropped EXE
-
\??\c:\3ddpj.exec:\3ddpj.exe29⤵
- Executes dropped EXE
-
\??\c:\nbthtn.exec:\nbthtn.exe30⤵
- Executes dropped EXE
-
\??\c:\vpjvj.exec:\vpjvj.exe31⤵
- Executes dropped EXE
-
\??\c:\hnnbtt.exec:\hnnbtt.exe32⤵
- Executes dropped EXE
-
\??\c:\9vjjv.exec:\9vjjv.exe33⤵
- Executes dropped EXE
-
\??\c:\7bhtbb.exec:\7bhtbb.exe34⤵
- Executes dropped EXE
-
\??\c:\dpjvd.exec:\dpjvd.exe35⤵
- Executes dropped EXE
-
\??\c:\hhhnhn.exec:\hhhnhn.exe36⤵
- Executes dropped EXE
-
\??\c:\jppvp.exec:\jppvp.exe37⤵
- Executes dropped EXE
-
\??\c:\lllfrlx.exec:\lllfrlx.exe38⤵
- Executes dropped EXE
-
\??\c:\ppddv.exec:\ppddv.exe39⤵
- Executes dropped EXE
-
\??\c:\rfxxxxf.exec:\rfxxxxf.exe40⤵
- Executes dropped EXE
-
\??\c:\ntnbtn.exec:\ntnbtn.exe41⤵
- Executes dropped EXE
-
\??\c:\dvvpv.exec:\dvvpv.exe42⤵
- Executes dropped EXE
-
\??\c:\fxrlfxx.exec:\fxrlfxx.exe43⤵
- Executes dropped EXE
-
\??\c:\jvvpv.exec:\jvvpv.exe44⤵
- Executes dropped EXE
-
\??\c:\rxrlxxr.exec:\rxrlxxr.exe45⤵
- Executes dropped EXE
-
\??\c:\bntttt.exec:\bntttt.exe46⤵
- Executes dropped EXE
-
\??\c:\dvpdp.exec:\dvpdp.exe47⤵
- Executes dropped EXE
-
\??\c:\hhhbnn.exec:\hhhbnn.exe48⤵
- Executes dropped EXE
-
\??\c:\lfxrfxf.exec:\lfxrfxf.exe49⤵
- Executes dropped EXE
-
\??\c:\lrlfxxl.exec:\lrlfxxl.exe50⤵
- Executes dropped EXE
-
\??\c:\vjvjd.exec:\vjvjd.exe51⤵
- Executes dropped EXE
-
\??\c:\lfrfllr.exec:\lfrfllr.exe52⤵
- Executes dropped EXE
-
\??\c:\hbbthb.exec:\hbbthb.exe53⤵
- Executes dropped EXE
-
\??\c:\pdppj.exec:\pdppj.exe54⤵
- Executes dropped EXE
-
\??\c:\ntbnhb.exec:\ntbnhb.exe55⤵
- Executes dropped EXE
-
\??\c:\xfxrfrf.exec:\xfxrfrf.exe56⤵
- Executes dropped EXE
-
\??\c:\9djdd.exec:\9djdd.exe57⤵
- Executes dropped EXE
-
\??\c:\xrxxrrl.exec:\xrxxrrl.exe58⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe59⤵
-
\??\c:\djvjv.exec:\djvjv.exe60⤵
-
\??\c:\xfffxrl.exec:\xfffxrl.exe61⤵
-
\??\c:\tbtthh.exec:\tbtthh.exe62⤵
-
\??\c:\1vvpj.exec:\1vvpj.exe63⤵
-
\??\c:\9flxlfx.exec:\9flxlfx.exe64⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe65⤵
-
\??\c:\lfxrxxf.exec:\lfxrxxf.exe66⤵
-
\??\c:\nbtnhb.exec:\nbtnhb.exe67⤵
-
\??\c:\3rlfxxl.exec:\3rlfxxl.exe68⤵
-
\??\c:\nbtnhb.exec:\nbtnhb.exe69⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe70⤵
-
\??\c:\bhnhtn.exec:\bhnhtn.exe71⤵
-
\??\c:\ppjpj.exec:\ppjpj.exe72⤵
-
\??\c:\lrxlrlf.exec:\lrxlrlf.exe73⤵
-
\??\c:\tntbbb.exec:\tntbbb.exe74⤵
-
\??\c:\rfxxxrr.exec:\rfxxxrr.exe75⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe76⤵
-
\??\c:\ffffxxx.exec:\ffffxxx.exe77⤵
-
\??\c:\9jdvj.exec:\9jdvj.exe78⤵
-
\??\c:\ttnhnb.exec:\ttnhnb.exe79⤵
-
\??\c:\xxfxrxr.exec:\xxfxrxr.exe80⤵
-
\??\c:\nttttt.exec:\nttttt.exe81⤵
-
\??\c:\3ttnhb.exec:\3ttnhb.exe82⤵
-
\??\c:\dpjdv.exec:\dpjdv.exe83⤵
-
\??\c:\ntntnh.exec:\ntntnh.exe84⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe85⤵
-
\??\c:\flfxrlf.exec:\flfxrlf.exe86⤵
-
\??\c:\1jdvp.exec:\1jdvp.exe87⤵
-
\??\c:\5lfrffr.exec:\5lfrffr.exe88⤵
-
\??\c:\tnbbnh.exec:\tnbbnh.exe89⤵
-
\??\c:\rlrfxrf.exec:\rlrfxrf.exe90⤵
-
\??\c:\htnhbt.exec:\htnhbt.exe91⤵
-
\??\c:\7vvjv.exec:\7vvjv.exe92⤵
-
\??\c:\rfllffr.exec:\rfllffr.exe93⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe94⤵
-
\??\c:\5rxxlff.exec:\5rxxlff.exe95⤵
-
\??\c:\jjpdp.exec:\jjpdp.exe96⤵
-
\??\c:\hnhthb.exec:\hnhthb.exe97⤵
-
\??\c:\bnbnbt.exec:\bnbnbt.exe98⤵
-
\??\c:\vjppj.exec:\vjppj.exe99⤵
-
\??\c:\bbbhbt.exec:\bbbhbt.exe100⤵
-
\??\c:\3jjjj.exec:\3jjjj.exe101⤵
-
\??\c:\bbbthb.exec:\bbbthb.exe102⤵
-
\??\c:\3vvpp.exec:\3vvpp.exe103⤵
-
\??\c:\xflllfl.exec:\xflllfl.exe104⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe105⤵
-
\??\c:\llffffx.exec:\llffffx.exe106⤵
-
\??\c:\9httnh.exec:\9httnh.exe107⤵
-
\??\c:\pvpjv.exec:\pvpjv.exe108⤵
-
\??\c:\nbhhhb.exec:\nbhhhb.exe109⤵
-
\??\c:\rrrllll.exec:\rrrllll.exe110⤵
-
\??\c:\hbhtth.exec:\hbhtth.exe111⤵
-
\??\c:\jvvjd.exec:\jvvjd.exe112⤵
-
\??\c:\htnbhb.exec:\htnbhb.exe113⤵
-
\??\c:\thtnhh.exec:\thtnhh.exe114⤵
-
\??\c:\xlfxfxx.exec:\xlfxfxx.exe115⤵
-
\??\c:\hnnbbt.exec:\hnnbbt.exe116⤵
-
\??\c:\pjjdj.exec:\pjjdj.exe117⤵
-
\??\c:\9nhhtn.exec:\9nhhtn.exe118⤵
-
\??\c:\vppdj.exec:\vppdj.exe119⤵
-
\??\c:\thbnbt.exec:\thbnbt.exe120⤵
-
\??\c:\hnnbhb.exec:\hnnbhb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-