Analysis
-
max time kernel
112s -
max time network
111s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
29-02-2024 07:35
General
-
Target
HEUR-Trojan.Win32.exe
-
Size
97KB
-
MD5
af137148b99c151fe89203ad957221b6
-
SHA1
98038184cb81771b878b8b4a19eac482341dca5d
-
SHA256
17a19d14feaebd3df9b7f67f0bda0caac371147ffd2dd4862bec2ae7460068ff
-
SHA512
5129db855802485f5698500e6b8e3b503fd818c5d1081e201267649a7d1b2c173ee848675aed0b0f18a5b45a21ecf3f4c485ed02dad6de380b2fe85aa2ce1ec3
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo7xCkTsIRwnoh2UzSNuhH:ymb3NkkiQ3mdBjFo7LAIRUohT2Ng
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 41 IoCs
-
UPX dump on OEP (original entry point) 54 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 54 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan.Win32.exe"C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan.Win32.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\wmgmk31.exec:\wmgmk31.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\181nm.exec:\181nm.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\mguag.exec:\mguag.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3152c.exec:\3152c.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9j22n3s.exec:\9j22n3s.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9055975.exec:\9055975.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2us77q.exec:\2us77q.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\c2qs19.exec:\c2qs19.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\914okk.exec:\914okk.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\o72x2.exec:\o72x2.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9711311.exec:\9711311.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7or313u.exec:\7or313u.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dg5mm33.exec:\dg5mm33.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5499791.exec:\5499791.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\h331a.exec:\h331a.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tjk19nm.exec:\tjk19nm.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v0q577.exec:\v0q577.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\o3i9mw.exec:\o3i9mw.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2qkuqq.exec:\2qkuqq.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9433n3.exec:\9433n3.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\d12as18.exec:\d12as18.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bjneho.exec:\5bjneho.exe23⤵
- Executes dropped EXE
-
\??\c:\i3gn8.exec:\i3gn8.exe24⤵
- Executes dropped EXE
-
\??\c:\xsr16g9.exec:\xsr16g9.exe25⤵
- Executes dropped EXE
-
\??\c:\31578l5.exec:\31578l5.exe26⤵
- Executes dropped EXE
-
\??\c:\c4cu34.exec:\c4cu34.exe27⤵
- Executes dropped EXE
-
\??\c:\b60js0s.exec:\b60js0s.exe28⤵
- Executes dropped EXE
-
\??\c:\775u8up.exec:\775u8up.exe29⤵
- Executes dropped EXE
-
\??\c:\4i4rho.exec:\4i4rho.exe30⤵
- Executes dropped EXE
-
\??\c:\04903.exec:\04903.exe31⤵
- Executes dropped EXE
-
\??\c:\f899i3.exec:\f899i3.exe32⤵
- Executes dropped EXE
-
\??\c:\du54l53.exec:\du54l53.exe33⤵
- Executes dropped EXE
-
\??\c:\ieemk.exec:\ieemk.exe34⤵
- Executes dropped EXE
-
\??\c:\9899818.exec:\9899818.exe35⤵
- Executes dropped EXE
-
\??\c:\8in6ef.exec:\8in6ef.exe36⤵
- Executes dropped EXE
-
\??\c:\c9wr3cu.exec:\c9wr3cu.exe37⤵
- Executes dropped EXE
-
\??\c:\f70o9.exec:\f70o9.exe38⤵
- Executes dropped EXE
-
\??\c:\46cqu72.exec:\46cqu72.exe39⤵
- Executes dropped EXE
-
\??\c:\13tci.exec:\13tci.exe40⤵
- Executes dropped EXE
-
\??\c:\t5575.exec:\t5575.exe41⤵
- Executes dropped EXE
-
\??\c:\qw5170.exec:\qw5170.exe42⤵
- Executes dropped EXE
-
\??\c:\0m79973.exec:\0m79973.exe43⤵
- Executes dropped EXE
-
\??\c:\4o1usw.exec:\4o1usw.exe44⤵
- Executes dropped EXE
-
\??\c:\nn5m5.exec:\nn5m5.exe45⤵
- Executes dropped EXE
-
\??\c:\au391.exec:\au391.exe46⤵
- Executes dropped EXE
-
\??\c:\8q9cx.exec:\8q9cx.exe47⤵
- Executes dropped EXE
-
\??\c:\5137577.exec:\5137577.exe48⤵
- Executes dropped EXE
-
\??\c:\vp403.exec:\vp403.exe49⤵
- Executes dropped EXE
-
\??\c:\v93ul.exec:\v93ul.exe50⤵
- Executes dropped EXE
-
\??\c:\3109mkm.exec:\3109mkm.exe51⤵
- Executes dropped EXE
-
\??\c:\x9imr.exec:\x9imr.exe52⤵
- Executes dropped EXE
-
\??\c:\4gisiqk.exec:\4gisiqk.exe53⤵
- Executes dropped EXE
-
\??\c:\pa7a53m.exec:\pa7a53m.exe54⤵
- Executes dropped EXE
-
\??\c:\95731.exec:\95731.exe55⤵
- Executes dropped EXE
-
\??\c:\pu9qeku.exec:\pu9qeku.exe56⤵
- Executes dropped EXE
-
\??\c:\6gx8f.exec:\6gx8f.exe57⤵
- Executes dropped EXE
-
\??\c:\fidgsmm.exec:\fidgsmm.exe58⤵
- Executes dropped EXE
-
\??\c:\9u904i.exec:\9u904i.exe59⤵
- Executes dropped EXE
-
\??\c:\nm0q9.exec:\nm0q9.exe60⤵
- Executes dropped EXE
-
\??\c:\n92lx.exec:\n92lx.exe61⤵
- Executes dropped EXE
-
\??\c:\h9j3d.exec:\h9j3d.exe62⤵
- Executes dropped EXE
-
\??\c:\gwsiau.exec:\gwsiau.exe63⤵
- Executes dropped EXE
-
\??\c:\0n271va.exec:\0n271va.exe64⤵
- Executes dropped EXE
-
\??\c:\57575sl.exec:\57575sl.exe65⤵
- Executes dropped EXE
-
\??\c:\05gl2.exec:\05gl2.exe66⤵
-
\??\c:\a9k9ve.exec:\a9k9ve.exe67⤵
-
\??\c:\6kl2m.exec:\6kl2m.exe68⤵
-
\??\c:\p8rkb.exec:\p8rkb.exe69⤵
-
\??\c:\8q51m.exec:\8q51m.exe70⤵
-
\??\c:\n1ih5.exec:\n1ih5.exe71⤵
-
\??\c:\ndcait.exec:\ndcait.exe72⤵
-
\??\c:\49v549.exec:\49v549.exe73⤵
-
\??\c:\7l53593.exec:\7l53593.exe74⤵
-
\??\c:\79317.exec:\79317.exe75⤵
-
\??\c:\6wr797s.exec:\6wr797s.exe76⤵
-
\??\c:\0n32s.exec:\0n32s.exe77⤵
-
\??\c:\l4g4iv.exec:\l4g4iv.exe78⤵
-
\??\c:\mdkgu.exec:\mdkgu.exe79⤵
-
\??\c:\txupsgg.exec:\txupsgg.exe80⤵
-
\??\c:\4hei12f.exec:\4hei12f.exe81⤵
-
\??\c:\8p39u.exec:\8p39u.exe82⤵
-
\??\c:\dw4o5.exec:\dw4o5.exe83⤵
-
\??\c:\tasl7.exec:\tasl7.exe84⤵
-
\??\c:\6cb915.exec:\6cb915.exe85⤵
-
\??\c:\an3ah0.exec:\an3ah0.exe86⤵
-
\??\c:\4hx0196.exec:\4hx0196.exe87⤵
-
\??\c:\on28p1.exec:\on28p1.exe88⤵
-
\??\c:\ewb55e.exec:\ewb55e.exe89⤵
-
\??\c:\2000x.exec:\2000x.exe90⤵
-
\??\c:\ii7cih.exec:\ii7cih.exe91⤵
-
\??\c:\6l8351.exec:\6l8351.exe92⤵
-
\??\c:\p676t45.exec:\p676t45.exe93⤵
-
\??\c:\93cuk.exec:\93cuk.exe94⤵
-
\??\c:\0k3951.exec:\0k3951.exe95⤵
-
\??\c:\49ge1j.exec:\49ge1j.exe96⤵
-
\??\c:\si90f97.exec:\si90f97.exe97⤵
-
\??\c:\591o9l.exec:\591o9l.exe98⤵
-
\??\c:\r8qt1it.exec:\r8qt1it.exe99⤵
-
\??\c:\smauu.exec:\smauu.exe100⤵
-
\??\c:\o73i9.exec:\o73i9.exe101⤵
-
\??\c:\4t6p95.exec:\4t6p95.exe102⤵
-
\??\c:\4at33.exec:\4at33.exe103⤵
-
\??\c:\91kg3.exec:\91kg3.exe104⤵
-
\??\c:\31e7sl.exec:\31e7sl.exe105⤵
-
\??\c:\0dm2dwx.exec:\0dm2dwx.exe106⤵
-
\??\c:\rfja6.exec:\rfja6.exe107⤵
-
\??\c:\717qg3m.exec:\717qg3m.exe108⤵
-
\??\c:\t65pe.exec:\t65pe.exe109⤵
-
\??\c:\4oh3ure.exec:\4oh3ure.exe110⤵
-
\??\c:\4686v9l.exec:\4686v9l.exe111⤵
-
\??\c:\7seimeg.exec:\7seimeg.exe112⤵
-
\??\c:\8p5et85.exec:\8p5et85.exe113⤵
-
\??\c:\q2l046.exec:\q2l046.exe114⤵
-
\??\c:\20magu.exec:\20magu.exe115⤵
-
\??\c:\7432p2.exec:\7432p2.exe116⤵
-
\??\c:\f120kg.exec:\f120kg.exe117⤵
-
\??\c:\9cb7s2q.exec:\9cb7s2q.exe118⤵
-
\??\c:\5na2882.exec:\5na2882.exe119⤵
-
\??\c:\92qe1i.exec:\92qe1i.exe120⤵
-
\??\c:\n4u539.exec:\n4u539.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-