Analysis
-
max time kernel
145s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
05/03/2024, 18:30
General
-
Target
2123b967bdab82370fc9616f35b4a1914c7c8bc9aa1adb6829f85392e0845252.exe
-
Size
78KB
-
MD5
d0cd8a183519dcacf59ea8f4ed50e4de
-
SHA1
5bcf790ad94a1021b575dd340c84de584be2dfd7
-
SHA256
2123b967bdab82370fc9616f35b4a1914c7c8bc9aa1adb6829f85392e0845252
-
SHA512
530d8d8ab531725c85c157e6ab6d9b5f1bc5b9acb86e5d34714e6831e9746856f1af175e183d9db38522542b7276c8dcf10aae20b1b12385ad9d749c25e8c2a0
-
SSDEEP
1536:zvQBeOGtrYS3srx93UBWfwC6Ggnouy8iT4+C2HVM1p6TVb:zhOmTsF93UYfwC6GIoutiTU2HVS6R
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 36 IoCs
-
UPX dump on OEP (original entry point) 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2123b967bdab82370fc9616f35b4a1914c7c8bc9aa1adb6829f85392e0845252.exe"C:\Users\Admin\AppData\Local\Temp\2123b967bdab82370fc9616f35b4a1914c7c8bc9aa1adb6829f85392e0845252.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxffxf.exec:\xlxffxf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbhnt.exec:\tbbhnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnhnt.exec:\hbnhnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vjpv.exec:\9vjpv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjjp.exec:\jvjjp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rflllf.exec:\7rflllf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhtth.exec:\tbhtth.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtttb.exec:\thtttb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjvp.exec:\vvjvp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlffxx.exec:\lxlffxx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnnn.exec:\bntnnn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jdvd.exec:\5jdvd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jdpd.exec:\7jdpd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxfflr.exec:\xrxfflr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nnnbb.exec:\5nnnbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtntn.exec:\hbtntn.exe17⤵
- Executes dropped EXE
-
\??\c:\5pjjp.exec:\5pjjp.exe18⤵
- Executes dropped EXE
-
\??\c:\jvdvj.exec:\jvdvj.exe19⤵
- Executes dropped EXE
-
\??\c:\1fxllff.exec:\1fxllff.exe20⤵
- Executes dropped EXE
-
\??\c:\1ffxrfr.exec:\1ffxrfr.exe21⤵
- Executes dropped EXE
-
\??\c:\htbbbb.exec:\htbbbb.exe22⤵
- Executes dropped EXE
-
\??\c:\7jdpv.exec:\7jdpv.exe23⤵
- Executes dropped EXE
-
\??\c:\5pdvp.exec:\5pdvp.exe24⤵
- Executes dropped EXE
-
\??\c:\5frfrxx.exec:\5frfrxx.exe25⤵
- Executes dropped EXE
-
\??\c:\1lfxflx.exec:\1lfxflx.exe26⤵
- Executes dropped EXE
-
\??\c:\nbhhtt.exec:\nbhhtt.exe27⤵
- Executes dropped EXE
-
\??\c:\3vvjd.exec:\3vvjd.exe28⤵
- Executes dropped EXE
-
\??\c:\pjpvv.exec:\pjpvv.exe29⤵
- Executes dropped EXE
-
\??\c:\rfrxxrf.exec:\rfrxxrf.exe30⤵
- Executes dropped EXE
-
\??\c:\frxxxrx.exec:\frxxxrx.exe31⤵
- Executes dropped EXE
-
\??\c:\9htbhb.exec:\9htbhb.exe32⤵
- Executes dropped EXE
-
\??\c:\bnhbbn.exec:\bnhbbn.exe33⤵
- Executes dropped EXE
-
\??\c:\dpvjd.exec:\dpvjd.exe34⤵
- Executes dropped EXE
-
\??\c:\vjvjj.exec:\vjvjj.exe35⤵
- Executes dropped EXE
-
\??\c:\hbbttn.exec:\hbbttn.exe36⤵
- Executes dropped EXE
-
\??\c:\nhtbhh.exec:\nhtbhh.exe37⤵
- Executes dropped EXE
-
\??\c:\5jvvv.exec:\5jvvv.exe38⤵
- Executes dropped EXE
-
\??\c:\lxflfff.exec:\lxflfff.exe39⤵
- Executes dropped EXE
-
\??\c:\ntthnb.exec:\ntthnb.exe40⤵
- Executes dropped EXE
-
\??\c:\pdjvd.exec:\pdjvd.exe41⤵
- Executes dropped EXE
-
\??\c:\3jvdp.exec:\3jvdp.exe42⤵
- Executes dropped EXE
-
\??\c:\xlrfrxx.exec:\xlrfrxx.exe43⤵
- Executes dropped EXE
-
\??\c:\3lrlfxf.exec:\3lrlfxf.exe44⤵
- Executes dropped EXE
-
\??\c:\nbnnbt.exec:\nbnnbt.exe45⤵
- Executes dropped EXE
-
\??\c:\btbntn.exec:\btbntn.exe46⤵
- Executes dropped EXE
-
\??\c:\hbnbnt.exec:\hbnbnt.exe47⤵
- Executes dropped EXE
-
\??\c:\1pjpv.exec:\1pjpv.exe48⤵
- Executes dropped EXE
-
\??\c:\vpjjv.exec:\vpjjv.exe49⤵
- Executes dropped EXE
-
\??\c:\llxlfrf.exec:\llxlfrf.exe50⤵
- Executes dropped EXE
-
\??\c:\rxlfxrf.exec:\rxlfxrf.exe51⤵
- Executes dropped EXE
-
\??\c:\nthttt.exec:\nthttt.exe52⤵
- Executes dropped EXE
-
\??\c:\1jdjd.exec:\1jdjd.exe53⤵
- Executes dropped EXE
-
\??\c:\1dvvd.exec:\1dvvd.exe54⤵
- Executes dropped EXE
-
\??\c:\3rlrffr.exec:\3rlrffr.exe55⤵
- Executes dropped EXE
-
\??\c:\frlrrrl.exec:\frlrrrl.exe56⤵
- Executes dropped EXE
-
\??\c:\rflrfff.exec:\rflrfff.exe57⤵
- Executes dropped EXE
-
\??\c:\3bhhbt.exec:\3bhhbt.exe58⤵
- Executes dropped EXE
-
\??\c:\5jddj.exec:\5jddj.exe59⤵
- Executes dropped EXE
-
\??\c:\pddjp.exec:\pddjp.exe60⤵
- Executes dropped EXE
-
\??\c:\7djjp.exec:\7djjp.exe61⤵
- Executes dropped EXE
-
\??\c:\7rlxrrx.exec:\7rlxrrx.exe62⤵
- Executes dropped EXE
-
\??\c:\rlllrxx.exec:\rlllrxx.exe63⤵
- Executes dropped EXE
-
\??\c:\hthhhh.exec:\hthhhh.exe64⤵
- Executes dropped EXE
-
\??\c:\5nbttn.exec:\5nbttn.exe65⤵
- Executes dropped EXE
-
\??\c:\vjvjv.exec:\vjvjv.exe66⤵
-
\??\c:\7lxffxf.exec:\7lxffxf.exe67⤵
-
\??\c:\rfrxlrr.exec:\rfrxlrr.exe68⤵
-
\??\c:\lxrrrrr.exec:\lxrrrrr.exe69⤵
-
\??\c:\9bntnn.exec:\9bntnn.exe70⤵
-
\??\c:\tnnhtt.exec:\tnnhtt.exe71⤵
-
\??\c:\5jvvv.exec:\5jvvv.exe72⤵
-
\??\c:\dpdjp.exec:\dpdjp.exe73⤵
-
\??\c:\djjjj.exec:\djjjj.exe74⤵
-
\??\c:\5xlrxxf.exec:\5xlrxxf.exe75⤵
-
\??\c:\1fxxxfl.exec:\1fxxxfl.exe76⤵
-
\??\c:\nbtbhh.exec:\nbtbhh.exe77⤵
-
\??\c:\3htttn.exec:\3htttn.exe78⤵
-
\??\c:\djjdd.exec:\djjdd.exe79⤵
-
\??\c:\pjjjp.exec:\pjjjp.exe80⤵
-
\??\c:\fxflxlf.exec:\fxflxlf.exe81⤵
-
\??\c:\fxfxlrx.exec:\fxfxlrx.exe82⤵
-
\??\c:\5nttbh.exec:\5nttbh.exe83⤵
-
\??\c:\hbhhhh.exec:\hbhhhh.exe84⤵
-
\??\c:\3pdjd.exec:\3pdjd.exe85⤵
-
\??\c:\jdddd.exec:\jdddd.exe86⤵
-
\??\c:\jvdjj.exec:\jvdjj.exe87⤵
-
\??\c:\1rrxfxf.exec:\1rrxfxf.exe88⤵
-
\??\c:\1frxfff.exec:\1frxfff.exe89⤵
-
\??\c:\7nhtbh.exec:\7nhtbh.exe90⤵
-
\??\c:\vjdpp.exec:\vjdpp.exe91⤵
-
\??\c:\1jjpd.exec:\1jjpd.exe92⤵
-
\??\c:\5pjjj.exec:\5pjjj.exe93⤵
-
\??\c:\fxrxfrf.exec:\fxrxfrf.exe94⤵
-
\??\c:\rlrflrf.exec:\rlrflrf.exe95⤵
-
\??\c:\fxrlfrf.exec:\fxrlfrf.exe96⤵
-
\??\c:\nhbnbn.exec:\nhbnbn.exe97⤵
-
\??\c:\hhbbtn.exec:\hhbbtn.exe98⤵
-
\??\c:\vddpd.exec:\vddpd.exe99⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe100⤵
-
\??\c:\7xxxrll.exec:\7xxxrll.exe101⤵
-
\??\c:\xrflxfr.exec:\xrflxfr.exe102⤵
-
\??\c:\hnntbt.exec:\hnntbt.exe103⤵
-
\??\c:\hbhtnn.exec:\hbhtnn.exe104⤵
-
\??\c:\djppv.exec:\djppv.exe105⤵
-
\??\c:\1vvpp.exec:\1vvpp.exe106⤵
-
\??\c:\jvvjd.exec:\jvvjd.exe107⤵
-
\??\c:\9xxlxlx.exec:\9xxlxlx.exe108⤵
-
\??\c:\rfxfffl.exec:\rfxfffl.exe109⤵
-
\??\c:\hbthnt.exec:\hbthnt.exe110⤵
-
\??\c:\7nhnnn.exec:\7nhnnn.exe111⤵
-
\??\c:\dpjjj.exec:\dpjjj.exe112⤵
-
\??\c:\jjpjp.exec:\jjpjp.exe113⤵
-
\??\c:\frllxxr.exec:\frllxxr.exe114⤵
-
\??\c:\rfffllr.exec:\rfffllr.exe115⤵
-
\??\c:\llflrrx.exec:\llflrrx.exe116⤵
-
\??\c:\hhbtnh.exec:\hhbtnh.exe117⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe118⤵
-
\??\c:\vvpvj.exec:\vvpvj.exe119⤵
-
\??\c:\rrlrffr.exec:\rrlrffr.exe120⤵
-
\??\c:\lxrxlrx.exec:\lxrxlrx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-