Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
05/03/2024, 20:00
General
-
Target
4788db99955c046f7c91beb1dd09e5c378f1d4681219a5e16121880a186c1f05.exe
-
Size
55KB
-
MD5
bee693a3e88bdbaead4311e06455974e
-
SHA1
461131c90f5ce809358aa02dca8d2a9d88b03ef0
-
SHA256
4788db99955c046f7c91beb1dd09e5c378f1d4681219a5e16121880a186c1f05
-
SHA512
3fa10ade5d45dcbf0639de5666efe9291d948480990f14b02720e62acdddb2fd643c1df4b801e5bacb229f56308ac51ceaccf3661b4d39cc8e016f522e6b749d
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIv6u:ymb3NkkiQ3mdBjFIv/
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 45 IoCs
-
UPX dump on OEP (original entry point) 59 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 59 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4788db99955c046f7c91beb1dd09e5c378f1d4681219a5e16121880a186c1f05.exe"C:\Users\Admin\AppData\Local\Temp\4788db99955c046f7c91beb1dd09e5c378f1d4681219a5e16121880a186c1f05.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3pvjd.exec:\3pvjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjjj.exec:\vdjjj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lrxrxr.exec:\1lrxrxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppdv.exec:\vppdv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbbbb.exec:\htbbbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjjj.exec:\vjjjj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrlxxx.exec:\lfrlxxx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddddd.exec:\ddddd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrffrrl.exec:\xrffrrl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vvpj.exec:\3vvpj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nhbhn.exec:\5nhbhn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbbn.exec:\btbbbn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfxrxr.exec:\xlfxrxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jppp.exec:\5jppp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrffxxx.exec:\rrffxxx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vddv.exec:\9vddv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflfxxr.exec:\rflfxxr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvpd.exec:\dpvpd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7llfffx.exec:\7llfffx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbtbb.exec:\btbtbb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dvdd.exec:\3dvdd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrlflf.exec:\frrlflf.exe23⤵
- Executes dropped EXE
-
\??\c:\nbbtnn.exec:\nbbtnn.exe24⤵
- Executes dropped EXE
-
\??\c:\dddjp.exec:\dddjp.exe25⤵
- Executes dropped EXE
-
\??\c:\ttnbnh.exec:\ttnbnh.exe26⤵
- Executes dropped EXE
-
\??\c:\1vjdj.exec:\1vjdj.exe27⤵
- Executes dropped EXE
-
\??\c:\nnhhhn.exec:\nnhhhn.exe28⤵
- Executes dropped EXE
-
\??\c:\9djdd.exec:\9djdd.exe29⤵
- Executes dropped EXE
-
\??\c:\ntnhbb.exec:\ntnhbb.exe30⤵
- Executes dropped EXE
-
\??\c:\vpvpj.exec:\vpvpj.exe31⤵
- Executes dropped EXE
-
\??\c:\lfffrrr.exec:\lfffrrr.exe32⤵
- Executes dropped EXE
-
\??\c:\tbhhhh.exec:\tbhhhh.exe33⤵
- Executes dropped EXE
-
\??\c:\frfxlrr.exec:\frfxlrr.exe34⤵
- Executes dropped EXE
-
\??\c:\djjdj.exec:\djjdj.exe35⤵
- Executes dropped EXE
-
\??\c:\rflfxrl.exec:\rflfxrl.exe36⤵
- Executes dropped EXE
-
\??\c:\9hnhbt.exec:\9hnhbt.exe37⤵
- Executes dropped EXE
-
\??\c:\djpjv.exec:\djpjv.exe38⤵
- Executes dropped EXE
-
\??\c:\3bbtnn.exec:\3bbtnn.exe39⤵
- Executes dropped EXE
-
\??\c:\pvvjv.exec:\pvvjv.exe40⤵
- Executes dropped EXE
-
\??\c:\xfxrfxr.exec:\xfxrfxr.exe41⤵
- Executes dropped EXE
-
\??\c:\vpvdv.exec:\vpvdv.exe42⤵
- Executes dropped EXE
-
\??\c:\ffffrrl.exec:\ffffrrl.exe43⤵
- Executes dropped EXE
-
\??\c:\dvvvp.exec:\dvvvp.exe44⤵
- Executes dropped EXE
-
\??\c:\lffxrrr.exec:\lffxrrr.exe45⤵
- Executes dropped EXE
-
\??\c:\nbnntb.exec:\nbnntb.exe46⤵
- Executes dropped EXE
-
\??\c:\pppjv.exec:\pppjv.exe47⤵
- Executes dropped EXE
-
\??\c:\nhbnhh.exec:\nhbnhh.exe48⤵
- Executes dropped EXE
-
\??\c:\vjppj.exec:\vjppj.exe49⤵
- Executes dropped EXE
-
\??\c:\3xxxrxx.exec:\3xxxrxx.exe50⤵
- Executes dropped EXE
-
\??\c:\hbbbtb.exec:\hbbbtb.exe51⤵
- Executes dropped EXE
-
\??\c:\lxffrxx.exec:\lxffrxx.exe52⤵
- Executes dropped EXE
-
\??\c:\btbbtt.exec:\btbbtt.exe53⤵
- Executes dropped EXE
-
\??\c:\frrllrr.exec:\frrllrr.exe54⤵
- Executes dropped EXE
-
\??\c:\3vvdv.exec:\3vvdv.exe55⤵
- Executes dropped EXE
-
\??\c:\fxxrrlr.exec:\fxxrrlr.exe56⤵
- Executes dropped EXE
-
\??\c:\nnnnbb.exec:\nnnnbb.exe57⤵
- Executes dropped EXE
-
\??\c:\flrlfff.exec:\flrlfff.exe58⤵
- Executes dropped EXE
-
\??\c:\vpvdv.exec:\vpvdv.exe59⤵
- Executes dropped EXE
-
\??\c:\ddpvv.exec:\ddpvv.exe60⤵
- Executes dropped EXE
-
\??\c:\rllxrrl.exec:\rllxrrl.exe61⤵
- Executes dropped EXE
-
\??\c:\5jvpj.exec:\5jvpj.exe62⤵
- Executes dropped EXE
-
\??\c:\fxlfllr.exec:\fxlfllr.exe63⤵
- Executes dropped EXE
-
\??\c:\pdjvv.exec:\pdjvv.exe64⤵
- Executes dropped EXE
-
\??\c:\bnbbnn.exec:\bnbbnn.exe65⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe66⤵
-
\??\c:\7rrxrrr.exec:\7rrxrrr.exe67⤵
-
\??\c:\htntnh.exec:\htntnh.exe68⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe69⤵
-
\??\c:\9ffxrlf.exec:\9ffxrlf.exe70⤵
-
\??\c:\9ddjj.exec:\9ddjj.exe71⤵
-
\??\c:\htnttt.exec:\htnttt.exe72⤵
-
\??\c:\5xfxrff.exec:\5xfxrff.exe73⤵
-
\??\c:\nntnnn.exec:\nntnnn.exe74⤵
-
\??\c:\vdvpj.exec:\vdvpj.exe75⤵
-
\??\c:\3bhbtt.exec:\3bhbtt.exe76⤵
-
\??\c:\pjppd.exec:\pjppd.exe77⤵
-
\??\c:\nnbnht.exec:\nnbnht.exe78⤵
-
\??\c:\ddjjj.exec:\ddjjj.exe79⤵
-
\??\c:\tnhnhh.exec:\tnhnhh.exe80⤵
-
\??\c:\fxfrfxf.exec:\fxfrfxf.exe81⤵
-
\??\c:\nhhnnh.exec:\nhhnnh.exe82⤵
-
\??\c:\ffxxxxx.exec:\ffxxxxx.exe83⤵
-
\??\c:\1tnhbb.exec:\1tnhbb.exe84⤵
-
\??\c:\vppvj.exec:\vppvj.exe85⤵
-
\??\c:\xxlfrrf.exec:\xxlfrrf.exe86⤵
-
\??\c:\tnbbtt.exec:\tnbbtt.exe87⤵
-
\??\c:\9lfffff.exec:\9lfffff.exe88⤵
-
\??\c:\htthbt.exec:\htthbt.exe89⤵
-
\??\c:\ffrrrlx.exec:\ffrrrlx.exe90⤵
-
\??\c:\bnnhbt.exec:\bnnhbt.exe91⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe92⤵
-
\??\c:\hbhbnn.exec:\hbhbnn.exe93⤵
-
\??\c:\pvjjd.exec:\pvjjd.exe94⤵
-
\??\c:\rfrlxlf.exec:\rfrlxlf.exe95⤵
-
\??\c:\jjvvp.exec:\jjvvp.exe96⤵
-
\??\c:\flrlflf.exec:\flrlflf.exe97⤵
-
\??\c:\5bbtnb.exec:\5bbtnb.exe98⤵
-
\??\c:\frfxxff.exec:\frfxxff.exe99⤵
-
\??\c:\hhhhbb.exec:\hhhhbb.exe100⤵
-
\??\c:\frfrxrf.exec:\frfrxrf.exe101⤵
-
\??\c:\nhttnn.exec:\nhttnn.exe102⤵
-
\??\c:\vdjdd.exec:\vdjdd.exe103⤵
-
\??\c:\nbntbh.exec:\nbntbh.exe104⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe105⤵
-
\??\c:\thhhtn.exec:\thhhtn.exe106⤵
-
\??\c:\jpppj.exec:\jpppj.exe107⤵
-
\??\c:\lfrlfxr.exec:\lfrlfxr.exe108⤵
-
\??\c:\tnntbh.exec:\tnntbh.exe109⤵
-
\??\c:\5ddpv.exec:\5ddpv.exe110⤵
-
\??\c:\5xxlxrl.exec:\5xxlxrl.exe111⤵
-
\??\c:\hnttnn.exec:\hnttnn.exe112⤵
-
\??\c:\vvdvv.exec:\vvdvv.exe113⤵
-
\??\c:\frffrrr.exec:\frffrrr.exe114⤵
-
\??\c:\nnbbbn.exec:\nnbbbn.exe115⤵
-
\??\c:\xflfxxr.exec:\xflfxxr.exe116⤵
-
\??\c:\5hbtnn.exec:\5hbtnn.exe117⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe118⤵
-
\??\c:\5hnbtt.exec:\5hnbtt.exe119⤵
-
\??\c:\vpppv.exec:\vpppv.exe120⤵
-
\??\c:\rxfxxxl.exec:\rxfxxxl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-