Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
05/03/2024, 21:24
General
-
Target
67fe418094caca242b4adf0fae4ee50379bce1eb05d2d0dcb7c8a2698566fe84.exe
-
Size
262KB
-
MD5
ff7b470cd99a3ccf65139c20cadaa717
-
SHA1
406efdac3446e3503774f93cfcc5468a4381e5e3
-
SHA256
67fe418094caca242b4adf0fae4ee50379bce1eb05d2d0dcb7c8a2698566fe84
-
SHA512
17b5461e904013d1346f717d3480dd801aa8b84524a5e71b322eaa45b2b7a1331e66336524d836859415ff8982ca7d598d2f36a8776c2edc1b3202c6df5a04fb
-
SSDEEP
6144:Ucm4FmowdHoS+ri8GBftapTs1er6TLBN6llB8rv:i4wFHoS+ri8Gd0G1er6TLBN6llB8T
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 47 IoCs
-
UPX dump on OEP (original entry point) 62 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 62 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\67fe418094caca242b4adf0fae4ee50379bce1eb05d2d0dcb7c8a2698566fe84.exe"C:\Users\Admin\AppData\Local\Temp\67fe418094caca242b4adf0fae4ee50379bce1eb05d2d0dcb7c8a2698566fe84.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9s1xd7.exec:\9s1xd7.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\cm9m04.exec:\cm9m04.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5qo78.exec:\5qo78.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2iue1s.exec:\2iue1s.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hor70u3.exec:\hor70u3.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\f58w3nd.exec:\f58w3nd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\j957ra.exec:\j957ra.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8q3c33i.exec:\8q3c33i.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\wcm67.exec:\wcm67.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tw73u.exec:\tw73u.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\533u6g3.exec:\533u6g3.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pekat9.exec:\pekat9.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\61ew9ev.exec:\61ew9ev.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\07c8d.exec:\07c8d.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\f2r6j.exec:\f2r6j.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\834g7.exec:\834g7.exe17⤵
- Executes dropped EXE
-
\??\c:\m0ei0.exec:\m0ei0.exe18⤵
- Executes dropped EXE
-
\??\c:\sstuugp.exec:\sstuugp.exe19⤵
- Executes dropped EXE
-
\??\c:\29aup.exec:\29aup.exe20⤵
- Executes dropped EXE
-
\??\c:\x5a7s.exec:\x5a7s.exe21⤵
- Executes dropped EXE
-
\??\c:\e56g93.exec:\e56g93.exe22⤵
- Executes dropped EXE
-
\??\c:\0k37m5w.exec:\0k37m5w.exe23⤵
- Executes dropped EXE
-
\??\c:\8al5hsq.exec:\8al5hsq.exe24⤵
- Executes dropped EXE
-
\??\c:\09w7o43.exec:\09w7o43.exe25⤵
- Executes dropped EXE
-
\??\c:\rq15ap9.exec:\rq15ap9.exe26⤵
- Executes dropped EXE
-
\??\c:\9fwm5o.exec:\9fwm5o.exe27⤵
- Executes dropped EXE
-
\??\c:\3s74c.exec:\3s74c.exe28⤵
- Executes dropped EXE
-
\??\c:\hq11211.exec:\hq11211.exe29⤵
- Executes dropped EXE
-
\??\c:\jdl6j.exec:\jdl6j.exe30⤵
- Executes dropped EXE
-
\??\c:\bap9oe.exec:\bap9oe.exe31⤵
- Executes dropped EXE
-
\??\c:\692q1.exec:\692q1.exe32⤵
- Executes dropped EXE
-
\??\c:\vd8u38.exec:\vd8u38.exe33⤵
- Executes dropped EXE
-
\??\c:\dsi3e.exec:\dsi3e.exe34⤵
- Executes dropped EXE
-
\??\c:\qwpard.exec:\qwpard.exe35⤵
- Executes dropped EXE
-
\??\c:\571wjg.exec:\571wjg.exe36⤵
- Executes dropped EXE
-
\??\c:\81597q.exec:\81597q.exe37⤵
- Executes dropped EXE
-
\??\c:\8978ur.exec:\8978ur.exe38⤵
- Executes dropped EXE
-
\??\c:\8ov5vw9.exec:\8ov5vw9.exe39⤵
- Executes dropped EXE
-
\??\c:\1x23k92.exec:\1x23k92.exe40⤵
- Executes dropped EXE
-
\??\c:\99kjc.exec:\99kjc.exe41⤵
- Executes dropped EXE
-
\??\c:\7g8sb.exec:\7g8sb.exe42⤵
- Executes dropped EXE
-
\??\c:\c90e5kp.exec:\c90e5kp.exe43⤵
- Executes dropped EXE
-
\??\c:\aod943.exec:\aod943.exe44⤵
- Executes dropped EXE
-
\??\c:\8g5vg.exec:\8g5vg.exe45⤵
- Executes dropped EXE
-
\??\c:\850a3.exec:\850a3.exe46⤵
- Executes dropped EXE
-
\??\c:\dc5ktci.exec:\dc5ktci.exe47⤵
- Executes dropped EXE
-
\??\c:\0q33e3.exec:\0q33e3.exe48⤵
- Executes dropped EXE
-
\??\c:\c2h990.exec:\c2h990.exe49⤵
- Executes dropped EXE
-
\??\c:\05cubc8.exec:\05cubc8.exe50⤵
- Executes dropped EXE
-
\??\c:\e0bq4w.exec:\e0bq4w.exe51⤵
- Executes dropped EXE
-
\??\c:\7n0o2m.exec:\7n0o2m.exe52⤵
- Executes dropped EXE
-
\??\c:\418s53i.exec:\418s53i.exe53⤵
- Executes dropped EXE
-
\??\c:\38un7s.exec:\38un7s.exe54⤵
- Executes dropped EXE
-
\??\c:\05wj4w7.exec:\05wj4w7.exe55⤵
- Executes dropped EXE
-
\??\c:\25lh91.exec:\25lh91.exe56⤵
- Executes dropped EXE
-
\??\c:\1238h.exec:\1238h.exe57⤵
- Executes dropped EXE
-
\??\c:\v93lk5.exec:\v93lk5.exe58⤵
- Executes dropped EXE
-
\??\c:\mi41td.exec:\mi41td.exe59⤵
- Executes dropped EXE
-
\??\c:\41mp52m.exec:\41mp52m.exe60⤵
- Executes dropped EXE
-
\??\c:\s5act6.exec:\s5act6.exe61⤵
- Executes dropped EXE
-
\??\c:\hgj8ro.exec:\hgj8ro.exe62⤵
- Executes dropped EXE
-
\??\c:\ijw0bi.exec:\ijw0bi.exe63⤵
- Executes dropped EXE
-
\??\c:\csx04.exec:\csx04.exe64⤵
- Executes dropped EXE
-
\??\c:\ra19sp5.exec:\ra19sp5.exe65⤵
- Executes dropped EXE
-
\??\c:\25cq54g.exec:\25cq54g.exe66⤵
-
\??\c:\679m767.exec:\679m767.exe67⤵
-
\??\c:\7g38t1.exec:\7g38t1.exe68⤵
-
\??\c:\p37m4l9.exec:\p37m4l9.exe69⤵
-
\??\c:\2ev3dr9.exec:\2ev3dr9.exe70⤵
-
\??\c:\oxt6it.exec:\oxt6it.exe71⤵
-
\??\c:\1nj08un.exec:\1nj08un.exe72⤵
-
\??\c:\2kh439c.exec:\2kh439c.exe73⤵
-
\??\c:\403rj.exec:\403rj.exe74⤵
-
\??\c:\27gn8.exec:\27gn8.exe75⤵
-
\??\c:\o9553i5.exec:\o9553i5.exe76⤵
-
\??\c:\v79up.exec:\v79up.exe77⤵
-
\??\c:\vo18r3q.exec:\vo18r3q.exe78⤵
-
\??\c:\c1aae.exec:\c1aae.exe79⤵
-
\??\c:\hw157.exec:\hw157.exe80⤵
-
\??\c:\43o39b1.exec:\43o39b1.exe81⤵
-
\??\c:\jc52gh.exec:\jc52gh.exe82⤵
-
\??\c:\k9w39j.exec:\k9w39j.exe83⤵
-
\??\c:\3n3ib5.exec:\3n3ib5.exe84⤵
-
\??\c:\4gm9w.exec:\4gm9w.exe85⤵
-
\??\c:\85p8e35.exec:\85p8e35.exe86⤵
-
\??\c:\21wo0if.exec:\21wo0if.exe87⤵
-
\??\c:\v1cw97g.exec:\v1cw97g.exe88⤵
-
\??\c:\bi71s.exec:\bi71s.exe89⤵
-
\??\c:\n14m892.exec:\n14m892.exe90⤵
-
\??\c:\e3tj908.exec:\e3tj908.exe91⤵
-
\??\c:\1v559.exec:\1v559.exe92⤵
-
\??\c:\27ks258.exec:\27ks258.exe93⤵
-
\??\c:\duwwv6m.exec:\duwwv6m.exe94⤵
-
\??\c:\r1i1q.exec:\r1i1q.exe95⤵
-
\??\c:\07gc9.exec:\07gc9.exe96⤵
-
\??\c:\853hok.exec:\853hok.exe97⤵
-
\??\c:\5e711.exec:\5e711.exe98⤵
-
\??\c:\4557e3.exec:\4557e3.exe99⤵
-
\??\c:\vx3911.exec:\vx3911.exe100⤵
-
\??\c:\2139q01.exec:\2139q01.exe101⤵
-
\??\c:\dc45wct.exec:\dc45wct.exe102⤵
-
\??\c:\c4b7x9.exec:\c4b7x9.exe103⤵
-
\??\c:\09u77.exec:\09u77.exe104⤵
-
\??\c:\65el6b.exec:\65el6b.exe105⤵
-
\??\c:\rcacm3o.exec:\rcacm3o.exe106⤵
-
\??\c:\05a32xi.exec:\05a32xi.exe107⤵
-
\??\c:\8c39g5.exec:\8c39g5.exe108⤵
-
\??\c:\fmk5ch.exec:\fmk5ch.exe109⤵
-
\??\c:\l96u9.exec:\l96u9.exe110⤵
-
\??\c:\pch15.exec:\pch15.exe111⤵
-
\??\c:\0gs6fd.exec:\0gs6fd.exe112⤵
-
\??\c:\t7373.exec:\t7373.exe113⤵
-
\??\c:\8ana58.exec:\8ana58.exe114⤵
-
\??\c:\79tic55.exec:\79tic55.exe115⤵
-
\??\c:\dv35g.exec:\dv35g.exe116⤵
-
\??\c:\0i1lgg.exec:\0i1lgg.exe117⤵
-
\??\c:\n79gc11.exec:\n79gc11.exe118⤵
-
\??\c:\bemju.exec:\bemju.exe119⤵
-
\??\c:\0f53et2.exec:\0f53et2.exe120⤵
-
\??\c:\oe3ax.exec:\oe3ax.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-