Analysis
-
max time kernel
138s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
07/03/2024, 22:36
General
-
Target
98d5593db28750142337486428ff4b71bac44e985f8eae83de578848e34ffb0b.exe
-
Size
457KB
-
MD5
04c1d42c90b0d79a4e2d6b1c40bc212a
-
SHA1
36b5eb3771c7e5bc57c767cfe9fd27c2db17ace9
-
SHA256
98d5593db28750142337486428ff4b71bac44e985f8eae83de578848e34ffb0b
-
SHA512
0a50b67c6886e9b738494e0a42d15789aee8446b2d7af92aad14af9aca85232aac2c5f11e1ba93ee10036737adc5c2ca16ec0c4a8d86faad99495926b617e408
-
SSDEEP
6144:n3C9BRo7MlrWKo+lS0Le4xRSAoq78yoyfx93svqTNAuVV5H0C:n3C9yMo+S0L9xRnoq7H9QYNAuVVL
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 45 IoCs
-
UPX dump on OEP (original entry point) 53 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 53 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\98d5593db28750142337486428ff4b71bac44e985f8eae83de578848e34ffb0b.exe"C:\Users\Admin\AppData\Local\Temp\98d5593db28750142337486428ff4b71bac44e985f8eae83de578848e34ffb0b.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhhtb.exec:\bbhhtb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxrrl.exec:\lffxrrl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrlflf.exec:\rlrlflf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vjdj.exec:\7vjdj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvvp.exec:\dpvvp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xfxrrr.exec:\9xfxrrr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddv.exec:\jdddv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdjp.exec:\jpdjp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfllf.exec:\rllfllf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvvp.exec:\dpvvp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttnnn.exec:\nttnnn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxrrrl.exec:\ffxrrrl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nhtbh.exec:\7nhtbh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbttnn.exec:\bbttnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffxxrr.exec:\fffxxrr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnnhh.exec:\tnnnhh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrrrl.exec:\rrrrrrl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjdv.exec:\pvjdv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbttt.exec:\hhbttt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxxxxx.exec:\xfxxxxx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdj.exec:\vvjdj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dppv.exec:\3dppv.exe23⤵
- Executes dropped EXE
-
\??\c:\ntnbtn.exec:\ntnbtn.exe24⤵
- Executes dropped EXE
-
\??\c:\hnhhth.exec:\hnhhth.exe25⤵
- Executes dropped EXE
-
\??\c:\9vdvp.exec:\9vdvp.exe26⤵
- Executes dropped EXE
-
\??\c:\nbhhtt.exec:\nbhhtt.exe27⤵
- Executes dropped EXE
-
\??\c:\fllfxxr.exec:\fllfxxr.exe28⤵
- Executes dropped EXE
-
\??\c:\jdvjp.exec:\jdvjp.exe29⤵
- Executes dropped EXE
-
\??\c:\hthttt.exec:\hthttt.exe30⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe31⤵
- Executes dropped EXE
-
\??\c:\pjvpj.exec:\pjvpj.exe32⤵
- Executes dropped EXE
-
\??\c:\fxfxrrl.exec:\fxfxrrl.exe33⤵
- Executes dropped EXE
-
\??\c:\vjvpd.exec:\vjvpd.exe34⤵
- Executes dropped EXE
-
\??\c:\nttnnh.exec:\nttnnh.exe35⤵
- Executes dropped EXE
-
\??\c:\7rxxrxr.exec:\7rxxrxr.exe36⤵
- Executes dropped EXE
-
\??\c:\3hhhnn.exec:\3hhhnn.exe37⤵
- Executes dropped EXE
-
\??\c:\xfxxxxx.exec:\xfxxxxx.exe38⤵
- Executes dropped EXE
-
\??\c:\hbnnhh.exec:\hbnnhh.exe39⤵
- Executes dropped EXE
-
\??\c:\lrxlxrl.exec:\lrxlxrl.exe40⤵
- Executes dropped EXE
-
\??\c:\pjddj.exec:\pjddj.exe41⤵
- Executes dropped EXE
-
\??\c:\bhnhhb.exec:\bhnhhb.exe42⤵
- Executes dropped EXE
-
\??\c:\9pjdv.exec:\9pjdv.exe43⤵
- Executes dropped EXE
-
\??\c:\bbhttt.exec:\bbhttt.exe44⤵
- Executes dropped EXE
-
\??\c:\rfffxrr.exec:\rfffxrr.exe45⤵
- Executes dropped EXE
-
\??\c:\dvpvp.exec:\dvpvp.exe46⤵
- Executes dropped EXE
-
\??\c:\rxxllfl.exec:\rxxllfl.exe47⤵
- Executes dropped EXE
-
\??\c:\5hhhbb.exec:\5hhhbb.exe48⤵
- Executes dropped EXE
-
\??\c:\lrfrlll.exec:\lrfrlll.exe49⤵
- Executes dropped EXE
-
\??\c:\9ntnhh.exec:\9ntnhh.exe50⤵
- Executes dropped EXE
-
\??\c:\flrxlrr.exec:\flrxlrr.exe51⤵
- Executes dropped EXE
-
\??\c:\bbhhnn.exec:\bbhhnn.exe52⤵
- Executes dropped EXE
-
\??\c:\xxrrllf.exec:\xxrrllf.exe53⤵
- Executes dropped EXE
-
\??\c:\pddvj.exec:\pddvj.exe54⤵
- Executes dropped EXE
-
\??\c:\xxlfxxx.exec:\xxlfxxx.exe55⤵
- Executes dropped EXE
-
\??\c:\7jvdv.exec:\7jvdv.exe56⤵
- Executes dropped EXE
-
\??\c:\tbbnht.exec:\tbbnht.exe57⤵
- Executes dropped EXE
-
\??\c:\xllfffx.exec:\xllfffx.exe58⤵
- Executes dropped EXE
-
\??\c:\thhhhb.exec:\thhhhb.exe59⤵
- Executes dropped EXE
-
\??\c:\5rfrllf.exec:\5rfrllf.exe60⤵
- Executes dropped EXE
-
\??\c:\btbtnh.exec:\btbtnh.exe61⤵
- Executes dropped EXE
-
\??\c:\9vjjp.exec:\9vjjp.exe62⤵
- Executes dropped EXE
-
\??\c:\9nnhhn.exec:\9nnhhn.exe63⤵
- Executes dropped EXE
-
\??\c:\jvvdv.exec:\jvvdv.exe64⤵
- Executes dropped EXE
-
\??\c:\9btbht.exec:\9btbht.exe65⤵
- Executes dropped EXE
-
\??\c:\fxfllrf.exec:\fxfllrf.exe66⤵
-
\??\c:\5bhhbt.exec:\5bhhbt.exe67⤵
-
\??\c:\vpddv.exec:\vpddv.exe68⤵
-
\??\c:\9hhbbn.exec:\9hhbbn.exe69⤵
-
\??\c:\lxxffff.exec:\lxxffff.exe70⤵
-
\??\c:\thtnnn.exec:\thtnnn.exe71⤵
-
\??\c:\xrlffxx.exec:\xrlffxx.exe72⤵
-
\??\c:\xfxxlll.exec:\xfxxlll.exe73⤵
-
\??\c:\jdppp.exec:\jdppp.exe74⤵
-
\??\c:\fxlrxxl.exec:\fxlrxxl.exe75⤵
-
\??\c:\ttbbnn.exec:\ttbbnn.exe76⤵
-
\??\c:\vpddv.exec:\vpddv.exe77⤵
-
\??\c:\fxfxxxx.exec:\fxfxxxx.exe78⤵
-
\??\c:\vvjvv.exec:\vvjvv.exe79⤵
-
\??\c:\5hhhtb.exec:\5hhhtb.exe80⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe81⤵
-
\??\c:\nhhbhb.exec:\nhhbhb.exe82⤵
-
\??\c:\pvpjd.exec:\pvpjd.exe83⤵
-
\??\c:\bhttbh.exec:\bhttbh.exe84⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe85⤵
-
\??\c:\llxfxxr.exec:\llxfxxr.exe86⤵
-
\??\c:\hhhbbb.exec:\hhhbbb.exe87⤵
-
\??\c:\llfxflf.exec:\llfxflf.exe88⤵
-
\??\c:\htttnn.exec:\htttnn.exe89⤵
-
\??\c:\frffxxr.exec:\frffxxr.exe90⤵
-
\??\c:\hhbttt.exec:\hhbttt.exe91⤵
-
\??\c:\pvdvv.exec:\pvdvv.exe92⤵
-
\??\c:\9bbnhn.exec:\9bbnhn.exe93⤵
-
\??\c:\jvddp.exec:\jvddp.exe94⤵
-
\??\c:\bnbbbh.exec:\bnbbbh.exe95⤵
-
\??\c:\dvppd.exec:\dvppd.exe96⤵
-
\??\c:\nhnhbt.exec:\nhnhbt.exe97⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe98⤵
-
\??\c:\hbbbhh.exec:\hbbbhh.exe99⤵
-
\??\c:\3rxrrrl.exec:\3rxrrrl.exe100⤵
-
\??\c:\tnbbnn.exec:\tnbbnn.exe101⤵
-
\??\c:\jdddj.exec:\jdddj.exe102⤵
-
\??\c:\nhtntt.exec:\nhtntt.exe103⤵
-
\??\c:\3frrxxl.exec:\3frrxxl.exe104⤵
-
\??\c:\nntbtt.exec:\nntbtt.exe105⤵
-
\??\c:\rllfffx.exec:\rllfffx.exe106⤵
-
\??\c:\bbhhhh.exec:\bbhhhh.exe107⤵
-
\??\c:\jddjd.exec:\jddjd.exe108⤵
-
\??\c:\5hnnhb.exec:\5hnnhb.exe109⤵
-
\??\c:\jdvjd.exec:\jdvjd.exe110⤵
-
\??\c:\xrrllll.exec:\xrrllll.exe111⤵
-
\??\c:\nntnhn.exec:\nntnhn.exe112⤵
-
\??\c:\rrlxrll.exec:\rrlxrll.exe113⤵
-
\??\c:\llrlrrx.exec:\llrlrrx.exe114⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe115⤵
-
\??\c:\5xlfllf.exec:\5xlfllf.exe116⤵
-
\??\c:\nnhtnh.exec:\nnhtnh.exe117⤵
-
\??\c:\rlllfxl.exec:\rlllfxl.exe118⤵
-
\??\c:\rfrfxff.exec:\rfrfxff.exe119⤵
-
\??\c:\vvvvp.exec:\vvvvp.exe120⤵
-
\??\c:\rlrrlll.exec:\rlrrlll.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-