Analysis
-
max time kernel
150s -
max time network
163s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
10/03/2024, 09:24
General
-
Target
be3fa30814c5289abd88b6d3140a2481.exe
-
Size
100KB
-
MD5
be3fa30814c5289abd88b6d3140a2481
-
SHA1
73e63a7239f05bb31851de294b5b5ba3f8f7ae4d
-
SHA256
4735f54831ec05adfbea1c997d2a2abb39ea9daf8eeab6e82a49d1241d7ba1fe
-
SHA512
41b06cc2d336bb91955487ec71d2ff3f1c88396c4a5143b24b44e6b868468a19ece5d21e3d067f4059b83f73ceb93f6b483bd2085133149997bccb17e6f8fba7
-
SSDEEP
1536:9vQBeOGtrYS3srx93UBWfwC6Ggnouy8PbhnyLFbUZJjw5Ivov1d3ZdpQm6:9hOmTsF93UYfwC6GIoutz5yLpRDN6
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 63 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\be3fa30814c5289abd88b6d3140a2481.exe"C:\Users\Admin\AppData\Local\Temp\be3fa30814c5289abd88b6d3140a2481.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\i60j3n.exec:\i60j3n.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qjor1ox.exec:\qjor1ox.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q22f63.exec:\q22f63.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3x927.exec:\3x927.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hi8elt.exec:\hi8elt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\874jh.exec:\874jh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbw82.exec:\tbw82.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\f1m2anr.exec:\f1m2anr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dm44d.exec:\dm44d.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9018h2.exec:\9018h2.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q62v26.exec:\q62v26.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\o0453.exec:\o0453.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m8wrb6.exec:\m8wrb6.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6xehns.exec:\6xehns.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\r7c5f.exec:\r7c5f.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffdfok.exec:\ffdfok.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3kca6h.exec:\3kca6h.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\t6fs6.exec:\t6fs6.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ed2n1.exec:\3ed2n1.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\548h6f3.exec:\548h6f3.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xg946h.exec:\xg946h.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0620n7l.exec:\0620n7l.exe23⤵
- Executes dropped EXE
-
\??\c:\ogj43ve.exec:\ogj43ve.exe24⤵
- Executes dropped EXE
-
\??\c:\0pci37.exec:\0pci37.exe25⤵
- Executes dropped EXE
-
\??\c:\g8i9n9.exec:\g8i9n9.exe26⤵
- Executes dropped EXE
-
\??\c:\qi9x0p8.exec:\qi9x0p8.exe27⤵
- Executes dropped EXE
-
\??\c:\c9oe8h1.exec:\c9oe8h1.exe28⤵
- Executes dropped EXE
-
\??\c:\32874r.exec:\32874r.exe29⤵
- Executes dropped EXE
-
\??\c:\5ltmx20.exec:\5ltmx20.exe30⤵
- Executes dropped EXE
-
\??\c:\8tv927x.exec:\8tv927x.exe31⤵
- Executes dropped EXE
-
\??\c:\5iri63.exec:\5iri63.exe32⤵
- Executes dropped EXE
-
\??\c:\0op7b.exec:\0op7b.exe33⤵
- Executes dropped EXE
-
\??\c:\0kb4ion.exec:\0kb4ion.exe34⤵
- Executes dropped EXE
-
\??\c:\1q55494.exec:\1q55494.exe35⤵
- Executes dropped EXE
-
\??\c:\49k3b7.exec:\49k3b7.exe36⤵
- Executes dropped EXE
-
\??\c:\97dg178.exec:\97dg178.exe37⤵
- Executes dropped EXE
-
\??\c:\7w0a9.exec:\7w0a9.exe38⤵
- Executes dropped EXE
-
\??\c:\o6n30k.exec:\o6n30k.exe39⤵
- Executes dropped EXE
-
\??\c:\phmptj.exec:\phmptj.exe40⤵
- Executes dropped EXE
-
\??\c:\6w0068.exec:\6w0068.exe41⤵
- Executes dropped EXE
-
\??\c:\691tfv.exec:\691tfv.exe42⤵
- Executes dropped EXE
-
\??\c:\676b44x.exec:\676b44x.exe43⤵
- Executes dropped EXE
-
\??\c:\655b7t3.exec:\655b7t3.exe44⤵
- Executes dropped EXE
-
\??\c:\ir370.exec:\ir370.exe45⤵
- Executes dropped EXE
-
\??\c:\7br22vv.exec:\7br22vv.exe46⤵
- Executes dropped EXE
-
\??\c:\k3iok.exec:\k3iok.exe47⤵
- Executes dropped EXE
-
\??\c:\47381.exec:\47381.exe48⤵
- Executes dropped EXE
-
\??\c:\6f9g78.exec:\6f9g78.exe49⤵
- Executes dropped EXE
-
\??\c:\q8n7t.exec:\q8n7t.exe50⤵
- Executes dropped EXE
-
\??\c:\24869n.exec:\24869n.exe51⤵
- Executes dropped EXE
-
\??\c:\300u647.exec:\300u647.exe52⤵
- Executes dropped EXE
-
\??\c:\977g3.exec:\977g3.exe53⤵
- Executes dropped EXE
-
\??\c:\1xxob0.exec:\1xxob0.exe54⤵
- Executes dropped EXE
-
\??\c:\58fj0.exec:\58fj0.exe55⤵
- Executes dropped EXE
-
\??\c:\02c24.exec:\02c24.exe56⤵
- Executes dropped EXE
-
\??\c:\4f6nj13.exec:\4f6nj13.exe57⤵
- Executes dropped EXE
-
\??\c:\c4gtl.exec:\c4gtl.exe58⤵
- Executes dropped EXE
-
\??\c:\74tr842.exec:\74tr842.exe59⤵
- Executes dropped EXE
-
\??\c:\gexs20h.exec:\gexs20h.exe60⤵
- Executes dropped EXE
-
\??\c:\8kp6ig8.exec:\8kp6ig8.exe61⤵
- Executes dropped EXE
-
\??\c:\70oge.exec:\70oge.exe62⤵
- Executes dropped EXE
-
\??\c:\x6f6mb.exec:\x6f6mb.exe63⤵
- Executes dropped EXE
-
\??\c:\l4wqisk.exec:\l4wqisk.exe64⤵
- Executes dropped EXE
-
\??\c:\46039v.exec:\46039v.exe65⤵
- Executes dropped EXE
-
\??\c:\2331f.exec:\2331f.exe66⤵
-
\??\c:\f8j1exd.exec:\f8j1exd.exe67⤵
-
\??\c:\786so1p.exec:\786so1p.exe68⤵
-
\??\c:\q0pd0.exec:\q0pd0.exe69⤵
-
\??\c:\ox3n207.exec:\ox3n207.exe70⤵
-
\??\c:\3202l4t.exec:\3202l4t.exe71⤵
-
\??\c:\35wo66.exec:\35wo66.exe72⤵
-
\??\c:\we0jpb4.exec:\we0jpb4.exe73⤵
-
\??\c:\kih99d5.exec:\kih99d5.exe74⤵
-
\??\c:\vo9e0c.exec:\vo9e0c.exe75⤵
-
\??\c:\no4iwf.exec:\no4iwf.exe76⤵
-
\??\c:\u4uegsn.exec:\u4uegsn.exe77⤵
-
\??\c:\0443xj9.exec:\0443xj9.exe78⤵
-
\??\c:\l47krn.exec:\l47krn.exe79⤵
-
\??\c:\9mth3c.exec:\9mth3c.exe80⤵
-
\??\c:\45afwn.exec:\45afwn.exe81⤵
-
\??\c:\w1w4wd.exec:\w1w4wd.exe82⤵
-
\??\c:\u059d9.exec:\u059d9.exe83⤵
-
\??\c:\jpv67l6.exec:\jpv67l6.exe84⤵
-
\??\c:\m621v2e.exec:\m621v2e.exe85⤵
-
\??\c:\u92k2.exec:\u92k2.exe86⤵
-
\??\c:\s83t0.exec:\s83t0.exe87⤵
-
\??\c:\ogme628.exec:\ogme628.exe88⤵
-
\??\c:\ujxsegh.exec:\ujxsegh.exe89⤵
-
\??\c:\ai6dv6f.exec:\ai6dv6f.exe90⤵
-
\??\c:\8pq6e.exec:\8pq6e.exe91⤵
-
\??\c:\q867vd.exec:\q867vd.exe92⤵
-
\??\c:\0762i.exec:\0762i.exe93⤵
-
\??\c:\k6dj2.exec:\k6dj2.exe94⤵
-
\??\c:\kfhss2.exec:\kfhss2.exe95⤵
-
\??\c:\9v90p75.exec:\9v90p75.exe96⤵
-
\??\c:\m285vip.exec:\m285vip.exe97⤵
-
\??\c:\sgu8c8.exec:\sgu8c8.exe98⤵
-
\??\c:\h7ntcw.exec:\h7ntcw.exe99⤵
-
\??\c:\934x6.exec:\934x6.exe100⤵
-
\??\c:\36hcdc8.exec:\36hcdc8.exe101⤵
-
\??\c:\7m82b8x.exec:\7m82b8x.exe102⤵
-
\??\c:\as2jsf8.exec:\as2jsf8.exe103⤵
-
\??\c:\pr77d.exec:\pr77d.exe104⤵
-
\??\c:\b856h48.exec:\b856h48.exe105⤵
-
\??\c:\2u0t45.exec:\2u0t45.exe106⤵
-
\??\c:\8eveuln.exec:\8eveuln.exe107⤵
-
\??\c:\q52d88.exec:\q52d88.exe108⤵
-
\??\c:\1bv2ovr.exec:\1bv2ovr.exe109⤵
-
\??\c:\455b3q.exec:\455b3q.exe110⤵
-
\??\c:\i8gf8.exec:\i8gf8.exe111⤵
-
\??\c:\qnwk6fd.exec:\qnwk6fd.exe112⤵
-
\??\c:\v6028f3.exec:\v6028f3.exe113⤵
-
\??\c:\006pju.exec:\006pju.exe114⤵
-
\??\c:\6rvjh82.exec:\6rvjh82.exe115⤵
-
\??\c:\c04710.exec:\c04710.exe116⤵
-
\??\c:\8x46n.exec:\8x46n.exe117⤵
-
\??\c:\jp76t.exec:\jp76t.exe118⤵
-
\??\c:\7l97jd.exec:\7l97jd.exe119⤵
-
\??\c:\cul1lt0.exec:\cul1lt0.exe120⤵
-
\??\c:\ga4lbd.exec:\ga4lbd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-