Analysis
-
max time kernel
101s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
11-03-2024 19:33
General
-
Target
1c43ce2b500d11f516b91cdaf2eedbc63cea54b8562fbbf2e85c70193f2abe29.exe
-
Size
840KB
-
MD5
da8b6593a85f9eb5a27bd934779f57fa
-
SHA1
822ca656db3e0da30bbc868e52a6a352fc14d7cb
-
SHA256
1c43ce2b500d11f516b91cdaf2eedbc63cea54b8562fbbf2e85c70193f2abe29
-
SHA512
4259e9c31ac44581e2c4b2a156331ac30085d3289d066ac4ab86950e8d51e6c4692220acee9a3bac540e79e4e05fac7666543b27f0c32107edabdb7fa1fe084a
-
SSDEEP
24576:Sgdn8whSenedn8whhdn76gdn8whSfgdn8whSzS:TFyVPfd
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 46 IoCs
-
UPX dump on OEP (original entry point) 54 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 53 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1c43ce2b500d11f516b91cdaf2eedbc63cea54b8562fbbf2e85c70193f2abe29.exe"C:\Users\Admin\AppData\Local\Temp\1c43ce2b500d11f516b91cdaf2eedbc63cea54b8562fbbf2e85c70193f2abe29.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\frxllll.exec:\frxllll.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxlffx.exec:\xxxlffx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfxxx.exec:\lflfxxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvpd.exec:\vvvpd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjj.exec:\vppjj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbtnn.exec:\btbtnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlfxxr.exec:\rrlfxxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dvjd.exec:\7dvjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbtnbn.exec:\tbtnbn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnbtn.exec:\ttnbtn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjvj.exec:\vvjvj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnbnn.exec:\hnnbnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllxrrf.exec:\xllxrrf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhhbb.exec:\tbhhbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bbthb.exec:\7bbthb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ffxrlf.exec:\5ffxrlf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllfxrf.exec:\lllfxrf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbnhh.exec:\nhbnhh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbtt.exec:\bbtbtt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffrrrl.exec:\fffrrrl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjdd.exec:\vdjdd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llffxxr.exec:\llffxxr.exe23⤵
- Executes dropped EXE
-
\??\c:\vjjjv.exec:\vjjjv.exe24⤵
- Executes dropped EXE
-
\??\c:\btnhbb.exec:\btnhbb.exe25⤵
- Executes dropped EXE
-
\??\c:\vvvdd.exec:\vvvdd.exe26⤵
- Executes dropped EXE
-
\??\c:\xrfxfff.exec:\xrfxfff.exe27⤵
- Executes dropped EXE
-
\??\c:\3xxrlfx.exec:\3xxrlfx.exe28⤵
- Executes dropped EXE
-
\??\c:\rfrxxrr.exec:\rfrxxrr.exe29⤵
- Executes dropped EXE
-
\??\c:\5pppj.exec:\5pppj.exe30⤵
- Executes dropped EXE
-
\??\c:\3thbbh.exec:\3thbbh.exe31⤵
- Executes dropped EXE
-
\??\c:\rrffffx.exec:\rrffffx.exe32⤵
- Executes dropped EXE
-
\??\c:\rrlxrfx.exec:\rrlxrfx.exe33⤵
- Executes dropped EXE
-
\??\c:\jjdvp.exec:\jjdvp.exe34⤵
- Executes dropped EXE
-
\??\c:\5fxfxrr.exec:\5fxfxrr.exe35⤵
- Executes dropped EXE
-
\??\c:\9vjdp.exec:\9vjdp.exe36⤵
- Executes dropped EXE
-
\??\c:\tnnbnh.exec:\tnnbnh.exe37⤵
- Executes dropped EXE
-
\??\c:\7hhtnh.exec:\7hhtnh.exe38⤵
- Executes dropped EXE
-
\??\c:\pvvpp.exec:\pvvpp.exe39⤵
- Executes dropped EXE
-
\??\c:\hhbnhh.exec:\hhbnhh.exe40⤵
- Executes dropped EXE
-
\??\c:\lfxrxxr.exec:\lfxrxxr.exe41⤵
- Executes dropped EXE
-
\??\c:\nthbtn.exec:\nthbtn.exe42⤵
- Executes dropped EXE
-
\??\c:\flrxrlf.exec:\flrxrlf.exe43⤵
- Executes dropped EXE
-
\??\c:\xrxrffx.exec:\xrxrffx.exe44⤵
- Executes dropped EXE
-
\??\c:\vvvpj.exec:\vvvpj.exe45⤵
- Executes dropped EXE
-
\??\c:\rflxrll.exec:\rflxrll.exe46⤵
- Executes dropped EXE
-
\??\c:\pjdvp.exec:\pjdvp.exe47⤵
- Executes dropped EXE
-
\??\c:\3thbtn.exec:\3thbtn.exe48⤵
- Executes dropped EXE
-
\??\c:\pjdvd.exec:\pjdvd.exe49⤵
- Executes dropped EXE
-
\??\c:\9xfrllx.exec:\9xfrllx.exe50⤵
- Executes dropped EXE
-
\??\c:\jjddv.exec:\jjddv.exe51⤵
- Executes dropped EXE
-
\??\c:\ttnbtn.exec:\ttnbtn.exe52⤵
- Executes dropped EXE
-
\??\c:\jjvvv.exec:\jjvvv.exe53⤵
- Executes dropped EXE
-
\??\c:\hbtnnt.exec:\hbtnnt.exe54⤵
- Executes dropped EXE
-
\??\c:\xfxrlll.exec:\xfxrlll.exe55⤵
- Executes dropped EXE
-
\??\c:\ddvpj.exec:\ddvpj.exe56⤵
- Executes dropped EXE
-
\??\c:\xfrxrrr.exec:\xfrxrrr.exe57⤵
- Executes dropped EXE
-
\??\c:\vdvpj.exec:\vdvpj.exe58⤵
- Executes dropped EXE
-
\??\c:\llxrfxr.exec:\llxrfxr.exe59⤵
- Executes dropped EXE
-
\??\c:\bbbnhb.exec:\bbbnhb.exe60⤵
- Executes dropped EXE
-
\??\c:\lffxxrx.exec:\lffxxrx.exe61⤵
- Executes dropped EXE
-
\??\c:\dddvj.exec:\dddvj.exe62⤵
- Executes dropped EXE
-
\??\c:\9rlfxxx.exec:\9rlfxxx.exe63⤵
-
\??\c:\ttnhtn.exec:\ttnhtn.exe64⤵
- Executes dropped EXE
-
\??\c:\xrlfrlf.exec:\xrlfrlf.exe65⤵
- Executes dropped EXE
-
\??\c:\jjjdp.exec:\jjjdp.exe66⤵
- Executes dropped EXE
-
\??\c:\9bhbtt.exec:\9bhbtt.exe67⤵
-
\??\c:\7vjdd.exec:\7vjdd.exe68⤵
-
\??\c:\tbthbt.exec:\tbthbt.exe69⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe70⤵
-
\??\c:\ffrlrlr.exec:\ffrlrlr.exe71⤵
-
\??\c:\hhbtnn.exec:\hhbtnn.exe72⤵
-
\??\c:\rlfxxrl.exec:\rlfxxrl.exe73⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe74⤵
-
\??\c:\lflffxf.exec:\lflffxf.exe75⤵
-
\??\c:\pvpjv.exec:\pvpjv.exe76⤵
-
\??\c:\bbhtnt.exec:\bbhtnt.exe77⤵
-
\??\c:\xffrlfx.exec:\xffrlfx.exe78⤵
-
\??\c:\7vvdd.exec:\7vvdd.exe79⤵
-
\??\c:\rrllxrr.exec:\rrllxrr.exe80⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe81⤵
-
\??\c:\nbthbt.exec:\nbthbt.exe82⤵
-
\??\c:\rllrlfx.exec:\rllrlfx.exe83⤵
-
\??\c:\5tnbnn.exec:\5tnbnn.exe84⤵
-
\??\c:\fxlflff.exec:\fxlflff.exe85⤵
-
\??\c:\tbtnbt.exec:\tbtnbt.exe86⤵
-
\??\c:\pjjpj.exec:\pjjpj.exe87⤵
-
\??\c:\1tthtt.exec:\1tthtt.exe88⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe89⤵
-
\??\c:\5bthnn.exec:\5bthnn.exe90⤵
-
\??\c:\rflrfxf.exec:\rflrfxf.exe91⤵
-
\??\c:\tnhbnt.exec:\tnhbnt.exe92⤵
-
\??\c:\vvddd.exec:\vvddd.exe93⤵
-
\??\c:\djjvp.exec:\djjvp.exe94⤵
-
\??\c:\5tbtnn.exec:\5tbtnn.exe95⤵
-
\??\c:\xffxrlf.exec:\xffxrlf.exe96⤵
-
\??\c:\hbtnhb.exec:\hbtnhb.exe97⤵
-
\??\c:\frllffx.exec:\frllffx.exe98⤵
-
\??\c:\7vjdp.exec:\7vjdp.exe99⤵
-
\??\c:\3bttnh.exec:\3bttnh.exe100⤵
-
\??\c:\jvdpv.exec:\jvdpv.exe101⤵
-
\??\c:\xxrfxxr.exec:\xxrfxxr.exe102⤵
-
\??\c:\dvdjj.exec:\dvdjj.exe103⤵
-
\??\c:\3tnhbb.exec:\3tnhbb.exe104⤵
-
\??\c:\rlfxxfr.exec:\rlfxxfr.exe105⤵
-
\??\c:\ddvpp.exec:\ddvpp.exe106⤵
-
\??\c:\hhtnnh.exec:\hhtnnh.exe107⤵
-
\??\c:\3vvpj.exec:\3vvpj.exe108⤵
-
\??\c:\nhnhhh.exec:\nhnhhh.exe109⤵
-
\??\c:\3fflxxl.exec:\3fflxxl.exe110⤵
-
\??\c:\hhtnnh.exec:\hhtnnh.exe111⤵
-
\??\c:\ddjvv.exec:\ddjvv.exe112⤵
-
\??\c:\bnhthb.exec:\bnhthb.exe113⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe114⤵
-
\??\c:\9hbnhb.exec:\9hbnhb.exe115⤵
-
\??\c:\xrllffl.exec:\xrllffl.exe116⤵
-
\??\c:\pdpdv.exec:\pdpdv.exe117⤵
-
\??\c:\7bbnhh.exec:\7bbnhh.exe118⤵
-
\??\c:\pdvjv.exec:\pdvjv.exe119⤵
-
\??\c:\tbbttn.exec:\tbbttn.exe120⤵
-
\??\c:\3frfrrf.exec:\3frfrrf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-