Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
15/03/2024, 20:36
General
-
Target
67f6adeed498f5fe593dfb698e845ce59eff80eb9b56c17bb0142b7323f74935.exe
-
Size
384KB
-
MD5
465468cab67f5663bbf202cbf415490b
-
SHA1
2d63740153e79d31380f847db0471f3ebfd8e4a5
-
SHA256
67f6adeed498f5fe593dfb698e845ce59eff80eb9b56c17bb0142b7323f74935
-
SHA512
83694d7f3e3d39aeb25d20540fdb02bfce8b6d155f5e2c69010511d48755271cc1886f6b50af99f7d75e7cb2c9805c7bd7b80777740e550318fbe7e45aaf64ee
-
SSDEEP
6144:n3C9BRIG0asYFm71mPfkVB8dKwaO5CVwOc:n3C9uYA7okVqdKwaO5CVQ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
UPX dump on OEP (original entry point) 52 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 52 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\67f6adeed498f5fe593dfb698e845ce59eff80eb9b56c17bb0142b7323f74935.exe"C:\Users\Admin\AppData\Local\Temp\67f6adeed498f5fe593dfb698e845ce59eff80eb9b56c17bb0142b7323f74935.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ptfllx.exec:\ptfllx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrpbj.exec:\lrpbj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dllbrl.exec:\dllbrl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ldntt.exec:\ldntt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrplf.exec:\lrplf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vrhblv.exec:\vrhblv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdbtftl.exec:\pdbtftl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xvdbtlv.exec:\xvdbtlv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ltrhpt.exec:\ltrhpt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pphvnl.exec:\pphvnl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpvfh.exec:\pjpvfh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjrjh.exec:\vjrjh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dlxnpl.exec:\dlxnpl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\phbvrbp.exec:\phbvrbp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dttjl.exec:\dttjl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\txfjlln.exec:\txfjlln.exe17⤵
- Executes dropped EXE
-
\??\c:\jthrhdt.exec:\jthrhdt.exe18⤵
- Executes dropped EXE
-
\??\c:\vrdlbb.exec:\vrdlbb.exe19⤵
- Executes dropped EXE
-
\??\c:\hdhxhb.exec:\hdhxhb.exe20⤵
- Executes dropped EXE
-
\??\c:\xjvbbtp.exec:\xjvbbtp.exe21⤵
- Executes dropped EXE
-
\??\c:\fvftnr.exec:\fvftnr.exe22⤵
- Executes dropped EXE
-
\??\c:\prdrvb.exec:\prdrvb.exe23⤵
- Executes dropped EXE
-
\??\c:\vxhptlp.exec:\vxhptlp.exe24⤵
- Executes dropped EXE
-
\??\c:\nlbld.exec:\nlbld.exe25⤵
- Executes dropped EXE
-
\??\c:\xfxrhn.exec:\xfxrhn.exe26⤵
- Executes dropped EXE
-
\??\c:\ftdhljx.exec:\ftdhljx.exe27⤵
- Executes dropped EXE
-
\??\c:\ltvvhn.exec:\ltvvhn.exe28⤵
- Executes dropped EXE
-
\??\c:\tvtlfh.exec:\tvtlfh.exe29⤵
- Executes dropped EXE
-
\??\c:\vnhltjp.exec:\vnhltjp.exe30⤵
- Executes dropped EXE
-
\??\c:\dnntr.exec:\dnntr.exe31⤵
- Executes dropped EXE
-
\??\c:\dltjt.exec:\dltjt.exe32⤵
- Executes dropped EXE
-
\??\c:\xvjhdbl.exec:\xvjhdbl.exe33⤵
- Executes dropped EXE
-
\??\c:\ddvrp.exec:\ddvrp.exe34⤵
- Executes dropped EXE
-
\??\c:\nthxnhx.exec:\nthxnhx.exe35⤵
- Executes dropped EXE
-
\??\c:\brvbp.exec:\brvbp.exe36⤵
- Executes dropped EXE
-
\??\c:\fnjjhrp.exec:\fnjjhrp.exe37⤵
- Executes dropped EXE
-
\??\c:\ljpxpx.exec:\ljpxpx.exe38⤵
- Executes dropped EXE
-
\??\c:\jxhtt.exec:\jxhtt.exe39⤵
- Executes dropped EXE
-
\??\c:\jvbntxt.exec:\jvbntxt.exe40⤵
- Executes dropped EXE
-
\??\c:\nhtnpx.exec:\nhtnpx.exe41⤵
- Executes dropped EXE
-
\??\c:\tlhtthr.exec:\tlhtthr.exe42⤵
- Executes dropped EXE
-
\??\c:\nfldb.exec:\nfldb.exe43⤵
- Executes dropped EXE
-
\??\c:\vhtxnt.exec:\vhtxnt.exe44⤵
- Executes dropped EXE
-
\??\c:\vvlvrx.exec:\vvlvrx.exe45⤵
- Executes dropped EXE
-
\??\c:\jdddj.exec:\jdddj.exe46⤵
- Executes dropped EXE
-
\??\c:\pfrxtn.exec:\pfrxtn.exe47⤵
- Executes dropped EXE
-
\??\c:\xvxlfpd.exec:\xvxlfpd.exe48⤵
- Executes dropped EXE
-
\??\c:\jtfbnb.exec:\jtfbnb.exe49⤵
- Executes dropped EXE
-
\??\c:\tvxjjd.exec:\tvxjjd.exe50⤵
- Executes dropped EXE
-
\??\c:\tdprhn.exec:\tdprhn.exe51⤵
- Executes dropped EXE
-
\??\c:\lxpxdl.exec:\lxpxdl.exe52⤵
- Executes dropped EXE
-
\??\c:\drbhhvv.exec:\drbhhvv.exe53⤵
- Executes dropped EXE
-
\??\c:\dplnr.exec:\dplnr.exe54⤵
- Executes dropped EXE
-
\??\c:\pttxx.exec:\pttxx.exe55⤵
- Executes dropped EXE
-
\??\c:\hrfpjh.exec:\hrfpjh.exe56⤵
- Executes dropped EXE
-
\??\c:\lhtjfn.exec:\lhtjfn.exe57⤵
- Executes dropped EXE
-
\??\c:\pvrdl.exec:\pvrdl.exe58⤵
- Executes dropped EXE
-
\??\c:\pvjfr.exec:\pvjfr.exe59⤵
- Executes dropped EXE
-
\??\c:\ntpxtnt.exec:\ntpxtnt.exe60⤵
- Executes dropped EXE
-
\??\c:\htvvlj.exec:\htvvlj.exe61⤵
- Executes dropped EXE
-
\??\c:\ptdxxpf.exec:\ptdxxpf.exe62⤵
- Executes dropped EXE
-
\??\c:\tjfbt.exec:\tjfbt.exe63⤵
- Executes dropped EXE
-
\??\c:\xfjjl.exec:\xfjjl.exe64⤵
- Executes dropped EXE
-
\??\c:\jnrntd.exec:\jnrntd.exe65⤵
- Executes dropped EXE
-
\??\c:\nhbhth.exec:\nhbhth.exe66⤵
-
\??\c:\frfnj.exec:\frfnj.exe67⤵
-
\??\c:\hjprhfd.exec:\hjprhfd.exe68⤵
-
\??\c:\dfdxhd.exec:\dfdxhd.exe69⤵
-
\??\c:\tdxrdbp.exec:\tdxrdbp.exe70⤵
-
\??\c:\vhdvv.exec:\vhdvv.exe71⤵
-
\??\c:\pbnxx.exec:\pbnxx.exe72⤵
-
\??\c:\dlvrj.exec:\dlvrj.exe73⤵
-
\??\c:\lndbrb.exec:\lndbrb.exe74⤵
-
\??\c:\fhbtf.exec:\fhbtf.exe75⤵
-
\??\c:\phhhhv.exec:\phhhhv.exe76⤵
-
\??\c:\xrbtxx.exec:\xrbtxx.exe77⤵
-
\??\c:\rdvnt.exec:\rdvnt.exe78⤵
-
\??\c:\hvdtn.exec:\hvdtn.exe79⤵
-
\??\c:\xpbtlt.exec:\xpbtlt.exe80⤵
-
\??\c:\pbfnbf.exec:\pbfnbf.exe81⤵
-
\??\c:\htndvjh.exec:\htndvjh.exe82⤵
-
\??\c:\rhnbhrt.exec:\rhnbhrt.exe83⤵
-
\??\c:\nrlxjbp.exec:\nrlxjbp.exe84⤵
-
\??\c:\xvdnf.exec:\xvdnf.exe85⤵
-
\??\c:\dlvldr.exec:\dlvldr.exe86⤵
-
\??\c:\djhhnl.exec:\djhhnl.exe87⤵
-
\??\c:\pdnvln.exec:\pdnvln.exe88⤵
-
\??\c:\lfvbv.exec:\lfvbv.exe89⤵
-
\??\c:\bjlbnjd.exec:\bjlbnjd.exe90⤵
-
\??\c:\xjtvt.exec:\xjtvt.exe91⤵
-
\??\c:\tptrp.exec:\tptrp.exe92⤵
-
\??\c:\jnvpnnr.exec:\jnvpnnr.exe93⤵
-
\??\c:\dfjbl.exec:\dfjbl.exe94⤵
-
\??\c:\fllxb.exec:\fllxb.exe95⤵
-
\??\c:\rbjrt.exec:\rbjrt.exe96⤵
-
\??\c:\vlrfb.exec:\vlrfb.exe97⤵
-
\??\c:\hldhrxb.exec:\hldhrxb.exe98⤵
-
\??\c:\lvpvddd.exec:\lvpvddd.exe99⤵
-
\??\c:\pbvnt.exec:\pbvnt.exe100⤵
-
\??\c:\dbrfll.exec:\dbrfll.exe101⤵
-
\??\c:\txhxldx.exec:\txhxldx.exe102⤵
-
\??\c:\dhtjlnp.exec:\dhtjlnp.exe103⤵
-
\??\c:\htfpxf.exec:\htfpxf.exe104⤵
-
\??\c:\jxjbrb.exec:\jxjbrb.exe105⤵
-
\??\c:\vbpjj.exec:\vbpjj.exe106⤵
-
\??\c:\prlxnpf.exec:\prlxnpf.exe107⤵
-
\??\c:\prvpdr.exec:\prvpdr.exe108⤵
-
\??\c:\xvtjppx.exec:\xvtjppx.exe109⤵
-
\??\c:\vbbxtx.exec:\vbbxtx.exe110⤵
-
\??\c:\jfdddh.exec:\jfdddh.exe111⤵
-
\??\c:\tvttndd.exec:\tvttndd.exe112⤵
-
\??\c:\ntpxjd.exec:\ntpxjd.exe113⤵
-
\??\c:\phvrd.exec:\phvrd.exe114⤵
-
\??\c:\lxllrrv.exec:\lxllrrv.exe115⤵
-
\??\c:\fvjvp.exec:\fvjvp.exe116⤵
-
\??\c:\xvljn.exec:\xvljn.exe117⤵
-
\??\c:\ljxvlh.exec:\ljxvlh.exe118⤵
-
\??\c:\tbxhh.exec:\tbxhh.exe119⤵
-
\??\c:\nxppv.exec:\nxppv.exe120⤵
-
\??\c:\vlttrhp.exec:\vlttrhp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-