Analysis
-
max time kernel
65s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
19-03-2024 08:00
General
-
Target
8cf2b67e6147ad64515d038d2bacf84c792c9527fc6e8311794d1143ac2804c6.exe
-
Size
220KB
-
MD5
3c994650a939b97754ef7bf598a2a85a
-
SHA1
75de13b125a1a4119a934caf8b04b8497deba0ca
-
SHA256
8cf2b67e6147ad64515d038d2bacf84c792c9527fc6e8311794d1143ac2804c6
-
SHA512
3dd031b7d5e62530fa5f9d13b89b739a383e3c50bf83dc87c851cc7cf46252c60e513f9c7b31ee5131f5b48aac7e8193e0d9f07a530b62aef366a726803ed42e
-
SSDEEP
6144:0cm4FmowdHoSOI18yP0ddWX+a/zq6atGJ7TA:C4wFHoSF/P0ddWX+yzq6aw7TA
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 40 IoCs
-
UPX dump on OEP (original entry point) 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8cf2b67e6147ad64515d038d2bacf84c792c9527fc6e8311794d1143ac2804c6.exe"C:\Users\Admin\AppData\Local\Temp\8cf2b67e6147ad64515d038d2bacf84c792c9527fc6e8311794d1143ac2804c6.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vb311.exec:\vb311.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\898f7if.exec:\898f7if.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0v01h.exec:\0v01h.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ofn30.exec:\1ofn30.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ji1m8.exec:\ji1m8.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rtn1.exec:\9rtn1.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ovrx075.exec:\ovrx075.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\kpjii.exec:\kpjii.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bb1s7.exec:\bb1s7.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tv2q73.exec:\tv2q73.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fb33v.exec:\fb33v.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2lx59d1.exec:\2lx59d1.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k8i13u.exec:\k8i13u.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m7wheu7.exec:\m7wheu7.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8q19cc.exec:\8q19cc.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\b92e9.exec:\b92e9.exe17⤵
- Executes dropped EXE
-
\??\c:\dim8o.exec:\dim8o.exe18⤵
- Executes dropped EXE
-
\??\c:\870cn.exec:\870cn.exe19⤵
- Executes dropped EXE
-
\??\c:\4kb9m41.exec:\4kb9m41.exe20⤵
- Executes dropped EXE
-
\??\c:\31ffc7.exec:\31ffc7.exe21⤵
- Executes dropped EXE
-
\??\c:\jiqc3.exec:\jiqc3.exe22⤵
- Executes dropped EXE
-
\??\c:\29dg2.exec:\29dg2.exe23⤵
- Executes dropped EXE
-
\??\c:\m3cj4sj.exec:\m3cj4sj.exe24⤵
- Executes dropped EXE
-
\??\c:\qo1uvj.exec:\qo1uvj.exe25⤵
- Executes dropped EXE
-
\??\c:\nwd059k.exec:\nwd059k.exe26⤵
- Executes dropped EXE
-
\??\c:\a3es8.exec:\a3es8.exe27⤵
- Executes dropped EXE
-
\??\c:\f1v38.exec:\f1v38.exe28⤵
- Executes dropped EXE
-
\??\c:\doj9o.exec:\doj9o.exe29⤵
- Executes dropped EXE
-
\??\c:\g0q52.exec:\g0q52.exe30⤵
- Executes dropped EXE
-
\??\c:\31rvjc.exec:\31rvjc.exe31⤵
- Executes dropped EXE
-
\??\c:\k3778am.exec:\k3778am.exe32⤵
- Executes dropped EXE
-
\??\c:\wkh31.exec:\wkh31.exe33⤵
- Executes dropped EXE
-
\??\c:\6j067h2.exec:\6j067h2.exe34⤵
- Executes dropped EXE
-
\??\c:\hgbpd14.exec:\hgbpd14.exe35⤵
- Executes dropped EXE
-
\??\c:\p1j7341.exec:\p1j7341.exe36⤵
- Executes dropped EXE
-
\??\c:\4ha05w.exec:\4ha05w.exe37⤵
- Executes dropped EXE
-
\??\c:\3b16qg.exec:\3b16qg.exe38⤵
- Executes dropped EXE
-
\??\c:\v11nlb.exec:\v11nlb.exe39⤵
- Executes dropped EXE
-
\??\c:\6198mqk.exec:\6198mqk.exe40⤵
- Executes dropped EXE
-
\??\c:\22il6.exec:\22il6.exe41⤵
- Executes dropped EXE
-
\??\c:\px50j6.exec:\px50j6.exe42⤵
- Executes dropped EXE
-
\??\c:\6ns2ed.exec:\6ns2ed.exe43⤵
- Executes dropped EXE
-
\??\c:\lx8c30k.exec:\lx8c30k.exe44⤵
- Executes dropped EXE
-
\??\c:\q9nib.exec:\q9nib.exe45⤵
- Executes dropped EXE
-
\??\c:\0671oh7.exec:\0671oh7.exe46⤵
- Executes dropped EXE
-
\??\c:\houag.exec:\houag.exe47⤵
- Executes dropped EXE
-
\??\c:\27o3k7q.exec:\27o3k7q.exe48⤵
- Executes dropped EXE
-
\??\c:\bwmembi.exec:\bwmembi.exe49⤵
- Executes dropped EXE
-
\??\c:\0731w.exec:\0731w.exe50⤵
- Executes dropped EXE
-
\??\c:\8s1o3.exec:\8s1o3.exe51⤵
- Executes dropped EXE
-
\??\c:\wq3gl5h.exec:\wq3gl5h.exe52⤵
- Executes dropped EXE
-
\??\c:\xbask3a.exec:\xbask3a.exe53⤵
- Executes dropped EXE
-
\??\c:\690i8c1.exec:\690i8c1.exe54⤵
- Executes dropped EXE
-
\??\c:\mg494.exec:\mg494.exe55⤵
- Executes dropped EXE
-
\??\c:\4i90g.exec:\4i90g.exe56⤵
- Executes dropped EXE
-
\??\c:\295514w.exec:\295514w.exe57⤵
- Executes dropped EXE
-
\??\c:\kos2p.exec:\kos2p.exe58⤵
- Executes dropped EXE
-
\??\c:\12skx52.exec:\12skx52.exe59⤵
- Executes dropped EXE
-
\??\c:\46579e3.exec:\46579e3.exe60⤵
- Executes dropped EXE
-
\??\c:\qt2grse.exec:\qt2grse.exe61⤵
- Executes dropped EXE
-
\??\c:\513xnm.exec:\513xnm.exe62⤵
- Executes dropped EXE
-
\??\c:\rkh7ex.exec:\rkh7ex.exe63⤵
- Executes dropped EXE
-
\??\c:\3omc3.exec:\3omc3.exe64⤵
- Executes dropped EXE
-
\??\c:\dwl9f3c.exec:\dwl9f3c.exe65⤵
- Executes dropped EXE
-
\??\c:\439u8qp.exec:\439u8qp.exe66⤵
-
\??\c:\nod7p.exec:\nod7p.exe67⤵
-
\??\c:\43uv4s7.exec:\43uv4s7.exe68⤵
-
\??\c:\0bwo1m.exec:\0bwo1m.exe69⤵
-
\??\c:\68erv.exec:\68erv.exe70⤵
-
\??\c:\vg38aub.exec:\vg38aub.exe71⤵
-
\??\c:\57j3dx3.exec:\57j3dx3.exe72⤵
-
\??\c:\aaal3.exec:\aaal3.exe73⤵
-
\??\c:\gxjf5b.exec:\gxjf5b.exe74⤵
-
\??\c:\nk57ex.exec:\nk57ex.exe75⤵
-
\??\c:\fix3g.exec:\fix3g.exe76⤵
-
\??\c:\pw9b16k.exec:\pw9b16k.exe77⤵
-
\??\c:\48wq1.exec:\48wq1.exe78⤵
-
\??\c:\2qpg5.exec:\2qpg5.exe79⤵
-
\??\c:\836q11o.exec:\836q11o.exe80⤵
-
\??\c:\22qsse.exec:\22qsse.exe81⤵
-
\??\c:\590sb.exec:\590sb.exe82⤵
-
\??\c:\535f161.exec:\535f161.exe83⤵
-
\??\c:\1qh1w.exec:\1qh1w.exe84⤵
-
\??\c:\973n371.exec:\973n371.exe85⤵
-
\??\c:\a59id.exec:\a59id.exe86⤵
-
\??\c:\fm71o7.exec:\fm71o7.exe87⤵
-
\??\c:\59476.exec:\59476.exe88⤵
-
\??\c:\1aox3.exec:\1aox3.exe89⤵
-
\??\c:\xst45.exec:\xst45.exe90⤵
-
\??\c:\2e1sh.exec:\2e1sh.exe91⤵
-
\??\c:\191f5n7.exec:\191f5n7.exe92⤵
-
\??\c:\o8o1i.exec:\o8o1i.exe93⤵
-
\??\c:\4a205jx.exec:\4a205jx.exe94⤵
-
\??\c:\7w08ae.exec:\7w08ae.exe95⤵
-
\??\c:\57086.exec:\57086.exe96⤵
-
\??\c:\a8e5i7u.exec:\a8e5i7u.exe97⤵
-
\??\c:\07wa14.exec:\07wa14.exe98⤵
-
\??\c:\qsxi05.exec:\qsxi05.exe99⤵
-
\??\c:\bo75mg.exec:\bo75mg.exe100⤵
-
\??\c:\50j56.exec:\50j56.exe101⤵
-
\??\c:\po58v5.exec:\po58v5.exe102⤵
-
\??\c:\mfa0nd.exec:\mfa0nd.exe103⤵
-
\??\c:\61b45.exec:\61b45.exe104⤵
-
\??\c:\d99mb5.exec:\d99mb5.exe105⤵
-
\??\c:\1nf8q.exec:\1nf8q.exe106⤵
-
\??\c:\pqr99g.exec:\pqr99g.exe107⤵
-
\??\c:\7qqs9.exec:\7qqs9.exe108⤵
-
\??\c:\c1k9wx1.exec:\c1k9wx1.exe109⤵
-
\??\c:\nawq33.exec:\nawq33.exe110⤵
-
\??\c:\xikiwk.exec:\xikiwk.exe111⤵
-
\??\c:\5mkm35.exec:\5mkm35.exe112⤵
-
\??\c:\ff6cb73.exec:\ff6cb73.exe113⤵
-
\??\c:\4ie9ge.exec:\4ie9ge.exe114⤵
-
\??\c:\h2hl42.exec:\h2hl42.exe115⤵
-
\??\c:\e50p9qn.exec:\e50p9qn.exe116⤵
-
\??\c:\09gd5.exec:\09gd5.exe117⤵
-
\??\c:\815g73.exec:\815g73.exe118⤵
-
\??\c:\7ls3mh.exec:\7ls3mh.exe119⤵
-
\??\c:\l771wd.exec:\l771wd.exe120⤵
-
\??\c:\9wiuq1.exec:\9wiuq1.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-