Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
19/03/2024, 18:45
General
-
Target
2bc560764e80a74bde77ffab09ccac9186a249325601ff6a817d1eb45113765b.exe
-
Size
340KB
-
MD5
b48dc2c9c9c1d18939e39b6926d9e3dd
-
SHA1
6cb91c4bc865fdde5e14a5a18892c3eb569ecade
-
SHA256
2bc560764e80a74bde77ffab09ccac9186a249325601ff6a817d1eb45113765b
-
SHA512
178a5975f832ad5ee8af70e85853f804e0479d231cb6061e3dde1ddfa4f7d96e137f422d722b0da9edd512ddf46502de203585b33d686bdb5403c5b876d929d8
-
SSDEEP
6144:xcm4FmowdHoSgWrXF5lpKGYV0aTk/6Ai+EgtZTOMrL/xZ8UVrKLo+Q/VjrIVBjdu:74wFHoSgWjdpKGATTk/6Aihgth7L/QOv
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 41 IoCs
-
UPX dump on OEP (original entry point) 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2bc560764e80a74bde77ffab09ccac9186a249325601ff6a817d1eb45113765b.exe"C:\Users\Admin\AppData\Local\Temp\2bc560764e80a74bde77ffab09ccac9186a249325601ff6a817d1eb45113765b.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvvv.exec:\ddvvv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxflx.exec:\rlxxflx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjddd.exec:\pjddd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnhtt.exec:\htnhtt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jvdp.exec:\5jvdp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxffl.exec:\rlxxffl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjvv.exec:\vvjvv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlxxlf.exec:\lrlxxlf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbntbn.exec:\bbntbn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jjdv.exec:\5jjdv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbhn.exec:\nhtbhn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jjdv.exec:\7jjdv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tnbhn.exec:\1tnbhn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrffr.exec:\rxxrffr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnnhh.exec:\nhnnhh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jvpv.exec:\1jvpv.exe17⤵
- Executes dropped EXE
-
\??\c:\thbbbb.exec:\thbbbb.exe18⤵
- Executes dropped EXE
-
\??\c:\dpjdd.exec:\dpjdd.exe19⤵
- Executes dropped EXE
-
\??\c:\tnbnhh.exec:\tnbnhh.exe20⤵
- Executes dropped EXE
-
\??\c:\jdvdd.exec:\jdvdd.exe21⤵
- Executes dropped EXE
-
\??\c:\jdddj.exec:\jdddj.exe22⤵
- Executes dropped EXE
-
\??\c:\ddvdv.exec:\ddvdv.exe23⤵
- Executes dropped EXE
-
\??\c:\fflflfx.exec:\fflflfx.exe24⤵
- Executes dropped EXE
-
\??\c:\ththth.exec:\ththth.exe25⤵
- Executes dropped EXE
-
\??\c:\1pjvp.exec:\1pjvp.exe26⤵
- Executes dropped EXE
-
\??\c:\bntbhh.exec:\bntbhh.exe27⤵
- Executes dropped EXE
-
\??\c:\fxflrrr.exec:\fxflrrr.exe28⤵
- Executes dropped EXE
-
\??\c:\7tnhnn.exec:\7tnhnn.exe29⤵
- Executes dropped EXE
-
\??\c:\jpdjp.exec:\jpdjp.exe30⤵
- Executes dropped EXE
-
\??\c:\xrfflxf.exec:\xrfflxf.exe31⤵
- Executes dropped EXE
-
\??\c:\tnbthn.exec:\tnbthn.exe32⤵
- Executes dropped EXE
-
\??\c:\jpddd.exec:\jpddd.exe33⤵
- Executes dropped EXE
-
\??\c:\jdpvj.exec:\jdpvj.exe34⤵
- Executes dropped EXE
-
\??\c:\vvjjp.exec:\vvjjp.exe35⤵
- Executes dropped EXE
-
\??\c:\xxxfflr.exec:\xxxfflr.exe36⤵
- Executes dropped EXE
-
\??\c:\bhhbth.exec:\bhhbth.exe37⤵
- Executes dropped EXE
-
\??\c:\pjppv.exec:\pjppv.exe38⤵
- Executes dropped EXE
-
\??\c:\lfxlffl.exec:\lfxlffl.exe39⤵
- Executes dropped EXE
-
\??\c:\tthnht.exec:\tthnht.exe40⤵
- Executes dropped EXE
-
\??\c:\pddvv.exec:\pddvv.exe41⤵
- Executes dropped EXE
-
\??\c:\xfllxxf.exec:\xfllxxf.exe42⤵
- Executes dropped EXE
-
\??\c:\nnnbtb.exec:\nnnbtb.exe43⤵
- Executes dropped EXE
-
\??\c:\btbbtb.exec:\btbbtb.exe44⤵
- Executes dropped EXE
-
\??\c:\5vvvp.exec:\5vvvp.exe45⤵
- Executes dropped EXE
-
\??\c:\frfrxfx.exec:\frfrxfx.exe46⤵
- Executes dropped EXE
-
\??\c:\btbbnh.exec:\btbbnh.exe47⤵
- Executes dropped EXE
-
\??\c:\vpdpv.exec:\vpdpv.exe48⤵
- Executes dropped EXE
-
\??\c:\3fxrlrf.exec:\3fxrlrf.exe49⤵
- Executes dropped EXE
-
\??\c:\hnnbbt.exec:\hnnbbt.exe50⤵
- Executes dropped EXE
-
\??\c:\ppjpp.exec:\ppjpp.exe51⤵
- Executes dropped EXE
-
\??\c:\lrfrrff.exec:\lrfrrff.exe52⤵
- Executes dropped EXE
-
\??\c:\1hbhhn.exec:\1hbhhn.exe53⤵
- Executes dropped EXE
-
\??\c:\jjjdd.exec:\jjjdd.exe54⤵
- Executes dropped EXE
-
\??\c:\nbhbbn.exec:\nbhbbn.exe55⤵
- Executes dropped EXE
-
\??\c:\pddpd.exec:\pddpd.exe56⤵
- Executes dropped EXE
-
\??\c:\1lxfffr.exec:\1lxfffr.exe57⤵
- Executes dropped EXE
-
\??\c:\nnnhbn.exec:\nnnhbn.exe58⤵
- Executes dropped EXE
-
\??\c:\pdpjp.exec:\pdpjp.exe59⤵
- Executes dropped EXE
-
\??\c:\vpjjv.exec:\vpjjv.exe60⤵
- Executes dropped EXE
-
\??\c:\hhbbnh.exec:\hhbbnh.exe61⤵
- Executes dropped EXE
-
\??\c:\hhnbhh.exec:\hhnbhh.exe62⤵
- Executes dropped EXE
-
\??\c:\vdjpj.exec:\vdjpj.exe63⤵
- Executes dropped EXE
-
\??\c:\flfrxrf.exec:\flfrxrf.exe64⤵
- Executes dropped EXE
-
\??\c:\nhnhhh.exec:\nhnhhh.exe65⤵
- Executes dropped EXE
-
\??\c:\5jjvd.exec:\5jjvd.exe66⤵
-
\??\c:\7xlxrff.exec:\7xlxrff.exe67⤵
-
\??\c:\nnbthn.exec:\nnbthn.exe68⤵
-
\??\c:\ddpdp.exec:\ddpdp.exe69⤵
-
\??\c:\9lffllr.exec:\9lffllr.exe70⤵
-
\??\c:\thhbbt.exec:\thhbbt.exe71⤵
-
\??\c:\bthnhh.exec:\bthnhh.exe72⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe73⤵
-
\??\c:\7lxxffl.exec:\7lxxffl.exe74⤵
-
\??\c:\ttnttt.exec:\ttnttt.exe75⤵
-
\??\c:\3dpvd.exec:\3dpvd.exe76⤵
-
\??\c:\ffflrxf.exec:\ffflrxf.exe77⤵
-
\??\c:\rrllxfl.exec:\rrllxfl.exe78⤵
-
\??\c:\9btbtb.exec:\9btbtb.exe79⤵
-
\??\c:\vvjvv.exec:\vvjvv.exe80⤵
-
\??\c:\flfxrxf.exec:\flfxrxf.exe81⤵
-
\??\c:\5hnnhn.exec:\5hnnhn.exe82⤵
-
\??\c:\fxrfffr.exec:\fxrfffr.exe83⤵
-
\??\c:\llrlrlf.exec:\llrlrlf.exe84⤵
-
\??\c:\pddvp.exec:\pddvp.exe85⤵
-
\??\c:\hbhbht.exec:\hbhbht.exe86⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe87⤵
-
\??\c:\rxlxlrl.exec:\rxlxlrl.exe88⤵
-
\??\c:\bthtbt.exec:\bthtbt.exe89⤵
-
\??\c:\pvvjp.exec:\pvvjp.exe90⤵
-
\??\c:\fxflxxf.exec:\fxflxxf.exe91⤵
-
\??\c:\bhhtbh.exec:\bhhtbh.exe92⤵
-
\??\c:\7pjpv.exec:\7pjpv.exe93⤵
-
\??\c:\ffxxlrr.exec:\ffxxlrr.exe94⤵
-
\??\c:\ttbtth.exec:\ttbtth.exe95⤵
-
\??\c:\ppppj.exec:\ppppj.exe96⤵
-
\??\c:\djjdv.exec:\djjdv.exe97⤵
-
\??\c:\lfllrlf.exec:\lfllrlf.exe98⤵
-
\??\c:\hhnnbh.exec:\hhnnbh.exe99⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe100⤵
-
\??\c:\lrfxfxf.exec:\lrfxfxf.exe101⤵
-
\??\c:\xflfrlf.exec:\xflfrlf.exe102⤵
-
\??\c:\tnbhbb.exec:\tnbhbb.exe103⤵
-
\??\c:\jjdpj.exec:\jjdpj.exe104⤵
-
\??\c:\rrrrfrr.exec:\rrrrfrr.exe105⤵
-
\??\c:\5fxfxfr.exec:\5fxfxfr.exe106⤵
-
\??\c:\tnhtnt.exec:\tnhtnt.exe107⤵
-
\??\c:\dvpdp.exec:\dvpdp.exe108⤵
-
\??\c:\7pdpp.exec:\7pdpp.exe109⤵
-
\??\c:\flrfxfx.exec:\flrfxfx.exe110⤵
-
\??\c:\5hhbnn.exec:\5hhbnn.exe111⤵
-
\??\c:\3ddvj.exec:\3ddvj.exe112⤵
-
\??\c:\fxrxrxl.exec:\fxrxrxl.exe113⤵
-
\??\c:\xlrllrr.exec:\xlrllrr.exe114⤵
-
\??\c:\ttnbbn.exec:\ttnbbn.exe115⤵
-
\??\c:\3pppj.exec:\3pppj.exe116⤵
-
\??\c:\lxlxflr.exec:\lxlxflr.exe117⤵
-
\??\c:\rlxxrlr.exec:\rlxxrlr.exe118⤵
-
\??\c:\bnnbtb.exec:\bnnbtb.exe119⤵
-
\??\c:\vvvjj.exec:\vvvjj.exe120⤵
-
\??\c:\xfxfrlr.exec:\xfxfrlr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-