Analysis
-
max time kernel
154s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
26/03/2024, 23:25
General
-
Target
a943b7c1e79295c3d60e70c2509b6baa23887a1673a00f65f50143e695562a7b.exe
-
Size
247KB
-
MD5
39af12127b2b8a92b2b21a0f91cf8733
-
SHA1
d45035e0ecf01efb79dbab7bc0356ac3838e3885
-
SHA256
a943b7c1e79295c3d60e70c2509b6baa23887a1673a00f65f50143e695562a7b
-
SHA512
c0012b5759580531ad21e4e845ce18d2a45dffb4b9ca64c0bdc8a84a1967baf09a563c801d2e7b7a0dc9df76693a63e17327b0529c8c75d1906921dbe578e9fd
-
SSDEEP
6144:n3C9BRo/AIX27NHWpU00VIxas1oa3YiFRV6N:n3C9uD6AUDCa4NYmRS
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 42 IoCs
-
UPX dump on OEP (original entry point) 53 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 53 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a943b7c1e79295c3d60e70c2509b6baa23887a1673a00f65f50143e695562a7b.exe"C:\Users\Admin\AppData\Local\Temp\a943b7c1e79295c3d60e70c2509b6baa23887a1673a00f65f50143e695562a7b.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\592h91n.exec:\592h91n.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9gk2376.exec:\9gk2376.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5wcs1q.exec:\5wcs1q.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\015cee.exec:\015cee.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e6gmvo.exec:\e6gmvo.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tqn8ow.exec:\tqn8ow.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6l6cr.exec:\6l6cr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i79797.exec:\i79797.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i6gb54.exec:\i6gb54.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jk66j55.exec:\jk66j55.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7o1g8.exec:\7o1g8.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ax9up.exec:\7ax9up.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7f2307.exec:\7f2307.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\371gf5.exec:\371gf5.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\02793.exec:\02793.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\go6d16t.exec:\go6d16t.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9g43hjo.exec:\9g43hjo.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\019135.exec:\019135.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8qax11.exec:\8qax11.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\f0a303.exec:\f0a303.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\79cwew.exec:\79cwew.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2gu6r31.exec:\2gu6r31.exe23⤵
- Executes dropped EXE
-
\??\c:\5kq969.exec:\5kq969.exe24⤵
- Executes dropped EXE
-
\??\c:\45ws58.exec:\45ws58.exe25⤵
- Executes dropped EXE
-
\??\c:\giqe55a.exec:\giqe55a.exe26⤵
- Executes dropped EXE
-
\??\c:\4285b.exec:\4285b.exe27⤵
- Executes dropped EXE
-
\??\c:\4mwsp.exec:\4mwsp.exe28⤵
- Executes dropped EXE
-
\??\c:\6qgok.exec:\6qgok.exe29⤵
- Executes dropped EXE
-
\??\c:\hh22d0j.exec:\hh22d0j.exe30⤵
- Executes dropped EXE
-
\??\c:\v63e3n.exec:\v63e3n.exe31⤵
- Executes dropped EXE
-
\??\c:\7fe600.exec:\7fe600.exe32⤵
- Executes dropped EXE
-
\??\c:\o8823.exec:\o8823.exe33⤵
- Executes dropped EXE
-
\??\c:\4esgr57.exec:\4esgr57.exe34⤵
- Executes dropped EXE
-
\??\c:\ricugq5.exec:\ricugq5.exe35⤵
- Executes dropped EXE
-
\??\c:\58cj39.exec:\58cj39.exe36⤵
- Executes dropped EXE
-
\??\c:\7il52.exec:\7il52.exe37⤵
- Executes dropped EXE
-
\??\c:\8778a.exec:\8778a.exe38⤵
- Executes dropped EXE
-
\??\c:\03919.exec:\03919.exe39⤵
- Executes dropped EXE
-
\??\c:\n92c16.exec:\n92c16.exe40⤵
- Executes dropped EXE
-
\??\c:\1w35998.exec:\1w35998.exe41⤵
- Executes dropped EXE
-
\??\c:\014900w.exec:\014900w.exe42⤵
- Executes dropped EXE
-
\??\c:\f137u6a.exec:\f137u6a.exe43⤵
- Executes dropped EXE
-
\??\c:\974ws.exec:\974ws.exe44⤵
- Executes dropped EXE
-
\??\c:\pwqo0s.exec:\pwqo0s.exe45⤵
- Executes dropped EXE
-
\??\c:\k4u757.exec:\k4u757.exe46⤵
- Executes dropped EXE
-
\??\c:\10sok.exec:\10sok.exe47⤵
- Executes dropped EXE
-
\??\c:\lcea6.exec:\lcea6.exe48⤵
- Executes dropped EXE
-
\??\c:\h5wb2.exec:\h5wb2.exe49⤵
- Executes dropped EXE
-
\??\c:\h39o338.exec:\h39o338.exe50⤵
- Executes dropped EXE
-
\??\c:\8539t3.exec:\8539t3.exe51⤵
- Executes dropped EXE
-
\??\c:\499oxwe.exec:\499oxwe.exe52⤵
- Executes dropped EXE
-
\??\c:\78cqs.exec:\78cqs.exe53⤵
- Executes dropped EXE
-
\??\c:\p2ok66.exec:\p2ok66.exe54⤵
- Executes dropped EXE
-
\??\c:\18591.exec:\18591.exe55⤵
- Executes dropped EXE
-
\??\c:\eqa9ck.exec:\eqa9ck.exe56⤵
- Executes dropped EXE
-
\??\c:\e423n1.exec:\e423n1.exe57⤵
- Executes dropped EXE
-
\??\c:\8mqqqmm.exec:\8mqqqmm.exe58⤵
- Executes dropped EXE
-
\??\c:\b7533.exec:\b7533.exe59⤵
- Executes dropped EXE
-
\??\c:\jn3737.exec:\jn3737.exe60⤵
- Executes dropped EXE
-
\??\c:\98wum88.exec:\98wum88.exe61⤵
- Executes dropped EXE
-
\??\c:\bp5rv.exec:\bp5rv.exe62⤵
- Executes dropped EXE
-
\??\c:\f5712o1.exec:\f5712o1.exe63⤵
- Executes dropped EXE
-
\??\c:\lbnre08.exec:\lbnre08.exe64⤵
- Executes dropped EXE
-
\??\c:\al8ub9.exec:\al8ub9.exe65⤵
- Executes dropped EXE
-
\??\c:\f5119b5.exec:\f5119b5.exe66⤵
-
\??\c:\ei25v.exec:\ei25v.exe67⤵
-
\??\c:\091939.exec:\091939.exe68⤵
-
\??\c:\64wdqg.exec:\64wdqg.exe69⤵
-
\??\c:\xwam93.exec:\xwam93.exe70⤵
-
\??\c:\m7335.exec:\m7335.exe71⤵
-
\??\c:\secoks9.exec:\secoks9.exe72⤵
-
\??\c:\4gk533l.exec:\4gk533l.exe73⤵
-
\??\c:\312q3.exec:\312q3.exe74⤵
-
\??\c:\4kcr0oo.exec:\4kcr0oo.exe75⤵
-
\??\c:\753gs.exec:\753gs.exe76⤵
-
\??\c:\1qgmu.exec:\1qgmu.exe77⤵
-
\??\c:\nr2xx5f.exec:\nr2xx5f.exe78⤵
-
\??\c:\1moe8u.exec:\1moe8u.exe79⤵
-
\??\c:\f4078.exec:\f4078.exe80⤵
-
\??\c:\rp5uc.exec:\rp5uc.exe81⤵
-
\??\c:\1vu7b5.exec:\1vu7b5.exe82⤵
-
\??\c:\2390q.exec:\2390q.exe83⤵
-
\??\c:\hclb44.exec:\hclb44.exe84⤵
-
\??\c:\f4emcrg.exec:\f4emcrg.exe85⤵
-
\??\c:\te7j11.exec:\te7j11.exe86⤵
-
\??\c:\s807h96.exec:\s807h96.exe87⤵
-
\??\c:\495uao8.exec:\495uao8.exe88⤵
-
\??\c:\37kw4.exec:\37kw4.exe89⤵
-
\??\c:\2195rg.exec:\2195rg.exe90⤵
-
\??\c:\r95wf.exec:\r95wf.exe91⤵
-
\??\c:\09755.exec:\09755.exe92⤵
-
\??\c:\0sq794c.exec:\0sq794c.exe93⤵
-
\??\c:\31aj9.exec:\31aj9.exe94⤵
-
\??\c:\9v757k.exec:\9v757k.exe95⤵
-
\??\c:\5ioqs.exec:\5ioqs.exe96⤵
-
\??\c:\x6wj5.exec:\x6wj5.exe97⤵
-
\??\c:\4d2woo6.exec:\4d2woo6.exe98⤵
-
\??\c:\a5015p.exec:\a5015p.exe99⤵
-
\??\c:\8tj371.exec:\8tj371.exe100⤵
-
\??\c:\f11t5.exec:\f11t5.exe101⤵
-
\??\c:\fciq5.exec:\fciq5.exe102⤵
-
\??\c:\o5rp0d8.exec:\o5rp0d8.exe103⤵
-
\??\c:\9frq3u8.exec:\9frq3u8.exe104⤵
-
\??\c:\9docv.exec:\9docv.exe105⤵
-
\??\c:\040099b.exec:\040099b.exe106⤵
-
\??\c:\n6u70.exec:\n6u70.exe107⤵
-
\??\c:\220818.exec:\220818.exe108⤵
-
\??\c:\8f912q.exec:\8f912q.exe109⤵
-
\??\c:\lc13bd6.exec:\lc13bd6.exe110⤵
-
\??\c:\l0003.exec:\l0003.exe111⤵
-
\??\c:\9rep80.exec:\9rep80.exe112⤵
-
\??\c:\kowur71.exec:\kowur71.exe113⤵
-
\??\c:\998qg.exec:\998qg.exe114⤵
-
\??\c:\4537po.exec:\4537po.exe115⤵
-
\??\c:\umogeh.exec:\umogeh.exe116⤵
-
\??\c:\93uu2ac.exec:\93uu2ac.exe117⤵
-
\??\c:\tcveka.exec:\tcveka.exe118⤵
-
\??\c:\4d74sn9.exec:\4d74sn9.exe119⤵
-
\??\c:\ssep6.exec:\ssep6.exe120⤵
-
\??\c:\1155fn.exec:\1155fn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-