Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
28/03/2024, 18:54
General
-
Target
30b29aeee76428a87d880ca97a330f626d35b9640fab9c0b5e291311d7604fc9.exe
-
Size
70KB
-
MD5
3f61e232e98fef2ecd373a417e4ced9e
-
SHA1
a3889a600f362cea47e91a7f3c23b6e908f111a3
-
SHA256
30b29aeee76428a87d880ca97a330f626d35b9640fab9c0b5e291311d7604fc9
-
SHA512
4842336a4424b5083c853e64cb1bb9c2ae2579c842da200db34ae1251aead0849c9af60c702781d7df35f0dcecb84c30d501a41fe85021824642cd5adb101b56
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60LbB:ymb3NkkiQ3mdBjFIIp9LV
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 33 IoCs
-
UPX dump on OEP (original entry point) 61 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 61 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\30b29aeee76428a87d880ca97a330f626d35b9640fab9c0b5e291311d7604fc9.exe"C:\Users\Admin\AppData\Local\Temp\30b29aeee76428a87d880ca97a330f626d35b9640fab9c0b5e291311d7604fc9.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdjd.exec:\jvdjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrxxfl.exec:\xlrxxfl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjjv.exec:\jvjjv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llllxlx.exec:\llllxlx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nbtbb.exec:\5nbtbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httnhh.exec:\httnhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpppp.exec:\dpppp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxxrxx.exec:\xlxxrxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbbtn.exec:\htbbtn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnnbb.exec:\bnnnbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvpj.exec:\pvvpj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxlfxx.exec:\lrxlfxx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rxrxrx.exec:\3rxrxrx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fxfrrf.exec:\9fxfrrf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllfxxr.exec:\fllfxxr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vjdd.exec:\7vjdd.exe17⤵
- Executes dropped EXE
-
\??\c:\vjjjp.exec:\vjjjp.exe18⤵
- Executes dropped EXE
-
\??\c:\vpppp.exec:\vpppp.exe19⤵
- Executes dropped EXE
-
\??\c:\bhntnn.exec:\bhntnn.exe20⤵
- Executes dropped EXE
-
\??\c:\bttbtn.exec:\bttbtn.exe21⤵
- Executes dropped EXE
-
\??\c:\rfxxlxl.exec:\rfxxlxl.exe22⤵
- Executes dropped EXE
-
\??\c:\5vvvv.exec:\5vvvv.exe23⤵
- Executes dropped EXE
-
\??\c:\bnttth.exec:\bnttth.exe24⤵
- Executes dropped EXE
-
\??\c:\7lxflll.exec:\7lxflll.exe25⤵
- Executes dropped EXE
-
\??\c:\bntnnn.exec:\bntnnn.exe26⤵
- Executes dropped EXE
-
\??\c:\fxfrrrr.exec:\fxfrrrr.exe27⤵
- Executes dropped EXE
-
\??\c:\pdpvv.exec:\pdpvv.exe28⤵
- Executes dropped EXE
-
\??\c:\xrxrllr.exec:\xrxrllr.exe29⤵
- Executes dropped EXE
-
\??\c:\httbbn.exec:\httbbn.exe30⤵
- Executes dropped EXE
-
\??\c:\dpvvv.exec:\dpvvv.exe31⤵
- Executes dropped EXE
-
\??\c:\tnbbnt.exec:\tnbbnt.exe32⤵
- Executes dropped EXE
-
\??\c:\xrfffff.exec:\xrfffff.exe33⤵
- Executes dropped EXE
-
\??\c:\hnnhhh.exec:\hnnhhh.exe34⤵
- Executes dropped EXE
-
\??\c:\3rffxrr.exec:\3rffxrr.exe35⤵
- Executes dropped EXE
-
\??\c:\bnhbhn.exec:\bnhbhn.exe36⤵
- Executes dropped EXE
-
\??\c:\pjjpp.exec:\pjjpp.exe37⤵
- Executes dropped EXE
-
\??\c:\rlrrrrl.exec:\rlrrrrl.exe38⤵
- Executes dropped EXE
-
\??\c:\7pvvd.exec:\7pvvd.exe39⤵
- Executes dropped EXE
-
\??\c:\3rxllrr.exec:\3rxllrr.exe40⤵
- Executes dropped EXE
-
\??\c:\7ppvv.exec:\7ppvv.exe41⤵
- Executes dropped EXE
-
\??\c:\lxfffff.exec:\lxfffff.exe42⤵
- Executes dropped EXE
-
\??\c:\jpppv.exec:\jpppv.exe43⤵
- Executes dropped EXE
-
\??\c:\htttnb.exec:\htttnb.exe44⤵
- Executes dropped EXE
-
\??\c:\rxffrrl.exec:\rxffrrl.exe45⤵
- Executes dropped EXE
-
\??\c:\7pdvv.exec:\7pdvv.exe46⤵
- Executes dropped EXE
-
\??\c:\7tbnhn.exec:\7tbnhn.exe47⤵
- Executes dropped EXE
-
\??\c:\3xrlrxf.exec:\3xrlrxf.exe48⤵
- Executes dropped EXE
-
\??\c:\dvvdd.exec:\dvvdd.exe49⤵
- Executes dropped EXE
-
\??\c:\httthn.exec:\httthn.exe50⤵
- Executes dropped EXE
-
\??\c:\rflllfl.exec:\rflllfl.exe51⤵
- Executes dropped EXE
-
\??\c:\llxxxxf.exec:\llxxxxf.exe52⤵
- Executes dropped EXE
-
\??\c:\vjdpj.exec:\vjdpj.exe53⤵
- Executes dropped EXE
-
\??\c:\thnhnh.exec:\thnhnh.exe54⤵
- Executes dropped EXE
-
\??\c:\rflfxfx.exec:\rflfxfx.exe55⤵
- Executes dropped EXE
-
\??\c:\jvvpv.exec:\jvvpv.exe56⤵
- Executes dropped EXE
-
\??\c:\7hhhbh.exec:\7hhhbh.exe57⤵
- Executes dropped EXE
-
\??\c:\fxfxfff.exec:\fxfxfff.exe58⤵
- Executes dropped EXE
-
\??\c:\9tnhnn.exec:\9tnhnn.exe59⤵
- Executes dropped EXE
-
\??\c:\nhtnbb.exec:\nhtnbb.exe60⤵
- Executes dropped EXE
-
\??\c:\rlxxrrr.exec:\rlxxrrr.exe61⤵
- Executes dropped EXE
-
\??\c:\jdjvv.exec:\jdjvv.exe62⤵
- Executes dropped EXE
-
\??\c:\hbnhhb.exec:\hbnhhb.exe63⤵
- Executes dropped EXE
-
\??\c:\1rfxfxx.exec:\1rfxfxx.exe64⤵
- Executes dropped EXE
-
\??\c:\5bbntb.exec:\5bbntb.exe65⤵
- Executes dropped EXE
-
\??\c:\5rxrxrx.exec:\5rxrxrx.exe66⤵
-
\??\c:\bnthhh.exec:\bnthhh.exe67⤵
-
\??\c:\dvppd.exec:\dvppd.exe68⤵
-
\??\c:\5bhnnt.exec:\5bhnnt.exe69⤵
-
\??\c:\djpvd.exec:\djpvd.exe70⤵
-
\??\c:\rrrrllr.exec:\rrrrllr.exe71⤵
-
\??\c:\bnbtnb.exec:\bnbtnb.exe72⤵
-
\??\c:\lrxffrx.exec:\lrxffrx.exe73⤵
-
\??\c:\nnnnbb.exec:\nnnnbb.exe74⤵
-
\??\c:\jjppd.exec:\jjppd.exe75⤵
-
\??\c:\flrrrll.exec:\flrrrll.exe76⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe77⤵
-
\??\c:\rfxxlxl.exec:\rfxxlxl.exe78⤵
-
\??\c:\jjvpv.exec:\jjvpv.exe79⤵
-
\??\c:\5xffllr.exec:\5xffllr.exe80⤵
-
\??\c:\nnbttt.exec:\nnbttt.exe81⤵
-
\??\c:\5xllfxl.exec:\5xllfxl.exe82⤵
-
\??\c:\9hnttt.exec:\9hnttt.exe83⤵
-
\??\c:\flrxxrr.exec:\flrxxrr.exe84⤵
-
\??\c:\3htbnn.exec:\3htbnn.exe85⤵
-
\??\c:\dvdjv.exec:\dvdjv.exe86⤵
-
\??\c:\bntntb.exec:\bntntb.exe87⤵
-
\??\c:\djjjp.exec:\djjjp.exe88⤵
-
\??\c:\xrxxfll.exec:\xrxxfll.exe89⤵
-
\??\c:\jvdjp.exec:\jvdjp.exe90⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe91⤵
-
\??\c:\5rllxrr.exec:\5rllxrr.exe92⤵
-
\??\c:\ddvjd.exec:\ddvjd.exe93⤵
-
\??\c:\7lxxflx.exec:\7lxxflx.exe94⤵
-
\??\c:\7hhhhh.exec:\7hhhhh.exe95⤵
-
\??\c:\vddpp.exec:\vddpp.exe96⤵
-
\??\c:\htthhb.exec:\htthhb.exe97⤵
-
\??\c:\vpppv.exec:\vpppv.exe98⤵
-
\??\c:\nhthbh.exec:\nhthbh.exe99⤵
-
\??\c:\pdddj.exec:\pdddj.exe100⤵
-
\??\c:\xrrxflx.exec:\xrrxflx.exe101⤵
-
\??\c:\vjppp.exec:\vjppp.exe102⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe103⤵
-
\??\c:\rffffff.exec:\rffffff.exe104⤵
-
\??\c:\nhhbhn.exec:\nhhbhn.exe105⤵
-
\??\c:\7dpdj.exec:\7dpdj.exe106⤵
-
\??\c:\5lflxrr.exec:\5lflxrr.exe107⤵
-
\??\c:\nbtthn.exec:\nbtthn.exe108⤵
-
\??\c:\lfflxxl.exec:\lfflxxl.exe109⤵
-
\??\c:\tthntt.exec:\tthntt.exe110⤵
-
\??\c:\7xrrflf.exec:\7xrrflf.exe111⤵
-
\??\c:\nhhttb.exec:\nhhttb.exe112⤵
-
\??\c:\vpvpv.exec:\vpvpv.exe113⤵
-
\??\c:\hhbhnb.exec:\hhbhnb.exe114⤵
-
\??\c:\fxlrxxl.exec:\fxlrxxl.exe115⤵
-
\??\c:\tnbhnb.exec:\tnbhnb.exe116⤵
-
\??\c:\jdddj.exec:\jdddj.exe117⤵
-
\??\c:\hbbhtt.exec:\hbbhtt.exe118⤵
-
\??\c:\jddjv.exec:\jddjv.exe119⤵
-
\??\c:\ffrxlxf.exec:\ffrxlxf.exe120⤵
-
\??\c:\tnbtbn.exec:\tnbtbn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-