Analysis
-
max time kernel
79s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
04/04/2024, 18:48
General
-
Target
162a8d1de4ae4eff09e9d631b87e1456c8aff183c29a4efb7c4c1a0e699c4d31.exe
-
Size
349KB
-
MD5
4582d95426f7d50f6d5b4275f77e37d4
-
SHA1
21a82a7ff1b69be17912a81e428c62fb71eef61b
-
SHA256
162a8d1de4ae4eff09e9d631b87e1456c8aff183c29a4efb7c4c1a0e699c4d31
-
SHA512
0822eb40a92a17bae698288b304a3798190acfd3713c977a5951a3e777f47f966409b3b89150a1bb4a3b422817b647738a672dd1c3237b8ad88d0d503f4a2e3a
-
SSDEEP
6144:bcm4FmowdHoSgWrXD486jCpoAhlq1mEjBqLyOSlhNFF2u:h4wFHoSgWj168w1VjsyvhNFF2u
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 39 IoCs
-
UPX dump on OEP (original entry point) 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\162a8d1de4ae4eff09e9d631b87e1456c8aff183c29a4efb7c4c1a0e699c4d31.exe"C:\Users\Admin\AppData\Local\Temp\162a8d1de4ae4eff09e9d631b87e1456c8aff183c29a4efb7c4c1a0e699c4d31.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\eu60w0.exec:\eu60w0.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\22397.exec:\22397.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\379w33.exec:\379w33.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\f6515.exec:\f6515.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\wc7573.exec:\wc7573.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7j13b0.exec:\7j13b0.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qvojj8g.exec:\qvojj8g.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fc1mt.exec:\fc1mt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\r2ew3m.exec:\r2ew3m.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\t3smw.exec:\t3smw.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s1316.exec:\s1316.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddxnf.exec:\ddxnf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a4g00o2.exec:\a4g00o2.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\18jgm.exec:\18jgm.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\utl0bri.exec:\utl0bri.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2111r51.exec:\2111r51.exe17⤵
- Executes dropped EXE
-
\??\c:\tieqd7.exec:\tieqd7.exe18⤵
- Executes dropped EXE
-
\??\c:\7if45.exec:\7if45.exe19⤵
- Executes dropped EXE
-
\??\c:\nee5m8.exec:\nee5m8.exe20⤵
- Executes dropped EXE
-
\??\c:\x365h.exec:\x365h.exe21⤵
- Executes dropped EXE
-
\??\c:\q8g39k6.exec:\q8g39k6.exe22⤵
- Executes dropped EXE
-
\??\c:\16o2g2.exec:\16o2g2.exe23⤵
- Executes dropped EXE
-
\??\c:\08ucf.exec:\08ucf.exe24⤵
- Executes dropped EXE
-
\??\c:\lm11551.exec:\lm11551.exe25⤵
- Executes dropped EXE
-
\??\c:\04l206d.exec:\04l206d.exe26⤵
- Executes dropped EXE
-
\??\c:\c699c.exec:\c699c.exe27⤵
- Executes dropped EXE
-
\??\c:\67ljw0.exec:\67ljw0.exe28⤵
- Executes dropped EXE
-
\??\c:\59fwu2.exec:\59fwu2.exe29⤵
- Executes dropped EXE
-
\??\c:\1usc0g8.exec:\1usc0g8.exe30⤵
- Executes dropped EXE
-
\??\c:\qq3m1.exec:\qq3m1.exe31⤵
- Executes dropped EXE
-
\??\c:\29998o.exec:\29998o.exe32⤵
- Executes dropped EXE
-
\??\c:\pq3qwka.exec:\pq3qwka.exe33⤵
- Executes dropped EXE
-
\??\c:\9w1w181.exec:\9w1w181.exe34⤵
- Executes dropped EXE
-
\??\c:\dgtri.exec:\dgtri.exe35⤵
- Executes dropped EXE
-
\??\c:\3a977.exec:\3a977.exe36⤵
- Executes dropped EXE
-
\??\c:\rwaqsug.exec:\rwaqsug.exe37⤵
- Executes dropped EXE
-
\??\c:\3v35rig.exec:\3v35rig.exe38⤵
- Executes dropped EXE
-
\??\c:\88r35f.exec:\88r35f.exe39⤵
- Executes dropped EXE
-
\??\c:\j5ieg14.exec:\j5ieg14.exe40⤵
- Executes dropped EXE
-
\??\c:\ktj20.exec:\ktj20.exe41⤵
- Executes dropped EXE
-
\??\c:\f7i3s.exec:\f7i3s.exe42⤵
-
\??\c:\89mw99u.exec:\89mw99u.exe43⤵
- Executes dropped EXE
-
\??\c:\6ah23l.exec:\6ah23l.exe44⤵
- Executes dropped EXE
-
\??\c:\ngrt2.exec:\ngrt2.exe45⤵
- Executes dropped EXE
-
\??\c:\poqw5cs.exec:\poqw5cs.exe46⤵
- Executes dropped EXE
-
\??\c:\693ow6.exec:\693ow6.exe47⤵
- Executes dropped EXE
-
\??\c:\030g3.exec:\030g3.exe48⤵
- Executes dropped EXE
-
\??\c:\68xn5ox.exec:\68xn5ox.exe49⤵
- Executes dropped EXE
-
\??\c:\b37977i.exec:\b37977i.exe50⤵
- Executes dropped EXE
-
\??\c:\3sqa973.exec:\3sqa973.exe51⤵
- Executes dropped EXE
-
\??\c:\c39m5.exec:\c39m5.exe52⤵
- Executes dropped EXE
-
\??\c:\voqqf.exec:\voqqf.exe53⤵
- Executes dropped EXE
-
\??\c:\c3l5ik.exec:\c3l5ik.exe54⤵
- Executes dropped EXE
-
\??\c:\25713.exec:\25713.exe55⤵
- Executes dropped EXE
-
\??\c:\doerv.exec:\doerv.exe56⤵
- Executes dropped EXE
-
\??\c:\015731.exec:\015731.exe57⤵
- Executes dropped EXE
-
\??\c:\skcgm.exec:\skcgm.exe58⤵
- Executes dropped EXE
-
\??\c:\437uvs.exec:\437uvs.exe59⤵
- Executes dropped EXE
-
\??\c:\88iue.exec:\88iue.exe60⤵
- Executes dropped EXE
-
\??\c:\ns0gu.exec:\ns0gu.exe61⤵
- Executes dropped EXE
-
\??\c:\nop9or.exec:\nop9or.exe62⤵
- Executes dropped EXE
-
\??\c:\r7q179.exec:\r7q179.exe63⤵
- Executes dropped EXE
-
\??\c:\88in1.exec:\88in1.exe64⤵
- Executes dropped EXE
-
\??\c:\h6c08.exec:\h6c08.exe65⤵
- Executes dropped EXE
-
\??\c:\gv4m00.exec:\gv4m00.exe66⤵
- Executes dropped EXE
-
\??\c:\sm8bl8.exec:\sm8bl8.exe67⤵
-
\??\c:\bgwwioi.exec:\bgwwioi.exe68⤵
-
\??\c:\h68ocv.exec:\h68ocv.exe69⤵
-
\??\c:\hq7729.exec:\hq7729.exe70⤵
-
\??\c:\9b4cu0n.exec:\9b4cu0n.exe71⤵
-
\??\c:\huvcqgq.exec:\huvcqgq.exe72⤵
-
\??\c:\jnh4c3.exec:\jnh4c3.exe73⤵
-
\??\c:\is8pb.exec:\is8pb.exe74⤵
-
\??\c:\u82528.exec:\u82528.exe75⤵
-
\??\c:\f774l5.exec:\f774l5.exe76⤵
-
\??\c:\498tuu.exec:\498tuu.exe77⤵
-
\??\c:\45143.exec:\45143.exe78⤵
-
\??\c:\xqj95.exec:\xqj95.exe79⤵
-
\??\c:\4k9l6m.exec:\4k9l6m.exe80⤵
-
\??\c:\8b0d8.exec:\8b0d8.exe81⤵
-
\??\c:\204m444.exec:\204m444.exe82⤵
-
\??\c:\rimgu.exec:\rimgu.exe83⤵
-
\??\c:\985u40.exec:\985u40.exe84⤵
-
\??\c:\274is.exec:\274is.exe85⤵
-
\??\c:\ou685o.exec:\ou685o.exe86⤵
-
\??\c:\5351aw5.exec:\5351aw5.exe87⤵
-
\??\c:\b7i1x11.exec:\b7i1x11.exe88⤵
-
\??\c:\r9ulk.exec:\r9ulk.exe89⤵
-
\??\c:\d82hoqf.exec:\d82hoqf.exe90⤵
-
\??\c:\e06x93.exec:\e06x93.exe91⤵
-
\??\c:\mkj9as.exec:\mkj9as.exe92⤵
-
\??\c:\9g622p.exec:\9g622p.exe93⤵
-
\??\c:\7amxt3t.exec:\7amxt3t.exe94⤵
-
\??\c:\w8g6w.exec:\w8g6w.exe95⤵
-
\??\c:\234334.exec:\234334.exe96⤵
-
\??\c:\w9d3c.exec:\w9d3c.exe97⤵
-
\??\c:\v5w442.exec:\v5w442.exe98⤵
-
\??\c:\chhke.exec:\chhke.exe99⤵
-
\??\c:\jcgke.exec:\jcgke.exe100⤵
-
\??\c:\9wh8i.exec:\9wh8i.exe101⤵
-
\??\c:\059q85.exec:\059q85.exe102⤵
-
\??\c:\x2n56r.exec:\x2n56r.exe103⤵
-
\??\c:\tiuc00c.exec:\tiuc00c.exe104⤵
-
\??\c:\73o6or.exec:\73o6or.exe105⤵
-
\??\c:\ua20p.exec:\ua20p.exe106⤵
-
\??\c:\5koiaec.exec:\5koiaec.exe107⤵
-
\??\c:\k3ittai.exec:\k3ittai.exe108⤵
-
\??\c:\esct0.exec:\esct0.exe109⤵
-
\??\c:\5ldvh55.exec:\5ldvh55.exe110⤵
-
\??\c:\t0w1obk.exec:\t0w1obk.exe111⤵
-
\??\c:\97i9ofp.exec:\97i9ofp.exe112⤵
-
\??\c:\334ck9m.exec:\334ck9m.exe113⤵
-
\??\c:\4g9i74u.exec:\4g9i74u.exe114⤵
-
\??\c:\fqwks.exec:\fqwks.exe115⤵
-
\??\c:\911v632.exec:\911v632.exe116⤵
-
\??\c:\18613b.exec:\18613b.exe117⤵
-
\??\c:\x6p8sr.exec:\x6p8sr.exe118⤵
-
\??\c:\8b09j.exec:\8b09j.exe119⤵
-
\??\c:\6mr1oh3.exec:\6mr1oh3.exe120⤵
-
\??\c:\1heeee.exec:\1heeee.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-