Analysis
-
max time kernel
175s -
max time network
167s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
09-04-2024 22:05
General
-
Target
338310c8907a870f6cb703e452680867.exe
-
Size
179KB
-
MD5
338310c8907a870f6cb703e452680867
-
SHA1
367c4495c11353e220365d1fd8e753496aee80d6
-
SHA256
7e89ee6027bbb2c8cc8dbb30096a8bee07675fb077835b9561edb22f8bb11b17
-
SHA512
2c26fc582d0bd859b81af8b1a3663282f0b6e77b6097016efcd7e5a6beedcb7251b69e024fa9d833bf647d10eef43962ddbe82489c0dda39c6d579ec20ffc02f
-
SSDEEP
1536:PvQBeOGtrYSSsrc93UBIfdC67m6AJiqgT4+IJ9OJc3/:PhOm2sI93UufdC67ciJTmm+/
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 61 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\338310c8907a870f6cb703e452680867.exe"C:\Users\Admin\AppData\Local\Temp\338310c8907a870f6cb703e452680867.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\13un5mb.exec:\13un5mb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4d98oa.exec:\4d98oa.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\97sv38.exec:\97sv38.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8u5f1.exec:\8u5f1.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ui35117.exec:\ui35117.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xk34q.exec:\xk34q.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fkk951.exec:\fkk951.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2igge.exec:\2igge.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8rri6.exec:\8rri6.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\o89f0n.exec:\o89f0n.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\54gt6ab.exec:\54gt6ab.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\17a3le3.exec:\17a3le3.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6vj7d.exec:\6vj7d.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s5sce.exec:\s5sce.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4k3sqo3.exec:\4k3sqo3.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2mb7k91.exec:\2mb7k91.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6d643lo.exec:\6d643lo.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\l3uuu11.exec:\l3uuu11.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0t19ij9.exec:\0t19ij9.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\owo56ke.exec:\owo56ke.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fl8c9.exec:\fl8c9.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nup11.exec:\nup11.exe23⤵
- Executes dropped EXE
-
\??\c:\6b7gur.exec:\6b7gur.exe24⤵
- Executes dropped EXE
-
\??\c:\jb23c.exec:\jb23c.exe25⤵
- Executes dropped EXE
-
\??\c:\sg37391.exec:\sg37391.exe26⤵
- Executes dropped EXE
-
\??\c:\85oe8u3.exec:\85oe8u3.exe27⤵
- Executes dropped EXE
-
\??\c:\2508hx4.exec:\2508hx4.exe28⤵
- Executes dropped EXE
-
\??\c:\3i5v4.exec:\3i5v4.exe29⤵
- Executes dropped EXE
-
\??\c:\61jm7.exec:\61jm7.exe30⤵
- Executes dropped EXE
-
\??\c:\n371gh.exec:\n371gh.exe31⤵
- Executes dropped EXE
-
\??\c:\8kk2o11.exec:\8kk2o11.exe32⤵
- Executes dropped EXE
-
\??\c:\wu56v.exec:\wu56v.exe33⤵
- Executes dropped EXE
-
\??\c:\6q948lv.exec:\6q948lv.exe34⤵
- Executes dropped EXE
-
\??\c:\39ov1cs.exec:\39ov1cs.exe35⤵
- Executes dropped EXE
-
\??\c:\4keuw.exec:\4keuw.exe36⤵
- Executes dropped EXE
-
\??\c:\5d9w9.exec:\5d9w9.exe37⤵
- Executes dropped EXE
-
\??\c:\p54mus.exec:\p54mus.exe38⤵
- Executes dropped EXE
-
\??\c:\loxmgww.exec:\loxmgww.exe39⤵
- Executes dropped EXE
-
\??\c:\6ik39k.exec:\6ik39k.exe40⤵
- Executes dropped EXE
-
\??\c:\0m1gq.exec:\0m1gq.exe41⤵
- Executes dropped EXE
-
\??\c:\6504j6.exec:\6504j6.exe42⤵
- Executes dropped EXE
-
\??\c:\4fp7of3.exec:\4fp7of3.exe43⤵
- Executes dropped EXE
-
\??\c:\992ii.exec:\992ii.exe44⤵
- Executes dropped EXE
-
\??\c:\j1157u9.exec:\j1157u9.exe45⤵
- Executes dropped EXE
-
\??\c:\1o45m.exec:\1o45m.exe46⤵
- Executes dropped EXE
-
\??\c:\145r45t.exec:\145r45t.exe47⤵
- Executes dropped EXE
-
\??\c:\2qd5ou5.exec:\2qd5ou5.exe48⤵
- Executes dropped EXE
-
\??\c:\11je38.exec:\11je38.exe49⤵
- Executes dropped EXE
-
\??\c:\53959.exec:\53959.exe50⤵
- Executes dropped EXE
-
\??\c:\noi999.exec:\noi999.exe51⤵
- Executes dropped EXE
-
\??\c:\3rblhkw.exec:\3rblhkw.exe52⤵
- Executes dropped EXE
-
\??\c:\1iemu.exec:\1iemu.exe53⤵
- Executes dropped EXE
-
\??\c:\4e9ga1.exec:\4e9ga1.exe54⤵
- Executes dropped EXE
-
\??\c:\n6o0w.exec:\n6o0w.exe55⤵
- Executes dropped EXE
-
\??\c:\2j1tuu.exec:\2j1tuu.exe56⤵
- Executes dropped EXE
-
\??\c:\8a79c.exec:\8a79c.exe57⤵
- Executes dropped EXE
-
\??\c:\jut771.exec:\jut771.exe58⤵
- Executes dropped EXE
-
\??\c:\xu53511.exec:\xu53511.exe59⤵
- Executes dropped EXE
-
\??\c:\s39135o.exec:\s39135o.exe60⤵
- Executes dropped EXE
-
\??\c:\e77n4x.exec:\e77n4x.exe61⤵
- Executes dropped EXE
-
\??\c:\g2gm4.exec:\g2gm4.exe62⤵
- Executes dropped EXE
-
\??\c:\6mgom0.exec:\6mgom0.exe63⤵
- Executes dropped EXE
-
\??\c:\0x3795.exec:\0x3795.exe64⤵
- Executes dropped EXE
-
\??\c:\4s4gv52.exec:\4s4gv52.exe65⤵
- Executes dropped EXE
-
\??\c:\p0biew0.exec:\p0biew0.exe66⤵
-
\??\c:\0ugqu.exec:\0ugqu.exe67⤵
-
\??\c:\4s30kl.exec:\4s30kl.exe68⤵
-
\??\c:\qp52h14.exec:\qp52h14.exe69⤵
-
\??\c:\2xf1qas.exec:\2xf1qas.exe70⤵
-
\??\c:\lqkwui.exec:\lqkwui.exe71⤵
-
\??\c:\6h8b6.exec:\6h8b6.exe72⤵
-
\??\c:\u6i703b.exec:\u6i703b.exe73⤵
-
\??\c:\a8i755.exec:\a8i755.exe74⤵
-
\??\c:\37quc.exec:\37quc.exe75⤵
-
\??\c:\13p9s.exec:\13p9s.exe76⤵
-
\??\c:\t4o1p.exec:\t4o1p.exe77⤵
-
\??\c:\0cga54o.exec:\0cga54o.exe78⤵
-
\??\c:\37av90.exec:\37av90.exe79⤵
-
\??\c:\f36gj59.exec:\f36gj59.exe80⤵
-
\??\c:\96e7ok6.exec:\96e7ok6.exe81⤵
-
\??\c:\79135.exec:\79135.exe82⤵
-
\??\c:\977f0wm.exec:\977f0wm.exe83⤵
-
\??\c:\2mc56e.exec:\2mc56e.exe84⤵
-
\??\c:\6e94qe.exec:\6e94qe.exe85⤵
-
\??\c:\878o3.exec:\878o3.exe86⤵
-
\??\c:\7355737.exec:\7355737.exe87⤵
-
\??\c:\69sr13f.exec:\69sr13f.exe88⤵
-
\??\c:\2i995.exec:\2i995.exe89⤵
-
\??\c:\112t8se.exec:\112t8se.exe90⤵
-
\??\c:\uop7mb7.exec:\uop7mb7.exe91⤵
-
\??\c:\jw1759.exec:\jw1759.exe92⤵
-
\??\c:\b08gg.exec:\b08gg.exe93⤵
-
\??\c:\rw14a.exec:\rw14a.exe94⤵
-
\??\c:\wp5q5.exec:\wp5q5.exe95⤵
-
\??\c:\h3gp2ci.exec:\h3gp2ci.exe96⤵
-
\??\c:\n3779e.exec:\n3779e.exe97⤵
-
\??\c:\937s5.exec:\937s5.exe98⤵
-
\??\c:\r5395sj.exec:\r5395sj.exe99⤵
-
\??\c:\emwuiim.exec:\emwuiim.exe100⤵
-
\??\c:\mmn782d.exec:\mmn782d.exe101⤵
-
\??\c:\oq95kn2.exec:\oq95kn2.exe102⤵
-
\??\c:\798g74a.exec:\798g74a.exe103⤵
-
\??\c:\n5il2k.exec:\n5il2k.exe104⤵
-
\??\c:\23guec7.exec:\23guec7.exe105⤵
-
\??\c:\d953375.exec:\d953375.exe106⤵
-
\??\c:\2b3i8.exec:\2b3i8.exe107⤵
-
\??\c:\fo171.exec:\fo171.exe108⤵
-
\??\c:\l37779.exec:\l37779.exe109⤵
-
\??\c:\caek56.exec:\caek56.exe110⤵
-
\??\c:\9t9wa75.exec:\9t9wa75.exe111⤵
-
\??\c:\qa351.exec:\qa351.exe112⤵
-
\??\c:\hn0ap7.exec:\hn0ap7.exe113⤵
-
\??\c:\0an3o9.exec:\0an3o9.exe114⤵
-
\??\c:\x1cdigq.exec:\x1cdigq.exe115⤵
-
\??\c:\p7913.exec:\p7913.exe116⤵
-
\??\c:\0t5wj.exec:\0t5wj.exe117⤵
-
\??\c:\6b79a.exec:\6b79a.exe118⤵
-
\??\c:\2g55uor.exec:\2g55uor.exe119⤵
-
\??\c:\lj36s.exec:\lj36s.exe120⤵
-
\??\c:\88qu00.exec:\88qu00.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-