Analysis
-
max time kernel
150s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
09/04/2024, 22:25
General
-
Target
45fb6d1618564ab60ecd1885d7691129.exe
-
Size
86KB
-
MD5
45fb6d1618564ab60ecd1885d7691129
-
SHA1
924fe2a20095f71c1468a80b3c914cfcf7522284
-
SHA256
558d573492cd5f8ab83b9f1e46c467b4695f1d4d627a26eee6e84c3f7f9bd3b2
-
SHA512
b59bce56b100bbaf3d3d432e9d7e609485f1a1dc1d9e87114e8e270eb9f1036aab3112484e02890b1d144a82b3c1eda9e66bd84546ed96538d37c5442de54078
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND+3T4+C2iJvRirE0DmmdL2jqWkj:ymb3NkkiQ3mdBjF+3TU2iBRioSumWs
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 41 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 51 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\45fb6d1618564ab60ecd1885d7691129.exe"C:\Users\Admin\AppData\Local\Temp\45fb6d1618564ab60ecd1885d7691129.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3flxrlf.exec:\3flxrlf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vdvj.exec:\5vdvj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ntbbt.exec:\3ntbbt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlrlrl.exec:\lrlrlrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btntbh.exec:\btntbh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrllfr.exec:\xxrllfr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhnt.exec:\btnhnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxlrff.exec:\lxxlrff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbtt.exec:\hbbbtt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dvdp.exec:\7dvdp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhtnh.exec:\nnhtnh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxlffl.exec:\fxxlffl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bbhhh.exec:\9bbhhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pddv.exec:\1pddv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbbnh.exec:\bnbbnh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ffrlff.exec:\9ffrlff.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbtnt.exec:\hbbtnt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5fffxxx.exec:\5fffxxx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnnhh.exec:\thnnhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddvj.exec:\vddvj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hhhtn.exec:\9hhhtn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrfrrf.exec:\xlrfrrf.exe23⤵
- Executes dropped EXE
-
\??\c:\jjppv.exec:\jjppv.exe24⤵
- Executes dropped EXE
-
\??\c:\1rrlflf.exec:\1rrlflf.exe25⤵
- Executes dropped EXE
-
\??\c:\jjppp.exec:\jjppp.exe26⤵
- Executes dropped EXE
-
\??\c:\lllrfxl.exec:\lllrfxl.exe27⤵
- Executes dropped EXE
-
\??\c:\bnhtnh.exec:\bnhtnh.exe28⤵
- Executes dropped EXE
-
\??\c:\llxxflx.exec:\llxxflx.exe29⤵
- Executes dropped EXE
-
\??\c:\hnbnbb.exec:\hnbnbb.exe30⤵
- Executes dropped EXE
-
\??\c:\pjvpp.exec:\pjvpp.exe31⤵
- Executes dropped EXE
-
\??\c:\ntttnn.exec:\ntttnn.exe32⤵
- Executes dropped EXE
-
\??\c:\xflfffx.exec:\xflfffx.exe33⤵
- Executes dropped EXE
-
\??\c:\ttthnb.exec:\ttthnb.exe34⤵
- Executes dropped EXE
-
\??\c:\ddjdp.exec:\ddjdp.exe35⤵
- Executes dropped EXE
-
\??\c:\vvvvp.exec:\vvvvp.exe36⤵
-
\??\c:\xlrxxrx.exec:\xlrxxrx.exe37⤵
- Executes dropped EXE
-
\??\c:\nhbnbn.exec:\nhbnbn.exe38⤵
- Executes dropped EXE
-
\??\c:\jdvpd.exec:\jdvpd.exe39⤵
- Executes dropped EXE
-
\??\c:\1bnntb.exec:\1bnntb.exe40⤵
- Executes dropped EXE
-
\??\c:\lfllfll.exec:\lfllfll.exe41⤵
- Executes dropped EXE
-
\??\c:\htbbhh.exec:\htbbhh.exe42⤵
- Executes dropped EXE
-
\??\c:\3ttbtb.exec:\3ttbtb.exe43⤵
- Executes dropped EXE
-
\??\c:\frxlfrl.exec:\frxlfrl.exe44⤵
- Executes dropped EXE
-
\??\c:\jvvpp.exec:\jvvpp.exe45⤵
- Executes dropped EXE
-
\??\c:\lfxrlfr.exec:\lfxrlfr.exe46⤵
- Executes dropped EXE
-
\??\c:\5tbntb.exec:\5tbntb.exe47⤵
- Executes dropped EXE
-
\??\c:\5vpjv.exec:\5vpjv.exe48⤵
- Executes dropped EXE
-
\??\c:\rlrlffl.exec:\rlrlffl.exe49⤵
- Executes dropped EXE
-
\??\c:\vpvvp.exec:\vpvvp.exe50⤵
- Executes dropped EXE
-
\??\c:\hhnnhb.exec:\hhnnhb.exe51⤵
- Executes dropped EXE
-
\??\c:\dpdjj.exec:\dpdjj.exe52⤵
- Executes dropped EXE
-
\??\c:\3rlflxr.exec:\3rlflxr.exe53⤵
- Executes dropped EXE
-
\??\c:\vpjdp.exec:\vpjdp.exe54⤵
- Executes dropped EXE
-
\??\c:\ddvpd.exec:\ddvpd.exe55⤵
- Executes dropped EXE
-
\??\c:\bhnttb.exec:\bhnttb.exe56⤵
- Executes dropped EXE
-
\??\c:\dvddd.exec:\dvddd.exe57⤵
- Executes dropped EXE
-
\??\c:\xxlrflx.exec:\xxlrflx.exe58⤵
- Executes dropped EXE
-
\??\c:\fxflflf.exec:\fxflflf.exe59⤵
- Executes dropped EXE
-
\??\c:\hhnhtb.exec:\hhnhtb.exe60⤵
- Executes dropped EXE
-
\??\c:\rlxxxll.exec:\rlxxxll.exe61⤵
- Executes dropped EXE
-
\??\c:\3jjjd.exec:\3jjjd.exe62⤵
- Executes dropped EXE
-
\??\c:\hhnnhn.exec:\hhnnhn.exe63⤵
- Executes dropped EXE
-
\??\c:\jdpjv.exec:\jdpjv.exe64⤵
- Executes dropped EXE
-
\??\c:\bnhbtn.exec:\bnhbtn.exe65⤵
- Executes dropped EXE
-
\??\c:\dppjd.exec:\dppjd.exe66⤵
- Executes dropped EXE
-
\??\c:\rrlllrr.exec:\rrlllrr.exe67⤵
-
\??\c:\nnhhbb.exec:\nnhhbb.exe68⤵
-
\??\c:\rllfrlr.exec:\rllfrlr.exe69⤵
-
\??\c:\bntttt.exec:\bntttt.exe70⤵
-
\??\c:\5jdpd.exec:\5jdpd.exe71⤵
-
\??\c:\thnhhb.exec:\thnhhb.exe72⤵
-
\??\c:\rffrflf.exec:\rffrflf.exe73⤵
-
\??\c:\nhhthb.exec:\nhhthb.exe74⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe75⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe76⤵
-
\??\c:\nnttnt.exec:\nnttnt.exe77⤵
-
\??\c:\jddvj.exec:\jddvj.exe78⤵
-
\??\c:\rffrffr.exec:\rffrffr.exe79⤵
-
\??\c:\lxxlrff.exec:\lxxlrff.exe80⤵
-
\??\c:\frxrrxf.exec:\frxrrxf.exe81⤵
-
\??\c:\jddvd.exec:\jddvd.exe82⤵
-
\??\c:\7flfrlf.exec:\7flfrlf.exe83⤵
-
\??\c:\pjdpj.exec:\pjdpj.exe84⤵
-
\??\c:\xrlxrlf.exec:\xrlxrlf.exe85⤵
-
\??\c:\ntnnhn.exec:\ntnnhn.exe86⤵
-
\??\c:\rxxxflr.exec:\rxxxflr.exe87⤵
-
\??\c:\btnbhb.exec:\btnbhb.exe88⤵
-
\??\c:\pvvvj.exec:\pvvvj.exe89⤵
-
\??\c:\5rfxlfr.exec:\5rfxlfr.exe90⤵
-
\??\c:\3ppjd.exec:\3ppjd.exe91⤵
-
\??\c:\xfllfrr.exec:\xfllfrr.exe92⤵
-
\??\c:\bthhbt.exec:\bthhbt.exe93⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe94⤵
-
\??\c:\7xfxlxr.exec:\7xfxlxr.exe95⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe96⤵
-
\??\c:\9frxlrx.exec:\9frxlrx.exe97⤵
-
\??\c:\dvvdd.exec:\dvvdd.exe98⤵
-
\??\c:\frxfxfl.exec:\frxfxfl.exe99⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe100⤵
-
\??\c:\9frxxfr.exec:\9frxxfr.exe101⤵
-
\??\c:\bttbbb.exec:\bttbbb.exe102⤵
-
\??\c:\frlxlxl.exec:\frlxlxl.exe103⤵
-
\??\c:\hntbbh.exec:\hntbbh.exe104⤵
-
\??\c:\dpjdv.exec:\dpjdv.exe105⤵
-
\??\c:\bhbbtt.exec:\bhbbtt.exe106⤵
-
\??\c:\dpjdp.exec:\dpjdp.exe107⤵
-
\??\c:\bhtbbn.exec:\bhtbbn.exe108⤵
-
\??\c:\dddpd.exec:\dddpd.exe109⤵
-
\??\c:\xxlxlfx.exec:\xxlxlfx.exe110⤵
-
\??\c:\9nbbbb.exec:\9nbbbb.exe111⤵
-
\??\c:\jpjdp.exec:\jpjdp.exe112⤵
-
\??\c:\rlfrfrl.exec:\rlfrfrl.exe113⤵
-
\??\c:\9ttbtn.exec:\9ttbtn.exe114⤵
-
\??\c:\9lxfrrl.exec:\9lxfrrl.exe115⤵
-
\??\c:\tbtnbh.exec:\tbtnbh.exe116⤵
-
\??\c:\vppdp.exec:\vppdp.exe117⤵
-
\??\c:\lxxllfx.exec:\lxxllfx.exe118⤵
-
\??\c:\pjdpj.exec:\pjdpj.exe119⤵
-
\??\c:\7llfxxx.exec:\7llfxxx.exe120⤵
-
\??\c:\hnnhbb.exec:\hnnhbb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-