Analysis
-
max time kernel
99s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
09-04-2024 22:31
General
-
Target
4ce1cd0e655f19f9eed6a0a4a0132f12.exe
-
Size
421KB
-
MD5
4ce1cd0e655f19f9eed6a0a4a0132f12
-
SHA1
539b98f34c901653e3b3f5e9746d5f3a59d36d13
-
SHA256
29470fdd6e5dfdbd04340a8ac2d21eaf7d43f6363f03335a6d70d82b83f49ff1
-
SHA512
c8297995fa743cc9eaf5f5c1b991d70fd8a0b7492ca56be6db13c525c1c44fb3760551f2c780e9aba788d683142e9a1423967dac8673c7d477a1943cbca0283e
-
SSDEEP
12288:94wFHoSI1zBR/pMT9XvEhdfLzDIxwuUcJ/KE2eSgJ5xsbG2kgSziP3OM:KtBR/O9XvEhdfLzDIxwuUcJ/KE2eSgJQ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 35 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 63 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4ce1cd0e655f19f9eed6a0a4a0132f12.exe"C:\Users\Admin\AppData\Local\Temp\4ce1cd0e655f19f9eed6a0a4a0132f12.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\oobasa3.exec:\oobasa3.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\01si3w.exec:\01si3w.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fx729.exec:\fx729.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4eum9.exec:\4eum9.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\d2g7n5a.exec:\d2g7n5a.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\95ag3i.exec:\95ag3i.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\p3up8w3.exec:\p3up8w3.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\62x1q.exec:\62x1q.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3x5a7.exec:\3x5a7.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\na1rqu.exec:\na1rqu.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4mjc9.exec:\4mjc9.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\01cl9u.exec:\01cl9u.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\am1o16.exec:\am1o16.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\874k2g.exec:\874k2g.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3o0a12.exec:\3o0a12.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pki442d.exec:\pki442d.exe17⤵
- Executes dropped EXE
-
\??\c:\910m3ok.exec:\910m3ok.exe18⤵
- Executes dropped EXE
-
\??\c:\gb24nx.exec:\gb24nx.exe19⤵
- Executes dropped EXE
-
\??\c:\n10u9.exec:\n10u9.exe20⤵
- Executes dropped EXE
-
\??\c:\2g381.exec:\2g381.exe21⤵
- Executes dropped EXE
-
\??\c:\iq37a.exec:\iq37a.exe22⤵
- Executes dropped EXE
-
\??\c:\h1k90a2.exec:\h1k90a2.exe23⤵
- Executes dropped EXE
-
\??\c:\rpmeb8r.exec:\rpmeb8r.exe24⤵
- Executes dropped EXE
-
\??\c:\6f78f35.exec:\6f78f35.exe25⤵
- Executes dropped EXE
-
\??\c:\sn1d1.exec:\sn1d1.exe26⤵
- Executes dropped EXE
-
\??\c:\ilrlm68.exec:\ilrlm68.exe27⤵
- Executes dropped EXE
-
\??\c:\sn8626g.exec:\sn8626g.exe28⤵
- Executes dropped EXE
-
\??\c:\9b92v5.exec:\9b92v5.exe29⤵
- Executes dropped EXE
-
\??\c:\wcm7kkl.exec:\wcm7kkl.exe30⤵
- Executes dropped EXE
-
\??\c:\b0053.exec:\b0053.exe31⤵
- Executes dropped EXE
-
\??\c:\w5m91.exec:\w5m91.exe32⤵
- Executes dropped EXE
-
\??\c:\4h3945.exec:\4h3945.exe33⤵
- Executes dropped EXE
-
\??\c:\7u5g9.exec:\7u5g9.exe34⤵
- Executes dropped EXE
-
\??\c:\m0pu9m.exec:\m0pu9m.exe35⤵
- Executes dropped EXE
-
\??\c:\s8p7j51.exec:\s8p7j51.exe36⤵
- Executes dropped EXE
-
\??\c:\451d56.exec:\451d56.exe37⤵
- Executes dropped EXE
-
\??\c:\05ej2d9.exec:\05ej2d9.exe38⤵
- Executes dropped EXE
-
\??\c:\53i6vg.exec:\53i6vg.exe39⤵
- Executes dropped EXE
-
\??\c:\qcb99v.exec:\qcb99v.exe40⤵
- Executes dropped EXE
-
\??\c:\j5g53.exec:\j5g53.exe41⤵
- Executes dropped EXE
-
\??\c:\80sku.exec:\80sku.exe42⤵
- Executes dropped EXE
-
\??\c:\c6q94.exec:\c6q94.exe43⤵
- Executes dropped EXE
-
\??\c:\7aq2641.exec:\7aq2641.exe44⤵
- Executes dropped EXE
-
\??\c:\29a7383.exec:\29a7383.exe45⤵
- Executes dropped EXE
-
\??\c:\jk9v3.exec:\jk9v3.exe46⤵
- Executes dropped EXE
-
\??\c:\813191g.exec:\813191g.exe47⤵
- Executes dropped EXE
-
\??\c:\w1u975a.exec:\w1u975a.exe48⤵
- Executes dropped EXE
-
\??\c:\v71b1m.exec:\v71b1m.exe49⤵
- Executes dropped EXE
-
\??\c:\3w11e.exec:\3w11e.exe50⤵
- Executes dropped EXE
-
\??\c:\f05487h.exec:\f05487h.exe51⤵
- Executes dropped EXE
-
\??\c:\rw2u9q.exec:\rw2u9q.exe52⤵
- Executes dropped EXE
-
\??\c:\agcoo.exec:\agcoo.exe53⤵
- Executes dropped EXE
-
\??\c:\nk1gn.exec:\nk1gn.exe54⤵
- Executes dropped EXE
-
\??\c:\k8x5gx9.exec:\k8x5gx9.exe55⤵
- Executes dropped EXE
-
\??\c:\6g169.exec:\6g169.exe56⤵
- Executes dropped EXE
-
\??\c:\im5s5i.exec:\im5s5i.exe57⤵
- Executes dropped EXE
-
\??\c:\i0837qb.exec:\i0837qb.exe58⤵
- Executes dropped EXE
-
\??\c:\64ok0w7.exec:\64ok0w7.exe59⤵
- Executes dropped EXE
-
\??\c:\xu448h7.exec:\xu448h7.exe60⤵
- Executes dropped EXE
-
\??\c:\xo2gok.exec:\xo2gok.exe61⤵
- Executes dropped EXE
-
\??\c:\hg94x.exec:\hg94x.exe62⤵
- Executes dropped EXE
-
\??\c:\6u11o.exec:\6u11o.exe63⤵
- Executes dropped EXE
-
\??\c:\6fp19.exec:\6fp19.exe64⤵
- Executes dropped EXE
-
\??\c:\saw9m.exec:\saw9m.exe65⤵
- Executes dropped EXE
-
\??\c:\6aok3.exec:\6aok3.exe66⤵
-
\??\c:\1lqlu.exec:\1lqlu.exe67⤵
-
\??\c:\bss7ku8.exec:\bss7ku8.exe68⤵
-
\??\c:\lh3lt.exec:\lh3lt.exe69⤵
-
\??\c:\5xeoq.exec:\5xeoq.exe70⤵
-
\??\c:\8s5c30l.exec:\8s5c30l.exe71⤵
-
\??\c:\1i9g9s.exec:\1i9g9s.exe72⤵
-
\??\c:\x927cc.exec:\x927cc.exe73⤵
-
\??\c:\l07218.exec:\l07218.exe74⤵
-
\??\c:\1b46k.exec:\1b46k.exe75⤵
-
\??\c:\5f50w5.exec:\5f50w5.exe76⤵
-
\??\c:\4778s6.exec:\4778s6.exe77⤵
-
\??\c:\og7j0.exec:\og7j0.exe78⤵
-
\??\c:\539i771.exec:\539i771.exe79⤵
-
\??\c:\2k351m5.exec:\2k351m5.exe80⤵
-
\??\c:\q6si9.exec:\q6si9.exe81⤵
-
\??\c:\2m78q.exec:\2m78q.exe82⤵
-
\??\c:\bq5511.exec:\bq5511.exe83⤵
-
\??\c:\nu0u7.exec:\nu0u7.exe84⤵
-
\??\c:\c3c3a5.exec:\c3c3a5.exe85⤵
-
\??\c:\07i78o7.exec:\07i78o7.exe86⤵
-
\??\c:\97tuw.exec:\97tuw.exe87⤵
-
\??\c:\5en8p1.exec:\5en8p1.exe88⤵
-
\??\c:\2ugqi9.exec:\2ugqi9.exe89⤵
-
\??\c:\1b75uuo.exec:\1b75uuo.exe90⤵
-
\??\c:\976ig3i.exec:\976ig3i.exe91⤵
-
\??\c:\ec2ad0.exec:\ec2ad0.exe92⤵
-
\??\c:\cs45f.exec:\cs45f.exe93⤵
-
\??\c:\pk36m3.exec:\pk36m3.exe94⤵
-
\??\c:\bvj0i9o.exec:\bvj0i9o.exe95⤵
-
\??\c:\f9ow15.exec:\f9ow15.exe96⤵
-
\??\c:\5kis9.exec:\5kis9.exe97⤵
-
\??\c:\850w7.exec:\850w7.exe98⤵
-
\??\c:\20j8lu.exec:\20j8lu.exe99⤵
-
\??\c:\495ud.exec:\495ud.exe100⤵
-
\??\c:\0at51.exec:\0at51.exe101⤵
-
\??\c:\v2xha70.exec:\v2xha70.exe102⤵
-
\??\c:\l4534iq.exec:\l4534iq.exe103⤵
-
\??\c:\7ocgfe.exec:\7ocgfe.exe104⤵
-
\??\c:\75578.exec:\75578.exe105⤵
-
\??\c:\28x12.exec:\28x12.exe106⤵
-
\??\c:\90ph2d.exec:\90ph2d.exe107⤵
-
\??\c:\krnruv.exec:\krnruv.exe108⤵
-
\??\c:\eaq767.exec:\eaq767.exe109⤵
-
\??\c:\da755.exec:\da755.exe110⤵
-
\??\c:\jsd16o.exec:\jsd16o.exe111⤵
-
\??\c:\69c72k3.exec:\69c72k3.exe112⤵
-
\??\c:\6l94wg5.exec:\6l94wg5.exe113⤵
-
\??\c:\tx3377.exec:\tx3377.exe114⤵
-
\??\c:\rq75p12.exec:\rq75p12.exe115⤵
-
\??\c:\7p35t8.exec:\7p35t8.exe116⤵
-
\??\c:\jknqw2u.exec:\jknqw2u.exe117⤵
-
\??\c:\eh3169.exec:\eh3169.exe118⤵
-
\??\c:\ie4c2e.exec:\ie4c2e.exe119⤵
-
\??\c:\tew6gg.exec:\tew6gg.exe120⤵
-
\??\c:\9956e3.exec:\9956e3.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-