Analysis
-
max time kernel
151s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
09/04/2024, 23:30
General
-
Target
d1b3eb950001496ed4f7a05f5bc2f5b1.exe
-
Size
246KB
-
MD5
d1b3eb950001496ed4f7a05f5bc2f5b1
-
SHA1
e2b2793b017e358fb1e5731947c67e35cc5ee52d
-
SHA256
18a4a95585340aa6c9e7cfd70ac005e87abb1b35b7944112ef33ae37c888ded8
-
SHA512
6a7e5a1b0f93cb4e71aa61dbd2e463a8e1dd3d43c0bb53a4657a060a57a17e935001edaca6e245030ee11b17df45d1d426b4896e9c51b2ebd777e93e890c30f3
-
SSDEEP
3072:chOmTsF93UYfwC6GIoutieyhC2lbgGi5yLpcgDE4JBuItR8pTsgZ9WT4iaz+s:ccm4FmowdHoSi9EIBftapTs4WZazp
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 50 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d1b3eb950001496ed4f7a05f5bc2f5b1.exe"C:\Users\Admin\AppData\Local\Temp\d1b3eb950001496ed4f7a05f5bc2f5b1.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rk0g4e.exec:\rk0g4e.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2eb97.exec:\2eb97.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\654ts.exec:\654ts.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3g6128g.exec:\3g6128g.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\f4lo25v.exec:\f4lo25v.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0kfa28.exec:\0kfa28.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rki0q05.exec:\rki0q05.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\45ue4s9.exec:\45ue4s9.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\l2r5t5.exec:\l2r5t5.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\030o7k.exec:\030o7k.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ot0k.exec:\7ot0k.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jg94o98.exec:\jg94o98.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\97ed2ov.exec:\97ed2ov.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u99a5.exec:\u99a5.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ju2a15u.exec:\ju2a15u.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6c38b13.exec:\6c38b13.exe17⤵
- Executes dropped EXE
-
\??\c:\61qt6.exec:\61qt6.exe18⤵
- Executes dropped EXE
-
\??\c:\la72q58.exec:\la72q58.exe19⤵
- Executes dropped EXE
-
\??\c:\8kqa5.exec:\8kqa5.exe20⤵
- Executes dropped EXE
-
\??\c:\82tv9ov.exec:\82tv9ov.exe21⤵
- Executes dropped EXE
-
\??\c:\252u318.exec:\252u318.exe22⤵
- Executes dropped EXE
-
\??\c:\r0emm.exec:\r0emm.exe23⤵
- Executes dropped EXE
-
\??\c:\qp52dp.exec:\qp52dp.exe24⤵
- Executes dropped EXE
-
\??\c:\kpa22.exec:\kpa22.exe25⤵
- Executes dropped EXE
-
\??\c:\2ed47.exec:\2ed47.exe26⤵
- Executes dropped EXE
-
\??\c:\88m721e.exec:\88m721e.exe27⤵
- Executes dropped EXE
-
\??\c:\1m7m7.exec:\1m7m7.exe28⤵
- Executes dropped EXE
-
\??\c:\acgo349.exec:\acgo349.exe29⤵
- Executes dropped EXE
-
\??\c:\2799mu5.exec:\2799mu5.exe30⤵
- Executes dropped EXE
-
\??\c:\27031.exec:\27031.exe31⤵
- Executes dropped EXE
-
\??\c:\omf28.exec:\omf28.exe32⤵
- Executes dropped EXE
-
\??\c:\5p293.exec:\5p293.exe33⤵
- Executes dropped EXE
-
\??\c:\57cnxm8.exec:\57cnxm8.exe34⤵
- Executes dropped EXE
-
\??\c:\nmmh4f.exec:\nmmh4f.exe35⤵
- Executes dropped EXE
-
\??\c:\4296go.exec:\4296go.exe36⤵
- Executes dropped EXE
-
\??\c:\23mq0.exec:\23mq0.exe37⤵
- Executes dropped EXE
-
\??\c:\4c43d8r.exec:\4c43d8r.exe38⤵
- Executes dropped EXE
-
\??\c:\3f5o98.exec:\3f5o98.exe39⤵
- Executes dropped EXE
-
\??\c:\j38e6s4.exec:\j38e6s4.exe40⤵
- Executes dropped EXE
-
\??\c:\lh979.exec:\lh979.exe41⤵
- Executes dropped EXE
-
\??\c:\3r8f5.exec:\3r8f5.exe42⤵
- Executes dropped EXE
-
\??\c:\d919ck.exec:\d919ck.exe43⤵
- Executes dropped EXE
-
\??\c:\42601j.exec:\42601j.exe44⤵
- Executes dropped EXE
-
\??\c:\3u17p3.exec:\3u17p3.exe45⤵
- Executes dropped EXE
-
\??\c:\dc31m.exec:\dc31m.exe46⤵
- Executes dropped EXE
-
\??\c:\k1e1t.exec:\k1e1t.exe47⤵
- Executes dropped EXE
-
\??\c:\e3313.exec:\e3313.exe48⤵
- Executes dropped EXE
-
\??\c:\oi7c7w1.exec:\oi7c7w1.exe49⤵
- Executes dropped EXE
-
\??\c:\65cdc.exec:\65cdc.exe50⤵
- Executes dropped EXE
-
\??\c:\8wu9ap.exec:\8wu9ap.exe51⤵
- Executes dropped EXE
-
\??\c:\6ct5c9.exec:\6ct5c9.exe52⤵
- Executes dropped EXE
-
\??\c:\233oa1.exec:\233oa1.exe53⤵
- Executes dropped EXE
-
\??\c:\899aec.exec:\899aec.exe54⤵
- Executes dropped EXE
-
\??\c:\tl532v1.exec:\tl532v1.exe55⤵
- Executes dropped EXE
-
\??\c:\8w5tn.exec:\8w5tn.exe56⤵
- Executes dropped EXE
-
\??\c:\rkpe1.exec:\rkpe1.exe57⤵
- Executes dropped EXE
-
\??\c:\4re55km.exec:\4re55km.exe58⤵
- Executes dropped EXE
-
\??\c:\95kg77.exec:\95kg77.exe59⤵
- Executes dropped EXE
-
\??\c:\e7283q7.exec:\e7283q7.exe60⤵
- Executes dropped EXE
-
\??\c:\moww3uw.exec:\moww3uw.exe61⤵
- Executes dropped EXE
-
\??\c:\vwl54w.exec:\vwl54w.exe62⤵
- Executes dropped EXE
-
\??\c:\c4e31c.exec:\c4e31c.exe63⤵
- Executes dropped EXE
-
\??\c:\4536egm.exec:\4536egm.exe64⤵
- Executes dropped EXE
-
\??\c:\67739.exec:\67739.exe65⤵
- Executes dropped EXE
-
\??\c:\0ass36l.exec:\0ass36l.exe66⤵
-
\??\c:\e0htv.exec:\e0htv.exe67⤵
-
\??\c:\4356v.exec:\4356v.exe68⤵
-
\??\c:\33l3as.exec:\33l3as.exe69⤵
-
\??\c:\j9mh4.exec:\j9mh4.exe70⤵
-
\??\c:\k18o1mf.exec:\k18o1mf.exe71⤵
-
\??\c:\8a9f5r4.exec:\8a9f5r4.exe72⤵
-
\??\c:\oc09lg8.exec:\oc09lg8.exe73⤵
-
\??\c:\6o7be9.exec:\6o7be9.exe74⤵
-
\??\c:\vhw333g.exec:\vhw333g.exe75⤵
-
\??\c:\6o0wc.exec:\6o0wc.exe76⤵
-
\??\c:\k03616c.exec:\k03616c.exe77⤵
-
\??\c:\pcc5w.exec:\pcc5w.exe78⤵
-
\??\c:\h6t3o9i.exec:\h6t3o9i.exe79⤵
-
\??\c:\47kk7.exec:\47kk7.exe80⤵
-
\??\c:\0i7e0.exec:\0i7e0.exe81⤵
-
\??\c:\i66eg.exec:\i66eg.exe82⤵
-
\??\c:\077d1m1.exec:\077d1m1.exe83⤵
-
\??\c:\wws73.exec:\wws73.exe84⤵
-
\??\c:\890w3.exec:\890w3.exe85⤵
-
\??\c:\b4xa4.exec:\b4xa4.exe86⤵
-
\??\c:\17262.exec:\17262.exe87⤵
-
\??\c:\x8ip7mr.exec:\x8ip7mr.exe88⤵
-
\??\c:\q6f0d.exec:\q6f0d.exe89⤵
-
\??\c:\3m347g3.exec:\3m347g3.exe90⤵
-
\??\c:\r72u9e.exec:\r72u9e.exe91⤵
-
\??\c:\6mr952.exec:\6mr952.exe92⤵
-
\??\c:\qut7gw.exec:\qut7gw.exe93⤵
-
\??\c:\x7kp72.exec:\x7kp72.exe94⤵
-
\??\c:\pcol1.exec:\pcol1.exe95⤵
-
\??\c:\36r7sr.exec:\36r7sr.exe96⤵
-
\??\c:\148t41.exec:\148t41.exe97⤵
-
\??\c:\8m87cdw.exec:\8m87cdw.exe98⤵
-
\??\c:\3277u.exec:\3277u.exe99⤵
-
\??\c:\du930p1.exec:\du930p1.exe100⤵
-
\??\c:\t693h.exec:\t693h.exe101⤵
-
\??\c:\4k5pm.exec:\4k5pm.exe102⤵
-
\??\c:\5o77s3.exec:\5o77s3.exe103⤵
-
\??\c:\fas5mk.exec:\fas5mk.exe104⤵
-
\??\c:\5hm97dn.exec:\5hm97dn.exe105⤵
-
\??\c:\f2tjw2a.exec:\f2tjw2a.exe106⤵
-
\??\c:\3ff29.exec:\3ff29.exe107⤵
-
\??\c:\pc9a7.exec:\pc9a7.exe108⤵
-
\??\c:\6vnc2.exec:\6vnc2.exe109⤵
-
\??\c:\3aaa3a.exec:\3aaa3a.exe110⤵
-
\??\c:\3g37q.exec:\3g37q.exe111⤵
-
\??\c:\j8a8n.exec:\j8a8n.exe112⤵
-
\??\c:\nck7mc1.exec:\nck7mc1.exe113⤵
-
\??\c:\321vr3.exec:\321vr3.exe114⤵
-
\??\c:\8l6ov8.exec:\8l6ov8.exe115⤵
-
\??\c:\2w91nt2.exec:\2w91nt2.exe116⤵
-
\??\c:\dr3c7.exec:\dr3c7.exe117⤵
-
\??\c:\4u7s5q6.exec:\4u7s5q6.exe118⤵
-
\??\c:\8no4495.exec:\8no4495.exe119⤵
-
\??\c:\9ap3ch.exec:\9ap3ch.exe120⤵
-
\??\c:\js0977s.exec:\js0977s.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-