Analysis
-
max time kernel
149s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
09/04/2024, 23:31
General
-
Target
d50dc2c01aac6349e0cccf40a18760f2.exe
-
Size
266KB
-
MD5
d50dc2c01aac6349e0cccf40a18760f2
-
SHA1
84664fd5abd994631b27967a5972c6af9a818b93
-
SHA256
31abd0bea69bb7fe3a58f5c04150f3c21f2701a0315453d52204d4dc572206e4
-
SHA512
0531ff6cde44e6a5351c651b391f3b69c57fe6d4acdc046f830350afab50c015ca63733bf8a30fc451b387a06004a10224bb2c29481e247e030ea7f09f901644
-
SSDEEP
3072:ymb3NkkiQ3mdBjFIi/0RU6QeYQsm71vPmPzTkV2y/QTa9RBZydZbf83pnzgmmIMr:n3C9BRIG0asYFm71mPfkVB8dKwaWb
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 32 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 60 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d50dc2c01aac6349e0cccf40a18760f2.exe"C:\Users\Admin\AppData\Local\Temp\d50dc2c01aac6349e0cccf40a18760f2.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lrtfj.exec:\lrtfj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vlxvfrd.exec:\vlxvfrd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\npbxx.exec:\npbxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jtphdl.exec:\jtphdl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppbjtdx.exec:\ppbjtdx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rtfjf.exec:\rtfjf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlhlxjd.exec:\xlhlxjd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bfpxjtf.exec:\bfpxjtf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jrjpxb.exec:\jrjpxb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnjfjj.exec:\hnnjfjj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vlphvp.exec:\vlphvp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfrd.exec:\rllfrd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xvlln.exec:\xvlln.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vrtbjl.exec:\vrtbjl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrnxl.exec:\xrnxl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vlhpxnj.exec:\vlhpxnj.exe17⤵
- Executes dropped EXE
-
\??\c:\jphvbvj.exec:\jphvbvj.exe18⤵
- Executes dropped EXE
-
\??\c:\pbtjbp.exec:\pbtjbp.exe19⤵
- Executes dropped EXE
-
\??\c:\blbjj.exec:\blbjj.exe20⤵
- Executes dropped EXE
-
\??\c:\vthddt.exec:\vthddt.exe21⤵
- Executes dropped EXE
-
\??\c:\phpnnhl.exec:\phpnnhl.exe22⤵
- Executes dropped EXE
-
\??\c:\lfnvvn.exec:\lfnvvn.exe23⤵
- Executes dropped EXE
-
\??\c:\rfhtvlj.exec:\rfhtvlj.exe24⤵
- Executes dropped EXE
-
\??\c:\bbjpvh.exec:\bbjpvh.exe25⤵
- Executes dropped EXE
-
\??\c:\jpjtbt.exec:\jpjtbt.exe26⤵
- Executes dropped EXE
-
\??\c:\llffrf.exec:\llffrf.exe27⤵
- Executes dropped EXE
-
\??\c:\xbthrnh.exec:\xbthrnh.exe28⤵
- Executes dropped EXE
-
\??\c:\ljbdf.exec:\ljbdf.exe29⤵
- Executes dropped EXE
-
\??\c:\xflvxt.exec:\xflvxt.exe30⤵
- Executes dropped EXE
-
\??\c:\xdbbjx.exec:\xdbbjx.exe31⤵
- Executes dropped EXE
-
\??\c:\blpjb.exec:\blpjb.exe32⤵
- Executes dropped EXE
-
\??\c:\vfnlvx.exec:\vfnlvx.exe33⤵
- Executes dropped EXE
-
\??\c:\xhpfd.exec:\xhpfd.exe34⤵
- Executes dropped EXE
-
\??\c:\xvdxh.exec:\xvdxh.exe35⤵
- Executes dropped EXE
-
\??\c:\lldjhn.exec:\lldjhn.exe36⤵
- Executes dropped EXE
-
\??\c:\lvdfr.exec:\lvdfr.exe37⤵
- Executes dropped EXE
-
\??\c:\htftxxp.exec:\htftxxp.exe38⤵
- Executes dropped EXE
-
\??\c:\rrtbhxh.exec:\rrtbhxh.exe39⤵
- Executes dropped EXE
-
\??\c:\prxdp.exec:\prxdp.exe40⤵
- Executes dropped EXE
-
\??\c:\pfjbntx.exec:\pfjbntx.exe41⤵
- Executes dropped EXE
-
\??\c:\jbdpb.exec:\jbdpb.exe42⤵
- Executes dropped EXE
-
\??\c:\nbxhtbd.exec:\nbxhtbd.exe43⤵
- Executes dropped EXE
-
\??\c:\ljbnhth.exec:\ljbnhth.exe44⤵
- Executes dropped EXE
-
\??\c:\flprj.exec:\flprj.exe45⤵
- Executes dropped EXE
-
\??\c:\lffft.exec:\lffft.exe46⤵
- Executes dropped EXE
-
\??\c:\dnfhrl.exec:\dnfhrl.exe47⤵
- Executes dropped EXE
-
\??\c:\ttbvpll.exec:\ttbvpll.exe48⤵
- Executes dropped EXE
-
\??\c:\vlntv.exec:\vlntv.exe49⤵
- Executes dropped EXE
-
\??\c:\tfldx.exec:\tfldx.exe50⤵
- Executes dropped EXE
-
\??\c:\ltpdd.exec:\ltpdd.exe51⤵
- Executes dropped EXE
-
\??\c:\xhvpn.exec:\xhvpn.exe52⤵
- Executes dropped EXE
-
\??\c:\rblhpx.exec:\rblhpx.exe53⤵
- Executes dropped EXE
-
\??\c:\fprxd.exec:\fprxd.exe54⤵
- Executes dropped EXE
-
\??\c:\txrrph.exec:\txrrph.exe55⤵
- Executes dropped EXE
-
\??\c:\tnnttdb.exec:\tnnttdb.exe56⤵
- Executes dropped EXE
-
\??\c:\djphdp.exec:\djphdp.exe57⤵
- Executes dropped EXE
-
\??\c:\jvfltl.exec:\jvfltl.exe58⤵
- Executes dropped EXE
-
\??\c:\xvppxj.exec:\xvppxj.exe59⤵
- Executes dropped EXE
-
\??\c:\rfxln.exec:\rfxln.exe60⤵
- Executes dropped EXE
-
\??\c:\nrfhfhh.exec:\nrfhfhh.exe61⤵
- Executes dropped EXE
-
\??\c:\pvdflbr.exec:\pvdflbr.exe62⤵
- Executes dropped EXE
-
\??\c:\pxlxtd.exec:\pxlxtd.exe63⤵
- Executes dropped EXE
-
\??\c:\htnfj.exec:\htnfj.exe64⤵
- Executes dropped EXE
-
\??\c:\hjtbdfd.exec:\hjtbdfd.exe65⤵
- Executes dropped EXE
-
\??\c:\dfbdhf.exec:\dfbdhf.exe66⤵
-
\??\c:\pfjtpb.exec:\pfjtpb.exe67⤵
-
\??\c:\tnrjtnl.exec:\tnrjtnl.exe68⤵
-
\??\c:\rplph.exec:\rplph.exe69⤵
-
\??\c:\hlrbdlh.exec:\hlrbdlh.exe70⤵
-
\??\c:\xhfdv.exec:\xhfdv.exe71⤵
-
\??\c:\lpxxlx.exec:\lpxxlx.exe72⤵
-
\??\c:\fnpbfbb.exec:\fnpbfbb.exe73⤵
-
\??\c:\xhlfdxv.exec:\xhlfdxv.exe74⤵
-
\??\c:\jxbxnt.exec:\jxbxnt.exe75⤵
-
\??\c:\nvxvnvx.exec:\nvxvnvx.exe76⤵
-
\??\c:\rpjvtd.exec:\rpjvtd.exe77⤵
-
\??\c:\bhjfxtj.exec:\bhjfxtj.exe78⤵
-
\??\c:\xnplj.exec:\xnplj.exe79⤵
-
\??\c:\vhrrrrp.exec:\vhrrrrp.exe80⤵
-
\??\c:\llbdvh.exec:\llbdvh.exe81⤵
-
\??\c:\tphrj.exec:\tphrj.exe82⤵
-
\??\c:\lbjlj.exec:\lbjlj.exe83⤵
-
\??\c:\tfldnx.exec:\tfldnx.exe84⤵
-
\??\c:\plrxph.exec:\plrxph.exe85⤵
-
\??\c:\jxljrh.exec:\jxljrh.exe86⤵
-
\??\c:\vlxpbl.exec:\vlxpbl.exe87⤵
-
\??\c:\ljfdd.exec:\ljfdd.exe88⤵
-
\??\c:\dfblb.exec:\dfblb.exe89⤵
-
\??\c:\nphntd.exec:\nphntd.exe90⤵
-
\??\c:\jdfhxt.exec:\jdfhxt.exe91⤵
-
\??\c:\nbhhvd.exec:\nbhhvd.exe92⤵
-
\??\c:\jhvhjb.exec:\jhvhjb.exe93⤵
-
\??\c:\pxjhd.exec:\pxjhd.exe94⤵
-
\??\c:\dbvfdt.exec:\dbvfdt.exe95⤵
-
\??\c:\xrbbpf.exec:\xrbbpf.exe96⤵
-
\??\c:\jllhhp.exec:\jllhhp.exe97⤵
-
\??\c:\jvhxnv.exec:\jvhxnv.exe98⤵
-
\??\c:\vblnrnl.exec:\vblnrnl.exe99⤵
-
\??\c:\nnjxr.exec:\nnjxr.exe100⤵
-
\??\c:\vdtlhnj.exec:\vdtlhnj.exe101⤵
-
\??\c:\txlbfp.exec:\txlbfp.exe102⤵
-
\??\c:\jxptdp.exec:\jxptdp.exe103⤵
-
\??\c:\rfnbnt.exec:\rfnbnt.exe104⤵
-
\??\c:\ndhttjj.exec:\ndhttjj.exe105⤵
-
\??\c:\flnlrd.exec:\flnlrd.exe106⤵
-
\??\c:\jbnxnp.exec:\jbnxnp.exe107⤵
-
\??\c:\thhthdr.exec:\thhthdr.exe108⤵
-
\??\c:\hrdxl.exec:\hrdxl.exe109⤵
-
\??\c:\rvnbl.exec:\rvnbl.exe110⤵
-
\??\c:\xfpnflt.exec:\xfpnflt.exe111⤵
-
\??\c:\pttjrv.exec:\pttjrv.exe112⤵
-
\??\c:\tjdrl.exec:\tjdrl.exe113⤵
-
\??\c:\vprhb.exec:\vprhb.exe114⤵
-
\??\c:\dblfll.exec:\dblfll.exe115⤵
-
\??\c:\fvjtr.exec:\fvjtr.exe116⤵
-
\??\c:\pxxpddl.exec:\pxxpddl.exe117⤵
-
\??\c:\lpttvt.exec:\lpttvt.exe118⤵
-
\??\c:\tnnxfb.exec:\tnnxfb.exe119⤵
-
\??\c:\lftdt.exec:\lftdt.exe120⤵
-
\??\c:\xpjvjpl.exec:\xpjvjpl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-