Analysis
-
max time kernel
24s -
max time network
22s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
09-04-2024 02:27
General
-
Target
cb939d765059d122d701ce34681010fc71ef170dbfb4919bfcd2dde0abedc555.exe
-
Size
65KB
-
MD5
887da75f0662242714b915ac20d4130f
-
SHA1
0986169c1390e53057114a326149588f1fcd3dc1
-
SHA256
cb939d765059d122d701ce34681010fc71ef170dbfb4919bfcd2dde0abedc555
-
SHA512
ea219ffadbe0e57422d31db729d41b54768930c1d31b5b2a45daa1968f556d120d8b527c72e1e363576230de99c0cb106a8f99be91b0ee503511e38b0d63c698
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUPqrDdo:ymb3NkkiQ3mdBjF0yUmO
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 43 IoCs
-
UPX dump on OEP (original entry point) 58 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 58 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cb939d765059d122d701ce34681010fc71ef170dbfb4919bfcd2dde0abedc555.exe"C:\Users\Admin\AppData\Local\Temp\cb939d765059d122d701ce34681010fc71ef170dbfb4919bfcd2dde0abedc555.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fm9s3.exec:\fm9s3.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7iqeke.exec:\7iqeke.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i8ae86s.exec:\i8ae86s.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\j7kas.exec:\j7kas.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2gwcgg.exec:\2gwcgg.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6p74wt4.exec:\6p74wt4.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ssswck.exec:\3ssswck.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nacsk39.exec:\nacsk39.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\mokuek.exec:\mokuek.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\73b7w.exec:\73b7w.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6667n.exec:\6667n.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0msockc.exec:\0msockc.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0155f7.exec:\0155f7.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6345f.exec:\6345f.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8gmcooe.exec:\8gmcooe.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\gncl90u.exec:\gncl90u.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\11mqc3.exec:\11mqc3.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5i9t0.exec:\5i9t0.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\92117.exec:\92117.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9577571.exec:\9577571.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\f35g77.exec:\f35g77.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\n34a7c.exec:\n34a7c.exe23⤵
- Executes dropped EXE
-
\??\c:\n0q34ah.exec:\n0q34ah.exe24⤵
- Executes dropped EXE
-
\??\c:\xat2l00.exec:\xat2l00.exe25⤵
- Executes dropped EXE
-
\??\c:\21bj2o.exec:\21bj2o.exe26⤵
- Executes dropped EXE
-
\??\c:\6m560qe.exec:\6m560qe.exe27⤵
- Executes dropped EXE
-
\??\c:\6x78f3i.exec:\6x78f3i.exe28⤵
- Executes dropped EXE
-
\??\c:\654696r.exec:\654696r.exe29⤵
- Executes dropped EXE
-
\??\c:\99wg7ew.exec:\99wg7ew.exe30⤵
- Executes dropped EXE
-
\??\c:\47g57c.exec:\47g57c.exe31⤵
- Executes dropped EXE
-
\??\c:\p3gci.exec:\p3gci.exe32⤵
- Executes dropped EXE
-
\??\c:\67n38i.exec:\67n38i.exe33⤵
- Executes dropped EXE
-
\??\c:\0w59ks9.exec:\0w59ks9.exe34⤵
- Executes dropped EXE
-
\??\c:\5a37579.exec:\5a37579.exe35⤵
- Executes dropped EXE
-
\??\c:\57qv2it.exec:\57qv2it.exe36⤵
- Executes dropped EXE
-
\??\c:\2gd81.exec:\2gd81.exe37⤵
- Executes dropped EXE
-
\??\c:\fbxt5rk.exec:\fbxt5rk.exe38⤵
- Executes dropped EXE
-
\??\c:\1g151.exec:\1g151.exe39⤵
- Executes dropped EXE
-
\??\c:\0er83.exec:\0er83.exe40⤵
- Executes dropped EXE
-
\??\c:\175935.exec:\175935.exe41⤵
- Executes dropped EXE
-
\??\c:\biv399.exec:\biv399.exe42⤵
- Executes dropped EXE
-
\??\c:\uqkmn.exec:\uqkmn.exe43⤵
- Executes dropped EXE
-
\??\c:\q31551.exec:\q31551.exe44⤵
- Executes dropped EXE
-
\??\c:\d713993.exec:\d713993.exe45⤵
- Executes dropped EXE
-
\??\c:\x956kk.exec:\x956kk.exe46⤵
- Executes dropped EXE
-
\??\c:\0q8qf5.exec:\0q8qf5.exe47⤵
- Executes dropped EXE
-
\??\c:\8ad3v.exec:\8ad3v.exe48⤵
- Executes dropped EXE
-
\??\c:\noiq5.exec:\noiq5.exe49⤵
- Executes dropped EXE
-
\??\c:\f5cw10.exec:\f5cw10.exe50⤵
- Executes dropped EXE
-
\??\c:\n10u7.exec:\n10u7.exe51⤵
- Executes dropped EXE
-
\??\c:\6t4f95.exec:\6t4f95.exe52⤵
- Executes dropped EXE
-
\??\c:\7bd9g1.exec:\7bd9g1.exe53⤵
- Executes dropped EXE
-
\??\c:\f0aoc.exec:\f0aoc.exe54⤵
- Executes dropped EXE
-
\??\c:\t7331.exec:\t7331.exe55⤵
- Executes dropped EXE
-
\??\c:\77775.exec:\77775.exe56⤵
- Executes dropped EXE
-
\??\c:\676k7.exec:\676k7.exe57⤵
- Executes dropped EXE
-
\??\c:\s0gkk.exec:\s0gkk.exe58⤵
- Executes dropped EXE
-
\??\c:\32c5591.exec:\32c5591.exe59⤵
- Executes dropped EXE
-
\??\c:\muq2q.exec:\muq2q.exe60⤵
- Executes dropped EXE
-
\??\c:\p7sco.exec:\p7sco.exe61⤵
- Executes dropped EXE
-
\??\c:\5x78b96.exec:\5x78b96.exe62⤵
- Executes dropped EXE
-
\??\c:\6saq4wa.exec:\6saq4wa.exe63⤵
- Executes dropped EXE
-
\??\c:\14f2csa.exec:\14f2csa.exe64⤵
- Executes dropped EXE
-
\??\c:\p18w58u.exec:\p18w58u.exe65⤵
- Executes dropped EXE
-
\??\c:\57at2q.exec:\57at2q.exe66⤵
-
\??\c:\r9133.exec:\r9133.exe67⤵
-
\??\c:\6kmaki6.exec:\6kmaki6.exe68⤵
-
\??\c:\91eeuqe.exec:\91eeuqe.exe69⤵
-
\??\c:\p3515.exec:\p3515.exe70⤵
-
\??\c:\9l0s38.exec:\9l0s38.exe71⤵
-
\??\c:\ia99397.exec:\ia99397.exe72⤵
-
\??\c:\p011e12.exec:\p011e12.exe73⤵
-
\??\c:\j33n93.exec:\j33n93.exe74⤵
-
\??\c:\0aq0gp.exec:\0aq0gp.exe75⤵
-
\??\c:\30937.exec:\30937.exe76⤵
-
\??\c:\6a54kl3.exec:\6a54kl3.exe77⤵
-
\??\c:\4n5174p.exec:\4n5174p.exe78⤵
-
\??\c:\07h5t1d.exec:\07h5t1d.exe79⤵
-
\??\c:\c166uua.exec:\c166uua.exe80⤵
-
\??\c:\1k971.exec:\1k971.exe81⤵
-
\??\c:\gkk5i.exec:\gkk5i.exe82⤵
-
\??\c:\k57511.exec:\k57511.exe83⤵
-
\??\c:\r11913.exec:\r11913.exe84⤵
-
\??\c:\3763p.exec:\3763p.exe85⤵
-
\??\c:\91337.exec:\91337.exe86⤵
-
\??\c:\2ut7739.exec:\2ut7739.exe87⤵
-
\??\c:\aswum.exec:\aswum.exe88⤵
-
\??\c:\iud7e.exec:\iud7e.exe89⤵
-
\??\c:\0b1igt.exec:\0b1igt.exe90⤵
-
\??\c:\ackwao.exec:\ackwao.exe91⤵
-
\??\c:\spth7.exec:\spth7.exe92⤵
-
\??\c:\0u9ce7.exec:\0u9ce7.exe93⤵
-
\??\c:\m18s5o9.exec:\m18s5o9.exe94⤵
-
\??\c:\ic52s.exec:\ic52s.exe95⤵
-
\??\c:\46mb7p.exec:\46mb7p.exe96⤵
-
\??\c:\e4e5795.exec:\e4e5795.exe97⤵
-
\??\c:\9b9a30.exec:\9b9a30.exe98⤵
-
\??\c:\39qh38i.exec:\39qh38i.exe99⤵
-
\??\c:\618863.exec:\618863.exe100⤵
-
\??\c:\emh5ipc.exec:\emh5ipc.exe101⤵
-
\??\c:\ccq59.exec:\ccq59.exe102⤵
-
\??\c:\x1wqm96.exec:\x1wqm96.exe103⤵
-
\??\c:\51kn16.exec:\51kn16.exe104⤵
-
\??\c:\9t9220.exec:\9t9220.exe105⤵
-
\??\c:\vj0tm2.exec:\vj0tm2.exe106⤵
-
\??\c:\pt559.exec:\pt559.exe107⤵
-
\??\c:\n9g0jtm.exec:\n9g0jtm.exe108⤵
-
\??\c:\6if3mwi.exec:\6if3mwi.exe109⤵
-
\??\c:\556e19.exec:\556e19.exe110⤵
-
\??\c:\v6c0s8g.exec:\v6c0s8g.exe111⤵
-
\??\c:\5wng0.exec:\5wng0.exe112⤵
-
\??\c:\4ec9e97.exec:\4ec9e97.exe113⤵
-
\??\c:\6d9e8.exec:\6d9e8.exe114⤵
-
\??\c:\o3171a.exec:\o3171a.exe115⤵
-
\??\c:\a2m79xa.exec:\a2m79xa.exe116⤵
-
\??\c:\q0c9m.exec:\q0c9m.exe117⤵
-
\??\c:\3579l5m.exec:\3579l5m.exe118⤵
-
\??\c:\rr30c.exec:\rr30c.exe119⤵
-
\??\c:\173313.exec:\173313.exe120⤵
-
\??\c:\83wcm.exec:\83wcm.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-