Analysis
-
max time kernel
148s -
max time network
133s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
18-04-2024 21:45
Errors
Reason
Machine shutdown: "{\"level\":\"info\",\"time\":\"2024-04-18T21:47:58Z\",\"message\":\"Dirty snapshot: /var/lib/sandbox/hatchvm/win7-20240221-en/instance_23-dirty.qcow2\"}"
General
-
Target
4ed2b7f23bef127248382b7d67844474ea69b958780d2fa5691bdb0dfa985458.exe
-
Size
132KB
-
MD5
992a22b097ca9440a1caf427e0cae423
-
SHA1
a447376b6ed4bd8c38e45009d232abe45b7e49fd
-
SHA256
4ed2b7f23bef127248382b7d67844474ea69b958780d2fa5691bdb0dfa985458
-
SHA512
1138db3985a4efa4476bab4d9b1592ff9e24d57a04c436cc3d8c8ba72af1d85fbeafb8bd5e175dcaa622c373e5523ed5aec4a547e5fc734f28dbace14a94d875
-
SSDEEP
3072:ymb3NkkiQ3mdBjFWXkj7afoHVpx+dGorc:n3C9BRW0j/1px+dG7
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 30 IoCs
-
UPX dump on OEP (original entry point) 60 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 63 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4ed2b7f23bef127248382b7d67844474ea69b958780d2fa5691bdb0dfa985458.exe"C:\Users\Admin\AppData\Local\Temp\4ed2b7f23bef127248382b7d67844474ea69b958780d2fa5691bdb0dfa985458.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pxee9m.exec:\pxee9m.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\uvgika.exec:\uvgika.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s0gg2k.exec:\s0gg2k.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\67xq9q.exec:\67xq9q.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\l4qu2q0.exec:\l4qu2q0.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bm187c.exec:\bm187c.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ki73.exec:\3ki73.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\113el4.exec:\113el4.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7h97a50.exec:\7h97a50.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\l96g7.exec:\l96g7.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\r8jmb9.exec:\r8jmb9.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4d31xw5.exec:\4d31xw5.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\202313w.exec:\202313w.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\f9m7o.exec:\f9m7o.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bc3ua.exec:\bc3ua.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\x90c1.exec:\x90c1.exe17⤵
- Executes dropped EXE
-
\??\c:\69wb1i.exec:\69wb1i.exe18⤵
- Executes dropped EXE
-
\??\c:\26a8iw.exec:\26a8iw.exe19⤵
- Executes dropped EXE
-
\??\c:\xk7un8.exec:\xk7un8.exe20⤵
- Executes dropped EXE
-
\??\c:\511n68.exec:\511n68.exe21⤵
- Executes dropped EXE
-
\??\c:\256265g.exec:\256265g.exe22⤵
- Executes dropped EXE
-
\??\c:\89kg0.exec:\89kg0.exe23⤵
- Executes dropped EXE
-
\??\c:\o8vic9x.exec:\o8vic9x.exe24⤵
- Executes dropped EXE
-
\??\c:\858t56w.exec:\858t56w.exe25⤵
- Executes dropped EXE
-
\??\c:\40d6cs.exec:\40d6cs.exe26⤵
- Executes dropped EXE
-
\??\c:\e8m157.exec:\e8m157.exe27⤵
- Executes dropped EXE
-
\??\c:\69p1i.exec:\69p1i.exe28⤵
- Executes dropped EXE
-
\??\c:\0gwq3.exec:\0gwq3.exe29⤵
- Executes dropped EXE
-
\??\c:\l59k5.exec:\l59k5.exe30⤵
- Executes dropped EXE
-
\??\c:\41qjc.exec:\41qjc.exe31⤵
- Executes dropped EXE
-
\??\c:\2os37.exec:\2os37.exe32⤵
- Executes dropped EXE
-
\??\c:\h33747k.exec:\h33747k.exe33⤵
- Executes dropped EXE
-
\??\c:\twk7m4.exec:\twk7m4.exe34⤵
- Executes dropped EXE
-
\??\c:\q615jt.exec:\q615jt.exe35⤵
-
\??\c:\c73773q.exec:\c73773q.exe36⤵
- Executes dropped EXE
-
\??\c:\6qi9ki3.exec:\6qi9ki3.exe37⤵
- Executes dropped EXE
-
\??\c:\3d0ot6k.exec:\3d0ot6k.exe38⤵
- Executes dropped EXE
-
\??\c:\293wp.exec:\293wp.exe39⤵
- Executes dropped EXE
-
\??\c:\pe90v5m.exec:\pe90v5m.exe40⤵
- Executes dropped EXE
-
\??\c:\o33995.exec:\o33995.exe41⤵
- Executes dropped EXE
-
\??\c:\d5195j.exec:\d5195j.exe42⤵
- Executes dropped EXE
-
\??\c:\t1953.exec:\t1953.exe43⤵
- Executes dropped EXE
-
\??\c:\i14m3.exec:\i14m3.exe44⤵
- Executes dropped EXE
-
\??\c:\pa34i.exec:\pa34i.exe45⤵
- Executes dropped EXE
-
\??\c:\61in5.exec:\61in5.exe46⤵
- Executes dropped EXE
-
\??\c:\7v6vq3.exec:\7v6vq3.exe47⤵
- Executes dropped EXE
-
\??\c:\h8drc.exec:\h8drc.exe48⤵
- Executes dropped EXE
-
\??\c:\0kkm9.exec:\0kkm9.exe49⤵
- Executes dropped EXE
-
\??\c:\rw527.exec:\rw527.exe50⤵
- Executes dropped EXE
-
\??\c:\t50p5.exec:\t50p5.exe51⤵
- Executes dropped EXE
-
\??\c:\r3790.exec:\r3790.exe52⤵
- Executes dropped EXE
-
\??\c:\0nq0q.exec:\0nq0q.exe53⤵
- Executes dropped EXE
-
\??\c:\af9kd.exec:\af9kd.exe54⤵
- Executes dropped EXE
-
\??\c:\b70mk.exec:\b70mk.exe55⤵
- Executes dropped EXE
-
\??\c:\47r16s1.exec:\47r16s1.exe56⤵
- Executes dropped EXE
-
\??\c:\75pr39.exec:\75pr39.exe57⤵
- Executes dropped EXE
-
\??\c:\to19g.exec:\to19g.exe58⤵
- Executes dropped EXE
-
\??\c:\8c15ct.exec:\8c15ct.exe59⤵
- Executes dropped EXE
-
\??\c:\rs1g9u.exec:\rs1g9u.exe60⤵
- Executes dropped EXE
-
\??\c:\111293i.exec:\111293i.exe61⤵
- Executes dropped EXE
-
\??\c:\t83o7e.exec:\t83o7e.exe62⤵
- Executes dropped EXE
-
\??\c:\23bex6.exec:\23bex6.exe63⤵
- Executes dropped EXE
-
\??\c:\49ko3m.exec:\49ko3m.exe64⤵
- Executes dropped EXE
-
\??\c:\tv18c.exec:\tv18c.exe65⤵
- Executes dropped EXE
-
\??\c:\4232430.exec:\4232430.exe66⤵
- Executes dropped EXE
-
\??\c:\4943ga.exec:\4943ga.exe67⤵
-
\??\c:\6ag17i.exec:\6ag17i.exe68⤵
-
\??\c:\03ec4c.exec:\03ec4c.exe69⤵
-
\??\c:\dk508.exec:\dk508.exe70⤵
-
\??\c:\j8t1j.exec:\j8t1j.exe71⤵
-
\??\c:\9stp33.exec:\9stp33.exe72⤵
-
\??\c:\jwuu7.exec:\jwuu7.exe73⤵
-
\??\c:\hf3s9m9.exec:\hf3s9m9.exe74⤵
-
\??\c:\83gkku.exec:\83gkku.exe75⤵
-
\??\c:\i54j9w.exec:\i54j9w.exe76⤵
-
\??\c:\479m5.exec:\479m5.exe77⤵
-
\??\c:\11d35k9.exec:\11d35k9.exe78⤵
-
\??\c:\w9wb41.exec:\w9wb41.exe79⤵
-
\??\c:\2arhaw.exec:\2arhaw.exe80⤵
-
\??\c:\892p5f9.exec:\892p5f9.exe81⤵
-
\??\c:\vgcequ3.exec:\vgcequ3.exe82⤵
-
\??\c:\85twp3t.exec:\85twp3t.exe83⤵
-
\??\c:\vma3sx.exec:\vma3sx.exe84⤵
-
\??\c:\3r1tj08.exec:\3r1tj08.exe85⤵
-
\??\c:\pq11wb.exec:\pq11wb.exe86⤵
-
\??\c:\tl0e2uq.exec:\tl0e2uq.exe87⤵
-
\??\c:\1i9wfs.exec:\1i9wfs.exe88⤵
-
\??\c:\j5dn8r.exec:\j5dn8r.exe89⤵
-
\??\c:\54v2d.exec:\54v2d.exe90⤵
-
\??\c:\4wl97.exec:\4wl97.exe91⤵
-
\??\c:\m6s14wl.exec:\m6s14wl.exe92⤵
-
\??\c:\4p16m.exec:\4p16m.exe93⤵
-
\??\c:\do70p9.exec:\do70p9.exe94⤵
-
\??\c:\51379t1.exec:\51379t1.exe95⤵
-
\??\c:\pe9ooa.exec:\pe9ooa.exe96⤵
-
\??\c:\i99i2a5.exec:\i99i2a5.exe97⤵
-
\??\c:\ksew7.exec:\ksew7.exe98⤵
-
\??\c:\8bis6to.exec:\8bis6to.exe99⤵
-
\??\c:\l52kc.exec:\l52kc.exe100⤵
-
\??\c:\m72w9.exec:\m72w9.exe101⤵
-
\??\c:\9ul78qx.exec:\9ul78qx.exe102⤵
-
\??\c:\tl090.exec:\tl090.exe103⤵
-
\??\c:\030mx.exec:\030mx.exe104⤵
-
\??\c:\3gessc3.exec:\3gessc3.exe105⤵
-
\??\c:\109i9a.exec:\109i9a.exe106⤵
-
\??\c:\66u54.exec:\66u54.exe107⤵
-
\??\c:\r79hb.exec:\r79hb.exe108⤵
-
\??\c:\54h6l.exec:\54h6l.exe109⤵
-
\??\c:\ia57od4.exec:\ia57od4.exe110⤵
-
\??\c:\doicqoi.exec:\doicqoi.exe111⤵
-
\??\c:\20cm76v.exec:\20cm76v.exe112⤵
-
\??\c:\d719g75.exec:\d719g75.exe113⤵
-
\??\c:\5s31407.exec:\5s31407.exe114⤵
-
\??\c:\7917i1.exec:\7917i1.exe115⤵
-
\??\c:\x18iou.exec:\x18iou.exe116⤵
-
\??\c:\5i5512.exec:\5i5512.exe117⤵
-
\??\c:\016g09.exec:\016g09.exe118⤵
-
\??\c:\fdmp3.exec:\fdmp3.exe119⤵
-
\??\c:\1o4w0.exec:\1o4w0.exe120⤵
-
\??\c:\086r4.exec:\086r4.exe121⤵
-
\??\c:\j7k38j7.exec:\j7k38j7.exe122⤵
-
\??\c:\8ds0tbw.exec:\8ds0tbw.exe123⤵
-
\??\c:\61tq9e.exec:\61tq9e.exe124⤵
-
\??\c:\bg34v.exec:\bg34v.exe125⤵
-
\??\c:\7j0g1.exec:\7j0g1.exe126⤵
-
\??\c:\k74lai.exec:\k74lai.exe127⤵
-
\??\c:\43ma2u.exec:\43ma2u.exe128⤵
-
\??\c:\n73w15.exec:\n73w15.exe129⤵
-
\??\c:\j7c9x3o.exec:\j7c9x3o.exe130⤵
-
\??\c:\q3c1w.exec:\q3c1w.exe131⤵
-
\??\c:\i4eggc.exec:\i4eggc.exe132⤵
-
\??\c:\9htx2it.exec:\9htx2it.exe133⤵
-
\??\c:\05s577.exec:\05s577.exe134⤵
-
\??\c:\2eskf.exec:\2eskf.exe135⤵
-
\??\c:\eo471n.exec:\eo471n.exe136⤵
-
\??\c:\m9859m.exec:\m9859m.exe137⤵
-
\??\c:\1582v3.exec:\1582v3.exe138⤵
-
\??\c:\8ml1q7.exec:\8ml1q7.exe139⤵
-
\??\c:\xkq13.exec:\xkq13.exe140⤵
-
\??\c:\0fxc52.exec:\0fxc52.exe141⤵
-
\??\c:\2skp13h.exec:\2skp13h.exe142⤵
-
\??\c:\t738l9.exec:\t738l9.exe143⤵
-
\??\c:\6m507g5.exec:\6m507g5.exe144⤵
-
\??\c:\01t0j73.exec:\01t0j73.exe145⤵
-
\??\c:\21936i.exec:\21936i.exe146⤵
-
\??\c:\12r4ej6.exec:\12r4ej6.exe147⤵
-
\??\c:\4359519.exec:\4359519.exe148⤵
-
\??\c:\05wps.exec:\05wps.exe149⤵
-
\??\c:\7wkt4me.exec:\7wkt4me.exe150⤵
-
\??\c:\0997op.exec:\0997op.exe151⤵
-
\??\c:\9336g9.exec:\9336g9.exe152⤵
-
\??\c:\h1d7t95.exec:\h1d7t95.exe153⤵
-
\??\c:\u8w38e7.exec:\u8w38e7.exe154⤵
-
\??\c:\67s9i.exec:\67s9i.exe155⤵
-
\??\c:\nk73e.exec:\nk73e.exe156⤵
-
\??\c:\k5kh9j.exec:\k5kh9j.exe157⤵
-
\??\c:\23wf0.exec:\23wf0.exe158⤵
-
\??\c:\05qs3.exec:\05qs3.exe159⤵
-
\??\c:\2qx1m.exec:\2qx1m.exe160⤵
-
\??\c:\65wp2ii.exec:\65wp2ii.exe161⤵
-
\??\c:\hl53955.exec:\hl53955.exe162⤵
-
\??\c:\5o3j9m1.exec:\5o3j9m1.exe163⤵
-
\??\c:\3ql96m8.exec:\3ql96m8.exe164⤵
-
\??\c:\q5j3m.exec:\q5j3m.exe165⤵
-
\??\c:\85on2ap.exec:\85on2ap.exe166⤵
-
\??\c:\0lj7k.exec:\0lj7k.exe167⤵
-
\??\c:\7dvijg.exec:\7dvijg.exe168⤵
-
\??\c:\vkb82.exec:\vkb82.exe169⤵
-
\??\c:\3w51q5.exec:\3w51q5.exe170⤵
-
\??\c:\re34r3.exec:\re34r3.exe171⤵
-
\??\c:\7w3ecu5.exec:\7w3ecu5.exe172⤵
-
\??\c:\5d3o93o.exec:\5d3o93o.exe173⤵
-
\??\c:\rl2d3.exec:\rl2d3.exe174⤵
-
\??\c:\c3m7wn.exec:\c3m7wn.exe175⤵
-
\??\c:\l52o16.exec:\l52o16.exe176⤵
-
\??\c:\dka8lh4.exec:\dka8lh4.exe177⤵
-
\??\c:\gnnb8.exec:\gnnb8.exe178⤵
-
\??\c:\6jsh5u9.exec:\6jsh5u9.exe179⤵
-
\??\c:\rc88896.exec:\rc88896.exe180⤵
-
\??\c:\k3eu3.exec:\k3eu3.exe181⤵
-
\??\c:\2g70aim.exec:\2g70aim.exe182⤵
-
\??\c:\tq35xf.exec:\tq35xf.exe183⤵
-
\??\c:\ta9a39u.exec:\ta9a39u.exe184⤵
-
\??\c:\8kg1h4.exec:\8kg1h4.exe185⤵
-
\??\c:\fbakou.exec:\fbakou.exe186⤵
-
\??\c:\7gx7o22.exec:\7gx7o22.exe187⤵
-
\??\c:\6xp00uj.exec:\6xp00uj.exe188⤵
-
\??\c:\730w7q.exec:\730w7q.exe189⤵
-
\??\c:\7ql7av.exec:\7ql7av.exe190⤵
-
\??\c:\58w4t6.exec:\58w4t6.exe191⤵
-
\??\c:\4m0c4.exec:\4m0c4.exe192⤵
-
\??\c:\l58f4.exec:\l58f4.exe193⤵
-
\??\c:\45csm0.exec:\45csm0.exe194⤵
-
\??\c:\27su9q.exec:\27su9q.exe195⤵
-
\??\c:\2u1e12.exec:\2u1e12.exe196⤵
-
\??\c:\672pt.exec:\672pt.exe197⤵
-
\??\c:\k851175.exec:\k851175.exe198⤵
-
\??\c:\31bvku5.exec:\31bvku5.exe199⤵
-
\??\c:\x0m522.exec:\x0m522.exe200⤵
-
\??\c:\k8an56i.exec:\k8an56i.exe201⤵
-
\??\c:\83g7mr.exec:\83g7mr.exe202⤵
-
\??\c:\i4139.exec:\i4139.exe203⤵
-
\??\c:\o27qhoe.exec:\o27qhoe.exe204⤵
-
\??\c:\21555.exec:\21555.exe205⤵
-
\??\c:\3t5923q.exec:\3t5923q.exe206⤵
-
\??\c:\f1w66d4.exec:\f1w66d4.exe207⤵
-
\??\c:\83h70o.exec:\83h70o.exe208⤵
-
\??\c:\92d58b.exec:\92d58b.exe209⤵
-
\??\c:\vscc07.exec:\vscc07.exe210⤵
-
\??\c:\ne526.exec:\ne526.exe211⤵
-
\??\c:\1x12p3.exec:\1x12p3.exe212⤵
-
\??\c:\6eama.exec:\6eama.exe213⤵
-
\??\c:\lmago.exec:\lmago.exe214⤵
-
\??\c:\9f8ip5l.exec:\9f8ip5l.exe215⤵
-
\??\c:\jw59kj0.exec:\jw59kj0.exe216⤵
-
\??\c:\275k1nl.exec:\275k1nl.exe217⤵
-
\??\c:\vasr0.exec:\vasr0.exe218⤵
-
\??\c:\hjjbl9u.exec:\hjjbl9u.exe219⤵
-
\??\c:\fxe526.exec:\fxe526.exe220⤵
-
\??\c:\2fuc7u.exec:\2fuc7u.exe221⤵
-
\??\c:\pskantq.exec:\pskantq.exe222⤵
-
\??\c:\rt52x.exec:\rt52x.exe223⤵
-
\??\c:\tmv79au.exec:\tmv79au.exe224⤵
-
\??\c:\4737mk.exec:\4737mk.exe225⤵
-
\??\c:\csc3u4c.exec:\csc3u4c.exe226⤵
-
\??\c:\li4nif3.exec:\li4nif3.exe227⤵
-
\??\c:\1571v8.exec:\1571v8.exe228⤵
-
\??\c:\b37335.exec:\b37335.exe229⤵
-
\??\c:\006tm.exec:\006tm.exe230⤵
-
\??\c:\ds107.exec:\ds107.exe231⤵
-
\??\c:\k08k7.exec:\k08k7.exe232⤵
-
\??\c:\1e0p5c.exec:\1e0p5c.exe233⤵
-
\??\c:\vom7w.exec:\vom7w.exe234⤵
-
\??\c:\84a81.exec:\84a81.exe235⤵
-
\??\c:\o2kk0.exec:\o2kk0.exe236⤵
-
\??\c:\ld23l9.exec:\ld23l9.exe237⤵
-
\??\c:\kce9go.exec:\kce9go.exe238⤵
-
\??\c:\7e15ko3.exec:\7e15ko3.exe239⤵
-
\??\c:\192co3i.exec:\192co3i.exe240⤵
-
\??\c:\80ir6.exec:\80ir6.exe241⤵