Analysis
-
max time kernel
37s -
max time network
44s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
18-04-2024 21:45
Errors
Reason
Machine shutdown: "{\"level\":\"info\",\"time\":\"2024-04-18T21:46:17Z\",\"message\":\"Dirty snapshot: /var/lib/sandbox/hatchvm/win10v2004-20240412-en/instance_7-dirty.qcow2\"}"
General
-
Target
4ed2b7f23bef127248382b7d67844474ea69b958780d2fa5691bdb0dfa985458.exe
-
Size
132KB
-
MD5
992a22b097ca9440a1caf427e0cae423
-
SHA1
a447376b6ed4bd8c38e45009d232abe45b7e49fd
-
SHA256
4ed2b7f23bef127248382b7d67844474ea69b958780d2fa5691bdb0dfa985458
-
SHA512
1138db3985a4efa4476bab4d9b1592ff9e24d57a04c436cc3d8c8ba72af1d85fbeafb8bd5e175dcaa622c373e5523ed5aec4a547e5fc734f28dbace14a94d875
-
SSDEEP
3072:ymb3NkkiQ3mdBjFWXkj7afoHVpx+dGorc:n3C9BRW0j/1px+dG7
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 43 IoCs
-
UPX dump on OEP (original entry point) 61 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 61 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4ed2b7f23bef127248382b7d67844474ea69b958780d2fa5691bdb0dfa985458.exe"C:\Users\Admin\AppData\Local\Temp\4ed2b7f23bef127248382b7d67844474ea69b958780d2fa5691bdb0dfa985458.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9317373.exec:\9317373.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\wm6w1.exec:\wm6w1.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7sgmk.exec:\7sgmk.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\91153.exec:\91153.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\d89719.exec:\d89719.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\n02tvi.exec:\n02tvi.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\37aeq.exec:\37aeq.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k8sq54.exec:\k8sq54.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\mps85e.exec:\mps85e.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\daeei.exec:\daeei.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\r2cw78.exec:\r2cw78.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7mas7.exec:\7mas7.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\51911.exec:\51911.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\928463.exec:\928463.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\l7597.exec:\l7597.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\atnfhh1.exec:\atnfhh1.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s7797.exec:\s7797.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qbs68.exec:\qbs68.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9391n7.exec:\9391n7.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\wwm415.exec:\wwm415.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5kad3.exec:\5kad3.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ia10at9.exec:\ia10at9.exe23⤵
- Executes dropped EXE
-
\??\c:\kucpu.exec:\kucpu.exe24⤵
- Executes dropped EXE
-
\??\c:\ociol8l.exec:\ociol8l.exe25⤵
- Executes dropped EXE
-
\??\c:\cud7im9.exec:\cud7im9.exe26⤵
- Executes dropped EXE
-
\??\c:\4eiqca.exec:\4eiqca.exe27⤵
- Executes dropped EXE
-
\??\c:\k2g11m.exec:\k2g11m.exe28⤵
- Executes dropped EXE
-
\??\c:\uu331.exec:\uu331.exe29⤵
- Executes dropped EXE
-
\??\c:\85sgmu.exec:\85sgmu.exe30⤵
- Executes dropped EXE
-
\??\c:\m531595.exec:\m531595.exe31⤵
- Executes dropped EXE
-
\??\c:\577gj.exec:\577gj.exe32⤵
- Executes dropped EXE
-
\??\c:\1nxqg.exec:\1nxqg.exe33⤵
- Executes dropped EXE
-
\??\c:\d571ma.exec:\d571ma.exe34⤵
- Executes dropped EXE
-
\??\c:\sji6q1.exec:\sji6q1.exe35⤵
- Executes dropped EXE
-
\??\c:\4ap59n.exec:\4ap59n.exe36⤵
- Executes dropped EXE
-
\??\c:\03aowj.exec:\03aowj.exe37⤵
- Executes dropped EXE
-
\??\c:\019jio.exec:\019jio.exe38⤵
- Executes dropped EXE
-
\??\c:\0i2751o.exec:\0i2751o.exe39⤵
- Executes dropped EXE
-
\??\c:\a18r2.exec:\a18r2.exe40⤵
- Executes dropped EXE
-
\??\c:\93cko.exec:\93cko.exe41⤵
- Executes dropped EXE
-
\??\c:\493phw.exec:\493phw.exe42⤵
- Executes dropped EXE
-
\??\c:\vkkss49.exec:\vkkss49.exe43⤵
- Executes dropped EXE
-
\??\c:\gbpb3.exec:\gbpb3.exe44⤵
- Executes dropped EXE
-
\??\c:\9p3v98.exec:\9p3v98.exe45⤵
- Executes dropped EXE
-
\??\c:\4ml515.exec:\4ml515.exe46⤵
- Executes dropped EXE
-
\??\c:\xdtr3.exec:\xdtr3.exe47⤵
- Executes dropped EXE
-
\??\c:\5jle68.exec:\5jle68.exe48⤵
- Executes dropped EXE
-
\??\c:\4sau0k2.exec:\4sau0k2.exe49⤵
- Executes dropped EXE
-
\??\c:\5v7udpa.exec:\5v7udpa.exe50⤵
- Executes dropped EXE
-
\??\c:\6wv7mj.exec:\6wv7mj.exe51⤵
- Executes dropped EXE
-
\??\c:\1d9jb.exec:\1d9jb.exe52⤵
- Executes dropped EXE
-
\??\c:\68bn53.exec:\68bn53.exe53⤵
- Executes dropped EXE
-
\??\c:\5l2p8r3.exec:\5l2p8r3.exe54⤵
- Executes dropped EXE
-
\??\c:\p9sn16.exec:\p9sn16.exe55⤵
- Executes dropped EXE
-
\??\c:\ok1ao.exec:\ok1ao.exe56⤵
- Executes dropped EXE
-
\??\c:\8cmesn1.exec:\8cmesn1.exe57⤵
- Executes dropped EXE
-
\??\c:\g5866ap.exec:\g5866ap.exe58⤵
- Executes dropped EXE
-
\??\c:\i491j9.exec:\i491j9.exe59⤵
- Executes dropped EXE
-
\??\c:\04uvb.exec:\04uvb.exe60⤵
- Executes dropped EXE
-
\??\c:\x1593.exec:\x1593.exe61⤵
- Executes dropped EXE
-
\??\c:\t5793d7.exec:\t5793d7.exe62⤵
- Executes dropped EXE
-
\??\c:\wuegq.exec:\wuegq.exe63⤵
- Executes dropped EXE
-
\??\c:\6j5155v.exec:\6j5155v.exe64⤵
- Executes dropped EXE
-
\??\c:\tgwcj.exec:\tgwcj.exe65⤵
- Executes dropped EXE
-
\??\c:\0q18c51.exec:\0q18c51.exe66⤵
-
\??\c:\h91xcg1.exec:\h91xcg1.exe67⤵
-
\??\c:\cklp6f.exec:\cklp6f.exe68⤵
-
\??\c:\f315t4.exec:\f315t4.exe69⤵
-
\??\c:\e1153.exec:\e1153.exe70⤵
-
\??\c:\weo12sm.exec:\weo12sm.exe71⤵
-
\??\c:\2x2v6v6.exec:\2x2v6v6.exe72⤵
-
\??\c:\377mckn.exec:\377mckn.exe73⤵
-
\??\c:\24g10.exec:\24g10.exe74⤵
-
\??\c:\33976.exec:\33976.exe75⤵
-
\??\c:\957mb3.exec:\957mb3.exe76⤵
-
\??\c:\979q4.exec:\979q4.exe77⤵
-
\??\c:\q536c.exec:\q536c.exe78⤵
-
\??\c:\15014.exec:\15014.exe79⤵
-
\??\c:\537391.exec:\537391.exe80⤵
-
\??\c:\59q98aa.exec:\59q98aa.exe81⤵
-
\??\c:\3iiec.exec:\3iiec.exe82⤵
-
\??\c:\0mcqo.exec:\0mcqo.exe83⤵
-
\??\c:\u557191.exec:\u557191.exe84⤵
-
\??\c:\2a99no3.exec:\2a99no3.exe85⤵
-
\??\c:\7jpq03p.exec:\7jpq03p.exe86⤵
-
\??\c:\00eam.exec:\00eam.exe87⤵
-
\??\c:\196sn.exec:\196sn.exe88⤵
-
\??\c:\uwp7wl.exec:\uwp7wl.exe89⤵
-
\??\c:\aweki.exec:\aweki.exe90⤵
-
\??\c:\i999j37.exec:\i999j37.exe91⤵
-
\??\c:\6ex33.exec:\6ex33.exe92⤵
-
\??\c:\15939.exec:\15939.exe93⤵
-
\??\c:\ox1rf8.exec:\ox1rf8.exe94⤵
-
\??\c:\i22iu.exec:\i22iu.exe95⤵
-
\??\c:\7b67d4.exec:\7b67d4.exe96⤵
-
\??\c:\8e8v1.exec:\8e8v1.exe97⤵
-
\??\c:\ph01q08.exec:\ph01q08.exe98⤵
-
\??\c:\tcgquki.exec:\tcgquki.exe99⤵
-
\??\c:\3csqqee.exec:\3csqqee.exe100⤵
-
\??\c:\1au9ki.exec:\1au9ki.exe101⤵
-
\??\c:\085e0t.exec:\085e0t.exe102⤵
-
\??\c:\79730l9.exec:\79730l9.exe103⤵
-
\??\c:\e1174.exec:\e1174.exe104⤵
-
\??\c:\nf8r07.exec:\nf8r07.exe105⤵
-
\??\c:\ter8g7k.exec:\ter8g7k.exe106⤵
-
\??\c:\vm3977.exec:\vm3977.exe107⤵
-
\??\c:\5mq077.exec:\5mq077.exe108⤵
-
\??\c:\3711351.exec:\3711351.exe109⤵
-
\??\c:\f9013.exec:\f9013.exe110⤵
-
\??\c:\ji22c.exec:\ji22c.exe111⤵
-
\??\c:\siowcmc.exec:\siowcmc.exe112⤵
-
\??\c:\4lbuh.exec:\4lbuh.exe113⤵
-
\??\c:\8vi1w.exec:\8vi1w.exe114⤵
-
\??\c:\3s5t1a0.exec:\3s5t1a0.exe115⤵
-
\??\c:\liei061.exec:\liei061.exe116⤵
-
\??\c:\r6en9up.exec:\r6en9up.exe117⤵
-
\??\c:\h68mh.exec:\h68mh.exe118⤵
-
\??\c:\lqea503.exec:\lqea503.exe119⤵
-
\??\c:\44uqo6c.exec:\44uqo6c.exe120⤵
-
\??\c:\06wdx7.exec:\06wdx7.exe121⤵
-
\??\c:\x5ct0qt.exec:\x5ct0qt.exe122⤵
-
\??\c:\1x5735.exec:\1x5735.exe123⤵
-
\??\c:\1ncer7.exec:\1ncer7.exe124⤵
-
\??\c:\69ocmoe.exec:\69ocmoe.exe125⤵
-
\??\c:\475lv.exec:\475lv.exe126⤵
-
\??\c:\sotqa.exec:\sotqa.exe127⤵
-
\??\c:\guugx.exec:\guugx.exe128⤵
-
\??\c:\81751.exec:\81751.exe129⤵
-
\??\c:\0j37082.exec:\0j37082.exe130⤵
-
\??\c:\p2ge5k4.exec:\p2ge5k4.exe131⤵
-
\??\c:\1l7kuu.exec:\1l7kuu.exe132⤵
-
\??\c:\u50p379.exec:\u50p379.exe133⤵
-
\??\c:\hb8n25g.exec:\hb8n25g.exe134⤵
-
\??\c:\48p8p65.exec:\48p8p65.exe135⤵
-
\??\c:\8af12.exec:\8af12.exe136⤵
-
\??\c:\4905779.exec:\4905779.exe137⤵
-
\??\c:\cbmr303.exec:\cbmr303.exe138⤵
-
\??\c:\camuq.exec:\camuq.exe139⤵
-
\??\c:\b933x.exec:\b933x.exe140⤵
-
\??\c:\jds69t.exec:\jds69t.exe141⤵
-
\??\c:\coiw9p8.exec:\coiw9p8.exe142⤵
-
\??\c:\losiweq.exec:\losiweq.exe143⤵
-
\??\c:\8q830.exec:\8q830.exe144⤵
-
\??\c:\8qf5u.exec:\8qf5u.exe145⤵
-
\??\c:\8b173.exec:\8b173.exe146⤵
-
\??\c:\49s50p9.exec:\49s50p9.exe147⤵
-
\??\c:\07ux14.exec:\07ux14.exe148⤵
-
\??\c:\01bn5so.exec:\01bn5so.exe149⤵
-
\??\c:\8rrt87q.exec:\8rrt87q.exe150⤵
-
\??\c:\61238.exec:\61238.exe151⤵
-
\??\c:\98gew0.exec:\98gew0.exe152⤵
-
\??\c:\c6495f5.exec:\c6495f5.exe153⤵
-
\??\c:\xd3w8p8.exec:\xd3w8p8.exe154⤵
-
\??\c:\6v713.exec:\6v713.exe155⤵
-
\??\c:\88d5fe.exec:\88d5fe.exe156⤵
-
\??\c:\l48vnof.exec:\l48vnof.exe157⤵
-
\??\c:\46xq0xg.exec:\46xq0xg.exe158⤵
-
\??\c:\cf37qr.exec:\cf37qr.exe159⤵
-
\??\c:\62t75.exec:\62t75.exe160⤵
-
\??\c:\a4d63li.exec:\a4d63li.exe161⤵
-
\??\c:\2w7797.exec:\2w7797.exe162⤵
-
\??\c:\kwvm2.exec:\kwvm2.exe163⤵
-
\??\c:\b8r2g.exec:\b8r2g.exe164⤵
-
\??\c:\xi7occ.exec:\xi7occ.exe165⤵
-
\??\c:\0gwue.exec:\0gwue.exe166⤵
-
\??\c:\4mes2g.exec:\4mes2g.exe167⤵
-
\??\c:\llg0a.exec:\llg0a.exe168⤵
-
\??\c:\x951b.exec:\x951b.exe169⤵
-
\??\c:\7tg97u8.exec:\7tg97u8.exe170⤵
-
\??\c:\92gw407.exec:\92gw407.exe171⤵
-
\??\c:\dw0oiq.exec:\dw0oiq.exe172⤵
-
\??\c:\ks133.exec:\ks133.exe173⤵
-
\??\c:\a8nn04n.exec:\a8nn04n.exe174⤵
-
\??\c:\0vdiv.exec:\0vdiv.exe175⤵
-
\??\c:\5195j1d.exec:\5195j1d.exe176⤵
-
\??\c:\7d593.exec:\7d593.exe177⤵
-
\??\c:\v5sq2k.exec:\v5sq2k.exe178⤵
-
\??\c:\6ogm0af.exec:\6ogm0af.exe179⤵
-
\??\c:\opi24t8.exec:\opi24t8.exe180⤵
-
\??\c:\goo7c35.exec:\goo7c35.exe181⤵
-
\??\c:\i0n7iq.exec:\i0n7iq.exe182⤵
-
\??\c:\2r4x2.exec:\2r4x2.exe183⤵
-
\??\c:\0h8cgw.exec:\0h8cgw.exe184⤵
-
\??\c:\pausx8.exec:\pausx8.exe185⤵
-
\??\c:\671r2i.exec:\671r2i.exe186⤵
-
\??\c:\x715777.exec:\x715777.exe187⤵
-
\??\c:\13u33if.exec:\13u33if.exe188⤵
-
\??\c:\5iam3.exec:\5iam3.exe189⤵
-
\??\c:\n370004.exec:\n370004.exe190⤵
-
\??\c:\oijtd08.exec:\oijtd08.exe191⤵
-
\??\c:\6mxj1g6.exec:\6mxj1g6.exe192⤵
-
\??\c:\0r1395.exec:\0r1395.exe193⤵
-
\??\c:\rx4wk.exec:\rx4wk.exe194⤵
-
\??\c:\b5msc9.exec:\b5msc9.exe195⤵
-
\??\c:\bwrpu0.exec:\bwrpu0.exe196⤵
-
\??\c:\r7gn1g5.exec:\r7gn1g5.exe197⤵
-
\??\c:\bim28.exec:\bim28.exe198⤵
-
\??\c:\366427.exec:\366427.exe199⤵
-
\??\c:\6xv5s.exec:\6xv5s.exe200⤵
-
\??\c:\2l5kx.exec:\2l5kx.exe201⤵
-
\??\c:\w0ff3.exec:\w0ff3.exe202⤵
-
\??\c:\f0u1gjk.exec:\f0u1gjk.exe203⤵
-
\??\c:\3w8514.exec:\3w8514.exe204⤵
-
\??\c:\c99g5j.exec:\c99g5j.exe205⤵
-
\??\c:\15v0x6.exec:\15v0x6.exe206⤵
-
\??\c:\f391u.exec:\f391u.exe207⤵
-
\??\c:\hp6cu3.exec:\hp6cu3.exe208⤵
-
\??\c:\u79x14x.exec:\u79x14x.exe209⤵
-
\??\c:\08v7x65.exec:\08v7x65.exe210⤵
-
\??\c:\002g7.exec:\002g7.exe211⤵
-
\??\c:\500gbw.exec:\500gbw.exe212⤵
-
\??\c:\55a8hu.exec:\55a8hu.exe213⤵
-
\??\c:\6soio15.exec:\6soio15.exe214⤵
-
\??\c:\soqmcgm.exec:\soqmcgm.exe215⤵
-
\??\c:\bp4176.exec:\bp4176.exe216⤵
-
\??\c:\kt066.exec:\kt066.exe217⤵
-
\??\c:\d3335.exec:\d3335.exe218⤵
-
\??\c:\s58879l.exec:\s58879l.exe219⤵
-
\??\c:\8v31d0.exec:\8v31d0.exe220⤵
-
\??\c:\6xw66.exec:\6xw66.exe221⤵
-
\??\c:\oj559u.exec:\oj559u.exe222⤵
-
\??\c:\vmucek.exec:\vmucek.exe223⤵
-
\??\c:\938g0.exec:\938g0.exe224⤵
-
\??\c:\jlle47.exec:\jlle47.exe225⤵
-
\??\c:\8w73139.exec:\8w73139.exe226⤵
-
\??\c:\d55553.exec:\d55553.exe227⤵
-
\??\c:\8wv8g.exec:\8wv8g.exe228⤵
-
\??\c:\sg1993.exec:\sg1993.exe229⤵
-
\??\c:\8cwqqe.exec:\8cwqqe.exe230⤵
-
\??\c:\7w2jsm5.exec:\7w2jsm5.exe231⤵
-
\??\c:\3lcaosu.exec:\3lcaosu.exe232⤵
-
\??\c:\599l4v.exec:\599l4v.exe233⤵
-
\??\c:\1g8j38.exec:\1g8j38.exe234⤵
-
\??\c:\0n7753j.exec:\0n7753j.exe235⤵
-
\??\c:\po86fj8.exec:\po86fj8.exe236⤵
-
\??\c:\r1ct3w7.exec:\r1ct3w7.exe237⤵
-
\??\c:\k84x49.exec:\k84x49.exe238⤵
-
\??\c:\39396b.exec:\39396b.exe239⤵
-
\??\c:\dr9kd.exec:\dr9kd.exe240⤵
-
\??\c:\70tf06n.exec:\70tf06n.exe241⤵