Analysis
-
max time kernel
149s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
18-04-2024 22:22
General
-
Target
5e563d06c443b81b96905d22fd5a6e254e008a2f5f7e2287360aad79b8586731.exe
-
Size
378KB
-
MD5
088a976bef9d9ff3ea02f4f678c06d69
-
SHA1
9d29c882f8ca630af2fb725a277d6c3e59a7a100
-
SHA256
5e563d06c443b81b96905d22fd5a6e254e008a2f5f7e2287360aad79b8586731
-
SHA512
69d931cea9968ed85bbb774cab37705e00d3114258c955de7a7ff96b01a70c3982f2ccf9cb9540c3a5abffe2e7c2c90fccea26b4c44357a2be9690ddab7176a9
-
SSDEEP
6144:9cm4FmowdHoSABIs9OKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf73:/4wFHoSA4KofHfHTXQLzgvnzHPowYbvU
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 31 IoCs
-
UPX dump on OEP (original entry point) 60 IoCs
-
Executes dropped EXE 58 IoCs
-
Molebox Virtualization software 32 IoCs
Detects file using Molebox Virtualization software.
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5e563d06c443b81b96905d22fd5a6e254e008a2f5f7e2287360aad79b8586731.exe"C:\Users\Admin\AppData\Local\Temp\5e563d06c443b81b96905d22fd5a6e254e008a2f5f7e2287360aad79b8586731.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xlthh.exec:\xlthh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llbpfr.exec:\llbpfr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\txphlh.exec:\txphlh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hpjtjrl.exec:\hpjtjrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\brhjf.exec:\brhjf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rnpbvp.exec:\rnpbvp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bxxbnv.exec:\bxxbnv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tvfvrh.exec:\tvfvrh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bxfrl.exec:\bxfrl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hxlxxhn.exec:\hxlxxhn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lpxhppr.exec:\lpxhppr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lbbdr.exec:\lbbdr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvfvbb.exec:\jjvfvbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrvpr.exec:\lrvpr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjrp.exec:\jvjrp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tfntfl.exec:\tfntfl.exe17⤵
- Executes dropped EXE
-
\??\c:\rvjtbbf.exec:\rvjtbbf.exe18⤵
- Executes dropped EXE
-
\??\c:\nrbhbp.exec:\nrbhbp.exe19⤵
- Executes dropped EXE
-
\??\c:\fvnfv.exec:\fvnfv.exe20⤵
- Executes dropped EXE
-
\??\c:\rhjhj.exec:\rhjhj.exe21⤵
- Executes dropped EXE
-
\??\c:\pftnrjh.exec:\pftnrjh.exe22⤵
- Executes dropped EXE
-
\??\c:\jnlhvvh.exec:\jnlhvvh.exe23⤵
- Executes dropped EXE
-
\??\c:\jlvfp.exec:\jlvfp.exe24⤵
- Executes dropped EXE
-
\??\c:\hnvbpx.exec:\hnvbpx.exe25⤵
- Executes dropped EXE
-
\??\c:\tnrrjt.exec:\tnrrjt.exe26⤵
- Executes dropped EXE
-
\??\c:\nprrj.exec:\nprrj.exe27⤵
- Executes dropped EXE
-
\??\c:\hrvfbdb.exec:\hrvfbdb.exe28⤵
- Executes dropped EXE
-
\??\c:\lbrxtvh.exec:\lbrxtvh.exe29⤵
- Executes dropped EXE
-
\??\c:\jldbrln.exec:\jldbrln.exe30⤵
- Executes dropped EXE
-
\??\c:\fnrfvtn.exec:\fnrfvtn.exe31⤵
- Executes dropped EXE
-
\??\c:\vlffx.exec:\vlffx.exe32⤵
- Executes dropped EXE
-
\??\c:\bddpx.exec:\bddpx.exe33⤵
- Executes dropped EXE
-
\??\c:\hbtfb.exec:\hbtfb.exe34⤵
- Executes dropped EXE
-
\??\c:\bpbrdb.exec:\bpbrdb.exe35⤵
- Executes dropped EXE
-
\??\c:\hjthx.exec:\hjthx.exe36⤵
- Executes dropped EXE
-
\??\c:\lnlpxv.exec:\lnlpxv.exe37⤵
- Executes dropped EXE
-
\??\c:\xfhdd.exec:\xfhdd.exe38⤵
- Executes dropped EXE
-
\??\c:\njfdrx.exec:\njfdrx.exe39⤵
- Executes dropped EXE
-
\??\c:\dbtvr.exec:\dbtvr.exe40⤵
- Executes dropped EXE
-
\??\c:\rlvbt.exec:\rlvbt.exe41⤵
- Executes dropped EXE
-
\??\c:\ffldj.exec:\ffldj.exe42⤵
- Executes dropped EXE
-
\??\c:\rblfb.exec:\rblfb.exe43⤵
- Executes dropped EXE
-
\??\c:\dvvnjl.exec:\dvvnjl.exe44⤵
- Executes dropped EXE
-
\??\c:\lbrbh.exec:\lbrbh.exe45⤵
- Executes dropped EXE
-
\??\c:\hffjnlx.exec:\hffjnlx.exe46⤵
- Executes dropped EXE
-
\??\c:\brjdl.exec:\brjdl.exe47⤵
- Executes dropped EXE
-
\??\c:\xrnnv.exec:\xrnnv.exe48⤵
- Executes dropped EXE
-
\??\c:\rvfph.exec:\rvfph.exe49⤵
- Executes dropped EXE
-
\??\c:\fhvjjj.exec:\fhvjjj.exe50⤵
- Executes dropped EXE
-
\??\c:\lndtd.exec:\lndtd.exe51⤵
- Executes dropped EXE
-
\??\c:\fnpndpl.exec:\fnpndpl.exe52⤵
- Executes dropped EXE
-
\??\c:\bprbj.exec:\bprbj.exe53⤵
- Executes dropped EXE
-
\??\c:\vlrrdb.exec:\vlrrdb.exe54⤵
- Executes dropped EXE
-
\??\c:\rxhnndr.exec:\rxhnndr.exe55⤵
- Executes dropped EXE
-
\??\c:\hdjfttn.exec:\hdjfttn.exe56⤵
- Executes dropped EXE
-
\??\c:\hnrtr.exec:\hnrtr.exe57⤵
- Executes dropped EXE
-
\??\c:\rtrxd.exec:\rtrxd.exe58⤵
- Executes dropped EXE
-
\??\c:\fldvb.exec:\fldvb.exe59⤵
- Executes dropped EXE
-
\??\c:\bthrp.exec:\bthrp.exe60⤵
-
\??\c:\nhpjb.exec:\nhpjb.exe61⤵
-
\??\c:\hdvdj.exec:\hdvdj.exe62⤵
-
\??\c:\rrpdh.exec:\rrpdh.exe63⤵
-
\??\c:\fntvvh.exec:\fntvvh.exe64⤵
-
\??\c:\jdlfnr.exec:\jdlfnr.exe65⤵
-
\??\c:\lnxbdlh.exec:\lnxbdlh.exe66⤵
-
\??\c:\txprrp.exec:\txprrp.exe67⤵
-
\??\c:\rbnhr.exec:\rbnhr.exe68⤵
-
\??\c:\pptlx.exec:\pptlx.exe69⤵
-
\??\c:\dtjjvl.exec:\dtjjvl.exe70⤵
-
\??\c:\bhrdhrn.exec:\bhrdhrn.exe71⤵
-
\??\c:\pbfjfxx.exec:\pbfjfxx.exe72⤵
-
\??\c:\djjrbx.exec:\djjrbx.exe73⤵
-
\??\c:\trvfhlf.exec:\trvfhlf.exe74⤵
-
\??\c:\bplfr.exec:\bplfr.exe75⤵
-
\??\c:\brxrvrd.exec:\brxrvrd.exe76⤵
-
\??\c:\nvnhflp.exec:\nvnhflp.exe77⤵
-
\??\c:\jtbpthj.exec:\jtbpthj.exe78⤵
-
\??\c:\vjdnrf.exec:\vjdnrf.exe79⤵
-
\??\c:\pvbrj.exec:\pvbrj.exe80⤵
-
\??\c:\dxvjxfj.exec:\dxvjxfj.exe81⤵
-
\??\c:\ddvntl.exec:\ddvntl.exe82⤵
-
\??\c:\ttxjvnb.exec:\ttxjvnb.exe83⤵
-
\??\c:\lrftp.exec:\lrftp.exe84⤵
-
\??\c:\tbxnhfp.exec:\tbxnhfp.exe85⤵
-
\??\c:\rrxhbjf.exec:\rrxhbjf.exe86⤵
-
\??\c:\lvlnhxn.exec:\lvlnhxn.exe87⤵
-
\??\c:\nbhfbhd.exec:\nbhfbhd.exe88⤵
-
\??\c:\xdlnx.exec:\xdlnx.exe89⤵
-
\??\c:\hfdxpfj.exec:\hfdxpfj.exe90⤵
-
\??\c:\bjlln.exec:\bjlln.exe91⤵
-
\??\c:\lrhhbj.exec:\lrhhbj.exe92⤵
-
\??\c:\xbpjj.exec:\xbpjj.exe93⤵
-
\??\c:\bjjdbjr.exec:\bjjdbjr.exe94⤵
-
\??\c:\hvdbttd.exec:\hvdbttd.exe95⤵
-
\??\c:\pjntt.exec:\pjntt.exe96⤵
-
\??\c:\lbrxv.exec:\lbrxv.exe97⤵
-
\??\c:\dvtpj.exec:\dvtpj.exe98⤵
-
\??\c:\jdtnnd.exec:\jdtnnd.exe99⤵
-
\??\c:\dftdxbt.exec:\dftdxbt.exe100⤵
-
\??\c:\vpdjx.exec:\vpdjx.exe101⤵
-
\??\c:\xhdbxvp.exec:\xhdbxvp.exe102⤵
-
\??\c:\pttjbrj.exec:\pttjbrj.exe103⤵
-
\??\c:\nnrnf.exec:\nnrnf.exe104⤵
-
\??\c:\vbxrhfj.exec:\vbxrhfj.exe105⤵
-
\??\c:\ftnrf.exec:\ftnrf.exe106⤵
-
\??\c:\xfhvpt.exec:\xfhvpt.exe107⤵
-
\??\c:\pflnbn.exec:\pflnbn.exe108⤵
-
\??\c:\pdfpb.exec:\pdfpb.exe109⤵
-
\??\c:\ftjhn.exec:\ftjhn.exe110⤵
-
\??\c:\pbfhpfl.exec:\pbfhpfl.exe111⤵
-
\??\c:\lvjjfj.exec:\lvjjfj.exe112⤵
-
\??\c:\vbjpvv.exec:\vbjpvv.exe113⤵
-
\??\c:\prffxb.exec:\prffxb.exe114⤵
-
\??\c:\jbdllp.exec:\jbdllp.exe115⤵
-
\??\c:\lfpdhhb.exec:\lfpdhhb.exe116⤵
-
\??\c:\hfhlvrr.exec:\hfhlvrr.exe117⤵
-
\??\c:\fnfxl.exec:\fnfxl.exe118⤵
-
\??\c:\jfjrxtt.exec:\jfjrxtt.exe119⤵
-
\??\c:\rttbl.exec:\rttbl.exe120⤵
-
\??\c:\jldrnv.exec:\jldrnv.exe121⤵
-
\??\c:\bjvbrdb.exec:\bjvbrdb.exe122⤵
-
\??\c:\rpvbhff.exec:\rpvbhff.exe123⤵
-
\??\c:\pbftdh.exec:\pbftdh.exe124⤵
-
\??\c:\bbfdxv.exec:\bbfdxv.exe125⤵
-
\??\c:\bhnrlht.exec:\bhnrlht.exe126⤵
-
\??\c:\rxvhx.exec:\rxvhx.exe127⤵
-
\??\c:\frbtpl.exec:\frbtpl.exe128⤵
-
\??\c:\dhpdxjv.exec:\dhpdxjv.exe129⤵
-
\??\c:\vphvpb.exec:\vphvpb.exe130⤵
-
\??\c:\tpxjfv.exec:\tpxjfv.exe131⤵
-
\??\c:\jbbhbnd.exec:\jbbhbnd.exe132⤵
-
\??\c:\nfxnxxp.exec:\nfxnxxp.exe133⤵
-
\??\c:\drbbvbn.exec:\drbbvbn.exe134⤵
-
\??\c:\rfhrd.exec:\rfhrd.exe135⤵
-
\??\c:\rbpfd.exec:\rbpfd.exe136⤵
-
\??\c:\vbfjxft.exec:\vbfjxft.exe137⤵
-
\??\c:\pjvvjh.exec:\pjvvjh.exe138⤵
-
\??\c:\txtfj.exec:\txtfj.exe139⤵
-
\??\c:\jrbpvbt.exec:\jrbpvbt.exe140⤵
-
\??\c:\dxpnbl.exec:\dxpnbl.exe141⤵
-
\??\c:\pfbbjh.exec:\pfbbjh.exe142⤵
-
\??\c:\tjnjnrv.exec:\tjnjnrv.exe143⤵
-
\??\c:\jhjxfd.exec:\jhjxfd.exe144⤵
-
\??\c:\lfnntrv.exec:\lfnntrv.exe145⤵
-
\??\c:\jftnlh.exec:\jftnlh.exe146⤵
-
\??\c:\nrhlxxp.exec:\nrhlxxp.exe147⤵
-
\??\c:\hnxxlbj.exec:\hnxxlbj.exe148⤵
-
\??\c:\nfdfjf.exec:\nfdfjf.exe149⤵
-
\??\c:\tntpf.exec:\tntpf.exe150⤵
-
\??\c:\tnrnv.exec:\tnrnv.exe151⤵
-
\??\c:\rfjdrrv.exec:\rfjdrrv.exe152⤵
-
\??\c:\bjjvnx.exec:\bjjvnx.exe153⤵
-
\??\c:\pxthb.exec:\pxthb.exe154⤵
-
\??\c:\hhrhf.exec:\hhrhf.exe155⤵
-
\??\c:\xfndrn.exec:\xfndrn.exe156⤵
-
\??\c:\jlfdvj.exec:\jlfdvj.exe157⤵
-
\??\c:\nhfxt.exec:\nhfxt.exe158⤵
-
\??\c:\vrfvnbj.exec:\vrfvnbj.exe159⤵
-
\??\c:\rpxjf.exec:\rpxjf.exe160⤵
-
\??\c:\vjbfvx.exec:\vjbfvx.exe161⤵
-
\??\c:\xpfblxv.exec:\xpfblxv.exe162⤵
-
\??\c:\tnlxd.exec:\tnlxd.exe163⤵
-
\??\c:\dbhtvxf.exec:\dbhtvxf.exe164⤵
-
\??\c:\frntj.exec:\frntj.exe165⤵
-
\??\c:\jrxptjb.exec:\jrxptjb.exe166⤵
-
\??\c:\xjjnntr.exec:\xjjnntr.exe167⤵
-
\??\c:\fxfvt.exec:\fxfvt.exe168⤵
-
\??\c:\jlfndr.exec:\jlfndr.exe169⤵
-
\??\c:\jfrlbjj.exec:\jfrlbjj.exe170⤵
-
\??\c:\tjtrvlr.exec:\tjtrvlr.exe171⤵
-
\??\c:\vvtrjbf.exec:\vvtrjbf.exe172⤵
-
\??\c:\jbpbnf.exec:\jbpbnf.exe173⤵
-
\??\c:\jbxhffh.exec:\jbxhffh.exe174⤵
-
\??\c:\jxvvjj.exec:\jxvvjj.exe175⤵
-
\??\c:\fnljtpv.exec:\fnljtpv.exe176⤵
-
\??\c:\bdrlhvh.exec:\bdrlhvh.exe177⤵
-
\??\c:\vbfrxp.exec:\vbfrxp.exe178⤵
-
\??\c:\hbhldxv.exec:\hbhldxv.exe179⤵
-
\??\c:\thnvnnj.exec:\thnvnnj.exe180⤵
-
\??\c:\fhrpr.exec:\fhrpr.exe181⤵
-
\??\c:\bhddrd.exec:\bhddrd.exe182⤵
-
\??\c:\lppfrn.exec:\lppfrn.exe183⤵
-
\??\c:\jvrjjjb.exec:\jvrjjjb.exe184⤵
-
\??\c:\jdbpln.exec:\jdbpln.exe185⤵
-
\??\c:\vfxbfd.exec:\vfxbfd.exe186⤵
-
\??\c:\pxpbpp.exec:\pxpbpp.exe187⤵
-
\??\c:\vfbvn.exec:\vfbvn.exe188⤵
-
\??\c:\nrbtpbp.exec:\nrbtpbp.exe189⤵
-
\??\c:\njxplj.exec:\njxplj.exe190⤵
-
\??\c:\dvdxnjf.exec:\dvdxnjf.exe191⤵
-
\??\c:\rrdrd.exec:\rrdrd.exe192⤵
-
\??\c:\pvbhbf.exec:\pvbhbf.exe193⤵
-
\??\c:\jvxdtbr.exec:\jvxdtbr.exe194⤵
-
\??\c:\pptttl.exec:\pptttl.exe195⤵
-
\??\c:\fxddrvj.exec:\fxddrvj.exe196⤵
-
\??\c:\bljhpf.exec:\bljhpf.exe197⤵
-
\??\c:\ndllrfb.exec:\ndllrfb.exe198⤵
-
\??\c:\hphnlhh.exec:\hphnlhh.exe199⤵
-
\??\c:\bnxftnb.exec:\bnxftnb.exe200⤵
-
\??\c:\lbjhr.exec:\lbjhr.exe201⤵
-
\??\c:\ttxlhrp.exec:\ttxlhrp.exe202⤵
-
\??\c:\xrtrl.exec:\xrtrl.exe203⤵
-
\??\c:\txdffh.exec:\txdffh.exe204⤵
-
\??\c:\ftpvjjh.exec:\ftpvjjh.exe205⤵
-
\??\c:\bptvvxj.exec:\bptvvxj.exe206⤵
-
\??\c:\bbpbxt.exec:\bbpbxt.exe207⤵
-
\??\c:\tjtdflp.exec:\tjtdflp.exe208⤵
-
\??\c:\hrpthxv.exec:\hrpthxv.exe209⤵
-
\??\c:\ndntnp.exec:\ndntnp.exe210⤵
-
\??\c:\thnnln.exec:\thnnln.exe211⤵
-
\??\c:\xrxhhnf.exec:\xrxhhnf.exe212⤵
-
\??\c:\thtrp.exec:\thtrp.exe213⤵
-
\??\c:\djvrxj.exec:\djvrxj.exe214⤵
-
\??\c:\jjjrb.exec:\jjjrb.exe215⤵
-
\??\c:\pxrbpjd.exec:\pxrbpjd.exe216⤵
-
\??\c:\fbbrl.exec:\fbbrl.exe217⤵
-
\??\c:\hrfpnbh.exec:\hrfpnbh.exe218⤵
-
\??\c:\lvtrbdr.exec:\lvtrbdr.exe219⤵
-
\??\c:\flpdx.exec:\flpdx.exe220⤵
-
\??\c:\hhfdtvl.exec:\hhfdtvl.exe221⤵
-
\??\c:\pdrlvhp.exec:\pdrlvhp.exe222⤵
-
\??\c:\btfbjtr.exec:\btfbjtr.exe223⤵
-
\??\c:\nvfjjvv.exec:\nvfjjvv.exe224⤵
-
\??\c:\nbrxlxl.exec:\nbrxlxl.exe225⤵
-
\??\c:\fhvfp.exec:\fhvfp.exe226⤵
-
\??\c:\vlbtvrf.exec:\vlbtvrf.exe227⤵
-
\??\c:\vjdfl.exec:\vjdfl.exe228⤵
-
\??\c:\jddnpxt.exec:\jddnpxt.exe229⤵
-
\??\c:\xnphpv.exec:\xnphpv.exe230⤵
-
\??\c:\jpjlpb.exec:\jpjlpb.exe231⤵
-
\??\c:\jlxfrnr.exec:\jlxfrnr.exe232⤵
-
\??\c:\txbbhhb.exec:\txbbhhb.exe233⤵
-
\??\c:\rrvxv.exec:\rrvxv.exe234⤵
-
\??\c:\blpdb.exec:\blpdb.exe235⤵
-
\??\c:\fjvrh.exec:\fjvrh.exe236⤵
-
\??\c:\fhrjfv.exec:\fhrjfv.exe237⤵
-
\??\c:\hpjxf.exec:\hpjxf.exe238⤵
-
\??\c:\lfpdh.exec:\lfpdh.exe239⤵
-
\??\c:\jfvvb.exec:\jfvvb.exe240⤵