Analysis
-
max time kernel
130s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
18-04-2024 19:34
General
-
Target
1ea3a2ce726520e1a1a1ba996f0e4698e95d33d95412089ec5e6cc0104aedc0e.exe
-
Size
67KB
-
MD5
9bcc16560f7a79bca7092836b267827e
-
SHA1
1feca117a0c5db853ab54c9631f186d86e511ddc
-
SHA256
1ea3a2ce726520e1a1a1ba996f0e4698e95d33d95412089ec5e6cc0104aedc0e
-
SHA512
93f10a3253a6d2317aff34a4ac38a89f3653ec52309a30ed02e71eec724ccd45227eeda7703b76954ac6d366e20f47001feca5f252b00ca9971d436e505f8470
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzk358nLA898:ymb3NkkiQ3mdBjFIvl358nLA898
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
UPX dump on OEP (original entry point) 60 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 60 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1ea3a2ce726520e1a1a1ba996f0e4698e95d33d95412089ec5e6cc0104aedc0e.exe"C:\Users\Admin\AppData\Local\Temp\1ea3a2ce726520e1a1a1ba996f0e4698e95d33d95412089ec5e6cc0104aedc0e.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vfpjtxv.exec:\vfpjtxv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lpfphn.exec:\lpfphn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnfhpl.exec:\hnfhpl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bprtbpb.exec:\bprtbpb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jnrjr.exec:\jnrjr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htpbppt.exec:\htpbppt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\npjrxvb.exec:\npjrxvb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vnnxhn.exec:\vnnxhn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xtdnhdv.exec:\xtdnhdv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fnrhf.exec:\fnrhf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hxfxnln.exec:\hxfxnln.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tjpxtxv.exec:\tjpxtxv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdljx.exec:\pdljx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tvppv.exec:\tvppv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vrxppn.exec:\vrxppn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xhfjx.exec:\xhfjx.exe17⤵
- Executes dropped EXE
-
\??\c:\hdfdfnp.exec:\hdfdfnp.exe18⤵
- Executes dropped EXE
-
\??\c:\ddhpp.exec:\ddhpp.exe19⤵
- Executes dropped EXE
-
\??\c:\hlxlvdb.exec:\hlxlvdb.exe20⤵
- Executes dropped EXE
-
\??\c:\hnhnnh.exec:\hnhnnh.exe21⤵
- Executes dropped EXE
-
\??\c:\xndrl.exec:\xndrl.exe22⤵
- Executes dropped EXE
-
\??\c:\rrpldl.exec:\rrpldl.exe23⤵
- Executes dropped EXE
-
\??\c:\dxhxrrx.exec:\dxhxrrx.exe24⤵
- Executes dropped EXE
-
\??\c:\thrdd.exec:\thrdd.exe25⤵
- Executes dropped EXE
-
\??\c:\hxdrr.exec:\hxdrr.exe26⤵
- Executes dropped EXE
-
\??\c:\ffffl.exec:\ffffl.exe27⤵
- Executes dropped EXE
-
\??\c:\lrhhh.exec:\lrhhh.exe28⤵
- Executes dropped EXE
-
\??\c:\tdxlnll.exec:\tdxlnll.exe29⤵
- Executes dropped EXE
-
\??\c:\nrtfbj.exec:\nrtfbj.exe30⤵
- Executes dropped EXE
-
\??\c:\vbrdj.exec:\vbrdj.exe31⤵
- Executes dropped EXE
-
\??\c:\pblnffh.exec:\pblnffh.exe32⤵
- Executes dropped EXE
-
\??\c:\xltfpv.exec:\xltfpv.exe33⤵
- Executes dropped EXE
-
\??\c:\hnnbht.exec:\hnnbht.exe34⤵
- Executes dropped EXE
-
\??\c:\dnhhb.exec:\dnhhb.exe35⤵
- Executes dropped EXE
-
\??\c:\hnttp.exec:\hnttp.exe36⤵
- Executes dropped EXE
-
\??\c:\fxlfjfp.exec:\fxlfjfp.exe37⤵
- Executes dropped EXE
-
\??\c:\lrtrpbv.exec:\lrtrpbv.exe38⤵
- Executes dropped EXE
-
\??\c:\rlnrvj.exec:\rlnrvj.exe39⤵
- Executes dropped EXE
-
\??\c:\nnlfv.exec:\nnlfv.exe40⤵
- Executes dropped EXE
-
\??\c:\rddtn.exec:\rddtn.exe41⤵
- Executes dropped EXE
-
\??\c:\bnxjj.exec:\bnxjj.exe42⤵
- Executes dropped EXE
-
\??\c:\vrlthnd.exec:\vrlthnd.exe43⤵
- Executes dropped EXE
-
\??\c:\xpvlrft.exec:\xpvlrft.exe44⤵
- Executes dropped EXE
-
\??\c:\pbvvhbp.exec:\pbvvhbp.exe45⤵
- Executes dropped EXE
-
\??\c:\xvvbr.exec:\xvvbr.exe46⤵
- Executes dropped EXE
-
\??\c:\fxhjrd.exec:\fxhjrd.exe47⤵
- Executes dropped EXE
-
\??\c:\jrfdlhj.exec:\jrfdlhj.exe48⤵
- Executes dropped EXE
-
\??\c:\tpjnlfl.exec:\tpjnlfl.exe49⤵
- Executes dropped EXE
-
\??\c:\tvnbljr.exec:\tvnbljr.exe50⤵
- Executes dropped EXE
-
\??\c:\tpfbhl.exec:\tpfbhl.exe51⤵
- Executes dropped EXE
-
\??\c:\dljxd.exec:\dljxd.exe52⤵
- Executes dropped EXE
-
\??\c:\fpddf.exec:\fpddf.exe53⤵
- Executes dropped EXE
-
\??\c:\phxbrbt.exec:\phxbrbt.exe54⤵
- Executes dropped EXE
-
\??\c:\ndtdtxt.exec:\ndtdtxt.exe55⤵
- Executes dropped EXE
-
\??\c:\xnjhxf.exec:\xnjhxf.exe56⤵
- Executes dropped EXE
-
\??\c:\rxhff.exec:\rxhff.exe57⤵
- Executes dropped EXE
-
\??\c:\lvrphh.exec:\lvrphh.exe58⤵
- Executes dropped EXE
-
\??\c:\xxprrd.exec:\xxprrd.exe59⤵
- Executes dropped EXE
-
\??\c:\jbpvfd.exec:\jbpvfd.exe60⤵
- Executes dropped EXE
-
\??\c:\llbltl.exec:\llbltl.exe61⤵
- Executes dropped EXE
-
\??\c:\npjddb.exec:\npjddb.exe62⤵
- Executes dropped EXE
-
\??\c:\xvhvd.exec:\xvhvd.exe63⤵
- Executes dropped EXE
-
\??\c:\xbbth.exec:\xbbth.exe64⤵
- Executes dropped EXE
-
\??\c:\blrhpp.exec:\blrhpp.exe65⤵
- Executes dropped EXE
-
\??\c:\trpvjtx.exec:\trpvjtx.exe66⤵
-
\??\c:\bphtnv.exec:\bphtnv.exe67⤵
-
\??\c:\prplrl.exec:\prplrl.exe68⤵
-
\??\c:\lxdlpb.exec:\lxdlpb.exe69⤵
-
\??\c:\dhnvn.exec:\dhnvn.exe70⤵
-
\??\c:\vpltd.exec:\vpltd.exe71⤵
-
\??\c:\dffjr.exec:\dffjr.exe72⤵
-
\??\c:\jltblvt.exec:\jltblvt.exe73⤵
-
\??\c:\trnpnxd.exec:\trnpnxd.exe74⤵
-
\??\c:\rxjhtn.exec:\rxjhtn.exe75⤵
-
\??\c:\nrndfv.exec:\nrndfv.exe76⤵
-
\??\c:\jrjpjtt.exec:\jrjpjtt.exe77⤵
-
\??\c:\llvrtr.exec:\llvrtr.exe78⤵
-
\??\c:\xxfvv.exec:\xxfvv.exe79⤵
-
\??\c:\bjrhnp.exec:\bjrhnp.exe80⤵
-
\??\c:\hxvbbvf.exec:\hxvbbvf.exe81⤵
-
\??\c:\lftlrb.exec:\lftlrb.exe82⤵
-
\??\c:\rvhdp.exec:\rvhdp.exe83⤵
-
\??\c:\xjhhn.exec:\xjhhn.exe84⤵
-
\??\c:\jfdhjhn.exec:\jfdhjhn.exe85⤵
-
\??\c:\ftjhlt.exec:\ftjhlt.exe86⤵
-
\??\c:\tjxhtlv.exec:\tjxhtlv.exe87⤵
-
\??\c:\fpvlj.exec:\fpvlj.exe88⤵
-
\??\c:\fnbthj.exec:\fnbthj.exe89⤵
-
\??\c:\bfrnjh.exec:\bfrnjh.exe90⤵
-
\??\c:\lhppv.exec:\lhppv.exe91⤵
-
\??\c:\dfnvd.exec:\dfnvd.exe92⤵
-
\??\c:\lblpxx.exec:\lblpxx.exe93⤵
-
\??\c:\fvjth.exec:\fvjth.exe94⤵
-
\??\c:\ppnhp.exec:\ppnhp.exe95⤵
-
\??\c:\rjbln.exec:\rjbln.exe96⤵
-
\??\c:\djhdt.exec:\djhdt.exe97⤵
-
\??\c:\xntlxx.exec:\xntlxx.exe98⤵
-
\??\c:\vvlxlln.exec:\vvlxlln.exe99⤵
-
\??\c:\fxfrhvt.exec:\fxfrhvt.exe100⤵
-
\??\c:\rbbtxl.exec:\rbbtxl.exe101⤵
-
\??\c:\rjjjphb.exec:\rjjjphb.exe102⤵
-
\??\c:\xtrlhl.exec:\xtrlhl.exe103⤵
-
\??\c:\rpjhpbn.exec:\rpjhpbn.exe104⤵
-
\??\c:\xjfpndb.exec:\xjfpndb.exe105⤵
-
\??\c:\rrvvnv.exec:\rrvvnv.exe106⤵
-
\??\c:\djdhn.exec:\djdhn.exe107⤵
-
\??\c:\bdfbtd.exec:\bdfbtd.exe108⤵
-
\??\c:\lrtfb.exec:\lrtfb.exe109⤵
-
\??\c:\ldpdffl.exec:\ldpdffl.exe110⤵
-
\??\c:\tffnbxh.exec:\tffnbxh.exe111⤵
-
\??\c:\rnddj.exec:\rnddj.exe112⤵
-
\??\c:\pjfxv.exec:\pjfxv.exe113⤵
-
\??\c:\xhjpvn.exec:\xhjpvn.exe114⤵
-
\??\c:\hpffh.exec:\hpffh.exe115⤵
-
\??\c:\bdllllh.exec:\bdllllh.exe116⤵
-
\??\c:\rvrnrl.exec:\rvrnrl.exe117⤵
-
\??\c:\xhbnh.exec:\xhbnh.exe118⤵
-
\??\c:\jjpjrn.exec:\jjpjrn.exe119⤵
-
\??\c:\npnfxhf.exec:\npnfxhf.exe120⤵
-
\??\c:\ttxjx.exec:\ttxjx.exe121⤵
-
\??\c:\llrldh.exec:\llrldh.exe122⤵
-
\??\c:\ljnhh.exec:\ljnhh.exe123⤵
-
\??\c:\rphptr.exec:\rphptr.exe124⤵
-
\??\c:\rbpdpd.exec:\rbpdpd.exe125⤵
-
\??\c:\rjdndjv.exec:\rjdndjv.exe126⤵
-
\??\c:\thtvhrp.exec:\thtvhrp.exe127⤵
-
\??\c:\fnvrpp.exec:\fnvrpp.exe128⤵
-
\??\c:\lpdbnpr.exec:\lpdbnpr.exe129⤵
-
\??\c:\hhnrj.exec:\hhnrj.exe130⤵
-
\??\c:\rjrvjn.exec:\rjrvjn.exe131⤵
-
\??\c:\pfpnnvn.exec:\pfpnnvn.exe132⤵
-
\??\c:\ljjfj.exec:\ljjfj.exe133⤵
-
\??\c:\lxlrlv.exec:\lxlrlv.exe134⤵
-
\??\c:\tfjbtf.exec:\tfjbtf.exe135⤵
-
\??\c:\vnbnxvv.exec:\vnbnxvv.exe136⤵
-
\??\c:\dpvtnnh.exec:\dpvtnnh.exe137⤵
-
\??\c:\jprrxdv.exec:\jprrxdv.exe138⤵
-
\??\c:\hhhld.exec:\hhhld.exe139⤵
-
\??\c:\dltlvfx.exec:\dltlvfx.exe140⤵
-
\??\c:\hlhxtl.exec:\hlhxtl.exe141⤵
-
\??\c:\rhtxxv.exec:\rhtxxv.exe142⤵
-
\??\c:\jlphjfx.exec:\jlphjfx.exe143⤵
-
\??\c:\xlvfdt.exec:\xlvfdt.exe144⤵
-
\??\c:\xbnnjp.exec:\xbnnjp.exe145⤵
-
\??\c:\fprnh.exec:\fprnh.exe146⤵
-
\??\c:\djpfdbl.exec:\djpfdbl.exe147⤵
-
\??\c:\bvrlxxb.exec:\bvrlxxb.exe148⤵
-
\??\c:\pthdr.exec:\pthdr.exe149⤵
-
\??\c:\fvnrvnp.exec:\fvnrvnp.exe150⤵
-
\??\c:\htnbj.exec:\htnbj.exe151⤵
-
\??\c:\nfvxb.exec:\nfvxb.exe152⤵
-
\??\c:\ddrbvll.exec:\ddrbvll.exe153⤵
-
\??\c:\dbhhn.exec:\dbhhn.exe154⤵
-
\??\c:\vfxprp.exec:\vfxprp.exe155⤵
-
\??\c:\rdpdrxh.exec:\rdpdrxh.exe156⤵
-
\??\c:\hbnvv.exec:\hbnvv.exe157⤵
-
\??\c:\drxxlj.exec:\drxxlj.exe158⤵
-
\??\c:\ljvth.exec:\ljvth.exe159⤵
-
\??\c:\dxpjrv.exec:\dxpjrv.exe160⤵
-
\??\c:\rhhvvl.exec:\rhhvvl.exe161⤵
-
\??\c:\hndvdnh.exec:\hndvdnh.exe162⤵
-
\??\c:\fvjdl.exec:\fvjdl.exe163⤵
-
\??\c:\nxltxvv.exec:\nxltxvv.exe164⤵
-
\??\c:\lrpdjl.exec:\lrpdjl.exe165⤵
-
\??\c:\dnjhplb.exec:\dnjhplb.exe166⤵
-
\??\c:\dhlll.exec:\dhlll.exe167⤵
-
\??\c:\htddlpb.exec:\htddlpb.exe168⤵
-
\??\c:\lnlffhp.exec:\lnlffhp.exe169⤵
-
\??\c:\bfxhfp.exec:\bfxhfp.exe170⤵
-
\??\c:\fbbvjp.exec:\fbbvjp.exe171⤵
-
\??\c:\bjlfrhr.exec:\bjlfrhr.exe172⤵
-
\??\c:\hjbxftr.exec:\hjbxftr.exe173⤵
-
\??\c:\jbdvt.exec:\jbdvt.exe174⤵
-
\??\c:\nbfhvth.exec:\nbfhvth.exe175⤵
-
\??\c:\xfbfh.exec:\xfbfh.exe176⤵
-
\??\c:\hxpvxh.exec:\hxpvxh.exe177⤵
-
\??\c:\jhpdf.exec:\jhpdf.exe178⤵
-
\??\c:\vddjjx.exec:\vddjjx.exe179⤵
-
\??\c:\xjfjh.exec:\xjfjh.exe180⤵
-
\??\c:\xbttxp.exec:\xbttxp.exe181⤵
-
\??\c:\tvrhht.exec:\tvrhht.exe182⤵
-
\??\c:\rtbpdv.exec:\rtbpdv.exe183⤵
-
\??\c:\vfhvfv.exec:\vfhvfv.exe184⤵
-
\??\c:\tvrllbf.exec:\tvrllbf.exe185⤵
-
\??\c:\prdntxv.exec:\prdntxv.exe186⤵
-
\??\c:\hplpxx.exec:\hplpxx.exe187⤵
-
\??\c:\hxjtlnd.exec:\hxjtlnd.exe188⤵
-
\??\c:\rtxvdb.exec:\rtxvdb.exe189⤵
-
\??\c:\ppfxrj.exec:\ppfxrj.exe190⤵
-
\??\c:\rtjhtd.exec:\rtjhtd.exe191⤵
-
\??\c:\jrflbdj.exec:\jrflbdj.exe192⤵
-
\??\c:\trlvhvj.exec:\trlvhvj.exe193⤵
-
\??\c:\jrjnh.exec:\jrjnh.exe194⤵
-
\??\c:\ltpfhlt.exec:\ltpfhlt.exe195⤵
-
\??\c:\tjhrrp.exec:\tjhrrp.exe196⤵
-
\??\c:\thjtvt.exec:\thjtvt.exe197⤵
-
\??\c:\dxvxrp.exec:\dxvxrp.exe198⤵
-
\??\c:\hvpdlvl.exec:\hvpdlvl.exe199⤵
-
\??\c:\lhnpvj.exec:\lhnpvj.exe200⤵
-
\??\c:\fxhdt.exec:\fxhdt.exe201⤵
-
\??\c:\ndtjx.exec:\ndtjx.exe202⤵
-
\??\c:\jrhjnpp.exec:\jrhjnpp.exe203⤵
-
\??\c:\dlffth.exec:\dlffth.exe204⤵
-
\??\c:\hnplltf.exec:\hnplltf.exe205⤵
-
\??\c:\vbdrfl.exec:\vbdrfl.exe206⤵
-
\??\c:\hrvbjd.exec:\hrvbjd.exe207⤵
-
\??\c:\xfdlv.exec:\xfdlv.exe208⤵
-
\??\c:\bjrvr.exec:\bjrvr.exe209⤵
-
\??\c:\jbxhxf.exec:\jbxhxf.exe210⤵
-
\??\c:\jfrpfl.exec:\jfrpfl.exe211⤵
-
\??\c:\phjxp.exec:\phjxp.exe212⤵
-
\??\c:\hprvxv.exec:\hprvxv.exe213⤵
-
\??\c:\vnjxjj.exec:\vnjxjj.exe214⤵
-
\??\c:\nbjtfl.exec:\nbjtfl.exe215⤵
-
\??\c:\jvtpdff.exec:\jvtpdff.exe216⤵
-
\??\c:\vprnrnv.exec:\vprnrnv.exe217⤵
-
\??\c:\hbfxt.exec:\hbfxt.exe218⤵
-
\??\c:\lxffbnj.exec:\lxffbnj.exe219⤵
-
\??\c:\txjdnp.exec:\txjdnp.exe220⤵
-
\??\c:\vxrptv.exec:\vxrptv.exe221⤵
-
\??\c:\xvdfflx.exec:\xvdfflx.exe222⤵
-
\??\c:\jpdbbpv.exec:\jpdbbpv.exe223⤵
-
\??\c:\tjnxd.exec:\tjnxd.exe224⤵
-
\??\c:\fhtprnr.exec:\fhtprnr.exe225⤵
-
\??\c:\bpjnx.exec:\bpjnx.exe226⤵
-
\??\c:\xtvll.exec:\xtvll.exe227⤵
-
\??\c:\lnvxhhl.exec:\lnvxhhl.exe228⤵
-
\??\c:\vrnndb.exec:\vrnndb.exe229⤵
-
\??\c:\jbhbnh.exec:\jbhbnh.exe230⤵
-
\??\c:\pjtpfn.exec:\pjtpfn.exe231⤵
-
\??\c:\ffjjlr.exec:\ffjjlr.exe232⤵
-
\??\c:\plfdb.exec:\plfdb.exe233⤵
-
\??\c:\npvpx.exec:\npvpx.exe234⤵
-
\??\c:\xdhbf.exec:\xdhbf.exe235⤵
-
\??\c:\fvdnjh.exec:\fvdnjh.exe236⤵
-
\??\c:\jvdjhd.exec:\jvdjhd.exe237⤵
-
\??\c:\vlxdv.exec:\vlxdv.exe238⤵
-
\??\c:\vpxntt.exec:\vpxntt.exe239⤵
-
\??\c:\lxttdnx.exec:\lxttdnx.exe240⤵