Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
18-04-2024 19:48
General
-
Target
240478081d2027f4c19218bbba872d2d2be8f0d09a74190c49f2266c66c4f936.exe
-
Size
201KB
-
MD5
9989c66a0a28117c476777fa6245dc88
-
SHA1
b2d9f3e1a0952e889f9e62f255a6286e4ee5b5b8
-
SHA256
240478081d2027f4c19218bbba872d2d2be8f0d09a74190c49f2266c66c4f936
-
SHA512
3d1436769712ad1500dff7f669de4eb6f19d42b78331ac640771081c13731b309dd577bd9c9f1367f4cf7a26cf04948d4e798dc1915fd12fca24b7e8baeec7cd
-
SSDEEP
1536:PvQBeOGtrYSSsrc93UBIfdC67m6AJiqgT4+C2HVM1p6TQpbY:PhOm2sI93UufdC67ciJTU2HVS6P
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
UPX dump on OEP (original entry point) 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\240478081d2027f4c19218bbba872d2d2be8f0d09a74190c49f2266c66c4f936.exe"C:\Users\Admin\AppData\Local\Temp\240478081d2027f4c19218bbba872d2d2be8f0d09a74190c49f2266c66c4f936.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\p06ll6t.exec:\p06ll6t.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u9toe8.exec:\u9toe8.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pe705.exec:\pe705.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pi49t.exec:\pi49t.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1l0rgd5.exec:\1l0rgd5.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8nkqkx.exec:\8nkqkx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i28re1.exec:\i28re1.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\d9i297k.exec:\d9i297k.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s6v87sp.exec:\s6v87sp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\n0750.exec:\n0750.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pst90.exec:\pst90.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\h3m4e.exec:\h3m4e.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\33u1w.exec:\33u1w.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hxphxhp.exec:\hxphxhp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0r7817.exec:\0r7817.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pfxfh.exec:\pfxfh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fvnixt.exec:\fvnixt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vutah.exec:\vutah.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xbsi0j.exec:\xbsi0j.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4dq1lw.exec:\4dq1lw.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a3kua.exec:\a3kua.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ug5b46.exec:\5ug5b46.exe23⤵
- Executes dropped EXE
-
\??\c:\854nf1p.exec:\854nf1p.exe24⤵
- Executes dropped EXE
-
\??\c:\6b27jx.exec:\6b27jx.exe25⤵
- Executes dropped EXE
-
\??\c:\oo0pxx0.exec:\oo0pxx0.exe26⤵
- Executes dropped EXE
-
\??\c:\nq4j017.exec:\nq4j017.exe27⤵
- Executes dropped EXE
-
\??\c:\910fu0q.exec:\910fu0q.exe28⤵
- Executes dropped EXE
-
\??\c:\6log0q.exec:\6log0q.exe29⤵
- Executes dropped EXE
-
\??\c:\2j3klo.exec:\2j3klo.exe30⤵
- Executes dropped EXE
-
\??\c:\gr1ofac.exec:\gr1ofac.exe31⤵
- Executes dropped EXE
-
\??\c:\242o2.exec:\242o2.exe32⤵
- Executes dropped EXE
-
\??\c:\3w19l.exec:\3w19l.exe33⤵
- Executes dropped EXE
-
\??\c:\92b63.exec:\92b63.exe34⤵
- Executes dropped EXE
-
\??\c:\ghj71.exec:\ghj71.exe35⤵
- Executes dropped EXE
-
\??\c:\5fan2.exec:\5fan2.exe36⤵
- Executes dropped EXE
-
\??\c:\2n080j.exec:\2n080j.exe37⤵
- Executes dropped EXE
-
\??\c:\9sn4m4p.exec:\9sn4m4p.exe38⤵
- Executes dropped EXE
-
\??\c:\vj89i5a.exec:\vj89i5a.exe39⤵
- Executes dropped EXE
-
\??\c:\4tbia.exec:\4tbia.exe40⤵
- Executes dropped EXE
-
\??\c:\0j3o9.exec:\0j3o9.exe41⤵
- Executes dropped EXE
-
\??\c:\4950p.exec:\4950p.exe42⤵
- Executes dropped EXE
-
\??\c:\hb6cu.exec:\hb6cu.exe43⤵
- Executes dropped EXE
-
\??\c:\1rvqo46.exec:\1rvqo46.exe44⤵
- Executes dropped EXE
-
\??\c:\211jkoq.exec:\211jkoq.exe45⤵
- Executes dropped EXE
-
\??\c:\i80gw61.exec:\i80gw61.exe46⤵
- Executes dropped EXE
-
\??\c:\1s7g6.exec:\1s7g6.exe47⤵
- Executes dropped EXE
-
\??\c:\194da.exec:\194da.exe48⤵
- Executes dropped EXE
-
\??\c:\x85u6b7.exec:\x85u6b7.exe49⤵
- Executes dropped EXE
-
\??\c:\enn3ri.exec:\enn3ri.exe50⤵
- Executes dropped EXE
-
\??\c:\bh6tx.exec:\bh6tx.exe51⤵
- Executes dropped EXE
-
\??\c:\t1478.exec:\t1478.exe52⤵
- Executes dropped EXE
-
\??\c:\n9733.exec:\n9733.exe53⤵
- Executes dropped EXE
-
\??\c:\mmawc.exec:\mmawc.exe54⤵
- Executes dropped EXE
-
\??\c:\vpk8e.exec:\vpk8e.exe55⤵
- Executes dropped EXE
-
\??\c:\gt5jr0.exec:\gt5jr0.exe56⤵
- Executes dropped EXE
-
\??\c:\537am.exec:\537am.exe57⤵
- Executes dropped EXE
-
\??\c:\1fdwis4.exec:\1fdwis4.exe58⤵
- Executes dropped EXE
-
\??\c:\38t9f6w.exec:\38t9f6w.exe59⤵
- Executes dropped EXE
-
\??\c:\0d0760.exec:\0d0760.exe60⤵
- Executes dropped EXE
-
\??\c:\ooni7.exec:\ooni7.exe61⤵
- Executes dropped EXE
-
\??\c:\69v528.exec:\69v528.exe62⤵
- Executes dropped EXE
-
\??\c:\tp40m9t.exec:\tp40m9t.exe63⤵
- Executes dropped EXE
-
\??\c:\4h33p.exec:\4h33p.exe64⤵
- Executes dropped EXE
-
\??\c:\3h98i8.exec:\3h98i8.exe65⤵
- Executes dropped EXE
-
\??\c:\9e4cj8.exec:\9e4cj8.exe66⤵
-
\??\c:\lb7ofw.exec:\lb7ofw.exe67⤵
-
\??\c:\wp647ab.exec:\wp647ab.exe68⤵
-
\??\c:\u3fvq.exec:\u3fvq.exe69⤵
-
\??\c:\fj5xs5.exec:\fj5xs5.exe70⤵
-
\??\c:\o9x9l07.exec:\o9x9l07.exe71⤵
-
\??\c:\p2e97.exec:\p2e97.exe72⤵
-
\??\c:\p60dg4a.exec:\p60dg4a.exe73⤵
-
\??\c:\3ig5kw5.exec:\3ig5kw5.exe74⤵
-
\??\c:\xf21be.exec:\xf21be.exe75⤵
-
\??\c:\33eo0.exec:\33eo0.exe76⤵
-
\??\c:\216dh4p.exec:\216dh4p.exe77⤵
-
\??\c:\2u96mc.exec:\2u96mc.exe78⤵
-
\??\c:\1uo304e.exec:\1uo304e.exe79⤵
-
\??\c:\os63f.exec:\os63f.exe80⤵
-
\??\c:\34hs617.exec:\34hs617.exe81⤵
-
\??\c:\mq3j0.exec:\mq3j0.exe82⤵
-
\??\c:\mp7vh.exec:\mp7vh.exe83⤵
-
\??\c:\i8pqc3.exec:\i8pqc3.exe84⤵
-
\??\c:\gwuj9x.exec:\gwuj9x.exe85⤵
-
\??\c:\ksn491o.exec:\ksn491o.exe86⤵
-
\??\c:\uc0c9wx.exec:\uc0c9wx.exe87⤵
-
\??\c:\994et.exec:\994et.exe88⤵
-
\??\c:\0m1sq.exec:\0m1sq.exe89⤵
-
\??\c:\u7174.exec:\u7174.exe90⤵
-
\??\c:\36xrk.exec:\36xrk.exe91⤵
-
\??\c:\fi4tf.exec:\fi4tf.exe92⤵
-
\??\c:\5w9358.exec:\5w9358.exe93⤵
-
\??\c:\2rrl9.exec:\2rrl9.exe94⤵
-
\??\c:\kt1lv.exec:\kt1lv.exe95⤵
-
\??\c:\g179r.exec:\g179r.exe96⤵
-
\??\c:\eh08xb.exec:\eh08xb.exe97⤵
-
\??\c:\tkmsh.exec:\tkmsh.exe98⤵
-
\??\c:\f489g4b.exec:\f489g4b.exe99⤵
-
\??\c:\og6dg3.exec:\og6dg3.exe100⤵
-
\??\c:\9j69f05.exec:\9j69f05.exe101⤵
-
\??\c:\i4e8v.exec:\i4e8v.exe102⤵
-
\??\c:\lxo971m.exec:\lxo971m.exe103⤵
-
\??\c:\99gm7.exec:\99gm7.exe104⤵
-
\??\c:\60dmp9.exec:\60dmp9.exe105⤵
-
\??\c:\r19nl.exec:\r19nl.exe106⤵
-
\??\c:\n6752.exec:\n6752.exe107⤵
-
\??\c:\29694d7.exec:\29694d7.exe108⤵
-
\??\c:\1lnf8.exec:\1lnf8.exe109⤵
-
\??\c:\wgdbb.exec:\wgdbb.exe110⤵
-
\??\c:\vhk8w.exec:\vhk8w.exe111⤵
-
\??\c:\c503p7d.exec:\c503p7d.exe112⤵
-
\??\c:\29of7.exec:\29of7.exe113⤵
-
\??\c:\9of63s.exec:\9of63s.exe114⤵
-
\??\c:\7809xf.exec:\7809xf.exe115⤵
-
\??\c:\b2if7.exec:\b2if7.exe116⤵
-
\??\c:\25eru9.exec:\25eru9.exe117⤵
-
\??\c:\4ekec0i.exec:\4ekec0i.exe118⤵
-
\??\c:\773113.exec:\773113.exe119⤵
-
\??\c:\8qq739.exec:\8qq739.exe120⤵
-
\??\c:\i03770.exec:\i03770.exe121⤵
-
\??\c:\2xl8oo.exec:\2xl8oo.exe122⤵
-
\??\c:\0m65577.exec:\0m65577.exe123⤵
-
\??\c:\9rlv3t.exec:\9rlv3t.exe124⤵
-
\??\c:\q319xb.exec:\q319xb.exe125⤵
-
\??\c:\x53t211.exec:\x53t211.exe126⤵
-
\??\c:\29h1o54.exec:\29h1o54.exe127⤵
-
\??\c:\pl91hh.exec:\pl91hh.exe128⤵
-
\??\c:\73iv8.exec:\73iv8.exe129⤵
-
\??\c:\sat48f.exec:\sat48f.exe130⤵
-
\??\c:\76x4bkc.exec:\76x4bkc.exe131⤵
-
\??\c:\6wsb9no.exec:\6wsb9no.exe132⤵
-
\??\c:\105r9.exec:\105r9.exe133⤵
-
\??\c:\5ogw0.exec:\5ogw0.exe134⤵
-
\??\c:\73595.exec:\73595.exe135⤵
-
\??\c:\ko53kk.exec:\ko53kk.exe136⤵
-
\??\c:\8ns7k.exec:\8ns7k.exe137⤵
-
\??\c:\525m07.exec:\525m07.exe138⤵
-
\??\c:\rbpqk.exec:\rbpqk.exe139⤵
-
\??\c:\jnwx45t.exec:\jnwx45t.exe140⤵
-
\??\c:\hj4ub.exec:\hj4ub.exe141⤵
-
\??\c:\63077.exec:\63077.exe142⤵
-
\??\c:\1eot0d.exec:\1eot0d.exe143⤵
-
\??\c:\5f62m2.exec:\5f62m2.exe144⤵
-
\??\c:\3ibkx.exec:\3ibkx.exe145⤵
-
\??\c:\61n50ga.exec:\61n50ga.exe146⤵
-
\??\c:\q9wt2.exec:\q9wt2.exe147⤵
-
\??\c:\j6w9f2p.exec:\j6w9f2p.exe148⤵
-
\??\c:\w9l4s.exec:\w9l4s.exe149⤵
-
\??\c:\g2133p6.exec:\g2133p6.exe150⤵
-
\??\c:\8rg46.exec:\8rg46.exe151⤵
-
\??\c:\tt9b0ul.exec:\tt9b0ul.exe152⤵
-
\??\c:\72gqf.exec:\72gqf.exe153⤵
-
\??\c:\675gmj5.exec:\675gmj5.exe154⤵
-
\??\c:\k2943.exec:\k2943.exe155⤵
-
\??\c:\65m5gdr.exec:\65m5gdr.exe156⤵
-
\??\c:\1f6kp2r.exec:\1f6kp2r.exe157⤵
-
\??\c:\v67ud5h.exec:\v67ud5h.exe158⤵
-
\??\c:\8t7159.exec:\8t7159.exe159⤵
-
\??\c:\3h2n254.exec:\3h2n254.exe160⤵
-
\??\c:\blhos.exec:\blhos.exe161⤵
-
\??\c:\209977w.exec:\209977w.exe162⤵
-
\??\c:\vefft0f.exec:\vefft0f.exe163⤵
-
\??\c:\f2ii7mx.exec:\f2ii7mx.exe164⤵
-
\??\c:\718e615.exec:\718e615.exe165⤵
-
\??\c:\9tk31l.exec:\9tk31l.exe166⤵
-
\??\c:\9i70a5.exec:\9i70a5.exe167⤵
-
\??\c:\thxpfdr.exec:\thxpfdr.exe168⤵
-
\??\c:\1vk812.exec:\1vk812.exe169⤵
-
\??\c:\9qocb2a.exec:\9qocb2a.exe170⤵
-
\??\c:\60m46.exec:\60m46.exe171⤵
-
\??\c:\r3r9m.exec:\r3r9m.exe172⤵
-
\??\c:\19u8795.exec:\19u8795.exe173⤵
-
\??\c:\ow77go.exec:\ow77go.exe174⤵
-
\??\c:\jkn2h7l.exec:\jkn2h7l.exe175⤵
-
\??\c:\5e48c21.exec:\5e48c21.exe176⤵
-
\??\c:\74orbbt.exec:\74orbbt.exe177⤵
-
\??\c:\pbfnn.exec:\pbfnn.exe178⤵
-
\??\c:\0wnxqch.exec:\0wnxqch.exe179⤵
-
\??\c:\41f3l3v.exec:\41f3l3v.exe180⤵
-
\??\c:\xawiq5f.exec:\xawiq5f.exe181⤵
-
\??\c:\32s1r9.exec:\32s1r9.exe182⤵
-
\??\c:\7k33j57.exec:\7k33j57.exe183⤵
-
\??\c:\5m8p2.exec:\5m8p2.exe184⤵
-
\??\c:\2ua9ph.exec:\2ua9ph.exe185⤵
-
\??\c:\q62m7.exec:\q62m7.exe186⤵
-
\??\c:\73vqr.exec:\73vqr.exe187⤵
-
\??\c:\jc984p.exec:\jc984p.exe188⤵
-
\??\c:\3wkx0m1.exec:\3wkx0m1.exe189⤵
-
\??\c:\w93be7p.exec:\w93be7p.exe190⤵
-
\??\c:\e3d85e.exec:\e3d85e.exe191⤵
-
\??\c:\0h25s.exec:\0h25s.exe192⤵
-
\??\c:\u34aw84.exec:\u34aw84.exe193⤵
-
\??\c:\g5s0t.exec:\g5s0t.exe194⤵
-
\??\c:\v8a32p.exec:\v8a32p.exe195⤵
-
\??\c:\833k91.exec:\833k91.exe196⤵
-
\??\c:\r9u1t5c.exec:\r9u1t5c.exe197⤵
-
\??\c:\18lkm5.exec:\18lkm5.exe198⤵
-
\??\c:\56q9cw.exec:\56q9cw.exe199⤵
-
\??\c:\lme401n.exec:\lme401n.exe200⤵
-
\??\c:\w9a7f.exec:\w9a7f.exe201⤵
-
\??\c:\4o7e5a0.exec:\4o7e5a0.exe202⤵
-
\??\c:\t3bad.exec:\t3bad.exe203⤵
-
\??\c:\38h72ip.exec:\38h72ip.exe204⤵
-
\??\c:\7jki9.exec:\7jki9.exe205⤵
-
\??\c:\4it82f4.exec:\4it82f4.exe206⤵
-
\??\c:\o8739i.exec:\o8739i.exe207⤵
-
\??\c:\045qk5w.exec:\045qk5w.exe208⤵
-
\??\c:\ltttttt.exec:\ltttttt.exe209⤵
-
\??\c:\bcrm66.exec:\bcrm66.exe210⤵
-
\??\c:\cdea945.exec:\cdea945.exe211⤵
-
\??\c:\58ebps.exec:\58ebps.exe212⤵
-
\??\c:\3bi9tx.exec:\3bi9tx.exe213⤵
-
\??\c:\j891q70.exec:\j891q70.exe214⤵
-
\??\c:\i3v764.exec:\i3v764.exe215⤵
-
\??\c:\ujwah6.exec:\ujwah6.exe216⤵
-
\??\c:\9tkklu.exec:\9tkklu.exe217⤵
-
\??\c:\410fv92.exec:\410fv92.exe218⤵
-
\??\c:\r5uxl6.exec:\r5uxl6.exe219⤵
-
\??\c:\wi1nx1.exec:\wi1nx1.exe220⤵
-
\??\c:\ddtltl.exec:\ddtltl.exe221⤵
-
\??\c:\9l53f.exec:\9l53f.exe222⤵
-
\??\c:\fd91mq6.exec:\fd91mq6.exe223⤵
-
\??\c:\kw1gu.exec:\kw1gu.exe224⤵
-
\??\c:\9vbrr.exec:\9vbrr.exe225⤵
-
\??\c:\215o1.exec:\215o1.exe226⤵
-
\??\c:\ev58t.exec:\ev58t.exe227⤵
-
\??\c:\5j3n6.exec:\5j3n6.exe228⤵
-
\??\c:\t4df91.exec:\t4df91.exe229⤵
-
\??\c:\366l26.exec:\366l26.exe230⤵
-
\??\c:\4a7575.exec:\4a7575.exe231⤵
-
\??\c:\a38u56.exec:\a38u56.exe232⤵
-
\??\c:\we8qxc2.exec:\we8qxc2.exe233⤵
-
\??\c:\w8mea.exec:\w8mea.exe234⤵
-
\??\c:\rlg6u3q.exec:\rlg6u3q.exe235⤵
-
\??\c:\b45eh6r.exec:\b45eh6r.exe236⤵
-
\??\c:\99jf501.exec:\99jf501.exe237⤵
-
\??\c:\lttlt.exec:\lttlt.exe238⤵
-
\??\c:\m03073g.exec:\m03073g.exe239⤵
-
\??\c:\7d1oth.exec:\7d1oth.exe240⤵