Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
19/04/2024, 04:00
General
-
Target
e0f260ba012108457aa2073162a9668892566278a6a372106a7b65e8bb43acae.exe
-
Size
487KB
-
MD5
325db849d9f5547e4927337a86f62506
-
SHA1
e854728f9877fd97f6c37721f8621bd2f7375305
-
SHA256
e0f260ba012108457aa2073162a9668892566278a6a372106a7b65e8bb43acae
-
SHA512
7376c5ee2d89c3a486cc1d9d9a35066c9dcefdbbc300d3fe83d3cc7ee1b31d15a67554e8495bf65d9492e72acfc28de33542b122f46664f382d297f7a60f212b
-
SSDEEP
6144:n3C9BRo7tvnJ9oH0IRgZvjkUo7tvnJ9oH0IiVByq9CPobNVB:n3C9ytvngQjgtvngSV3CPobNVB
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 32 IoCs
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
UPX dump on OEP (original entry point) 50 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 51 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e0f260ba012108457aa2073162a9668892566278a6a372106a7b65e8bb43acae.exe"C:\Users\Admin\AppData\Local\Temp\e0f260ba012108457aa2073162a9668892566278a6a372106a7b65e8bb43acae.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\brfjrnp.exec:\brfjrnp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rpxjpjj.exec:\rpxjpjj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xttrdbd.exec:\xttrdbd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jxlhx.exec:\jxlhx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbdfvp.exec:\nnbdfvp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rbjxrrj.exec:\rbjxrrj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rbnnr.exec:\rbnnr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hldpjlb.exec:\hldpjlb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xtxbj.exec:\xtxbj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtfxlv.exec:\hbtfxlv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fjdnt.exec:\fjdnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppxdbx.exec:\jppxdbx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hjpvrxt.exec:\hjpvrxt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fdjlnn.exec:\fdjlnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdbft.exec:\vdbft.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xpdbp.exec:\xpdbp.exe17⤵
- Executes dropped EXE
-
\??\c:\rbjlh.exec:\rbjlh.exe18⤵
- Executes dropped EXE
-
\??\c:\pdlxb.exec:\pdlxb.exe19⤵
- Executes dropped EXE
-
\??\c:\bnhbp.exec:\bnhbp.exe20⤵
- Executes dropped EXE
-
\??\c:\rlrfr.exec:\rlrfr.exe21⤵
- Executes dropped EXE
-
\??\c:\bpdfv.exec:\bpdfv.exe22⤵
- Executes dropped EXE
-
\??\c:\xrdbtb.exec:\xrdbtb.exe23⤵
- Executes dropped EXE
-
\??\c:\prrppxv.exec:\prrppxv.exe24⤵
- Executes dropped EXE
-
\??\c:\hvrpjj.exec:\hvrpjj.exe25⤵
- Executes dropped EXE
-
\??\c:\rlftb.exec:\rlftb.exe26⤵
- Executes dropped EXE
-
\??\c:\prrdpd.exec:\prrdpd.exe27⤵
- Executes dropped EXE
-
\??\c:\njbtpb.exec:\njbtpb.exe28⤵
- Executes dropped EXE
-
\??\c:\dfhvt.exec:\dfhvt.exe29⤵
- Executes dropped EXE
-
\??\c:\hnjth.exec:\hnjth.exe30⤵
- Executes dropped EXE
-
\??\c:\dtfhph.exec:\dtfhph.exe31⤵
- Executes dropped EXE
-
\??\c:\rprxd.exec:\rprxd.exe32⤵
- Executes dropped EXE
-
\??\c:\bvfbp.exec:\bvfbp.exe33⤵
- Executes dropped EXE
-
\??\c:\tvddx.exec:\tvddx.exe34⤵
- Executes dropped EXE
-
\??\c:\bvfjhrd.exec:\bvfjhrd.exe35⤵
- Executes dropped EXE
-
\??\c:\jxljx.exec:\jxljx.exe36⤵
- Executes dropped EXE
-
\??\c:\vjjlbv.exec:\vjjlbv.exe37⤵
- Executes dropped EXE
-
\??\c:\npddlrb.exec:\npddlrb.exe38⤵
- Executes dropped EXE
-
\??\c:\jnlhtr.exec:\jnlhtr.exe39⤵
- Executes dropped EXE
-
\??\c:\nfdbv.exec:\nfdbv.exe40⤵
- Executes dropped EXE
-
\??\c:\hnrfr.exec:\hnrfr.exe41⤵
- Executes dropped EXE
-
\??\c:\hnfdld.exec:\hnfdld.exe42⤵
- Executes dropped EXE
-
\??\c:\tbpbb.exec:\tbpbb.exe43⤵
- Executes dropped EXE
-
\??\c:\rhlnjxt.exec:\rhlnjxt.exe44⤵
- Executes dropped EXE
-
\??\c:\lxpjpvr.exec:\lxpjpvr.exe45⤵
- Executes dropped EXE
-
\??\c:\xftjtn.exec:\xftjtn.exe46⤵
- Executes dropped EXE
-
\??\c:\vhndfjd.exec:\vhndfjd.exe47⤵
- Executes dropped EXE
-
\??\c:\jllxt.exec:\jllxt.exe48⤵
- Executes dropped EXE
-
\??\c:\rplftvb.exec:\rplftvb.exe49⤵
- Executes dropped EXE
-
\??\c:\jthlfjn.exec:\jthlfjn.exe50⤵
- Executes dropped EXE
-
\??\c:\lxpfxt.exec:\lxpfxt.exe51⤵
- Executes dropped EXE
-
\??\c:\blnhdb.exec:\blnhdb.exe52⤵
- Executes dropped EXE
-
\??\c:\vpnfpp.exec:\vpnfpp.exe53⤵
- Executes dropped EXE
-
\??\c:\pldvn.exec:\pldvn.exe54⤵
- Executes dropped EXE
-
\??\c:\bpnlbt.exec:\bpnlbt.exe55⤵
- Executes dropped EXE
-
\??\c:\rddphj.exec:\rddphj.exe56⤵
- Executes dropped EXE
-
\??\c:\ffttnd.exec:\ffttnd.exe57⤵
- Executes dropped EXE
-
\??\c:\rvtjp.exec:\rvtjp.exe58⤵
- Executes dropped EXE
-
\??\c:\dllxxh.exec:\dllxxh.exe59⤵
- Executes dropped EXE
-
\??\c:\fdjvp.exec:\fdjvp.exe60⤵
- Executes dropped EXE
-
\??\c:\fxbhpn.exec:\fxbhpn.exe61⤵
- Executes dropped EXE
-
\??\c:\lvtpbt.exec:\lvtpbt.exe62⤵
- Executes dropped EXE
-
\??\c:\dfrhdn.exec:\dfrhdn.exe63⤵
- Executes dropped EXE
-
\??\c:\hddrx.exec:\hddrx.exe64⤵
- Executes dropped EXE
-
\??\c:\fdtpd.exec:\fdtpd.exe65⤵
- Executes dropped EXE
-
\??\c:\ndrjjjn.exec:\ndrjjjn.exe66⤵
-
\??\c:\ltnnr.exec:\ltnnr.exe67⤵
-
\??\c:\djbtjnb.exec:\djbtjnb.exe68⤵
-
\??\c:\blnflvj.exec:\blnflvj.exe69⤵
-
\??\c:\jlvndr.exec:\jlvndr.exe70⤵
-
\??\c:\rndnvv.exec:\rndnvv.exe71⤵
-
\??\c:\dhhdf.exec:\dhhdf.exe72⤵
-
\??\c:\bvdttbt.exec:\bvdttbt.exe73⤵
-
\??\c:\ffrxj.exec:\ffrxj.exe74⤵
-
\??\c:\xvfldtf.exec:\xvfldtf.exe75⤵
-
\??\c:\fbffrjr.exec:\fbffrjr.exe76⤵
-
\??\c:\vnjbhbr.exec:\vnjbhbr.exe77⤵
-
\??\c:\jhfjdxd.exec:\jhfjdxd.exe78⤵
-
\??\c:\ftnbnr.exec:\ftnbnr.exe79⤵
-
\??\c:\ldbvrf.exec:\ldbvrf.exe80⤵
-
\??\c:\rjljb.exec:\rjljb.exe81⤵
-
\??\c:\bljhnv.exec:\bljhnv.exe82⤵
-
\??\c:\fdltll.exec:\fdltll.exe83⤵
-
\??\c:\hrbnd.exec:\hrbnd.exe84⤵
-
\??\c:\ttnvlpn.exec:\ttnvlpn.exe85⤵
-
\??\c:\tnbjl.exec:\tnbjl.exe86⤵
-
\??\c:\rjhbnnb.exec:\rjhbnnb.exe87⤵
-
\??\c:\pxpnd.exec:\pxpnd.exe88⤵
-
\??\c:\rhnfxh.exec:\rhnfxh.exe89⤵
-
\??\c:\rlhpb.exec:\rlhpb.exe90⤵
-
\??\c:\prftd.exec:\prftd.exe91⤵
-
\??\c:\hbdhnb.exec:\hbdhnb.exe92⤵
-
\??\c:\jnjxb.exec:\jnjxb.exe93⤵
-
\??\c:\jhbrpp.exec:\jhbrpp.exe94⤵
-
\??\c:\pndnh.exec:\pndnh.exe95⤵
-
\??\c:\ndnlrx.exec:\ndnlrx.exe96⤵
-
\??\c:\xbdhvd.exec:\xbdhvd.exe97⤵
-
\??\c:\lvthfn.exec:\lvthfn.exe98⤵
-
\??\c:\jrnxdl.exec:\jrnxdl.exe99⤵
-
\??\c:\fxbrhfr.exec:\fxbrhfr.exe100⤵
-
\??\c:\xtlvv.exec:\xtlvv.exe101⤵
-
\??\c:\rvjrp.exec:\rvjrp.exe102⤵
-
\??\c:\vfbbv.exec:\vfbbv.exe103⤵
-
\??\c:\xvldl.exec:\xvldl.exe104⤵
-
\??\c:\tnvrbx.exec:\tnvrbx.exe105⤵
-
\??\c:\fxtfl.exec:\fxtfl.exe106⤵
-
\??\c:\vvphhtj.exec:\vvphhtj.exe107⤵
-
\??\c:\bnjnd.exec:\bnjnd.exe108⤵
-
\??\c:\flnbt.exec:\flnbt.exe109⤵
-
\??\c:\xfnnh.exec:\xfnnh.exe110⤵
-
\??\c:\rlpjtlh.exec:\rlpjtlh.exe111⤵
-
\??\c:\lxdfv.exec:\lxdfv.exe112⤵
-
\??\c:\vddvxd.exec:\vddvxd.exe113⤵
-
\??\c:\pxxfxh.exec:\pxxfxh.exe114⤵
-
\??\c:\bjrhnt.exec:\bjrhnt.exe115⤵
-
\??\c:\xbdppxh.exec:\xbdppxh.exe116⤵
-
\??\c:\fdrjphl.exec:\fdrjphl.exe117⤵
-
\??\c:\dblhvfr.exec:\dblhvfr.exe118⤵
-
\??\c:\dlrnjb.exec:\dlrnjb.exe119⤵
-
\??\c:\ptdjdf.exec:\ptdjdf.exe120⤵
-
\??\c:\fvtdbn.exec:\fvtdbn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-