Analysis
-
max time kernel
114s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
19-04-2024 04:00
General
-
Target
e0f260ba012108457aa2073162a9668892566278a6a372106a7b65e8bb43acae.exe
-
Size
487KB
-
MD5
325db849d9f5547e4927337a86f62506
-
SHA1
e854728f9877fd97f6c37721f8621bd2f7375305
-
SHA256
e0f260ba012108457aa2073162a9668892566278a6a372106a7b65e8bb43acae
-
SHA512
7376c5ee2d89c3a486cc1d9d9a35066c9dcefdbbc300d3fe83d3cc7ee1b31d15a67554e8495bf65d9492e72acfc28de33542b122f46664f382d297f7a60f212b
-
SSDEEP
6144:n3C9BRo7tvnJ9oH0IRgZvjkUo7tvnJ9oH0IiVByq9CPobNVB:n3C9ytvngQjgtvngSV3CPobNVB
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 42 IoCs
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
UPX dump on OEP (original entry point) 57 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 58 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e0f260ba012108457aa2073162a9668892566278a6a372106a7b65e8bb43acae.exe"C:\Users\Admin\AppData\Local\Temp\e0f260ba012108457aa2073162a9668892566278a6a372106a7b65e8bb43acae.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9lvw6o.exec:\9lvw6o.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3v4e498.exec:\3v4e498.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\695a9.exec:\695a9.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\mk4v0r2.exec:\mk4v0r2.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\07g3oqk.exec:\07g3oqk.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\93qec.exec:\93qec.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\j4xsd.exec:\j4xsd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\abqh7m.exec:\abqh7m.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\g6phb39.exec:\g6phb39.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m511r.exec:\m511r.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ppaq.exec:\3ppaq.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w988so.exec:\w988so.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\sje3i.exec:\sje3i.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6gv62.exec:\6gv62.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\56h9e.exec:\56h9e.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\g57rw4.exec:\g57rw4.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2s22as.exec:\2s22as.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\x712j.exec:\x712j.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\olj5gv7.exec:\olj5gv7.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8ax869x.exec:\8ax869x.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5qq5d.exec:\5qq5d.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\r4a009w.exec:\r4a009w.exe23⤵
- Executes dropped EXE
-
\??\c:\56ol3.exec:\56ol3.exe24⤵
- Executes dropped EXE
-
\??\c:\6992e09.exec:\6992e09.exe25⤵
- Executes dropped EXE
-
\??\c:\0sa21m7.exec:\0sa21m7.exe26⤵
- Executes dropped EXE
-
\??\c:\69kdvs.exec:\69kdvs.exe27⤵
- Executes dropped EXE
-
\??\c:\73shk7.exec:\73shk7.exe28⤵
- Executes dropped EXE
-
\??\c:\9rp17.exec:\9rp17.exe29⤵
- Executes dropped EXE
-
\??\c:\31m3sm9.exec:\31m3sm9.exe30⤵
- Executes dropped EXE
-
\??\c:\kspgfx.exec:\kspgfx.exe31⤵
- Executes dropped EXE
-
\??\c:\54pqxph.exec:\54pqxph.exe32⤵
- Executes dropped EXE
-
\??\c:\3v05k.exec:\3v05k.exe33⤵
- Executes dropped EXE
-
\??\c:\3l3gj7l.exec:\3l3gj7l.exe34⤵
- Executes dropped EXE
-
\??\c:\qcs4l0.exec:\qcs4l0.exe35⤵
- Executes dropped EXE
-
\??\c:\o1aw8.exec:\o1aw8.exe36⤵
- Executes dropped EXE
-
\??\c:\42n10i7.exec:\42n10i7.exe37⤵
- Executes dropped EXE
-
\??\c:\r077q05.exec:\r077q05.exe38⤵
- Executes dropped EXE
-
\??\c:\hxpxh.exec:\hxpxh.exe39⤵
- Executes dropped EXE
-
\??\c:\46mcu1b.exec:\46mcu1b.exe40⤵
- Executes dropped EXE
-
\??\c:\088l6l.exec:\088l6l.exe41⤵
- Executes dropped EXE
-
\??\c:\7vn86u.exec:\7vn86u.exe42⤵
- Executes dropped EXE
-
\??\c:\pxphhpx.exec:\pxphhpx.exe43⤵
- Executes dropped EXE
-
\??\c:\0nr99n1.exec:\0nr99n1.exe44⤵
- Executes dropped EXE
-
\??\c:\pj82mw3.exec:\pj82mw3.exe45⤵
- Executes dropped EXE
-
\??\c:\00f8i.exec:\00f8i.exe46⤵
- Executes dropped EXE
-
\??\c:\hpxhhpx.exec:\hpxhhpx.exe47⤵
- Executes dropped EXE
-
\??\c:\9tr5jt.exec:\9tr5jt.exe48⤵
- Executes dropped EXE
-
\??\c:\9l607u.exec:\9l607u.exe49⤵
- Executes dropped EXE
-
\??\c:\jgjbc1.exec:\jgjbc1.exe50⤵
- Executes dropped EXE
-
\??\c:\id170.exec:\id170.exe51⤵
- Executes dropped EXE
-
\??\c:\r04446.exec:\r04446.exe52⤵
- Executes dropped EXE
-
\??\c:\68r4r05.exec:\68r4r05.exe53⤵
- Executes dropped EXE
-
\??\c:\thl70.exec:\thl70.exe54⤵
- Executes dropped EXE
-
\??\c:\1u536.exec:\1u536.exe55⤵
- Executes dropped EXE
-
\??\c:\i78cpb.exec:\i78cpb.exe56⤵
- Executes dropped EXE
-
\??\c:\p2ium36.exec:\p2ium36.exe57⤵
- Executes dropped EXE
-
\??\c:\53a19.exec:\53a19.exe58⤵
- Executes dropped EXE
-
\??\c:\ov1u7.exec:\ov1u7.exe59⤵
- Executes dropped EXE
-
\??\c:\7627n.exec:\7627n.exe60⤵
- Executes dropped EXE
-
\??\c:\6bokaq.exec:\6bokaq.exe61⤵
- Executes dropped EXE
-
\??\c:\9041r.exec:\9041r.exe62⤵
- Executes dropped EXE
-
\??\c:\440i72l.exec:\440i72l.exe63⤵
- Executes dropped EXE
-
\??\c:\h3qik60.exec:\h3qik60.exe64⤵
- Executes dropped EXE
-
\??\c:\7p3ltmn.exec:\7p3ltmn.exe65⤵
- Executes dropped EXE
-
\??\c:\mdk11.exec:\mdk11.exe66⤵
-
\??\c:\uj42s.exec:\uj42s.exe67⤵
-
\??\c:\0w8la.exec:\0w8la.exe68⤵
-
\??\c:\so1pj.exec:\so1pj.exe69⤵
-
\??\c:\jj4lk.exec:\jj4lk.exe70⤵
-
\??\c:\lcg0b5.exec:\lcg0b5.exe71⤵
-
\??\c:\3ebixv0.exec:\3ebixv0.exe72⤵
-
\??\c:\u6kl9.exec:\u6kl9.exe73⤵
-
\??\c:\lg9aj9a.exec:\lg9aj9a.exe74⤵
-
\??\c:\0ss6ux.exec:\0ss6ux.exe75⤵
-
\??\c:\x6sj567.exec:\x6sj567.exe76⤵
-
\??\c:\2vh91.exec:\2vh91.exe77⤵
-
\??\c:\a21uu8o.exec:\a21uu8o.exe78⤵
-
\??\c:\6v828e.exec:\6v828e.exe79⤵
-
\??\c:\tpvft.exec:\tpvft.exe80⤵
-
\??\c:\p0u8e78.exec:\p0u8e78.exe81⤵
-
\??\c:\7nb4mm.exec:\7nb4mm.exe82⤵
-
\??\c:\ldddld.exec:\ldddld.exe83⤵
-
\??\c:\s337x.exec:\s337x.exe84⤵
-
\??\c:\3gv1uie.exec:\3gv1uie.exe85⤵
-
\??\c:\7aes7.exec:\7aes7.exe86⤵
-
\??\c:\dv1u9.exec:\dv1u9.exe87⤵
-
\??\c:\u10fa0.exec:\u10fa0.exe88⤵
-
\??\c:\u010s.exec:\u010s.exe89⤵
-
\??\c:\esa7x.exec:\esa7x.exe90⤵
-
\??\c:\17k2l65.exec:\17k2l65.exe91⤵
-
\??\c:\28jd110.exec:\28jd110.exe92⤵
-
\??\c:\fahc5e.exec:\fahc5e.exe93⤵
-
\??\c:\ldldldl.exec:\ldldldl.exe94⤵
-
\??\c:\898lj.exec:\898lj.exe95⤵
-
\??\c:\48d45h.exec:\48d45h.exe96⤵
-
\??\c:\lrlljt.exec:\lrlljt.exe97⤵
-
\??\c:\db4d3.exec:\db4d3.exe98⤵
-
\??\c:\62f35qh.exec:\62f35qh.exe99⤵
-
\??\c:\nawtbht.exec:\nawtbht.exe100⤵
-
\??\c:\q1xg1c.exec:\q1xg1c.exe101⤵
-
\??\c:\5cl41.exec:\5cl41.exe102⤵
-
\??\c:\62rk97.exec:\62rk97.exe103⤵
-
\??\c:\wx0hjb.exec:\wx0hjb.exe104⤵
-
\??\c:\d76cqc0.exec:\d76cqc0.exe105⤵
-
\??\c:\73j0f7.exec:\73j0f7.exe106⤵
-
\??\c:\6bj2g.exec:\6bj2g.exe107⤵
-
\??\c:\06lvu.exec:\06lvu.exe108⤵
-
\??\c:\662gf1.exec:\662gf1.exe109⤵
-
\??\c:\36oji.exec:\36oji.exe110⤵
-
\??\c:\3g4jk.exec:\3g4jk.exe111⤵
-
\??\c:\p37o8.exec:\p37o8.exe112⤵
-
\??\c:\3ufjl.exec:\3ufjl.exe113⤵
-
\??\c:\pllpdpp.exec:\pllpdpp.exe114⤵
-
\??\c:\fi6l79a.exec:\fi6l79a.exe115⤵
-
\??\c:\d39h9.exec:\d39h9.exe116⤵
-
\??\c:\c059n15.exec:\c059n15.exe117⤵
-
\??\c:\lj8943.exec:\lj8943.exe118⤵
-
\??\c:\jwvtrr.exec:\jwvtrr.exe119⤵
-
\??\c:\isb60b3.exec:\isb60b3.exe120⤵
-
\??\c:\57q98d.exec:\57q98d.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-