Analysis
-
max time kernel
39s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
20/04/2024, 18:27
General
-
Target
08e3b0c90b06283bc3d12b6f8dbb094b20f4bbe3dc552592a1bd26f46e414024.exe
-
Size
58KB
-
MD5
609e900a2937614355a5647bb6617549
-
SHA1
51957882a20e77ab7aa56d644f0c5f7168117912
-
SHA256
08e3b0c90b06283bc3d12b6f8dbb094b20f4bbe3dc552592a1bd26f46e414024
-
SHA512
5e92a90593f0a585698d706ca620c911a3760c7bb5169cae6f6d9762bba17370d0eb22e2c6d7af62739cd8678f6153cef009f7706825bbbd1b7b80314700aa55
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIms3:ymb3NkkiQ3mdBjFIsIF3
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 33 IoCs
-
UPX dump on OEP (original entry point) 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\08e3b0c90b06283bc3d12b6f8dbb094b20f4bbe3dc552592a1bd26f46e414024.exe"C:\Users\Admin\AppData\Local\Temp\08e3b0c90b06283bc3d12b6f8dbb094b20f4bbe3dc552592a1bd26f46e414024.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrfffr.exec:\rfrfffr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s6024.exec:\s6024.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\828466.exec:\828466.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bnttt.exec:\5bnttt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\86084.exec:\86084.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrrxxf.exec:\fxrrxxf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8286802.exec:\8286802.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\02828.exec:\02828.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpvj.exec:\pdpvj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrxllr.exec:\ffrxllr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0480286.exec:\0480286.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhttnn.exec:\nhttnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k48046.exec:\k48046.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfflfr.exec:\xrfflfr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppv.exec:\jdppv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflffll.exec:\rflffll.exe17⤵
- Executes dropped EXE
-
\??\c:\202462.exec:\202462.exe18⤵
- Executes dropped EXE
-
\??\c:\002062.exec:\002062.exe19⤵
- Executes dropped EXE
-
\??\c:\s4664.exec:\s4664.exe20⤵
- Executes dropped EXE
-
\??\c:\bthhnn.exec:\bthhnn.exe21⤵
- Executes dropped EXE
-
\??\c:\flxrfxf.exec:\flxrfxf.exe22⤵
- Executes dropped EXE
-
\??\c:\3nbhnn.exec:\3nbhnn.exe23⤵
- Executes dropped EXE
-
\??\c:\tnhnbb.exec:\tnhnbb.exe24⤵
- Executes dropped EXE
-
\??\c:\nnbhbt.exec:\nnbhbt.exe25⤵
- Executes dropped EXE
-
\??\c:\m2000.exec:\m2000.exe26⤵
- Executes dropped EXE
-
\??\c:\m2444.exec:\m2444.exe27⤵
- Executes dropped EXE
-
\??\c:\80228.exec:\80228.exe28⤵
- Executes dropped EXE
-
\??\c:\44062.exec:\44062.exe29⤵
- Executes dropped EXE
-
\??\c:\8664006.exec:\8664006.exe30⤵
- Executes dropped EXE
-
\??\c:\xrxfffl.exec:\xrxfffl.exe31⤵
- Executes dropped EXE
-
\??\c:\46840.exec:\46840.exe32⤵
- Executes dropped EXE
-
\??\c:\468888.exec:\468888.exe33⤵
- Executes dropped EXE
-
\??\c:\xrfllrx.exec:\xrfllrx.exe34⤵
- Executes dropped EXE
-
\??\c:\42862.exec:\42862.exe35⤵
- Executes dropped EXE
-
\??\c:\htnntt.exec:\htnntt.exe36⤵
- Executes dropped EXE
-
\??\c:\644400.exec:\644400.exe37⤵
- Executes dropped EXE
-
\??\c:\hhtbbn.exec:\hhtbbn.exe38⤵
- Executes dropped EXE
-
\??\c:\bbbbnn.exec:\bbbbnn.exe39⤵
- Executes dropped EXE
-
\??\c:\dpjpv.exec:\dpjpv.exe40⤵
- Executes dropped EXE
-
\??\c:\pdppv.exec:\pdppv.exe41⤵
- Executes dropped EXE
-
\??\c:\206628.exec:\206628.exe42⤵
- Executes dropped EXE
-
\??\c:\hbttbh.exec:\hbttbh.exe43⤵
- Executes dropped EXE
-
\??\c:\5htbhh.exec:\5htbhh.exe44⤵
- Executes dropped EXE
-
\??\c:\80246.exec:\80246.exe45⤵
- Executes dropped EXE
-
\??\c:\rlffffl.exec:\rlffffl.exe46⤵
- Executes dropped EXE
-
\??\c:\fxfxfrx.exec:\fxfxfrx.exe47⤵
- Executes dropped EXE
-
\??\c:\tbthnn.exec:\tbthnn.exe48⤵
- Executes dropped EXE
-
\??\c:\424000.exec:\424000.exe49⤵
- Executes dropped EXE
-
\??\c:\m0488.exec:\m0488.exe50⤵
- Executes dropped EXE
-
\??\c:\q04088.exec:\q04088.exe51⤵
- Executes dropped EXE
-
\??\c:\btbbhh.exec:\btbbhh.exe52⤵
- Executes dropped EXE
-
\??\c:\fxxflrx.exec:\fxxflrx.exe53⤵
- Executes dropped EXE
-
\??\c:\48080.exec:\48080.exe54⤵
- Executes dropped EXE
-
\??\c:\bnbhht.exec:\bnbhht.exe55⤵
- Executes dropped EXE
-
\??\c:\6484880.exec:\6484880.exe56⤵
- Executes dropped EXE
-
\??\c:\4284002.exec:\4284002.exe57⤵
- Executes dropped EXE
-
\??\c:\0444282.exec:\0444282.exe58⤵
- Executes dropped EXE
-
\??\c:\9btnnn.exec:\9btnnn.exe59⤵
- Executes dropped EXE
-
\??\c:\5lflrxl.exec:\5lflrxl.exe60⤵
- Executes dropped EXE
-
\??\c:\6422802.exec:\6422802.exe61⤵
- Executes dropped EXE
-
\??\c:\vjdpd.exec:\vjdpd.exe62⤵
- Executes dropped EXE
-
\??\c:\dvdvj.exec:\dvdvj.exe63⤵
- Executes dropped EXE
-
\??\c:\nbnbhh.exec:\nbnbhh.exe64⤵
- Executes dropped EXE
-
\??\c:\k68800.exec:\k68800.exe65⤵
- Executes dropped EXE
-
\??\c:\484466.exec:\484466.exe66⤵
-
\??\c:\062626.exec:\062626.exe67⤵
-
\??\c:\6422484.exec:\6422484.exe68⤵
-
\??\c:\4844028.exec:\4844028.exe69⤵
-
\??\c:\8244628.exec:\8244628.exe70⤵
-
\??\c:\bbtbnt.exec:\bbtbnt.exe71⤵
-
\??\c:\20668.exec:\20668.exe72⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe73⤵
-
\??\c:\64662.exec:\64662.exe74⤵
-
\??\c:\dvddj.exec:\dvddj.exe75⤵
-
\??\c:\642622.exec:\642622.exe76⤵
-
\??\c:\086400.exec:\086400.exe77⤵
-
\??\c:\606066.exec:\606066.exe78⤵
-
\??\c:\046206.exec:\046206.exe79⤵
-
\??\c:\nhtthh.exec:\nhtthh.exe80⤵
-
\??\c:\86402.exec:\86402.exe81⤵
-
\??\c:\nhtthn.exec:\nhtthn.exe82⤵
-
\??\c:\2646844.exec:\2646844.exe83⤵
-
\??\c:\ddjjv.exec:\ddjjv.exe84⤵
-
\??\c:\fffxfrf.exec:\fffxfrf.exe85⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe86⤵
-
\??\c:\1lflrxl.exec:\1lflrxl.exe87⤵
-
\??\c:\i644688.exec:\i644688.exe88⤵
-
\??\c:\9jjpp.exec:\9jjpp.exe89⤵
-
\??\c:\7jdvd.exec:\7jdvd.exe90⤵
-
\??\c:\c604628.exec:\c604628.exe91⤵
-
\??\c:\080406.exec:\080406.exe92⤵
-
\??\c:\7tbhnn.exec:\7tbhnn.exe93⤵
-
\??\c:\hnthbt.exec:\hnthbt.exe94⤵
-
\??\c:\g8640.exec:\g8640.exe95⤵
-
\??\c:\tnttbb.exec:\tnttbb.exe96⤵
-
\??\c:\868466.exec:\868466.exe97⤵
-
\??\c:\8684406.exec:\8684406.exe98⤵
-
\??\c:\htbthb.exec:\htbthb.exe99⤵
-
\??\c:\w04080.exec:\w04080.exe100⤵
-
\??\c:\64284.exec:\64284.exe101⤵
-
\??\c:\424882.exec:\424882.exe102⤵
-
\??\c:\660228.exec:\660228.exe103⤵
-
\??\c:\hbnbtb.exec:\hbnbtb.exe104⤵
-
\??\c:\6628046.exec:\6628046.exe105⤵
-
\??\c:\9jvjv.exec:\9jvjv.exe106⤵
-
\??\c:\k68848.exec:\k68848.exe107⤵
-
\??\c:\xlxrrrf.exec:\xlxrrrf.exe108⤵
-
\??\c:\vpdjd.exec:\vpdjd.exe109⤵
-
\??\c:\q02284.exec:\q02284.exe110⤵
-
\??\c:\vpvpv.exec:\vpvpv.exe111⤵
-
\??\c:\0840640.exec:\0840640.exe112⤵
-
\??\c:\824666.exec:\824666.exe113⤵
-
\??\c:\lfxxxxf.exec:\lfxxxxf.exe114⤵
-
\??\c:\u846824.exec:\u846824.exe115⤵
-
\??\c:\htbhnh.exec:\htbhnh.exe116⤵
-
\??\c:\5lxrrrx.exec:\5lxrrrx.exe117⤵
-
\??\c:\4404420.exec:\4404420.exe118⤵
-
\??\c:\jpvjd.exec:\jpvjd.exe119⤵
-
\??\c:\tnnhhh.exec:\tnnhhh.exe120⤵
-
\??\c:\9frlrrx.exec:\9frlrrx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-