Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
23-04-2024 03:51
General
-
Target
c94558fc9b456fb8a6f057330df2bed318c146e6f9ebbd0df3191fba2392400a.exe
-
Size
392KB
-
MD5
e7121e435e9361c18d3dad4ba5fe2012
-
SHA1
8b938a61c2db3ba905f351c207c0ae7f238c940d
-
SHA256
c94558fc9b456fb8a6f057330df2bed318c146e6f9ebbd0df3191fba2392400a
-
SHA512
6b4a2edc78dc26cf56a168017587d08ba6d5b4f7445d5aced015eb7502cfbf2e7526f69c83aa7dc6765a1e7ff465397ea969ff1a28c0fbd06d52c270dda7bb5a
-
SSDEEP
6144:n3C9BRIG0asYFm71mPfkVB8dKwaO5CVwO1:n3C9uYA7okVqdKwaO5CV7
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 31 IoCs
-
UPX dump on OEP (original entry point) 51 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 51 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c94558fc9b456fb8a6f057330df2bed318c146e6f9ebbd0df3191fba2392400a.exe"C:\Users\Admin\AppData\Local\Temp\c94558fc9b456fb8a6f057330df2bed318c146e6f9ebbd0df3191fba2392400a.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jvddd.exec:\jvddd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nbbnt.exec:\1nbbnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrlrlr.exec:\frrlrlr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvdp.exec:\dpvdp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxxlrx.exec:\rfxxlrx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vpvv.exec:\7vpvv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hbhnh.exec:\9hbhnh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfflrlr.exec:\lfflrlr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnbnb.exec:\btnbnb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlxffr.exec:\fxlxffr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jdpp.exec:\5jdpp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxlff.exec:\rlxxlff.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjjj.exec:\dpjjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhnt.exec:\bthhnt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxrrrf.exec:\lfxrrrf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhhhn.exec:\tbhhhn.exe17⤵
- Executes dropped EXE
-
\??\c:\rxlllll.exec:\rxlllll.exe18⤵
- Executes dropped EXE
-
\??\c:\rfrflll.exec:\rfrflll.exe19⤵
- Executes dropped EXE
-
\??\c:\5dvvd.exec:\5dvvd.exe20⤵
- Executes dropped EXE
-
\??\c:\hththh.exec:\hththh.exe21⤵
- Executes dropped EXE
-
\??\c:\llrrrrr.exec:\llrrrrr.exe22⤵
- Executes dropped EXE
-
\??\c:\9pdjj.exec:\9pdjj.exe23⤵
- Executes dropped EXE
-
\??\c:\lfffflr.exec:\lfffflr.exe24⤵
- Executes dropped EXE
-
\??\c:\vjvpp.exec:\vjvpp.exe25⤵
- Executes dropped EXE
-
\??\c:\tnbbhh.exec:\tnbbhh.exe26⤵
- Executes dropped EXE
-
\??\c:\lfflrlr.exec:\lfflrlr.exe27⤵
- Executes dropped EXE
-
\??\c:\jdjdj.exec:\jdjdj.exe28⤵
- Executes dropped EXE
-
\??\c:\frxrrlx.exec:\frxrrlx.exe29⤵
- Executes dropped EXE
-
\??\c:\pdjdp.exec:\pdjdp.exe30⤵
- Executes dropped EXE
-
\??\c:\bnhhnn.exec:\bnhhnn.exe31⤵
- Executes dropped EXE
-
\??\c:\lrfffff.exec:\lrfffff.exe32⤵
- Executes dropped EXE
-
\??\c:\dddvj.exec:\dddvj.exe33⤵
- Executes dropped EXE
-
\??\c:\thhbbt.exec:\thhbbt.exe34⤵
- Executes dropped EXE
-
\??\c:\xxlrlxf.exec:\xxlrlxf.exe35⤵
- Executes dropped EXE
-
\??\c:\5bthnn.exec:\5bthnn.exe36⤵
- Executes dropped EXE
-
\??\c:\frflfxf.exec:\frflfxf.exe37⤵
- Executes dropped EXE
-
\??\c:\pdjjp.exec:\pdjjp.exe38⤵
- Executes dropped EXE
-
\??\c:\bnbntn.exec:\bnbntn.exe39⤵
- Executes dropped EXE
-
\??\c:\7jjdj.exec:\7jjdj.exe40⤵
- Executes dropped EXE
-
\??\c:\nhttbb.exec:\nhttbb.exe41⤵
- Executes dropped EXE
-
\??\c:\1rfrrll.exec:\1rfrrll.exe42⤵
- Executes dropped EXE
-
\??\c:\ththtt.exec:\ththtt.exe43⤵
- Executes dropped EXE
-
\??\c:\xlfxrxf.exec:\xlfxrxf.exe44⤵
- Executes dropped EXE
-
\??\c:\hbnbhn.exec:\hbnbhn.exe45⤵
- Executes dropped EXE
-
\??\c:\3xxxrrr.exec:\3xxxrrr.exe46⤵
- Executes dropped EXE
-
\??\c:\bbbnnt.exec:\bbbnnt.exe47⤵
- Executes dropped EXE
-
\??\c:\3dddv.exec:\3dddv.exe48⤵
- Executes dropped EXE
-
\??\c:\ffrxffx.exec:\ffrxffx.exe49⤵
- Executes dropped EXE
-
\??\c:\hbhhnn.exec:\hbhhnn.exe50⤵
- Executes dropped EXE
-
\??\c:\fxrxflx.exec:\fxrxflx.exe51⤵
- Executes dropped EXE
-
\??\c:\1vvvd.exec:\1vvvd.exe52⤵
- Executes dropped EXE
-
\??\c:\tnhhnb.exec:\tnhhnb.exe53⤵
- Executes dropped EXE
-
\??\c:\3pvdd.exec:\3pvdd.exe54⤵
- Executes dropped EXE
-
\??\c:\9lfflrf.exec:\9lfflrf.exe55⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe56⤵
- Executes dropped EXE
-
\??\c:\fxrfrrf.exec:\fxrfrrf.exe57⤵
- Executes dropped EXE
-
\??\c:\dvpvd.exec:\dvpvd.exe58⤵
- Executes dropped EXE
-
\??\c:\fxxxflf.exec:\fxxxflf.exe59⤵
- Executes dropped EXE
-
\??\c:\bhhbnt.exec:\bhhbnt.exe60⤵
- Executes dropped EXE
-
\??\c:\lrlxlrl.exec:\lrlxlrl.exe61⤵
- Executes dropped EXE
-
\??\c:\hbnntb.exec:\hbnntb.exe62⤵
- Executes dropped EXE
-
\??\c:\nnnnnt.exec:\nnnnnt.exe63⤵
- Executes dropped EXE
-
\??\c:\vpvvp.exec:\vpvvp.exe64⤵
- Executes dropped EXE
-
\??\c:\7bhhtb.exec:\7bhhtb.exe65⤵
- Executes dropped EXE
-
\??\c:\jpdpv.exec:\jpdpv.exe66⤵
-
\??\c:\xxflrxr.exec:\xxflrxr.exe67⤵
-
\??\c:\hbttnn.exec:\hbttnn.exe68⤵
-
\??\c:\5bhbnn.exec:\5bhbnn.exe69⤵
-
\??\c:\fllrxfl.exec:\fllrxfl.exe70⤵
-
\??\c:\dddjp.exec:\dddjp.exe71⤵
-
\??\c:\lfllllx.exec:\lfllllx.exe72⤵
-
\??\c:\hnnttn.exec:\hnnttn.exe73⤵
-
\??\c:\1pjjj.exec:\1pjjj.exe74⤵
-
\??\c:\ttbhhh.exec:\ttbhhh.exe75⤵
-
\??\c:\fxxfxlr.exec:\fxxfxlr.exe76⤵
-
\??\c:\nhnnnh.exec:\nhnnnh.exe77⤵
-
\??\c:\xrlffxx.exec:\xrlffxx.exe78⤵
-
\??\c:\dpdjj.exec:\dpdjj.exe79⤵
-
\??\c:\9xllfff.exec:\9xllfff.exe80⤵
-
\??\c:\5nnttb.exec:\5nnttb.exe81⤵
-
\??\c:\xrllrxl.exec:\xrllrxl.exe82⤵
-
\??\c:\hhhntt.exec:\hhhntt.exe83⤵
-
\??\c:\vvdjj.exec:\vvdjj.exe84⤵
-
\??\c:\1bbnbt.exec:\1bbnbt.exe85⤵
-
\??\c:\llflfrl.exec:\llflfrl.exe86⤵
-
\??\c:\bnbntb.exec:\bnbntb.exe87⤵
-
\??\c:\1rffrlr.exec:\1rffrlr.exe88⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe89⤵
-
\??\c:\lfrrxlr.exec:\lfrrxlr.exe90⤵
-
\??\c:\1pjpv.exec:\1pjpv.exe91⤵
-
\??\c:\3dvvj.exec:\3dvvj.exe92⤵
-
\??\c:\9rllrxx.exec:\9rllrxx.exe93⤵
-
\??\c:\dvpvv.exec:\dvpvv.exe94⤵
-
\??\c:\btnttt.exec:\btnttt.exe95⤵
-
\??\c:\pvvjv.exec:\pvvjv.exe96⤵
-
\??\c:\lfffxfr.exec:\lfffxfr.exe97⤵
-
\??\c:\jvpjj.exec:\jvpjj.exe98⤵
-
\??\c:\frffffl.exec:\frffffl.exe99⤵
-
\??\c:\bbttbh.exec:\bbttbh.exe100⤵
-
\??\c:\rlxxlrl.exec:\rlxxlrl.exe101⤵
-
\??\c:\httthn.exec:\httthn.exe102⤵
-
\??\c:\3jppp.exec:\3jppp.exe103⤵
-
\??\c:\1rfflrf.exec:\1rfflrf.exe104⤵
-
\??\c:\jdjpp.exec:\jdjpp.exe105⤵
-
\??\c:\lrlxffx.exec:\lrlxffx.exe106⤵
-
\??\c:\3bhhnh.exec:\3bhhnh.exe107⤵
-
\??\c:\5xrrrrf.exec:\5xrrrrf.exe108⤵
-
\??\c:\nbtnnn.exec:\nbtnnn.exe109⤵
-
\??\c:\lxlflfr.exec:\lxlflfr.exe110⤵
-
\??\c:\9fxrxfl.exec:\9fxrxfl.exe111⤵
-
\??\c:\9nntth.exec:\9nntth.exe112⤵
-
\??\c:\fxrrrxl.exec:\fxrrrxl.exe113⤵
-
\??\c:\nbnbtn.exec:\nbnbtn.exe114⤵
-
\??\c:\fxxxrrf.exec:\fxxxrrf.exe115⤵
-
\??\c:\3htbbh.exec:\3htbbh.exe116⤵
-
\??\c:\dvpjp.exec:\dvpjp.exe117⤵
-
\??\c:\btnntt.exec:\btnntt.exe118⤵
-
\??\c:\1hnnnt.exec:\1hnnnt.exe119⤵
-
\??\c:\xlfllfl.exec:\xlfllfl.exe120⤵
-
\??\c:\htnnbt.exec:\htnnbt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-