Analysis
-
max time kernel
146s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
23/04/2024, 03:51
General
-
Target
c94558fc9b456fb8a6f057330df2bed318c146e6f9ebbd0df3191fba2392400a.exe
-
Size
392KB
-
MD5
e7121e435e9361c18d3dad4ba5fe2012
-
SHA1
8b938a61c2db3ba905f351c207c0ae7f238c940d
-
SHA256
c94558fc9b456fb8a6f057330df2bed318c146e6f9ebbd0df3191fba2392400a
-
SHA512
6b4a2edc78dc26cf56a168017587d08ba6d5b4f7445d5aced015eb7502cfbf2e7526f69c83aa7dc6765a1e7ff465397ea969ff1a28c0fbd06d52c270dda7bb5a
-
SSDEEP
6144:n3C9BRIG0asYFm71mPfkVB8dKwaO5CVwO1:n3C9uYA7okVqdKwaO5CV7
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 43 IoCs
-
UPX dump on OEP (original entry point) 55 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 55 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c94558fc9b456fb8a6f057330df2bed318c146e6f9ebbd0df3191fba2392400a.exe"C:\Users\Admin\AppData\Local\Temp\c94558fc9b456fb8a6f057330df2bed318c146e6f9ebbd0df3191fba2392400a.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\4888266.exec:\4888266.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\88840.exec:\88840.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnbn.exec:\hbtnbn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\g6266.exec:\g6266.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrffxxx.exec:\rrffxxx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvjd.exec:\dvvjd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u848660.exec:\u848660.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\242866.exec:\242866.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w64226.exec:\w64226.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vdvp.exec:\5vdvp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnhbb.exec:\thnhbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjjd.exec:\vjjjd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhtnh.exec:\tnhtnh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhhbh.exec:\tbhhbh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s0600.exec:\s0600.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjvp.exec:\dpjvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0446046.exec:\0446046.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvjd.exec:\vdvjd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\068080.exec:\068080.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpjp.exec:\vvpjp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppp.exec:\pjppp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrfxll.exec:\lfrfxll.exe23⤵
- Executes dropped EXE
-
\??\c:\btnnhn.exec:\btnnhn.exe24⤵
- Executes dropped EXE
-
\??\c:\djddd.exec:\djddd.exe25⤵
- Executes dropped EXE
-
\??\c:\u826004.exec:\u826004.exe26⤵
- Executes dropped EXE
-
\??\c:\nnhbbn.exec:\nnhbbn.exe27⤵
- Executes dropped EXE
-
\??\c:\24062.exec:\24062.exe28⤵
- Executes dropped EXE
-
\??\c:\3hhbtt.exec:\3hhbtt.exe29⤵
- Executes dropped EXE
-
\??\c:\pvpjp.exec:\pvpjp.exe30⤵
- Executes dropped EXE
-
\??\c:\8460488.exec:\8460488.exe31⤵
- Executes dropped EXE
-
\??\c:\i644006.exec:\i644006.exe32⤵
- Executes dropped EXE
-
\??\c:\jddvv.exec:\jddvv.exe33⤵
- Executes dropped EXE
-
\??\c:\lllfxxr.exec:\lllfxxr.exe34⤵
- Executes dropped EXE
-
\??\c:\dvdvd.exec:\dvdvd.exe35⤵
- Executes dropped EXE
-
\??\c:\8262822.exec:\8262822.exe36⤵
- Executes dropped EXE
-
\??\c:\68660.exec:\68660.exe37⤵
- Executes dropped EXE
-
\??\c:\pvddv.exec:\pvddv.exe38⤵
- Executes dropped EXE
-
\??\c:\lxlfxrf.exec:\lxlfxrf.exe39⤵
- Executes dropped EXE
-
\??\c:\nbbbtt.exec:\nbbbtt.exe40⤵
- Executes dropped EXE
-
\??\c:\o460048.exec:\o460048.exe41⤵
- Executes dropped EXE
-
\??\c:\tbbbtt.exec:\tbbbtt.exe42⤵
- Executes dropped EXE
-
\??\c:\nbbttt.exec:\nbbttt.exe43⤵
- Executes dropped EXE
-
\??\c:\jvjjj.exec:\jvjjj.exe44⤵
- Executes dropped EXE
-
\??\c:\m4604.exec:\m4604.exe45⤵
- Executes dropped EXE
-
\??\c:\m4062.exec:\m4062.exe46⤵
- Executes dropped EXE
-
\??\c:\22222.exec:\22222.exe47⤵
- Executes dropped EXE
-
\??\c:\002666.exec:\002666.exe48⤵
- Executes dropped EXE
-
\??\c:\o848226.exec:\o848226.exe49⤵
- Executes dropped EXE
-
\??\c:\0442660.exec:\0442660.exe50⤵
- Executes dropped EXE
-
\??\c:\806464.exec:\806464.exe51⤵
- Executes dropped EXE
-
\??\c:\084406.exec:\084406.exe52⤵
- Executes dropped EXE
-
\??\c:\8604286.exec:\8604286.exe53⤵
- Executes dropped EXE
-
\??\c:\xlrfxrf.exec:\xlrfxrf.exe54⤵
- Executes dropped EXE
-
\??\c:\u220848.exec:\u220848.exe55⤵
- Executes dropped EXE
-
\??\c:\1rrlxrf.exec:\1rrlxrf.exe56⤵
- Executes dropped EXE
-
\??\c:\m8422.exec:\m8422.exe57⤵
- Executes dropped EXE
-
\??\c:\66264.exec:\66264.exe58⤵
- Executes dropped EXE
-
\??\c:\xrxllll.exec:\xrxllll.exe59⤵
- Executes dropped EXE
-
\??\c:\044666.exec:\044666.exe60⤵
- Executes dropped EXE
-
\??\c:\228826.exec:\228826.exe61⤵
- Executes dropped EXE
-
\??\c:\1vpjv.exec:\1vpjv.exe62⤵
- Executes dropped EXE
-
\??\c:\xrlflfx.exec:\xrlflfx.exe63⤵
- Executes dropped EXE
-
\??\c:\frfxffx.exec:\frfxffx.exe64⤵
- Executes dropped EXE
-
\??\c:\68822.exec:\68822.exe65⤵
- Executes dropped EXE
-
\??\c:\44486.exec:\44486.exe66⤵
-
\??\c:\8426420.exec:\8426420.exe67⤵
-
\??\c:\bhhthb.exec:\bhhthb.exe68⤵
-
\??\c:\bttnnh.exec:\bttnnh.exe69⤵
-
\??\c:\tbbthh.exec:\tbbthh.exe70⤵
-
\??\c:\pddpj.exec:\pddpj.exe71⤵
-
\??\c:\frfrlfr.exec:\frfrlfr.exe72⤵
-
\??\c:\0844808.exec:\0844808.exe73⤵
-
\??\c:\0626486.exec:\0626486.exe74⤵
-
\??\c:\202048.exec:\202048.exe75⤵
-
\??\c:\5rrfxrr.exec:\5rrfxrr.exe76⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe77⤵
-
\??\c:\fxrxlrr.exec:\fxrxlrr.exe78⤵
-
\??\c:\xrfxxrf.exec:\xrfxxrf.exe79⤵
-
\??\c:\jdddd.exec:\jdddd.exe80⤵
-
\??\c:\4242004.exec:\4242004.exe81⤵
-
\??\c:\6008260.exec:\6008260.exe82⤵
-
\??\c:\xflxrrx.exec:\xflxrrx.exe83⤵
-
\??\c:\hbhbnb.exec:\hbhbnb.exe84⤵
-
\??\c:\6684824.exec:\6684824.exe85⤵
-
\??\c:\088204.exec:\088204.exe86⤵
-
\??\c:\u800206.exec:\u800206.exe87⤵
-
\??\c:\q06088.exec:\q06088.exe88⤵
-
\??\c:\3btthn.exec:\3btthn.exe89⤵
-
\??\c:\288204.exec:\288204.exe90⤵
-
\??\c:\c808602.exec:\c808602.exe91⤵
-
\??\c:\jjvjd.exec:\jjvjd.exe92⤵
-
\??\c:\k88266.exec:\k88266.exe93⤵
-
\??\c:\2444226.exec:\2444226.exe94⤵
-
\??\c:\0688222.exec:\0688222.exe95⤵
-
\??\c:\9ntntn.exec:\9ntntn.exe96⤵
-
\??\c:\q88422.exec:\q88422.exe97⤵
-
\??\c:\24086.exec:\24086.exe98⤵
-
\??\c:\nhtnnh.exec:\nhtnnh.exe99⤵
-
\??\c:\3hnntb.exec:\3hnntb.exe100⤵
-
\??\c:\8444600.exec:\8444600.exe101⤵
-
\??\c:\nbbthh.exec:\nbbthh.exe102⤵
-
\??\c:\dpdvd.exec:\dpdvd.exe103⤵
-
\??\c:\pjvpd.exec:\pjvpd.exe104⤵
-
\??\c:\2624620.exec:\2624620.exe105⤵
-
\??\c:\a0404.exec:\a0404.exe106⤵
-
\??\c:\vvdpp.exec:\vvdpp.exe107⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe108⤵
-
\??\c:\xrrrxxf.exec:\xrrrxxf.exe109⤵
-
\??\c:\llrxflr.exec:\llrxflr.exe110⤵
-
\??\c:\s8644.exec:\s8644.exe111⤵
-
\??\c:\e22606.exec:\e22606.exe112⤵
-
\??\c:\lrrlxrl.exec:\lrrlxrl.exe113⤵
-
\??\c:\2242604.exec:\2242604.exe114⤵
-
\??\c:\i226600.exec:\i226600.exe115⤵
-
\??\c:\o822828.exec:\o822828.exe116⤵
-
\??\c:\rrlrlxr.exec:\rrlrlxr.exe117⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe118⤵
-
\??\c:\tbhhbh.exec:\tbhhbh.exe119⤵
-
\??\c:\nhnhbb.exec:\nhnhbb.exe120⤵
-
\??\c:\4882222.exec:\4882222.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-