Analysis
-
max time kernel
141s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
24-04-2024 23:49
General
-
Target
822f6565e35bdf9f5a3b6fe7b847aa6d5c00dfb616bc9d6cfdf022d306bda74a.exe
-
Size
231KB
-
MD5
49d7b57c75c6d10595b8258b5cfc7016
-
SHA1
107cf8a37136e002f796e3b0669cfd9d553877a6
-
SHA256
822f6565e35bdf9f5a3b6fe7b847aa6d5c00dfb616bc9d6cfdf022d306bda74a
-
SHA512
66619d7a1e7c76455694cfd79c3bffc13fa9aea08c25d87fb64bbeff42eb75d7729064ef20e5fb2d4ed2cd546366f1ad602915df685b01f199635f758d77c44a
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo7LAIRUohTF/SjSrbzLAuBjfwFOmoFzMvUpGqC5n+M:n3C9BRo/AIuuFSjA8uBjwI7FjpjC5+M
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 30 IoCs
-
UPX dump on OEP (original entry point) 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 59 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\822f6565e35bdf9f5a3b6fe7b847aa6d5c00dfb616bc9d6cfdf022d306bda74a.exe"C:\Users\Admin\AppData\Local\Temp\822f6565e35bdf9f5a3b6fe7b847aa6d5c00dfb616bc9d6cfdf022d306bda74a.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjvj.exec:\ppjvj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhbh.exec:\tnnhbh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xxlrrx.exec:\1xxlrrx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htntbh.exec:\htntbh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxrxrr.exec:\frxrxrr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnbth.exec:\hnnbth.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxflrxf.exec:\fxflrxf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtbht.exec:\nbtbht.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdjd.exec:\ppdjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjp.exec:\ppjjp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrxfff.exec:\xxrxfff.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbthnh.exec:\tbthnh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxflxl.exec:\lfxflxl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdv.exec:\vvjdv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rfllrx.exec:\1rfllrx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbhn.exec:\nhbbhn.exe17⤵
- Executes dropped EXE
-
\??\c:\1xffrxl.exec:\1xffrxl.exe18⤵
- Executes dropped EXE
-
\??\c:\hthbhh.exec:\hthbhh.exe19⤵
- Executes dropped EXE
-
\??\c:\xrllrrf.exec:\xrllrrf.exe20⤵
- Executes dropped EXE
-
\??\c:\vpjpj.exec:\vpjpj.exe21⤵
- Executes dropped EXE
-
\??\c:\fxlrfxf.exec:\fxlrfxf.exe22⤵
- Executes dropped EXE
-
\??\c:\9djpv.exec:\9djpv.exe23⤵
- Executes dropped EXE
-
\??\c:\hbtbhh.exec:\hbtbhh.exe24⤵
- Executes dropped EXE
-
\??\c:\pjpvj.exec:\pjpvj.exe25⤵
- Executes dropped EXE
-
\??\c:\fxlxflx.exec:\fxlxflx.exe26⤵
- Executes dropped EXE
-
\??\c:\ddjpv.exec:\ddjpv.exe27⤵
- Executes dropped EXE
-
\??\c:\nbhhnh.exec:\nbhhnh.exe28⤵
- Executes dropped EXE
-
\??\c:\xrrxxxl.exec:\xrrxxxl.exe29⤵
- Executes dropped EXE
-
\??\c:\1btthn.exec:\1btthn.exe30⤵
- Executes dropped EXE
-
\??\c:\frfrxxl.exec:\frfrxxl.exe31⤵
- Executes dropped EXE
-
\??\c:\jvppp.exec:\jvppp.exe32⤵
- Executes dropped EXE
-
\??\c:\lfrrxxl.exec:\lfrrxxl.exe33⤵
- Executes dropped EXE
-
\??\c:\dvppj.exec:\dvppj.exe34⤵
- Executes dropped EXE
-
\??\c:\pdddp.exec:\pdddp.exe35⤵
- Executes dropped EXE
-
\??\c:\xlxxfrx.exec:\xlxxfrx.exe36⤵
- Executes dropped EXE
-
\??\c:\nnbnnn.exec:\nnbnnn.exe37⤵
- Executes dropped EXE
-
\??\c:\bthnnt.exec:\bthnnt.exe38⤵
- Executes dropped EXE
-
\??\c:\7thnbt.exec:\7thnbt.exe39⤵
- Executes dropped EXE
-
\??\c:\3jpjj.exec:\3jpjj.exe40⤵
- Executes dropped EXE
-
\??\c:\nhnntb.exec:\nhnntb.exe41⤵
- Executes dropped EXE
-
\??\c:\vddjp.exec:\vddjp.exe42⤵
- Executes dropped EXE
-
\??\c:\nbnhnt.exec:\nbnhnt.exe43⤵
- Executes dropped EXE
-
\??\c:\xfxrlrl.exec:\xfxrlrl.exe44⤵
- Executes dropped EXE
-
\??\c:\ttthbb.exec:\ttthbb.exe45⤵
- Executes dropped EXE
-
\??\c:\llflrxr.exec:\llflrxr.exe46⤵
- Executes dropped EXE
-
\??\c:\nhtnbn.exec:\nhtnbn.exe47⤵
- Executes dropped EXE
-
\??\c:\jvdpp.exec:\jvdpp.exe48⤵
- Executes dropped EXE
-
\??\c:\ffrrxfl.exec:\ffrrxfl.exe49⤵
- Executes dropped EXE
-
\??\c:\vpjvd.exec:\vpjvd.exe50⤵
- Executes dropped EXE
-
\??\c:\xlflxfl.exec:\xlflxfl.exe51⤵
- Executes dropped EXE
-
\??\c:\tnbntb.exec:\tnbntb.exe52⤵
- Executes dropped EXE
-
\??\c:\rfllrrx.exec:\rfllrrx.exe53⤵
- Executes dropped EXE
-
\??\c:\1hbbnb.exec:\1hbbnb.exe54⤵
- Executes dropped EXE
-
\??\c:\3lxlrxf.exec:\3lxlrxf.exe55⤵
- Executes dropped EXE
-
\??\c:\thbttb.exec:\thbttb.exe56⤵
- Executes dropped EXE
-
\??\c:\xlrrlll.exec:\xlrrlll.exe57⤵
- Executes dropped EXE
-
\??\c:\bhbhhb.exec:\bhbhhb.exe58⤵
- Executes dropped EXE
-
\??\c:\1lrflxl.exec:\1lrflxl.exe59⤵
- Executes dropped EXE
-
\??\c:\thhbtn.exec:\thhbtn.exe60⤵
- Executes dropped EXE
-
\??\c:\7lfxffr.exec:\7lfxffr.exe61⤵
- Executes dropped EXE
-
\??\c:\1bbhnt.exec:\1bbhnt.exe62⤵
- Executes dropped EXE
-
\??\c:\7vvdp.exec:\7vvdp.exe63⤵
- Executes dropped EXE
-
\??\c:\nnntbh.exec:\nnntbh.exe64⤵
- Executes dropped EXE
-
\??\c:\xlfxffr.exec:\xlfxffr.exe65⤵
- Executes dropped EXE
-
\??\c:\nnnnbb.exec:\nnnnbb.exe66⤵
-
\??\c:\rlrxlrf.exec:\rlrxlrf.exe67⤵
-
\??\c:\nnhbhh.exec:\nnhbhh.exe68⤵
-
\??\c:\vvvdd.exec:\vvvdd.exe69⤵
-
\??\c:\bthbhn.exec:\bthbhn.exe70⤵
-
\??\c:\jdppv.exec:\jdppv.exe71⤵
-
\??\c:\lffxlfr.exec:\lffxlfr.exe72⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe73⤵
-
\??\c:\5fllrxf.exec:\5fllrxf.exe74⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe75⤵
-
\??\c:\xrrlxrf.exec:\xrrlxrf.exe76⤵
-
\??\c:\vvpvd.exec:\vvpvd.exe77⤵
-
\??\c:\hhbbhn.exec:\hhbbhn.exe78⤵
-
\??\c:\vdpvv.exec:\vdpvv.exe79⤵
-
\??\c:\rlxflll.exec:\rlxflll.exe80⤵
-
\??\c:\tnttbh.exec:\tnttbh.exe81⤵
-
\??\c:\vvvvd.exec:\vvvvd.exe82⤵
-
\??\c:\bbnbhh.exec:\bbnbhh.exe83⤵
-
\??\c:\fxrrxxl.exec:\fxrrxxl.exe84⤵
-
\??\c:\btntbb.exec:\btntbb.exe85⤵
-
\??\c:\9rrfflr.exec:\9rrfflr.exe86⤵
-
\??\c:\ttbhth.exec:\ttbhth.exe87⤵
-
\??\c:\xrfflrx.exec:\xrfflrx.exe88⤵
-
\??\c:\btbhnn.exec:\btbhnn.exe89⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe90⤵
-
\??\c:\fxxxffr.exec:\fxxxffr.exe91⤵
-
\??\c:\ddvdj.exec:\ddvdj.exe92⤵
-
\??\c:\5xlfllx.exec:\5xlfllx.exe93⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe94⤵
-
\??\c:\5vjjv.exec:\5vjjv.exe95⤵
-
\??\c:\bththh.exec:\bththh.exe96⤵
-
\??\c:\rlxrxfl.exec:\rlxrxfl.exe97⤵
-
\??\c:\9btbbb.exec:\9btbbb.exe98⤵
-
\??\c:\dpdpv.exec:\dpdpv.exe99⤵
-
\??\c:\7xxxlll.exec:\7xxxlll.exe100⤵
-
\??\c:\1bnnnh.exec:\1bnnnh.exe101⤵
-
\??\c:\1rlrxfr.exec:\1rlrxfr.exe102⤵
-
\??\c:\xxrfxfl.exec:\xxrfxfl.exe103⤵
-
\??\c:\tnbbhn.exec:\tnbbhn.exe104⤵
-
\??\c:\flfxffl.exec:\flfxffl.exe105⤵
-
\??\c:\hthbhh.exec:\hthbhh.exe106⤵
-
\??\c:\3xxllff.exec:\3xxllff.exe107⤵
-
\??\c:\btnthh.exec:\btnthh.exe108⤵
-
\??\c:\pdddj.exec:\pdddj.exe109⤵
-
\??\c:\9bttbh.exec:\9bttbh.exe110⤵
-
\??\c:\bbthtt.exec:\bbthtt.exe111⤵
-
\??\c:\rrxflrx.exec:\rrxflrx.exe112⤵
-
\??\c:\nntbbb.exec:\nntbbb.exe113⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe114⤵
-
\??\c:\bnbtbb.exec:\bnbtbb.exe115⤵
-
\??\c:\3pdjp.exec:\3pdjp.exe116⤵
-
\??\c:\frrxfxx.exec:\frrxfxx.exe117⤵
-
\??\c:\5hbbnn.exec:\5hbbnn.exe118⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe119⤵
-
\??\c:\hbbbtb.exec:\hbbbtb.exe120⤵
-
\??\c:\bnttbt.exec:\bnttbt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-