Analysis
-
max time kernel
150s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
24/04/2024, 23:49
General
-
Target
822f6565e35bdf9f5a3b6fe7b847aa6d5c00dfb616bc9d6cfdf022d306bda74a.exe
-
Size
231KB
-
MD5
49d7b57c75c6d10595b8258b5cfc7016
-
SHA1
107cf8a37136e002f796e3b0669cfd9d553877a6
-
SHA256
822f6565e35bdf9f5a3b6fe7b847aa6d5c00dfb616bc9d6cfdf022d306bda74a
-
SHA512
66619d7a1e7c76455694cfd79c3bffc13fa9aea08c25d87fb64bbeff42eb75d7729064ef20e5fb2d4ed2cd546366f1ad602915df685b01f199635f758d77c44a
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo7LAIRUohTF/SjSrbzLAuBjfwFOmoFzMvUpGqC5n+M:n3C9BRo/AIuuFSjA8uBjwI7FjpjC5+M
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 45 IoCs
-
UPX dump on OEP (original entry point) 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 50 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\822f6565e35bdf9f5a3b6fe7b847aa6d5c00dfb616bc9d6cfdf022d306bda74a.exe"C:\Users\Admin\AppData\Local\Temp\822f6565e35bdf9f5a3b6fe7b847aa6d5c00dfb616bc9d6cfdf022d306bda74a.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bnttnh.exec:\bnttnh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjd.exec:\dppjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnbnb.exec:\btnbnb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrfffr.exec:\xfrfffr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjdp.exec:\jvjdp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfrrl.exec:\rllfrrl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnbn.exec:\bntnbn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjvp.exec:\dpjvp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfxxrl.exec:\xxfxxrl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hbtnn.exec:\7hbtnn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrlfxf.exec:\lrrlfxf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhttn.exec:\bhhttn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdpj.exec:\djdpj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttntn.exec:\bttntn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvpj.exec:\vdvpj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ntnth.exec:\7ntnth.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdp.exec:\vvjdp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5thbnh.exec:\5thbnh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvdp.exec:\djvdp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnhbn.exec:\nnnhbn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvpd.exec:\pvvpd.exe23⤵
- Executes dropped EXE
-
\??\c:\ntthtn.exec:\ntthtn.exe24⤵
- Executes dropped EXE
-
\??\c:\rrxlffx.exec:\rrxlffx.exe25⤵
- Executes dropped EXE
-
\??\c:\vpjvp.exec:\vpjvp.exe26⤵
- Executes dropped EXE
-
\??\c:\rllfrrl.exec:\rllfrrl.exe27⤵
- Executes dropped EXE
-
\??\c:\nhhtnb.exec:\nhhtnb.exe28⤵
- Executes dropped EXE
-
\??\c:\nbnhbb.exec:\nbnhbb.exe29⤵
- Executes dropped EXE
-
\??\c:\5pvvd.exec:\5pvvd.exe30⤵
- Executes dropped EXE
-
\??\c:\thnhnb.exec:\thnhnb.exe31⤵
- Executes dropped EXE
-
\??\c:\5vvpd.exec:\5vvpd.exe32⤵
- Executes dropped EXE
-
\??\c:\fflfrxr.exec:\fflfrxr.exe33⤵
-
\??\c:\9hhbbh.exec:\9hhbbh.exe34⤵
- Executes dropped EXE
-
\??\c:\1rxxrxx.exec:\1rxxrxx.exe35⤵
- Executes dropped EXE
-
\??\c:\1hnnnn.exec:\1hnnnn.exe36⤵
- Executes dropped EXE
-
\??\c:\tttttt.exec:\tttttt.exe37⤵
- Executes dropped EXE
-
\??\c:\ddjjd.exec:\ddjjd.exe38⤵
- Executes dropped EXE
-
\??\c:\btnhnn.exec:\btnhnn.exe39⤵
- Executes dropped EXE
-
\??\c:\7hnhhh.exec:\7hnhhh.exe40⤵
- Executes dropped EXE
-
\??\c:\lxrlflf.exec:\lxrlflf.exe41⤵
- Executes dropped EXE
-
\??\c:\tnhhbh.exec:\tnhhbh.exe42⤵
- Executes dropped EXE
-
\??\c:\fxlxlrl.exec:\fxlxlrl.exe43⤵
- Executes dropped EXE
-
\??\c:\hhnnnn.exec:\hhnnnn.exe44⤵
- Executes dropped EXE
-
\??\c:\jvppj.exec:\jvppj.exe45⤵
- Executes dropped EXE
-
\??\c:\lffxrxx.exec:\lffxrxx.exe46⤵
- Executes dropped EXE
-
\??\c:\1dvpv.exec:\1dvpv.exe47⤵
- Executes dropped EXE
-
\??\c:\rflfrll.exec:\rflfrll.exe48⤵
- Executes dropped EXE
-
\??\c:\jvddv.exec:\jvddv.exe49⤵
- Executes dropped EXE
-
\??\c:\lxfxrll.exec:\lxfxrll.exe50⤵
- Executes dropped EXE
-
\??\c:\btbhnn.exec:\btbhnn.exe51⤵
- Executes dropped EXE
-
\??\c:\xfllxxx.exec:\xfllxxx.exe52⤵
- Executes dropped EXE
-
\??\c:\hhbtnb.exec:\hhbtnb.exe53⤵
- Executes dropped EXE
-
\??\c:\pjvpd.exec:\pjvpd.exe54⤵
- Executes dropped EXE
-
\??\c:\nhtntt.exec:\nhtntt.exe55⤵
- Executes dropped EXE
-
\??\c:\3pdvd.exec:\3pdvd.exe56⤵
- Executes dropped EXE
-
\??\c:\ntbtnb.exec:\ntbtnb.exe57⤵
- Executes dropped EXE
-
\??\c:\7nthhh.exec:\7nthhh.exe58⤵
- Executes dropped EXE
-
\??\c:\lxlfffx.exec:\lxlfffx.exe59⤵
- Executes dropped EXE
-
\??\c:\tbhbhh.exec:\tbhbhh.exe60⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe61⤵
- Executes dropped EXE
-
\??\c:\htbtnn.exec:\htbtnn.exe62⤵
- Executes dropped EXE
-
\??\c:\djjdj.exec:\djjdj.exe63⤵
- Executes dropped EXE
-
\??\c:\bnnhbb.exec:\bnnhbb.exe64⤵
- Executes dropped EXE
-
\??\c:\vvpdd.exec:\vvpdd.exe65⤵
- Executes dropped EXE
-
\??\c:\fxfffff.exec:\fxfffff.exe66⤵
- Executes dropped EXE
-
\??\c:\nhbbhh.exec:\nhbbhh.exe67⤵
-
\??\c:\frxrrrr.exec:\frxrrrr.exe68⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe69⤵
-
\??\c:\rxlfffx.exec:\rxlfffx.exe70⤵
-
\??\c:\bntbtt.exec:\bntbtt.exe71⤵
-
\??\c:\rfxrllf.exec:\rfxrllf.exe72⤵
-
\??\c:\hbbbtt.exec:\hbbbtt.exe73⤵
-
\??\c:\jjjvd.exec:\jjjvd.exe74⤵
-
\??\c:\thnhbb.exec:\thnhbb.exe75⤵
-
\??\c:\fxxrrrr.exec:\fxxrrrr.exe76⤵
-
\??\c:\tbhhtt.exec:\tbhhtt.exe77⤵
-
\??\c:\7xrxxxx.exec:\7xrxxxx.exe78⤵
-
\??\c:\nhnnnn.exec:\nhnnnn.exe79⤵
-
\??\c:\llxxrrl.exec:\llxxrrl.exe80⤵
-
\??\c:\nhhhtt.exec:\nhhhtt.exe81⤵
-
\??\c:\xxrllfr.exec:\xxrllfr.exe82⤵
-
\??\c:\tttnnn.exec:\tttnnn.exe83⤵
-
\??\c:\vppdv.exec:\vppdv.exe84⤵
-
\??\c:\tbbnbt.exec:\tbbnbt.exe85⤵
-
\??\c:\rxxlxrf.exec:\rxxlxrf.exe86⤵
-
\??\c:\9tbttt.exec:\9tbttt.exe87⤵
-
\??\c:\lfrlrrx.exec:\lfrlrrx.exe88⤵
-
\??\c:\bhtnhh.exec:\bhtnhh.exe89⤵
-
\??\c:\vddvp.exec:\vddvp.exe90⤵
-
\??\c:\bntnbb.exec:\bntnbb.exe91⤵
-
\??\c:\7pdvv.exec:\7pdvv.exe92⤵
-
\??\c:\nbthtb.exec:\nbthtb.exe93⤵
-
\??\c:\hhnbtt.exec:\hhnbtt.exe94⤵
-
\??\c:\xxlrllr.exec:\xxlrllr.exe95⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe96⤵
-
\??\c:\nhhbnh.exec:\nhhbnh.exe97⤵
-
\??\c:\ddvpv.exec:\ddvpv.exe98⤵
-
\??\c:\xrxrxxx.exec:\xrxrxxx.exe99⤵
-
\??\c:\5nnnnh.exec:\5nnnnh.exe100⤵
-
\??\c:\xfxlffx.exec:\xfxlffx.exe101⤵
-
\??\c:\hhnnnn.exec:\hhnnnn.exe102⤵
-
\??\c:\ddjdd.exec:\ddjdd.exe103⤵
-
\??\c:\fflfxrr.exec:\fflfxrr.exe104⤵
-
\??\c:\pddvj.exec:\pddvj.exe105⤵
-
\??\c:\frffrrr.exec:\frffrrr.exe106⤵
-
\??\c:\btbbtt.exec:\btbbtt.exe107⤵
-
\??\c:\lrxlfrl.exec:\lrxlfrl.exe108⤵
-
\??\c:\nhtttt.exec:\nhtttt.exe109⤵
-
\??\c:\1xlfflf.exec:\1xlfflf.exe110⤵
-
\??\c:\5nbbbb.exec:\5nbbbb.exe111⤵
-
\??\c:\ppppd.exec:\ppppd.exe112⤵
-
\??\c:\hnbttt.exec:\hnbttt.exe113⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe114⤵
-
\??\c:\htnhtn.exec:\htnhtn.exe115⤵
-
\??\c:\lxxffff.exec:\lxxffff.exe116⤵
-
\??\c:\1bbtnn.exec:\1bbtnn.exe117⤵
-
\??\c:\5dppd.exec:\5dppd.exe118⤵
-
\??\c:\tthbnn.exec:\tthbnn.exe119⤵
-
\??\c:\rrlllll.exec:\rrlllll.exe120⤵
-
\??\c:\lrlllrr.exec:\lrlllrr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-