Analysis
-
max time kernel
36s -
max time network
37s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
-
submitted
28-04-2024 20:30
Errors
Reason
Machine shutdown
General
-
Target
40222ae5ee8a5066aab732ddd1a899aa4951056b57c5f7fc6931564be1577770.exe
-
Size
128KB
-
MD5
358c11d5bdb5f6e34897a1912dea5013
-
SHA1
05d6f838712f4350a08d977aa05eecd8d60cf553
-
SHA256
40222ae5ee8a5066aab732ddd1a899aa4951056b57c5f7fc6931564be1577770
-
SHA512
c9b52ed5414a770d8eaa98eb9b7317a5d3ab7d5e2d61d7332273525c3820c0ca7b8d2437ef0a89e656140c56c0803ec6b987ab9f09c02c9be04b04639a0bf322
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDWiekja1br3GGBxfot3MsVpKFHqZ:ymb3NkkiQ3mdBjFWXkj7afoHVpx+dGoc
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
UPX dump on OEP (original entry point) 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\40222ae5ee8a5066aab732ddd1a899aa4951056b57c5f7fc6931564be1577770.exe"C:\Users\Admin\AppData\Local\Temp\40222ae5ee8a5066aab732ddd1a899aa4951056b57c5f7fc6931564be1577770.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbnbt.exec:\bbbnbt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjdd.exec:\jvjdd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnbth.exec:\btnbth.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jjpd.exec:\5jjpd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfxxxx.exec:\lxfxxxx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbtt.exec:\tnhbtt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjvp.exec:\pdjvp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlrxxr.exec:\rrlrxxr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnnbb.exec:\hbnnbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vpjj.exec:\5vpjj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlllf.exec:\fxrlllf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbbth.exec:\ntbbth.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vjdp.exec:\9vjdp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrlxxr.exec:\xxrlxxr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httttn.exec:\httttn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtnnn.exec:\nhtnnn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjp.exec:\pjpjp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdjd.exec:\jvdjd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfrffx.exec:\xrfrffx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnttt.exec:\hbnttt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjv.exec:\dvpjv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrfxlf.exec:\lxrfxlf.exe23⤵
- Executes dropped EXE
-
\??\c:\btttnh.exec:\btttnh.exe24⤵
- Executes dropped EXE
-
\??\c:\ppppj.exec:\ppppj.exe25⤵
- Executes dropped EXE
-
\??\c:\lllfrrl.exec:\lllfrrl.exe26⤵
- Executes dropped EXE
-
\??\c:\hntnnh.exec:\hntnnh.exe27⤵
- Executes dropped EXE
-
\??\c:\dddvj.exec:\dddvj.exe28⤵
- Executes dropped EXE
-
\??\c:\vjjvp.exec:\vjjvp.exe29⤵
- Executes dropped EXE
-
\??\c:\xrllxxr.exec:\xrllxxr.exe30⤵
- Executes dropped EXE
-
\??\c:\bhtbbh.exec:\bhtbbh.exe31⤵
- Executes dropped EXE
-
\??\c:\jdjdv.exec:\jdjdv.exe32⤵
- Executes dropped EXE
-
\??\c:\rxxrlff.exec:\rxxrlff.exe33⤵
- Executes dropped EXE
-
\??\c:\nhbtnn.exec:\nhbtnn.exe34⤵
- Executes dropped EXE
-
\??\c:\hhbthh.exec:\hhbthh.exe35⤵
- Executes dropped EXE
-
\??\c:\vjpjv.exec:\vjpjv.exe36⤵
- Executes dropped EXE
-
\??\c:\pjvvj.exec:\pjvvj.exe37⤵
- Executes dropped EXE
-
\??\c:\rfxxrrl.exec:\rfxxrrl.exe38⤵
- Executes dropped EXE
-
\??\c:\rxxxrxx.exec:\rxxxrxx.exe39⤵
- Executes dropped EXE
-
\??\c:\3httnt.exec:\3httnt.exe40⤵
- Executes dropped EXE
-
\??\c:\nbhbbb.exec:\nbhbbb.exe41⤵
- Executes dropped EXE
-
\??\c:\vjjdv.exec:\vjjdv.exe42⤵
- Executes dropped EXE
-
\??\c:\7vdvj.exec:\7vdvj.exe43⤵
- Executes dropped EXE
-
\??\c:\5flfrxr.exec:\5flfrxr.exe44⤵
- Executes dropped EXE
-
\??\c:\fflllff.exec:\fflllff.exe45⤵
- Executes dropped EXE
-
\??\c:\ffflffx.exec:\ffflffx.exe46⤵
- Executes dropped EXE
-
\??\c:\bhbtnn.exec:\bhbtnn.exe47⤵
- Executes dropped EXE
-
\??\c:\5nbhnt.exec:\5nbhnt.exe48⤵
- Executes dropped EXE
-
\??\c:\jdppd.exec:\jdppd.exe49⤵
- Executes dropped EXE
-
\??\c:\3flflll.exec:\3flflll.exe50⤵
- Executes dropped EXE
-
\??\c:\frffxrx.exec:\frffxrx.exe51⤵
- Executes dropped EXE
-
\??\c:\thnhtt.exec:\thnhtt.exe52⤵
- Executes dropped EXE
-
\??\c:\bhbbtn.exec:\bhbbtn.exe53⤵
- Executes dropped EXE
-
\??\c:\vjpjv.exec:\vjpjv.exe54⤵
- Executes dropped EXE
-
\??\c:\vjdvv.exec:\vjdvv.exe55⤵
- Executes dropped EXE
-
\??\c:\xrrllxr.exec:\xrrllxr.exe56⤵
- Executes dropped EXE
-
\??\c:\5fflfrf.exec:\5fflfrf.exe57⤵
- Executes dropped EXE
-
\??\c:\frxlfll.exec:\frxlfll.exe58⤵
- Executes dropped EXE
-
\??\c:\hthbbb.exec:\hthbbb.exe59⤵
- Executes dropped EXE
-
\??\c:\pjvpd.exec:\pjvpd.exe60⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe61⤵
- Executes dropped EXE
-
\??\c:\1jppd.exec:\1jppd.exe62⤵
- Executes dropped EXE
-
\??\c:\1lfxxrf.exec:\1lfxxrf.exe63⤵
- Executes dropped EXE
-
\??\c:\fxffrrl.exec:\fxffrrl.exe64⤵
- Executes dropped EXE
-
\??\c:\1bbbtn.exec:\1bbbtn.exe65⤵
- Executes dropped EXE
-
\??\c:\ttthbt.exec:\ttthbt.exe66⤵
-
\??\c:\dpjvd.exec:\dpjvd.exe67⤵
-
\??\c:\dpjdv.exec:\dpjdv.exe68⤵
-
\??\c:\lxxrfff.exec:\lxxrfff.exe69⤵
-
\??\c:\9rxrfff.exec:\9rxrfff.exe70⤵
-
\??\c:\bnnnhh.exec:\bnnnhh.exe71⤵
-
\??\c:\nnbthh.exec:\nnbthh.exe72⤵
-
\??\c:\pjvpd.exec:\pjvpd.exe73⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe74⤵
-
\??\c:\rllfffx.exec:\rllfffx.exe75⤵
-
\??\c:\bbtbtt.exec:\bbtbtt.exe76⤵
-
\??\c:\bnnnnh.exec:\bnnnnh.exe77⤵
-
\??\c:\pddvv.exec:\pddvv.exe78⤵
-
\??\c:\rxxxlll.exec:\rxxxlll.exe79⤵
-
\??\c:\flxxxxr.exec:\flxxxxr.exe80⤵
-
\??\c:\1tnnhb.exec:\1tnnhb.exe81⤵
-
\??\c:\djvpp.exec:\djvpp.exe82⤵
-
\??\c:\xrllxxl.exec:\xrllxxl.exe83⤵
-
\??\c:\7jpjj.exec:\7jpjj.exe84⤵
-
\??\c:\pjppd.exec:\pjppd.exe85⤵
-
\??\c:\lrxrlrx.exec:\lrxrlrx.exe86⤵
-
\??\c:\btntnn.exec:\btntnn.exe87⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe88⤵
-
\??\c:\lrxrffx.exec:\lrxrffx.exe89⤵
-
\??\c:\7hnnbb.exec:\7hnnbb.exe90⤵
-
\??\c:\9jvvj.exec:\9jvvj.exe91⤵
-
\??\c:\xffxrrl.exec:\xffxrrl.exe92⤵
-
\??\c:\tthbbb.exec:\tthbbb.exe93⤵
-
\??\c:\vvvjd.exec:\vvvjd.exe94⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe95⤵
-
\??\c:\pddpp.exec:\pddpp.exe96⤵
-
\??\c:\rffxrrl.exec:\rffxrrl.exe97⤵
-
\??\c:\bhtnhh.exec:\bhtnhh.exe98⤵
-
\??\c:\jddvd.exec:\jddvd.exe99⤵
-
\??\c:\xrxlxfr.exec:\xrxlxfr.exe100⤵
-
\??\c:\7bnnnt.exec:\7bnnnt.exe101⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe102⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe103⤵
-
\??\c:\lxfflfr.exec:\lxfflfr.exe104⤵
-
\??\c:\7rxxffl.exec:\7rxxffl.exe105⤵
-
\??\c:\hhhhnn.exec:\hhhhnn.exe106⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe107⤵
-
\??\c:\jjpdv.exec:\jjpdv.exe108⤵
-
\??\c:\rlfffll.exec:\rlfffll.exe109⤵
-
\??\c:\fxflffx.exec:\fxflffx.exe110⤵
-
\??\c:\tnhhbb.exec:\tnhhbb.exe111⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe112⤵
-
\??\c:\jjppd.exec:\jjppd.exe113⤵
-
\??\c:\xllfxxx.exec:\xllfxxx.exe114⤵
-
\??\c:\lflfllr.exec:\lflfllr.exe115⤵
-
\??\c:\htbtnn.exec:\htbtnn.exe116⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe117⤵
-
\??\c:\vvjdj.exec:\vvjdj.exe118⤵
-
\??\c:\nnhthh.exec:\nnhthh.exe119⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe120⤵
-
\??\c:\5pvdp.exec:\5pvdp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-