Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
29/04/2024, 02:04
General
-
Target
c5f3b10f32a049b9f14923551acb4aeabdb4f5a38d51e1780f6466887fe16f33.exe
-
Size
424KB
-
MD5
b528fec4af832641128758aa11a969e7
-
SHA1
f9731ba919e3d015b7073db8a7a92541b67023f3
-
SHA256
c5f3b10f32a049b9f14923551acb4aeabdb4f5a38d51e1780f6466887fe16f33
-
SHA512
81832aa84caa02dbbc7965cbc52df3851d9faa5082385d816f90506cc12f81686c11ee76c88724273062453353f9ed79e0e5866bca5b8823cead81db64f7a21e
-
SSDEEP
12288:C4wFBh2F5BVzPSMh2F5BVzPSMh2F5BVzPS1:NL1ML1ML1m
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 39 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c5f3b10f32a049b9f14923551acb4aeabdb4f5a38d51e1780f6466887fe16f33.exe"C:\Users\Admin\AppData\Local\Temp\c5f3b10f32a049b9f14923551acb4aeabdb4f5a38d51e1780f6466887fe16f33.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\flxfrfr.exec:\flxfrfr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddp.exec:\dvddp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrxfxf.exec:\rxrxfxf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttbnt.exec:\tttbnt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxfrrf.exec:\rlxfrrf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnbtt.exec:\tnnbtt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxlrfl.exec:\ffxlrfl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntnhb.exec:\hntnhb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxxrff.exec:\fxxxrff.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hhtnb.exec:\1hhtnb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xrxxlf.exec:\9xrxxlf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbhn.exec:\nhbbhn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ffrrxr.exec:\5ffrrxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbnht.exec:\tnbnht.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfxxlr.exec:\lxfxxlr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbnhb.exec:\hhbnhb.exe17⤵
- Executes dropped EXE
-
\??\c:\llrfxff.exec:\llrfxff.exe18⤵
- Executes dropped EXE
-
\??\c:\ntnbbn.exec:\ntnbbn.exe19⤵
- Executes dropped EXE
-
\??\c:\fxrxfrl.exec:\fxrxfrl.exe20⤵
- Executes dropped EXE
-
\??\c:\tthhtt.exec:\tthhtt.exe21⤵
- Executes dropped EXE
-
\??\c:\llxfxrl.exec:\llxfxrl.exe22⤵
- Executes dropped EXE
-
\??\c:\btnthh.exec:\btnthh.exe23⤵
- Executes dropped EXE
-
\??\c:\pjvjv.exec:\pjvjv.exe24⤵
- Executes dropped EXE
-
\??\c:\xflflrl.exec:\xflflrl.exe25⤵
- Executes dropped EXE
-
\??\c:\lfrxffr.exec:\lfrxffr.exe26⤵
- Executes dropped EXE
-
\??\c:\bbtbnt.exec:\bbtbnt.exe27⤵
- Executes dropped EXE
-
\??\c:\llfrxfr.exec:\llfrxfr.exe28⤵
- Executes dropped EXE
-
\??\c:\pdvvj.exec:\pdvvj.exe29⤵
- Executes dropped EXE
-
\??\c:\9xxflrl.exec:\9xxflrl.exe30⤵
- Executes dropped EXE
-
\??\c:\dvjjd.exec:\dvjjd.exe31⤵
- Executes dropped EXE
-
\??\c:\7hbbhh.exec:\7hbbhh.exe32⤵
- Executes dropped EXE
-
\??\c:\bbtntt.exec:\bbtntt.exe33⤵
- Executes dropped EXE
-
\??\c:\fxrxlrf.exec:\fxrxlrf.exe34⤵
- Executes dropped EXE
-
\??\c:\ntntbh.exec:\ntntbh.exe35⤵
- Executes dropped EXE
-
\??\c:\1pddp.exec:\1pddp.exe36⤵
- Executes dropped EXE
-
\??\c:\llxflrl.exec:\llxflrl.exe37⤵
- Executes dropped EXE
-
\??\c:\lfxxfrf.exec:\lfxxfrf.exe38⤵
- Executes dropped EXE
-
\??\c:\ttntnt.exec:\ttntnt.exe39⤵
- Executes dropped EXE
-
\??\c:\5jpvd.exec:\5jpvd.exe40⤵
- Executes dropped EXE
-
\??\c:\xxrrflr.exec:\xxrrflr.exe41⤵
- Executes dropped EXE
-
\??\c:\3tnnbb.exec:\3tnnbb.exe42⤵
- Executes dropped EXE
-
\??\c:\dddvj.exec:\dddvj.exe43⤵
- Executes dropped EXE
-
\??\c:\jjjdj.exec:\jjjdj.exe44⤵
- Executes dropped EXE
-
\??\c:\fxllrrx.exec:\fxllrrx.exe45⤵
- Executes dropped EXE
-
\??\c:\nhtthh.exec:\nhtthh.exe46⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe47⤵
- Executes dropped EXE
-
\??\c:\7djpd.exec:\7djpd.exe48⤵
- Executes dropped EXE
-
\??\c:\lffrfll.exec:\lffrfll.exe49⤵
- Executes dropped EXE
-
\??\c:\hbbhtt.exec:\hbbhtt.exe50⤵
- Executes dropped EXE
-
\??\c:\jjvpj.exec:\jjvpj.exe51⤵
- Executes dropped EXE
-
\??\c:\ffrxffr.exec:\ffrxffr.exe52⤵
- Executes dropped EXE
-
\??\c:\1rrrffl.exec:\1rrrffl.exe53⤵
- Executes dropped EXE
-
\??\c:\hhtbnt.exec:\hhtbnt.exe54⤵
- Executes dropped EXE
-
\??\c:\dvjpd.exec:\dvjpd.exe55⤵
- Executes dropped EXE
-
\??\c:\vvpdv.exec:\vvpdv.exe56⤵
- Executes dropped EXE
-
\??\c:\1rlrffr.exec:\1rlrffr.exe57⤵
- Executes dropped EXE
-
\??\c:\bthhth.exec:\bthhth.exe58⤵
- Executes dropped EXE
-
\??\c:\5jvdj.exec:\5jvdj.exe59⤵
- Executes dropped EXE
-
\??\c:\lfrxrlx.exec:\lfrxrlx.exe60⤵
- Executes dropped EXE
-
\??\c:\fxxlxfr.exec:\fxxlxfr.exe61⤵
- Executes dropped EXE
-
\??\c:\hbtbhh.exec:\hbtbhh.exe62⤵
- Executes dropped EXE
-
\??\c:\dvvjj.exec:\dvvjj.exe63⤵
- Executes dropped EXE
-
\??\c:\ffxfllf.exec:\ffxfllf.exe64⤵
- Executes dropped EXE
-
\??\c:\ttnbhn.exec:\ttnbhn.exe65⤵
- Executes dropped EXE
-
\??\c:\vpddd.exec:\vpddd.exe66⤵
-
\??\c:\7xxlxxr.exec:\7xxlxxr.exe67⤵
-
\??\c:\nhttnn.exec:\nhttnn.exe68⤵
-
\??\c:\hbtthn.exec:\hbtthn.exe69⤵
-
\??\c:\jvppv.exec:\jvppv.exe70⤵
-
\??\c:\lfxlxfx.exec:\lfxlxfx.exe71⤵
-
\??\c:\nbbhbb.exec:\nbbhbb.exe72⤵
-
\??\c:\vppvp.exec:\vppvp.exe73⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe74⤵
-
\??\c:\5frxlrx.exec:\5frxlrx.exe75⤵
-
\??\c:\bnhnbb.exec:\bnhnbb.exe76⤵
-
\??\c:\dddvv.exec:\dddvv.exe77⤵
-
\??\c:\lllfllr.exec:\lllfllr.exe78⤵
-
\??\c:\llflrxf.exec:\llflrxf.exe79⤵
-
\??\c:\7nhntb.exec:\7nhntb.exe80⤵
-
\??\c:\pjjpd.exec:\pjjpd.exe81⤵
-
\??\c:\xrlrxxl.exec:\xrlrxxl.exe82⤵
-
\??\c:\xfflflx.exec:\xfflflx.exe83⤵
-
\??\c:\nnhthn.exec:\nnhthn.exe84⤵
-
\??\c:\jjdvd.exec:\jjdvd.exe85⤵
-
\??\c:\djvdv.exec:\djvdv.exe86⤵
-
\??\c:\xrlrxfr.exec:\xrlrxfr.exe87⤵
-
\??\c:\1nbhth.exec:\1nbhth.exe88⤵
-
\??\c:\jppjj.exec:\jppjj.exe89⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe90⤵
-
\??\c:\rllxflx.exec:\rllxflx.exe91⤵
-
\??\c:\bthtnt.exec:\bthtnt.exe92⤵
-
\??\c:\tnhbnn.exec:\tnhbnn.exe93⤵
-
\??\c:\ppjdj.exec:\ppjdj.exe94⤵
-
\??\c:\5xllrxl.exec:\5xllrxl.exe95⤵
-
\??\c:\nnhntt.exec:\nnhntt.exe96⤵
-
\??\c:\tbthtt.exec:\tbthtt.exe97⤵
-
\??\c:\3jdjp.exec:\3jdjp.exe98⤵
-
\??\c:\5lffxrf.exec:\5lffxrf.exe99⤵
-
\??\c:\5fflrfx.exec:\5fflrfx.exe100⤵
-
\??\c:\nbbbtt.exec:\nbbbtt.exe101⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe102⤵
-
\??\c:\1xlllff.exec:\1xlllff.exe103⤵
-
\??\c:\fxrxffr.exec:\fxrxffr.exe104⤵
-
\??\c:\nnttnt.exec:\nnttnt.exe105⤵
-
\??\c:\3vjjj.exec:\3vjjj.exe106⤵
-
\??\c:\dppvj.exec:\dppvj.exe107⤵
-
\??\c:\fxlfffl.exec:\fxlfffl.exe108⤵
-
\??\c:\9tntnt.exec:\9tntnt.exe109⤵
-
\??\c:\tnhhtb.exec:\tnhhtb.exe110⤵
-
\??\c:\jpdvd.exec:\jpdvd.exe111⤵
-
\??\c:\lfrlfxl.exec:\lfrlfxl.exe112⤵
-
\??\c:\nnntbh.exec:\nnntbh.exe113⤵
-
\??\c:\9pvpd.exec:\9pvpd.exe114⤵
-
\??\c:\ddvdj.exec:\ddvdj.exe115⤵
-
\??\c:\lfffrrf.exec:\lfffrrf.exe116⤵
-
\??\c:\ttnhbh.exec:\ttnhbh.exe117⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe118⤵
-
\??\c:\xrffrrf.exec:\xrffrrf.exe119⤵
-
\??\c:\7hhhtb.exec:\7hhhtb.exe120⤵
-
\??\c:\pvjpv.exec:\pvjpv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-