Analysis
-
max time kernel
150s -
max time network
116s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
-
submitted
30-04-2024 22:11
General
-
Target
5642ce0610ec996456c14ae3842ea073cb0b9479d8c67cc2fb564b21bbeb7e52.exe
-
Size
94KB
-
MD5
11638ac20d762b986002e50c98aeca3a
-
SHA1
62e10283c47adaebd9fee7367407e57d3770f839
-
SHA256
5642ce0610ec996456c14ae3842ea073cb0b9479d8c67cc2fb564b21bbeb7e52
-
SHA512
e4ecf8573a977eff18954511f769221be0954a5d7504bb3628d32d20dae69dff1c63358dfbc274f2f96ddd6ecd41a2039e1e2b44dcff720b78dcad1fed334580
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDInWeNCYGyA2R7JxJAg8dtQl:ymb3NkkiQ3mdBjFIWeFGyAsJAg2Ql
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 30 IoCs
-
UPX dump on OEP (original entry point) 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5642ce0610ec996456c14ae3842ea073cb0b9479d8c67cc2fb564b21bbeb7e52.exe"C:\Users\Admin\AppData\Local\Temp\5642ce0610ec996456c14ae3842ea073cb0b9479d8c67cc2fb564b21bbeb7e52.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xflfxrl.exec:\xflfxrl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrfxrr.exec:\rlrfxrr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjv.exec:\dvjjv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllffxr.exec:\fllffxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntthth.exec:\ntthth.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nhtnh.exec:\3nhtnh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jpjd.exec:\1jpjd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpvj.exec:\vvpvj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlxrfr.exec:\rrlxrfr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flflrrf.exec:\flflrrf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nnnbt.exec:\9nnnbt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdp.exec:\vpjdp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdvj.exec:\vjdvj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lfrxll.exec:\3lfrxll.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvpj.exec:\ddvpj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvpd.exec:\jpvpd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrllfx.exec:\lxrllfx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bnbhb.exec:\7bnbhb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjvj.exec:\vvjvj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllrlrl.exec:\rllrlrl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffffrrl.exec:\ffffrrl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttnnh.exec:\nttnnh.exe23⤵
- Executes dropped EXE
-
\??\c:\dvvvv.exec:\dvvvv.exe24⤵
- Executes dropped EXE
-
\??\c:\flfxxfx.exec:\flfxxfx.exe25⤵
- Executes dropped EXE
-
\??\c:\nhnhhb.exec:\nhnhhb.exe26⤵
- Executes dropped EXE
-
\??\c:\1vvpd.exec:\1vvpd.exe27⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe28⤵
- Executes dropped EXE
-
\??\c:\rflfrrl.exec:\rflfrrl.exe29⤵
- Executes dropped EXE
-
\??\c:\hbhhhn.exec:\hbhhhn.exe30⤵
- Executes dropped EXE
-
\??\c:\jvvjv.exec:\jvvjv.exe31⤵
- Executes dropped EXE
-
\??\c:\frfxllx.exec:\frfxllx.exe32⤵
- Executes dropped EXE
-
\??\c:\vpppp.exec:\vpppp.exe33⤵
- Executes dropped EXE
-
\??\c:\jdjjp.exec:\jdjjp.exe34⤵
- Executes dropped EXE
-
\??\c:\llxrrlx.exec:\llxrrlx.exe35⤵
- Executes dropped EXE
-
\??\c:\5tthtn.exec:\5tthtn.exe36⤵
- Executes dropped EXE
-
\??\c:\jvjdv.exec:\jvjdv.exe37⤵
- Executes dropped EXE
-
\??\c:\ffffxxf.exec:\ffffxxf.exe38⤵
- Executes dropped EXE
-
\??\c:\lffxrrf.exec:\lffxrrf.exe39⤵
- Executes dropped EXE
-
\??\c:\hbttnh.exec:\hbttnh.exe40⤵
- Executes dropped EXE
-
\??\c:\vddvd.exec:\vddvd.exe41⤵
- Executes dropped EXE
-
\??\c:\jdppj.exec:\jdppj.exe42⤵
- Executes dropped EXE
-
\??\c:\vjpjv.exec:\vjpjv.exe43⤵
- Executes dropped EXE
-
\??\c:\xxrflfx.exec:\xxrflfx.exe44⤵
- Executes dropped EXE
-
\??\c:\xxlffxl.exec:\xxlffxl.exe45⤵
- Executes dropped EXE
-
\??\c:\1ntnhh.exec:\1ntnhh.exe46⤵
- Executes dropped EXE
-
\??\c:\pppjj.exec:\pppjj.exe47⤵
- Executes dropped EXE
-
\??\c:\ddpjd.exec:\ddpjd.exe48⤵
- Executes dropped EXE
-
\??\c:\frxrrrx.exec:\frxrrrx.exe49⤵
- Executes dropped EXE
-
\??\c:\btnhhb.exec:\btnhhb.exe50⤵
- Executes dropped EXE
-
\??\c:\hnnhbb.exec:\hnnhbb.exe51⤵
- Executes dropped EXE
-
\??\c:\pjdvj.exec:\pjdvj.exe52⤵
- Executes dropped EXE
-
\??\c:\3ddpd.exec:\3ddpd.exe53⤵
- Executes dropped EXE
-
\??\c:\3rrrllf.exec:\3rrrllf.exe54⤵
- Executes dropped EXE
-
\??\c:\lxffxxl.exec:\lxffxxl.exe55⤵
- Executes dropped EXE
-
\??\c:\thnhhb.exec:\thnhhb.exe56⤵
- Executes dropped EXE
-
\??\c:\jjpjv.exec:\jjpjv.exe57⤵
- Executes dropped EXE
-
\??\c:\vpppp.exec:\vpppp.exe58⤵
- Executes dropped EXE
-
\??\c:\rlfxrll.exec:\rlfxrll.exe59⤵
- Executes dropped EXE
-
\??\c:\7rrlrrr.exec:\7rrlrrr.exe60⤵
- Executes dropped EXE
-
\??\c:\tnnnnn.exec:\tnnnnn.exe61⤵
- Executes dropped EXE
-
\??\c:\pjdvv.exec:\pjdvv.exe62⤵
- Executes dropped EXE
-
\??\c:\vjvjj.exec:\vjvjj.exe63⤵
- Executes dropped EXE
-
\??\c:\lfrlrfx.exec:\lfrlrfx.exe64⤵
- Executes dropped EXE
-
\??\c:\rrxrllf.exec:\rrxrllf.exe65⤵
- Executes dropped EXE
-
\??\c:\hntnhh.exec:\hntnhh.exe66⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe67⤵
-
\??\c:\vpdpj.exec:\vpdpj.exe68⤵
-
\??\c:\9flfffl.exec:\9flfffl.exe69⤵
-
\??\c:\xlxxxrr.exec:\xlxxxrr.exe70⤵
-
\??\c:\bhhnhb.exec:\bhhnhb.exe71⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe72⤵
-
\??\c:\3djdp.exec:\3djdp.exe73⤵
-
\??\c:\7rflxff.exec:\7rflxff.exe74⤵
-
\??\c:\thnhhh.exec:\thnhhh.exe75⤵
-
\??\c:\jjpjd.exec:\jjpjd.exe76⤵
-
\??\c:\lrxlxxr.exec:\lrxlxxr.exe77⤵
-
\??\c:\xlrlllf.exec:\xlrlllf.exe78⤵
-
\??\c:\thhnnh.exec:\thhnnh.exe79⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe80⤵
-
\??\c:\3vvpp.exec:\3vvpp.exe81⤵
-
\??\c:\rfrffff.exec:\rfrffff.exe82⤵
-
\??\c:\bnnnnn.exec:\bnnnnn.exe83⤵
-
\??\c:\tbtttn.exec:\tbtttn.exe84⤵
-
\??\c:\vjvjj.exec:\vjvjj.exe85⤵
-
\??\c:\lffxrrl.exec:\lffxrrl.exe86⤵
-
\??\c:\lxrllrr.exec:\lxrllrr.exe87⤵
-
\??\c:\5bhtnb.exec:\5bhtnb.exe88⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe89⤵
-
\??\c:\1rrlfff.exec:\1rrlfff.exe90⤵
-
\??\c:\5bnntb.exec:\5bnntb.exe91⤵
-
\??\c:\ttnhbb.exec:\ttnhbb.exe92⤵
-
\??\c:\bbnnbt.exec:\bbnnbt.exe93⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe94⤵
-
\??\c:\xflfrrl.exec:\xflfrrl.exe95⤵
-
\??\c:\hhbttt.exec:\hhbttt.exe96⤵
-
\??\c:\3ppjd.exec:\3ppjd.exe97⤵
-
\??\c:\fffxxxx.exec:\fffxxxx.exe98⤵
-
\??\c:\9rrrrrl.exec:\9rrrrrl.exe99⤵
-
\??\c:\bbhntt.exec:\bbhntt.exe100⤵
-
\??\c:\ttbtbb.exec:\ttbtbb.exe101⤵
-
\??\c:\1jpjp.exec:\1jpjp.exe102⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe103⤵
-
\??\c:\5flxrrl.exec:\5flxrrl.exe104⤵
-
\??\c:\7hnhbb.exec:\7hnhbb.exe105⤵
-
\??\c:\nhbnnn.exec:\nhbnnn.exe106⤵
-
\??\c:\htbbbt.exec:\htbbbt.exe107⤵
-
\??\c:\dddjj.exec:\dddjj.exe108⤵
-
\??\c:\lxlllll.exec:\lxlllll.exe109⤵
-
\??\c:\llrrrrf.exec:\llrrrrf.exe110⤵
-
\??\c:\bnhhbh.exec:\bnhhbh.exe111⤵
-
\??\c:\3hhhnn.exec:\3hhhnn.exe112⤵
-
\??\c:\ddppj.exec:\ddppj.exe113⤵
-
\??\c:\vdjjv.exec:\vdjjv.exe114⤵
-
\??\c:\lllrlrr.exec:\lllrlrr.exe115⤵
-
\??\c:\xfffxlf.exec:\xfffxlf.exe116⤵
-
\??\c:\9bnnnn.exec:\9bnnnn.exe117⤵
-
\??\c:\9ttbtt.exec:\9ttbtt.exe118⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe119⤵
-
\??\c:\jjpjv.exec:\jjpjv.exe120⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-