Analysis
-
max time kernel
150s -
max time network
108s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
-
submitted
02-05-2024 05:26
General
-
Target
f3396a7dfafb31e88a07dd13faae1b79c77fc5da38db766dbb013428160cb0ca.exe
-
Size
89KB
-
MD5
a874678270622ba291252aeed79ea092
-
SHA1
b8ecd50fcde5ef481682d7ce2a0848868815e254
-
SHA256
f3396a7dfafb31e88a07dd13faae1b79c77fc5da38db766dbb013428160cb0ca
-
SHA512
4e0e7a5ae2a1f130ecfe2a2e4597b0eb3f8a6b86e0fbf3dcf6dc90b37664a0cab4e22d7feebda64ebe58275b21f7101a741ba7717cae417491239f4f49c14ec6
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoLU1grORPfr0k890CDVxU:ymb3NkkiQ3mdBjFoLk8Pk890CDVa
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
UPX dump on OEP (original entry point) 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f3396a7dfafb31e88a07dd13faae1b79c77fc5da38db766dbb013428160cb0ca.exe"C:\Users\Admin\AppData\Local\Temp\f3396a7dfafb31e88a07dd13faae1b79c77fc5da38db766dbb013428160cb0ca.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1dddv.exec:\1dddv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrlffx.exec:\rlrlffx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxxrff.exec:\llxxrff.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtnnn.exec:\thtnnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjddp.exec:\jjddp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jdvp.exec:\1jdvp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxrxr.exec:\rrxxrxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ttttt.exec:\5ttttt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbntth.exec:\nbntth.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ppjd.exec:\9ppjd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9llrrrl.exec:\9llrrrl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9frrlll.exec:\9frrlll.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjjd.exec:\djjjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9llfrll.exec:\9llfrll.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbtt.exec:\btbbtt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hhhtt.exec:\9hhhtt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvvj.exec:\jpvvj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3llffff.exec:\3llffff.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtnnh.exec:\bbtnnh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdj.exec:\vpjdj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlrlrr.exec:\xxlrlrr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bbttt.exec:\9bbttt.exe23⤵
- Executes dropped EXE
-
\??\c:\jddvd.exec:\jddvd.exe24⤵
- Executes dropped EXE
-
\??\c:\9flfxrr.exec:\9flfxrr.exe25⤵
- Executes dropped EXE
-
\??\c:\1flfxxr.exec:\1flfxxr.exe26⤵
- Executes dropped EXE
-
\??\c:\bttnhh.exec:\bttnhh.exe27⤵
- Executes dropped EXE
-
\??\c:\3nhbtn.exec:\3nhbtn.exe28⤵
- Executes dropped EXE
-
\??\c:\vpvvv.exec:\vpvvv.exe29⤵
- Executes dropped EXE
-
\??\c:\lrxrlll.exec:\lrxrlll.exe30⤵
- Executes dropped EXE
-
\??\c:\rlxrlff.exec:\rlxrlff.exe31⤵
- Executes dropped EXE
-
\??\c:\7bttnn.exec:\7bttnn.exe32⤵
- Executes dropped EXE
-
\??\c:\9pvpj.exec:\9pvpj.exe33⤵
- Executes dropped EXE
-
\??\c:\3llfxrf.exec:\3llfxrf.exe34⤵
- Executes dropped EXE
-
\??\c:\xrxfffx.exec:\xrxfffx.exe35⤵
- Executes dropped EXE
-
\??\c:\bbntnt.exec:\bbntnt.exe36⤵
- Executes dropped EXE
-
\??\c:\tttnnn.exec:\tttnnn.exe37⤵
- Executes dropped EXE
-
\??\c:\dpdvp.exec:\dpdvp.exe38⤵
- Executes dropped EXE
-
\??\c:\lffrllf.exec:\lffrllf.exe39⤵
- Executes dropped EXE
-
\??\c:\hntnbh.exec:\hntnbh.exe40⤵
- Executes dropped EXE
-
\??\c:\pvdvj.exec:\pvdvj.exe41⤵
- Executes dropped EXE
-
\??\c:\jddvv.exec:\jddvv.exe42⤵
- Executes dropped EXE
-
\??\c:\lffxfxr.exec:\lffxfxr.exe43⤵
- Executes dropped EXE
-
\??\c:\lfllxfr.exec:\lfllxfr.exe44⤵
- Executes dropped EXE
-
\??\c:\hnnbnn.exec:\hnnbnn.exe45⤵
- Executes dropped EXE
-
\??\c:\jjdpd.exec:\jjdpd.exe46⤵
- Executes dropped EXE
-
\??\c:\9dvpd.exec:\9dvpd.exe47⤵
- Executes dropped EXE
-
\??\c:\lfllrff.exec:\lfllrff.exe48⤵
- Executes dropped EXE
-
\??\c:\tnthbt.exec:\tnthbt.exe49⤵
- Executes dropped EXE
-
\??\c:\jdpdv.exec:\jdpdv.exe50⤵
- Executes dropped EXE
-
\??\c:\pjddp.exec:\pjddp.exe51⤵
- Executes dropped EXE
-
\??\c:\fxrlxxx.exec:\fxrlxxx.exe52⤵
- Executes dropped EXE
-
\??\c:\rrfrrxr.exec:\rrfrrxr.exe53⤵
- Executes dropped EXE
-
\??\c:\5tnhbt.exec:\5tnhbt.exe54⤵
- Executes dropped EXE
-
\??\c:\vdpjd.exec:\vdpjd.exe55⤵
- Executes dropped EXE
-
\??\c:\1jdpd.exec:\1jdpd.exe56⤵
- Executes dropped EXE
-
\??\c:\7jjdp.exec:\7jjdp.exe57⤵
- Executes dropped EXE
-
\??\c:\xxxlxrl.exec:\xxxlxrl.exe58⤵
- Executes dropped EXE
-
\??\c:\1frfxrf.exec:\1frfxrf.exe59⤵
- Executes dropped EXE
-
\??\c:\5tbtbb.exec:\5tbtbb.exe60⤵
- Executes dropped EXE
-
\??\c:\thbbnb.exec:\thbbnb.exe61⤵
- Executes dropped EXE
-
\??\c:\dpjdv.exec:\dpjdv.exe62⤵
- Executes dropped EXE
-
\??\c:\jppjd.exec:\jppjd.exe63⤵
- Executes dropped EXE
-
\??\c:\9flfrll.exec:\9flfrll.exe64⤵
- Executes dropped EXE
-
\??\c:\xllfxrf.exec:\xllfxrf.exe65⤵
- Executes dropped EXE
-
\??\c:\ntbbtn.exec:\ntbbtn.exe66⤵
-
\??\c:\nhtnhh.exec:\nhtnhh.exe67⤵
-
\??\c:\1dvpd.exec:\1dvpd.exe68⤵
-
\??\c:\jjdvd.exec:\jjdvd.exe69⤵
-
\??\c:\1xfrlfx.exec:\1xfrlfx.exe70⤵
-
\??\c:\xlrlffx.exec:\xlrlffx.exe71⤵
-
\??\c:\3ttnhb.exec:\3ttnhb.exe72⤵
-
\??\c:\hthttn.exec:\hthttn.exe73⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe74⤵
-
\??\c:\3ppjv.exec:\3ppjv.exe75⤵
-
\??\c:\ffrlxrx.exec:\ffrlxrx.exe76⤵
-
\??\c:\5lllffx.exec:\5lllffx.exe77⤵
-
\??\c:\ttnhbb.exec:\ttnhbb.exe78⤵
-
\??\c:\nbtnhb.exec:\nbtnhb.exe79⤵
-
\??\c:\pvddv.exec:\pvddv.exe80⤵
-
\??\c:\5jvpd.exec:\5jvpd.exe81⤵
-
\??\c:\frrxflf.exec:\frrxflf.exe82⤵
-
\??\c:\flrfrlx.exec:\flrfrlx.exe83⤵
-
\??\c:\9tbthh.exec:\9tbthh.exe84⤵
-
\??\c:\hbtnbh.exec:\hbtnbh.exe85⤵
-
\??\c:\pdpdd.exec:\pdpdd.exe86⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe87⤵
-
\??\c:\ppdvd.exec:\ppdvd.exe88⤵
-
\??\c:\3lrlxrr.exec:\3lrlxrr.exe89⤵
-
\??\c:\fxxrxrl.exec:\fxxrxrl.exe90⤵
-
\??\c:\hhnhbt.exec:\hhnhbt.exe91⤵
-
\??\c:\djjdv.exec:\djjdv.exe92⤵
-
\??\c:\vjjjp.exec:\vjjjp.exe93⤵
-
\??\c:\xffxlfx.exec:\xffxlfx.exe94⤵
-
\??\c:\rxxrllx.exec:\rxxrllx.exe95⤵
-
\??\c:\tnntnn.exec:\tnntnn.exe96⤵
-
\??\c:\hnnhtn.exec:\hnnhtn.exe97⤵
-
\??\c:\dpvpd.exec:\dpvpd.exe98⤵
-
\??\c:\fxfrrxr.exec:\fxfrrxr.exe99⤵
-
\??\c:\7rrlfxr.exec:\7rrlfxr.exe100⤵
-
\??\c:\thttnh.exec:\thttnh.exe101⤵
-
\??\c:\jpdvj.exec:\jpdvj.exe102⤵
-
\??\c:\lxffxrl.exec:\lxffxrl.exe103⤵
-
\??\c:\rfrrlxl.exec:\rfrrlxl.exe104⤵
-
\??\c:\tnnhbt.exec:\tnnhbt.exe105⤵
-
\??\c:\vjdvj.exec:\vjdvj.exe106⤵
-
\??\c:\ddppd.exec:\ddppd.exe107⤵
-
\??\c:\5xfxlrl.exec:\5xfxlrl.exe108⤵
-
\??\c:\tthbtt.exec:\tthbtt.exe109⤵
-
\??\c:\9ttthh.exec:\9ttthh.exe110⤵
-
\??\c:\dppjd.exec:\dppjd.exe111⤵
-
\??\c:\rlrlxrx.exec:\rlrlxrx.exe112⤵
-
\??\c:\xlxrrlr.exec:\xlxrrlr.exe113⤵
-
\??\c:\9rxrfxl.exec:\9rxrfxl.exe114⤵
-
\??\c:\thhbnn.exec:\thhbnn.exe115⤵
-
\??\c:\vdpdp.exec:\vdpdp.exe116⤵
-
\??\c:\3jdpd.exec:\3jdpd.exe117⤵
-
\??\c:\lrlfxrl.exec:\lrlfxrl.exe118⤵
-
\??\c:\7lrllff.exec:\7lrllff.exe119⤵
-
\??\c:\rflfrxr.exec:\rflfrxr.exe120⤵
-
\??\c:\bhnhbb.exec:\bhnhbb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-