Analysis
-
max time kernel
149s -
max time network
112s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
-
submitted
03/05/2024, 20:24
General
-
Target
354d0cd3f3749e6fbac1bc0d1bf58a8588e73d6bfb34670cea714284fda3f973.exe
-
Size
58KB
-
MD5
6d7b7eaf67d4b8f294d18165bc1036ad
-
SHA1
697c1e3ccbf398651e8964907b9aebeed3c0c873
-
SHA256
354d0cd3f3749e6fbac1bc0d1bf58a8588e73d6bfb34670cea714284fda3f973
-
SHA512
1e7df61febd0a52c141af462909c468744197ea9064581a9af52eaaf4ee36503d5687e6d958fc03505c3e36d9b4db1c35c2f9b69d1206a6e72c99e66fc3c25df
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI9L5:ymb3NkkiQ3mdBjFI99
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
UPX dump on OEP (original entry point) 31 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\354d0cd3f3749e6fbac1bc0d1bf58a8588e73d6bfb34670cea714284fda3f973.exe"C:\Users\Admin\AppData\Local\Temp\354d0cd3f3749e6fbac1bc0d1bf58a8588e73d6bfb34670cea714284fda3f973.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3ppjd.exec:\3ppjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1thbbb.exec:\1thbbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddjj.exec:\pddjj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrrllf.exec:\xxrrllf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ntbtt.exec:\5ntbtt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpjv.exec:\vdpjv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjjv.exec:\vvjjv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfllfx.exec:\llfllfx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbbbb.exec:\ttbbbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnbtn.exec:\thnbtn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjdv.exec:\jpjdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxfrrl.exec:\rfxfrrl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxrflf.exec:\xxxrflf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnnht.exec:\hhnnht.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjdp.exec:\ppjdp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxllrr.exec:\lfxllrr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrlxxr.exec:\lfrlxxr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbbtn.exec:\nbbbtn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vpdv.exec:\7vpdv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrllrxf.exec:\xrllrxf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xfxflf.exec:\9xfxflf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntnbn.exec:\hntnbn.exe23⤵
- Executes dropped EXE
-
\??\c:\dvvvd.exec:\dvvvd.exe24⤵
- Executes dropped EXE
-
\??\c:\vdjvp.exec:\vdjvp.exe25⤵
- Executes dropped EXE
-
\??\c:\lxxrffx.exec:\lxxrffx.exe26⤵
- Executes dropped EXE
-
\??\c:\fxxxrlf.exec:\fxxxrlf.exe27⤵
- Executes dropped EXE
-
\??\c:\hbhhbb.exec:\hbhhbb.exe28⤵
- Executes dropped EXE
-
\??\c:\9ntnbh.exec:\9ntnbh.exe29⤵
- Executes dropped EXE
-
\??\c:\jvpdp.exec:\jvpdp.exe30⤵
- Executes dropped EXE
-
\??\c:\rfxlxrf.exec:\rfxlxrf.exe31⤵
- Executes dropped EXE
-
\??\c:\xrlflll.exec:\xrlflll.exe32⤵
- Executes dropped EXE
-
\??\c:\tnttnt.exec:\tnttnt.exe33⤵
- Executes dropped EXE
-
\??\c:\5thbht.exec:\5thbht.exe34⤵
- Executes dropped EXE
-
\??\c:\jppjd.exec:\jppjd.exe35⤵
- Executes dropped EXE
-
\??\c:\rfrlffx.exec:\rfrlffx.exe36⤵
- Executes dropped EXE
-
\??\c:\3fxxrrl.exec:\3fxxrrl.exe37⤵
- Executes dropped EXE
-
\??\c:\ntnnnn.exec:\ntnnnn.exe38⤵
- Executes dropped EXE
-
\??\c:\9jdvj.exec:\9jdvj.exe39⤵
- Executes dropped EXE
-
\??\c:\vpppp.exec:\vpppp.exe40⤵
- Executes dropped EXE
-
\??\c:\rfllxrr.exec:\rfllxrr.exe41⤵
- Executes dropped EXE
-
\??\c:\fxfxxxr.exec:\fxfxxxr.exe42⤵
- Executes dropped EXE
-
\??\c:\hhnbtt.exec:\hhnbtt.exe43⤵
- Executes dropped EXE
-
\??\c:\9ttnbt.exec:\9ttnbt.exe44⤵
- Executes dropped EXE
-
\??\c:\ddvvv.exec:\ddvvv.exe45⤵
- Executes dropped EXE
-
\??\c:\jdjdd.exec:\jdjdd.exe46⤵
- Executes dropped EXE
-
\??\c:\rlfxffx.exec:\rlfxffx.exe47⤵
- Executes dropped EXE
-
\??\c:\xxlfxrl.exec:\xxlfxrl.exe48⤵
- Executes dropped EXE
-
\??\c:\tntntt.exec:\tntntt.exe49⤵
- Executes dropped EXE
-
\??\c:\hbhhtt.exec:\hbhhtt.exe50⤵
- Executes dropped EXE
-
\??\c:\vvjdp.exec:\vvjdp.exe51⤵
- Executes dropped EXE
-
\??\c:\rlxrllf.exec:\rlxrllf.exe52⤵
- Executes dropped EXE
-
\??\c:\btbbnn.exec:\btbbnn.exe53⤵
- Executes dropped EXE
-
\??\c:\jjdpd.exec:\jjdpd.exe54⤵
- Executes dropped EXE
-
\??\c:\vjpvp.exec:\vjpvp.exe55⤵
- Executes dropped EXE
-
\??\c:\jvppd.exec:\jvppd.exe56⤵
- Executes dropped EXE
-
\??\c:\lfflxxl.exec:\lfflxxl.exe57⤵
- Executes dropped EXE
-
\??\c:\xlfxrlf.exec:\xlfxrlf.exe58⤵
- Executes dropped EXE
-
\??\c:\5hbnhh.exec:\5hbnhh.exe59⤵
- Executes dropped EXE
-
\??\c:\pvddp.exec:\pvddp.exe60⤵
- Executes dropped EXE
-
\??\c:\dvvjv.exec:\dvvjv.exe61⤵
- Executes dropped EXE
-
\??\c:\lflfxff.exec:\lflfxff.exe62⤵
- Executes dropped EXE
-
\??\c:\bbbtbn.exec:\bbbtbn.exe63⤵
- Executes dropped EXE
-
\??\c:\ppvdv.exec:\ppvdv.exe64⤵
- Executes dropped EXE
-
\??\c:\vjjdv.exec:\vjjdv.exe65⤵
- Executes dropped EXE
-
\??\c:\jdjdv.exec:\jdjdv.exe66⤵
-
\??\c:\3rrlxxr.exec:\3rrlxxr.exe67⤵
-
\??\c:\lfflllx.exec:\lfflllx.exe68⤵
-
\??\c:\httnhb.exec:\httnhb.exe69⤵
-
\??\c:\hnnnbb.exec:\hnnnbb.exe70⤵
-
\??\c:\9dvpp.exec:\9dvpp.exe71⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe72⤵
-
\??\c:\7vdvv.exec:\7vdvv.exe73⤵
-
\??\c:\xlrlffx.exec:\xlrlffx.exe74⤵
-
\??\c:\llrlffx.exec:\llrlffx.exe75⤵
-
\??\c:\bbbhhb.exec:\bbbhhb.exe76⤵
-
\??\c:\nbhbbb.exec:\nbhbbb.exe77⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe78⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe79⤵
-
\??\c:\frrfffx.exec:\frrfffx.exe80⤵
-
\??\c:\3lllflf.exec:\3lllflf.exe81⤵
-
\??\c:\3nthbn.exec:\3nthbn.exe82⤵
-
\??\c:\bthhtn.exec:\bthhtn.exe83⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe84⤵
-
\??\c:\dddvj.exec:\dddvj.exe85⤵
-
\??\c:\xxfxrlr.exec:\xxfxrlr.exe86⤵
-
\??\c:\3ffxrlf.exec:\3ffxrlf.exe87⤵
-
\??\c:\nhtbtb.exec:\nhtbtb.exe88⤵
-
\??\c:\nhnntt.exec:\nhnntt.exe89⤵
-
\??\c:\ddjvj.exec:\ddjvj.exe90⤵
-
\??\c:\jvjdd.exec:\jvjdd.exe91⤵
-
\??\c:\xffxrfr.exec:\xffxrfr.exe92⤵
-
\??\c:\hhhhhh.exec:\hhhhhh.exe93⤵
-
\??\c:\ddjdv.exec:\ddjdv.exe94⤵
-
\??\c:\djvvv.exec:\djvvv.exe95⤵
-
\??\c:\xrrfrrl.exec:\xrrfrrl.exe96⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe97⤵
-
\??\c:\9htnnn.exec:\9htnnn.exe98⤵
-
\??\c:\pdddp.exec:\pdddp.exe99⤵
-
\??\c:\vvddd.exec:\vvddd.exe100⤵
-
\??\c:\xxffrlx.exec:\xxffrlx.exe101⤵
-
\??\c:\xlrlfxr.exec:\xlrlfxr.exe102⤵
-
\??\c:\bnbnnb.exec:\bnbnnb.exe103⤵
-
\??\c:\bthbtt.exec:\bthbtt.exe104⤵
-
\??\c:\pdjpj.exec:\pdjpj.exe105⤵
-
\??\c:\ddjvv.exec:\ddjvv.exe106⤵
-
\??\c:\vppdp.exec:\vppdp.exe107⤵
-
\??\c:\rffxrrx.exec:\rffxrrx.exe108⤵
-
\??\c:\llrlffx.exec:\llrlffx.exe109⤵
-
\??\c:\3nnnbt.exec:\3nnnbt.exe110⤵
-
\??\c:\nhbthb.exec:\nhbthb.exe111⤵
-
\??\c:\9jdvj.exec:\9jdvj.exe112⤵
-
\??\c:\vvdpj.exec:\vvdpj.exe113⤵
-
\??\c:\vjdjv.exec:\vjdjv.exe114⤵
-
\??\c:\ffffrxr.exec:\ffffrxr.exe115⤵
-
\??\c:\7lrrffx.exec:\7lrrffx.exe116⤵
-
\??\c:\tnttbt.exec:\tnttbt.exe117⤵
-
\??\c:\vjpjv.exec:\vjpjv.exe118⤵
-
\??\c:\5vpdv.exec:\5vpdv.exe119⤵
-
\??\c:\3lrlflf.exec:\3lrlflf.exe120⤵
-
\??\c:\fxrrrxr.exec:\fxrrrxr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-