Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
08-05-2024 04:12
General
-
Target
eca27f580042b0bc46e1398089fadba984c5da2405c0a0106f12d8288f17bd2c.exe
-
Size
186KB
-
MD5
79e29dd7c8731d199c8d6ab066fccbe2
-
SHA1
b8ff002065cee959e09ce6a79a560af82c7cd980
-
SHA256
eca27f580042b0bc46e1398089fadba984c5da2405c0a0106f12d8288f17bd2c
-
SHA512
4854b66065aa5f693c64a985ea2aba18f6e40b965c435b3fcebf48a8e3375702954e04bb1d83bc2c015f12c644719e0cfa87d6850ad1d8d7280fde8575e2ab26
-
SSDEEP
3072:3hOmTsF93UYfwC6GIoutw8YcvrqrE66kropO6BWlPFH4tw1D43eMRcm:3cm4FmowdHoSzhraHcpOFltH4twl43vf
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 34 IoCs
-
UPX dump on OEP (original entry point) 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\eca27f580042b0bc46e1398089fadba984c5da2405c0a0106f12d8288f17bd2c.exe"C:\Users\Admin\AppData\Local\Temp\eca27f580042b0bc46e1398089fadba984c5da2405c0a0106f12d8288f17bd2c.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9fxxffl.exec:\9fxxffl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtthh.exec:\bbtthh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpdj.exec:\jdpdj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbnt.exec:\nhbbnt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnbtb.exec:\tnnbtb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vjvp.exec:\5vjvp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrlxxl.exec:\lxrlxxl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btthbh.exec:\btthbh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dddp.exec:\3dddp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrxxfr.exec:\fxrxxfr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7btthn.exec:\7btthn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dpdv.exec:\9dpdv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrflf.exec:\xrlrflf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthbhn.exec:\bthbhn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7djdp.exec:\7djdp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrfrxr.exec:\lxrfrxr.exe17⤵
- Executes dropped EXE
-
\??\c:\hhthth.exec:\hhthth.exe18⤵
- Executes dropped EXE
-
\??\c:\dvpdp.exec:\dvpdp.exe19⤵
- Executes dropped EXE
-
\??\c:\lfxxflx.exec:\lfxxflx.exe20⤵
- Executes dropped EXE
-
\??\c:\5htntt.exec:\5htntt.exe21⤵
- Executes dropped EXE
-
\??\c:\5jdpd.exec:\5jdpd.exe22⤵
- Executes dropped EXE
-
\??\c:\jdjpj.exec:\jdjpj.exe23⤵
- Executes dropped EXE
-
\??\c:\nhnbbh.exec:\nhnbbh.exe24⤵
- Executes dropped EXE
-
\??\c:\jdpjv.exec:\jdpjv.exe25⤵
- Executes dropped EXE
-
\??\c:\vpdvd.exec:\vpdvd.exe26⤵
- Executes dropped EXE
-
\??\c:\xlfrllx.exec:\xlfrllx.exe27⤵
- Executes dropped EXE
-
\??\c:\pvpdj.exec:\pvpdj.exe28⤵
- Executes dropped EXE
-
\??\c:\fxfrlxf.exec:\fxfrlxf.exe29⤵
- Executes dropped EXE
-
\??\c:\tttbth.exec:\tttbth.exe30⤵
- Executes dropped EXE
-
\??\c:\nbbbnt.exec:\nbbbnt.exe31⤵
- Executes dropped EXE
-
\??\c:\dpjdj.exec:\dpjdj.exe32⤵
- Executes dropped EXE
-
\??\c:\rxflxff.exec:\rxflxff.exe33⤵
- Executes dropped EXE
-
\??\c:\hbntth.exec:\hbntth.exe34⤵
- Executes dropped EXE
-
\??\c:\vjpvj.exec:\vjpvj.exe35⤵
- Executes dropped EXE
-
\??\c:\5xrxflx.exec:\5xrxflx.exe36⤵
- Executes dropped EXE
-
\??\c:\fxrxlrr.exec:\fxrxlrr.exe37⤵
- Executes dropped EXE
-
\??\c:\thbhtt.exec:\thbhtt.exe38⤵
- Executes dropped EXE
-
\??\c:\bntttn.exec:\bntttn.exe39⤵
- Executes dropped EXE
-
\??\c:\ddpvj.exec:\ddpvj.exe40⤵
- Executes dropped EXE
-
\??\c:\xrrxxfr.exec:\xrrxxfr.exe41⤵
- Executes dropped EXE
-
\??\c:\fxlxlrf.exec:\fxlxlrf.exe42⤵
- Executes dropped EXE
-
\??\c:\9hnnnn.exec:\9hnnnn.exe43⤵
- Executes dropped EXE
-
\??\c:\pjvjp.exec:\pjvjp.exe44⤵
- Executes dropped EXE
-
\??\c:\rlfxrxl.exec:\rlfxrxl.exe45⤵
- Executes dropped EXE
-
\??\c:\3xrrlxr.exec:\3xrrlxr.exe46⤵
- Executes dropped EXE
-
\??\c:\ntbnhn.exec:\ntbnhn.exe47⤵
- Executes dropped EXE
-
\??\c:\5nbthh.exec:\5nbthh.exe48⤵
- Executes dropped EXE
-
\??\c:\1pdpp.exec:\1pdpp.exe49⤵
- Executes dropped EXE
-
\??\c:\9vpvp.exec:\9vpvp.exe50⤵
- Executes dropped EXE
-
\??\c:\xrrxfxf.exec:\xrrxfxf.exe51⤵
- Executes dropped EXE
-
\??\c:\tttbtt.exec:\tttbtt.exe52⤵
- Executes dropped EXE
-
\??\c:\tnnhtb.exec:\tnnhtb.exe53⤵
- Executes dropped EXE
-
\??\c:\5dppd.exec:\5dppd.exe54⤵
- Executes dropped EXE
-
\??\c:\vpjdp.exec:\vpjdp.exe55⤵
- Executes dropped EXE
-
\??\c:\xlfrrxl.exec:\xlfrrxl.exe56⤵
- Executes dropped EXE
-
\??\c:\5hnttt.exec:\5hnttt.exe57⤵
- Executes dropped EXE
-
\??\c:\btbttb.exec:\btbttb.exe58⤵
- Executes dropped EXE
-
\??\c:\pjvvd.exec:\pjvvd.exe59⤵
- Executes dropped EXE
-
\??\c:\9pdjp.exec:\9pdjp.exe60⤵
- Executes dropped EXE
-
\??\c:\xfrffxr.exec:\xfrffxr.exe61⤵
- Executes dropped EXE
-
\??\c:\bbthbn.exec:\bbthbn.exe62⤵
- Executes dropped EXE
-
\??\c:\tbhbtn.exec:\tbhbtn.exe63⤵
- Executes dropped EXE
-
\??\c:\jdpjp.exec:\jdpjp.exe64⤵
- Executes dropped EXE
-
\??\c:\1dvjp.exec:\1dvjp.exe65⤵
- Executes dropped EXE
-
\??\c:\5rrrxxf.exec:\5rrrxxf.exe66⤵
-
\??\c:\3lflrxl.exec:\3lflrxl.exe67⤵
-
\??\c:\hbntbb.exec:\hbntbb.exe68⤵
-
\??\c:\bttbnb.exec:\bttbnb.exe69⤵
-
\??\c:\vpjvv.exec:\vpjvv.exe70⤵
-
\??\c:\9fxfxxr.exec:\9fxfxxr.exe71⤵
-
\??\c:\fxrxlfx.exec:\fxrxlfx.exe72⤵
-
\??\c:\7tthbh.exec:\7tthbh.exe73⤵
-
\??\c:\1hbhnn.exec:\1hbhnn.exe74⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe75⤵
-
\??\c:\ddvvd.exec:\ddvvd.exe76⤵
-
\??\c:\5lxxflr.exec:\5lxxflr.exe77⤵
-
\??\c:\5lfxlrx.exec:\5lfxlrx.exe78⤵
-
\??\c:\7btnnt.exec:\7btnnt.exe79⤵
-
\??\c:\hthntb.exec:\hthntb.exe80⤵
-
\??\c:\7jddp.exec:\7jddp.exe81⤵
-
\??\c:\jjvvp.exec:\jjvvp.exe82⤵
-
\??\c:\fxllrlx.exec:\fxllrlx.exe83⤵
-
\??\c:\rxlxffl.exec:\rxlxffl.exe84⤵
-
\??\c:\hbbbnn.exec:\hbbbnn.exe85⤵
-
\??\c:\hbtbnt.exec:\hbtbnt.exe86⤵
-
\??\c:\9jdjv.exec:\9jdjv.exe87⤵
-
\??\c:\ppjjv.exec:\ppjjv.exe88⤵
-
\??\c:\rlflflx.exec:\rlflflx.exe89⤵
-
\??\c:\3bnnhn.exec:\3bnnhn.exe90⤵
-
\??\c:\3bnbht.exec:\3bnbht.exe91⤵
-
\??\c:\ddpjv.exec:\ddpjv.exe92⤵
-
\??\c:\rrrrxrf.exec:\rrrrxrf.exe93⤵
-
\??\c:\rlrlflr.exec:\rlrlflr.exe94⤵
-
\??\c:\tttntb.exec:\tttntb.exe95⤵
-
\??\c:\ddjpp.exec:\ddjpp.exe96⤵
-
\??\c:\jdddp.exec:\jdddp.exe97⤵
-
\??\c:\5xxxflx.exec:\5xxxflx.exe98⤵
-
\??\c:\1rlflrx.exec:\1rlflrx.exe99⤵
-
\??\c:\hbbnhh.exec:\hbbnhh.exe100⤵
-
\??\c:\tnnhtb.exec:\tnnhtb.exe101⤵
-
\??\c:\1djpv.exec:\1djpv.exe102⤵
-
\??\c:\ddvvj.exec:\ddvvj.exe103⤵
-
\??\c:\7rrxfrx.exec:\7rrxfrx.exe104⤵
-
\??\c:\bthhnb.exec:\bthhnb.exe105⤵
-
\??\c:\ttntbn.exec:\ttntbn.exe106⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe107⤵
-
\??\c:\pjjdj.exec:\pjjdj.exe108⤵
-
\??\c:\1frrxxr.exec:\1frrxxr.exe109⤵
-
\??\c:\nnhbhn.exec:\nnhbhn.exe110⤵
-
\??\c:\bbbtnh.exec:\bbbtnh.exe111⤵
-
\??\c:\dvvdd.exec:\dvvdd.exe112⤵
-
\??\c:\rlfxrxl.exec:\rlfxrxl.exe113⤵
-
\??\c:\btnthb.exec:\btnthb.exe114⤵
-
\??\c:\bthnbn.exec:\bthnbn.exe115⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe116⤵
-
\??\c:\9pdvp.exec:\9pdvp.exe117⤵
-
\??\c:\xxrlxlx.exec:\xxrlxlx.exe118⤵
-
\??\c:\3bntbn.exec:\3bntbn.exe119⤵
-
\??\c:\bthnbt.exec:\bthnbt.exe120⤵
-
\??\c:\vdvjj.exec:\vdvjj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-