Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
09-05-2024 23:13
General
-
Target
7a072a4df9ecca6f7e3d4952cab616dd745601fcf4098aa04acf8f90e76de3c0.exe
-
Size
441KB
-
MD5
f02f73a168e46e1199b9a90d10aafd42
-
SHA1
7fe494d271a5f482c5e4c7c2073d9a489ab0c2ce
-
SHA256
7a072a4df9ecca6f7e3d4952cab616dd745601fcf4098aa04acf8f90e76de3c0
-
SHA512
82a470adc968adf8c4c1da8e04c8b764b8a7cd2590ac8fbee45ec65ef167314179593b887a00b058f419da5baac17df3db95613031369a18e5f32652c9a15d89
-
SSDEEP
12288:M4wFHoSpg4wFHonR/nPF2LnFL4wF04wFK4wFK4wluy:UrR/nPp
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
UPX dump on OEP (original entry point) 64 IoCs
-
Executes dropped EXE 13 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 39 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7a072a4df9ecca6f7e3d4952cab616dd745601fcf4098aa04acf8f90e76de3c0.exe"C:\Users\Admin\AppData\Local\Temp\7a072a4df9ecca6f7e3d4952cab616dd745601fcf4098aa04acf8f90e76de3c0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7rrrlrl.exec:\7rrrlrl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnhnh.exec:\hnnhnh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjv.exec:\dppjv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjjd.exec:\vjjjd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfffxxr.exec:\lfffxxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xlxrfx.exec:\9xlxrfx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvppj.exec:\jvppj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pjjd.exec:\3pjjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrllffx.exec:\xrllffx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrllll.exec:\rrrllll.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnnnt.exec:\hhnnnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pjdv.exec:\5pjdv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrlfxx.exec:\rrrlfxx.exe14⤵
- Executes dropped EXE
-
\??\c:\hbhbbb.exec:\hbhbbb.exe15⤵
-
\??\c:\nnbtnh.exec:\nnbtnh.exe16⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe17⤵
-
\??\c:\lxxxfff.exec:\lxxxfff.exe18⤵
-
\??\c:\nhbhtn.exec:\nhbhtn.exe19⤵
-
\??\c:\7dddj.exec:\7dddj.exe20⤵
-
\??\c:\lxfxfll.exec:\lxfxfll.exe21⤵
-
\??\c:\rxfxxxf.exec:\rxfxxxf.exe22⤵
-
\??\c:\hhbhhb.exec:\hhbhhb.exe23⤵
-
\??\c:\vppjd.exec:\vppjd.exe24⤵
-
\??\c:\lffxffx.exec:\lffxffx.exe25⤵
-
\??\c:\xrlfxrl.exec:\xrlfxrl.exe26⤵
-
\??\c:\bhtnnn.exec:\bhtnnn.exe27⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe28⤵
-
\??\c:\3flflll.exec:\3flflll.exe29⤵
-
\??\c:\9nntnn.exec:\9nntnn.exe30⤵
-
\??\c:\bttntt.exec:\bttntt.exe31⤵
-
\??\c:\djjjd.exec:\djjjd.exe32⤵
-
\??\c:\tttthh.exec:\tttthh.exe33⤵
-
\??\c:\3dpjp.exec:\3dpjp.exe34⤵
-
\??\c:\xlxlxrx.exec:\xlxlxrx.exe35⤵
-
\??\c:\rlffxxr.exec:\rlffxxr.exe36⤵
-
\??\c:\5ntnbb.exec:\5ntnbb.exe37⤵
-
\??\c:\rflrffr.exec:\rflrffr.exe38⤵
-
\??\c:\htttnn.exec:\htttnn.exe39⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe40⤵
-
\??\c:\xllfxxr.exec:\xllfxxr.exe41⤵
-
\??\c:\rrxxlxf.exec:\rrxxlxf.exe42⤵
-
\??\c:\thhbtt.exec:\thhbtt.exe43⤵
-
\??\c:\9fxrllf.exec:\9fxrllf.exe44⤵
-
\??\c:\xrlffrr.exec:\xrlffrr.exe45⤵
-
\??\c:\hnhtnh.exec:\hnhtnh.exe46⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe47⤵
-
\??\c:\5pppj.exec:\5pppj.exe48⤵
-
\??\c:\7rxrrrl.exec:\7rxrrrl.exe49⤵
-
\??\c:\lfflffx.exec:\lfflffx.exe50⤵
-
\??\c:\jvddv.exec:\jvddv.exe51⤵
-
\??\c:\llxrfxl.exec:\llxrfxl.exe52⤵
-
\??\c:\3ntnhh.exec:\3ntnhh.exe53⤵
-
\??\c:\vvjdv.exec:\vvjdv.exe54⤵
-
\??\c:\5dppp.exec:\5dppp.exe55⤵
-
\??\c:\fflrlrr.exec:\fflrlrr.exe56⤵
-
\??\c:\nhbtbt.exec:\nhbtbt.exe57⤵
-
\??\c:\tbhnhn.exec:\tbhnhn.exe58⤵
-
\??\c:\dppjd.exec:\dppjd.exe59⤵
-
\??\c:\lrlxxxx.exec:\lrlxxxx.exe60⤵
-
\??\c:\nhhnbt.exec:\nhhnbt.exe61⤵
-
\??\c:\vvjdp.exec:\vvjdp.exe62⤵
-
\??\c:\pddvp.exec:\pddvp.exe63⤵
-
\??\c:\lxrrlfx.exec:\lxrrlfx.exe64⤵
-
\??\c:\ntthth.exec:\ntthth.exe65⤵
-
\??\c:\djvjv.exec:\djvjv.exe66⤵
-
\??\c:\9ddvd.exec:\9ddvd.exe67⤵
-
\??\c:\llfrfxl.exec:\llfrfxl.exe68⤵
-
\??\c:\htnhbb.exec:\htnhbb.exe69⤵
-
\??\c:\dpdvp.exec:\dpdvp.exe70⤵
-
\??\c:\5lrrlrl.exec:\5lrrlrl.exe71⤵
-
\??\c:\thbtnh.exec:\thbtnh.exe72⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe73⤵
-
\??\c:\1ffxfxf.exec:\1ffxfxf.exe74⤵
-
\??\c:\hbbbnb.exec:\hbbbnb.exe75⤵
-
\??\c:\5httnh.exec:\5httnh.exe76⤵
-
\??\c:\9rxxrrr.exec:\9rxxrrr.exe77⤵
-
\??\c:\fxrlllf.exec:\fxrlllf.exe78⤵
-
\??\c:\7bhtnn.exec:\7bhtnn.exe79⤵
-
\??\c:\9ppdp.exec:\9ppdp.exe80⤵
-
\??\c:\jjjjv.exec:\jjjjv.exe81⤵
-
\??\c:\rfllrxl.exec:\rfllrxl.exe82⤵
-
\??\c:\xrllllf.exec:\xrllllf.exe83⤵
-
\??\c:\bhtbnb.exec:\bhtbnb.exe84⤵
-
\??\c:\vdjjd.exec:\vdjjd.exe85⤵
-
\??\c:\ddpdv.exec:\ddpdv.exe86⤵
-
\??\c:\1ffxrlf.exec:\1ffxrlf.exe87⤵
-
\??\c:\7nnhhb.exec:\7nnhhb.exe88⤵
-
\??\c:\tttttt.exec:\tttttt.exe89⤵
-
\??\c:\5pppd.exec:\5pppd.exe90⤵
-
\??\c:\fllxlxl.exec:\fllxlxl.exe91⤵
-
\??\c:\rffffxx.exec:\rffffxx.exe92⤵
-
\??\c:\nhtbhb.exec:\nhtbhb.exe93⤵
-
\??\c:\9ppjd.exec:\9ppjd.exe94⤵
-
\??\c:\djpvp.exec:\djpvp.exe95⤵
-
\??\c:\flrllll.exec:\flrllll.exe96⤵
-
\??\c:\bbttnh.exec:\bbttnh.exe97⤵
-
\??\c:\bnbbtt.exec:\bnbbtt.exe98⤵
-
\??\c:\djvvd.exec:\djvvd.exe99⤵
-
\??\c:\xxfflff.exec:\xxfflff.exe100⤵
-
\??\c:\rflfxrl.exec:\rflfxrl.exe101⤵
-
\??\c:\htnhhh.exec:\htnhhh.exe102⤵
-
\??\c:\dddvv.exec:\dddvv.exe103⤵
-
\??\c:\dppjj.exec:\dppjj.exe104⤵
-
\??\c:\fllllff.exec:\fllllff.exe105⤵
-
\??\c:\rrlfrrf.exec:\rrlfrrf.exe106⤵
-
\??\c:\bnnhbt.exec:\bnnhbt.exe107⤵
-
\??\c:\bhhhhh.exec:\bhhhhh.exe108⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe109⤵
-
\??\c:\5fxxrrr.exec:\5fxxrrr.exe110⤵
-
\??\c:\5lfxrlf.exec:\5lfxrlf.exe111⤵
-
\??\c:\bthhbb.exec:\bthhbb.exe112⤵
-
\??\c:\dvddd.exec:\dvddd.exe113⤵
-
\??\c:\pvppv.exec:\pvppv.exe114⤵
-
\??\c:\rffxrlf.exec:\rffxrlf.exe115⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe116⤵
-
\??\c:\thnnbb.exec:\thnnbb.exe117⤵
-
\??\c:\jpppp.exec:\jpppp.exe118⤵
-
\??\c:\1rrllll.exec:\1rrllll.exe119⤵
-
\??\c:\1rlllll.exec:\1rlllll.exe120⤵
-
\??\c:\nhbbtn.exec:\nhbbtn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-