Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
09/05/2024, 00:16
General
-
Target
75f7fa4c699f40f6292d6d277b969f054761c1b622c35811651de7a77ee8cf58.exe
-
Size
61KB
-
MD5
73a64fa5713eb3ff880c89a22cf0ee05
-
SHA1
eb81a81fd1f74656cb8319f91b609b71800191c8
-
SHA256
75f7fa4c699f40f6292d6d277b969f054761c1b622c35811651de7a77ee8cf58
-
SHA512
b2311db3306d99fe5180c9685246e59554b6472045ee8a8623fd52439f23d3de68405ef67e1ebbba39e93e6ad5e74b666dd5bed1d2e9311eb55ca2a26a1c5127
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvAEaFJL0v:ymb3NkkiQ3mdBjFIvAv0v
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
UPX dump on OEP (original entry point) 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\75f7fa4c699f40f6292d6d277b969f054761c1b622c35811651de7a77ee8cf58.exe"C:\Users\Admin\AppData\Local\Temp\75f7fa4c699f40f6292d6d277b969f054761c1b622c35811651de7a77ee8cf58.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhnth.exec:\nnhnth.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhbhn.exec:\nnhbhn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjdj.exec:\jjjdj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffffrfr.exec:\ffffrfr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rrllrx.exec:\5rrllrx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbhbh.exec:\ttbhbh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbhnt.exec:\htbhnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bbtbt.exec:\7bbtbt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvdp.exec:\jdvdp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvvd.exec:\ddvvd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrxfl.exec:\fxlrxfl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlffrlf.exec:\rlffrlf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttbht.exec:\bttbht.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbntn.exec:\htbntn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnnbh.exec:\tnnnbh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjpv.exec:\vvjpv.exe17⤵
- Executes dropped EXE
-
\??\c:\vvjdd.exec:\vvjdd.exe18⤵
- Executes dropped EXE
-
\??\c:\lfxxflx.exec:\lfxxflx.exe19⤵
- Executes dropped EXE
-
\??\c:\lrxxxfr.exec:\lrxxxfr.exe20⤵
- Executes dropped EXE
-
\??\c:\nhbnnh.exec:\nhbnnh.exe21⤵
- Executes dropped EXE
-
\??\c:\bththn.exec:\bththn.exe22⤵
- Executes dropped EXE
-
\??\c:\1dvpd.exec:\1dvpd.exe23⤵
- Executes dropped EXE
-
\??\c:\5pjvj.exec:\5pjvj.exe24⤵
- Executes dropped EXE
-
\??\c:\3llrflx.exec:\3llrflx.exe25⤵
- Executes dropped EXE
-
\??\c:\xrxxffl.exec:\xrxxffl.exe26⤵
- Executes dropped EXE
-
\??\c:\lffrxlx.exec:\lffrxlx.exe27⤵
- Executes dropped EXE
-
\??\c:\tttbbn.exec:\tttbbn.exe28⤵
- Executes dropped EXE
-
\??\c:\7jvdp.exec:\7jvdp.exe29⤵
- Executes dropped EXE
-
\??\c:\dvjpv.exec:\dvjpv.exe30⤵
- Executes dropped EXE
-
\??\c:\xlfrlxf.exec:\xlfrlxf.exe31⤵
- Executes dropped EXE
-
\??\c:\fxrxxrf.exec:\fxrxxrf.exe32⤵
- Executes dropped EXE
-
\??\c:\nhtbnn.exec:\nhtbnn.exe33⤵
- Executes dropped EXE
-
\??\c:\3hthth.exec:\3hthth.exe34⤵
- Executes dropped EXE
-
\??\c:\hbbhnt.exec:\hbbhnt.exe35⤵
- Executes dropped EXE
-
\??\c:\vpjpp.exec:\vpjpp.exe36⤵
- Executes dropped EXE
-
\??\c:\dddpv.exec:\dddpv.exe37⤵
- Executes dropped EXE
-
\??\c:\vpdjd.exec:\vpdjd.exe38⤵
- Executes dropped EXE
-
\??\c:\ffxrrrf.exec:\ffxrrrf.exe39⤵
- Executes dropped EXE
-
\??\c:\fxlllrf.exec:\fxlllrf.exe40⤵
- Executes dropped EXE
-
\??\c:\rrlrffr.exec:\rrlrffr.exe41⤵
- Executes dropped EXE
-
\??\c:\hbtbhn.exec:\hbtbhn.exe42⤵
- Executes dropped EXE
-
\??\c:\htbntb.exec:\htbntb.exe43⤵
- Executes dropped EXE
-
\??\c:\jjdjd.exec:\jjdjd.exe44⤵
- Executes dropped EXE
-
\??\c:\djdjp.exec:\djdjp.exe45⤵
- Executes dropped EXE
-
\??\c:\vdjvj.exec:\vdjvj.exe46⤵
- Executes dropped EXE
-
\??\c:\rlxlrfx.exec:\rlxlrfx.exe47⤵
- Executes dropped EXE
-
\??\c:\xrfrxfr.exec:\xrfrxfr.exe48⤵
- Executes dropped EXE
-
\??\c:\lflrxfl.exec:\lflrxfl.exe49⤵
- Executes dropped EXE
-
\??\c:\7hthth.exec:\7hthth.exe50⤵
- Executes dropped EXE
-
\??\c:\hbtnhn.exec:\hbtnhn.exe51⤵
- Executes dropped EXE
-
\??\c:\pdppd.exec:\pdppd.exe52⤵
- Executes dropped EXE
-
\??\c:\fxflrxl.exec:\fxflrxl.exe53⤵
- Executes dropped EXE
-
\??\c:\xrfrfrf.exec:\xrfrfrf.exe54⤵
- Executes dropped EXE
-
\??\c:\tttnbn.exec:\tttnbn.exe55⤵
- Executes dropped EXE
-
\??\c:\nhttbb.exec:\nhttbb.exe56⤵
- Executes dropped EXE
-
\??\c:\jdvdd.exec:\jdvdd.exe57⤵
- Executes dropped EXE
-
\??\c:\ppdpj.exec:\ppdpj.exe58⤵
- Executes dropped EXE
-
\??\c:\1vvjp.exec:\1vvjp.exe59⤵
- Executes dropped EXE
-
\??\c:\lfllllr.exec:\lfllllr.exe60⤵
- Executes dropped EXE
-
\??\c:\lffllrf.exec:\lffllrf.exe61⤵
- Executes dropped EXE
-
\??\c:\3lxfllx.exec:\3lxfllx.exe62⤵
- Executes dropped EXE
-
\??\c:\tbbbtt.exec:\tbbbtt.exe63⤵
- Executes dropped EXE
-
\??\c:\nhbnhn.exec:\nhbnhn.exe64⤵
- Executes dropped EXE
-
\??\c:\nhbhtb.exec:\nhbhtb.exe65⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe66⤵
-
\??\c:\5vdjj.exec:\5vdjj.exe67⤵
-
\??\c:\jddjv.exec:\jddjv.exe68⤵
-
\??\c:\ffxrfrf.exec:\ffxrfrf.exe69⤵
-
\??\c:\fxrxxll.exec:\fxrxxll.exe70⤵
-
\??\c:\ffrxffr.exec:\ffrxffr.exe71⤵
-
\??\c:\nhntbb.exec:\nhntbb.exe72⤵
-
\??\c:\3nbbbh.exec:\3nbbbh.exe73⤵
-
\??\c:\ddvdd.exec:\ddvdd.exe74⤵
-
\??\c:\pdddp.exec:\pdddp.exe75⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe76⤵
-
\??\c:\3xlxlrl.exec:\3xlxlrl.exe77⤵
-
\??\c:\1fxrlxf.exec:\1fxrlxf.exe78⤵
-
\??\c:\3hhtht.exec:\3hhtht.exe79⤵
-
\??\c:\9tnhhn.exec:\9tnhhn.exe80⤵
-
\??\c:\nthbnb.exec:\nthbnb.exe81⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe82⤵
-
\??\c:\1pppp.exec:\1pppp.exe83⤵
-
\??\c:\ddpjd.exec:\ddpjd.exe84⤵
-
\??\c:\rrflxfr.exec:\rrflxfr.exe85⤵
-
\??\c:\fflrllx.exec:\fflrllx.exe86⤵
-
\??\c:\lfrrxlx.exec:\lfrrxlx.exe87⤵
-
\??\c:\hnhhtt.exec:\hnhhtt.exe88⤵
-
\??\c:\nhnnnb.exec:\nhnnnb.exe89⤵
-
\??\c:\hhnttb.exec:\hhnttb.exe90⤵
-
\??\c:\3dpdp.exec:\3dpdp.exe91⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe92⤵
-
\??\c:\ddpvp.exec:\ddpvp.exe93⤵
-
\??\c:\pppvd.exec:\pppvd.exe94⤵
-
\??\c:\rlxlxfl.exec:\rlxlxfl.exe95⤵
-
\??\c:\fllflfr.exec:\fllflfr.exe96⤵
-
\??\c:\xxxllxr.exec:\xxxllxr.exe97⤵
-
\??\c:\hbtbbb.exec:\hbtbbb.exe98⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe99⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe100⤵
-
\??\c:\3ddjv.exec:\3ddjv.exe101⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe102⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe103⤵
-
\??\c:\fxllrxr.exec:\fxllrxr.exe104⤵
-
\??\c:\1llxllf.exec:\1llxllf.exe105⤵
-
\??\c:\lxfrflf.exec:\lxfrflf.exe106⤵
-
\??\c:\7rrxlrf.exec:\7rrxlrf.exe107⤵
-
\??\c:\hnbbhh.exec:\hnbbhh.exe108⤵
-
\??\c:\5jjvv.exec:\5jjvv.exe109⤵
-
\??\c:\xrllllx.exec:\xrllllx.exe110⤵
-
\??\c:\hbnnnb.exec:\hbnnnb.exe111⤵
-
\??\c:\9dvjj.exec:\9dvjj.exe112⤵
-
\??\c:\ffxxxfl.exec:\ffxxxfl.exe113⤵
-
\??\c:\bbtntb.exec:\bbtntb.exe114⤵
-
\??\c:\3tbttb.exec:\3tbttb.exe115⤵
-
\??\c:\jpjpp.exec:\jpjpp.exe116⤵
-
\??\c:\xlrrxxf.exec:\xlrrxxf.exe117⤵
-
\??\c:\xxlrlrf.exec:\xxlrlrf.exe118⤵
-
\??\c:\bnthhh.exec:\bnthhh.exe119⤵
-
\??\c:\bbntth.exec:\bbntth.exe120⤵
-
\??\c:\jddjj.exec:\jddjj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-