Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
09-05-2024 01:57
General
-
Target
41e6e4899d212578ef8ac005908330c0.exe
-
Size
68KB
-
MD5
41e6e4899d212578ef8ac005908330c0
-
SHA1
0f00659260342edc5775d9ca7a901f284dcc8a38
-
SHA256
92de4763d29a69f2860c169e4eb8b1d35e9ecdba000f6e3a7f03e3b14bd6bea2
-
SHA512
e9291975f6fbeb3949cc5e72cb6f0f7d29f3263849c2a2421f17909b99611946d14ca222b833aadb7b18d1f36d0aac8490fb72dfd20ca332a415cc79d5d70957
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzk358nLA89JgVj:ymb3NkkiQ3mdBjFIvl358nLA89m5
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\41e6e4899d212578ef8ac005908330c0.exe"C:\Users\Admin\AppData\Local\Temp\41e6e4899d212578ef8ac005908330c0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1hbhbh.exec:\1hbhbh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvvd.exec:\ddvvd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrfxrfx.exec:\lrfxrfx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnbtt.exec:\nhnbtt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvdj.exec:\vdvdj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrrrrf.exec:\lfrrrrf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tntbh.exec:\3tntbh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdpj.exec:\jjdpj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddpj.exec:\jddpj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxflrx.exec:\rrxflrx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhnn.exec:\nhhhnn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vpdj.exec:\7vpdj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jvvv.exec:\7jvvv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxrfrr.exec:\ffxrfrr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lflxlf.exec:\7lflxlf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnbnt.exec:\nbnbnt.exe17⤵
- Executes dropped EXE
-
\??\c:\9nnbbb.exec:\9nnbbb.exe18⤵
- Executes dropped EXE
-
\??\c:\9pjdj.exec:\9pjdj.exe19⤵
- Executes dropped EXE
-
\??\c:\jdjpd.exec:\jdjpd.exe20⤵
- Executes dropped EXE
-
\??\c:\pppdd.exec:\pppdd.exe21⤵
- Executes dropped EXE
-
\??\c:\lrlxlrf.exec:\lrlxlrf.exe22⤵
- Executes dropped EXE
-
\??\c:\fffrflx.exec:\fffrflx.exe23⤵
- Executes dropped EXE
-
\??\c:\bthhnt.exec:\bthhnt.exe24⤵
- Executes dropped EXE
-
\??\c:\nhthtt.exec:\nhthtt.exe25⤵
- Executes dropped EXE
-
\??\c:\5jjjv.exec:\5jjjv.exe26⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe27⤵
- Executes dropped EXE
-
\??\c:\lxlrfxl.exec:\lxlrfxl.exe28⤵
- Executes dropped EXE
-
\??\c:\llxxfff.exec:\llxxfff.exe29⤵
- Executes dropped EXE
-
\??\c:\tthhbb.exec:\tthhbb.exe30⤵
- Executes dropped EXE
-
\??\c:\7nbntb.exec:\7nbntb.exe31⤵
- Executes dropped EXE
-
\??\c:\pjjvd.exec:\pjjvd.exe32⤵
- Executes dropped EXE
-
\??\c:\dvpdp.exec:\dvpdp.exe33⤵
- Executes dropped EXE
-
\??\c:\vvvdp.exec:\vvvdp.exe34⤵
- Executes dropped EXE
-
\??\c:\fxxflfl.exec:\fxxflfl.exe35⤵
- Executes dropped EXE
-
\??\c:\rxflfll.exec:\rxflfll.exe36⤵
- Executes dropped EXE
-
\??\c:\rfxrffr.exec:\rfxrffr.exe37⤵
- Executes dropped EXE
-
\??\c:\nnthnt.exec:\nnthnt.exe38⤵
- Executes dropped EXE
-
\??\c:\nhtbhn.exec:\nhtbhn.exe39⤵
- Executes dropped EXE
-
\??\c:\1nbttt.exec:\1nbttt.exe40⤵
- Executes dropped EXE
-
\??\c:\vdpvv.exec:\vdpvv.exe41⤵
- Executes dropped EXE
-
\??\c:\ddppj.exec:\ddppj.exe42⤵
- Executes dropped EXE
-
\??\c:\jjdpd.exec:\jjdpd.exe43⤵
- Executes dropped EXE
-
\??\c:\vpvdj.exec:\vpvdj.exe44⤵
- Executes dropped EXE
-
\??\c:\lfxxfxl.exec:\lfxxfxl.exe45⤵
- Executes dropped EXE
-
\??\c:\xfflflf.exec:\xfflflf.exe46⤵
- Executes dropped EXE
-
\??\c:\hbnbnb.exec:\hbnbnb.exe47⤵
- Executes dropped EXE
-
\??\c:\bnthnt.exec:\bnthnt.exe48⤵
- Executes dropped EXE
-
\??\c:\3btttt.exec:\3btttt.exe49⤵
- Executes dropped EXE
-
\??\c:\jdjpj.exec:\jdjpj.exe50⤵
- Executes dropped EXE
-
\??\c:\dvdjp.exec:\dvdjp.exe51⤵
- Executes dropped EXE
-
\??\c:\pjppd.exec:\pjppd.exe52⤵
- Executes dropped EXE
-
\??\c:\fxllrrl.exec:\fxllrrl.exe53⤵
- Executes dropped EXE
-
\??\c:\7lflrrx.exec:\7lflrrx.exe54⤵
- Executes dropped EXE
-
\??\c:\rlfrrfl.exec:\rlfrrfl.exe55⤵
- Executes dropped EXE
-
\??\c:\hhttbh.exec:\hhttbh.exe56⤵
- Executes dropped EXE
-
\??\c:\nththh.exec:\nththh.exe57⤵
- Executes dropped EXE
-
\??\c:\nnbnth.exec:\nnbnth.exe58⤵
- Executes dropped EXE
-
\??\c:\jpppv.exec:\jpppv.exe59⤵
- Executes dropped EXE
-
\??\c:\dvjvd.exec:\dvjvd.exe60⤵
- Executes dropped EXE
-
\??\c:\pjvvj.exec:\pjvvj.exe61⤵
- Executes dropped EXE
-
\??\c:\lfrrrrf.exec:\lfrrrrf.exe62⤵
- Executes dropped EXE
-
\??\c:\fflrfrl.exec:\fflrfrl.exe63⤵
- Executes dropped EXE
-
\??\c:\fxxxxxl.exec:\fxxxxxl.exe64⤵
- Executes dropped EXE
-
\??\c:\ttthth.exec:\ttthth.exe65⤵
- Executes dropped EXE
-
\??\c:\3btbhn.exec:\3btbhn.exe66⤵
-
\??\c:\tnbnbb.exec:\tnbnbb.exe67⤵
-
\??\c:\ddjjp.exec:\ddjjp.exe68⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe69⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe70⤵
-
\??\c:\lfrxlrf.exec:\lfrxlrf.exe71⤵
-
\??\c:\btnntb.exec:\btnntb.exe72⤵
-
\??\c:\5ppdj.exec:\5ppdj.exe73⤵
-
\??\c:\ddpjj.exec:\ddpjj.exe74⤵
-
\??\c:\djvjp.exec:\djvjp.exe75⤵
-
\??\c:\rfxlrlx.exec:\rfxlrlx.exe76⤵
-
\??\c:\lflxffl.exec:\lflxffl.exe77⤵
-
\??\c:\llxrxxl.exec:\llxrxxl.exe78⤵
-
\??\c:\bbthtb.exec:\bbthtb.exe79⤵
-
\??\c:\tnbnhn.exec:\tnbnhn.exe80⤵
-
\??\c:\btbhtb.exec:\btbhtb.exe81⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe82⤵
-
\??\c:\vjpdj.exec:\vjpdj.exe83⤵
-
\??\c:\7pjdj.exec:\7pjdj.exe84⤵
-
\??\c:\flrrfxx.exec:\flrrfxx.exe85⤵
-
\??\c:\fxrrxfl.exec:\fxrrxfl.exe86⤵
-
\??\c:\lfrxxrx.exec:\lfrxxrx.exe87⤵
-
\??\c:\btnbhh.exec:\btnbhh.exe88⤵
-
\??\c:\3bttbt.exec:\3bttbt.exe89⤵
-
\??\c:\ttbbhb.exec:\ttbbhb.exe90⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe91⤵
-
\??\c:\9vjjv.exec:\9vjjv.exe92⤵
-
\??\c:\1jvdd.exec:\1jvdd.exe93⤵
-
\??\c:\pppvd.exec:\pppvd.exe94⤵
-
\??\c:\rrflffr.exec:\rrflffr.exe95⤵
-
\??\c:\ffllxxf.exec:\ffllxxf.exe96⤵
-
\??\c:\xrxlrfr.exec:\xrxlrfr.exe97⤵
-
\??\c:\5bntbb.exec:\5bntbb.exe98⤵
-
\??\c:\bthttb.exec:\bthttb.exe99⤵
-
\??\c:\9nntbb.exec:\9nntbb.exe100⤵
-
\??\c:\3ddpv.exec:\3ddpv.exe101⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe102⤵
-
\??\c:\7jjdp.exec:\7jjdp.exe103⤵
-
\??\c:\7frrrfl.exec:\7frrrfl.exe104⤵
-
\??\c:\fxlrflx.exec:\fxlrflx.exe105⤵
-
\??\c:\xrrfrxl.exec:\xrrfrxl.exe106⤵
-
\??\c:\hbtnnt.exec:\hbtnnt.exe107⤵
-
\??\c:\bbthhn.exec:\bbthhn.exe108⤵
-
\??\c:\tbbnht.exec:\tbbnht.exe109⤵
-
\??\c:\pjpjv.exec:\pjpjv.exe110⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe111⤵
-
\??\c:\3vpvd.exec:\3vpvd.exe112⤵
-
\??\c:\dpjvj.exec:\dpjvj.exe113⤵
-
\??\c:\1xllxxl.exec:\1xllxxl.exe114⤵
-
\??\c:\xxrrffx.exec:\xxrrffx.exe115⤵
-
\??\c:\flxxfxr.exec:\flxxfxr.exe116⤵
-
\??\c:\bbhhbh.exec:\bbhhbh.exe117⤵
-
\??\c:\ntbbbt.exec:\ntbbbt.exe118⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe119⤵
-
\??\c:\vvpjp.exec:\vvpjp.exe120⤵
-
\??\c:\vjvdp.exec:\vjvdp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-