Analysis
-
max time kernel
150s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
09/05/2024, 20:33
General
-
Target
3b760197ec5fb86a9f43c557be5d786c2a6401dd4e8c50bed084035fcfcfd75d.exe
-
Size
54KB
-
MD5
f9bda3730b0829dcb64aaca0117a9221
-
SHA1
9523779d1a6889bc28eff8ac645830cbb33fa98f
-
SHA256
3b760197ec5fb86a9f43c557be5d786c2a6401dd4e8c50bed084035fcfcfd75d
-
SHA512
0a71791523969d2fdbba13c64318c676f7a305d87182b83ed80170a413030893bbc2ed2b38e54ab2ba9d362caa66abe6cdbf36c07724d065d72d1c9fa2673c93
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFV6:ymb3NkkiQ3mdBjFIFV6
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
UPX dump on OEP (original entry point) 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3b760197ec5fb86a9f43c557be5d786c2a6401dd4e8c50bed084035fcfcfd75d.exe"C:\Users\Admin\AppData\Local\Temp\3b760197ec5fb86a9f43c557be5d786c2a6401dd4e8c50bed084035fcfcfd75d.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvp.exec:\pjdvp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfffxxx.exec:\rfffxxx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnhn.exec:\hbtnhn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddddd.exec:\ddddd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffxllf.exec:\rffxllf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbbb.exec:\btbbbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hnttn.exec:\9hnttn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vdvp.exec:\5vdvp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrlffr.exec:\xlrlffr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfrlfl.exec:\fxfrlfl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhbbn.exec:\thhbbn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvjd.exec:\vdvjd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxrxxr.exec:\ffxrxxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lxxrlx.exec:\1lxxrlx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnbbb.exec:\hnnbbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pppp.exec:\9pppp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vjvv.exec:\5vjvv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrlrr.exec:\rlrrlrr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhhbn.exec:\nbhhbn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvvd.exec:\vjvvd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxllx.exec:\lffxllx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtnbb.exec:\nhtnbb.exe23⤵
- Executes dropped EXE
-
\??\c:\bhnhbb.exec:\bhnhbb.exe24⤵
- Executes dropped EXE
-
\??\c:\jvvdd.exec:\jvvdd.exe25⤵
- Executes dropped EXE
-
\??\c:\vjvvp.exec:\vjvvp.exe26⤵
- Executes dropped EXE
-
\??\c:\1lffxxr.exec:\1lffxxr.exe27⤵
- Executes dropped EXE
-
\??\c:\7ffllll.exec:\7ffllll.exe28⤵
- Executes dropped EXE
-
\??\c:\hbhnth.exec:\hbhnth.exe29⤵
- Executes dropped EXE
-
\??\c:\bnbbtb.exec:\bnbbtb.exe30⤵
- Executes dropped EXE
-
\??\c:\jvddv.exec:\jvddv.exe31⤵
- Executes dropped EXE
-
\??\c:\vvpdd.exec:\vvpdd.exe32⤵
- Executes dropped EXE
-
\??\c:\5xrlffr.exec:\5xrlffr.exe33⤵
- Executes dropped EXE
-
\??\c:\hbtntb.exec:\hbtntb.exe34⤵
- Executes dropped EXE
-
\??\c:\nnhbhh.exec:\nnhbhh.exe35⤵
- Executes dropped EXE
-
\??\c:\tnbbtb.exec:\tnbbtb.exe36⤵
- Executes dropped EXE
-
\??\c:\9djdv.exec:\9djdv.exe37⤵
- Executes dropped EXE
-
\??\c:\jvvpd.exec:\jvvpd.exe38⤵
- Executes dropped EXE
-
\??\c:\pvjdv.exec:\pvjdv.exe39⤵
- Executes dropped EXE
-
\??\c:\xrfxrxx.exec:\xrfxrxx.exe40⤵
- Executes dropped EXE
-
\??\c:\xrfxrll.exec:\xrfxrll.exe41⤵
- Executes dropped EXE
-
\??\c:\httttt.exec:\httttt.exe42⤵
- Executes dropped EXE
-
\??\c:\tntnnn.exec:\tntnnn.exe43⤵
- Executes dropped EXE
-
\??\c:\hbbnnn.exec:\hbbnnn.exe44⤵
- Executes dropped EXE
-
\??\c:\jpdvd.exec:\jpdvd.exe45⤵
- Executes dropped EXE
-
\??\c:\pvdvp.exec:\pvdvp.exe46⤵
- Executes dropped EXE
-
\??\c:\xlrrrfr.exec:\xlrrrfr.exe47⤵
- Executes dropped EXE
-
\??\c:\flrrllr.exec:\flrrllr.exe48⤵
- Executes dropped EXE
-
\??\c:\tnbtnn.exec:\tnbtnn.exe49⤵
- Executes dropped EXE
-
\??\c:\thbthn.exec:\thbthn.exe50⤵
- Executes dropped EXE
-
\??\c:\1bhhbb.exec:\1bhhbb.exe51⤵
- Executes dropped EXE
-
\??\c:\vdpvj.exec:\vdpvj.exe52⤵
- Executes dropped EXE
-
\??\c:\jdjdv.exec:\jdjdv.exe53⤵
- Executes dropped EXE
-
\??\c:\5xxrxxf.exec:\5xxrxxf.exe54⤵
- Executes dropped EXE
-
\??\c:\9rxxxxx.exec:\9rxxxxx.exe55⤵
- Executes dropped EXE
-
\??\c:\ntbhhh.exec:\ntbhhh.exe56⤵
- Executes dropped EXE
-
\??\c:\nnttnt.exec:\nnttnt.exe57⤵
- Executes dropped EXE
-
\??\c:\5ttbth.exec:\5ttbth.exe58⤵
- Executes dropped EXE
-
\??\c:\vpdjd.exec:\vpdjd.exe59⤵
- Executes dropped EXE
-
\??\c:\5dpjj.exec:\5dpjj.exe60⤵
- Executes dropped EXE
-
\??\c:\rlfrlll.exec:\rlfrlll.exe61⤵
- Executes dropped EXE
-
\??\c:\7flfffx.exec:\7flfffx.exe62⤵
- Executes dropped EXE
-
\??\c:\xfflxlx.exec:\xfflxlx.exe63⤵
- Executes dropped EXE
-
\??\c:\hnbhhh.exec:\hnbhhh.exe64⤵
- Executes dropped EXE
-
\??\c:\nbhnhn.exec:\nbhnhn.exe65⤵
- Executes dropped EXE
-
\??\c:\5jddv.exec:\5jddv.exe66⤵
-
\??\c:\ddppj.exec:\ddppj.exe67⤵
-
\??\c:\3jpvj.exec:\3jpvj.exe68⤵
-
\??\c:\rfffflf.exec:\rfffflf.exe69⤵
-
\??\c:\7flrllf.exec:\7flrllf.exe70⤵
-
\??\c:\lfllfxr.exec:\lfllfxr.exe71⤵
-
\??\c:\tttnhh.exec:\tttnhh.exe72⤵
-
\??\c:\bhhbtt.exec:\bhhbtt.exe73⤵
-
\??\c:\vppjj.exec:\vppjj.exe74⤵
-
\??\c:\vdvvp.exec:\vdvvp.exe75⤵
-
\??\c:\frxflfr.exec:\frxflfr.exe76⤵
-
\??\c:\lfffxff.exec:\lfffxff.exe77⤵
-
\??\c:\bttttn.exec:\bttttn.exe78⤵
-
\??\c:\btnhth.exec:\btnhth.exe79⤵
-
\??\c:\dvppj.exec:\dvppj.exe80⤵
-
\??\c:\djjdv.exec:\djjdv.exe81⤵
-
\??\c:\7llfxrr.exec:\7llfxrr.exe82⤵
-
\??\c:\fxxxxxr.exec:\fxxxxxr.exe83⤵
-
\??\c:\fxrlfff.exec:\fxrlfff.exe84⤵
-
\??\c:\bnbbbb.exec:\bnbbbb.exe85⤵
-
\??\c:\tntnhh.exec:\tntnhh.exe86⤵
-
\??\c:\djpjj.exec:\djpjj.exe87⤵
-
\??\c:\jppjv.exec:\jppjv.exe88⤵
-
\??\c:\dpjdv.exec:\dpjdv.exe89⤵
-
\??\c:\lfrllfl.exec:\lfrllfl.exe90⤵
-
\??\c:\fxxxllf.exec:\fxxxllf.exe91⤵
-
\??\c:\bnhbtt.exec:\bnhbtt.exe92⤵
-
\??\c:\9hnhtb.exec:\9hnhtb.exe93⤵
-
\??\c:\bntthh.exec:\bntthh.exe94⤵
-
\??\c:\jdpdj.exec:\jdpdj.exe95⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe96⤵
-
\??\c:\rfllflf.exec:\rfllflf.exe97⤵
-
\??\c:\fxflrrx.exec:\fxflrrx.exe98⤵
-
\??\c:\llxrxxf.exec:\llxrxxf.exe99⤵
-
\??\c:\hntbtt.exec:\hntbtt.exe100⤵
-
\??\c:\9bhbtn.exec:\9bhbtn.exe101⤵
-
\??\c:\hbnnhh.exec:\hbnnhh.exe102⤵
-
\??\c:\jvddv.exec:\jvddv.exe103⤵
-
\??\c:\9ddvj.exec:\9ddvj.exe104⤵
-
\??\c:\fxfxrrr.exec:\fxfxrrr.exe105⤵
-
\??\c:\1xfxfxf.exec:\1xfxfxf.exe106⤵
-
\??\c:\xrllffx.exec:\xrllffx.exe107⤵
-
\??\c:\9tnnnn.exec:\9tnnnn.exe108⤵
-
\??\c:\nbnhbb.exec:\nbnhbb.exe109⤵
-
\??\c:\lxxxxxr.exec:\lxxxxxr.exe110⤵
-
\??\c:\nttbbt.exec:\nttbbt.exe111⤵
-
\??\c:\hbnnbb.exec:\hbnnbb.exe112⤵
-
\??\c:\nnntht.exec:\nnntht.exe113⤵
-
\??\c:\jvvvv.exec:\jvvvv.exe114⤵
-
\??\c:\dvpvv.exec:\dvpvv.exe115⤵
-
\??\c:\xfllffl.exec:\xfllffl.exe116⤵
-
\??\c:\rlrxrlf.exec:\rlrxrlf.exe117⤵
-
\??\c:\thnthn.exec:\thnthn.exe118⤵
-
\??\c:\tbhbtt.exec:\tbhbtt.exe119⤵
-
\??\c:\jvpjv.exec:\jvpjv.exe120⤵
-
\??\c:\vjdvj.exec:\vjdvj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-