Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
10/05/2024, 03:25
General
-
Target
d43ee8db0c00cf4f6fd95be4090150de1ef4aeb6a29ed36e8aa5e590962e6719.exe
-
Size
55KB
-
MD5
acc861445e790fc70af211a6a4667690
-
SHA1
4fdab77dc296262dc6a5b3e1a5dc2017a10a0532
-
SHA256
d43ee8db0c00cf4f6fd95be4090150de1ef4aeb6a29ed36e8aa5e590962e6719
-
SHA512
d869597dabd334ef95ed1a1204cec3b13b08f78b681954510e20ec25ad00524a70efc3cc51903d9383a40a70f8e90ef7e6e2d247b3da2ff56982e557093d511d
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb6tZ9bm:ymb3NkkiQ3mdBjFIb6tZNm
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
UPX dump on OEP (original entry point) 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d43ee8db0c00cf4f6fd95be4090150de1ef4aeb6a29ed36e8aa5e590962e6719.exe"C:\Users\Admin\AppData\Local\Temp\d43ee8db0c00cf4f6fd95be4090150de1ef4aeb6a29ed36e8aa5e590962e6719.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrrxfr.exec:\rfrrxfr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhntt.exec:\bnhntt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dvjp.exec:\1dvjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1frfllx.exec:\1frfllx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbhtt.exec:\ttbhtt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhtbb.exec:\bnhtbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpvj.exec:\pdpvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflrxxl.exec:\lflrxxl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlxffr.exec:\fxlxffr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbhnt.exec:\htbhnt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjvv.exec:\vjjvv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpdv.exec:\vvpdv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrlxlf.exec:\xxrlxlf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhnbn.exec:\nnhnbn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1thhht.exec:\1thhht.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvj.exec:\jdpvj.exe17⤵
- Executes dropped EXE
-
\??\c:\fxxflxr.exec:\fxxflxr.exe18⤵
- Executes dropped EXE
-
\??\c:\rlxlrfx.exec:\rlxlrfx.exe19⤵
- Executes dropped EXE
-
\??\c:\bbbttn.exec:\bbbttn.exe20⤵
- Executes dropped EXE
-
\??\c:\dddpd.exec:\dddpd.exe21⤵
- Executes dropped EXE
-
\??\c:\pdpjp.exec:\pdpjp.exe22⤵
- Executes dropped EXE
-
\??\c:\lrfflfx.exec:\lrfflfx.exe23⤵
- Executes dropped EXE
-
\??\c:\bttntb.exec:\bttntb.exe24⤵
- Executes dropped EXE
-
\??\c:\nhbbnn.exec:\nhbbnn.exe25⤵
- Executes dropped EXE
-
\??\c:\dvddj.exec:\dvddj.exe26⤵
- Executes dropped EXE
-
\??\c:\7vjjp.exec:\7vjjp.exe27⤵
- Executes dropped EXE
-
\??\c:\lxlfxxx.exec:\lxlfxxx.exe28⤵
- Executes dropped EXE
-
\??\c:\3hnnnn.exec:\3hnnnn.exe29⤵
- Executes dropped EXE
-
\??\c:\hbtbbb.exec:\hbtbbb.exe30⤵
- Executes dropped EXE
-
\??\c:\1jpjp.exec:\1jpjp.exe31⤵
- Executes dropped EXE
-
\??\c:\jdpdp.exec:\jdpdp.exe32⤵
- Executes dropped EXE
-
\??\c:\rrffrrx.exec:\rrffrrx.exe33⤵
- Executes dropped EXE
-
\??\c:\nbnhhh.exec:\nbnhhh.exe34⤵
- Executes dropped EXE
-
\??\c:\btbbnn.exec:\btbbnn.exe35⤵
- Executes dropped EXE
-
\??\c:\1ppvj.exec:\1ppvj.exe36⤵
- Executes dropped EXE
-
\??\c:\vpvdv.exec:\vpvdv.exe37⤵
- Executes dropped EXE
-
\??\c:\lxrlxfl.exec:\lxrlxfl.exe38⤵
- Executes dropped EXE
-
\??\c:\lflrxxf.exec:\lflrxxf.exe39⤵
- Executes dropped EXE
-
\??\c:\tnbbtt.exec:\tnbbtt.exe40⤵
- Executes dropped EXE
-
\??\c:\hntnnh.exec:\hntnnh.exe41⤵
- Executes dropped EXE
-
\??\c:\3hnnhb.exec:\3hnnhb.exe42⤵
- Executes dropped EXE
-
\??\c:\jvdjj.exec:\jvdjj.exe43⤵
- Executes dropped EXE
-
\??\c:\dpvpj.exec:\dpvpj.exe44⤵
- Executes dropped EXE
-
\??\c:\1rlrxxf.exec:\1rlrxxf.exe45⤵
- Executes dropped EXE
-
\??\c:\fxlllff.exec:\fxlllff.exe46⤵
- Executes dropped EXE
-
\??\c:\9thhtn.exec:\9thhtn.exe47⤵
- Executes dropped EXE
-
\??\c:\tnbhnn.exec:\tnbhnn.exe48⤵
- Executes dropped EXE
-
\??\c:\jdppp.exec:\jdppp.exe49⤵
- Executes dropped EXE
-
\??\c:\vjvvd.exec:\vjvvd.exe50⤵
- Executes dropped EXE
-
\??\c:\7lfrxxf.exec:\7lfrxxf.exe51⤵
- Executes dropped EXE
-
\??\c:\lxflrrx.exec:\lxflrrx.exe52⤵
- Executes dropped EXE
-
\??\c:\thtbhh.exec:\thtbhh.exe53⤵
- Executes dropped EXE
-
\??\c:\hbnnnn.exec:\hbnnnn.exe54⤵
- Executes dropped EXE
-
\??\c:\pddjp.exec:\pddjp.exe55⤵
- Executes dropped EXE
-
\??\c:\dvdjd.exec:\dvdjd.exe56⤵
- Executes dropped EXE
-
\??\c:\vvdjd.exec:\vvdjd.exe57⤵
- Executes dropped EXE
-
\??\c:\fxrlxxl.exec:\fxrlxxl.exe58⤵
- Executes dropped EXE
-
\??\c:\xxxlrxr.exec:\xxxlrxr.exe59⤵
- Executes dropped EXE
-
\??\c:\tbnntn.exec:\tbnntn.exe60⤵
- Executes dropped EXE
-
\??\c:\bnbhtt.exec:\bnbhtt.exe61⤵
- Executes dropped EXE
-
\??\c:\jdjdp.exec:\jdjdp.exe62⤵
- Executes dropped EXE
-
\??\c:\pvvdj.exec:\pvvdj.exe63⤵
- Executes dropped EXE
-
\??\c:\rflxfrx.exec:\rflxfrx.exe64⤵
- Executes dropped EXE
-
\??\c:\3rflfff.exec:\3rflfff.exe65⤵
- Executes dropped EXE
-
\??\c:\htbttb.exec:\htbttb.exe66⤵
-
\??\c:\hhbnnt.exec:\hhbnnt.exe67⤵
-
\??\c:\vpvdd.exec:\vpvdd.exe68⤵
-
\??\c:\jvvvd.exec:\jvvvd.exe69⤵
-
\??\c:\1rffrrr.exec:\1rffrrr.exe70⤵
-
\??\c:\lxlffrx.exec:\lxlffrx.exe71⤵
-
\??\c:\thbbhn.exec:\thbbhn.exe72⤵
-
\??\c:\jdjpv.exec:\jdjpv.exe73⤵
-
\??\c:\vdjjd.exec:\vdjjd.exe74⤵
-
\??\c:\xxrrrxl.exec:\xxrrrxl.exe75⤵
-
\??\c:\lfrfrrf.exec:\lfrfrrf.exe76⤵
-
\??\c:\3bnnbn.exec:\3bnnbn.exe77⤵
-
\??\c:\nbbbhn.exec:\nbbbhn.exe78⤵
-
\??\c:\dpdjv.exec:\dpdjv.exe79⤵
-
\??\c:\jvppp.exec:\jvppp.exe80⤵
-
\??\c:\fxfflxl.exec:\fxfflxl.exe81⤵
-
\??\c:\frfrxrx.exec:\frfrxrx.exe82⤵
-
\??\c:\hnttbb.exec:\hnttbb.exe83⤵
-
\??\c:\tbtbnt.exec:\tbtbnt.exe84⤵
-
\??\c:\9vpvj.exec:\9vpvj.exe85⤵
-
\??\c:\1pppp.exec:\1pppp.exe86⤵
-
\??\c:\xrfrrxf.exec:\xrfrrxf.exe87⤵
-
\??\c:\fxrfflx.exec:\fxrfflx.exe88⤵
-
\??\c:\nbtttb.exec:\nbtttb.exe89⤵
-
\??\c:\tbbbhb.exec:\tbbbhb.exe90⤵
-
\??\c:\dppjd.exec:\dppjd.exe91⤵
-
\??\c:\vpddd.exec:\vpddd.exe92⤵
-
\??\c:\pdpjv.exec:\pdpjv.exe93⤵
-
\??\c:\rfflrfr.exec:\rfflrfr.exe94⤵
-
\??\c:\rlxxlrx.exec:\rlxxlrx.exe95⤵
-
\??\c:\nbhntb.exec:\nbhntb.exe96⤵
-
\??\c:\tnhhnh.exec:\tnhhnh.exe97⤵
-
\??\c:\dvpdp.exec:\dvpdp.exe98⤵
-
\??\c:\pdvpv.exec:\pdvpv.exe99⤵
-
\??\c:\1rrfflr.exec:\1rrfflr.exe100⤵
-
\??\c:\5fxlffx.exec:\5fxlffx.exe101⤵
-
\??\c:\1thttn.exec:\1thttn.exe102⤵
-
\??\c:\bbtbhh.exec:\bbtbhh.exe103⤵
-
\??\c:\9dpvd.exec:\9dpvd.exe104⤵
-
\??\c:\vvdjv.exec:\vvdjv.exe105⤵
-
\??\c:\7xfxxrx.exec:\7xfxxrx.exe106⤵
-
\??\c:\rfllxxf.exec:\rfllxxf.exe107⤵
-
\??\c:\nbnntn.exec:\nbnntn.exe108⤵
-
\??\c:\3btttt.exec:\3btttt.exe109⤵
-
\??\c:\jddjp.exec:\jddjp.exe110⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe111⤵
-
\??\c:\fxllllx.exec:\fxllllx.exe112⤵
-
\??\c:\lxffflf.exec:\lxffflf.exe113⤵
-
\??\c:\tntbhn.exec:\tntbhn.exe114⤵
-
\??\c:\5ththn.exec:\5ththn.exe115⤵
-
\??\c:\ppjpj.exec:\ppjpj.exe116⤵
-
\??\c:\pjvjp.exec:\pjvjp.exe117⤵
-
\??\c:\xxlxlrr.exec:\xxlxlrr.exe118⤵
-
\??\c:\flfxlxf.exec:\flfxlxf.exe119⤵
-
\??\c:\1tbbhh.exec:\1tbbhh.exe120⤵
-
\??\c:\nbhnhn.exec:\nbhnhn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-