Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
10-05-2024 20:08
General
-
Target
323f869212f323ba6ca54b6d9b22a6ba0dccb57e75019f90b79d4c029397e996.exe
-
Size
88KB
-
MD5
42edf96b0d8e48d5152c11a821bd63aa
-
SHA1
4e2ab90248bdd186d50fa7924772636a69e4b44e
-
SHA256
323f869212f323ba6ca54b6d9b22a6ba0dccb57e75019f90b79d4c029397e996
-
SHA512
f0449515f2c4bb108471e68cc018170e822c91ab030176c1272315b59d9e291980994d6310ad8479deb804e2ee38da15bba2db57360b5219b70d17fa7d6c7f02
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDodtzac0Hobv0byLufTJfJ0:ymb3NkkiQ3mdBjFodt27HobvcyLufNfe
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
UPX dump on OEP (original entry point) 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\323f869212f323ba6ca54b6d9b22a6ba0dccb57e75019f90b79d4c029397e996.exe"C:\Users\Admin\AppData\Local\Temp\323f869212f323ba6ca54b6d9b22a6ba0dccb57e75019f90b79d4c029397e996.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7ddvp.exec:\7ddvp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflflfl.exec:\xflflfl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbbtn.exec:\hnbbtn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvvd.exec:\vvvvd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnhbn.exec:\bbnhbn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjdj.exec:\djjdj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtnbb.exec:\thtnbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdpp.exec:\jvdpp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tbntn.exec:\3tbntn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbtnn.exec:\bnbtnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vvpd.exec:\1vvpd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrxrf.exec:\rrrrxrf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnhbb.exec:\nnnhbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpjj.exec:\pvpjj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxlrxx.exec:\ffxlrxx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtnnb.exec:\nhtnnb.exe17⤵
- Executes dropped EXE
-
\??\c:\jppdd.exec:\jppdd.exe18⤵
- Executes dropped EXE
-
\??\c:\vjpjj.exec:\vjpjj.exe19⤵
- Executes dropped EXE
-
\??\c:\rxfrrrr.exec:\rxfrrrr.exe20⤵
- Executes dropped EXE
-
\??\c:\hhhbth.exec:\hhhbth.exe21⤵
- Executes dropped EXE
-
\??\c:\dddpj.exec:\dddpj.exe22⤵
- Executes dropped EXE
-
\??\c:\rrrxxrr.exec:\rrrxxrr.exe23⤵
- Executes dropped EXE
-
\??\c:\lrrfxlx.exec:\lrrfxlx.exe24⤵
- Executes dropped EXE
-
\??\c:\hbbthn.exec:\hbbthn.exe25⤵
- Executes dropped EXE
-
\??\c:\pdpdd.exec:\pdpdd.exe26⤵
- Executes dropped EXE
-
\??\c:\flxlxrf.exec:\flxlxrf.exe27⤵
- Executes dropped EXE
-
\??\c:\hthntb.exec:\hthntb.exe28⤵
- Executes dropped EXE
-
\??\c:\pvppp.exec:\pvppp.exe29⤵
- Executes dropped EXE
-
\??\c:\5lfxffr.exec:\5lfxffr.exe30⤵
- Executes dropped EXE
-
\??\c:\bbhbbh.exec:\bbhbbh.exe31⤵
- Executes dropped EXE
-
\??\c:\pdppp.exec:\pdppp.exe32⤵
- Executes dropped EXE
-
\??\c:\rlffrlx.exec:\rlffrlx.exe33⤵
- Executes dropped EXE
-
\??\c:\bbbhbb.exec:\bbbhbb.exe34⤵
- Executes dropped EXE
-
\??\c:\nnhbnh.exec:\nnhbnh.exe35⤵
- Executes dropped EXE
-
\??\c:\vvdvp.exec:\vvdvp.exe36⤵
- Executes dropped EXE
-
\??\c:\llfrflf.exec:\llfrflf.exe37⤵
- Executes dropped EXE
-
\??\c:\llxrxff.exec:\llxrxff.exe38⤵
- Executes dropped EXE
-
\??\c:\9tnntb.exec:\9tnntb.exe39⤵
- Executes dropped EXE
-
\??\c:\jpvjj.exec:\jpvjj.exe40⤵
- Executes dropped EXE
-
\??\c:\fxfrxfr.exec:\fxfrxfr.exe41⤵
- Executes dropped EXE
-
\??\c:\nbtthh.exec:\nbtthh.exe42⤵
- Executes dropped EXE
-
\??\c:\bbthth.exec:\bbthth.exe43⤵
- Executes dropped EXE
-
\??\c:\dvjdv.exec:\dvjdv.exe44⤵
- Executes dropped EXE
-
\??\c:\xflfxrl.exec:\xflfxrl.exe45⤵
- Executes dropped EXE
-
\??\c:\frlflrx.exec:\frlflrx.exe46⤵
- Executes dropped EXE
-
\??\c:\1nhbhb.exec:\1nhbhb.exe47⤵
- Executes dropped EXE
-
\??\c:\jvjpv.exec:\jvjpv.exe48⤵
- Executes dropped EXE
-
\??\c:\pjjpd.exec:\pjjpd.exe49⤵
- Executes dropped EXE
-
\??\c:\xxxfrfx.exec:\xxxfrfx.exe50⤵
- Executes dropped EXE
-
\??\c:\hbthtt.exec:\hbthtt.exe51⤵
- Executes dropped EXE
-
\??\c:\tbtttt.exec:\tbtttt.exe52⤵
- Executes dropped EXE
-
\??\c:\vpjjd.exec:\vpjjd.exe53⤵
- Executes dropped EXE
-
\??\c:\5fxfrfl.exec:\5fxfrfl.exe54⤵
- Executes dropped EXE
-
\??\c:\xxxxllx.exec:\xxxxllx.exe55⤵
- Executes dropped EXE
-
\??\c:\tnthbh.exec:\tnthbh.exe56⤵
- Executes dropped EXE
-
\??\c:\vdpjp.exec:\vdpjp.exe57⤵
- Executes dropped EXE
-
\??\c:\vdjvv.exec:\vdjvv.exe58⤵
- Executes dropped EXE
-
\??\c:\5ffrrxx.exec:\5ffrrxx.exe59⤵
- Executes dropped EXE
-
\??\c:\7nhthb.exec:\7nhthb.exe60⤵
- Executes dropped EXE
-
\??\c:\ppjpd.exec:\ppjpd.exe61⤵
- Executes dropped EXE
-
\??\c:\djvjv.exec:\djvjv.exe62⤵
- Executes dropped EXE
-
\??\c:\xfxrffr.exec:\xfxrffr.exe63⤵
- Executes dropped EXE
-
\??\c:\xxlxlll.exec:\xxlxlll.exe64⤵
- Executes dropped EXE
-
\??\c:\bhnbtn.exec:\bhnbtn.exe65⤵
- Executes dropped EXE
-
\??\c:\jdvvd.exec:\jdvvd.exe66⤵
-
\??\c:\pddvv.exec:\pddvv.exe67⤵
-
\??\c:\lrlrxxx.exec:\lrlrxxx.exe68⤵
-
\??\c:\3bbthh.exec:\3bbthh.exe69⤵
-
\??\c:\hhhbnt.exec:\hhhbnt.exe70⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe71⤵
-
\??\c:\1lrrlxf.exec:\1lrrlxf.exe72⤵
-
\??\c:\llfflxl.exec:\llfflxl.exe73⤵
-
\??\c:\7bntbh.exec:\7bntbh.exe74⤵
-
\??\c:\tbnbbt.exec:\tbnbbt.exe75⤵
-
\??\c:\hhbnnb.exec:\hhbnnb.exe76⤵
-
\??\c:\jddvd.exec:\jddvd.exe77⤵
-
\??\c:\lfrxlxl.exec:\lfrxlxl.exe78⤵
-
\??\c:\7ffrlxf.exec:\7ffrlxf.exe79⤵
-
\??\c:\tbhtth.exec:\tbhtth.exe80⤵
-
\??\c:\ttntnh.exec:\ttntnh.exe81⤵
-
\??\c:\3vppd.exec:\3vppd.exe82⤵
-
\??\c:\pvvdv.exec:\pvvdv.exe83⤵
-
\??\c:\5llxxxx.exec:\5llxxxx.exe84⤵
-
\??\c:\hhnhbn.exec:\hhnhbn.exe85⤵
-
\??\c:\bhhhtn.exec:\bhhhtn.exe86⤵
-
\??\c:\vpddv.exec:\vpddv.exe87⤵
-
\??\c:\pvddj.exec:\pvddj.exe88⤵
-
\??\c:\lrxxxxf.exec:\lrxxxxf.exe89⤵
-
\??\c:\nnbnbh.exec:\nnbnbh.exe90⤵
-
\??\c:\bhthhh.exec:\bhthhh.exe91⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe92⤵
-
\??\c:\jjdjp.exec:\jjdjp.exe93⤵
-
\??\c:\rxxrrlx.exec:\rxxrrlx.exe94⤵
-
\??\c:\9frlrxx.exec:\9frlrxx.exe95⤵
-
\??\c:\hthtnn.exec:\hthtnn.exe96⤵
-
\??\c:\jpvvj.exec:\jpvvj.exe97⤵
-
\??\c:\jpvdv.exec:\jpvdv.exe98⤵
-
\??\c:\xflfxrl.exec:\xflfxrl.exe99⤵
-
\??\c:\5nhtnb.exec:\5nhtnb.exe100⤵
-
\??\c:\ntbtnb.exec:\ntbtnb.exe101⤵
-
\??\c:\pdppj.exec:\pdppj.exe102⤵
-
\??\c:\vvddv.exec:\vvddv.exe103⤵
-
\??\c:\frfrfrr.exec:\frfrfrr.exe104⤵
-
\??\c:\3hbtth.exec:\3hbtth.exe105⤵
-
\??\c:\jpvjv.exec:\jpvjv.exe106⤵
-
\??\c:\pvppj.exec:\pvppj.exe107⤵
-
\??\c:\5xllfrl.exec:\5xllfrl.exe108⤵
-
\??\c:\xxllrxl.exec:\xxllrxl.exe109⤵
-
\??\c:\1bthbn.exec:\1bthbn.exe110⤵
-
\??\c:\1jvpd.exec:\1jvpd.exe111⤵
-
\??\c:\rlrxxff.exec:\rlrxxff.exe112⤵
-
\??\c:\lrrrrlf.exec:\lrrrrlf.exe113⤵
-
\??\c:\bbthtb.exec:\bbthtb.exe114⤵
-
\??\c:\3ddjp.exec:\3ddjp.exe115⤵
-
\??\c:\vdpjp.exec:\vdpjp.exe116⤵
-
\??\c:\1rxrrfx.exec:\1rxrrfx.exe117⤵
-
\??\c:\lrxrrrl.exec:\lrxrrrl.exe118⤵
-
\??\c:\nnntbh.exec:\nnntbh.exe119⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe120⤵
-
\??\c:\dvpjp.exec:\dvpjp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-