Analysis
-
max time kernel
150s -
max time network
110s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
10-05-2024 20:08
General
-
Target
323f869212f323ba6ca54b6d9b22a6ba0dccb57e75019f90b79d4c029397e996.exe
-
Size
88KB
-
MD5
42edf96b0d8e48d5152c11a821bd63aa
-
SHA1
4e2ab90248bdd186d50fa7924772636a69e4b44e
-
SHA256
323f869212f323ba6ca54b6d9b22a6ba0dccb57e75019f90b79d4c029397e996
-
SHA512
f0449515f2c4bb108471e68cc018170e822c91ab030176c1272315b59d9e291980994d6310ad8479deb804e2ee38da15bba2db57360b5219b70d17fa7d6c7f02
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDodtzac0Hobv0byLufTJfJ0:ymb3NkkiQ3mdBjFodt27HobvcyLufNfe
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 31 IoCs
-
UPX dump on OEP (original entry point) 38 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 38 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\MusNotification.exeC:\Windows\system32\MusNotification.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\323f869212f323ba6ca54b6d9b22a6ba0dccb57e75019f90b79d4c029397e996.exe"C:\Users\Admin\AppData\Local\Temp\323f869212f323ba6ca54b6d9b22a6ba0dccb57e75019f90b79d4c029397e996.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfxxrx.exec:\rrfxxrx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbntnt.exec:\bbntnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpvp.exec:\jvpvp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpv.exec:\dvvpv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lxfrrl.exec:\1lxfrrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnthbb.exec:\nnthbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jppd.exec:\9jppd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxlfrr.exec:\frxlfrr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrllfff.exec:\rrllfff.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhbhb.exec:\tbhbhb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjddp.exec:\jjddp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpdv.exec:\ddpdv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lrrllx.exec:\5lrrllx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btttnb.exec:\btttnb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhntn.exec:\bhhntn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpvp.exec:\ddpvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rxrrxf.exec:\3rxrrxf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxxrrl.exec:\xlxxrrl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbhhn.exec:\btbhhn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpppp.exec:\dpppp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrllll.exec:\xrrllll.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxrrr.exec:\rrxxrrr.exe23⤵
- Executes dropped EXE
-
\??\c:\htnttn.exec:\htnttn.exe24⤵
- Executes dropped EXE
-
\??\c:\bnbtnn.exec:\bnbtnn.exe25⤵
- Executes dropped EXE
-
\??\c:\dvdvd.exec:\dvdvd.exe26⤵
- Executes dropped EXE
-
\??\c:\lxrxxfr.exec:\lxrxxfr.exe27⤵
- Executes dropped EXE
-
\??\c:\rrlrflf.exec:\rrlrflf.exe28⤵
- Executes dropped EXE
-
\??\c:\3nbtnt.exec:\3nbtnt.exe29⤵
- Executes dropped EXE
-
\??\c:\bhtbhh.exec:\bhtbhh.exe30⤵
- Executes dropped EXE
-
\??\c:\5dppj.exec:\5dppj.exe31⤵
- Executes dropped EXE
-
\??\c:\3xfxrfr.exec:\3xfxrfr.exe32⤵
- Executes dropped EXE
-
\??\c:\ffflxlf.exec:\ffflxlf.exe33⤵
- Executes dropped EXE
-
\??\c:\ntnbnb.exec:\ntnbnb.exe34⤵
- Executes dropped EXE
-
\??\c:\tntnhn.exec:\tntnhn.exe35⤵
- Executes dropped EXE
-
\??\c:\ppvpd.exec:\ppvpd.exe36⤵
- Executes dropped EXE
-
\??\c:\vpvvd.exec:\vpvvd.exe37⤵
- Executes dropped EXE
-
\??\c:\rrrrrrr.exec:\rrrrrrr.exe38⤵
- Executes dropped EXE
-
\??\c:\htttbt.exec:\htttbt.exe39⤵
- Executes dropped EXE
-
\??\c:\hnnntn.exec:\hnnntn.exe40⤵
- Executes dropped EXE
-
\??\c:\vjppj.exec:\vjppj.exe41⤵
- Executes dropped EXE
-
\??\c:\dppvj.exec:\dppvj.exe42⤵
- Executes dropped EXE
-
\??\c:\rfffffl.exec:\rfffffl.exe43⤵
- Executes dropped EXE
-
\??\c:\bttttt.exec:\bttttt.exe44⤵
- Executes dropped EXE
-
\??\c:\nhnhhh.exec:\nhnhhh.exe45⤵
- Executes dropped EXE
-
\??\c:\pjppv.exec:\pjppv.exe46⤵
- Executes dropped EXE
-
\??\c:\vdpjp.exec:\vdpjp.exe47⤵
- Executes dropped EXE
-
\??\c:\pvpjj.exec:\pvpjj.exe48⤵
- Executes dropped EXE
-
\??\c:\frfllrf.exec:\frfllrf.exe49⤵
- Executes dropped EXE
-
\??\c:\nhttnt.exec:\nhttnt.exe50⤵
- Executes dropped EXE
-
\??\c:\bnhtbb.exec:\bnhtbb.exe51⤵
- Executes dropped EXE
-
\??\c:\dpjjj.exec:\dpjjj.exe52⤵
- Executes dropped EXE
-
\??\c:\djdvj.exec:\djdvj.exe53⤵
- Executes dropped EXE
-
\??\c:\frrrllf.exec:\frrrllf.exe54⤵
- Executes dropped EXE
-
\??\c:\lfllflf.exec:\lfllflf.exe55⤵
- Executes dropped EXE
-
\??\c:\hhnnnh.exec:\hhnnnh.exe56⤵
- Executes dropped EXE
-
\??\c:\ppvpv.exec:\ppvpv.exe57⤵
- Executes dropped EXE
-
\??\c:\jpvpj.exec:\jpvpj.exe58⤵
- Executes dropped EXE
-
\??\c:\3lfffxx.exec:\3lfffxx.exe59⤵
- Executes dropped EXE
-
\??\c:\nnttnh.exec:\nnttnh.exe60⤵
- Executes dropped EXE
-
\??\c:\htntbh.exec:\htntbh.exe61⤵
- Executes dropped EXE
-
\??\c:\vjdjd.exec:\vjdjd.exe62⤵
- Executes dropped EXE
-
\??\c:\jpvjj.exec:\jpvjj.exe63⤵
- Executes dropped EXE
-
\??\c:\lxffflf.exec:\lxffflf.exe64⤵
- Executes dropped EXE
-
\??\c:\7bbbnt.exec:\7bbbnt.exe65⤵
- Executes dropped EXE
-
\??\c:\1bnnnt.exec:\1bnnnt.exe66⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe67⤵
-
\??\c:\ddvvv.exec:\ddvvv.exe68⤵
-
\??\c:\lxfrrrx.exec:\lxfrrrx.exe69⤵
-
\??\c:\fffllfx.exec:\fffllfx.exe70⤵
-
\??\c:\1rrrrrr.exec:\1rrrrrr.exe71⤵
-
\??\c:\tnbhhh.exec:\tnbhhh.exe72⤵
-
\??\c:\nbbbtt.exec:\nbbbtt.exe73⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe74⤵
-
\??\c:\jjjvp.exec:\jjjvp.exe75⤵
-
\??\c:\rxlrxxf.exec:\rxlrxxf.exe76⤵
-
\??\c:\lrrrrff.exec:\lrrrrff.exe77⤵
-
\??\c:\bthntt.exec:\bthntt.exe78⤵
-
\??\c:\tbtbtb.exec:\tbtbtb.exe79⤵
-
\??\c:\vddjd.exec:\vddjd.exe80⤵
-
\??\c:\ppvvd.exec:\ppvvd.exe81⤵
-
\??\c:\lllflrx.exec:\lllflrx.exe82⤵
-
\??\c:\3rlrrxx.exec:\3rlrrxx.exe83⤵
-
\??\c:\tbhnhn.exec:\tbhnhn.exe84⤵
-
\??\c:\nnnhhb.exec:\nnnhhb.exe85⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe86⤵
-
\??\c:\vppjj.exec:\vppjj.exe87⤵
-
\??\c:\ffffxxx.exec:\ffffxxx.exe88⤵
-
\??\c:\9rrlllf.exec:\9rrlllf.exe89⤵
-
\??\c:\thttbb.exec:\thttbb.exe90⤵
-
\??\c:\pdjpv.exec:\pdjpv.exe91⤵
-
\??\c:\vdvdv.exec:\vdvdv.exe92⤵
-
\??\c:\lffflrr.exec:\lffflrr.exe93⤵
-
\??\c:\pjjvd.exec:\pjjvd.exe94⤵
-
\??\c:\lrxxxff.exec:\lrxxxff.exe95⤵
-
\??\c:\xffxfxr.exec:\xffxfxr.exe96⤵
-
\??\c:\nbtnhh.exec:\nbtnhh.exe97⤵
-
\??\c:\9hhhth.exec:\9hhhth.exe98⤵
-
\??\c:\1pjvj.exec:\1pjvj.exe99⤵
-
\??\c:\xffxrll.exec:\xffxrll.exe100⤵
-
\??\c:\fxxflrx.exec:\fxxflrx.exe101⤵
-
\??\c:\bhtbhn.exec:\bhtbhn.exe102⤵
-
\??\c:\7bnnhh.exec:\7bnnhh.exe103⤵
-
\??\c:\vvdvv.exec:\vvdvv.exe104⤵
-
\??\c:\vppjp.exec:\vppjp.exe105⤵
-
\??\c:\7flfrlx.exec:\7flfrlx.exe106⤵
-
\??\c:\lxfxllx.exec:\lxfxllx.exe107⤵
-
\??\c:\llrllff.exec:\llrllff.exe108⤵
-
\??\c:\hhbtnn.exec:\hhbtnn.exe109⤵
-
\??\c:\hthbbh.exec:\hthbbh.exe110⤵
-
\??\c:\xrxrlll.exec:\xrxrlll.exe111⤵
-
\??\c:\lxlxrrx.exec:\lxlxrrx.exe112⤵
-
\??\c:\tnnttb.exec:\tnnttb.exe113⤵
-
\??\c:\nhbbbt.exec:\nhbbbt.exe114⤵
-
\??\c:\vvdjj.exec:\vvdjj.exe115⤵
-
\??\c:\vvjjp.exec:\vvjjp.exe116⤵
-
\??\c:\lrllffr.exec:\lrllffr.exe117⤵
-
\??\c:\rfffxlx.exec:\rfffxlx.exe118⤵
-
\??\c:\bhnhth.exec:\bhnhth.exe119⤵
-
\??\c:\nhbtbb.exec:\nhbtbb.exe120⤵
-
\??\c:\pddjj.exec:\pddjj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-