Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
11-05-2024 05:53
General
-
Target
f1a77ba407e831d4eddb3854afcd86dea9e65723dac132f4e47bfc5a515b7baf.exe
-
Size
67KB
-
MD5
6cf632e36500a938f95688f72c819adf
-
SHA1
be33ef4afb4c3c383fd9e5e0cd2b0926d168800f
-
SHA256
f1a77ba407e831d4eddb3854afcd86dea9e65723dac132f4e47bfc5a515b7baf
-
SHA512
4706a62ef52b8ccc0e378f97ddc5cdb8cefb66f9029568e74059cba8e464ff84698e564dce42bf166df34e1901c8e99d0b4cbd6f5c6cb3e0f842f664c8e0c59b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIJ/RWPqBjfjBL:ymb3NkkiQ3mdBjFIqsj9L
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
UPX dump on OEP (original entry point) 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f1a77ba407e831d4eddb3854afcd86dea9e65723dac132f4e47bfc5a515b7baf.exe"C:\Users\Admin\AppData\Local\Temp\f1a77ba407e831d4eddb3854afcd86dea9e65723dac132f4e47bfc5a515b7baf.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9vpjp.exec:\9vpjp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxflll.exec:\xlxflll.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthbhh.exec:\nthbhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnnbh.exec:\ttnnbh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvdv.exec:\pvvdv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjdd.exec:\dvjdd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rllrrx.exec:\9rllrrx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rrxlrf.exec:\7rrxlrf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbbbh.exec:\thbbbh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtttb.exec:\thtttb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnhnt.exec:\thnhnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjp.exec:\pjdjp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ddpd.exec:\1ddpd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3fxfrlr.exec:\3fxfrlr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrlrxf.exec:\rfrlrxf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhtt.exec:\tnhhtt.exe17⤵
- Executes dropped EXE
-
\??\c:\tbtnbt.exec:\tbtnbt.exe18⤵
- Executes dropped EXE
-
\??\c:\3hthtn.exec:\3hthtn.exe19⤵
- Executes dropped EXE
-
\??\c:\pjdpj.exec:\pjdpj.exe20⤵
- Executes dropped EXE
-
\??\c:\pjdjp.exec:\pjdjp.exe21⤵
- Executes dropped EXE
-
\??\c:\3llflrr.exec:\3llflrr.exe22⤵
- Executes dropped EXE
-
\??\c:\rfrxllr.exec:\rfrxllr.exe23⤵
- Executes dropped EXE
-
\??\c:\tnbbhb.exec:\tnbbhb.exe24⤵
- Executes dropped EXE
-
\??\c:\thbtbb.exec:\thbtbb.exe25⤵
- Executes dropped EXE
-
\??\c:\ttntbb.exec:\ttntbb.exe26⤵
- Executes dropped EXE
-
\??\c:\1pdjv.exec:\1pdjv.exe27⤵
- Executes dropped EXE
-
\??\c:\fxlxffr.exec:\fxlxffr.exe28⤵
- Executes dropped EXE
-
\??\c:\xlfxffr.exec:\xlfxffr.exe29⤵
- Executes dropped EXE
-
\??\c:\tthtbb.exec:\tthtbb.exe30⤵
- Executes dropped EXE
-
\??\c:\7bttbb.exec:\7bttbb.exe31⤵
- Executes dropped EXE
-
\??\c:\hbnttb.exec:\hbnttb.exe32⤵
- Executes dropped EXE
-
\??\c:\7vdpd.exec:\7vdpd.exe33⤵
- Executes dropped EXE
-
\??\c:\vppdd.exec:\vppdd.exe34⤵
- Executes dropped EXE
-
\??\c:\pjdjp.exec:\pjdjp.exe35⤵
- Executes dropped EXE
-
\??\c:\rlrfflf.exec:\rlrfflf.exe36⤵
- Executes dropped EXE
-
\??\c:\lfrxrxl.exec:\lfrxrxl.exe37⤵
- Executes dropped EXE
-
\??\c:\nhnthb.exec:\nhnthb.exe38⤵
- Executes dropped EXE
-
\??\c:\hnhhtn.exec:\hnhhtn.exe39⤵
- Executes dropped EXE
-
\??\c:\pjpvp.exec:\pjpvp.exe40⤵
- Executes dropped EXE
-
\??\c:\9rlffll.exec:\9rlffll.exe41⤵
- Executes dropped EXE
-
\??\c:\lffxxrx.exec:\lffxxrx.exe42⤵
- Executes dropped EXE
-
\??\c:\fxlxlfl.exec:\fxlxlfl.exe43⤵
- Executes dropped EXE
-
\??\c:\tnbhhb.exec:\tnbhhb.exe44⤵
- Executes dropped EXE
-
\??\c:\tnttbt.exec:\tnttbt.exe45⤵
- Executes dropped EXE
-
\??\c:\djpdd.exec:\djpdd.exe46⤵
- Executes dropped EXE
-
\??\c:\pjjvd.exec:\pjjvd.exe47⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe48⤵
- Executes dropped EXE
-
\??\c:\5lxrfxf.exec:\5lxrfxf.exe49⤵
- Executes dropped EXE
-
\??\c:\5xrrfll.exec:\5xrrfll.exe50⤵
- Executes dropped EXE
-
\??\c:\nbnhhb.exec:\nbnhhb.exe51⤵
- Executes dropped EXE
-
\??\c:\nbnhnn.exec:\nbnhnn.exe52⤵
- Executes dropped EXE
-
\??\c:\nhthhn.exec:\nhthhn.exe53⤵
- Executes dropped EXE
-
\??\c:\9vvpp.exec:\9vvpp.exe54⤵
- Executes dropped EXE
-
\??\c:\7jdvd.exec:\7jdvd.exe55⤵
- Executes dropped EXE
-
\??\c:\tbntbt.exec:\tbntbt.exe56⤵
- Executes dropped EXE
-
\??\c:\tnnbbb.exec:\tnnbbb.exe57⤵
- Executes dropped EXE
-
\??\c:\pjdjp.exec:\pjdjp.exe58⤵
- Executes dropped EXE
-
\??\c:\vvjdd.exec:\vvjdd.exe59⤵
- Executes dropped EXE
-
\??\c:\ffxlfrl.exec:\ffxlfrl.exe60⤵
- Executes dropped EXE
-
\??\c:\bnhntn.exec:\bnhntn.exe61⤵
- Executes dropped EXE
-
\??\c:\btnhnn.exec:\btnhnn.exe62⤵
- Executes dropped EXE
-
\??\c:\pjjdj.exec:\pjjdj.exe63⤵
- Executes dropped EXE
-
\??\c:\7pvpv.exec:\7pvpv.exe64⤵
- Executes dropped EXE
-
\??\c:\1fffrxl.exec:\1fffrxl.exe65⤵
- Executes dropped EXE
-
\??\c:\xxlrlxx.exec:\xxlrlxx.exe66⤵
-
\??\c:\bnbbhb.exec:\bnbbhb.exe67⤵
-
\??\c:\bnbttn.exec:\bnbttn.exe68⤵
-
\??\c:\dpjvd.exec:\dpjvd.exe69⤵
-
\??\c:\jdjpv.exec:\jdjpv.exe70⤵
-
\??\c:\9fxlrrx.exec:\9fxlrrx.exe71⤵
-
\??\c:\fxfffll.exec:\fxfffll.exe72⤵
-
\??\c:\thtttt.exec:\thtttt.exe73⤵
-
\??\c:\hbhbbh.exec:\hbhbbh.exe74⤵
-
\??\c:\1vjdd.exec:\1vjdd.exe75⤵
-
\??\c:\xrrxxfl.exec:\xrrxxfl.exe76⤵
-
\??\c:\3fxlrlx.exec:\3fxlrlx.exe77⤵
-
\??\c:\lfrxxrf.exec:\lfrxxrf.exe78⤵
-
\??\c:\nbhhnn.exec:\nbhhnn.exe79⤵
-
\??\c:\tttnbh.exec:\tttnbh.exe80⤵
-
\??\c:\9vpvp.exec:\9vpvp.exe81⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe82⤵
-
\??\c:\lxfffff.exec:\lxfffff.exe83⤵
-
\??\c:\tnbtbt.exec:\tnbtbt.exe84⤵
-
\??\c:\9tntnn.exec:\9tntnn.exe85⤵
-
\??\c:\pvvjj.exec:\pvvjj.exe86⤵
-
\??\c:\1dvdd.exec:\1dvdd.exe87⤵
-
\??\c:\lflrfff.exec:\lflrfff.exe88⤵
-
\??\c:\fxrfxxl.exec:\fxrfxxl.exe89⤵
-
\??\c:\hntnht.exec:\hntnht.exe90⤵
-
\??\c:\jpdjj.exec:\jpdjj.exe91⤵
-
\??\c:\jvdvd.exec:\jvdvd.exe92⤵
-
\??\c:\lrrlrlr.exec:\lrrlrlr.exe93⤵
-
\??\c:\rfllllf.exec:\rfllllf.exe94⤵
-
\??\c:\9nnntb.exec:\9nnntb.exe95⤵
-
\??\c:\tnthhb.exec:\tnthhb.exe96⤵
-
\??\c:\7tnthh.exec:\7tnthh.exe97⤵
-
\??\c:\dvvpv.exec:\dvvpv.exe98⤵
-
\??\c:\dpjvv.exec:\dpjvv.exe99⤵
-
\??\c:\xlrlllr.exec:\xlrlllr.exe100⤵
-
\??\c:\3frrrll.exec:\3frrrll.exe101⤵
-
\??\c:\bthhnt.exec:\bthhnt.exe102⤵
-
\??\c:\jvjjj.exec:\jvjjj.exe103⤵
-
\??\c:\ddpdj.exec:\ddpdj.exe104⤵
-
\??\c:\5xrrxlx.exec:\5xrrxlx.exe105⤵
-
\??\c:\flrrrll.exec:\flrrrll.exe106⤵
-
\??\c:\htbbhn.exec:\htbbhn.exe107⤵
-
\??\c:\pjdvd.exec:\pjdvd.exe108⤵
-
\??\c:\dvdjp.exec:\dvdjp.exe109⤵
-
\??\c:\rfllrlr.exec:\rfllrlr.exe110⤵
-
\??\c:\7frflfr.exec:\7frflfr.exe111⤵
-
\??\c:\nhtttb.exec:\nhtttb.exe112⤵
-
\??\c:\9jddj.exec:\9jddj.exe113⤵
-
\??\c:\9vdjj.exec:\9vdjj.exe114⤵
-
\??\c:\frlffll.exec:\frlffll.exe115⤵
-
\??\c:\ffrxxfx.exec:\ffrxxfx.exe116⤵
-
\??\c:\ttnthb.exec:\ttnthb.exe117⤵
-
\??\c:\nhtbtb.exec:\nhtbtb.exe118⤵
-
\??\c:\nbhttt.exec:\nbhttt.exe119⤵
-
\??\c:\pdpvj.exec:\pdpvj.exe120⤵
-
\??\c:\ddpjj.exec:\ddpjj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-