Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
11/05/2024, 18:14
General
-
Target
0458b00aab79fb5b37fc6bfd7e3f801e561b80451999bf61204b28423e956930.exe
-
Size
267KB
-
MD5
b068f431035f289630302b4987e0ec28
-
SHA1
0cb6c58ffd397a4af95ef4d09fae9a41e1d667e0
-
SHA256
0458b00aab79fb5b37fc6bfd7e3f801e561b80451999bf61204b28423e956930
-
SHA512
394233116f4f3b5c304d0c11b570f5ddd2dc86d550a4e7226171b89be77f9a4ed42d05c388317c1c67b78108ed77119b986239797101baab391f5d541d12a6d1
-
SSDEEP
3072:ymb3NkkiQ3mdBjFIi/0RU6QeYQsm71vPmPzTkV2y/QTa9RBZydZbf83pnzgmmIMX:n3C9BRIG0asYFm71mPfkVB8dKwaWn
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 18 IoCs
-
UPX dump on OEP (original entry point) 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0458b00aab79fb5b37fc6bfd7e3f801e561b80451999bf61204b28423e956930.exe"C:\Users\Admin\AppData\Local\Temp\0458b00aab79fb5b37fc6bfd7e3f801e561b80451999bf61204b28423e956930.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjp.exec:\dvjjp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppj.exec:\dvppj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhntb.exec:\hbhntb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjv.exec:\vpdjv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbnbb.exec:\hhbnbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdddp.exec:\pdddp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnbth.exec:\hhnbth.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddj.exec:\vpddj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bbhtb.exec:\7bbhtb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pddj.exec:\9pddj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfflrf.exec:\llfflrf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthtnt.exec:\tthtnt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffrxfr.exec:\lffrxfr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbhn.exec:\hbbbhn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdjv.exec:\jjdjv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flllrff.exec:\flllrff.exe17⤵
- Executes dropped EXE
-
\??\c:\ddvdp.exec:\ddvdp.exe18⤵
- Executes dropped EXE
-
\??\c:\9frrflx.exec:\9frrflx.exe19⤵
- Executes dropped EXE
-
\??\c:\5jvvj.exec:\5jvvj.exe20⤵
- Executes dropped EXE
-
\??\c:\llflxlr.exec:\llflxlr.exe21⤵
- Executes dropped EXE
-
\??\c:\nnnbbn.exec:\nnnbbn.exe22⤵
- Executes dropped EXE
-
\??\c:\fxxlrfl.exec:\fxxlrfl.exe23⤵
- Executes dropped EXE
-
\??\c:\tbhnbn.exec:\tbhnbn.exe24⤵
- Executes dropped EXE
-
\??\c:\pddpv.exec:\pddpv.exe25⤵
- Executes dropped EXE
-
\??\c:\ntbbtt.exec:\ntbbtt.exe26⤵
- Executes dropped EXE
-
\??\c:\vppdp.exec:\vppdp.exe27⤵
- Executes dropped EXE
-
\??\c:\bbbhbh.exec:\bbbhbh.exe28⤵
- Executes dropped EXE
-
\??\c:\vvddd.exec:\vvddd.exe29⤵
- Executes dropped EXE
-
\??\c:\llflrrf.exec:\llflrrf.exe30⤵
- Executes dropped EXE
-
\??\c:\nnhthn.exec:\nnhthn.exe31⤵
- Executes dropped EXE
-
\??\c:\1fxlrrf.exec:\1fxlrrf.exe32⤵
- Executes dropped EXE
-
\??\c:\7hhbhb.exec:\7hhbhb.exe33⤵
- Executes dropped EXE
-
\??\c:\lllrfrf.exec:\lllrfrf.exe34⤵
- Executes dropped EXE
-
\??\c:\bbhtht.exec:\bbhtht.exe35⤵
- Executes dropped EXE
-
\??\c:\3hnhbn.exec:\3hnhbn.exe36⤵
- Executes dropped EXE
-
\??\c:\ddvjv.exec:\ddvjv.exe37⤵
- Executes dropped EXE
-
\??\c:\rrlxlxf.exec:\rrlxlxf.exe38⤵
- Executes dropped EXE
-
\??\c:\ffrxxrr.exec:\ffrxxrr.exe39⤵
- Executes dropped EXE
-
\??\c:\bbbbnt.exec:\bbbbnt.exe40⤵
- Executes dropped EXE
-
\??\c:\vdppv.exec:\vdppv.exe41⤵
- Executes dropped EXE
-
\??\c:\lrlxrxl.exec:\lrlxrxl.exe42⤵
- Executes dropped EXE
-
\??\c:\hbnbnt.exec:\hbnbnt.exe43⤵
- Executes dropped EXE
-
\??\c:\vjddj.exec:\vjddj.exe44⤵
- Executes dropped EXE
-
\??\c:\9xrxlrf.exec:\9xrxlrf.exe45⤵
- Executes dropped EXE
-
\??\c:\3xrxrxl.exec:\3xrxrxl.exe46⤵
- Executes dropped EXE
-
\??\c:\1bbhtb.exec:\1bbhtb.exe47⤵
- Executes dropped EXE
-
\??\c:\vpvvj.exec:\vpvvj.exe48⤵
- Executes dropped EXE
-
\??\c:\5rrlflr.exec:\5rrlflr.exe49⤵
- Executes dropped EXE
-
\??\c:\rlfrffl.exec:\rlfrffl.exe50⤵
- Executes dropped EXE
-
\??\c:\nhthnn.exec:\nhthnn.exe51⤵
- Executes dropped EXE
-
\??\c:\3vvdp.exec:\3vvdp.exe52⤵
- Executes dropped EXE
-
\??\c:\9lfrffl.exec:\9lfrffl.exe53⤵
- Executes dropped EXE
-
\??\c:\rxlffxf.exec:\rxlffxf.exe54⤵
- Executes dropped EXE
-
\??\c:\tnhthh.exec:\tnhthh.exe55⤵
- Executes dropped EXE
-
\??\c:\djjpd.exec:\djjpd.exe56⤵
- Executes dropped EXE
-
\??\c:\llfrfrl.exec:\llfrfrl.exe57⤵
- Executes dropped EXE
-
\??\c:\tnhntb.exec:\tnhntb.exe58⤵
- Executes dropped EXE
-
\??\c:\bbtntt.exec:\bbtntt.exe59⤵
- Executes dropped EXE
-
\??\c:\jdjdd.exec:\jdjdd.exe60⤵
- Executes dropped EXE
-
\??\c:\fxlxlxr.exec:\fxlxlxr.exe61⤵
- Executes dropped EXE
-
\??\c:\bhhhbn.exec:\bhhhbn.exe62⤵
- Executes dropped EXE
-
\??\c:\jjdpj.exec:\jjdpj.exe63⤵
- Executes dropped EXE
-
\??\c:\ddvdj.exec:\ddvdj.exe64⤵
- Executes dropped EXE
-
\??\c:\7xrllxl.exec:\7xrllxl.exe65⤵
- Executes dropped EXE
-
\??\c:\ttnbhn.exec:\ttnbhn.exe66⤵
-
\??\c:\ntnbnh.exec:\ntnbnh.exe67⤵
-
\??\c:\dddvp.exec:\dddvp.exe68⤵
-
\??\c:\fxfrxxl.exec:\fxfrxxl.exe69⤵
-
\??\c:\tnhnbh.exec:\tnhnbh.exe70⤵
-
\??\c:\dvppv.exec:\dvppv.exe71⤵
-
\??\c:\vdjvd.exec:\vdjvd.exe72⤵
-
\??\c:\fffxrlf.exec:\fffxrlf.exe73⤵
-
\??\c:\bnhhtb.exec:\bnhhtb.exe74⤵
-
\??\c:\dvppj.exec:\dvppj.exe75⤵
-
\??\c:\ppjpd.exec:\ppjpd.exe76⤵
-
\??\c:\3llrrfl.exec:\3llrrfl.exe77⤵
-
\??\c:\hhthtb.exec:\hhthtb.exe78⤵
-
\??\c:\pvpjd.exec:\pvpjd.exe79⤵
-
\??\c:\pjjvj.exec:\pjjvj.exe80⤵
-
\??\c:\llrxlxl.exec:\llrxlxl.exe81⤵
-
\??\c:\nhtbhn.exec:\nhtbhn.exe82⤵
-
\??\c:\vpdjd.exec:\vpdjd.exe83⤵
-
\??\c:\ddjdj.exec:\ddjdj.exe84⤵
-
\??\c:\rrlllll.exec:\rrlllll.exe85⤵
-
\??\c:\ththth.exec:\ththth.exe86⤵
-
\??\c:\htntnb.exec:\htntnb.exe87⤵
-
\??\c:\pvjpp.exec:\pvjpp.exe88⤵
-
\??\c:\llllflf.exec:\llllflf.exe89⤵
-
\??\c:\rxrfrrl.exec:\rxrfrrl.exe90⤵
-
\??\c:\hnhthn.exec:\hnhthn.exe91⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe92⤵
-
\??\c:\fxlfrxf.exec:\fxlfrxf.exe93⤵
-
\??\c:\7rffrxr.exec:\7rffrxr.exe94⤵
-
\??\c:\hbnnht.exec:\hbnnht.exe95⤵
-
\??\c:\1jvpd.exec:\1jvpd.exe96⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe97⤵
-
\??\c:\rrllxfl.exec:\rrllxfl.exe98⤵
-
\??\c:\flffxxr.exec:\flffxxr.exe99⤵
-
\??\c:\9hntbb.exec:\9hntbb.exe100⤵
-
\??\c:\pvpdp.exec:\pvpdp.exe101⤵
-
\??\c:\rxflxrl.exec:\rxflxrl.exe102⤵
-
\??\c:\hhttnt.exec:\hhttnt.exe103⤵
-
\??\c:\7djdp.exec:\7djdp.exe104⤵
-
\??\c:\xxrflxl.exec:\xxrflxl.exe105⤵
-
\??\c:\ffrrxlr.exec:\ffrrxlr.exe106⤵
-
\??\c:\9tnnbb.exec:\9tnnbb.exe107⤵
-
\??\c:\dpjjp.exec:\dpjjp.exe108⤵
-
\??\c:\7lxllrl.exec:\7lxllrl.exe109⤵
-
\??\c:\tbhnbh.exec:\tbhnbh.exe110⤵
-
\??\c:\hhhtht.exec:\hhhtht.exe111⤵
-
\??\c:\jpjjj.exec:\jpjjj.exe112⤵
-
\??\c:\7rrxffr.exec:\7rrxffr.exe113⤵
-
\??\c:\tntbnn.exec:\tntbnn.exe114⤵
-
\??\c:\pvjdj.exec:\pvjdj.exe115⤵
-
\??\c:\rxffllr.exec:\rxffllr.exe116⤵
-
\??\c:\hbbhnn.exec:\hbbhnn.exe117⤵
-
\??\c:\ddpjp.exec:\ddpjp.exe118⤵
-
\??\c:\3lxxxxf.exec:\3lxxxxf.exe119⤵
-
\??\c:\ttnthn.exec:\ttnthn.exe120⤵
-
\??\c:\tnntnn.exec:\tnntnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-