Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
14/05/2024, 22:14
General
-
Target
60b7831d24fdd7958ac60f6d65b76fbe12e7449d80113ad5ae526bed587fb9fd.exe
-
Size
78KB
-
MD5
33b0ea4003633edb57b2b13005759edf
-
SHA1
2cf7c832c14f4a62484a7d3294723ce4996be19c
-
SHA256
60b7831d24fdd7958ac60f6d65b76fbe12e7449d80113ad5ae526bed587fb9fd
-
SHA512
f6ac1803e127ce6bc06575599c063c24c43439595832eb94c0750d136c9039cc8d399be4f41674ceb520a4c8a65dbd52a713cec151ad954b509ecdbe631e59d2
-
SSDEEP
1536:/vQBeOGtrYS3srx93UBWfwC6Ggnouy8jb5DiLKrb6MxvMnl2/AL:/hOmTsF93UYfwC6GIoutcKbtxN4
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 39 IoCs
-
UPX dump on OEP (original entry point) 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\60b7831d24fdd7958ac60f6d65b76fbe12e7449d80113ad5ae526bed587fb9fd.exe"C:\Users\Admin\AppData\Local\Temp\60b7831d24fdd7958ac60f6d65b76fbe12e7449d80113ad5ae526bed587fb9fd.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjpd.exec:\jjjpd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ffflrl.exec:\9ffflrl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbthbh.exec:\tbthbh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjdd.exec:\ddjdd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrllfxl.exec:\rrllfxl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnhbb.exec:\ttnhbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdjv.exec:\dvdjv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrfflf.exec:\xrrfflf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hbbnn.exec:\7hbbnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnbnb.exec:\hbnbnb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dvvv.exec:\9dvvv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxfrrr.exec:\lfxfrrr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbbnn.exec:\nnbbnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbthtn.exec:\nbthtn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdpj.exec:\ppdpj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxfflr.exec:\lfxfflr.exe17⤵
- Executes dropped EXE
-
\??\c:\3rrlrrl.exec:\3rrlrrl.exe18⤵
- Executes dropped EXE
-
\??\c:\btnnbb.exec:\btnnbb.exe19⤵
- Executes dropped EXE
-
\??\c:\9pdjv.exec:\9pdjv.exe20⤵
- Executes dropped EXE
-
\??\c:\7ppjp.exec:\7ppjp.exe21⤵
- Executes dropped EXE
-
\??\c:\lfxxllf.exec:\lfxxllf.exe22⤵
- Executes dropped EXE
-
\??\c:\nnhbth.exec:\nnhbth.exe23⤵
- Executes dropped EXE
-
\??\c:\pjjdp.exec:\pjjdp.exe24⤵
- Executes dropped EXE
-
\??\c:\pdddd.exec:\pdddd.exe25⤵
- Executes dropped EXE
-
\??\c:\rlflrrf.exec:\rlflrrf.exe26⤵
- Executes dropped EXE
-
\??\c:\lfrfrxf.exec:\lfrfrxf.exe27⤵
- Executes dropped EXE
-
\??\c:\dvppv.exec:\dvppv.exe28⤵
- Executes dropped EXE
-
\??\c:\pjjpv.exec:\pjjpv.exe29⤵
- Executes dropped EXE
-
\??\c:\fxflrrf.exec:\fxflrrf.exe30⤵
- Executes dropped EXE
-
\??\c:\5bbhhn.exec:\5bbhhn.exe31⤵
- Executes dropped EXE
-
\??\c:\dvddp.exec:\dvddp.exe32⤵
- Executes dropped EXE
-
\??\c:\jdvdj.exec:\jdvdj.exe33⤵
- Executes dropped EXE
-
\??\c:\xxlrxlf.exec:\xxlrxlf.exe34⤵
- Executes dropped EXE
-
\??\c:\rrflxxx.exec:\rrflxxx.exe35⤵
- Executes dropped EXE
-
\??\c:\hbnbhh.exec:\hbnbhh.exe36⤵
- Executes dropped EXE
-
\??\c:\pdjpp.exec:\pdjpp.exe37⤵
- Executes dropped EXE
-
\??\c:\jddpd.exec:\jddpd.exe38⤵
- Executes dropped EXE
-
\??\c:\rlxrrrf.exec:\rlxrrrf.exe39⤵
- Executes dropped EXE
-
\??\c:\ffxfrrf.exec:\ffxfrrf.exe40⤵
- Executes dropped EXE
-
\??\c:\nhbntb.exec:\nhbntb.exe41⤵
- Executes dropped EXE
-
\??\c:\hbnttb.exec:\hbnttb.exe42⤵
- Executes dropped EXE
-
\??\c:\pdpvd.exec:\pdpvd.exe43⤵
- Executes dropped EXE
-
\??\c:\ddjjp.exec:\ddjjp.exe44⤵
- Executes dropped EXE
-
\??\c:\lxlrxxf.exec:\lxlrxxf.exe45⤵
- Executes dropped EXE
-
\??\c:\btnthh.exec:\btnthh.exe46⤵
- Executes dropped EXE
-
\??\c:\jdjjv.exec:\jdjjv.exe47⤵
- Executes dropped EXE
-
\??\c:\pdjjj.exec:\pdjjj.exe48⤵
- Executes dropped EXE
-
\??\c:\fxxfrxf.exec:\fxxfrxf.exe49⤵
- Executes dropped EXE
-
\??\c:\7fxlrrx.exec:\7fxlrrx.exe50⤵
- Executes dropped EXE
-
\??\c:\tnnhnh.exec:\tnnhnh.exe51⤵
- Executes dropped EXE
-
\??\c:\3dddj.exec:\3dddj.exe52⤵
- Executes dropped EXE
-
\??\c:\pjvdd.exec:\pjvdd.exe53⤵
- Executes dropped EXE
-
\??\c:\rrxlllr.exec:\rrxlllr.exe54⤵
- Executes dropped EXE
-
\??\c:\nhbbbt.exec:\nhbbbt.exe55⤵
- Executes dropped EXE
-
\??\c:\bbthhn.exec:\bbthhn.exe56⤵
- Executes dropped EXE
-
\??\c:\dvdpv.exec:\dvdpv.exe57⤵
- Executes dropped EXE
-
\??\c:\pjvjj.exec:\pjvjj.exe58⤵
- Executes dropped EXE
-
\??\c:\rlfrflx.exec:\rlfrflx.exe59⤵
- Executes dropped EXE
-
\??\c:\btnnbb.exec:\btnnbb.exe60⤵
- Executes dropped EXE
-
\??\c:\nhnbnt.exec:\nhnbnt.exe61⤵
- Executes dropped EXE
-
\??\c:\ddpjv.exec:\ddpjv.exe62⤵
- Executes dropped EXE
-
\??\c:\fxflxxf.exec:\fxflxxf.exe63⤵
- Executes dropped EXE
-
\??\c:\rlxxllr.exec:\rlxxllr.exe64⤵
- Executes dropped EXE
-
\??\c:\1nnntt.exec:\1nnntt.exe65⤵
- Executes dropped EXE
-
\??\c:\7httht.exec:\7httht.exe66⤵
-
\??\c:\djpjj.exec:\djpjj.exe67⤵
-
\??\c:\xlxxxll.exec:\xlxxxll.exe68⤵
-
\??\c:\3frxllr.exec:\3frxllr.exe69⤵
-
\??\c:\3hhbnt.exec:\3hhbnt.exe70⤵
-
\??\c:\nhbbhh.exec:\nhbbhh.exe71⤵
-
\??\c:\5vjvd.exec:\5vjvd.exe72⤵
-
\??\c:\jvdpp.exec:\jvdpp.exe73⤵
-
\??\c:\5lffllr.exec:\5lffllr.exe74⤵
-
\??\c:\tthbht.exec:\tthbht.exe75⤵
-
\??\c:\tnbttb.exec:\tnbttb.exe76⤵
-
\??\c:\vpppj.exec:\vpppj.exe77⤵
-
\??\c:\xllrrxl.exec:\xllrrxl.exe78⤵
-
\??\c:\9ffxxlr.exec:\9ffxxlr.exe79⤵
-
\??\c:\hbthtb.exec:\hbthtb.exe80⤵
-
\??\c:\hbbtnh.exec:\hbbtnh.exe81⤵
-
\??\c:\5jvjj.exec:\5jvjj.exe82⤵
-
\??\c:\frlrrxx.exec:\frlrrxx.exe83⤵
-
\??\c:\9lxflxx.exec:\9lxflxx.exe84⤵
-
\??\c:\hbhbnb.exec:\hbhbnb.exe85⤵
-
\??\c:\bntbhn.exec:\bntbhn.exe86⤵
-
\??\c:\pddjp.exec:\pddjp.exe87⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe88⤵
-
\??\c:\rxfrxrx.exec:\rxfrxrx.exe89⤵
-
\??\c:\hbthtn.exec:\hbthtn.exe90⤵
-
\??\c:\httttt.exec:\httttt.exe91⤵
-
\??\c:\vjvvj.exec:\vjvvj.exe92⤵
-
\??\c:\5lfxrll.exec:\5lfxrll.exe93⤵
-
\??\c:\lfrlrrx.exec:\lfrlrrx.exe94⤵
-
\??\c:\bntbtb.exec:\bntbtb.exe95⤵
-
\??\c:\tnbntt.exec:\tnbntt.exe96⤵
-
\??\c:\dvdpp.exec:\dvdpp.exe97⤵
-
\??\c:\lflxxlr.exec:\lflxxlr.exe98⤵
-
\??\c:\xxlfflf.exec:\xxlfflf.exe99⤵
-
\??\c:\5xxflrx.exec:\5xxflrx.exe100⤵
-
\??\c:\7tnbhb.exec:\7tnbhb.exe101⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe102⤵
-
\??\c:\pvvjd.exec:\pvvjd.exe103⤵
-
\??\c:\rxxrrlx.exec:\rxxrrlx.exe104⤵
-
\??\c:\lxflrlr.exec:\lxflrlr.exe105⤵
-
\??\c:\tnbhtb.exec:\tnbhtb.exe106⤵
-
\??\c:\5tttbh.exec:\5tttbh.exe107⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe108⤵
-
\??\c:\3pvjd.exec:\3pvjd.exe109⤵
-
\??\c:\rlfrfxf.exec:\rlfrfxf.exe110⤵
-
\??\c:\fxfrxfl.exec:\fxfrxfl.exe111⤵
-
\??\c:\tntntb.exec:\tntntb.exe112⤵
-
\??\c:\thtttb.exec:\thtttb.exe113⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe114⤵
-
\??\c:\jjpdd.exec:\jjpdd.exe115⤵
-
\??\c:\lxxxxlf.exec:\lxxxxlf.exe116⤵
-
\??\c:\rlxrffl.exec:\rlxrffl.exe117⤵
-
\??\c:\tnbntn.exec:\tnbntn.exe118⤵
-
\??\c:\1htbbh.exec:\1htbbh.exe119⤵
-
\??\c:\7ddjp.exec:\7ddjp.exe120⤵
-
\??\c:\5vjpj.exec:\5vjpj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-