Analysis
-
max time kernel
149s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
14/05/2024, 23:22
General
-
Target
7a43cdf8ff7dc9592af5305b4f34254d5667d13a819e90ff1ca94bb699dc64bc.exe
-
Size
93KB
-
MD5
0f62c258ad5bbf49465108bd3cd449ae
-
SHA1
db948f73a55873a690d61235e5d421fedebb6f1d
-
SHA256
7a43cdf8ff7dc9592af5305b4f34254d5667d13a819e90ff1ca94bb699dc64bc
-
SHA512
787b1e35a0b9e3221325aa322144f20e10bb05779f997c6e12c238cbffa3cfc942b33dbd0e70698102da15051a9e7e76d2f991680b2273f5edb3082746cc7325
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoLuePjDYlR3hnjKXIQSe9oEm:ymb3NkkiQ3mdBjFoLucjDilOZhoR
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
UPX dump on OEP (original entry point) 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7a43cdf8ff7dc9592af5305b4f34254d5667d13a819e90ff1ca94bb699dc64bc.exe"C:\Users\Admin\AppData\Local\Temp\7a43cdf8ff7dc9592af5305b4f34254d5667d13a819e90ff1ca94bb699dc64bc.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\frxrxfl.exec:\frxrxfl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nbhht.exec:\7nbhht.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthntb.exec:\bthntb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jjdd.exec:\7jjdd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pdvd.exec:\7pdvd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflffff.exec:\rflffff.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nhbbb.exec:\3nhbbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3thhnh.exec:\3thhnh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vppv.exec:\1vppv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddj.exec:\dvddj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrllrx.exec:\lxrllrx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrxrr.exec:\rxxrxrr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lffrrr.exec:\7lffrrr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhbtn.exec:\bhhbtn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbhnt.exec:\tnbhnt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppdd.exec:\vppdd.exe17⤵
- Executes dropped EXE
-
\??\c:\3vjjj.exec:\3vjjj.exe18⤵
- Executes dropped EXE
-
\??\c:\rllxfrr.exec:\rllxfrr.exe19⤵
- Executes dropped EXE
-
\??\c:\lxlllll.exec:\lxlllll.exe20⤵
- Executes dropped EXE
-
\??\c:\3thbbh.exec:\3thbbh.exe21⤵
- Executes dropped EXE
-
\??\c:\nbnhhb.exec:\nbnhhb.exe22⤵
- Executes dropped EXE
-
\??\c:\hthtbh.exec:\hthtbh.exe23⤵
- Executes dropped EXE
-
\??\c:\dpvvd.exec:\dpvvd.exe24⤵
- Executes dropped EXE
-
\??\c:\vpjdp.exec:\vpjdp.exe25⤵
- Executes dropped EXE
-
\??\c:\9vjvd.exec:\9vjvd.exe26⤵
- Executes dropped EXE
-
\??\c:\5rxxffr.exec:\5rxxffr.exe27⤵
- Executes dropped EXE
-
\??\c:\5lrrrrr.exec:\5lrrrrr.exe28⤵
- Executes dropped EXE
-
\??\c:\tnthhb.exec:\tnthhb.exe29⤵
- Executes dropped EXE
-
\??\c:\5thhhn.exec:\5thhhn.exe30⤵
- Executes dropped EXE
-
\??\c:\vpjvd.exec:\vpjvd.exe31⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe32⤵
- Executes dropped EXE
-
\??\c:\rlxxxxx.exec:\rlxxxxx.exe33⤵
- Executes dropped EXE
-
\??\c:\lxllrxl.exec:\lxllrxl.exe34⤵
- Executes dropped EXE
-
\??\c:\xrfflff.exec:\xrfflff.exe35⤵
- Executes dropped EXE
-
\??\c:\httnhb.exec:\httnhb.exe36⤵
- Executes dropped EXE
-
\??\c:\hbbntt.exec:\hbbntt.exe37⤵
- Executes dropped EXE
-
\??\c:\vjvdj.exec:\vjvdj.exe38⤵
- Executes dropped EXE
-
\??\c:\jvvvd.exec:\jvvvd.exe39⤵
- Executes dropped EXE
-
\??\c:\pdjjd.exec:\pdjjd.exe40⤵
- Executes dropped EXE
-
\??\c:\xlxrxxx.exec:\xlxrxxx.exe41⤵
- Executes dropped EXE
-
\??\c:\frxxlfl.exec:\frxxlfl.exe42⤵
- Executes dropped EXE
-
\??\c:\xllllxf.exec:\xllllxf.exe43⤵
- Executes dropped EXE
-
\??\c:\bnthbb.exec:\bnthbb.exe44⤵
- Executes dropped EXE
-
\??\c:\hbnbbh.exec:\hbnbbh.exe45⤵
- Executes dropped EXE
-
\??\c:\nbhhbb.exec:\nbhhbb.exe46⤵
- Executes dropped EXE
-
\??\c:\jdpjj.exec:\jdpjj.exe47⤵
- Executes dropped EXE
-
\??\c:\vpvdj.exec:\vpvdj.exe48⤵
- Executes dropped EXE
-
\??\c:\dpvpp.exec:\dpvpp.exe49⤵
- Executes dropped EXE
-
\??\c:\lxrxrll.exec:\lxrxrll.exe50⤵
- Executes dropped EXE
-
\??\c:\frxrrlx.exec:\frxrrlx.exe51⤵
- Executes dropped EXE
-
\??\c:\rxxxxrr.exec:\rxxxxrr.exe52⤵
- Executes dropped EXE
-
\??\c:\htbhnh.exec:\htbhnh.exe53⤵
- Executes dropped EXE
-
\??\c:\thbnnn.exec:\thbnnn.exe54⤵
- Executes dropped EXE
-
\??\c:\thhbbb.exec:\thhbbb.exe55⤵
- Executes dropped EXE
-
\??\c:\1vdjd.exec:\1vdjd.exe56⤵
- Executes dropped EXE
-
\??\c:\dpddj.exec:\dpddj.exe57⤵
- Executes dropped EXE
-
\??\c:\5dpjp.exec:\5dpjp.exe58⤵
- Executes dropped EXE
-
\??\c:\frrxxfr.exec:\frrxxfr.exe59⤵
- Executes dropped EXE
-
\??\c:\xrrxxrr.exec:\xrrxxrr.exe60⤵
- Executes dropped EXE
-
\??\c:\lflrxxf.exec:\lflrxxf.exe61⤵
- Executes dropped EXE
-
\??\c:\thbhnt.exec:\thbhnt.exe62⤵
- Executes dropped EXE
-
\??\c:\thhbtb.exec:\thhbtb.exe63⤵
- Executes dropped EXE
-
\??\c:\5pjdd.exec:\5pjdd.exe64⤵
- Executes dropped EXE
-
\??\c:\1fxlrrf.exec:\1fxlrrf.exe65⤵
- Executes dropped EXE
-
\??\c:\fxllxxf.exec:\fxllxxf.exe66⤵
-
\??\c:\tnbbnh.exec:\tnbbnh.exe67⤵
-
\??\c:\vjvpv.exec:\vjvpv.exe68⤵
-
\??\c:\1jdjp.exec:\1jdjp.exe69⤵
-
\??\c:\xrxrrfl.exec:\xrxrrfl.exe70⤵
-
\??\c:\frlrxrx.exec:\frlrxrx.exe71⤵
-
\??\c:\rflxxxf.exec:\rflxxxf.exe72⤵
-
\??\c:\hnnbht.exec:\hnnbht.exe73⤵
-
\??\c:\vdvdp.exec:\vdvdp.exe74⤵
-
\??\c:\fxxrxxf.exec:\fxxrxxf.exe75⤵
-
\??\c:\xflxrrr.exec:\xflxrrr.exe76⤵
-
\??\c:\hbhbnt.exec:\hbhbnt.exe77⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe78⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe79⤵
-
\??\c:\frlrxrr.exec:\frlrxrr.exe80⤵
-
\??\c:\tntbhh.exec:\tntbhh.exe81⤵
-
\??\c:\5bbhbb.exec:\5bbhbb.exe82⤵
-
\??\c:\9hbtnh.exec:\9hbtnh.exe83⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe84⤵
-
\??\c:\dvvdp.exec:\dvvdp.exe85⤵
-
\??\c:\pdppd.exec:\pdppd.exe86⤵
-
\??\c:\xrfxfll.exec:\xrfxfll.exe87⤵
-
\??\c:\lfxxffl.exec:\lfxxffl.exe88⤵
-
\??\c:\dvpdp.exec:\dvpdp.exe89⤵
-
\??\c:\7jvvd.exec:\7jvvd.exe90⤵
-
\??\c:\hnbbhn.exec:\hnbbhn.exe91⤵
-
\??\c:\7jvdp.exec:\7jvdp.exe92⤵
-
\??\c:\xlfrxlf.exec:\xlfrxlf.exe93⤵
-
\??\c:\xrlrlxr.exec:\xrlrlxr.exe94⤵
-
\??\c:\hbbhtb.exec:\hbbhtb.exe95⤵
-
\??\c:\jvjdj.exec:\jvjdj.exe96⤵
-
\??\c:\pjppp.exec:\pjppp.exe97⤵
-
\??\c:\rfxxffx.exec:\rfxxffx.exe98⤵
-
\??\c:\5xfllff.exec:\5xfllff.exe99⤵
-
\??\c:\tnhntb.exec:\tnhntb.exe100⤵
-
\??\c:\5bthnn.exec:\5bthnn.exe101⤵
-
\??\c:\btnntn.exec:\btnntn.exe102⤵
-
\??\c:\pdppp.exec:\pdppp.exe103⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe104⤵
-
\??\c:\rllrxfr.exec:\rllrxfr.exe105⤵
-
\??\c:\lfrlxxf.exec:\lfrlxxf.exe106⤵
-
\??\c:\5lxrxrx.exec:\5lxrxrx.exe107⤵
-
\??\c:\3hnbhh.exec:\3hnbhh.exe108⤵
-
\??\c:\tnhbht.exec:\tnhbht.exe109⤵
-
\??\c:\9vvjp.exec:\9vvjp.exe110⤵
-
\??\c:\1dpvd.exec:\1dpvd.exe111⤵
-
\??\c:\pvjjd.exec:\pvjjd.exe112⤵
-
\??\c:\xrffrxx.exec:\xrffrxx.exe113⤵
-
\??\c:\ffffrxf.exec:\ffffrxf.exe114⤵
-
\??\c:\1fllrlr.exec:\1fllrlr.exe115⤵
-
\??\c:\hbtnth.exec:\hbtnth.exe116⤵
-
\??\c:\bthtbh.exec:\bthtbh.exe117⤵
-
\??\c:\pdddd.exec:\pdddd.exe118⤵
-
\??\c:\vjppj.exec:\vjppj.exe119⤵
-
\??\c:\xrflflr.exec:\xrflflr.exe120⤵
-
\??\c:\xlxxfxf.exec:\xlxxfxf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-