Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
14/05/2024, 23:22
General
-
Target
7a43cdf8ff7dc9592af5305b4f34254d5667d13a819e90ff1ca94bb699dc64bc.exe
-
Size
93KB
-
MD5
0f62c258ad5bbf49465108bd3cd449ae
-
SHA1
db948f73a55873a690d61235e5d421fedebb6f1d
-
SHA256
7a43cdf8ff7dc9592af5305b4f34254d5667d13a819e90ff1ca94bb699dc64bc
-
SHA512
787b1e35a0b9e3221325aa322144f20e10bb05779f997c6e12c238cbffa3cfc942b33dbd0e70698102da15051a9e7e76d2f991680b2273f5edb3082746cc7325
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoLuePjDYlR3hnjKXIQSe9oEm:ymb3NkkiQ3mdBjFoLucjDilOZhoR
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
UPX dump on OEP (original entry point) 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7a43cdf8ff7dc9592af5305b4f34254d5667d13a819e90ff1ca94bb699dc64bc.exe"C:\Users\Admin\AppData\Local\Temp\7a43cdf8ff7dc9592af5305b4f34254d5667d13a819e90ff1ca94bb699dc64bc.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbtn.exec:\hbbbtn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvppp.exec:\vvppp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxrfxx.exec:\llxrfxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxrrll.exec:\xlxrrll.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vvpp.exec:\9vvpp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxlflf.exec:\xrxlflf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbnbn.exec:\tnbnbn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddj.exec:\vpddj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxxll.exec:\xrxxxll.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntnhn.exec:\tntnhn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9djjv.exec:\9djjv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfxfxf.exec:\rxfxfxf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnnhh.exec:\bbnnhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpdd.exec:\vjpdd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrfxr.exec:\rxxrfxr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hhhbb.exec:\7hhhbb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjddd.exec:\pjddd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fffrrl.exec:\9fffrrl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxllllf.exec:\xxllllf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bbbtt.exec:\7bbbtt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbbnh.exec:\ntbbnh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjj.exec:\dppjj.exe23⤵
- Executes dropped EXE
-
\??\c:\llfxxfl.exec:\llfxxfl.exe24⤵
- Executes dropped EXE
-
\??\c:\nhtntt.exec:\nhtntt.exe25⤵
- Executes dropped EXE
-
\??\c:\fxxxxfr.exec:\fxxxxfr.exe26⤵
- Executes dropped EXE
-
\??\c:\bnbbtn.exec:\bnbbtn.exe27⤵
- Executes dropped EXE
-
\??\c:\3tthtt.exec:\3tthtt.exe28⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe29⤵
- Executes dropped EXE
-
\??\c:\tnbtnb.exec:\tnbtnb.exe30⤵
- Executes dropped EXE
-
\??\c:\hbbtnn.exec:\hbbtnn.exe31⤵
- Executes dropped EXE
-
\??\c:\ddjdp.exec:\ddjdp.exe32⤵
- Executes dropped EXE
-
\??\c:\lrxfxxr.exec:\lrxfxxr.exe33⤵
- Executes dropped EXE
-
\??\c:\djjjd.exec:\djjjd.exe34⤵
- Executes dropped EXE
-
\??\c:\5pjdv.exec:\5pjdv.exe35⤵
- Executes dropped EXE
-
\??\c:\tbhhbb.exec:\tbhhbb.exe36⤵
- Executes dropped EXE
-
\??\c:\nhhhnn.exec:\nhhhnn.exe37⤵
- Executes dropped EXE
-
\??\c:\dvvpd.exec:\dvvpd.exe38⤵
- Executes dropped EXE
-
\??\c:\frxlffx.exec:\frxlffx.exe39⤵
- Executes dropped EXE
-
\??\c:\bhnhbh.exec:\bhnhbh.exe40⤵
- Executes dropped EXE
-
\??\c:\bthtnn.exec:\bthtnn.exe41⤵
- Executes dropped EXE
-
\??\c:\vjppj.exec:\vjppj.exe42⤵
- Executes dropped EXE
-
\??\c:\1pvdv.exec:\1pvdv.exe43⤵
-
\??\c:\flrlffx.exec:\flrlffx.exe44⤵
- Executes dropped EXE
-
\??\c:\bhnnhh.exec:\bhnnhh.exe45⤵
- Executes dropped EXE
-
\??\c:\pvjjp.exec:\pvjjp.exe46⤵
- Executes dropped EXE
-
\??\c:\djjdp.exec:\djjdp.exe47⤵
- Executes dropped EXE
-
\??\c:\rxfxlfl.exec:\rxfxlfl.exe48⤵
- Executes dropped EXE
-
\??\c:\tbbbnn.exec:\tbbbnn.exe49⤵
- Executes dropped EXE
-
\??\c:\hthhtt.exec:\hthhtt.exe50⤵
- Executes dropped EXE
-
\??\c:\dpjjd.exec:\dpjjd.exe51⤵
- Executes dropped EXE
-
\??\c:\flrlxxr.exec:\flrlxxr.exe52⤵
- Executes dropped EXE
-
\??\c:\fxxrllr.exec:\fxxrllr.exe53⤵
- Executes dropped EXE
-
\??\c:\dpvjd.exec:\dpvjd.exe54⤵
- Executes dropped EXE
-
\??\c:\ddpjd.exec:\ddpjd.exe55⤵
- Executes dropped EXE
-
\??\c:\9rrlxrr.exec:\9rrlxrr.exe56⤵
- Executes dropped EXE
-
\??\c:\tttnhh.exec:\tttnhh.exe57⤵
- Executes dropped EXE
-
\??\c:\vjvpj.exec:\vjvpj.exe58⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe59⤵
- Executes dropped EXE
-
\??\c:\fxxrfrl.exec:\fxxrfrl.exe60⤵
- Executes dropped EXE
-
\??\c:\hnnhbb.exec:\hnnhbb.exe61⤵
- Executes dropped EXE
-
\??\c:\ntbtnn.exec:\ntbtnn.exe62⤵
- Executes dropped EXE
-
\??\c:\vdpvj.exec:\vdpvj.exe63⤵
- Executes dropped EXE
-
\??\c:\fxfxxrr.exec:\fxfxxrr.exe64⤵
- Executes dropped EXE
-
\??\c:\nhhbtn.exec:\nhhbtn.exe65⤵
- Executes dropped EXE
-
\??\c:\5ppjv.exec:\5ppjv.exe66⤵
- Executes dropped EXE
-
\??\c:\3vvvj.exec:\3vvvj.exe67⤵
-
\??\c:\rlrlllr.exec:\rlrlllr.exe68⤵
-
\??\c:\ffrlxll.exec:\ffrlxll.exe69⤵
-
\??\c:\nnnhhh.exec:\nnnhhh.exe70⤵
-
\??\c:\thhbnn.exec:\thhbnn.exe71⤵
-
\??\c:\3vppj.exec:\3vppj.exe72⤵
-
\??\c:\flllllr.exec:\flllllr.exe73⤵
-
\??\c:\9xxrfxr.exec:\9xxrfxr.exe74⤵
-
\??\c:\hnbbtt.exec:\hnbbtt.exe75⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe76⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe77⤵
-
\??\c:\5llrffx.exec:\5llrffx.exe78⤵
-
\??\c:\fxflllr.exec:\fxflllr.exe79⤵
-
\??\c:\bhhhth.exec:\bhhhth.exe80⤵
-
\??\c:\jddjv.exec:\jddjv.exe81⤵
-
\??\c:\jpdjv.exec:\jpdjv.exe82⤵
-
\??\c:\1frllfx.exec:\1frllfx.exe83⤵
-
\??\c:\btnthn.exec:\btnthn.exe84⤵
-
\??\c:\tbbbbb.exec:\tbbbbb.exe85⤵
-
\??\c:\jvdpj.exec:\jvdpj.exe86⤵
-
\??\c:\fllflll.exec:\fllflll.exe87⤵
-
\??\c:\llxxffx.exec:\llxxffx.exe88⤵
-
\??\c:\nbhbtt.exec:\nbhbtt.exe89⤵
-
\??\c:\pdppj.exec:\pdppj.exe90⤵
-
\??\c:\vvjdv.exec:\vvjdv.exe91⤵
-
\??\c:\lfxlxll.exec:\lfxlxll.exe92⤵
-
\??\c:\1hbbtb.exec:\1hbbtb.exe93⤵
-
\??\c:\btbhnh.exec:\btbhnh.exe94⤵
-
\??\c:\7vdvd.exec:\7vdvd.exe95⤵
-
\??\c:\lflxxlx.exec:\lflxxlx.exe96⤵
-
\??\c:\rlxrxxf.exec:\rlxrxxf.exe97⤵
-
\??\c:\hbbbtb.exec:\hbbbtb.exe98⤵
-
\??\c:\1hbbbb.exec:\1hbbbb.exe99⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe100⤵
-
\??\c:\fllfxxl.exec:\fllfxxl.exe101⤵
-
\??\c:\xfllfxx.exec:\xfllfxx.exe102⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe103⤵
-
\??\c:\fxxrffr.exec:\fxxrffr.exe104⤵
-
\??\c:\bhnnbb.exec:\bhnnbb.exe105⤵
-
\??\c:\pdvvj.exec:\pdvvj.exe106⤵
-
\??\c:\djppv.exec:\djppv.exe107⤵
-
\??\c:\9llrrxf.exec:\9llrrxf.exe108⤵
-
\??\c:\9btnhh.exec:\9btnhh.exe109⤵
-
\??\c:\9tbttt.exec:\9tbttt.exe110⤵
-
\??\c:\pdppd.exec:\pdppd.exe111⤵
-
\??\c:\flrxrll.exec:\flrxrll.exe112⤵
-
\??\c:\lfffffx.exec:\lfffffx.exe113⤵
-
\??\c:\nnhtnh.exec:\nnhtnh.exe114⤵
-
\??\c:\jpppj.exec:\jpppj.exe115⤵
-
\??\c:\jvjdp.exec:\jvjdp.exe116⤵
-
\??\c:\llffrrl.exec:\llffrrl.exe117⤵
-
\??\c:\ttnttt.exec:\ttnttt.exe118⤵
-
\??\c:\1bthtt.exec:\1bthtt.exe119⤵
-
\??\c:\7vjdv.exec:\7vjdv.exe120⤵
-
\??\c:\7jppj.exec:\7jppj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-