Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
14/05/2024, 04:08
General
-
Target
f367c91f98c51f2d1948423ac5bb782dcd115c5921f3e6b967f4c74c2997efd4.exe
-
Size
401KB
-
MD5
ad1e65d88eebaa8f9152117f73d86bd0
-
SHA1
ddc72518437323000bab885855c7ef2795c4a658
-
SHA256
f367c91f98c51f2d1948423ac5bb782dcd115c5921f3e6b967f4c74c2997efd4
-
SHA512
3ac9fca64a11486766d444da9b8a4f3082818eda7afd8f57be737d9a356df0c0ef3f29a07df6d82bb6cd28975e7050bd941926e64bd2e75f4214bf7bf4495466
-
SSDEEP
3072:ymb3NkkiQ3mdBjFIi/0RU6QeYQsm71vPmX5kr+uIBpkJITEEuR9XTVyXm+:n3C9BRIG0asYFm71mJkr+uIBe1T8N
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 18 IoCs
-
UPX dump on OEP (original entry point) 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f367c91f98c51f2d1948423ac5bb782dcd115c5921f3e6b967f4c74c2997efd4.exe"C:\Users\Admin\AppData\Local\Temp\f367c91f98c51f2d1948423ac5bb782dcd115c5921f3e6b967f4c74c2997efd4.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lfffrxr.exec:\lfffrxr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjvd.exec:\dvjvd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flflxxl.exec:\flflxxl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hbbhn.exec:\3hbbhn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdv.exec:\pjvdv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflrlrl.exec:\lflrlrl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnthn.exec:\btnthn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjv.exec:\vpdjv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rffxxr.exec:\3rffxxr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hthtb.exec:\1hthtb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbnbh.exec:\bhbnbh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpdv.exec:\jdpdv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frffllr.exec:\frffllr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdpd.exec:\jvdpd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrflrx.exec:\fxrflrx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlxlrl.exec:\xrlxlrl.exe17⤵
- Executes dropped EXE
-
\??\c:\hthnhn.exec:\hthnhn.exe18⤵
- Executes dropped EXE
-
\??\c:\jvjvj.exec:\jvjvj.exe19⤵
- Executes dropped EXE
-
\??\c:\rfxxllx.exec:\rfxxllx.exe20⤵
- Executes dropped EXE
-
\??\c:\nnnhbb.exec:\nnnhbb.exe21⤵
- Executes dropped EXE
-
\??\c:\vpjdp.exec:\vpjdp.exe22⤵
- Executes dropped EXE
-
\??\c:\lffrxlf.exec:\lffrxlf.exe23⤵
- Executes dropped EXE
-
\??\c:\btntnb.exec:\btntnb.exe24⤵
- Executes dropped EXE
-
\??\c:\3jvdp.exec:\3jvdp.exe25⤵
- Executes dropped EXE
-
\??\c:\rrlxlrr.exec:\rrlxlrr.exe26⤵
- Executes dropped EXE
-
\??\c:\5bnbbh.exec:\5bnbbh.exe27⤵
- Executes dropped EXE
-
\??\c:\7jjpp.exec:\7jjpp.exe28⤵
- Executes dropped EXE
-
\??\c:\3lxfflr.exec:\3lxfflr.exe29⤵
- Executes dropped EXE
-
\??\c:\hhbhbh.exec:\hhbhbh.exe30⤵
- Executes dropped EXE
-
\??\c:\9pvpp.exec:\9pvpp.exe31⤵
- Executes dropped EXE
-
\??\c:\rlffrfr.exec:\rlffrfr.exe32⤵
- Executes dropped EXE
-
\??\c:\hhhtbh.exec:\hhhtbh.exe33⤵
- Executes dropped EXE
-
\??\c:\jpvdj.exec:\jpvdj.exe34⤵
- Executes dropped EXE
-
\??\c:\dpjjj.exec:\dpjjj.exe35⤵
- Executes dropped EXE
-
\??\c:\rflxfff.exec:\rflxfff.exe36⤵
- Executes dropped EXE
-
\??\c:\btbhtt.exec:\btbhtt.exe37⤵
- Executes dropped EXE
-
\??\c:\ddvjv.exec:\ddvjv.exe38⤵
- Executes dropped EXE
-
\??\c:\3dvjd.exec:\3dvjd.exe39⤵
- Executes dropped EXE
-
\??\c:\frrxlfr.exec:\frrxlfr.exe40⤵
- Executes dropped EXE
-
\??\c:\bbbnht.exec:\bbbnht.exe41⤵
- Executes dropped EXE
-
\??\c:\3nnbhh.exec:\3nnbhh.exe42⤵
- Executes dropped EXE
-
\??\c:\rfrlflx.exec:\rfrlflx.exe43⤵
- Executes dropped EXE
-
\??\c:\vdpvj.exec:\vdpvj.exe44⤵
- Executes dropped EXE
-
\??\c:\ppjjd.exec:\ppjjd.exe45⤵
- Executes dropped EXE
-
\??\c:\lrflrrx.exec:\lrflrrx.exe46⤵
- Executes dropped EXE
-
\??\c:\hthhnn.exec:\hthhnn.exe47⤵
- Executes dropped EXE
-
\??\c:\ppdjv.exec:\ppdjv.exe48⤵
- Executes dropped EXE
-
\??\c:\rlrxrxr.exec:\rlrxrxr.exe49⤵
- Executes dropped EXE
-
\??\c:\hbnthn.exec:\hbnthn.exe50⤵
- Executes dropped EXE
-
\??\c:\nhnnnb.exec:\nhnnnb.exe51⤵
- Executes dropped EXE
-
\??\c:\jvjpv.exec:\jvjpv.exe52⤵
- Executes dropped EXE
-
\??\c:\7rfflrf.exec:\7rfflrf.exe53⤵
- Executes dropped EXE
-
\??\c:\frflfff.exec:\frflfff.exe54⤵
- Executes dropped EXE
-
\??\c:\bthtbh.exec:\bthtbh.exe55⤵
- Executes dropped EXE
-
\??\c:\pjpjp.exec:\pjpjp.exe56⤵
- Executes dropped EXE
-
\??\c:\xlrrxxf.exec:\xlrrxxf.exe57⤵
- Executes dropped EXE
-
\??\c:\bnbhnt.exec:\bnbhnt.exe58⤵
- Executes dropped EXE
-
\??\c:\btnnbh.exec:\btnnbh.exe59⤵
- Executes dropped EXE
-
\??\c:\pjvpd.exec:\pjvpd.exe60⤵
- Executes dropped EXE
-
\??\c:\ffxlrxf.exec:\ffxlrxf.exe61⤵
- Executes dropped EXE
-
\??\c:\lfrrxrl.exec:\lfrrxrl.exe62⤵
- Executes dropped EXE
-
\??\c:\bttbhn.exec:\bttbhn.exe63⤵
- Executes dropped EXE
-
\??\c:\1jddd.exec:\1jddd.exe64⤵
- Executes dropped EXE
-
\??\c:\lfllflr.exec:\lfllflr.exe65⤵
- Executes dropped EXE
-
\??\c:\lxfffxf.exec:\lxfffxf.exe66⤵
-
\??\c:\hthhhn.exec:\hthhhn.exe67⤵
-
\??\c:\vvjjd.exec:\vvjjd.exe68⤵
-
\??\c:\1rrfxlx.exec:\1rrfxlx.exe69⤵
-
\??\c:\lxfxfll.exec:\lxfxfll.exe70⤵
-
\??\c:\1hnbnb.exec:\1hnbnb.exe71⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe72⤵
-
\??\c:\lfxxllx.exec:\lfxxllx.exe73⤵
-
\??\c:\lfffllf.exec:\lfffllf.exe74⤵
-
\??\c:\nhtbhn.exec:\nhtbhn.exe75⤵
-
\??\c:\hhtbbh.exec:\hhtbbh.exe76⤵
-
\??\c:\jpjpp.exec:\jpjpp.exe77⤵
-
\??\c:\fxflffl.exec:\fxflffl.exe78⤵
-
\??\c:\nbnhnn.exec:\nbnhnn.exe79⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe80⤵
-
\??\c:\3djdd.exec:\3djdd.exe81⤵
-
\??\c:\rlxrxrx.exec:\rlxrxrx.exe82⤵
-
\??\c:\bnbntt.exec:\bnbntt.exe83⤵
-
\??\c:\nbnhbh.exec:\nbnhbh.exe84⤵
-
\??\c:\pdddj.exec:\pdddj.exe85⤵
-
\??\c:\7lxfffl.exec:\7lxfffl.exe86⤵
-
\??\c:\hhnbnb.exec:\hhnbnb.exe87⤵
-
\??\c:\nbnhnn.exec:\nbnhnn.exe88⤵
-
\??\c:\pdppp.exec:\pdppp.exe89⤵
-
\??\c:\fxlfxxf.exec:\fxlfxxf.exe90⤵
-
\??\c:\xrxrfll.exec:\xrxrfll.exe91⤵
-
\??\c:\bnbbhh.exec:\bnbbhh.exe92⤵
-
\??\c:\3thnnh.exec:\3thnnh.exe93⤵
-
\??\c:\9vvpp.exec:\9vvpp.exe94⤵
-
\??\c:\xlrrfxx.exec:\xlrrfxx.exe95⤵
-
\??\c:\lfrrxxx.exec:\lfrrxxx.exe96⤵
-
\??\c:\hthhnn.exec:\hthhnn.exe97⤵
-
\??\c:\dpdpp.exec:\dpdpp.exe98⤵
-
\??\c:\3xlxxll.exec:\3xlxxll.exe99⤵
-
\??\c:\lrfxxrr.exec:\lrfxxrr.exe100⤵
-
\??\c:\hbnnnn.exec:\hbnnnn.exe101⤵
-
\??\c:\3nhnnn.exec:\3nhnnn.exe102⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe103⤵
-
\??\c:\lllrfrl.exec:\lllrfrl.exe104⤵
-
\??\c:\7xxxflr.exec:\7xxxflr.exe105⤵
-
\??\c:\nhbbtn.exec:\nhbbtn.exe106⤵
-
\??\c:\vjvjp.exec:\vjvjp.exe107⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe108⤵
-
\??\c:\rfrxxff.exec:\rfrxxff.exe109⤵
-
\??\c:\nbhtnh.exec:\nbhtnh.exe110⤵
-
\??\c:\vvpjp.exec:\vvpjp.exe111⤵
-
\??\c:\vjvdp.exec:\vjvdp.exe112⤵
-
\??\c:\xrfxxrx.exec:\xrfxxrx.exe113⤵
-
\??\c:\5hbhnb.exec:\5hbhnb.exe114⤵
-
\??\c:\3bbhhh.exec:\3bbhhh.exe115⤵
-
\??\c:\jvvvv.exec:\jvvvv.exe116⤵
-
\??\c:\frffrxl.exec:\frffrxl.exe117⤵
-
\??\c:\9rxrxrx.exec:\9rxrxrx.exe118⤵
-
\??\c:\3bhhhh.exec:\3bhhhh.exe119⤵
-
\??\c:\5dpjd.exec:\5dpjd.exe120⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-