Analysis
-
max time kernel
156s -
max time network
164s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
15-05-2024 22:02
General
-
Target
5240072ee48d874369bfa590ac3a209e05fa3149fcce689c220c942dcc0a8c77.exe
-
Size
90KB
-
MD5
b8ab20732cfc88ac7196951f445329ed
-
SHA1
c4e7102f99daa17a707beb4b16b7ffd5d9bdbe0c
-
SHA256
5240072ee48d874369bfa590ac3a209e05fa3149fcce689c220c942dcc0a8c77
-
SHA512
177e0c8ca7b9f987bc7faf1b93865bca4ec0aa17ce6d681b9d322de49417f171181ce62480e4799f281aef9a1ace4c6b134e8a6eec1847cb45958eeb2fcd5e3e
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIQIDyviFxx2hCtgIMLP9rBZaRBb:ymb3NkkiQ3mdBjFIVLd2hWZGreRCYBn
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
UPX dump on OEP (original entry point) 33 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5240072ee48d874369bfa590ac3a209e05fa3149fcce689c220c942dcc0a8c77.exe"C:\Users\Admin\AppData\Local\Temp\5240072ee48d874369bfa590ac3a209e05fa3149fcce689c220c942dcc0a8c77.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\el5kl.exec:\el5kl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0ndn6vi.exec:\0ndn6vi.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2dm22.exec:\2dm22.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\54n5x.exec:\54n5x.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q3121mo.exec:\q3121mo.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ahn7.exec:\1ahn7.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lb31t.exec:\lb31t.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v3aaq41.exec:\v3aaq41.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\p78f2.exec:\p78f2.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5iaud57.exec:\5iaud57.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\g5gs4.exec:\g5gs4.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\64919b.exec:\64919b.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\89m22p7.exec:\89m22p7.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m79cr8.exec:\m79cr8.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\n6adg0q.exec:\n6adg0q.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2l41k08.exec:\2l41k08.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1sm7g.exec:\1sm7g.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pthxh.exec:\pthxh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8sdgms0.exec:\8sdgms0.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6v95q.exec:\6v95q.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\43j85k5.exec:\43j85k5.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\27764p.exec:\27764p.exe23⤵
- Executes dropped EXE
-
\??\c:\71btku.exec:\71btku.exe24⤵
- Executes dropped EXE
-
\??\c:\smgb181.exec:\smgb181.exe25⤵
- Executes dropped EXE
-
\??\c:\dtltpdt.exec:\dtltpdt.exe26⤵
- Executes dropped EXE
-
\??\c:\jdtlh.exec:\jdtlh.exe27⤵
- Executes dropped EXE
-
\??\c:\8ek3755.exec:\8ek3755.exe28⤵
- Executes dropped EXE
-
\??\c:\x38l03.exec:\x38l03.exe29⤵
- Executes dropped EXE
-
\??\c:\n0u392k.exec:\n0u392k.exe30⤵
- Executes dropped EXE
-
\??\c:\j8997.exec:\j8997.exe31⤵
- Executes dropped EXE
-
\??\c:\866j536.exec:\866j536.exe32⤵
- Executes dropped EXE
-
\??\c:\9n6avm7.exec:\9n6avm7.exe33⤵
- Executes dropped EXE
-
\??\c:\37w30f.exec:\37w30f.exe34⤵
- Executes dropped EXE
-
\??\c:\i22s1i7.exec:\i22s1i7.exe35⤵
- Executes dropped EXE
-
\??\c:\v7ld7.exec:\v7ld7.exe36⤵
- Executes dropped EXE
-
\??\c:\fexc29.exec:\fexc29.exe37⤵
- Executes dropped EXE
-
\??\c:\93378.exec:\93378.exe38⤵
- Executes dropped EXE
-
\??\c:\t5gs2.exec:\t5gs2.exe39⤵
- Executes dropped EXE
-
\??\c:\wti893o.exec:\wti893o.exe40⤵
- Executes dropped EXE
-
\??\c:\61swx4.exec:\61swx4.exe41⤵
- Executes dropped EXE
-
\??\c:\4eexs5n.exec:\4eexs5n.exe42⤵
- Executes dropped EXE
-
\??\c:\869p41u.exec:\869p41u.exe43⤵
- Executes dropped EXE
-
\??\c:\h0b5p9.exec:\h0b5p9.exe44⤵
- Executes dropped EXE
-
\??\c:\001e275.exec:\001e275.exe45⤵
- Executes dropped EXE
-
\??\c:\x5v9s.exec:\x5v9s.exe46⤵
- Executes dropped EXE
-
\??\c:\j20n79.exec:\j20n79.exe47⤵
- Executes dropped EXE
-
\??\c:\b7i8v3.exec:\b7i8v3.exe48⤵
- Executes dropped EXE
-
\??\c:\8lp7k.exec:\8lp7k.exe49⤵
- Executes dropped EXE
-
\??\c:\670b4qn.exec:\670b4qn.exe50⤵
- Executes dropped EXE
-
\??\c:\qfvgaqv.exec:\qfvgaqv.exe51⤵
- Executes dropped EXE
-
\??\c:\9i9iu60.exec:\9i9iu60.exe52⤵
- Executes dropped EXE
-
\??\c:\dw4lo4.exec:\dw4lo4.exe53⤵
- Executes dropped EXE
-
\??\c:\ppltx.exec:\ppltx.exe54⤵
- Executes dropped EXE
-
\??\c:\45p92d.exec:\45p92d.exe55⤵
- Executes dropped EXE
-
\??\c:\xmdn1.exec:\xmdn1.exe56⤵
- Executes dropped EXE
-
\??\c:\an9oidn.exec:\an9oidn.exe57⤵
- Executes dropped EXE
-
\??\c:\m41sh.exec:\m41sh.exe58⤵
- Executes dropped EXE
-
\??\c:\ck6ox9.exec:\ck6ox9.exe59⤵
- Executes dropped EXE
-
\??\c:\4r4vn3.exec:\4r4vn3.exe60⤵
- Executes dropped EXE
-
\??\c:\0o28b5g.exec:\0o28b5g.exe61⤵
- Executes dropped EXE
-
\??\c:\ltttpdl.exec:\ltttpdl.exe62⤵
- Executes dropped EXE
-
\??\c:\c54fwo.exec:\c54fwo.exe63⤵
- Executes dropped EXE
-
\??\c:\2kxawo9.exec:\2kxawo9.exe64⤵
- Executes dropped EXE
-
\??\c:\52h1s.exec:\52h1s.exe65⤵
- Executes dropped EXE
-
\??\c:\i8791.exec:\i8791.exe66⤵
-
\??\c:\45i7g4.exec:\45i7g4.exe67⤵
-
\??\c:\8e5905g.exec:\8e5905g.exe68⤵
-
\??\c:\4wxm0.exec:\4wxm0.exe69⤵
-
\??\c:\emvb768.exec:\emvb768.exe70⤵
-
\??\c:\g57k2.exec:\g57k2.exe71⤵
-
\??\c:\4456wc5.exec:\4456wc5.exe72⤵
-
\??\c:\vjbof2.exec:\vjbof2.exe73⤵
-
\??\c:\d341ko.exec:\d341ko.exe74⤵
-
\??\c:\25k27.exec:\25k27.exe75⤵
-
\??\c:\815f26l.exec:\815f26l.exe76⤵
-
\??\c:\qnw9rrr.exec:\qnw9rrr.exe77⤵
-
\??\c:\n0379n.exec:\n0379n.exe78⤵
-
\??\c:\98gp3no.exec:\98gp3no.exe79⤵
-
\??\c:\v792w.exec:\v792w.exe80⤵
-
\??\c:\1vb0c.exec:\1vb0c.exe81⤵
-
\??\c:\s1pmvjf.exec:\s1pmvjf.exe82⤵
-
\??\c:\d9j91q.exec:\d9j91q.exe83⤵
-
\??\c:\8g224c.exec:\8g224c.exe84⤵
-
\??\c:\7blf9.exec:\7blf9.exe85⤵
-
\??\c:\iu496c.exec:\iu496c.exe86⤵
-
\??\c:\3e763.exec:\3e763.exe87⤵
-
\??\c:\xu17ekw.exec:\xu17ekw.exe88⤵
-
\??\c:\453a7e.exec:\453a7e.exe89⤵
-
\??\c:\5qs573.exec:\5qs573.exe90⤵
-
\??\c:\dwkla2.exec:\dwkla2.exe91⤵
-
\??\c:\xltdplt.exec:\xltdplt.exe92⤵
-
\??\c:\m9319i.exec:\m9319i.exe93⤵
-
\??\c:\9up74.exec:\9up74.exe94⤵
-
\??\c:\8c2k9.exec:\8c2k9.exe95⤵
-
\??\c:\hg11c.exec:\hg11c.exe96⤵
-
\??\c:\fj08u8.exec:\fj08u8.exe97⤵
-
\??\c:\gh563.exec:\gh563.exe98⤵
-
\??\c:\6h634f5.exec:\6h634f5.exe99⤵
-
\??\c:\4qs3fxk.exec:\4qs3fxk.exe100⤵
-
\??\c:\jeq73k4.exec:\jeq73k4.exe101⤵
-
\??\c:\t0k0t.exec:\t0k0t.exe102⤵
-
\??\c:\u87pc81.exec:\u87pc81.exe103⤵
-
\??\c:\68s922.exec:\68s922.exe104⤵
-
\??\c:\hkk389.exec:\hkk389.exe105⤵
-
\??\c:\8x4e5mj.exec:\8x4e5mj.exe106⤵
-
\??\c:\091r6.exec:\091r6.exe107⤵
-
\??\c:\5qqol7r.exec:\5qqol7r.exe108⤵
-
\??\c:\d7b7b.exec:\d7b7b.exe109⤵
-
\??\c:\1xmp7.exec:\1xmp7.exe110⤵
-
\??\c:\ukv6w.exec:\ukv6w.exe111⤵
-
\??\c:\3ava5.exec:\3ava5.exe112⤵
-
\??\c:\9nqecd.exec:\9nqecd.exe113⤵
-
\??\c:\u6oxc90.exec:\u6oxc90.exe114⤵
-
\??\c:\h331g.exec:\h331g.exe115⤵
-
\??\c:\pxthxll.exec:\pxthxll.exe116⤵
-
\??\c:\8rp09.exec:\8rp09.exe117⤵
-
\??\c:\8l995w.exec:\8l995w.exe118⤵
-
\??\c:\h031lx.exec:\h031lx.exe119⤵
-
\??\c:\s5jdiu.exec:\s5jdiu.exe120⤵
-
\??\c:\o335w1.exec:\o335w1.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-