Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
15/05/2024, 18:57
General
-
Target
11dcc2f4af4589b79414baabb44e820d6baac523dd810d1d7eb2fcca40bedc86.exe
-
Size
51KB
-
MD5
58d5d4b198b903e77b0e551ecd4715b3
-
SHA1
95c46184aaa9da1c540191c17add3c93beda3aa6
-
SHA256
11dcc2f4af4589b79414baabb44e820d6baac523dd810d1d7eb2fcca40bedc86
-
SHA512
29bdd342f3245189d19fbf6c0b42604b16515a61293a762d992bc9ab013fa8c8f36173d74fecd442551a145ebd2815aa507a58365749b7b10457dc2c62610c35
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoYb:ymb3NkkiQ3mdBjFoQ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
UPX dump on OEP (original entry point) 30 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\11dcc2f4af4589b79414baabb44e820d6baac523dd810d1d7eb2fcca40bedc86.exe"C:\Users\Admin\AppData\Local\Temp\11dcc2f4af4589b79414baabb44e820d6baac523dd810d1d7eb2fcca40bedc86.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tntnbb.exec:\tntnbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddd.exec:\jdddd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxxxx.exec:\lffxxxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbbtb.exec:\bhbbtb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbbb.exec:\hhhbbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vdvp.exec:\9vdvp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxlfff.exec:\xlxlfff.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfxlxf.exec:\xxfxlxf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnnnb.exec:\nnnnnb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vjvv.exec:\7vjvv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lfxrlf.exec:\7lfxrlf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtbnb.exec:\thtbnb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppd.exec:\jdppd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddjj.exec:\pddjj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rflfff.exec:\7rflfff.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbbbb.exec:\nbbbbb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjdp.exec:\jvjdp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvvp.exec:\dpvvp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflfxxf.exec:\xflfxxf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxfllx.exec:\rlxfllx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnhtt.exec:\hhnhtt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdv.exec:\pdjdv.exe23⤵
- Executes dropped EXE
-
\??\c:\lrflfll.exec:\lrflfll.exe24⤵
- Executes dropped EXE
-
\??\c:\rfrllll.exec:\rfrllll.exe25⤵
- Executes dropped EXE
-
\??\c:\bbtttt.exec:\bbtttt.exe26⤵
- Executes dropped EXE
-
\??\c:\pjjpv.exec:\pjjpv.exe27⤵
- Executes dropped EXE
-
\??\c:\rllrfrf.exec:\rllrfrf.exe28⤵
- Executes dropped EXE
-
\??\c:\bnttnn.exec:\bnttnn.exe29⤵
- Executes dropped EXE
-
\??\c:\pdpjd.exec:\pdpjd.exe30⤵
- Executes dropped EXE
-
\??\c:\pjjvj.exec:\pjjvj.exe31⤵
- Executes dropped EXE
-
\??\c:\fxrrxfr.exec:\fxrrxfr.exe32⤵
- Executes dropped EXE
-
\??\c:\ntbbbh.exec:\ntbbbh.exe33⤵
- Executes dropped EXE
-
\??\c:\3jvjj.exec:\3jvjj.exe34⤵
- Executes dropped EXE
-
\??\c:\vvpjp.exec:\vvpjp.exe35⤵
- Executes dropped EXE
-
\??\c:\lrfrlff.exec:\lrfrlff.exe36⤵
- Executes dropped EXE
-
\??\c:\5fflxfx.exec:\5fflxfx.exe37⤵
- Executes dropped EXE
-
\??\c:\thtbht.exec:\thtbht.exe38⤵
- Executes dropped EXE
-
\??\c:\hhttbh.exec:\hhttbh.exe39⤵
- Executes dropped EXE
-
\??\c:\jdvpv.exec:\jdvpv.exe40⤵
- Executes dropped EXE
-
\??\c:\3rfxrlx.exec:\3rfxrlx.exe41⤵
- Executes dropped EXE
-
\??\c:\xffxxlf.exec:\xffxxlf.exe42⤵
- Executes dropped EXE
-
\??\c:\htnnhb.exec:\htnnhb.exe43⤵
- Executes dropped EXE
-
\??\c:\htttnh.exec:\htttnh.exe44⤵
- Executes dropped EXE
-
\??\c:\ppvvv.exec:\ppvvv.exe45⤵
- Executes dropped EXE
-
\??\c:\xxllllf.exec:\xxllllf.exe46⤵
- Executes dropped EXE
-
\??\c:\lxffxxr.exec:\lxffxxr.exe47⤵
- Executes dropped EXE
-
\??\c:\hnttnt.exec:\hnttnt.exe48⤵
- Executes dropped EXE
-
\??\c:\tbnnbh.exec:\tbnnbh.exe49⤵
- Executes dropped EXE
-
\??\c:\3pppp.exec:\3pppp.exe50⤵
- Executes dropped EXE
-
\??\c:\lrllfff.exec:\lrllfff.exe51⤵
- Executes dropped EXE
-
\??\c:\xffxrxx.exec:\xffxrxx.exe52⤵
- Executes dropped EXE
-
\??\c:\hbbthb.exec:\hbbthb.exe53⤵
- Executes dropped EXE
-
\??\c:\3dvvd.exec:\3dvvd.exe54⤵
- Executes dropped EXE
-
\??\c:\vdpjd.exec:\vdpjd.exe55⤵
- Executes dropped EXE
-
\??\c:\fxllllr.exec:\fxllllr.exe56⤵
- Executes dropped EXE
-
\??\c:\fxffxfx.exec:\fxffxfx.exe57⤵
- Executes dropped EXE
-
\??\c:\1bnhbn.exec:\1bnhbn.exe58⤵
- Executes dropped EXE
-
\??\c:\nttbtt.exec:\nttbtt.exe59⤵
- Executes dropped EXE
-
\??\c:\3dvpj.exec:\3dvpj.exe60⤵
- Executes dropped EXE
-
\??\c:\jpdpd.exec:\jpdpd.exe61⤵
- Executes dropped EXE
-
\??\c:\llflfff.exec:\llflfff.exe62⤵
- Executes dropped EXE
-
\??\c:\xlrxrff.exec:\xlrxrff.exe63⤵
- Executes dropped EXE
-
\??\c:\1thhhn.exec:\1thhhn.exe64⤵
- Executes dropped EXE
-
\??\c:\9ntbbh.exec:\9ntbbh.exe65⤵
- Executes dropped EXE
-
\??\c:\ppjdj.exec:\ppjdj.exe66⤵
-
\??\c:\vvvvv.exec:\vvvvv.exe67⤵
-
\??\c:\fxfrllf.exec:\fxfrllf.exe68⤵
-
\??\c:\lflfffx.exec:\lflfffx.exe69⤵
-
\??\c:\5nhhhh.exec:\5nhhhh.exe70⤵
-
\??\c:\nnhhhh.exec:\nnhhhh.exe71⤵
-
\??\c:\vjppj.exec:\vjppj.exe72⤵
-
\??\c:\9dvdd.exec:\9dvdd.exe73⤵
-
\??\c:\rxfxxrl.exec:\rxfxxrl.exe74⤵
-
\??\c:\fxxxrxx.exec:\fxxxrxx.exe75⤵
-
\??\c:\7bhhhh.exec:\7bhhhh.exe76⤵
-
\??\c:\bnnhhh.exec:\bnnhhh.exe77⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe78⤵
-
\??\c:\7jppj.exec:\7jppj.exe79⤵
-
\??\c:\flxxrxx.exec:\flxxrxx.exe80⤵
-
\??\c:\xffrrrr.exec:\xffrrrr.exe81⤵
-
\??\c:\lflfrrf.exec:\lflfrrf.exe82⤵
-
\??\c:\tnhhhn.exec:\tnhhhn.exe83⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe84⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe85⤵
-
\??\c:\1fxrlrl.exec:\1fxrlrl.exe86⤵
-
\??\c:\lrllllf.exec:\lrllllf.exe87⤵
-
\??\c:\7tbbnt.exec:\7tbbnt.exe88⤵
-
\??\c:\ppddj.exec:\ppddj.exe89⤵
-
\??\c:\xxxffrx.exec:\xxxffrx.exe90⤵
-
\??\c:\ffxlxfl.exec:\ffxlxfl.exe91⤵
-
\??\c:\hthtnt.exec:\hthtnt.exe92⤵
-
\??\c:\5nnhbb.exec:\5nnhbb.exe93⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe94⤵
-
\??\c:\pvpjd.exec:\pvpjd.exe95⤵
-
\??\c:\lrllfff.exec:\lrllfff.exe96⤵
-
\??\c:\7rfffrx.exec:\7rfffrx.exe97⤵
-
\??\c:\bbbbtt.exec:\bbbbtt.exe98⤵
-
\??\c:\tbhnnt.exec:\tbhnnt.exe99⤵
-
\??\c:\jdddd.exec:\jdddd.exe100⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe101⤵
-
\??\c:\xrrrxfr.exec:\xrrrxfr.exe102⤵
-
\??\c:\3fxxrrr.exec:\3fxxrrr.exe103⤵
-
\??\c:\hhbhhn.exec:\hhbhhn.exe104⤵
-
\??\c:\btntbh.exec:\btntbh.exe105⤵
-
\??\c:\ppdvj.exec:\ppdvj.exe106⤵
-
\??\c:\pvdvv.exec:\pvdvv.exe107⤵
-
\??\c:\ffxxrrx.exec:\ffxxrrx.exe108⤵
-
\??\c:\rffllrx.exec:\rffllrx.exe109⤵
-
\??\c:\lrrllrr.exec:\lrrllrr.exe110⤵
-
\??\c:\hhnnnt.exec:\hhnnnt.exe111⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe112⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe113⤵
-
\??\c:\pdddd.exec:\pdddd.exe114⤵
-
\??\c:\frrxxxx.exec:\frrxxxx.exe115⤵
-
\??\c:\llxrxfl.exec:\llxrxfl.exe116⤵
-
\??\c:\tnhtth.exec:\tnhtth.exe117⤵
-
\??\c:\bbbnht.exec:\bbbnht.exe118⤵
-
\??\c:\ppvdd.exec:\ppvdd.exe119⤵
-
\??\c:\jvppd.exec:\jvppd.exe120⤵
-
\??\c:\xxrxrff.exec:\xxrxrff.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-