Analysis
-
max time kernel
150s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
16-05-2024 23:05
General
-
Target
5e915b79cbcc298d64330eef6a9e84571da0af3f27dac48eb357e9d7f03cf288.exe
-
Size
133KB
-
MD5
1e8f1b3fe27fbc0912784a85bd02f3a1
-
SHA1
f09b3133311cf1de8d1c95cbe7653b40378ff124
-
SHA256
5e915b79cbcc298d64330eef6a9e84571da0af3f27dac48eb357e9d7f03cf288
-
SHA512
a4b95582772a635c12f7215595d2132e437a2ce1ea5ca2f7f43e8ccd27c3758dce871b570fd217086a0ad177edb273ab07ef40c3a1ea2e8cf7190e3c29d76898
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73HUoMsAbrF3BTUwFU:n3C9BRo7HCsAbhxYp
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 18 IoCs
-
UPX dump on OEP (original entry point) 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 20 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5e915b79cbcc298d64330eef6a9e84571da0af3f27dac48eb357e9d7f03cf288.exe"C:\Users\Admin\AppData\Local\Temp\5e915b79cbcc298d64330eef6a9e84571da0af3f27dac48eb357e9d7f03cf288.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhtth.exec:\bbhtth.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjvp.exec:\pjjvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxxfxr.exec:\lrxxfxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhnn.exec:\tnnhnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvvj.exec:\dvvvj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7btbtb.exec:\7btbtb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdjv.exec:\jjdjv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrlrx.exec:\xrlrlrx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbthth.exec:\bbthth.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlxrx.exec:\xrrlxrx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnnbt.exec:\hnnnbt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdddv.exec:\vdddv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflxfrf.exec:\fflxfrf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllrxlx.exec:\rllrxlx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9httbh.exec:\9httbh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jpjj.exec:\7jpjj.exe17⤵
- Executes dropped EXE
-
\??\c:\lfxlrxf.exec:\lfxlrxf.exe18⤵
- Executes dropped EXE
-
\??\c:\9frrxxf.exec:\9frrxxf.exe19⤵
- Executes dropped EXE
-
\??\c:\hthbnt.exec:\hthbnt.exe20⤵
- Executes dropped EXE
-
\??\c:\thhnbb.exec:\thhnbb.exe21⤵
- Executes dropped EXE
-
\??\c:\pjjpd.exec:\pjjpd.exe22⤵
- Executes dropped EXE
-
\??\c:\xxrllrf.exec:\xxrllrf.exe23⤵
- Executes dropped EXE
-
\??\c:\9tntbh.exec:\9tntbh.exe24⤵
- Executes dropped EXE
-
\??\c:\djjjd.exec:\djjjd.exe25⤵
- Executes dropped EXE
-
\??\c:\vvvjd.exec:\vvvjd.exe26⤵
- Executes dropped EXE
-
\??\c:\fllrxrr.exec:\fllrxrr.exe27⤵
- Executes dropped EXE
-
\??\c:\xlxxllx.exec:\xlxxllx.exe28⤵
- Executes dropped EXE
-
\??\c:\jjvdp.exec:\jjvdp.exe29⤵
- Executes dropped EXE
-
\??\c:\7lflfrf.exec:\7lflfrf.exe30⤵
- Executes dropped EXE
-
\??\c:\hnnhbn.exec:\hnnhbn.exe31⤵
- Executes dropped EXE
-
\??\c:\hbnnnt.exec:\hbnnnt.exe32⤵
- Executes dropped EXE
-
\??\c:\jdpvd.exec:\jdpvd.exe33⤵
- Executes dropped EXE
-
\??\c:\rrlxrrf.exec:\rrlxrrf.exe34⤵
- Executes dropped EXE
-
\??\c:\btnntt.exec:\btnntt.exe35⤵
- Executes dropped EXE
-
\??\c:\bhnthh.exec:\bhnthh.exe36⤵
- Executes dropped EXE
-
\??\c:\jvjpv.exec:\jvjpv.exe37⤵
- Executes dropped EXE
-
\??\c:\dpdvd.exec:\dpdvd.exe38⤵
- Executes dropped EXE
-
\??\c:\xffxflf.exec:\xffxflf.exe39⤵
- Executes dropped EXE
-
\??\c:\nbhtth.exec:\nbhtth.exe40⤵
- Executes dropped EXE
-
\??\c:\9ddvd.exec:\9ddvd.exe41⤵
- Executes dropped EXE
-
\??\c:\ppjpd.exec:\ppjpd.exe42⤵
- Executes dropped EXE
-
\??\c:\xrfllrl.exec:\xrfllrl.exe43⤵
- Executes dropped EXE
-
\??\c:\tnnbnb.exec:\tnnbnb.exe44⤵
- Executes dropped EXE
-
\??\c:\pvjdj.exec:\pvjdj.exe45⤵
- Executes dropped EXE
-
\??\c:\ddpvd.exec:\ddpvd.exe46⤵
- Executes dropped EXE
-
\??\c:\lfrffrr.exec:\lfrffrr.exe47⤵
- Executes dropped EXE
-
\??\c:\3nnnnn.exec:\3nnnnn.exe48⤵
- Executes dropped EXE
-
\??\c:\jvpvp.exec:\jvpvp.exe49⤵
- Executes dropped EXE
-
\??\c:\llxxrrr.exec:\llxxrrr.exe50⤵
- Executes dropped EXE
-
\??\c:\5hhthh.exec:\5hhthh.exe51⤵
- Executes dropped EXE
-
\??\c:\ttntbb.exec:\ttntbb.exe52⤵
- Executes dropped EXE
-
\??\c:\vpjvd.exec:\vpjvd.exe53⤵
- Executes dropped EXE
-
\??\c:\flrlxlr.exec:\flrlxlr.exe54⤵
- Executes dropped EXE
-
\??\c:\bbbhbt.exec:\bbbhbt.exe55⤵
- Executes dropped EXE
-
\??\c:\jdvpv.exec:\jdvpv.exe56⤵
- Executes dropped EXE
-
\??\c:\9xrfrxr.exec:\9xrfrxr.exe57⤵
- Executes dropped EXE
-
\??\c:\hbbhth.exec:\hbbhth.exe58⤵
- Executes dropped EXE
-
\??\c:\htnhth.exec:\htnhth.exe59⤵
- Executes dropped EXE
-
\??\c:\vvvjj.exec:\vvvjj.exe60⤵
- Executes dropped EXE
-
\??\c:\5flxrrl.exec:\5flxrrl.exe61⤵
- Executes dropped EXE
-
\??\c:\ttnhhh.exec:\ttnhhh.exe62⤵
- Executes dropped EXE
-
\??\c:\pjppj.exec:\pjppj.exe63⤵
- Executes dropped EXE
-
\??\c:\3fllxxf.exec:\3fllxxf.exe64⤵
- Executes dropped EXE
-
\??\c:\hhtbnt.exec:\hhtbnt.exe65⤵
- Executes dropped EXE
-
\??\c:\jpvvd.exec:\jpvvd.exe66⤵
-
\??\c:\7dvdj.exec:\7dvdj.exe67⤵
-
\??\c:\3ffxlxr.exec:\3ffxlxr.exe68⤵
-
\??\c:\bbnnnn.exec:\bbnnnn.exe69⤵
-
\??\c:\jppdd.exec:\jppdd.exe70⤵
-
\??\c:\vjdjv.exec:\vjdjv.exe71⤵
-
\??\c:\3xrrfrx.exec:\3xrrfrx.exe72⤵
-
\??\c:\1thnbh.exec:\1thnbh.exe73⤵
-
\??\c:\vpjjd.exec:\vpjjd.exe74⤵
-
\??\c:\vpjvp.exec:\vpjvp.exe75⤵
-
\??\c:\rxxfrxl.exec:\rxxfrxl.exe76⤵
-
\??\c:\tttthb.exec:\tttthb.exe77⤵
-
\??\c:\5jjpj.exec:\5jjpj.exe78⤵
-
\??\c:\xffrrll.exec:\xffrrll.exe79⤵
-
\??\c:\5btbhh.exec:\5btbhh.exe80⤵
-
\??\c:\nhhnbn.exec:\nhhnbn.exe81⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe82⤵
-
\??\c:\xrllrrr.exec:\xrllrrr.exe83⤵
-
\??\c:\nnhthn.exec:\nnhthn.exe84⤵
-
\??\c:\hhbhbh.exec:\hhbhbh.exe85⤵
-
\??\c:\vvvjj.exec:\vvvjj.exe86⤵
-
\??\c:\fxxxfrf.exec:\fxxxfrf.exe87⤵
-
\??\c:\9xxxflx.exec:\9xxxflx.exe88⤵
-
\??\c:\nnnnnt.exec:\nnnnnt.exe89⤵
-
\??\c:\pjvdv.exec:\pjvdv.exe90⤵
-
\??\c:\xrlxxfx.exec:\xrlxxfx.exe91⤵
-
\??\c:\7ttbth.exec:\7ttbth.exe92⤵
-
\??\c:\nttbtb.exec:\nttbtb.exe93⤵
-
\??\c:\jvpdv.exec:\jvpdv.exe94⤵
-
\??\c:\9rrrfrf.exec:\9rrrfrf.exe95⤵
-
\??\c:\bhntnn.exec:\bhntnn.exe96⤵
-
\??\c:\ntnhbb.exec:\ntnhbb.exe97⤵
-
\??\c:\5djvj.exec:\5djvj.exe98⤵
-
\??\c:\9llrlrf.exec:\9llrlrf.exe99⤵
-
\??\c:\nnhtnn.exec:\nnhtnn.exe100⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe101⤵
-
\??\c:\ddvvp.exec:\ddvvp.exe102⤵
-
\??\c:\3rrfxlf.exec:\3rrfxlf.exe103⤵
-
\??\c:\nhbnhb.exec:\nhbnhb.exe104⤵
-
\??\c:\vdvdp.exec:\vdvdp.exe105⤵
-
\??\c:\vvvdv.exec:\vvvdv.exe106⤵
-
\??\c:\llfxrrf.exec:\llfxrrf.exe107⤵
-
\??\c:\bnhbhb.exec:\bnhbhb.exe108⤵
-
\??\c:\hbtttb.exec:\hbtttb.exe109⤵
-
\??\c:\ffrlfff.exec:\ffrlfff.exe110⤵
-
\??\c:\tbnhhh.exec:\tbnhhh.exe111⤵
-
\??\c:\ntnbnt.exec:\ntnbnt.exe112⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe113⤵
-
\??\c:\1rrxlrf.exec:\1rrxlrf.exe114⤵
-
\??\c:\nhnhnt.exec:\nhnhnt.exe115⤵
-
\??\c:\dvvjp.exec:\dvvjp.exe116⤵
-
\??\c:\3vvpv.exec:\3vvpv.exe117⤵
-
\??\c:\rrrxlrl.exec:\rrrxlrl.exe118⤵
-
\??\c:\hbbtnt.exec:\hbbtnt.exe119⤵
-
\??\c:\dvvjj.exec:\dvvjj.exe120⤵
-
\??\c:\ddvvd.exec:\ddvvd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-