Analysis
-
max time kernel
150s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
16/05/2024, 01:49
General
-
Target
2ee9ed56b8d6fbe90111abb28bf0c490.exe
-
Size
453KB
-
MD5
2ee9ed56b8d6fbe90111abb28bf0c490
-
SHA1
e4a02b5c8df5fe62d9a5e6471c37eb30d71a73b8
-
SHA256
47cc275e43ff1eefb2d432ef04d89621d2585c25c2be961c7872be19106603c9
-
SHA512
2dea2cbc7b14738bbef498919c32e73943a8ec22794ab964b31a7a2ba101cea5fe46957094f2388678c5f68a368542974d926467c97e7a666794dec9cbd163dd
-
SSDEEP
6144:rcm4FmowdHoSphraHcpOaKHpXfRo0V8JcgE+ezpg1xrloBNTNmU:x4wFHoS3eFaKHpv/VycgE81lg9
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 39 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2ee9ed56b8d6fbe90111abb28bf0c490.exe"C:\Users\Admin\AppData\Local\Temp\2ee9ed56b8d6fbe90111abb28bf0c490.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nnthbb.exec:\nnthbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrxffr.exec:\fxrxffr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvdj.exec:\jvvdj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrfflr.exec:\lxrfflr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthntt.exec:\hthntt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdpv.exec:\jvdpv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nbbhn.exec:\3nbbhn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthhbh.exec:\tthhbh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllxllr.exec:\rllxllr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1htntb.exec:\1htntb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpv.exec:\jdvpv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrllrxf.exec:\xrllrxf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7djpd.exec:\7djpd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppjd.exec:\jppjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhntb.exec:\tnhntb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vppv.exec:\9vppv.exe17⤵
- Executes dropped EXE
-
\??\c:\9frrxxr.exec:\9frrxxr.exe18⤵
- Executes dropped EXE
-
\??\c:\htbhth.exec:\htbhth.exe19⤵
- Executes dropped EXE
-
\??\c:\rffflfl.exec:\rffflfl.exe20⤵
- Executes dropped EXE
-
\??\c:\7bbhnt.exec:\7bbhnt.exe21⤵
- Executes dropped EXE
-
\??\c:\jjppd.exec:\jjppd.exe22⤵
- Executes dropped EXE
-
\??\c:\7rlrxfl.exec:\7rlrxfl.exe23⤵
- Executes dropped EXE
-
\??\c:\hhtbhn.exec:\hhtbhn.exe24⤵
- Executes dropped EXE
-
\??\c:\ttbtbb.exec:\ttbtbb.exe25⤵
- Executes dropped EXE
-
\??\c:\7lfxfxf.exec:\7lfxfxf.exe26⤵
- Executes dropped EXE
-
\??\c:\nthbnb.exec:\nthbnb.exe27⤵
- Executes dropped EXE
-
\??\c:\5pddp.exec:\5pddp.exe28⤵
- Executes dropped EXE
-
\??\c:\lxxfllr.exec:\lxxfllr.exe29⤵
- Executes dropped EXE
-
\??\c:\nhbntn.exec:\nhbntn.exe30⤵
- Executes dropped EXE
-
\??\c:\vjvvj.exec:\vjvvj.exe31⤵
- Executes dropped EXE
-
\??\c:\bhtnth.exec:\bhtnth.exe32⤵
- Executes dropped EXE
-
\??\c:\9nnbbh.exec:\9nnbbh.exe33⤵
- Executes dropped EXE
-
\??\c:\7vvvv.exec:\7vvvv.exe34⤵
- Executes dropped EXE
-
\??\c:\rxlxffr.exec:\rxlxffr.exe35⤵
- Executes dropped EXE
-
\??\c:\hhbnhn.exec:\hhbnhn.exe36⤵
- Executes dropped EXE
-
\??\c:\7btbnb.exec:\7btbnb.exe37⤵
- Executes dropped EXE
-
\??\c:\dpjpv.exec:\dpjpv.exe38⤵
- Executes dropped EXE
-
\??\c:\lllrfll.exec:\lllrfll.exe39⤵
- Executes dropped EXE
-
\??\c:\bnhtbh.exec:\bnhtbh.exe40⤵
- Executes dropped EXE
-
\??\c:\dpdvv.exec:\dpdvv.exe41⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe42⤵
- Executes dropped EXE
-
\??\c:\rlllflr.exec:\rlllflr.exe43⤵
- Executes dropped EXE
-
\??\c:\5frxrff.exec:\5frxrff.exe44⤵
- Executes dropped EXE
-
\??\c:\nhbhhh.exec:\nhbhhh.exe45⤵
- Executes dropped EXE
-
\??\c:\vvvjd.exec:\vvvjd.exe46⤵
- Executes dropped EXE
-
\??\c:\1ddvj.exec:\1ddvj.exe47⤵
- Executes dropped EXE
-
\??\c:\ffxlfrl.exec:\ffxlfrl.exe48⤵
- Executes dropped EXE
-
\??\c:\xrfxffl.exec:\xrfxffl.exe49⤵
- Executes dropped EXE
-
\??\c:\9httnn.exec:\9httnn.exe50⤵
- Executes dropped EXE
-
\??\c:\pjvpj.exec:\pjvpj.exe51⤵
- Executes dropped EXE
-
\??\c:\vdvjv.exec:\vdvjv.exe52⤵
- Executes dropped EXE
-
\??\c:\xrfllxf.exec:\xrfllxf.exe53⤵
- Executes dropped EXE
-
\??\c:\llxxfxr.exec:\llxxfxr.exe54⤵
- Executes dropped EXE
-
\??\c:\hhtbht.exec:\hhtbht.exe55⤵
- Executes dropped EXE
-
\??\c:\3vppd.exec:\3vppd.exe56⤵
- Executes dropped EXE
-
\??\c:\jpvvd.exec:\jpvvd.exe57⤵
- Executes dropped EXE
-
\??\c:\xxxxflx.exec:\xxxxflx.exe58⤵
- Executes dropped EXE
-
\??\c:\5rllrrf.exec:\5rllrrf.exe59⤵
- Executes dropped EXE
-
\??\c:\ntbthb.exec:\ntbthb.exe60⤵
- Executes dropped EXE
-
\??\c:\vpppv.exec:\vpppv.exe61⤵
- Executes dropped EXE
-
\??\c:\vvvjv.exec:\vvvjv.exe62⤵
- Executes dropped EXE
-
\??\c:\3fxfrrf.exec:\3fxfrrf.exe63⤵
- Executes dropped EXE
-
\??\c:\tttbht.exec:\tttbht.exe64⤵
- Executes dropped EXE
-
\??\c:\bbtbhb.exec:\bbtbhb.exe65⤵
- Executes dropped EXE
-
\??\c:\jdjpv.exec:\jdjpv.exe66⤵
-
\??\c:\frlllrl.exec:\frlllrl.exe67⤵
-
\??\c:\ffrrfll.exec:\ffrrfll.exe68⤵
-
\??\c:\9nhnnn.exec:\9nhnnn.exe69⤵
-
\??\c:\pdpvd.exec:\pdpvd.exe70⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe71⤵
-
\??\c:\rlxfflf.exec:\rlxfflf.exe72⤵
-
\??\c:\tnhhtn.exec:\tnhhtn.exe73⤵
-
\??\c:\1nbnnb.exec:\1nbnnb.exe74⤵
-
\??\c:\djddp.exec:\djddp.exe75⤵
-
\??\c:\rllxllr.exec:\rllxllr.exe76⤵
-
\??\c:\7xxfllx.exec:\7xxfllx.exe77⤵
-
\??\c:\5thntb.exec:\5thntb.exe78⤵
-
\??\c:\nnbbhn.exec:\nnbbhn.exe79⤵
-
\??\c:\vjdjj.exec:\vjdjj.exe80⤵
-
\??\c:\xxrfllr.exec:\xxrfllr.exe81⤵
-
\??\c:\xxrxrxf.exec:\xxrxrxf.exe82⤵
-
\??\c:\tnhtbh.exec:\tnhtbh.exe83⤵
-
\??\c:\hnthnn.exec:\hnthnn.exe84⤵
-
\??\c:\9pjjj.exec:\9pjjj.exe85⤵
-
\??\c:\7fxrlrx.exec:\7fxrlrx.exe86⤵
-
\??\c:\lfrffll.exec:\lfrffll.exe87⤵
-
\??\c:\3hnnhh.exec:\3hnnhh.exe88⤵
-
\??\c:\hhhbhn.exec:\hhhbhn.exe89⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe90⤵
-
\??\c:\lflxxfx.exec:\lflxxfx.exe91⤵
-
\??\c:\ffxflrx.exec:\ffxflrx.exe92⤵
-
\??\c:\hhbtth.exec:\hhbtth.exe93⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe94⤵
-
\??\c:\rxrflrf.exec:\rxrflrf.exe95⤵
-
\??\c:\1xxxlll.exec:\1xxxlll.exe96⤵
-
\??\c:\nbtnnb.exec:\nbtnnb.exe97⤵
-
\??\c:\7nhnbb.exec:\7nhnbb.exe98⤵
-
\??\c:\ddddp.exec:\ddddp.exe99⤵
-
\??\c:\dvjvj.exec:\dvjvj.exe100⤵
-
\??\c:\rlffffr.exec:\rlffffr.exe101⤵
-
\??\c:\rxffflr.exec:\rxffflr.exe102⤵
-
\??\c:\tnhntb.exec:\tnhntb.exe103⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe104⤵
-
\??\c:\pdddp.exec:\pdddp.exe105⤵
-
\??\c:\3xxflxf.exec:\3xxflxf.exe106⤵
-
\??\c:\lflflrx.exec:\lflflrx.exe107⤵
-
\??\c:\bnbhhh.exec:\bnbhhh.exe108⤵
-
\??\c:\djppv.exec:\djppv.exe109⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe110⤵
-
\??\c:\fflfrxl.exec:\fflfrxl.exe111⤵
-
\??\c:\3rlxfll.exec:\3rlxfll.exe112⤵
-
\??\c:\hntbhn.exec:\hntbhn.exe113⤵
-
\??\c:\hnbnth.exec:\hnbnth.exe114⤵
-
\??\c:\ppvjd.exec:\ppvjd.exe115⤵
-
\??\c:\3rrrxfl.exec:\3rrrxfl.exe116⤵
-
\??\c:\ffflflx.exec:\ffflflx.exe117⤵
-
\??\c:\ttnthn.exec:\ttnthn.exe118⤵
-
\??\c:\tbbnnn.exec:\tbbnnn.exe119⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe120⤵
-
\??\c:\7djvj.exec:\7djvj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-