Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
16/05/2024, 02:37
General
-
Target
b94572e17b5f93b711d37087eda456ef93c5ca8bbf05ae8d355a09ebbe41f1c5.exe
-
Size
75KB
-
MD5
a78ca02feaf82b30f52efe14c47b5a36
-
SHA1
c4ca8ff2f4a86a0172e92fac5d31e2ccfeacf6a6
-
SHA256
b94572e17b5f93b711d37087eda456ef93c5ca8bbf05ae8d355a09ebbe41f1c5
-
SHA512
e18433f7261fb95541b1086141fff76937c1e2bc058eb3c678e90260ae3211d73d9b8f39545b2382f33cc4500cb8a3b76d9df53a4dd01d8a1ecf7a93d2b94e63
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoAX8gu3Gno9yvrjKT:ymb3NkkiQ3mdBjFo68t3Gno9Ig
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
UPX dump on OEP (original entry point) 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 21 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b94572e17b5f93b711d37087eda456ef93c5ca8bbf05ae8d355a09ebbe41f1c5.exe"C:\Users\Admin\AppData\Local\Temp\b94572e17b5f93b711d37087eda456ef93c5ca8bbf05ae8d355a09ebbe41f1c5.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxfllf.exec:\lxxfllf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ttnth.exec:\5ttnth.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvj.exec:\jdpvj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlffffr.exec:\rlffffr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnhnh.exec:\hhnhnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnttnn.exec:\tnttnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvpd.exec:\vvvpd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvvp.exec:\vjvvp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxxllx.exec:\ffxxllx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nbntt.exec:\9nbntt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbhbb.exec:\bbbhbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pddj.exec:\3pddj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ddjp.exec:\7ddjp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxllrf.exec:\xrxllrf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbhbn.exec:\hhbhbn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hbtbh.exec:\7hbtbh.exe17⤵
- Executes dropped EXE
-
\??\c:\9djdp.exec:\9djdp.exe18⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe19⤵
- Executes dropped EXE
-
\??\c:\xxfxrlx.exec:\xxfxrlx.exe20⤵
- Executes dropped EXE
-
\??\c:\9btnbb.exec:\9btnbb.exe21⤵
- Executes dropped EXE
-
\??\c:\jddjv.exec:\jddjv.exe22⤵
- Executes dropped EXE
-
\??\c:\rfxxxfl.exec:\rfxxxfl.exe23⤵
- Executes dropped EXE
-
\??\c:\ffxrlrl.exec:\ffxrlrl.exe24⤵
- Executes dropped EXE
-
\??\c:\1hbhnn.exec:\1hbhnn.exe25⤵
- Executes dropped EXE
-
\??\c:\nntthn.exec:\nntthn.exe26⤵
- Executes dropped EXE
-
\??\c:\djjvv.exec:\djjvv.exe27⤵
- Executes dropped EXE
-
\??\c:\dpjpd.exec:\dpjpd.exe28⤵
- Executes dropped EXE
-
\??\c:\3lxflxf.exec:\3lxflxf.exe29⤵
- Executes dropped EXE
-
\??\c:\nhtthh.exec:\nhtthh.exe30⤵
- Executes dropped EXE
-
\??\c:\1bbbhn.exec:\1bbbhn.exe31⤵
- Executes dropped EXE
-
\??\c:\jdpdj.exec:\jdpdj.exe32⤵
- Executes dropped EXE
-
\??\c:\jjddv.exec:\jjddv.exe33⤵
- Executes dropped EXE
-
\??\c:\3xrfrxf.exec:\3xrfrxf.exe34⤵
- Executes dropped EXE
-
\??\c:\xrxflrx.exec:\xrxflrx.exe35⤵
- Executes dropped EXE
-
\??\c:\3bhhnt.exec:\3bhhnt.exe36⤵
- Executes dropped EXE
-
\??\c:\bthnbn.exec:\bthnbn.exe37⤵
- Executes dropped EXE
-
\??\c:\vpvpv.exec:\vpvpv.exe38⤵
- Executes dropped EXE
-
\??\c:\3ppjp.exec:\3ppjp.exe39⤵
- Executes dropped EXE
-
\??\c:\llffxlx.exec:\llffxlx.exe40⤵
- Executes dropped EXE
-
\??\c:\lfxfxxx.exec:\lfxfxxx.exe41⤵
- Executes dropped EXE
-
\??\c:\nhntbt.exec:\nhntbt.exe42⤵
- Executes dropped EXE
-
\??\c:\bnbhbt.exec:\bnbhbt.exe43⤵
- Executes dropped EXE
-
\??\c:\vpjpd.exec:\vpjpd.exe44⤵
- Executes dropped EXE
-
\??\c:\dvppp.exec:\dvppp.exe45⤵
- Executes dropped EXE
-
\??\c:\lfrrllx.exec:\lfrrllx.exe46⤵
- Executes dropped EXE
-
\??\c:\rlflrxl.exec:\rlflrxl.exe47⤵
- Executes dropped EXE
-
\??\c:\nnhthn.exec:\nnhthn.exe48⤵
- Executes dropped EXE
-
\??\c:\tnnbhn.exec:\tnnbhn.exe49⤵
- Executes dropped EXE
-
\??\c:\9pjpv.exec:\9pjpv.exe50⤵
- Executes dropped EXE
-
\??\c:\vpddp.exec:\vpddp.exe51⤵
- Executes dropped EXE
-
\??\c:\xrflrxl.exec:\xrflrxl.exe52⤵
- Executes dropped EXE
-
\??\c:\lxlrlll.exec:\lxlrlll.exe53⤵
- Executes dropped EXE
-
\??\c:\7nbnbh.exec:\7nbnbh.exe54⤵
- Executes dropped EXE
-
\??\c:\nhnbnb.exec:\nhnbnb.exe55⤵
- Executes dropped EXE
-
\??\c:\3ppdd.exec:\3ppdd.exe56⤵
- Executes dropped EXE
-
\??\c:\llflrrf.exec:\llflrrf.exe57⤵
- Executes dropped EXE
-
\??\c:\bbntbh.exec:\bbntbh.exe58⤵
- Executes dropped EXE
-
\??\c:\bhnbbb.exec:\bhnbbb.exe59⤵
- Executes dropped EXE
-
\??\c:\5hhbhn.exec:\5hhbhn.exe60⤵
- Executes dropped EXE
-
\??\c:\pjvdd.exec:\pjvdd.exe61⤵
- Executes dropped EXE
-
\??\c:\dpjvd.exec:\dpjvd.exe62⤵
- Executes dropped EXE
-
\??\c:\xflrxxr.exec:\xflrxxr.exe63⤵
- Executes dropped EXE
-
\??\c:\ntnnhh.exec:\ntnnhh.exe64⤵
- Executes dropped EXE
-
\??\c:\hbhhth.exec:\hbhhth.exe65⤵
- Executes dropped EXE
-
\??\c:\pppvv.exec:\pppvv.exe66⤵
-
\??\c:\5vddj.exec:\5vddj.exe67⤵
-
\??\c:\xxlxrxl.exec:\xxlxrxl.exe68⤵
-
\??\c:\3ffrflr.exec:\3ffrflr.exe69⤵
-
\??\c:\hhntbb.exec:\hhntbb.exe70⤵
-
\??\c:\bbnttb.exec:\bbnttb.exe71⤵
-
\??\c:\jddpv.exec:\jddpv.exe72⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe73⤵
-
\??\c:\3jvvd.exec:\3jvvd.exe74⤵
-
\??\c:\fxffrxf.exec:\fxffrxf.exe75⤵
-
\??\c:\9xlfflx.exec:\9xlfflx.exe76⤵
-
\??\c:\1tttbb.exec:\1tttbb.exe77⤵
-
\??\c:\bbtttb.exec:\bbtttb.exe78⤵
-
\??\c:\vppvp.exec:\vppvp.exe79⤵
-
\??\c:\llxxfrf.exec:\llxxfrf.exe80⤵
-
\??\c:\xlxfxrf.exec:\xlxfxrf.exe81⤵
-
\??\c:\fxlrflx.exec:\fxlrflx.exe82⤵
-
\??\c:\hhnnbh.exec:\hhnnbh.exe83⤵
-
\??\c:\nhnbnb.exec:\nhnbnb.exe84⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe85⤵
-
\??\c:\ppddv.exec:\ppddv.exe86⤵
-
\??\c:\rrfrfll.exec:\rrfrfll.exe87⤵
-
\??\c:\5lllrxf.exec:\5lllrxf.exe88⤵
-
\??\c:\3bnhbb.exec:\3bnhbb.exe89⤵
-
\??\c:\ppvvv.exec:\ppvvv.exe90⤵
-
\??\c:\ppjjp.exec:\ppjjp.exe91⤵
-
\??\c:\xrlrflr.exec:\xrlrflr.exe92⤵
-
\??\c:\7frrxxf.exec:\7frrxxf.exe93⤵
-
\??\c:\llxfllx.exec:\llxfllx.exe94⤵
-
\??\c:\htbhhn.exec:\htbhhn.exe95⤵
-
\??\c:\bbtntb.exec:\bbtntb.exe96⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe97⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe98⤵
-
\??\c:\lffxlll.exec:\lffxlll.exe99⤵
-
\??\c:\frfxffl.exec:\frfxffl.exe100⤵
-
\??\c:\bbbnbh.exec:\bbbnbh.exe101⤵
-
\??\c:\bthnbn.exec:\bthnbn.exe102⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe103⤵
-
\??\c:\3dvvd.exec:\3dvvd.exe104⤵
-
\??\c:\lxffxxl.exec:\lxffxxl.exe105⤵
-
\??\c:\rrflrfl.exec:\rrflrfl.exe106⤵
-
\??\c:\9tttbh.exec:\9tttbh.exe107⤵
-
\??\c:\hbnttt.exec:\hbnttt.exe108⤵
-
\??\c:\nbhbbb.exec:\nbhbbb.exe109⤵
-
\??\c:\9vppp.exec:\9vppp.exe110⤵
-
\??\c:\jvjjd.exec:\jvjjd.exe111⤵
-
\??\c:\rlffffr.exec:\rlffffr.exe112⤵
-
\??\c:\rfllffl.exec:\rfllffl.exe113⤵
-
\??\c:\hbbtbb.exec:\hbbtbb.exe114⤵
-
\??\c:\nhtbhn.exec:\nhtbhn.exe115⤵
-
\??\c:\ppvdd.exec:\ppvdd.exe116⤵
-
\??\c:\vvdvd.exec:\vvdvd.exe117⤵
-
\??\c:\pdjvp.exec:\pdjvp.exe118⤵
-
\??\c:\rfxrlll.exec:\rfxrlll.exe119⤵
-
\??\c:\hbnthh.exec:\hbnthh.exe120⤵
-
\??\c:\nhnnnt.exec:\nhnnnt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-