Analysis
-
max time kernel
150s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
16-05-2024 02:37
General
-
Target
b94572e17b5f93b711d37087eda456ef93c5ca8bbf05ae8d355a09ebbe41f1c5.exe
-
Size
75KB
-
MD5
a78ca02feaf82b30f52efe14c47b5a36
-
SHA1
c4ca8ff2f4a86a0172e92fac5d31e2ccfeacf6a6
-
SHA256
b94572e17b5f93b711d37087eda456ef93c5ca8bbf05ae8d355a09ebbe41f1c5
-
SHA512
e18433f7261fb95541b1086141fff76937c1e2bc058eb3c678e90260ae3211d73d9b8f39545b2382f33cc4500cb8a3b76d9df53a4dd01d8a1ecf7a93d2b94e63
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoAX8gu3Gno9yvrjKT:ymb3NkkiQ3mdBjFo68t3Gno9Ig
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
UPX dump on OEP (original entry point) 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b94572e17b5f93b711d37087eda456ef93c5ca8bbf05ae8d355a09ebbe41f1c5.exe"C:\Users\Admin\AppData\Local\Temp\b94572e17b5f93b711d37087eda456ef93c5ca8bbf05ae8d355a09ebbe41f1c5.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\frlxrrl.exec:\frlxrrl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bnnnb.exec:\1bnnnb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vdvj.exec:\9vdvj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrrrrx.exec:\llrrrrx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxrrl.exec:\rlfxrrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttttbb.exec:\ttttbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ppjd.exec:\7ppjd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvj.exec:\jdpvj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lrllfx.exec:\7lrllfx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtthb.exec:\hbtthb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjdv.exec:\ppjdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllffxf.exec:\xllffxf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5llrrrl.exec:\5llrrrl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtnhh.exec:\nhtnhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjdj.exec:\dpjdj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjvp.exec:\vvjvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lxrffx.exec:\7lxrffx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbttnn.exec:\nbttnn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jjvv.exec:\7jjvv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrlffx.exec:\rlrlffx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhbb.exec:\nhhhbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbtnt.exec:\hnbtnt.exe23⤵
- Executes dropped EXE
-
\??\c:\jppjd.exec:\jppjd.exe24⤵
- Executes dropped EXE
-
\??\c:\5fxrrrl.exec:\5fxrrrl.exe25⤵
- Executes dropped EXE
-
\??\c:\lffxxrr.exec:\lffxxrr.exe26⤵
- Executes dropped EXE
-
\??\c:\hhnnnn.exec:\hhnnnn.exe27⤵
- Executes dropped EXE
-
\??\c:\3pddd.exec:\3pddd.exe28⤵
- Executes dropped EXE
-
\??\c:\djvvj.exec:\djvvj.exe29⤵
- Executes dropped EXE
-
\??\c:\rrflxff.exec:\rrflxff.exe30⤵
- Executes dropped EXE
-
\??\c:\nhbtnt.exec:\nhbtnt.exe31⤵
- Executes dropped EXE
-
\??\c:\bttnhb.exec:\bttnhb.exe32⤵
- Executes dropped EXE
-
\??\c:\9pjjv.exec:\9pjjv.exe33⤵
- Executes dropped EXE
-
\??\c:\xffffll.exec:\xffffll.exe34⤵
- Executes dropped EXE
-
\??\c:\lfrfrlx.exec:\lfrfrlx.exe35⤵
- Executes dropped EXE
-
\??\c:\nbbttt.exec:\nbbttt.exe36⤵
- Executes dropped EXE
-
\??\c:\httntt.exec:\httntt.exe37⤵
- Executes dropped EXE
-
\??\c:\pjjjp.exec:\pjjjp.exe38⤵
- Executes dropped EXE
-
\??\c:\dppjd.exec:\dppjd.exe39⤵
- Executes dropped EXE
-
\??\c:\xfrfxrl.exec:\xfrfxrl.exe40⤵
- Executes dropped EXE
-
\??\c:\htbnhh.exec:\htbnhh.exe41⤵
- Executes dropped EXE
-
\??\c:\5htnbt.exec:\5htnbt.exe42⤵
- Executes dropped EXE
-
\??\c:\dpjdj.exec:\dpjdj.exe43⤵
- Executes dropped EXE
-
\??\c:\9xlxlfr.exec:\9xlxlfr.exe44⤵
- Executes dropped EXE
-
\??\c:\frxfrrl.exec:\frxfrrl.exe45⤵
- Executes dropped EXE
-
\??\c:\ntbbnb.exec:\ntbbnb.exe46⤵
- Executes dropped EXE
-
\??\c:\jjdvj.exec:\jjdvj.exe47⤵
- Executes dropped EXE
-
\??\c:\9jvpj.exec:\9jvpj.exe48⤵
- Executes dropped EXE
-
\??\c:\rrxxlff.exec:\rrxxlff.exe49⤵
- Executes dropped EXE
-
\??\c:\hhbbbt.exec:\hhbbbt.exe50⤵
- Executes dropped EXE
-
\??\c:\9tnbtn.exec:\9tnbtn.exe51⤵
- Executes dropped EXE
-
\??\c:\1ddvv.exec:\1ddvv.exe52⤵
- Executes dropped EXE
-
\??\c:\9jjvp.exec:\9jjvp.exe53⤵
- Executes dropped EXE
-
\??\c:\lfxrxxr.exec:\lfxrxxr.exe54⤵
- Executes dropped EXE
-
\??\c:\fxfxxxr.exec:\fxfxxxr.exe55⤵
- Executes dropped EXE
-
\??\c:\bhhhbb.exec:\bhhhbb.exe56⤵
- Executes dropped EXE
-
\??\c:\hhthbb.exec:\hhthbb.exe57⤵
- Executes dropped EXE
-
\??\c:\3djpj.exec:\3djpj.exe58⤵
- Executes dropped EXE
-
\??\c:\pppjj.exec:\pppjj.exe59⤵
- Executes dropped EXE
-
\??\c:\3xlfxxx.exec:\3xlfxxx.exe60⤵
- Executes dropped EXE
-
\??\c:\3bbbtn.exec:\3bbbtn.exe61⤵
- Executes dropped EXE
-
\??\c:\hhbhbh.exec:\hhbhbh.exe62⤵
- Executes dropped EXE
-
\??\c:\ppppd.exec:\ppppd.exe63⤵
- Executes dropped EXE
-
\??\c:\jpdvj.exec:\jpdvj.exe64⤵
- Executes dropped EXE
-
\??\c:\rfflxxr.exec:\rfflxxr.exe65⤵
- Executes dropped EXE
-
\??\c:\nbnhbb.exec:\nbnhbb.exe66⤵
-
\??\c:\bbbbth.exec:\bbbbth.exe67⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe68⤵
-
\??\c:\9vdpj.exec:\9vdpj.exe69⤵
-
\??\c:\ffffxxx.exec:\ffffxxx.exe70⤵
-
\??\c:\xxfrxxr.exec:\xxfrxxr.exe71⤵
-
\??\c:\hbbthb.exec:\hbbthb.exe72⤵
-
\??\c:\tntnnn.exec:\tntnnn.exe73⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe74⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe75⤵
-
\??\c:\7lfxxxf.exec:\7lfxxxf.exe76⤵
-
\??\c:\rlffxxl.exec:\rlffxxl.exe77⤵
-
\??\c:\hbbbtt.exec:\hbbbtt.exe78⤵
-
\??\c:\3httnn.exec:\3httnn.exe79⤵
-
\??\c:\ddjdv.exec:\ddjdv.exe80⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe81⤵
-
\??\c:\rrxfxfx.exec:\rrxfxfx.exe82⤵
-
\??\c:\xflllrl.exec:\xflllrl.exe83⤵
-
\??\c:\nbbtnn.exec:\nbbtnn.exe84⤵
-
\??\c:\nnhhbb.exec:\nnhhbb.exe85⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe86⤵
-
\??\c:\pjvpd.exec:\pjvpd.exe87⤵
-
\??\c:\xxxxxxx.exec:\xxxxxxx.exe88⤵
-
\??\c:\xrrllff.exec:\xrrllff.exe89⤵
-
\??\c:\rxlrxxx.exec:\rxlrxxx.exe90⤵
-
\??\c:\1hnhtt.exec:\1hnhtt.exe91⤵
-
\??\c:\1tnhbh.exec:\1tnhbh.exe92⤵
-
\??\c:\1pvvd.exec:\1pvvd.exe93⤵
-
\??\c:\pvdpj.exec:\pvdpj.exe94⤵
-
\??\c:\rrrlllf.exec:\rrrlllf.exe95⤵
-
\??\c:\rxrxxxl.exec:\rxrxxxl.exe96⤵
-
\??\c:\hbbbbb.exec:\hbbbbb.exe97⤵
-
\??\c:\5nnhth.exec:\5nnhth.exe98⤵
-
\??\c:\htnhbt.exec:\htnhbt.exe99⤵
-
\??\c:\pdvvp.exec:\pdvvp.exe100⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe101⤵
-
\??\c:\jddvv.exec:\jddvv.exe102⤵
-
\??\c:\ffrxrfr.exec:\ffrxrfr.exe103⤵
-
\??\c:\7xfxfff.exec:\7xfxfff.exe104⤵
-
\??\c:\thnnnn.exec:\thnnnn.exe105⤵
-
\??\c:\bttnnn.exec:\bttnnn.exe106⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe107⤵
-
\??\c:\jjjdp.exec:\jjjdp.exe108⤵
-
\??\c:\rrfffff.exec:\rrfffff.exe109⤵
-
\??\c:\hnhthb.exec:\hnhthb.exe110⤵
-
\??\c:\1hthnh.exec:\1hthnh.exe111⤵
-
\??\c:\3pvjj.exec:\3pvjj.exe112⤵
-
\??\c:\1rrlflf.exec:\1rrlflf.exe113⤵
-
\??\c:\fxfxrlr.exec:\fxfxrlr.exe114⤵
-
\??\c:\9bhbht.exec:\9bhbht.exe115⤵
-
\??\c:\httbtt.exec:\httbtt.exe116⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe117⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe118⤵
-
\??\c:\lxxrlll.exec:\lxxrlll.exe119⤵
-
\??\c:\5tbbbh.exec:\5tbbbh.exe120⤵
-
\??\c:\dvjvp.exec:\dvjvp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-