Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
16-05-2024 18:12
General
-
Target
03038d53a7000b0955dee5816c114c99dfc4ef153a7297b86792c77f56d69f31.exe
-
Size
224KB
-
MD5
455fa0f4f4cd34d3402a200c703bd361
-
SHA1
a88b0e4f1fb544fe7e8f337f87ad523fde400ae2
-
SHA256
03038d53a7000b0955dee5816c114c99dfc4ef153a7297b86792c77f56d69f31
-
SHA512
bb8c21ec55592621d15ffb09d25aaed1f2da952cca366751d5c6267cafe6819ec664e1027641c1cbe70acf8643a9a5fb2234dae784c0066522cb18c1a8b5d3a3
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4xL79:n3C9BRo7MlrWKo+lxKZ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
UPX dump on OEP (original entry point) 30 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\03038d53a7000b0955dee5816c114c99dfc4ef153a7297b86792c77f56d69f31.exe"C:\Users\Admin\AppData\Local\Temp\03038d53a7000b0955dee5816c114c99dfc4ef153a7297b86792c77f56d69f31.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpdd.exec:\jdpdd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jpjp.exec:\9jpjp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfxrxl.exec:\lxfxrxl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntbhh.exec:\bntbhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pvdd.exec:\1pvdd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddj.exec:\vpddj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfrfll.exec:\xlfrfll.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbtnn.exec:\tnbtnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhnnn.exec:\bnhnnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pddd.exec:\1pddd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lrlllr.exec:\5lrlllr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxlff.exec:\lfxxlff.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhnh.exec:\hbhhnh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvd.exec:\vpdvd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvdd.exec:\dvvdd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lxxffl.exec:\1lxxffl.exe17⤵
- Executes dropped EXE
-
\??\c:\lxffffl.exec:\lxffffl.exe18⤵
- Executes dropped EXE
-
\??\c:\5nbhnt.exec:\5nbhnt.exe19⤵
- Executes dropped EXE
-
\??\c:\dpvvv.exec:\dpvvv.exe20⤵
- Executes dropped EXE
-
\??\c:\jdpvd.exec:\jdpvd.exe21⤵
- Executes dropped EXE
-
\??\c:\lfrrffr.exec:\lfrrffr.exe22⤵
- Executes dropped EXE
-
\??\c:\5llrrxf.exec:\5llrrxf.exe23⤵
- Executes dropped EXE
-
\??\c:\thnnnt.exec:\thnnnt.exe24⤵
- Executes dropped EXE
-
\??\c:\pjdjp.exec:\pjdjp.exe25⤵
- Executes dropped EXE
-
\??\c:\ddppj.exec:\ddppj.exe26⤵
- Executes dropped EXE
-
\??\c:\5xflrrf.exec:\5xflrrf.exe27⤵
- Executes dropped EXE
-
\??\c:\nbhnnt.exec:\nbhnnt.exe28⤵
- Executes dropped EXE
-
\??\c:\bnbbbh.exec:\bnbbbh.exe29⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe30⤵
- Executes dropped EXE
-
\??\c:\3jvvv.exec:\3jvvv.exe31⤵
- Executes dropped EXE
-
\??\c:\xlrrrlf.exec:\xlrrrlf.exe32⤵
- Executes dropped EXE
-
\??\c:\bthntt.exec:\bthntt.exe33⤵
- Executes dropped EXE
-
\??\c:\btnthn.exec:\btnthn.exe34⤵
- Executes dropped EXE
-
\??\c:\5jjjv.exec:\5jjjv.exe35⤵
- Executes dropped EXE
-
\??\c:\xlxflfr.exec:\xlxflfr.exe36⤵
- Executes dropped EXE
-
\??\c:\xlrlxlr.exec:\xlrlxlr.exe37⤵
- Executes dropped EXE
-
\??\c:\nhntbb.exec:\nhntbb.exe38⤵
- Executes dropped EXE
-
\??\c:\bnbbbb.exec:\bnbbbb.exe39⤵
- Executes dropped EXE
-
\??\c:\jvvvd.exec:\jvvvd.exe40⤵
- Executes dropped EXE
-
\??\c:\vjvdd.exec:\vjvdd.exe41⤵
- Executes dropped EXE
-
\??\c:\5flllrr.exec:\5flllrr.exe42⤵
- Executes dropped EXE
-
\??\c:\7fllrxr.exec:\7fllrxr.exe43⤵
- Executes dropped EXE
-
\??\c:\nnhntn.exec:\nnhntn.exe44⤵
- Executes dropped EXE
-
\??\c:\1tbbbb.exec:\1tbbbb.exe45⤵
- Executes dropped EXE
-
\??\c:\7vjjj.exec:\7vjjj.exe46⤵
- Executes dropped EXE
-
\??\c:\pddvd.exec:\pddvd.exe47⤵
- Executes dropped EXE
-
\??\c:\3lxrxfl.exec:\3lxrxfl.exe48⤵
- Executes dropped EXE
-
\??\c:\7xllrfr.exec:\7xllrfr.exe49⤵
- Executes dropped EXE
-
\??\c:\hbnnnn.exec:\hbnnnn.exe50⤵
- Executes dropped EXE
-
\??\c:\5thbhn.exec:\5thbhn.exe51⤵
- Executes dropped EXE
-
\??\c:\pvddd.exec:\pvddd.exe52⤵
- Executes dropped EXE
-
\??\c:\ddpdp.exec:\ddpdp.exe53⤵
- Executes dropped EXE
-
\??\c:\rflfrlr.exec:\rflfrlr.exe54⤵
- Executes dropped EXE
-
\??\c:\9frxllf.exec:\9frxllf.exe55⤵
- Executes dropped EXE
-
\??\c:\hthhnt.exec:\hthhnt.exe56⤵
- Executes dropped EXE
-
\??\c:\nhbhbb.exec:\nhbhbb.exe57⤵
- Executes dropped EXE
-
\??\c:\dvppv.exec:\dvppv.exe58⤵
- Executes dropped EXE
-
\??\c:\djpdp.exec:\djpdp.exe59⤵
- Executes dropped EXE
-
\??\c:\7lxxfxf.exec:\7lxxfxf.exe60⤵
- Executes dropped EXE
-
\??\c:\lfxxlff.exec:\lfxxlff.exe61⤵
- Executes dropped EXE
-
\??\c:\7nbtbt.exec:\7nbtbt.exe62⤵
- Executes dropped EXE
-
\??\c:\1dvdj.exec:\1dvdj.exe63⤵
- Executes dropped EXE
-
\??\c:\jjvdp.exec:\jjvdp.exe64⤵
- Executes dropped EXE
-
\??\c:\1rxrxxf.exec:\1rxrxxf.exe65⤵
- Executes dropped EXE
-
\??\c:\fxfrxfl.exec:\fxfrxfl.exe66⤵
-
\??\c:\rfrxfll.exec:\rfrxfll.exe67⤵
-
\??\c:\bthnbh.exec:\bthnbh.exe68⤵
-
\??\c:\9bhhhh.exec:\9bhhhh.exe69⤵
-
\??\c:\vvvjd.exec:\vvvjd.exe70⤵
-
\??\c:\3vpvv.exec:\3vpvv.exe71⤵
-
\??\c:\rlflrrf.exec:\rlflrrf.exe72⤵
-
\??\c:\ffrfrlx.exec:\ffrfrlx.exe73⤵
-
\??\c:\httttb.exec:\httttb.exe74⤵
-
\??\c:\hhnhtn.exec:\hhnhtn.exe75⤵
-
\??\c:\djjjj.exec:\djjjj.exe76⤵
-
\??\c:\5vjdd.exec:\5vjdd.exe77⤵
-
\??\c:\djdpp.exec:\djdpp.exe78⤵
-
\??\c:\9lxfllx.exec:\9lxfllx.exe79⤵
-
\??\c:\rlrlllr.exec:\rlrlllr.exe80⤵
-
\??\c:\5htbhn.exec:\5htbhn.exe81⤵
-
\??\c:\1hbhnb.exec:\1hbhnb.exe82⤵
-
\??\c:\jdjpj.exec:\jdjpj.exe83⤵
-
\??\c:\3djdv.exec:\3djdv.exe84⤵
-
\??\c:\lfffxfl.exec:\lfffxfl.exe85⤵
-
\??\c:\xlxlrrx.exec:\xlxlrrx.exe86⤵
-
\??\c:\9nbnbb.exec:\9nbnbb.exe87⤵
-
\??\c:\nhbhnh.exec:\nhbhnh.exe88⤵
-
\??\c:\tnhbhn.exec:\tnhbhn.exe89⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe90⤵
-
\??\c:\5jvvv.exec:\5jvvv.exe91⤵
-
\??\c:\5rlrflr.exec:\5rlrflr.exe92⤵
-
\??\c:\rlxrxfl.exec:\rlxrxfl.exe93⤵
-
\??\c:\9thhhn.exec:\9thhhn.exe94⤵
-
\??\c:\3hhthn.exec:\3hhthn.exe95⤵
-
\??\c:\dpdjp.exec:\dpdjp.exe96⤵
-
\??\c:\ppvjd.exec:\ppvjd.exe97⤵
-
\??\c:\rffxxrr.exec:\rffxxrr.exe98⤵
-
\??\c:\rlxffff.exec:\rlxffff.exe99⤵
-
\??\c:\tbthbh.exec:\tbthbh.exe100⤵
-
\??\c:\thtbbh.exec:\thtbbh.exe101⤵
-
\??\c:\9jvpp.exec:\9jvpp.exe102⤵
-
\??\c:\pdvdp.exec:\pdvdp.exe103⤵
-
\??\c:\1lxflrf.exec:\1lxflrf.exe104⤵
-
\??\c:\lflrxfl.exec:\lflrxfl.exe105⤵
-
\??\c:\rlxrxxl.exec:\rlxrxxl.exe106⤵
-
\??\c:\nnbnbh.exec:\nnbnbh.exe107⤵
-
\??\c:\bntnhn.exec:\bntnhn.exe108⤵
-
\??\c:\vvdvd.exec:\vvdvd.exe109⤵
-
\??\c:\ppjpv.exec:\ppjpv.exe110⤵
-
\??\c:\3lxlxrf.exec:\3lxlxrf.exe111⤵
-
\??\c:\llfxlxl.exec:\llfxlxl.exe112⤵
-
\??\c:\hbbtnb.exec:\hbbtnb.exe113⤵
-
\??\c:\hhtbnt.exec:\hhtbnt.exe114⤵
-
\??\c:\hhnbnt.exec:\hhnbnt.exe115⤵
-
\??\c:\1dvjj.exec:\1dvjj.exe116⤵
-
\??\c:\3dvvd.exec:\3dvvd.exe117⤵
-
\??\c:\5jvjp.exec:\5jvjp.exe118⤵
-
\??\c:\llxlxxl.exec:\llxlxxl.exe119⤵
-
\??\c:\ffflxlf.exec:\ffflxlf.exe120⤵
-
\??\c:\7tthbn.exec:\7tthbn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-