Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
17/05/2024, 04:52
General
-
Target
d9d467619160fd6f4a015459cec428c1ee4fa1e5bd0fed018c90240c9093681a.exe
-
Size
200KB
-
MD5
486018afd6c811a77c44ef0004868497
-
SHA1
09f24e487c02441335ff3cd37f5235ed4fb2dfea
-
SHA256
d9d467619160fd6f4a015459cec428c1ee4fa1e5bd0fed018c90240c9093681a
-
SHA512
bc8cf6ee51dc47b008efee1326b3c3cf2d42cf4d5fe1db234bd19328d4c0eb8c7828c489ba1aad38095bd828113e61586632574f4aed56add10e711f9e68d84d
-
SSDEEP
3072:ymb3NkkiQ3mdBjFIi/0RU6QeYQsm71vPmc51+GqekBJCvr6zJBUt6iW:n3C9BRIG0asYFm71m8+GdkB9h
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 18 IoCs
-
UPX dump on OEP (original entry point) 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d9d467619160fd6f4a015459cec428c1ee4fa1e5bd0fed018c90240c9093681a.exe"C:\Users\Admin\AppData\Local\Temp\d9d467619160fd6f4a015459cec428c1ee4fa1e5bd0fed018c90240c9093681a.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9rlrflr.exec:\9rlrflr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhtb.exec:\tnhhtb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nttbb.exec:\3nttbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvd.exec:\pjvvd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxflr.exec:\lfxxflr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lflrxr.exec:\5lflrxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbhb.exec:\tnbbhb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthttt.exec:\bthttt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvjp.exec:\jdvjp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppv.exec:\jdppv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lrllfr.exec:\3lrllfr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbhnt.exec:\tnbhnt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbntt.exec:\btbntt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvjv.exec:\pjvjv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpvv.exec:\djpvv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rlrlrl.exec:\3rlrlrl.exe17⤵
- Executes dropped EXE
-
\??\c:\5lxxffl.exec:\5lxxffl.exe18⤵
- Executes dropped EXE
-
\??\c:\tbnntt.exec:\tbnntt.exe19⤵
- Executes dropped EXE
-
\??\c:\tnhntt.exec:\tnhntt.exe20⤵
- Executes dropped EXE
-
\??\c:\dvpdp.exec:\dvpdp.exe21⤵
- Executes dropped EXE
-
\??\c:\pjvvv.exec:\pjvvv.exe22⤵
- Executes dropped EXE
-
\??\c:\xxllxfl.exec:\xxllxfl.exe23⤵
- Executes dropped EXE
-
\??\c:\7xlllrf.exec:\7xlllrf.exe24⤵
- Executes dropped EXE
-
\??\c:\7nntbt.exec:\7nntbt.exe25⤵
- Executes dropped EXE
-
\??\c:\hbtbhh.exec:\hbtbhh.exe26⤵
- Executes dropped EXE
-
\??\c:\vjppj.exec:\vjppj.exe27⤵
- Executes dropped EXE
-
\??\c:\vpppd.exec:\vpppd.exe28⤵
- Executes dropped EXE
-
\??\c:\fxrrrxl.exec:\fxrrrxl.exe29⤵
- Executes dropped EXE
-
\??\c:\lxfllll.exec:\lxfllll.exe30⤵
- Executes dropped EXE
-
\??\c:\tnbhnt.exec:\tnbhnt.exe31⤵
- Executes dropped EXE
-
\??\c:\pjvvd.exec:\pjvvd.exe32⤵
- Executes dropped EXE
-
\??\c:\3pdvv.exec:\3pdvv.exe33⤵
- Executes dropped EXE
-
\??\c:\tnbhnn.exec:\tnbhnn.exe34⤵
- Executes dropped EXE
-
\??\c:\nthbbt.exec:\nthbbt.exe35⤵
- Executes dropped EXE
-
\??\c:\3vjjp.exec:\3vjjp.exe36⤵
- Executes dropped EXE
-
\??\c:\7djdp.exec:\7djdp.exe37⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe38⤵
- Executes dropped EXE
-
\??\c:\fxffrrx.exec:\fxffrrx.exe39⤵
- Executes dropped EXE
-
\??\c:\9xlrxfr.exec:\9xlrxfr.exe40⤵
- Executes dropped EXE
-
\??\c:\7ntbhb.exec:\7ntbhb.exe41⤵
- Executes dropped EXE
-
\??\c:\nbnhhb.exec:\nbnhhb.exe42⤵
- Executes dropped EXE
-
\??\c:\hbnnnh.exec:\hbnnnh.exe43⤵
- Executes dropped EXE
-
\??\c:\5ddpv.exec:\5ddpv.exe44⤵
- Executes dropped EXE
-
\??\c:\jdpvv.exec:\jdpvv.exe45⤵
- Executes dropped EXE
-
\??\c:\xrfrxfr.exec:\xrfrxfr.exe46⤵
- Executes dropped EXE
-
\??\c:\xlxrxxx.exec:\xlxrxxx.exe47⤵
- Executes dropped EXE
-
\??\c:\1bnttt.exec:\1bnttt.exe48⤵
- Executes dropped EXE
-
\??\c:\thnhtn.exec:\thnhtn.exe49⤵
- Executes dropped EXE
-
\??\c:\nhbhnh.exec:\nhbhnh.exe50⤵
- Executes dropped EXE
-
\??\c:\pjjpd.exec:\pjjpd.exe51⤵
- Executes dropped EXE
-
\??\c:\vjdjp.exec:\vjdjp.exe52⤵
- Executes dropped EXE
-
\??\c:\lfllfrl.exec:\lfllfrl.exe53⤵
- Executes dropped EXE
-
\??\c:\lflrxll.exec:\lflrxll.exe54⤵
- Executes dropped EXE
-
\??\c:\xflrrlf.exec:\xflrrlf.exe55⤵
- Executes dropped EXE
-
\??\c:\btbbhn.exec:\btbbhn.exe56⤵
- Executes dropped EXE
-
\??\c:\bnttbt.exec:\bnttbt.exe57⤵
- Executes dropped EXE
-
\??\c:\pdvvd.exec:\pdvvd.exe58⤵
- Executes dropped EXE
-
\??\c:\vpddp.exec:\vpddp.exe59⤵
- Executes dropped EXE
-
\??\c:\xxlxllx.exec:\xxlxllx.exe60⤵
- Executes dropped EXE
-
\??\c:\rrfrrfl.exec:\rrfrrfl.exe61⤵
- Executes dropped EXE
-
\??\c:\rrfflfl.exec:\rrfflfl.exe62⤵
- Executes dropped EXE
-
\??\c:\nbnhnn.exec:\nbnhnn.exe63⤵
- Executes dropped EXE
-
\??\c:\bthnhn.exec:\bthnhn.exe64⤵
- Executes dropped EXE
-
\??\c:\tntnnt.exec:\tntnnt.exe65⤵
- Executes dropped EXE
-
\??\c:\vpjvd.exec:\vpjvd.exe66⤵
-
\??\c:\dpvvd.exec:\dpvvd.exe67⤵
-
\??\c:\lxfxffl.exec:\lxfxffl.exe68⤵
-
\??\c:\fxxxrrl.exec:\fxxxrrl.exe69⤵
-
\??\c:\rlflrrl.exec:\rlflrrl.exe70⤵
-
\??\c:\nbntnt.exec:\nbntnt.exe71⤵
-
\??\c:\tnbhhh.exec:\tnbhhh.exe72⤵
-
\??\c:\1pvvj.exec:\1pvvj.exe73⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe74⤵
-
\??\c:\ddpdj.exec:\ddpdj.exe75⤵
-
\??\c:\lxfxfxf.exec:\lxfxfxf.exe76⤵
-
\??\c:\9llllll.exec:\9llllll.exe77⤵
-
\??\c:\nbnntb.exec:\nbnntb.exe78⤵
-
\??\c:\9nhhnh.exec:\9nhhnh.exe79⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe80⤵
-
\??\c:\dpdjv.exec:\dpdjv.exe81⤵
-
\??\c:\lfxfrxl.exec:\lfxfrxl.exe82⤵
-
\??\c:\xrxxllf.exec:\xrxxllf.exe83⤵
-
\??\c:\1fxxffr.exec:\1fxxffr.exe84⤵
-
\??\c:\7tbbhh.exec:\7tbbhh.exe85⤵
-
\??\c:\9bntbh.exec:\9bntbh.exe86⤵
-
\??\c:\9vpjp.exec:\9vpjp.exe87⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe88⤵
-
\??\c:\fxrxfxf.exec:\fxrxfxf.exe89⤵
-
\??\c:\rlfflfl.exec:\rlfflfl.exe90⤵
-
\??\c:\fxflxxl.exec:\fxflxxl.exe91⤵
-
\??\c:\hbbbhh.exec:\hbbbhh.exe92⤵
-
\??\c:\1tnntt.exec:\1tnntt.exe93⤵
-
\??\c:\jjpvv.exec:\jjpvv.exe94⤵
-
\??\c:\dpppp.exec:\dpppp.exe95⤵
-
\??\c:\1pvdj.exec:\1pvdj.exe96⤵
-
\??\c:\rlxxfxl.exec:\rlxxfxl.exe97⤵
-
\??\c:\9fxfllr.exec:\9fxfllr.exe98⤵
-
\??\c:\hbhhnn.exec:\hbhhnn.exe99⤵
-
\??\c:\9httnn.exec:\9httnn.exe100⤵
-
\??\c:\5htbbb.exec:\5htbbb.exe101⤵
-
\??\c:\3dvvv.exec:\3dvvv.exe102⤵
-
\??\c:\vpjpj.exec:\vpjpj.exe103⤵
-
\??\c:\jvdjv.exec:\jvdjv.exe104⤵
-
\??\c:\fxffllr.exec:\fxffllr.exe105⤵
-
\??\c:\rrlrrrf.exec:\rrlrrrf.exe106⤵
-
\??\c:\lffrxxf.exec:\lffrxxf.exe107⤵
-
\??\c:\tnhhnt.exec:\tnhhnt.exe108⤵
-
\??\c:\hbbhtb.exec:\hbbhtb.exe109⤵
-
\??\c:\3dvjp.exec:\3dvjp.exe110⤵
-
\??\c:\3pdvv.exec:\3pdvv.exe111⤵
-
\??\c:\frxrxff.exec:\frxrxff.exe112⤵
-
\??\c:\9fflrrx.exec:\9fflrrx.exe113⤵
-
\??\c:\xrlllrf.exec:\xrlllrf.exe114⤵
-
\??\c:\nhbhtb.exec:\nhbhtb.exe115⤵
-
\??\c:\nhhnnn.exec:\nhhnnn.exe116⤵
-
\??\c:\1vppd.exec:\1vppd.exe117⤵
-
\??\c:\5htbnn.exec:\5htbnn.exe118⤵
-
\??\c:\7vddj.exec:\7vddj.exe119⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe120⤵
-
\??\c:\lxfxllx.exec:\lxfxllx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-