Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
17/05/2024, 04:52
General
-
Target
d9d467619160fd6f4a015459cec428c1ee4fa1e5bd0fed018c90240c9093681a.exe
-
Size
200KB
-
MD5
486018afd6c811a77c44ef0004868497
-
SHA1
09f24e487c02441335ff3cd37f5235ed4fb2dfea
-
SHA256
d9d467619160fd6f4a015459cec428c1ee4fa1e5bd0fed018c90240c9093681a
-
SHA512
bc8cf6ee51dc47b008efee1326b3c3cf2d42cf4d5fe1db234bd19328d4c0eb8c7828c489ba1aad38095bd828113e61586632574f4aed56add10e711f9e68d84d
-
SSDEEP
3072:ymb3NkkiQ3mdBjFIi/0RU6QeYQsm71vPmc51+GqekBJCvr6zJBUt6iW:n3C9BRIG0asYFm71m8+GdkB9h
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
UPX dump on OEP (original entry point) 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 21 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d9d467619160fd6f4a015459cec428c1ee4fa1e5bd0fed018c90240c9093681a.exe"C:\Users\Admin\AppData\Local\Temp\d9d467619160fd6f4a015459cec428c1ee4fa1e5bd0fed018c90240c9093681a.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\btbttn.exec:\btbttn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjvp.exec:\ddjvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjddv.exec:\vjddv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xfffll.exec:\5xfffll.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhhhb.exec:\hhhhhb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnnhb.exec:\nhnnhb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjjj.exec:\jpjjj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxrrl.exec:\lffxrrl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lrrrrr.exec:\5lrrrrr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hhhhn.exec:\3hhhhn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhbbb.exec:\bbhbbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdppp.exec:\vdppp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lxrffr.exec:\5lxrffr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrrrrl.exec:\rxrrrrl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnttnn.exec:\tnttnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nbtbt.exec:\5nbtbt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdvd.exec:\vjdvd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxlll.exec:\xrxxlll.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxffff.exec:\lrxffff.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtntn.exec:\bbtntn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnbhn.exec:\bbnbhn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjpd.exec:\vvjpd.exe23⤵
- Executes dropped EXE
-
\??\c:\pdddv.exec:\pdddv.exe24⤵
- Executes dropped EXE
-
\??\c:\xffxrff.exec:\xffxrff.exe25⤵
- Executes dropped EXE
-
\??\c:\xflllff.exec:\xflllff.exe26⤵
- Executes dropped EXE
-
\??\c:\ntbbbb.exec:\ntbbbb.exe27⤵
- Executes dropped EXE
-
\??\c:\hhhbbt.exec:\hhhbbt.exe28⤵
- Executes dropped EXE
-
\??\c:\jvjpj.exec:\jvjpj.exe29⤵
- Executes dropped EXE
-
\??\c:\xllrlll.exec:\xllrlll.exe30⤵
- Executes dropped EXE
-
\??\c:\5rxxxff.exec:\5rxxxff.exe31⤵
- Executes dropped EXE
-
\??\c:\ntttbb.exec:\ntttbb.exe32⤵
- Executes dropped EXE
-
\??\c:\ttnhtb.exec:\ttnhtb.exe33⤵
- Executes dropped EXE
-
\??\c:\1pdvd.exec:\1pdvd.exe34⤵
- Executes dropped EXE
-
\??\c:\3flxrfx.exec:\3flxrfx.exe35⤵
- Executes dropped EXE
-
\??\c:\hhbttt.exec:\hhbttt.exe36⤵
- Executes dropped EXE
-
\??\c:\nnnnhh.exec:\nnnnhh.exe37⤵
- Executes dropped EXE
-
\??\c:\3pdvd.exec:\3pdvd.exe38⤵
- Executes dropped EXE
-
\??\c:\flrxxxf.exec:\flrxxxf.exe39⤵
- Executes dropped EXE
-
\??\c:\rfllxxx.exec:\rfllxxx.exe40⤵
- Executes dropped EXE
-
\??\c:\nnbttt.exec:\nnbttt.exe41⤵
- Executes dropped EXE
-
\??\c:\httbtt.exec:\httbtt.exe42⤵
- Executes dropped EXE
-
\??\c:\vvvvp.exec:\vvvvp.exe43⤵
- Executes dropped EXE
-
\??\c:\xfrlrrx.exec:\xfrlrrx.exe44⤵
- Executes dropped EXE
-
\??\c:\fflrllf.exec:\fflrllf.exe45⤵
- Executes dropped EXE
-
\??\c:\ttbhbb.exec:\ttbhbb.exe46⤵
- Executes dropped EXE
-
\??\c:\nhnhbb.exec:\nhnhbb.exe47⤵
- Executes dropped EXE
-
\??\c:\pjvpv.exec:\pjvpv.exe48⤵
- Executes dropped EXE
-
\??\c:\pddvp.exec:\pddvp.exe49⤵
- Executes dropped EXE
-
\??\c:\rlrrfrf.exec:\rlrrfrf.exe50⤵
- Executes dropped EXE
-
\??\c:\xflfxfl.exec:\xflfxfl.exe51⤵
- Executes dropped EXE
-
\??\c:\tnbtbb.exec:\tnbtbb.exe52⤵
- Executes dropped EXE
-
\??\c:\ddjjj.exec:\ddjjj.exe53⤵
- Executes dropped EXE
-
\??\c:\vjppp.exec:\vjppp.exe54⤵
- Executes dropped EXE
-
\??\c:\frlfffx.exec:\frlfffx.exe55⤵
- Executes dropped EXE
-
\??\c:\nnhhnh.exec:\nnhhnh.exe56⤵
- Executes dropped EXE
-
\??\c:\dpppp.exec:\dpppp.exe57⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe58⤵
- Executes dropped EXE
-
\??\c:\rlfxrrr.exec:\rlfxrrr.exe59⤵
- Executes dropped EXE
-
\??\c:\nnhhbb.exec:\nnhhbb.exe60⤵
- Executes dropped EXE
-
\??\c:\nhtnnn.exec:\nhtnnn.exe61⤵
- Executes dropped EXE
-
\??\c:\ppjjd.exec:\ppjjd.exe62⤵
- Executes dropped EXE
-
\??\c:\xllrlxr.exec:\xllrlxr.exe63⤵
- Executes dropped EXE
-
\??\c:\xllllfl.exec:\xllllfl.exe64⤵
- Executes dropped EXE
-
\??\c:\tbhhbb.exec:\tbhhbb.exe65⤵
- Executes dropped EXE
-
\??\c:\jjjdd.exec:\jjjdd.exe66⤵
-
\??\c:\rlrllll.exec:\rlrllll.exe67⤵
-
\??\c:\xlffxxr.exec:\xlffxxr.exe68⤵
-
\??\c:\nnntnb.exec:\nnntnb.exe69⤵
-
\??\c:\pvjjp.exec:\pvjjp.exe70⤵
-
\??\c:\jdddd.exec:\jdddd.exe71⤵
-
\??\c:\xrrlfff.exec:\xrrlfff.exe72⤵
-
\??\c:\3httnn.exec:\3httnn.exe73⤵
-
\??\c:\htbtnh.exec:\htbtnh.exe74⤵
-
\??\c:\jvjpj.exec:\jvjpj.exe75⤵
-
\??\c:\ddddj.exec:\ddddj.exe76⤵
-
\??\c:\fxffxfx.exec:\fxffxfx.exe77⤵
-
\??\c:\xxxrlrr.exec:\xxxrlrr.exe78⤵
-
\??\c:\9thntn.exec:\9thntn.exe79⤵
-
\??\c:\jjddj.exec:\jjddj.exe80⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe81⤵
-
\??\c:\rrxrxxf.exec:\rrxrxxf.exe82⤵
-
\??\c:\nnnhhh.exec:\nnnhhh.exe83⤵
-
\??\c:\djjjd.exec:\djjjd.exe84⤵
-
\??\c:\7flfrrx.exec:\7flfrrx.exe85⤵
-
\??\c:\frxxrrl.exec:\frxxrrl.exe86⤵
-
\??\c:\ttbhbb.exec:\ttbhbb.exe87⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe88⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe89⤵
-
\??\c:\9xffrrl.exec:\9xffrrl.exe90⤵
-
\??\c:\nhhbtn.exec:\nhhbtn.exe91⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe92⤵
-
\??\c:\ddvpd.exec:\ddvpd.exe93⤵
-
\??\c:\rlrlfxx.exec:\rlrlfxx.exe94⤵
-
\??\c:\rxrlllf.exec:\rxrlllf.exe95⤵
-
\??\c:\ppvpd.exec:\ppvpd.exe96⤵
-
\??\c:\vppvp.exec:\vppvp.exe97⤵
-
\??\c:\frllllf.exec:\frllllf.exe98⤵
-
\??\c:\lrfllrl.exec:\lrfllrl.exe99⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe100⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe101⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe102⤵
-
\??\c:\xxfrrrl.exec:\xxfrrrl.exe103⤵
-
\??\c:\lrffxxx.exec:\lrffxxx.exe104⤵
-
\??\c:\tnbtbb.exec:\tnbtbb.exe105⤵
-
\??\c:\btttnn.exec:\btttnn.exe106⤵
-
\??\c:\1vvpp.exec:\1vvpp.exe107⤵
-
\??\c:\jdddj.exec:\jdddj.exe108⤵
-
\??\c:\xxxxrrl.exec:\xxxxrrl.exe109⤵
-
\??\c:\rlfxrrl.exec:\rlfxrrl.exe110⤵
-
\??\c:\tnnbth.exec:\tnnbth.exe111⤵
-
\??\c:\jvddp.exec:\jvddp.exe112⤵
-
\??\c:\pdvpp.exec:\pdvpp.exe113⤵
-
\??\c:\9xffxfx.exec:\9xffxfx.exe114⤵
-
\??\c:\ntbbbb.exec:\ntbbbb.exe115⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe116⤵
-
\??\c:\rffxxxr.exec:\rffxxxr.exe117⤵
-
\??\c:\tttnhh.exec:\tttnhh.exe118⤵
-
\??\c:\3ppjj.exec:\3ppjj.exe119⤵
-
\??\c:\pjvpj.exec:\pjvpj.exe120⤵
-
\??\c:\rffffff.exec:\rffffff.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-