Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
18-05-2024 23:18
General
-
Target
82475d709025c6c127103f1644e1a3cb55a9175f3241271f9b829d59d936db81.exe
-
Size
74KB
-
MD5
a97612fd5a2199ec851146d78f541c25
-
SHA1
e642d7cd451946183114ce2ff6499d86045e432a
-
SHA256
82475d709025c6c127103f1644e1a3cb55a9175f3241271f9b829d59d936db81
-
SHA512
77fa71fd6441b830a7c7aed47f190ca572690307b058fd06e5582c0bb99317343d6ba85d5f63be5755c78f38a867c32a911ff57db0a3775118e6cb611435e46e
-
SSDEEP
1536:CvQBeOGtrYS3srx93UBWfwC6Ggnouy8Aeb3F7:ChOmTsF93UYfwC6GIoutAeb3l
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 35 IoCs
-
UPX dump on OEP (original entry point) 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\82475d709025c6c127103f1644e1a3cb55a9175f3241271f9b829d59d936db81.exe"C:\Users\Admin\AppData\Local\Temp\82475d709025c6c127103f1644e1a3cb55a9175f3241271f9b829d59d936db81.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrxffr.exec:\xxrxffr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nnnhn.exec:\9nnnhn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjpp.exec:\pvjpp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xrrrll.exec:\3xrrrll.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbnbn.exec:\tnbnbn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhhbh.exec:\nbhhbh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpjj.exec:\ddpjj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pjjj.exec:\9pjjj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrflrx.exec:\lfrflrx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhnt.exec:\hbhhnt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbnnt.exec:\nhbnnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdpp.exec:\pjdpp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rlrffr.exec:\3rlrffr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1htthh.exec:\1htthh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pdvj.exec:\1pdvj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jddj.exec:\3jddj.exe17⤵
- Executes dropped EXE
-
\??\c:\xrlrxxx.exec:\xrlrxxx.exe18⤵
- Executes dropped EXE
-
\??\c:\hbnhhn.exec:\hbnhhn.exe19⤵
- Executes dropped EXE
-
\??\c:\hbnnnh.exec:\hbnnnh.exe20⤵
- Executes dropped EXE
-
\??\c:\vjpdp.exec:\vjpdp.exe21⤵
- Executes dropped EXE
-
\??\c:\lxflrrl.exec:\lxflrrl.exe22⤵
- Executes dropped EXE
-
\??\c:\rfrllrr.exec:\rfrllrr.exe23⤵
- Executes dropped EXE
-
\??\c:\thhhbh.exec:\thhhbh.exe24⤵
- Executes dropped EXE
-
\??\c:\vjppv.exec:\vjppv.exe25⤵
- Executes dropped EXE
-
\??\c:\9dvdp.exec:\9dvdp.exe26⤵
- Executes dropped EXE
-
\??\c:\lxrrxrr.exec:\lxrrxrr.exe27⤵
- Executes dropped EXE
-
\??\c:\nthhnh.exec:\nthhnh.exe28⤵
- Executes dropped EXE
-
\??\c:\jvpvp.exec:\jvpvp.exe29⤵
- Executes dropped EXE
-
\??\c:\pdpvd.exec:\pdpvd.exe30⤵
- Executes dropped EXE
-
\??\c:\lfrrrrx.exec:\lfrrrrx.exe31⤵
- Executes dropped EXE
-
\??\c:\3lfffff.exec:\3lfffff.exe32⤵
- Executes dropped EXE
-
\??\c:\ntntht.exec:\ntntht.exe33⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe34⤵
- Executes dropped EXE
-
\??\c:\jjdpp.exec:\jjdpp.exe35⤵
- Executes dropped EXE
-
\??\c:\fxlrlrf.exec:\fxlrlrf.exe36⤵
- Executes dropped EXE
-
\??\c:\frxfrlx.exec:\frxfrlx.exe37⤵
- Executes dropped EXE
-
\??\c:\9nnhnn.exec:\9nnhnn.exe38⤵
- Executes dropped EXE
-
\??\c:\htbnnh.exec:\htbnnh.exe39⤵
- Executes dropped EXE
-
\??\c:\1vjjp.exec:\1vjjp.exe40⤵
- Executes dropped EXE
-
\??\c:\dppvp.exec:\dppvp.exe41⤵
- Executes dropped EXE
-
\??\c:\xlxflrl.exec:\xlxflrl.exe42⤵
- Executes dropped EXE
-
\??\c:\xlxlxff.exec:\xlxlxff.exe43⤵
- Executes dropped EXE
-
\??\c:\nbtttb.exec:\nbtttb.exe44⤵
- Executes dropped EXE
-
\??\c:\nbhtnn.exec:\nbhtnn.exe45⤵
- Executes dropped EXE
-
\??\c:\1jdjv.exec:\1jdjv.exe46⤵
- Executes dropped EXE
-
\??\c:\pdppp.exec:\pdppp.exe47⤵
- Executes dropped EXE
-
\??\c:\xrffffl.exec:\xrffffl.exe48⤵
- Executes dropped EXE
-
\??\c:\lxffllr.exec:\lxffllr.exe49⤵
- Executes dropped EXE
-
\??\c:\bnbtnh.exec:\bnbtnh.exe50⤵
- Executes dropped EXE
-
\??\c:\3tnntb.exec:\3tnntb.exe51⤵
- Executes dropped EXE
-
\??\c:\pdppp.exec:\pdppp.exe52⤵
- Executes dropped EXE
-
\??\c:\3jdpp.exec:\3jdpp.exe53⤵
- Executes dropped EXE
-
\??\c:\5pdvd.exec:\5pdvd.exe54⤵
- Executes dropped EXE
-
\??\c:\7flxfff.exec:\7flxfff.exe55⤵
- Executes dropped EXE
-
\??\c:\xlxxrfr.exec:\xlxxrfr.exe56⤵
- Executes dropped EXE
-
\??\c:\3nbbbh.exec:\3nbbbh.exe57⤵
- Executes dropped EXE
-
\??\c:\3nbntb.exec:\3nbntb.exe58⤵
- Executes dropped EXE
-
\??\c:\xrxrxfx.exec:\xrxrxfx.exe59⤵
- Executes dropped EXE
-
\??\c:\5lrfrxx.exec:\5lrfrxx.exe60⤵
- Executes dropped EXE
-
\??\c:\bthhnn.exec:\bthhnn.exe61⤵
- Executes dropped EXE
-
\??\c:\hbtnbn.exec:\hbtnbn.exe62⤵
- Executes dropped EXE
-
\??\c:\dpjdp.exec:\dpjdp.exe63⤵
- Executes dropped EXE
-
\??\c:\jvpdd.exec:\jvpdd.exe64⤵
- Executes dropped EXE
-
\??\c:\lxfflrr.exec:\lxfflrr.exe65⤵
- Executes dropped EXE
-
\??\c:\xlrrrxx.exec:\xlrrrxx.exe66⤵
-
\??\c:\3bnttn.exec:\3bnttn.exe67⤵
-
\??\c:\bnbbtt.exec:\bnbbtt.exe68⤵
-
\??\c:\vpppj.exec:\vpppj.exe69⤵
-
\??\c:\djvvv.exec:\djvvv.exe70⤵
-
\??\c:\3rrrxlr.exec:\3rrrxlr.exe71⤵
-
\??\c:\1xlxfrr.exec:\1xlxfrr.exe72⤵
-
\??\c:\thbntb.exec:\thbntb.exe73⤵
-
\??\c:\btbtnh.exec:\btbtnh.exe74⤵
-
\??\c:\dpjvd.exec:\dpjvd.exe75⤵
-
\??\c:\pddvj.exec:\pddvj.exe76⤵
-
\??\c:\3jdvd.exec:\3jdvd.exe77⤵
-
\??\c:\rrlfffr.exec:\rrlfffr.exe78⤵
-
\??\c:\lxrxfxx.exec:\lxrxfxx.exe79⤵
-
\??\c:\7hbntb.exec:\7hbntb.exe80⤵
-
\??\c:\pdppp.exec:\pdppp.exe81⤵
-
\??\c:\pjdjj.exec:\pjdjj.exe82⤵
-
\??\c:\dpvdj.exec:\dpvdj.exe83⤵
-
\??\c:\1fxxxxl.exec:\1fxxxxl.exe84⤵
-
\??\c:\lfrfrxx.exec:\lfrfrxx.exe85⤵
-
\??\c:\hthhhn.exec:\hthhhn.exe86⤵
-
\??\c:\1hhnhn.exec:\1hhnhn.exe87⤵
-
\??\c:\5dddd.exec:\5dddd.exe88⤵
-
\??\c:\jvpjv.exec:\jvpjv.exe89⤵
-
\??\c:\jdjpv.exec:\jdjpv.exe90⤵
-
\??\c:\rfxffxf.exec:\rfxffxf.exe91⤵
-
\??\c:\btthnh.exec:\btthnh.exe92⤵
-
\??\c:\htbhnt.exec:\htbhnt.exe93⤵
-
\??\c:\pjdvd.exec:\pjdvd.exe94⤵
-
\??\c:\vpjvd.exec:\vpjvd.exe95⤵
-
\??\c:\9vvdd.exec:\9vvdd.exe96⤵
-
\??\c:\5lfrrrr.exec:\5lfrrrr.exe97⤵
-
\??\c:\1frrflx.exec:\1frrflx.exe98⤵
-
\??\c:\7btbtn.exec:\7btbtn.exe99⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe100⤵
-
\??\c:\pjvjd.exec:\pjvjd.exe101⤵
-
\??\c:\vjvdp.exec:\vjvdp.exe102⤵
-
\??\c:\3xllrlf.exec:\3xllrlf.exe103⤵
-
\??\c:\rlxfxlr.exec:\rlxfxlr.exe104⤵
-
\??\c:\7nnbnb.exec:\7nnbnb.exe105⤵
-
\??\c:\pdjpv.exec:\pdjpv.exe106⤵
-
\??\c:\ddpdj.exec:\ddpdj.exe107⤵
-
\??\c:\9xfrrff.exec:\9xfrrff.exe108⤵
-
\??\c:\rxlxfff.exec:\rxlxfff.exe109⤵
-
\??\c:\9bnbhh.exec:\9bnbhh.exe110⤵
-
\??\c:\tnbhtb.exec:\tnbhtb.exe111⤵
-
\??\c:\dvjpj.exec:\dvjpj.exe112⤵
-
\??\c:\jvppp.exec:\jvppp.exe113⤵
-
\??\c:\xfrlrrr.exec:\xfrlrrr.exe114⤵
-
\??\c:\lxlxflf.exec:\lxlxflf.exe115⤵
-
\??\c:\tbhhnh.exec:\tbhhnh.exe116⤵
-
\??\c:\ntbbtt.exec:\ntbbtt.exe117⤵
-
\??\c:\1nbhht.exec:\1nbhht.exe118⤵
-
\??\c:\jdjpd.exec:\jdjpd.exe119⤵
-
\??\c:\djpvv.exec:\djpvv.exe120⤵
-
\??\c:\xlfrrxf.exec:\xlfrrxf.exe121⤵
-
\??\c:\3frrffl.exec:\3frrffl.exe122⤵
-
\??\c:\tbnhnh.exec:\tbnhnh.exe123⤵
-
\??\c:\9nbhnn.exec:\9nbhnn.exe124⤵
-
\??\c:\vvpjd.exec:\vvpjd.exe125⤵
-
\??\c:\dpvjj.exec:\dpvjj.exe126⤵
-
\??\c:\5jvvd.exec:\5jvvd.exe127⤵
-
\??\c:\xlxfxfr.exec:\xlxfxfr.exe128⤵
-
\??\c:\tnbnbb.exec:\tnbnbb.exe129⤵
-
\??\c:\3bhhhn.exec:\3bhhhn.exe130⤵
-
\??\c:\hbhnhn.exec:\hbhnhn.exe131⤵
-
\??\c:\dvpjp.exec:\dvpjp.exe132⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe133⤵
-
\??\c:\xlffxlr.exec:\xlffxlr.exe134⤵
-
\??\c:\fxxfflr.exec:\fxxfflr.exe135⤵
-
\??\c:\nbhnnn.exec:\nbhnnn.exe136⤵
-
\??\c:\tntnhb.exec:\tntnhb.exe137⤵
-
\??\c:\bntbbb.exec:\bntbbb.exe138⤵
-
\??\c:\vvpvd.exec:\vvpvd.exe139⤵
-
\??\c:\7jjdd.exec:\7jjdd.exe140⤵
-
\??\c:\5rrxxlr.exec:\5rrxxlr.exe141⤵
-
\??\c:\xrlflrx.exec:\xrlflrx.exe142⤵
-
\??\c:\5bbhtt.exec:\5bbhtt.exe143⤵
-
\??\c:\htbntb.exec:\htbntb.exe144⤵
-
\??\c:\3dddd.exec:\3dddd.exe145⤵
-
\??\c:\dpppp.exec:\dpppp.exe146⤵
-
\??\c:\flxxflx.exec:\flxxflx.exe147⤵
-
\??\c:\rlfllrx.exec:\rlfllrx.exe148⤵
-
\??\c:\hbnbtb.exec:\hbnbtb.exe149⤵
-
\??\c:\thnntn.exec:\thnntn.exe150⤵
-
\??\c:\9jdjp.exec:\9jdjp.exe151⤵
-
\??\c:\jdjpp.exec:\jdjpp.exe152⤵
-
\??\c:\1rfxlff.exec:\1rfxlff.exe153⤵
-
\??\c:\5lrlxxf.exec:\5lrlxxf.exe154⤵
-
\??\c:\hbbbnt.exec:\hbbbnt.exe155⤵
-
\??\c:\3btttt.exec:\3btttt.exe156⤵
-
\??\c:\vvvjd.exec:\vvvjd.exe157⤵
-
\??\c:\5dvdd.exec:\5dvdd.exe158⤵
-
\??\c:\5xxrlfx.exec:\5xxrlfx.exe159⤵
-
\??\c:\rfrxfxx.exec:\rfrxfxx.exe160⤵
-
\??\c:\hthntt.exec:\hthntt.exe161⤵
-
\??\c:\7tthhh.exec:\7tthhh.exe162⤵
-
\??\c:\9vjpv.exec:\9vjpv.exe163⤵
-
\??\c:\rfffrrx.exec:\rfffrrx.exe164⤵
-
\??\c:\lxlxrrx.exec:\lxlxrrx.exe165⤵
-
\??\c:\hththn.exec:\hththn.exe166⤵
-
\??\c:\7ntbhb.exec:\7ntbhb.exe167⤵
-
\??\c:\vjpvd.exec:\vjpvd.exe168⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe169⤵
-
\??\c:\7lfrxfr.exec:\7lfrxfr.exe170⤵
-
\??\c:\xrflxrf.exec:\xrflxrf.exe171⤵
-
\??\c:\1nhnhh.exec:\1nhnhh.exe172⤵
-
\??\c:\9hbntb.exec:\9hbntb.exe173⤵
-
\??\c:\1vjpp.exec:\1vjpp.exe174⤵
-
\??\c:\vjpvp.exec:\vjpvp.exe175⤵
-
\??\c:\1rxfffr.exec:\1rxfffr.exe176⤵
-
\??\c:\lxlllll.exec:\lxlllll.exe177⤵
-
\??\c:\3nhntt.exec:\3nhntt.exe178⤵
-
\??\c:\tnbhtt.exec:\tnbhtt.exe179⤵
-
\??\c:\dpjpp.exec:\dpjpp.exe180⤵
-
\??\c:\9jdjv.exec:\9jdjv.exe181⤵
-
\??\c:\xxfrlxr.exec:\xxfrlxr.exe182⤵
-
\??\c:\lxlrrlr.exec:\lxlrrlr.exe183⤵
-
\??\c:\9nntnb.exec:\9nntnb.exe184⤵
-
\??\c:\hthnhb.exec:\hthnhb.exe185⤵
-
\??\c:\vjdvd.exec:\vjdvd.exe186⤵
-
\??\c:\ddpjp.exec:\ddpjp.exe187⤵
-
\??\c:\7rlrrlr.exec:\7rlrrlr.exe188⤵
-
\??\c:\rflrflr.exec:\rflrflr.exe189⤵
-
\??\c:\thbnbb.exec:\thbnbb.exe190⤵
-
\??\c:\7tnbbn.exec:\7tnbbn.exe191⤵
-
\??\c:\5dpjp.exec:\5dpjp.exe192⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe193⤵
-
\??\c:\lxfflxf.exec:\lxfflxf.exe194⤵
-
\??\c:\xlrllrx.exec:\xlrllrx.exe195⤵
-
\??\c:\9nhhnh.exec:\9nhhnh.exe196⤵
-
\??\c:\7bnntt.exec:\7bnntt.exe197⤵
-
\??\c:\djvdv.exec:\djvdv.exe198⤵
-
\??\c:\jpjpd.exec:\jpjpd.exe199⤵
-
\??\c:\5frxxxl.exec:\5frxxxl.exe200⤵
-
\??\c:\flxflrx.exec:\flxflrx.exe201⤵
-
\??\c:\1tnntt.exec:\1tnntt.exe202⤵
-
\??\c:\7bthtt.exec:\7bthtt.exe203⤵
-
\??\c:\7vddj.exec:\7vddj.exe204⤵
-
\??\c:\9rxfffr.exec:\9rxfffr.exe205⤵
-
\??\c:\5lfxxlx.exec:\5lfxxlx.exe206⤵
-
\??\c:\bbnbhh.exec:\bbnbhh.exe207⤵
-
\??\c:\jjvvd.exec:\jjvvd.exe208⤵
-
\??\c:\lxffrxf.exec:\lxffrxf.exe209⤵
-
\??\c:\lxlxlxx.exec:\lxlxlxx.exe210⤵
-
\??\c:\bnhbhn.exec:\bnhbhn.exe211⤵
-
\??\c:\thnbnn.exec:\thnbnn.exe212⤵
-
\??\c:\7jdpd.exec:\7jdpd.exe213⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe214⤵
-
\??\c:\lxlrrxl.exec:\lxlrrxl.exe215⤵
-
\??\c:\lxffxrx.exec:\lxffxrx.exe216⤵
-
\??\c:\nbbhtt.exec:\nbbhtt.exe217⤵
-
\??\c:\btntbh.exec:\btntbh.exe218⤵
-
\??\c:\hbnttb.exec:\hbnttb.exe219⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe220⤵
-
\??\c:\3jvdv.exec:\3jvdv.exe221⤵
-
\??\c:\frlxrxf.exec:\frlxrxf.exe222⤵
-
\??\c:\xlrxrrx.exec:\xlrxrrx.exe223⤵
-
\??\c:\3bhntn.exec:\3bhntn.exe224⤵
-
\??\c:\nbbhtt.exec:\nbbhtt.exe225⤵
-
\??\c:\pjvjd.exec:\pjvjd.exe226⤵
-
\??\c:\3pjjp.exec:\3pjjp.exe227⤵
-
\??\c:\lrfllfl.exec:\lrfllfl.exe228⤵
-
\??\c:\lflllll.exec:\lflllll.exe229⤵
-
\??\c:\ntbttb.exec:\ntbttb.exe230⤵
-
\??\c:\bnbhbb.exec:\bnbhbb.exe231⤵
-
\??\c:\5vdvd.exec:\5vdvd.exe232⤵
-
\??\c:\jpddp.exec:\jpddp.exe233⤵
-
\??\c:\1jpjp.exec:\1jpjp.exe234⤵
-
\??\c:\rfllrll.exec:\rfllrll.exe235⤵
-
\??\c:\xfrrxrx.exec:\xfrrxrx.exe236⤵
-
\??\c:\5nthnn.exec:\5nthnn.exe237⤵
-
\??\c:\5tntnn.exec:\5tntnn.exe238⤵
-
\??\c:\7pdjj.exec:\7pdjj.exe239⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe240⤵
-
\??\c:\5lfrxxx.exec:\5lfrxxx.exe241⤵