Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
18-05-2024 23:42
General
-
Target
8bc691dd97f7637eb80a59458f218ce53c1b4407ebbb669b2cd3c608afa6b710.exe
-
Size
111KB
-
MD5
03d5f6b0156c4dad3e28a03e28df53f4
-
SHA1
39478dcba20a9bdf85a664d5753021b8bfd53627
-
SHA256
8bc691dd97f7637eb80a59458f218ce53c1b4407ebbb669b2cd3c608afa6b710
-
SHA512
1fcff56d9f0af94beb93bb76a7b3d16e3ff2d136920e4db1e736a2e523ded9bc5d8da88b5ca8172927d17981e1130a5c5187c8b2dca67990841d85a7f82f204d
-
SSDEEP
3072:ymb3NkkiQ3mdBjFWXkj7afowpDyJo1ZFt:n3C9BRW0j/wtyJ0
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
UPX dump on OEP (original entry point) 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8bc691dd97f7637eb80a59458f218ce53c1b4407ebbb669b2cd3c608afa6b710.exe"C:\Users\Admin\AppData\Local\Temp\8bc691dd97f7637eb80a59458f218ce53c1b4407ebbb669b2cd3c608afa6b710.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtbbb.exec:\hbtbbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjv.exec:\dvjjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rlfrxl.exec:\3rlfrxl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhtb.exec:\nhbhtb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpvd.exec:\jjpvd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xrlxxx.exec:\7xrlxxx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbttnt.exec:\bbttnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jjjp.exec:\5jjjp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxxffr.exec:\fxxxffr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5htbhn.exec:\5htbhn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjp.exec:\dvjjp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllxrrf.exec:\lllxrrf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnnbt.exec:\nhnnbt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dpvj.exec:\7dpvj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jvpv.exec:\7jvpv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxfllr.exec:\rlxfllr.exe17⤵
- Executes dropped EXE
-
\??\c:\nhbttb.exec:\nhbttb.exe18⤵
- Executes dropped EXE
-
\??\c:\3vddj.exec:\3vddj.exe19⤵
- Executes dropped EXE
-
\??\c:\ppjvj.exec:\ppjvj.exe20⤵
- Executes dropped EXE
-
\??\c:\lfxrrrx.exec:\lfxrrrx.exe21⤵
- Executes dropped EXE
-
\??\c:\3xrrxff.exec:\3xrrxff.exe22⤵
- Executes dropped EXE
-
\??\c:\nnhbhn.exec:\nnhbhn.exe23⤵
- Executes dropped EXE
-
\??\c:\jjjpd.exec:\jjjpd.exe24⤵
- Executes dropped EXE
-
\??\c:\jvddj.exec:\jvddj.exe25⤵
- Executes dropped EXE
-
\??\c:\3rlrxxr.exec:\3rlrxxr.exe26⤵
- Executes dropped EXE
-
\??\c:\bthntt.exec:\bthntt.exe27⤵
- Executes dropped EXE
-
\??\c:\5jpjp.exec:\5jpjp.exe28⤵
- Executes dropped EXE
-
\??\c:\1frrxfl.exec:\1frrxfl.exe29⤵
- Executes dropped EXE
-
\??\c:\3bnbbt.exec:\3bnbbt.exe30⤵
- Executes dropped EXE
-
\??\c:\nhhhnt.exec:\nhhhnt.exe31⤵
- Executes dropped EXE
-
\??\c:\ppddp.exec:\ppddp.exe32⤵
- Executes dropped EXE
-
\??\c:\lffrflr.exec:\lffrflr.exe33⤵
- Executes dropped EXE
-
\??\c:\bthbnt.exec:\bthbnt.exe34⤵
- Executes dropped EXE
-
\??\c:\ppvjp.exec:\ppvjp.exe35⤵
- Executes dropped EXE
-
\??\c:\dvdvv.exec:\dvdvv.exe36⤵
- Executes dropped EXE
-
\??\c:\rrlrxxl.exec:\rrlrxxl.exe37⤵
- Executes dropped EXE
-
\??\c:\5nbttt.exec:\5nbttt.exe38⤵
- Executes dropped EXE
-
\??\c:\bthntb.exec:\bthntb.exe39⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe40⤵
- Executes dropped EXE
-
\??\c:\pjdjv.exec:\pjdjv.exe41⤵
- Executes dropped EXE
-
\??\c:\lxlrrfx.exec:\lxlrrfx.exe42⤵
- Executes dropped EXE
-
\??\c:\nhtbnn.exec:\nhtbnn.exe43⤵
- Executes dropped EXE
-
\??\c:\nhtbnn.exec:\nhtbnn.exe44⤵
- Executes dropped EXE
-
\??\c:\vppdj.exec:\vppdj.exe45⤵
- Executes dropped EXE
-
\??\c:\1dvvd.exec:\1dvvd.exe46⤵
- Executes dropped EXE
-
\??\c:\fxlrrxx.exec:\fxlrrxx.exe47⤵
- Executes dropped EXE
-
\??\c:\lfxfrrx.exec:\lfxfrrx.exe48⤵
- Executes dropped EXE
-
\??\c:\bbthnb.exec:\bbthnb.exe49⤵
- Executes dropped EXE
-
\??\c:\nntbbn.exec:\nntbbn.exe50⤵
- Executes dropped EXE
-
\??\c:\jvjjv.exec:\jvjjv.exe51⤵
- Executes dropped EXE
-
\??\c:\9vjdj.exec:\9vjdj.exe52⤵
- Executes dropped EXE
-
\??\c:\rlxxflx.exec:\rlxxflx.exe53⤵
- Executes dropped EXE
-
\??\c:\5xfrlxr.exec:\5xfrlxr.exe54⤵
- Executes dropped EXE
-
\??\c:\bthttb.exec:\bthttb.exe55⤵
- Executes dropped EXE
-
\??\c:\7vdjp.exec:\7vdjp.exe56⤵
- Executes dropped EXE
-
\??\c:\xfxxlrx.exec:\xfxxlrx.exe57⤵
- Executes dropped EXE
-
\??\c:\lflffff.exec:\lflffff.exe58⤵
- Executes dropped EXE
-
\??\c:\nhtbbb.exec:\nhtbbb.exe59⤵
- Executes dropped EXE
-
\??\c:\5hbnbb.exec:\5hbnbb.exe60⤵
- Executes dropped EXE
-
\??\c:\5vpvd.exec:\5vpvd.exe61⤵
- Executes dropped EXE
-
\??\c:\9jjvd.exec:\9jjvd.exe62⤵
- Executes dropped EXE
-
\??\c:\llrfrxr.exec:\llrfrxr.exe63⤵
- Executes dropped EXE
-
\??\c:\lfrxllx.exec:\lfrxllx.exe64⤵
- Executes dropped EXE
-
\??\c:\bhbnnt.exec:\bhbnnt.exe65⤵
- Executes dropped EXE
-
\??\c:\bbnbhn.exec:\bbnbhn.exe66⤵
-
\??\c:\jjdjp.exec:\jjdjp.exe67⤵
-
\??\c:\jvpdj.exec:\jvpdj.exe68⤵
-
\??\c:\3xrrrxl.exec:\3xrrrxl.exe69⤵
-
\??\c:\7fxxffl.exec:\7fxxffl.exe70⤵
-
\??\c:\ttntbn.exec:\ttntbn.exe71⤵
-
\??\c:\3bnbnt.exec:\3bnbnt.exe72⤵
-
\??\c:\vvjpv.exec:\vvjpv.exe73⤵
-
\??\c:\fxflfrx.exec:\fxflfrx.exe74⤵
-
\??\c:\ffrflrf.exec:\ffrflrf.exe75⤵
-
\??\c:\hbbhnn.exec:\hbbhnn.exe76⤵
-
\??\c:\3tbntb.exec:\3tbntb.exe77⤵
-
\??\c:\jdpdd.exec:\jdpdd.exe78⤵
-
\??\c:\dpdjp.exec:\dpdjp.exe79⤵
-
\??\c:\lxlxflr.exec:\lxlxflr.exe80⤵
-
\??\c:\xrxflxr.exec:\xrxflxr.exe81⤵
-
\??\c:\ttnbhn.exec:\ttnbhn.exe82⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe83⤵
-
\??\c:\ddpdp.exec:\ddpdp.exe84⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe85⤵
-
\??\c:\xxrxrxl.exec:\xxrxrxl.exe86⤵
-
\??\c:\ffffxxf.exec:\ffffxxf.exe87⤵
-
\??\c:\ttnntb.exec:\ttnntb.exe88⤵
-
\??\c:\1vvvd.exec:\1vvvd.exe89⤵
-
\??\c:\ddvjp.exec:\ddvjp.exe90⤵
-
\??\c:\7rrfllr.exec:\7rrfllr.exe91⤵
-
\??\c:\flrfxxl.exec:\flrfxxl.exe92⤵
-
\??\c:\5ttbnn.exec:\5ttbnn.exe93⤵
-
\??\c:\hbtbnt.exec:\hbtbnt.exe94⤵
-
\??\c:\vvppv.exec:\vvppv.exe95⤵
-
\??\c:\7ddjv.exec:\7ddjv.exe96⤵
-
\??\c:\3lrllxf.exec:\3lrllxf.exe97⤵
-
\??\c:\9rrfxxl.exec:\9rrfxxl.exe98⤵
-
\??\c:\fxrxflf.exec:\fxrxflf.exe99⤵
-
\??\c:\7bbhtb.exec:\7bbhtb.exe100⤵
-
\??\c:\5thtbh.exec:\5thtbh.exe101⤵
-
\??\c:\3ddvj.exec:\3ddvj.exe102⤵
-
\??\c:\vvvvj.exec:\vvvvj.exe103⤵
-
\??\c:\rrlxrxl.exec:\rrlxrxl.exe104⤵
-
\??\c:\xxxfrxl.exec:\xxxfrxl.exe105⤵
-
\??\c:\1tnhth.exec:\1tnhth.exe106⤵
-
\??\c:\hbhtth.exec:\hbhtth.exe107⤵
-
\??\c:\ppddp.exec:\ppddp.exe108⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe109⤵
-
\??\c:\fxlrxlr.exec:\fxlrxlr.exe110⤵
-
\??\c:\rrxrllr.exec:\rrxrllr.exe111⤵
-
\??\c:\1bbhtb.exec:\1bbhtb.exe112⤵
-
\??\c:\ttbttb.exec:\ttbttb.exe113⤵
-
\??\c:\ddpdv.exec:\ddpdv.exe114⤵
-
\??\c:\jjdjp.exec:\jjdjp.exe115⤵
-
\??\c:\5jvpv.exec:\5jvpv.exe116⤵
-
\??\c:\rlllxlf.exec:\rlllxlf.exe117⤵
-
\??\c:\xrrlffx.exec:\xrrlffx.exe118⤵
-
\??\c:\9hnnbh.exec:\9hnnbh.exe119⤵
-
\??\c:\1ntthb.exec:\1ntthb.exe120⤵
-
\??\c:\1vpdd.exec:\1vpdd.exe121⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe122⤵
-
\??\c:\rrllrfr.exec:\rrllrfr.exe123⤵
-
\??\c:\fxxfxxl.exec:\fxxfxxl.exe124⤵
-
\??\c:\bbthbh.exec:\bbthbh.exe125⤵
-
\??\c:\ttbnnb.exec:\ttbnnb.exe126⤵
-
\??\c:\hbnbnt.exec:\hbnbnt.exe127⤵
-
\??\c:\vdpjp.exec:\vdpjp.exe128⤵
-
\??\c:\ddddj.exec:\ddddj.exe129⤵
-
\??\c:\fxxxflr.exec:\fxxxflr.exe130⤵
-
\??\c:\fxffffx.exec:\fxffffx.exe131⤵
-
\??\c:\hbbntb.exec:\hbbntb.exe132⤵
-
\??\c:\7thhtb.exec:\7thhtb.exe133⤵
-
\??\c:\hbthbh.exec:\hbthbh.exe134⤵
-
\??\c:\vpddp.exec:\vpddp.exe135⤵
-
\??\c:\7vpvd.exec:\7vpvd.exe136⤵
-
\??\c:\rfllrrx.exec:\rfllrrx.exe137⤵
-
\??\c:\fxrlffr.exec:\fxrlffr.exe138⤵
-
\??\c:\1tbbbh.exec:\1tbbbh.exe139⤵
-
\??\c:\5nntbh.exec:\5nntbh.exe140⤵
-
\??\c:\dvjvj.exec:\dvjvj.exe141⤵
-
\??\c:\jdpvv.exec:\jdpvv.exe142⤵
-
\??\c:\lfllxxl.exec:\lfllxxl.exe143⤵
-
\??\c:\lllrflx.exec:\lllrflx.exe144⤵
-
\??\c:\hbttbh.exec:\hbttbh.exe145⤵
-
\??\c:\5pjvj.exec:\5pjvj.exe146⤵
-
\??\c:\vppvd.exec:\vppvd.exe147⤵
-
\??\c:\xrxxflf.exec:\xrxxflf.exe148⤵
-
\??\c:\xxrlrfr.exec:\xxrlrfr.exe149⤵
-
\??\c:\7tnntt.exec:\7tnntt.exe150⤵
-
\??\c:\tnbhhh.exec:\tnbhhh.exe151⤵
-
\??\c:\vvjvp.exec:\vvjvp.exe152⤵
-
\??\c:\vppdd.exec:\vppdd.exe153⤵
-
\??\c:\lfxfllx.exec:\lfxfllx.exe154⤵
-
\??\c:\xxllrfr.exec:\xxllrfr.exe155⤵
-
\??\c:\bbbhbb.exec:\bbbhbb.exe156⤵
-
\??\c:\hhnttb.exec:\hhnttb.exe157⤵
-
\??\c:\dvppv.exec:\dvppv.exe158⤵
-
\??\c:\jjpvj.exec:\jjpvj.exe159⤵
-
\??\c:\7frrrxf.exec:\7frrrxf.exe160⤵
-
\??\c:\5fxrflx.exec:\5fxrflx.exe161⤵
-
\??\c:\tnhthn.exec:\tnhthn.exe162⤵
-
\??\c:\ttnhtt.exec:\ttnhtt.exe163⤵
-
\??\c:\jjvdd.exec:\jjvdd.exe164⤵
-
\??\c:\ddvvv.exec:\ddvvv.exe165⤵
-
\??\c:\frxflrf.exec:\frxflrf.exe166⤵
-
\??\c:\btbhnn.exec:\btbhnn.exe167⤵
-
\??\c:\5nnbnh.exec:\5nnbnh.exe168⤵
-
\??\c:\pjdjj.exec:\pjdjj.exe169⤵
-
\??\c:\vvpvd.exec:\vvpvd.exe170⤵
-
\??\c:\rlxxffl.exec:\rlxxffl.exe171⤵
-
\??\c:\lfllrxf.exec:\lfllrxf.exe172⤵
-
\??\c:\thnhnn.exec:\thnhnn.exe173⤵
-
\??\c:\jdjpv.exec:\jdjpv.exe174⤵
-
\??\c:\dpdjp.exec:\dpdjp.exe175⤵
-
\??\c:\7llrxfr.exec:\7llrxfr.exe176⤵
-
\??\c:\lflrxlr.exec:\lflrxlr.exe177⤵
-
\??\c:\btnnbb.exec:\btnnbb.exe178⤵
-
\??\c:\5htttt.exec:\5htttt.exe179⤵
-
\??\c:\5djpp.exec:\5djpp.exe180⤵
-
\??\c:\jddjv.exec:\jddjv.exe181⤵
-
\??\c:\llxfrrx.exec:\llxfrrx.exe182⤵
-
\??\c:\rfrxfrf.exec:\rfrxfrf.exe183⤵
-
\??\c:\nbnhbh.exec:\nbnhbh.exe184⤵
-
\??\c:\1btbbh.exec:\1btbbh.exe185⤵
-
\??\c:\vvjdp.exec:\vvjdp.exe186⤵
-
\??\c:\pjppd.exec:\pjppd.exe187⤵
-
\??\c:\7rlrllx.exec:\7rlrllx.exe188⤵
-
\??\c:\1rrrrxl.exec:\1rrrrxl.exe189⤵
-
\??\c:\tnbhbh.exec:\tnbhbh.exe190⤵
-
\??\c:\xxrfrrx.exec:\xxrfrrx.exe191⤵
-
\??\c:\hbtbnh.exec:\hbtbnh.exe192⤵
-
\??\c:\htnntb.exec:\htnntb.exe193⤵
-
\??\c:\pjppd.exec:\pjppd.exe194⤵
-
\??\c:\ddvvd.exec:\ddvvd.exe195⤵
-
\??\c:\xxrfrxr.exec:\xxrfrxr.exe196⤵
-
\??\c:\xxflxlx.exec:\xxflxlx.exe197⤵
-
\??\c:\5bbnth.exec:\5bbnth.exe198⤵
-
\??\c:\hbhntt.exec:\hbhntt.exe199⤵
-
\??\c:\ddjpv.exec:\ddjpv.exe200⤵
-
\??\c:\1ddjv.exec:\1ddjv.exe201⤵
-
\??\c:\fffrffx.exec:\fffrffx.exe202⤵
-
\??\c:\ffrrflx.exec:\ffrrflx.exe203⤵
-
\??\c:\1httbh.exec:\1httbh.exe204⤵
-
\??\c:\jdppp.exec:\jdppp.exe205⤵
-
\??\c:\3vpvv.exec:\3vpvv.exe206⤵
-
\??\c:\3pjpp.exec:\3pjpp.exe207⤵
-
\??\c:\xrlrfrl.exec:\xrlrfrl.exe208⤵
-
\??\c:\9lxxlrx.exec:\9lxxlrx.exe209⤵
-
\??\c:\5bnthh.exec:\5bnthh.exe210⤵
-
\??\c:\1dvjj.exec:\1dvjj.exe211⤵
-
\??\c:\vvjdp.exec:\vvjdp.exe212⤵
-
\??\c:\fxxxxxr.exec:\fxxxxxr.exe213⤵
-
\??\c:\lflrlrx.exec:\lflrlrx.exe214⤵
-
\??\c:\nhtthn.exec:\nhtthn.exe215⤵
-
\??\c:\nnnthn.exec:\nnnthn.exe216⤵
-
\??\c:\pjppp.exec:\pjppp.exe217⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe218⤵
-
\??\c:\1fxfllr.exec:\1fxfllr.exe219⤵
-
\??\c:\nnhhbh.exec:\nnhhbh.exe220⤵
-
\??\c:\9hnnnt.exec:\9hnnnt.exe221⤵
-
\??\c:\1dddp.exec:\1dddp.exe222⤵
-
\??\c:\pvjdp.exec:\pvjdp.exe223⤵
-
\??\c:\lfrrlxf.exec:\lfrrlxf.exe224⤵
-
\??\c:\lxllrxl.exec:\lxllrxl.exe225⤵
-
\??\c:\7bbhnh.exec:\7bbhnh.exe226⤵
-
\??\c:\nnnnbh.exec:\nnnnbh.exe227⤵
-
\??\c:\7vpvd.exec:\7vpvd.exe228⤵
-
\??\c:\jvppp.exec:\jvppp.exe229⤵
-
\??\c:\xxrrxfl.exec:\xxrrxfl.exe230⤵
-
\??\c:\1fxfllx.exec:\1fxfllx.exe231⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe232⤵
-
\??\c:\bbbbbh.exec:\bbbbbh.exe233⤵
-
\??\c:\vvvdd.exec:\vvvdd.exe234⤵
-
\??\c:\3xrfrrx.exec:\3xrfrrx.exe235⤵
-
\??\c:\3rxxfrx.exec:\3rxxfrx.exe236⤵
-
\??\c:\3hhnnh.exec:\3hhnnh.exe237⤵
-
\??\c:\bbnnnb.exec:\bbnnnb.exe238⤵
-
\??\c:\vpjdj.exec:\vpjdj.exe239⤵
-
\??\c:\vpdpp.exec:\vpdpp.exe240⤵
-
\??\c:\1lrrrfl.exec:\1lrrrfl.exe241⤵