Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
18-05-2024 16:41
General
-
Target
ee074aaf85f23ec4eff9dce226d420a0.exe.bin.exe
-
Size
277KB
-
MD5
ee074aaf85f23ec4eff9dce226d420a0
-
SHA1
73d6d903f6b54e162326ad35aaf467afa4b1afa5
-
SHA256
971d925bc94769fe02b75e32f95bd6085e5dd981cf16226fbda944059f1f7d6f
-
SHA512
0f02c7e4126a484099715ab4f7f4dec77948f49f7351225eade16b861e74c576242221d133fcc89c7f79250b1b4fee7b165e194689ceb59c0817e3369622fc7c
-
SSDEEP
6144:n3C9BRIG0asYFm71m8+GdkB9yMu7VvemX:n3C9uYA71kSMuF
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ee074aaf85f23ec4eff9dce226d420a0.exe.bin.exe"C:\Users\Admin\AppData\Local\Temp\ee074aaf85f23ec4eff9dce226d420a0.exe.bin.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpjj.exec:\ddpjj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfxrrr.exec:\xxfxrrr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbbb.exec:\hhhbbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthbtt.exec:\nthbtt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjjd.exec:\jvjjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrrxxf.exec:\lfrrxxf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxllfx.exec:\xrxllfx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bbttt.exec:\1bbttt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjdd.exec:\ppjdd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdv.exec:\pdjdv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfffxxx.exec:\rfffxxx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrlllx.exec:\xxrlllx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbhnt.exec:\bhbhnt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddv.exec:\jdddv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddp.exec:\vvddp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlfffr.exec:\rxlfffr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxrrrr.exec:\flxrrrr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbbb.exec:\hhhbbb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nntnn.exec:\1nntnn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppppj.exec:\ppppj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rlfxxr.exec:\5rlfxxr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxxrrl.exec:\xxxxrrl.exe23⤵
- Executes dropped EXE
-
\??\c:\hbhnnh.exec:\hbhnnh.exe24⤵
- Executes dropped EXE
-
\??\c:\thttnt.exec:\thttnt.exe25⤵
- Executes dropped EXE
-
\??\c:\pjjjj.exec:\pjjjj.exe26⤵
- Executes dropped EXE
-
\??\c:\djvpv.exec:\djvpv.exe27⤵
- Executes dropped EXE
-
\??\c:\rllfllf.exec:\rllfllf.exe28⤵
- Executes dropped EXE
-
\??\c:\nhtnbb.exec:\nhtnbb.exe29⤵
- Executes dropped EXE
-
\??\c:\btnhtt.exec:\btnhtt.exe30⤵
- Executes dropped EXE
-
\??\c:\vvppp.exec:\vvppp.exe31⤵
- Executes dropped EXE
-
\??\c:\llrxffr.exec:\llrxffr.exe32⤵
- Executes dropped EXE
-
\??\c:\5lfxxrl.exec:\5lfxxrl.exe33⤵
- Executes dropped EXE
-
\??\c:\3thbtb.exec:\3thbtb.exe34⤵
- Executes dropped EXE
-
\??\c:\thhbnb.exec:\thhbnb.exe35⤵
- Executes dropped EXE
-
\??\c:\djppv.exec:\djppv.exe36⤵
- Executes dropped EXE
-
\??\c:\rxrlrrf.exec:\rxrlrrf.exe37⤵
- Executes dropped EXE
-
\??\c:\nthbtt.exec:\nthbtt.exe38⤵
- Executes dropped EXE
-
\??\c:\bbtntt.exec:\bbtntt.exe39⤵
- Executes dropped EXE
-
\??\c:\vpvvp.exec:\vpvvp.exe40⤵
- Executes dropped EXE
-
\??\c:\vdjpd.exec:\vdjpd.exe41⤵
- Executes dropped EXE
-
\??\c:\xxxxflx.exec:\xxxxflx.exe42⤵
- Executes dropped EXE
-
\??\c:\tttnnh.exec:\tttnnh.exe43⤵
- Executes dropped EXE
-
\??\c:\bthhtn.exec:\bthhtn.exe44⤵
- Executes dropped EXE
-
\??\c:\jjpdj.exec:\jjpdj.exe45⤵
- Executes dropped EXE
-
\??\c:\vpppd.exec:\vpppd.exe46⤵
-
\??\c:\llxxlfr.exec:\llxxlfr.exe47⤵
- Executes dropped EXE
-
\??\c:\nhtbtb.exec:\nhtbtb.exe48⤵
- Executes dropped EXE
-
\??\c:\hnhhbh.exec:\hnhhbh.exe49⤵
- Executes dropped EXE
-
\??\c:\pdpjd.exec:\pdpjd.exe50⤵
- Executes dropped EXE
-
\??\c:\jdjdj.exec:\jdjdj.exe51⤵
- Executes dropped EXE
-
\??\c:\lfxlfxr.exec:\lfxlfxr.exe52⤵
- Executes dropped EXE
-
\??\c:\httbbb.exec:\httbbb.exe53⤵
- Executes dropped EXE
-
\??\c:\hthhbb.exec:\hthhbb.exe54⤵
- Executes dropped EXE
-
\??\c:\3pvjd.exec:\3pvjd.exe55⤵
- Executes dropped EXE
-
\??\c:\9vddj.exec:\9vddj.exe56⤵
- Executes dropped EXE
-
\??\c:\xxxxrrr.exec:\xxxxrrr.exe57⤵
- Executes dropped EXE
-
\??\c:\ttbbtt.exec:\ttbbtt.exe58⤵
- Executes dropped EXE
-
\??\c:\ntbbbh.exec:\ntbbbh.exe59⤵
- Executes dropped EXE
-
\??\c:\jpvvp.exec:\jpvvp.exe60⤵
- Executes dropped EXE
-
\??\c:\3rfxxfx.exec:\3rfxxfx.exe61⤵
- Executes dropped EXE
-
\??\c:\llrrrrl.exec:\llrrrrl.exe62⤵
- Executes dropped EXE
-
\??\c:\nnhbhh.exec:\nnhbhh.exe63⤵
- Executes dropped EXE
-
\??\c:\dpjjp.exec:\dpjjp.exe64⤵
- Executes dropped EXE
-
\??\c:\fxlffff.exec:\fxlffff.exe65⤵
- Executes dropped EXE
-
\??\c:\5btnnn.exec:\5btnnn.exe66⤵
- Executes dropped EXE
-
\??\c:\nhtnhn.exec:\nhtnhn.exe67⤵
-
\??\c:\dvddv.exec:\dvddv.exe68⤵
-
\??\c:\ffxrrxf.exec:\ffxrrxf.exe69⤵
-
\??\c:\rrxxxxl.exec:\rrxxxxl.exe70⤵
-
\??\c:\hbtntn.exec:\hbtntn.exe71⤵
-
\??\c:\thttnn.exec:\thttnn.exe72⤵
-
\??\c:\jpppd.exec:\jpppd.exe73⤵
-
\??\c:\7xfxrrl.exec:\7xfxrrl.exe74⤵
-
\??\c:\htbbtt.exec:\htbbtt.exe75⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe76⤵
-
\??\c:\llxrrrx.exec:\llxrrrx.exe77⤵
-
\??\c:\llfxrrl.exec:\llfxrrl.exe78⤵
-
\??\c:\1nbbbb.exec:\1nbbbb.exe79⤵
-
\??\c:\bbhhtt.exec:\bbhhtt.exe80⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe81⤵
-
\??\c:\rxxrllf.exec:\rxxrllf.exe82⤵
-
\??\c:\bhhhbh.exec:\bhhhbh.exe83⤵
-
\??\c:\dvddj.exec:\dvddj.exe84⤵
-
\??\c:\vvjpp.exec:\vvjpp.exe85⤵
-
\??\c:\7rflfxl.exec:\7rflfxl.exe86⤵
-
\??\c:\1bnnhn.exec:\1bnnhn.exe87⤵
-
\??\c:\5vvvp.exec:\5vvvp.exe88⤵
-
\??\c:\3vdvp.exec:\3vdvp.exe89⤵
-
\??\c:\9ffllxr.exec:\9ffllxr.exe90⤵
-
\??\c:\hhhhbh.exec:\hhhhbh.exe91⤵
-
\??\c:\pdjpp.exec:\pdjpp.exe92⤵
-
\??\c:\pjpdv.exec:\pjpdv.exe93⤵
-
\??\c:\fflfxxx.exec:\fflfxxx.exe94⤵
-
\??\c:\xlflfrr.exec:\xlflfrr.exe95⤵
-
\??\c:\ttnnbb.exec:\ttnnbb.exe96⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe97⤵
-
\??\c:\frrxxxx.exec:\frrxxxx.exe98⤵
-
\??\c:\rlffxxx.exec:\rlffxxx.exe99⤵
-
\??\c:\btttnt.exec:\btttnt.exe100⤵
-
\??\c:\pjpjv.exec:\pjpjv.exe101⤵
-
\??\c:\rxfrllf.exec:\rxfrllf.exe102⤵
-
\??\c:\3lffxxr.exec:\3lffxxr.exe103⤵
-
\??\c:\hhhhbh.exec:\hhhhbh.exe104⤵
-
\??\c:\pdddp.exec:\pdddp.exe105⤵
-
\??\c:\xfxflxr.exec:\xfxflxr.exe106⤵
-
\??\c:\1lllllf.exec:\1lllllf.exe107⤵
-
\??\c:\tnhhbb.exec:\tnhhbb.exe108⤵
-
\??\c:\9jvpp.exec:\9jvpp.exe109⤵
-
\??\c:\djpdv.exec:\djpdv.exe110⤵
-
\??\c:\xxfxrrr.exec:\xxfxrrr.exe111⤵
-
\??\c:\ffxrlll.exec:\ffxrlll.exe112⤵
-
\??\c:\bthnnn.exec:\bthnnn.exe113⤵
-
\??\c:\djpdd.exec:\djpdd.exe114⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe115⤵
-
\??\c:\xxrrfff.exec:\xxrrfff.exe116⤵
-
\??\c:\ffxllrl.exec:\ffxllrl.exe117⤵
-
\??\c:\nhntnn.exec:\nhntnn.exe118⤵
-
\??\c:\7nbnnh.exec:\7nbnnh.exe119⤵
-
\??\c:\5pvvp.exec:\5pvvp.exe120⤵
-
\??\c:\rxlllll.exec:\rxlllll.exe121⤵
-
\??\c:\nhtttt.exec:\nhtttt.exe122⤵
-
\??\c:\5tttnn.exec:\5tttnn.exe123⤵
-
\??\c:\vvppj.exec:\vvppj.exe124⤵
-
\??\c:\frrllff.exec:\frrllff.exe125⤵
-
\??\c:\lllfxxr.exec:\lllfxxr.exe126⤵
-
\??\c:\tnbbht.exec:\tnbbht.exe127⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe128⤵
-
\??\c:\rrfxflr.exec:\rrfxflr.exe129⤵
-
\??\c:\xrfxxxx.exec:\xrfxxxx.exe130⤵
-
\??\c:\nhttnh.exec:\nhttnh.exe131⤵
-
\??\c:\5vpjd.exec:\5vpjd.exe132⤵
-
\??\c:\fffxlff.exec:\fffxlff.exe133⤵
-
\??\c:\xrxlfrl.exec:\xrxlfrl.exe134⤵
-
\??\c:\tthnth.exec:\tthnth.exe135⤵
-
\??\c:\nhnhbn.exec:\nhnhbn.exe136⤵
-
\??\c:\djvpj.exec:\djvpj.exe137⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe138⤵
-
\??\c:\lrxxrll.exec:\lrxxrll.exe139⤵
-
\??\c:\bntnhh.exec:\bntnhh.exe140⤵
-
\??\c:\bthbth.exec:\bthbth.exe141⤵
-
\??\c:\vvdvj.exec:\vvdvj.exe142⤵
-
\??\c:\lllxxlx.exec:\lllxxlx.exe143⤵
-
\??\c:\lrxrlfx.exec:\lrxrlfx.exe144⤵
-
\??\c:\bhbhbt.exec:\bhbhbt.exe145⤵
-
\??\c:\dpdvd.exec:\dpdvd.exe146⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe147⤵
-
\??\c:\rflxrrl.exec:\rflxrrl.exe148⤵
-
\??\c:\htbtbt.exec:\htbtbt.exe149⤵
-
\??\c:\tntnhb.exec:\tntnhb.exe150⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe151⤵
-
\??\c:\xllrllr.exec:\xllrllr.exe152⤵
-
\??\c:\rxxfffx.exec:\rxxfffx.exe153⤵
-
\??\c:\hnhbtt.exec:\hnhbtt.exe154⤵
-
\??\c:\5nbbtb.exec:\5nbbtb.exe155⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe156⤵
-
\??\c:\xxlfxxr.exec:\xxlfxxr.exe157⤵
-
\??\c:\fxffxxr.exec:\fxffxxr.exe158⤵
-
\??\c:\ntbttt.exec:\ntbttt.exe159⤵
-
\??\c:\dpdpj.exec:\dpdpj.exe160⤵
-
\??\c:\lxlfrll.exec:\lxlfrll.exe161⤵
-
\??\c:\1ntttn.exec:\1ntttn.exe162⤵
-
\??\c:\9ppdv.exec:\9ppdv.exe163⤵
-
\??\c:\7jdvp.exec:\7jdvp.exe164⤵
-
\??\c:\lffrlfx.exec:\lffrlfx.exe165⤵
-
\??\c:\nnbhnh.exec:\nnbhnh.exe166⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe167⤵
-
\??\c:\3lfxxxr.exec:\3lfxxxr.exe168⤵
-
\??\c:\nnhtnn.exec:\nnhtnn.exe169⤵
-
\??\c:\5vpjj.exec:\5vpjj.exe170⤵
-
\??\c:\xffxlxr.exec:\xffxlxr.exe171⤵
-
\??\c:\bhtnnn.exec:\bhtnnn.exe172⤵
-
\??\c:\jpdvj.exec:\jpdvj.exe173⤵
-
\??\c:\ddjjd.exec:\ddjjd.exe174⤵
-
\??\c:\fxxlflf.exec:\fxxlflf.exe175⤵
-
\??\c:\bnnnhb.exec:\bnnnhb.exe176⤵
-
\??\c:\djppv.exec:\djppv.exe177⤵
-
\??\c:\xrfxrrl.exec:\xrfxrrl.exe178⤵
-
\??\c:\llrrllf.exec:\llrrllf.exe179⤵
-
\??\c:\hnbhnn.exec:\hnbhnn.exe180⤵
-
\??\c:\jvppv.exec:\jvppv.exe181⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe182⤵
-
\??\c:\lflxrll.exec:\lflxrll.exe183⤵
-
\??\c:\btbbtt.exec:\btbbtt.exe184⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe185⤵
-
\??\c:\vvpjp.exec:\vvpjp.exe186⤵
-
\??\c:\rrrlfrx.exec:\rrrlfrx.exe187⤵
-
\??\c:\ttnbtt.exec:\ttnbtt.exe188⤵
-
\??\c:\1dvjd.exec:\1dvjd.exe189⤵
-
\??\c:\xlrllfx.exec:\xlrllfx.exe190⤵
-
\??\c:\bnbbbt.exec:\bnbbbt.exe191⤵
-
\??\c:\1nbthh.exec:\1nbthh.exe192⤵
-
\??\c:\vdddv.exec:\vdddv.exe193⤵
-
\??\c:\xrrrfrl.exec:\xrrrfrl.exe194⤵
-
\??\c:\thbhnn.exec:\thbhnn.exe195⤵
-
\??\c:\1btnnb.exec:\1btnnb.exe196⤵
-
\??\c:\pjppp.exec:\pjppp.exe197⤵
-
\??\c:\frfffff.exec:\frfffff.exe198⤵
-
\??\c:\nhtnhb.exec:\nhtnhb.exe199⤵
-
\??\c:\ddjpj.exec:\ddjpj.exe200⤵
-
\??\c:\xlrrllf.exec:\xlrrllf.exe201⤵
-
\??\c:\lxrrfxr.exec:\lxrrfxr.exe202⤵
-
\??\c:\bhhbbb.exec:\bhhbbb.exe203⤵
-
\??\c:\djdvp.exec:\djdvp.exe204⤵
-
\??\c:\xxxrffx.exec:\xxxrffx.exe205⤵
-
\??\c:\ttnhbb.exec:\ttnhbb.exe206⤵
-
\??\c:\3jdvp.exec:\3jdvp.exe207⤵
-
\??\c:\rxffflr.exec:\rxffflr.exe208⤵
-
\??\c:\tbnhnt.exec:\tbnhnt.exe209⤵
-
\??\c:\ffffrrl.exec:\ffffrrl.exe210⤵
-
\??\c:\xfxlfrr.exec:\xfxlfrr.exe211⤵
-
\??\c:\jddpj.exec:\jddpj.exe212⤵
-
\??\c:\djpjd.exec:\djpjd.exe213⤵
-
\??\c:\rlxrrrx.exec:\rlxrrrx.exe214⤵
-
\??\c:\lllfffx.exec:\lllfffx.exe215⤵
-
\??\c:\btbttn.exec:\btbttn.exe216⤵
-
\??\c:\3vvpd.exec:\3vvpd.exe217⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe218⤵
-
\??\c:\btthbb.exec:\btthbb.exe219⤵
-
\??\c:\3hnnnt.exec:\3hnnnt.exe220⤵
-
\??\c:\jjpjd.exec:\jjpjd.exe221⤵
-
\??\c:\lxrxfff.exec:\lxrxfff.exe222⤵
-
\??\c:\fflfxxr.exec:\fflfxxr.exe223⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe224⤵
-
\??\c:\nbtttn.exec:\nbtttn.exe225⤵
-
\??\c:\pdpdd.exec:\pdpdd.exe226⤵
-
\??\c:\rrxrffx.exec:\rrxrffx.exe227⤵
-
\??\c:\rrlfxrl.exec:\rrlfxrl.exe228⤵
-
\??\c:\nthbtb.exec:\nthbtb.exe229⤵
-
\??\c:\bthbtt.exec:\bthbtt.exe230⤵
-
\??\c:\pjjvp.exec:\pjjvp.exe231⤵
-
\??\c:\vpdpp.exec:\vpdpp.exe232⤵
-
\??\c:\1xfxrlf.exec:\1xfxrlf.exe233⤵
-
\??\c:\rlxfrxl.exec:\rlxfrxl.exe234⤵
-
\??\c:\nhtthh.exec:\nhtthh.exe235⤵
-
\??\c:\1jvpj.exec:\1jvpj.exe236⤵
-
\??\c:\ddpjj.exec:\ddpjj.exe237⤵
-
\??\c:\3rxrllr.exec:\3rxrllr.exe238⤵
-
\??\c:\lfrlrxx.exec:\lfrlrxx.exe239⤵
-
\??\c:\9tbtnb.exec:\9tbtnb.exe240⤵
-
\??\c:\tthbhh.exec:\tthbhh.exe241⤵