Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
18-05-2024 19:37
General
-
Target
23acc4417910610065119f24ad54e5b9bcd024f8629922bbd1df64c9c036f81c.exe
-
Size
128KB
-
MD5
b70a203afbc921759dcc4b771a79afcf
-
SHA1
e29447e64e46a939cb8de133449322fe9406121e
-
SHA256
23acc4417910610065119f24ad54e5b9bcd024f8629922bbd1df64c9c036f81c
-
SHA512
f9e91ac5e9a41c30d9aa5b2499c9f7e6b55b3768ba64325f76655155b1567a1af1f02e13d1bba7e79fc26de7cb323986ad6ed64e453de12b540f33476765c5cd
-
SSDEEP
3072:ymb3NkkiQ3mdBjFWXkj7afoHvmQ+EZMYX/x6gtc:n3C9BRW0j/uVEZFJvm
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
UPX dump on OEP (original entry point) 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\23acc4417910610065119f24ad54e5b9bcd024f8629922bbd1df64c9c036f81c.exe"C:\Users\Admin\AppData\Local\Temp\23acc4417910610065119f24ad54e5b9bcd024f8629922bbd1df64c9c036f81c.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxrff.exec:\xrxxrff.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bnhnn.exec:\3bnhnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtbnt.exec:\hbtbnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppv.exec:\jdppv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrllrrx.exec:\xrllrrx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tbbhh.exec:\1tbbhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vvjj.exec:\1vvjj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxrlfx.exec:\xxxrlfx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthtbn.exec:\tthtbn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtbbh.exec:\thtbbh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjpp.exec:\jjjpp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrffff.exec:\rlrffff.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnnht.exec:\hnnnht.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhntt.exec:\tnhntt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jjjj.exec:\9jjjj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rrxrlr.exec:\7rrxrlr.exe17⤵
- Executes dropped EXE
-
\??\c:\hbnhhn.exec:\hbnhhn.exe18⤵
- Executes dropped EXE
-
\??\c:\5nbbnh.exec:\5nbbnh.exe19⤵
- Executes dropped EXE
-
\??\c:\jjjjd.exec:\jjjjd.exe20⤵
- Executes dropped EXE
-
\??\c:\ppddd.exec:\ppddd.exe21⤵
- Executes dropped EXE
-
\??\c:\rlfrxfx.exec:\rlfrxfx.exe22⤵
- Executes dropped EXE
-
\??\c:\tnbhnt.exec:\tnbhnt.exe23⤵
- Executes dropped EXE
-
\??\c:\tthbhh.exec:\tthbhh.exe24⤵
- Executes dropped EXE
-
\??\c:\vpjjv.exec:\vpjjv.exe25⤵
- Executes dropped EXE
-
\??\c:\pjdjp.exec:\pjdjp.exe26⤵
- Executes dropped EXE
-
\??\c:\llfxrrf.exec:\llfxrrf.exe27⤵
- Executes dropped EXE
-
\??\c:\xrxfllx.exec:\xrxfllx.exe28⤵
- Executes dropped EXE
-
\??\c:\hththh.exec:\hththh.exe29⤵
- Executes dropped EXE
-
\??\c:\jdjvv.exec:\jdjvv.exe30⤵
- Executes dropped EXE
-
\??\c:\rfxrlrr.exec:\rfxrlrr.exe31⤵
- Executes dropped EXE
-
\??\c:\hbntbh.exec:\hbntbh.exe32⤵
- Executes dropped EXE
-
\??\c:\jdjjj.exec:\jdjjj.exe33⤵
- Executes dropped EXE
-
\??\c:\5thhnb.exec:\5thhnb.exe34⤵
- Executes dropped EXE
-
\??\c:\jpdvp.exec:\jpdvp.exe35⤵
- Executes dropped EXE
-
\??\c:\vjppv.exec:\vjppv.exe36⤵
- Executes dropped EXE
-
\??\c:\ffxlflx.exec:\ffxlflx.exe37⤵
- Executes dropped EXE
-
\??\c:\lxlrffr.exec:\lxlrffr.exe38⤵
- Executes dropped EXE
-
\??\c:\bbbbhn.exec:\bbbbhn.exe39⤵
- Executes dropped EXE
-
\??\c:\dpdvp.exec:\dpdvp.exe40⤵
- Executes dropped EXE
-
\??\c:\jvjvd.exec:\jvjvd.exe41⤵
- Executes dropped EXE
-
\??\c:\9vjdd.exec:\9vjdd.exe42⤵
- Executes dropped EXE
-
\??\c:\lflllrx.exec:\lflllrx.exe43⤵
- Executes dropped EXE
-
\??\c:\lfxfrfr.exec:\lfxfrfr.exe44⤵
- Executes dropped EXE
-
\??\c:\5bbhtb.exec:\5bbhtb.exe45⤵
- Executes dropped EXE
-
\??\c:\hbnttb.exec:\hbnttb.exe46⤵
- Executes dropped EXE
-
\??\c:\dvddj.exec:\dvddj.exe47⤵
- Executes dropped EXE
-
\??\c:\vddjp.exec:\vddjp.exe48⤵
- Executes dropped EXE
-
\??\c:\rflxflf.exec:\rflxflf.exe49⤵
- Executes dropped EXE
-
\??\c:\xfrrfxf.exec:\xfrrfxf.exe50⤵
- Executes dropped EXE
-
\??\c:\tthhnh.exec:\tthhnh.exe51⤵
- Executes dropped EXE
-
\??\c:\jddvd.exec:\jddvd.exe52⤵
- Executes dropped EXE
-
\??\c:\vvpdj.exec:\vvpdj.exe53⤵
- Executes dropped EXE
-
\??\c:\lfrrffx.exec:\lfrrffx.exe54⤵
- Executes dropped EXE
-
\??\c:\9xrfllx.exec:\9xrfllx.exe55⤵
- Executes dropped EXE
-
\??\c:\btbbnh.exec:\btbbnh.exe56⤵
- Executes dropped EXE
-
\??\c:\vpjvd.exec:\vpjvd.exe57⤵
- Executes dropped EXE
-
\??\c:\jvvpv.exec:\jvvpv.exe58⤵
- Executes dropped EXE
-
\??\c:\lfxxfxf.exec:\lfxxfxf.exe59⤵
- Executes dropped EXE
-
\??\c:\xrlrffx.exec:\xrlrffx.exe60⤵
- Executes dropped EXE
-
\??\c:\rfxlxfl.exec:\rfxlxfl.exe61⤵
- Executes dropped EXE
-
\??\c:\1bttbn.exec:\1bttbn.exe62⤵
- Executes dropped EXE
-
\??\c:\ddppd.exec:\ddppd.exe63⤵
- Executes dropped EXE
-
\??\c:\ppdvd.exec:\ppdvd.exe64⤵
- Executes dropped EXE
-
\??\c:\xrxrffr.exec:\xrxrffr.exe65⤵
- Executes dropped EXE
-
\??\c:\btnnbh.exec:\btnnbh.exe66⤵
-
\??\c:\bntttn.exec:\bntttn.exe67⤵
-
\??\c:\9jpdj.exec:\9jpdj.exe68⤵
-
\??\c:\9pdjp.exec:\9pdjp.exe69⤵
-
\??\c:\frxrlxx.exec:\frxrlxx.exe70⤵
-
\??\c:\9hhtbb.exec:\9hhtbb.exe71⤵
-
\??\c:\tnhhhh.exec:\tnhhhh.exe72⤵
-
\??\c:\dvdjp.exec:\dvdjp.exe73⤵
-
\??\c:\jvppd.exec:\jvppd.exe74⤵
-
\??\c:\fxxlfxr.exec:\fxxlfxr.exe75⤵
-
\??\c:\xlrfxxf.exec:\xlrfxxf.exe76⤵
-
\??\c:\nbtbhn.exec:\nbtbhn.exe77⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe78⤵
-
\??\c:\vppvp.exec:\vppvp.exe79⤵
-
\??\c:\1jvvj.exec:\1jvvj.exe80⤵
-
\??\c:\fxllffr.exec:\fxllffr.exe81⤵
-
\??\c:\xxlrxlr.exec:\xxlrxlr.exe82⤵
-
\??\c:\tnbtbb.exec:\tnbtbb.exe83⤵
-
\??\c:\5ntbbb.exec:\5ntbbb.exe84⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe85⤵
-
\??\c:\fxlrflr.exec:\fxlrflr.exe86⤵
-
\??\c:\1rlrxxr.exec:\1rlrxxr.exe87⤵
-
\??\c:\nnhnbh.exec:\nnhnbh.exe88⤵
-
\??\c:\tthhtn.exec:\tthhtn.exe89⤵
-
\??\c:\ddvvj.exec:\ddvvj.exe90⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe91⤵
-
\??\c:\xlxfllf.exec:\xlxfllf.exe92⤵
-
\??\c:\rlfrxfx.exec:\rlfrxfx.exe93⤵
-
\??\c:\tnhnnt.exec:\tnhnnt.exe94⤵
-
\??\c:\7bnttt.exec:\7bnttt.exe95⤵
-
\??\c:\jpjpp.exec:\jpjpp.exe96⤵
-
\??\c:\xffxfxl.exec:\xffxfxl.exe97⤵
-
\??\c:\fffllrf.exec:\fffllrf.exe98⤵
-
\??\c:\7thbhb.exec:\7thbhb.exe99⤵
-
\??\c:\nbbthh.exec:\nbbthh.exe100⤵
-
\??\c:\9vvjv.exec:\9vvjv.exe101⤵
-
\??\c:\rlxfffl.exec:\rlxfffl.exe102⤵
-
\??\c:\lxxlrff.exec:\lxxlrff.exe103⤵
-
\??\c:\tnbhhn.exec:\tnbhhn.exe104⤵
-
\??\c:\nhnnbb.exec:\nhnnbb.exe105⤵
-
\??\c:\djvdj.exec:\djvdj.exe106⤵
-
\??\c:\ddddv.exec:\ddddv.exe107⤵
-
\??\c:\lxlrffl.exec:\lxlrffl.exe108⤵
-
\??\c:\btnthb.exec:\btnthb.exe109⤵
-
\??\c:\btbhnn.exec:\btbhnn.exe110⤵
-
\??\c:\llllffl.exec:\llllffl.exe111⤵
-
\??\c:\bththn.exec:\bththn.exe112⤵
-
\??\c:\1nnntt.exec:\1nnntt.exe113⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe114⤵
-
\??\c:\vvjpd.exec:\vvjpd.exe115⤵
-
\??\c:\xrlrxlx.exec:\xrlrxlx.exe116⤵
-
\??\c:\fxlllrx.exec:\fxlllrx.exe117⤵
-
\??\c:\3bbhtn.exec:\3bbhtn.exe118⤵
-
\??\c:\tnnbnn.exec:\tnnbnn.exe119⤵
-
\??\c:\vjppv.exec:\vjppv.exe120⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe121⤵
-
\??\c:\xrrfffr.exec:\xrrfffr.exe122⤵
-
\??\c:\flllflf.exec:\flllflf.exe123⤵
-
\??\c:\lxrrxxf.exec:\lxrrxxf.exe124⤵
-
\??\c:\9tthnn.exec:\9tthnn.exe125⤵
-
\??\c:\1vjjj.exec:\1vjjj.exe126⤵
-
\??\c:\3vjpv.exec:\3vjpv.exe127⤵
-
\??\c:\3xllllf.exec:\3xllllf.exe128⤵
-
\??\c:\lfxlffr.exec:\lfxlffr.exe129⤵
-
\??\c:\7btbbt.exec:\7btbbt.exe130⤵
-
\??\c:\htnbbn.exec:\htnbbn.exe131⤵
-
\??\c:\3jpdd.exec:\3jpdd.exe132⤵
-
\??\c:\vdjvv.exec:\vdjvv.exe133⤵
-
\??\c:\xxxffrl.exec:\xxxffrl.exe134⤵
-
\??\c:\xxfrllf.exec:\xxfrllf.exe135⤵
-
\??\c:\htbtbb.exec:\htbtbb.exe136⤵
-
\??\c:\nnthhn.exec:\nnthhn.exe137⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe138⤵
-
\??\c:\xrfxlrf.exec:\xrfxlrf.exe139⤵
-
\??\c:\lxlrffl.exec:\lxlrffl.exe140⤵
-
\??\c:\ttbbhb.exec:\ttbbhb.exe141⤵
-
\??\c:\nhtbbt.exec:\nhtbbt.exe142⤵
-
\??\c:\djjvv.exec:\djjvv.exe143⤵
-
\??\c:\5jddd.exec:\5jddd.exe144⤵
-
\??\c:\7fxrfxl.exec:\7fxrfxl.exe145⤵
-
\??\c:\7xlxrfl.exec:\7xlxrfl.exe146⤵
-
\??\c:\bnbbhb.exec:\bnbbhb.exe147⤵
-
\??\c:\ddjpd.exec:\ddjpd.exe148⤵
-
\??\c:\pjvjj.exec:\pjvjj.exe149⤵
-
\??\c:\fxllrlx.exec:\fxllrlx.exe150⤵
-
\??\c:\xxxlxxl.exec:\xxxlxxl.exe151⤵
-
\??\c:\thbbnn.exec:\thbbnn.exe152⤵
-
\??\c:\1bhbtt.exec:\1bhbtt.exe153⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe154⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe155⤵
-
\??\c:\rxlfffx.exec:\rxlfffx.exe156⤵
-
\??\c:\xrffllx.exec:\xrffllx.exe157⤵
-
\??\c:\1tnbhn.exec:\1tnbhn.exe158⤵
-
\??\c:\tnhntt.exec:\tnhntt.exe159⤵
-
\??\c:\vvvdv.exec:\vvvdv.exe160⤵
-
\??\c:\7dpjj.exec:\7dpjj.exe161⤵
-
\??\c:\9fxrxrx.exec:\9fxrxrx.exe162⤵
-
\??\c:\ffxxrfr.exec:\ffxxrfr.exe163⤵
-
\??\c:\nbnntb.exec:\nbnntb.exe164⤵
-
\??\c:\bntnbt.exec:\bntnbt.exe165⤵
-
\??\c:\ppvjj.exec:\ppvjj.exe166⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe167⤵
-
\??\c:\llrfllf.exec:\llrfllf.exe168⤵
-
\??\c:\btthhn.exec:\btthhn.exe169⤵
-
\??\c:\nbnntb.exec:\nbnntb.exe170⤵
-
\??\c:\3pdpv.exec:\3pdpv.exe171⤵
-
\??\c:\lrxllff.exec:\lrxllff.exe172⤵
-
\??\c:\llrffff.exec:\llrffff.exe173⤵
-
\??\c:\5tnbbn.exec:\5tnbbn.exe174⤵
-
\??\c:\7ppdp.exec:\7ppdp.exe175⤵
-
\??\c:\lllxlrf.exec:\lllxlrf.exe176⤵
-
\??\c:\9xrrxrf.exec:\9xrrxrf.exe177⤵
-
\??\c:\hbnhhh.exec:\hbnhhh.exe178⤵
-
\??\c:\thbbhn.exec:\thbbhn.exe179⤵
-
\??\c:\1dpvd.exec:\1dpvd.exe180⤵
-
\??\c:\xlllflr.exec:\xlllflr.exe181⤵
-
\??\c:\xrfrllx.exec:\xrfrllx.exe182⤵
-
\??\c:\tttnbb.exec:\tttnbb.exe183⤵
-
\??\c:\7tntnn.exec:\7tntnn.exe184⤵
-
\??\c:\jjpvj.exec:\jjpvj.exe185⤵
-
\??\c:\xrfflrx.exec:\xrfflrx.exe186⤵
-
\??\c:\9hbbtb.exec:\9hbbtb.exe187⤵
-
\??\c:\5bbhnn.exec:\5bbhnn.exe188⤵
-
\??\c:\nhnnth.exec:\nhnnth.exe189⤵
-
\??\c:\9vdvd.exec:\9vdvd.exe190⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe191⤵
-
\??\c:\xrlxlrr.exec:\xrlxlrr.exe192⤵
-
\??\c:\lfllllr.exec:\lfllllr.exe193⤵
-
\??\c:\9bbbtn.exec:\9bbbtn.exe194⤵
-
\??\c:\tnhtbb.exec:\tnhtbb.exe195⤵
-
\??\c:\7dvjp.exec:\7dvjp.exe196⤵
-
\??\c:\5ppdj.exec:\5ppdj.exe197⤵
-
\??\c:\lrllrlf.exec:\lrllrlf.exe198⤵
-
\??\c:\7flrflx.exec:\7flrflx.exe199⤵
-
\??\c:\bhhbbt.exec:\bhhbbt.exe200⤵
-
\??\c:\nhbhhh.exec:\nhbhhh.exe201⤵
-
\??\c:\jvvjp.exec:\jvvjp.exe202⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe203⤵
-
\??\c:\xxfxrll.exec:\xxfxrll.exe204⤵
-
\??\c:\fxlxxrl.exec:\fxlxxrl.exe205⤵
-
\??\c:\bbbbtb.exec:\bbbbtb.exe206⤵
-
\??\c:\tthbnt.exec:\tthbnt.exe207⤵
-
\??\c:\jdjpj.exec:\jdjpj.exe208⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe209⤵
-
\??\c:\lfrlxrx.exec:\lfrlxrx.exe210⤵
-
\??\c:\frllffl.exec:\frllffl.exe211⤵
-
\??\c:\nnbbhh.exec:\nnbbhh.exe212⤵
-
\??\c:\hhnbbh.exec:\hhnbbh.exe213⤵
-
\??\c:\jdppd.exec:\jdppd.exe214⤵
-
\??\c:\jdpvv.exec:\jdpvv.exe215⤵
-
\??\c:\ffrrrrl.exec:\ffrrrrl.exe216⤵
-
\??\c:\xxfllrl.exec:\xxfllrl.exe217⤵
-
\??\c:\3httbt.exec:\3httbt.exe218⤵
-
\??\c:\7nhntt.exec:\7nhntt.exe219⤵
-
\??\c:\ppjpv.exec:\ppjpv.exe220⤵
-
\??\c:\jvjjv.exec:\jvjjv.exe221⤵
-
\??\c:\1rflrxf.exec:\1rflrxf.exe222⤵
-
\??\c:\rrxfffx.exec:\rrxfffx.exe223⤵
-
\??\c:\bnnhtn.exec:\bnnhtn.exe224⤵
-
\??\c:\tnbbnt.exec:\tnbbnt.exe225⤵
-
\??\c:\hbhhhb.exec:\hbhhhb.exe226⤵
-
\??\c:\5vpvd.exec:\5vpvd.exe227⤵
-
\??\c:\rxxlxrr.exec:\rxxlxrr.exe228⤵
-
\??\c:\lrrlflx.exec:\lrrlflx.exe229⤵
-
\??\c:\9hnhhb.exec:\9hnhhb.exe230⤵
-
\??\c:\nnhnnn.exec:\nnhnnn.exe231⤵
-
\??\c:\jvppp.exec:\jvppp.exe232⤵
-
\??\c:\9jddp.exec:\9jddp.exe233⤵
-
\??\c:\llflrxf.exec:\llflrxf.exe234⤵
-
\??\c:\fxrxrxf.exec:\fxrxrxf.exe235⤵
-
\??\c:\hhnhnb.exec:\hhnhnb.exe236⤵
-
\??\c:\vvjpj.exec:\vvjpj.exe237⤵
-
\??\c:\jjdjd.exec:\jjdjd.exe238⤵
-
\??\c:\1pddp.exec:\1pddp.exe239⤵
-
\??\c:\7llflxf.exec:\7llflxf.exe240⤵
-
\??\c:\nnbbhb.exec:\nnbbhb.exe241⤵