Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
18-05-2024 21:17
General
-
Target
4ee6d8a86cc4b97c2d86a5023c645942765498471e5e8eb129e20e3134b17772.exe
-
Size
75KB
-
MD5
af3f9fe73ffde1c212d3b9e97d9dfca0
-
SHA1
f8d889d826850105eab691d9f1b56fd614dec0e9
-
SHA256
4ee6d8a86cc4b97c2d86a5023c645942765498471e5e8eb129e20e3134b17772
-
SHA512
2b450eaf012dbb9570cede1d1303d8e361b6fec365ebdbfd004ed52b7681b57a1e3f4593fdf71d74abaa4714627a05b5b9d61fed3aab212d23ee45602e777500
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIoAh2QpUnX1AL:ymb3NkkiQ3mdBjFIsIVbpUa
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
UPX dump on OEP (original entry point) 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4ee6d8a86cc4b97c2d86a5023c645942765498471e5e8eb129e20e3134b17772.exe"C:\Users\Admin\AppData\Local\Temp\4ee6d8a86cc4b97c2d86a5023c645942765498471e5e8eb129e20e3134b17772.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3pjdv.exec:\3pjdv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlxlfx.exec:\xrlxlfx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthnnn.exec:\bthnnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjddp.exec:\pjddp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrfrrf.exec:\lxrfrrf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbthh.exec:\nhbthh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppjv.exec:\jppjv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxlfrl.exec:\lrxlfrl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrllfr.exec:\llrllfr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hhbnh.exec:\5hhbnh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdvd.exec:\djdvd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllxlfr.exec:\rllxlfr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhthb.exec:\bnhthb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbnhb.exec:\tbbnhb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdpj.exec:\djdpj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rfxrlf.exec:\7rfxrlf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ththb.exec:\9ththb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hnnbt.exec:\9hnnbt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvpd.exec:\pvvpd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfrrrx.exec:\fxfrrrx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bbhbt.exec:\7bbhbt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnnhn.exec:\ttnnhn.exe23⤵
- Executes dropped EXE
-
\??\c:\pjvpv.exec:\pjvpv.exe24⤵
- Executes dropped EXE
-
\??\c:\9fxrffx.exec:\9fxrffx.exe25⤵
- Executes dropped EXE
-
\??\c:\nnnhbb.exec:\nnnhbb.exe26⤵
- Executes dropped EXE
-
\??\c:\pdvvv.exec:\pdvvv.exe27⤵
- Executes dropped EXE
-
\??\c:\xlfrfxr.exec:\xlfrfxr.exe28⤵
- Executes dropped EXE
-
\??\c:\hnnhhb.exec:\hnnhhb.exe29⤵
- Executes dropped EXE
-
\??\c:\jvvpd.exec:\jvvpd.exe30⤵
- Executes dropped EXE
-
\??\c:\llrfrlf.exec:\llrfrlf.exe31⤵
- Executes dropped EXE
-
\??\c:\fllxrfx.exec:\fllxrfx.exe32⤵
- Executes dropped EXE
-
\??\c:\bnbtnn.exec:\bnbtnn.exe33⤵
- Executes dropped EXE
-
\??\c:\bnhbtn.exec:\bnhbtn.exe34⤵
- Executes dropped EXE
-
\??\c:\5pvpv.exec:\5pvpv.exe35⤵
- Executes dropped EXE
-
\??\c:\ppjvj.exec:\ppjvj.exe36⤵
- Executes dropped EXE
-
\??\c:\7lrlxrl.exec:\7lrlxrl.exe37⤵
- Executes dropped EXE
-
\??\c:\tnhbnh.exec:\tnhbnh.exe38⤵
- Executes dropped EXE
-
\??\c:\dpjjj.exec:\dpjjj.exe39⤵
- Executes dropped EXE
-
\??\c:\dvvjd.exec:\dvvjd.exe40⤵
- Executes dropped EXE
-
\??\c:\xxrlxrl.exec:\xxrlxrl.exe41⤵
- Executes dropped EXE
-
\??\c:\xxlfxxr.exec:\xxlfxxr.exe42⤵
- Executes dropped EXE
-
\??\c:\bttnnt.exec:\bttnnt.exe43⤵
- Executes dropped EXE
-
\??\c:\hnhthb.exec:\hnhthb.exe44⤵
- Executes dropped EXE
-
\??\c:\1dpdp.exec:\1dpdp.exe45⤵
- Executes dropped EXE
-
\??\c:\1fxlxrf.exec:\1fxlxrf.exe46⤵
- Executes dropped EXE
-
\??\c:\lxrrflf.exec:\lxrrflf.exe47⤵
- Executes dropped EXE
-
\??\c:\9btnnt.exec:\9btnnt.exe48⤵
- Executes dropped EXE
-
\??\c:\9dvpj.exec:\9dvpj.exe49⤵
- Executes dropped EXE
-
\??\c:\9xrrxll.exec:\9xrrxll.exe50⤵
- Executes dropped EXE
-
\??\c:\rflxflx.exec:\rflxflx.exe51⤵
- Executes dropped EXE
-
\??\c:\htnttt.exec:\htnttt.exe52⤵
- Executes dropped EXE
-
\??\c:\vvppj.exec:\vvppj.exe53⤵
- Executes dropped EXE
-
\??\c:\vpdvj.exec:\vpdvj.exe54⤵
- Executes dropped EXE
-
\??\c:\rrrflrf.exec:\rrrflrf.exe55⤵
- Executes dropped EXE
-
\??\c:\fxlfllf.exec:\fxlfllf.exe56⤵
- Executes dropped EXE
-
\??\c:\tnnbbt.exec:\tnnbbt.exe57⤵
- Executes dropped EXE
-
\??\c:\htbtnn.exec:\htbtnn.exe58⤵
- Executes dropped EXE
-
\??\c:\ddppv.exec:\ddppv.exe59⤵
- Executes dropped EXE
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe60⤵
- Executes dropped EXE
-
\??\c:\rllfffx.exec:\rllfffx.exe61⤵
- Executes dropped EXE
-
\??\c:\hbnntt.exec:\hbnntt.exe62⤵
- Executes dropped EXE
-
\??\c:\7ntbtt.exec:\7ntbtt.exe63⤵
- Executes dropped EXE
-
\??\c:\nnnhbn.exec:\nnnhbn.exe64⤵
- Executes dropped EXE
-
\??\c:\ppvpd.exec:\ppvpd.exe65⤵
- Executes dropped EXE
-
\??\c:\9rflfff.exec:\9rflfff.exe66⤵
-
\??\c:\xfrffll.exec:\xfrffll.exe67⤵
-
\??\c:\hhhtnn.exec:\hhhtnn.exe68⤵
-
\??\c:\7bbthh.exec:\7bbthh.exe69⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe70⤵
-
\??\c:\pvpjv.exec:\pvpjv.exe71⤵
-
\??\c:\5rlrrxf.exec:\5rlrrxf.exe72⤵
-
\??\c:\5xllllf.exec:\5xllllf.exe73⤵
-
\??\c:\tbbtnh.exec:\tbbtnh.exe74⤵
-
\??\c:\bnhhbb.exec:\bnhhbb.exe75⤵
-
\??\c:\jddpp.exec:\jddpp.exe76⤵
-
\??\c:\vjdvp.exec:\vjdvp.exe77⤵
-
\??\c:\lflffff.exec:\lflffff.exe78⤵
-
\??\c:\flrlffr.exec:\flrlffr.exe79⤵
-
\??\c:\tnnbbt.exec:\tnnbbt.exe80⤵
-
\??\c:\ddppp.exec:\ddppp.exe81⤵
-
\??\c:\xrrlxfx.exec:\xrrlxfx.exe82⤵
-
\??\c:\lrlrxlr.exec:\lrlrxlr.exe83⤵
-
\??\c:\9bbttt.exec:\9bbttt.exe84⤵
-
\??\c:\jvvvv.exec:\jvvvv.exe85⤵
-
\??\c:\djpvj.exec:\djpvj.exe86⤵
-
\??\c:\lrxxxxx.exec:\lrxxxxx.exe87⤵
-
\??\c:\bttbtb.exec:\bttbtb.exe88⤵
-
\??\c:\7djjd.exec:\7djjd.exe89⤵
-
\??\c:\ppvpv.exec:\ppvpv.exe90⤵
-
\??\c:\frxlxrf.exec:\frxlxrf.exe91⤵
-
\??\c:\tbnnnb.exec:\tbnnnb.exe92⤵
-
\??\c:\bthbbt.exec:\bthbbt.exe93⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe94⤵
-
\??\c:\rrrxflr.exec:\rrrxflr.exe95⤵
-
\??\c:\7xfxrll.exec:\7xfxrll.exe96⤵
-
\??\c:\btnbtt.exec:\btnbtt.exe97⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe98⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe99⤵
-
\??\c:\lfxfxff.exec:\lfxfxff.exe100⤵
-
\??\c:\lrxxffx.exec:\lrxxffx.exe101⤵
-
\??\c:\htbtnh.exec:\htbtnh.exe102⤵
-
\??\c:\1vpdp.exec:\1vpdp.exe103⤵
-
\??\c:\fxfffrr.exec:\fxfffrr.exe104⤵
-
\??\c:\hbnttb.exec:\hbnttb.exe105⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe106⤵
-
\??\c:\dvvjp.exec:\dvvjp.exe107⤵
-
\??\c:\rfxxxfx.exec:\rfxxxfx.exe108⤵
-
\??\c:\hhnnbh.exec:\hhnnbh.exe109⤵
-
\??\c:\nhtttb.exec:\nhtttb.exe110⤵
-
\??\c:\djvvp.exec:\djvvp.exe111⤵
-
\??\c:\lffxxxr.exec:\lffxxxr.exe112⤵
-
\??\c:\5hnhht.exec:\5hnhht.exe113⤵
-
\??\c:\hthntn.exec:\hthntn.exe114⤵
-
\??\c:\5pjdd.exec:\5pjdd.exe115⤵
-
\??\c:\pjpdv.exec:\pjpdv.exe116⤵
-
\??\c:\rxfxrrr.exec:\rxfxrrr.exe117⤵
-
\??\c:\nthhnn.exec:\nthhnn.exe118⤵
-
\??\c:\hbbtbb.exec:\hbbtbb.exe119⤵
-
\??\c:\5pvvv.exec:\5pvvv.exe120⤵
-
\??\c:\rfllffx.exec:\rfllffx.exe121⤵
-
\??\c:\frxrxxf.exec:\frxrxxf.exe122⤵
-
\??\c:\7bbtnn.exec:\7bbtnn.exe123⤵
-
\??\c:\tbhbbb.exec:\tbhbbb.exe124⤵
-
\??\c:\3lrrffr.exec:\3lrrffr.exe125⤵
-
\??\c:\tbbnhn.exec:\tbbnhn.exe126⤵
-
\??\c:\tntnbt.exec:\tntnbt.exe127⤵
-
\??\c:\jpvpp.exec:\jpvpp.exe128⤵
-
\??\c:\xlrxfxl.exec:\xlrxfxl.exe129⤵
-
\??\c:\lllxrlf.exec:\lllxrlf.exe130⤵
-
\??\c:\hbbnnt.exec:\hbbnnt.exe131⤵
-
\??\c:\hbbthh.exec:\hbbthh.exe132⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe133⤵
-
\??\c:\1jdvp.exec:\1jdvp.exe134⤵
-
\??\c:\rllfrrr.exec:\rllfrrr.exe135⤵
-
\??\c:\bntnnh.exec:\bntnnh.exe136⤵
-
\??\c:\7bbnnn.exec:\7bbnnn.exe137⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe138⤵
-
\??\c:\vpppp.exec:\vpppp.exe139⤵
-
\??\c:\rlxrxxf.exec:\rlxrxxf.exe140⤵
-
\??\c:\frrrlfx.exec:\frrrlfx.exe141⤵
-
\??\c:\7tbbtt.exec:\7tbbtt.exe142⤵
-
\??\c:\hnnhbb.exec:\hnnhbb.exe143⤵
-
\??\c:\7jjdp.exec:\7jjdp.exe144⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe145⤵
-
\??\c:\9jpjd.exec:\9jpjd.exe146⤵
-
\??\c:\flrfxrf.exec:\flrfxrf.exe147⤵
-
\??\c:\5thbnb.exec:\5thbnb.exe148⤵
-
\??\c:\9djjd.exec:\9djjd.exe149⤵
-
\??\c:\dppjd.exec:\dppjd.exe150⤵
-
\??\c:\xflfxxf.exec:\xflfxxf.exe151⤵
-
\??\c:\xrrlffx.exec:\xrrlffx.exe152⤵
-
\??\c:\hbtthh.exec:\hbtthh.exe153⤵
-
\??\c:\bhtbnb.exec:\bhtbnb.exe154⤵
-
\??\c:\vppjv.exec:\vppjv.exe155⤵
-
\??\c:\3jdvv.exec:\3jdvv.exe156⤵
-
\??\c:\xflfxxr.exec:\xflfxxr.exe157⤵
-
\??\c:\xlrfxxr.exec:\xlrfxxr.exe158⤵
-
\??\c:\nttthn.exec:\nttthn.exe159⤵
-
\??\c:\ttnhbb.exec:\ttnhbb.exe160⤵
-
\??\c:\dpdvv.exec:\dpdvv.exe161⤵
-
\??\c:\ppvpd.exec:\ppvpd.exe162⤵
-
\??\c:\9flfllf.exec:\9flfllf.exe163⤵
-
\??\c:\xrrrllf.exec:\xrrrllf.exe164⤵
-
\??\c:\hnnhbn.exec:\hnnhbn.exe165⤵
-
\??\c:\httnhh.exec:\httnhh.exe166⤵
-
\??\c:\9hnhtt.exec:\9hnhtt.exe167⤵
-
\??\c:\9vjdv.exec:\9vjdv.exe168⤵
-
\??\c:\djjdp.exec:\djjdp.exe169⤵
-
\??\c:\ppppp.exec:\ppppp.exe170⤵
-
\??\c:\xlrlxxr.exec:\xlrlxxr.exe171⤵
-
\??\c:\rxxxrrl.exec:\rxxxrrl.exe172⤵
-
\??\c:\hbtnhh.exec:\hbtnhh.exe173⤵
-
\??\c:\5bnnhb.exec:\5bnnhb.exe174⤵
-
\??\c:\3jpjd.exec:\3jpjd.exe175⤵
-
\??\c:\3frrlrl.exec:\3frrlrl.exe176⤵
-
\??\c:\thnhbt.exec:\thnhbt.exe177⤵
-
\??\c:\pddvd.exec:\pddvd.exe178⤵
-
\??\c:\vppdv.exec:\vppdv.exe179⤵
-
\??\c:\lfrlxlf.exec:\lfrlxlf.exe180⤵
-
\??\c:\nhbbtt.exec:\nhbbtt.exe181⤵
-
\??\c:\hbbnhh.exec:\hbbnhh.exe182⤵
-
\??\c:\pdvpj.exec:\pdvpj.exe183⤵
-
\??\c:\1jppd.exec:\1jppd.exe184⤵
-
\??\c:\9fxrfff.exec:\9fxrfff.exe185⤵
-
\??\c:\nhtntt.exec:\nhtntt.exe186⤵
-
\??\c:\5bbhtt.exec:\5bbhtt.exe187⤵
-
\??\c:\pdddd.exec:\pdddd.exe188⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe189⤵
-
\??\c:\rxrxxxx.exec:\rxrxxxx.exe190⤵
-
\??\c:\rrxrlll.exec:\rrxrlll.exe191⤵
-
\??\c:\9nttbb.exec:\9nttbb.exe192⤵
-
\??\c:\bhhbth.exec:\bhhbth.exe193⤵
-
\??\c:\ddjdp.exec:\ddjdp.exe194⤵
-
\??\c:\3vvvp.exec:\3vvvp.exe195⤵
-
\??\c:\rflffff.exec:\rflffff.exe196⤵
-
\??\c:\lflfxxr.exec:\lflfxxr.exe197⤵
-
\??\c:\5hnhhh.exec:\5hnhhh.exe198⤵
-
\??\c:\hbhnbh.exec:\hbhnbh.exe199⤵
-
\??\c:\3jjvp.exec:\3jjvp.exe200⤵
-
\??\c:\9ppjd.exec:\9ppjd.exe201⤵
-
\??\c:\rlrlllr.exec:\rlrlllr.exe202⤵
-
\??\c:\1bbttt.exec:\1bbttt.exe203⤵
-
\??\c:\bttnbb.exec:\bttnbb.exe204⤵
-
\??\c:\3jddv.exec:\3jddv.exe205⤵
-
\??\c:\1pjdp.exec:\1pjdp.exe206⤵
-
\??\c:\frrllll.exec:\frrllll.exe207⤵
-
\??\c:\rrrrlll.exec:\rrrrlll.exe208⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe209⤵
-
\??\c:\vvpjj.exec:\vvpjj.exe210⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe211⤵
-
\??\c:\djddv.exec:\djddv.exe212⤵
-
\??\c:\lffxxrr.exec:\lffxxrr.exe213⤵
-
\??\c:\tntnnn.exec:\tntnnn.exe214⤵
-
\??\c:\3tbtth.exec:\3tbtth.exe215⤵
-
\??\c:\jppvd.exec:\jppvd.exe216⤵
-
\??\c:\dppjd.exec:\dppjd.exe217⤵
-
\??\c:\rllfrfx.exec:\rllfrfx.exe218⤵
-
\??\c:\rrrlflf.exec:\rrrlflf.exe219⤵
-
\??\c:\llxrlxx.exec:\llxrlxx.exe220⤵
-
\??\c:\5nnhnn.exec:\5nnhnn.exe221⤵
-
\??\c:\hbhthb.exec:\hbhthb.exe222⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe223⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe224⤵
-
\??\c:\xflfrrl.exec:\xflfrrl.exe225⤵
-
\??\c:\5xlfxxr.exec:\5xlfxxr.exe226⤵
-
\??\c:\7bttnn.exec:\7bttnn.exe227⤵
-
\??\c:\bntttt.exec:\bntttt.exe228⤵
-
\??\c:\9bhbtb.exec:\9bhbtb.exe229⤵
-
\??\c:\pjppp.exec:\pjppp.exe230⤵
-
\??\c:\rlrrlfx.exec:\rlrrlfx.exe231⤵
-
\??\c:\1lllffl.exec:\1lllffl.exe232⤵
-
\??\c:\1llfrfx.exec:\1llfrfx.exe233⤵
-
\??\c:\7bnthh.exec:\7bnthh.exe234⤵
-
\??\c:\7htnbb.exec:\7htnbb.exe235⤵
-
\??\c:\ddpjv.exec:\ddpjv.exe236⤵
-
\??\c:\vdjdp.exec:\vdjdp.exe237⤵
-
\??\c:\ffrxllr.exec:\ffrxllr.exe238⤵
-
\??\c:\rrffrff.exec:\rrffrff.exe239⤵
-
\??\c:\fxrrlll.exec:\fxrrlll.exe240⤵
-
\??\c:\5nnnhh.exec:\5nnnhh.exe241⤵