Analysis
-
max time kernel
150s -
max time network
131s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
18-05-2024 20:46
General
-
Target
40f732aa8af3055823efe43e5f7c6e2458dbb2f73942fab5982e4a994fff3c2f.exe
-
Size
65KB
-
MD5
7804890590d429bbabbf2215439a9bb2
-
SHA1
6dab948dbf084bcd2675a1a27bcf452b7f6747ea
-
SHA256
40f732aa8af3055823efe43e5f7c6e2458dbb2f73942fab5982e4a994fff3c2f
-
SHA512
383ac7349d940e48f3b2f634ca42ea1f1dcde2fcac66786cce391b2ade6a3d14e66643bb0a25b9005af8581bcb27175b1da618820ec5c67986223519dd8d80db
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUuYp+5C8+LuvdT:ymb3NkkiQ3mdBjF0yMlM
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
UPX dump on OEP (original entry point) 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\40f732aa8af3055823efe43e5f7c6e2458dbb2f73942fab5982e4a994fff3c2f.exe"C:\Users\Admin\AppData\Local\Temp\40f732aa8af3055823efe43e5f7c6e2458dbb2f73942fab5982e4a994fff3c2f.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bhttht.exec:\bhttht.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbttbb.exec:\nbttbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddpv.exec:\pddpv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlfxff.exec:\fxlfxff.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tbhtb.exec:\5tbhtb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjp.exec:\jdpjp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfllxl.exec:\fxfllxl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxfxr.exec:\lffxfxr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbbbb.exec:\bbbbbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvvv.exec:\jvvvv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpv.exec:\dvvpv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ntnhn.exec:\5ntnhn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjd.exec:\jdjjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrlffx.exec:\xlrlffx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhnb.exec:\bnnhnb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pvvp.exec:\3pvvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxrllf.exec:\xxxrllf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lfxrrr.exec:\1lfxrrr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nnnhn.exec:\3nnnhn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvddv.exec:\jvddv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jpjd.exec:\5jpjd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlllllr.exec:\rlllllr.exe23⤵
- Executes dropped EXE
-
\??\c:\rflrfll.exec:\rflrfll.exe24⤵
- Executes dropped EXE
-
\??\c:\hhnbtb.exec:\hhnbtb.exe25⤵
- Executes dropped EXE
-
\??\c:\7pppp.exec:\7pppp.exe26⤵
- Executes dropped EXE
-
\??\c:\7djjd.exec:\7djjd.exe27⤵
- Executes dropped EXE
-
\??\c:\lfrllxf.exec:\lfrllxf.exe28⤵
- Executes dropped EXE
-
\??\c:\nhhbtt.exec:\nhhbtt.exe29⤵
- Executes dropped EXE
-
\??\c:\xlrxlfr.exec:\xlrxlfr.exe30⤵
- Executes dropped EXE
-
\??\c:\tntnnn.exec:\tntnnn.exe31⤵
- Executes dropped EXE
-
\??\c:\dpvvv.exec:\dpvvv.exe32⤵
- Executes dropped EXE
-
\??\c:\lxxflrf.exec:\lxxflrf.exe33⤵
- Executes dropped EXE
-
\??\c:\thtttt.exec:\thtttt.exe34⤵
- Executes dropped EXE
-
\??\c:\ddjjd.exec:\ddjjd.exe35⤵
- Executes dropped EXE
-
\??\c:\xlfxrrr.exec:\xlfxrrr.exe36⤵
- Executes dropped EXE
-
\??\c:\bbbtnn.exec:\bbbtnn.exe37⤵
- Executes dropped EXE
-
\??\c:\tttttb.exec:\tttttb.exe38⤵
- Executes dropped EXE
-
\??\c:\vvvvv.exec:\vvvvv.exe39⤵
- Executes dropped EXE
-
\??\c:\rrffffx.exec:\rrffffx.exe40⤵
- Executes dropped EXE
-
\??\c:\3hnnnb.exec:\3hnnnb.exe41⤵
- Executes dropped EXE
-
\??\c:\htbnnt.exec:\htbnnt.exe42⤵
- Executes dropped EXE
-
\??\c:\jvdvd.exec:\jvdvd.exe43⤵
- Executes dropped EXE
-
\??\c:\vjjvj.exec:\vjjvj.exe44⤵
- Executes dropped EXE
-
\??\c:\lffxrff.exec:\lffxrff.exe45⤵
- Executes dropped EXE
-
\??\c:\7htthn.exec:\7htthn.exe46⤵
- Executes dropped EXE
-
\??\c:\btbbtb.exec:\btbbtb.exe47⤵
- Executes dropped EXE
-
\??\c:\vvppp.exec:\vvppp.exe48⤵
- Executes dropped EXE
-
\??\c:\fffxxxf.exec:\fffxxxf.exe49⤵
- Executes dropped EXE
-
\??\c:\nntttb.exec:\nntttb.exe50⤵
- Executes dropped EXE
-
\??\c:\tnnbbb.exec:\tnnbbb.exe51⤵
- Executes dropped EXE
-
\??\c:\vjjjd.exec:\vjjjd.exe52⤵
- Executes dropped EXE
-
\??\c:\7frrrxx.exec:\7frrrxx.exe53⤵
- Executes dropped EXE
-
\??\c:\nbbnhb.exec:\nbbnhb.exe54⤵
- Executes dropped EXE
-
\??\c:\tbbbhn.exec:\tbbbhn.exe55⤵
- Executes dropped EXE
-
\??\c:\jdjdd.exec:\jdjdd.exe56⤵
- Executes dropped EXE
-
\??\c:\pjvdd.exec:\pjvdd.exe57⤵
- Executes dropped EXE
-
\??\c:\lfllxfx.exec:\lfllxfx.exe58⤵
- Executes dropped EXE
-
\??\c:\xrrrrrr.exec:\xrrrrrr.exe59⤵
- Executes dropped EXE
-
\??\c:\tttbhh.exec:\tttbhh.exe60⤵
- Executes dropped EXE
-
\??\c:\pvvdv.exec:\pvvdv.exe61⤵
- Executes dropped EXE
-
\??\c:\rlfrflx.exec:\rlfrflx.exe62⤵
- Executes dropped EXE
-
\??\c:\rlrlrrx.exec:\rlrlrrx.exe63⤵
- Executes dropped EXE
-
\??\c:\hbtttt.exec:\hbtttt.exe64⤵
- Executes dropped EXE
-
\??\c:\jjvvv.exec:\jjvvv.exe65⤵
- Executes dropped EXE
-
\??\c:\xxlllll.exec:\xxlllll.exe66⤵
-
\??\c:\rlfxxxf.exec:\rlfxxxf.exe67⤵
-
\??\c:\btttnt.exec:\btttnt.exe68⤵
-
\??\c:\jjddv.exec:\jjddv.exe69⤵
-
\??\c:\jjvvv.exec:\jjvvv.exe70⤵
-
\??\c:\5xxrlrr.exec:\5xxrlrr.exe71⤵
-
\??\c:\btbbtt.exec:\btbbtt.exe72⤵
-
\??\c:\7tbttt.exec:\7tbttt.exe73⤵
-
\??\c:\7jvpd.exec:\7jvpd.exe74⤵
-
\??\c:\3pvjv.exec:\3pvjv.exe75⤵
-
\??\c:\rllxfff.exec:\rllxfff.exe76⤵
-
\??\c:\bhbbnh.exec:\bhbbnh.exe77⤵
-
\??\c:\3hhbnn.exec:\3hhbnn.exe78⤵
-
\??\c:\jjddv.exec:\jjddv.exe79⤵
-
\??\c:\pvddv.exec:\pvddv.exe80⤵
-
\??\c:\rfflfrx.exec:\rfflfrx.exe81⤵
-
\??\c:\bhnbhh.exec:\bhnbhh.exe82⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe83⤵
-
\??\c:\pdddd.exec:\pdddd.exe84⤵
-
\??\c:\flllfff.exec:\flllfff.exe85⤵
-
\??\c:\xrrrrrx.exec:\xrrrrrx.exe86⤵
-
\??\c:\bbhntb.exec:\bbhntb.exe87⤵
-
\??\c:\pddpp.exec:\pddpp.exe88⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe89⤵
-
\??\c:\1flrfff.exec:\1flrfff.exe90⤵
-
\??\c:\btnhhh.exec:\btnhhh.exe91⤵
-
\??\c:\jpddv.exec:\jpddv.exe92⤵
-
\??\c:\rlllfff.exec:\rlllfff.exe93⤵
-
\??\c:\nthnhn.exec:\nthnhn.exe94⤵
-
\??\c:\nbhntn.exec:\nbhntn.exe95⤵
-
\??\c:\jpppd.exec:\jpppd.exe96⤵
-
\??\c:\ddddd.exec:\ddddd.exe97⤵
-
\??\c:\llllfff.exec:\llllfff.exe98⤵
-
\??\c:\rfffllf.exec:\rfffllf.exe99⤵
-
\??\c:\tthnnt.exec:\tthnnt.exe100⤵
-
\??\c:\dvdjj.exec:\dvdjj.exe101⤵
-
\??\c:\xxllxxl.exec:\xxllxxl.exe102⤵
-
\??\c:\nnttnt.exec:\nnttnt.exe103⤵
-
\??\c:\bnbttt.exec:\bnbttt.exe104⤵
-
\??\c:\jjvjp.exec:\jjvjp.exe105⤵
-
\??\c:\rxflrlf.exec:\rxflrlf.exe106⤵
-
\??\c:\xxlrrrf.exec:\xxlrrrf.exe107⤵
-
\??\c:\9hbbbt.exec:\9hbbbt.exe108⤵
-
\??\c:\hthnth.exec:\hthnth.exe109⤵
-
\??\c:\pdjvv.exec:\pdjvv.exe110⤵
-
\??\c:\xfffxfl.exec:\xfffxfl.exe111⤵
-
\??\c:\bnbnth.exec:\bnbnth.exe112⤵
-
\??\c:\pdpvp.exec:\pdpvp.exe113⤵
-
\??\c:\xlrlxfx.exec:\xlrlxfx.exe114⤵
-
\??\c:\5jjdv.exec:\5jjdv.exe115⤵
-
\??\c:\fxfxxxr.exec:\fxfxxxr.exe116⤵
-
\??\c:\7hhthh.exec:\7hhthh.exe117⤵
-
\??\c:\tnhbtn.exec:\tnhbtn.exe118⤵
-
\??\c:\1pvdv.exec:\1pvdv.exe119⤵
-
\??\c:\3pddj.exec:\3pddj.exe120⤵
-
\??\c:\rxffflf.exec:\rxffflf.exe121⤵
-
\??\c:\3bnntb.exec:\3bnntb.exe122⤵
-
\??\c:\5thtnn.exec:\5thtnn.exe123⤵
-
\??\c:\jdddd.exec:\jdddd.exe124⤵
-
\??\c:\fflfrrf.exec:\fflfrrf.exe125⤵
-
\??\c:\nthnnb.exec:\nthnnb.exe126⤵
-
\??\c:\5vdvp.exec:\5vdvp.exe127⤵
-
\??\c:\5rxrlfx.exec:\5rxrlfx.exe128⤵
-
\??\c:\btnnhh.exec:\btnnhh.exe129⤵
-
\??\c:\1hhbbh.exec:\1hhbbh.exe130⤵
-
\??\c:\jpddd.exec:\jpddd.exe131⤵
-
\??\c:\lxlxxfr.exec:\lxlxxfr.exe132⤵
-
\??\c:\9xrxlxf.exec:\9xrxlxf.exe133⤵
-
\??\c:\1tbnht.exec:\1tbnht.exe134⤵
-
\??\c:\bnthtn.exec:\bnthtn.exe135⤵
-
\??\c:\dpjjv.exec:\dpjjv.exe136⤵
-
\??\c:\jvpdj.exec:\jvpdj.exe137⤵
-
\??\c:\lxfllrl.exec:\lxfllrl.exe138⤵
-
\??\c:\nhnbnn.exec:\nhnbnn.exe139⤵
-
\??\c:\nhbttb.exec:\nhbttb.exe140⤵
-
\??\c:\dvjvp.exec:\dvjvp.exe141⤵
-
\??\c:\dpvvd.exec:\dpvvd.exe142⤵
-
\??\c:\rxxxxxx.exec:\rxxxxxx.exe143⤵
-
\??\c:\1rrllxx.exec:\1rrllxx.exe144⤵
-
\??\c:\7bhhbh.exec:\7bhhbh.exe145⤵
-
\??\c:\ppvvv.exec:\ppvvv.exe146⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe147⤵
-
\??\c:\fllxrxr.exec:\fllxrxr.exe148⤵
-
\??\c:\rrlfxff.exec:\rrlfxff.exe149⤵
-
\??\c:\5hhbbb.exec:\5hhbbb.exe150⤵
-
\??\c:\tttttn.exec:\tttttn.exe151⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe152⤵
-
\??\c:\rlrfxlr.exec:\rlrfxlr.exe153⤵
-
\??\c:\xfxrlrl.exec:\xfxrlrl.exe154⤵
-
\??\c:\9bhhhh.exec:\9bhhhh.exe155⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe156⤵
-
\??\c:\3dddv.exec:\3dddv.exe157⤵
-
\??\c:\rrrrrxx.exec:\rrrrrxx.exe158⤵
-
\??\c:\bnhbth.exec:\bnhbth.exe159⤵
-
\??\c:\ntthtn.exec:\ntthtn.exe160⤵
-
\??\c:\pvpjv.exec:\pvpjv.exe161⤵
-
\??\c:\vdjvp.exec:\vdjvp.exe162⤵
-
\??\c:\5llfffx.exec:\5llfffx.exe163⤵
-
\??\c:\9lrrlxx.exec:\9lrrlxx.exe164⤵
-
\??\c:\7ttnht.exec:\7ttnht.exe165⤵
-
\??\c:\dpvdv.exec:\dpvdv.exe166⤵
-
\??\c:\jvpjd.exec:\jvpjd.exe167⤵
-
\??\c:\xlxxrfr.exec:\xlxxrfr.exe168⤵
-
\??\c:\rxrfrlr.exec:\rxrfrlr.exe169⤵
-
\??\c:\bbhhhh.exec:\bbhhhh.exe170⤵
-
\??\c:\bttttt.exec:\bttttt.exe171⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe172⤵
-
\??\c:\vdvjd.exec:\vdvjd.exe173⤵
-
\??\c:\rllllrr.exec:\rllllrr.exe174⤵
-
\??\c:\rlrrrrr.exec:\rlrrrrr.exe175⤵
-
\??\c:\1hnbnb.exec:\1hnbnb.exe176⤵
-
\??\c:\btbbtt.exec:\btbbtt.exe177⤵
-
\??\c:\7vvvp.exec:\7vvvp.exe178⤵
-
\??\c:\3fllxxf.exec:\3fllxxf.exe179⤵
-
\??\c:\fffxxxx.exec:\fffxxxx.exe180⤵
-
\??\c:\httttb.exec:\httttb.exe181⤵
-
\??\c:\tthnth.exec:\tthnth.exe182⤵
-
\??\c:\3rffffr.exec:\3rffffr.exe183⤵
-
\??\c:\xxrxrxf.exec:\xxrxrxf.exe184⤵
-
\??\c:\hntnbh.exec:\hntnbh.exe185⤵
-
\??\c:\bnbbtn.exec:\bnbbtn.exe186⤵
-
\??\c:\7ppjj.exec:\7ppjj.exe187⤵
-
\??\c:\3fflrff.exec:\3fflrff.exe188⤵
-
\??\c:\hthnhh.exec:\hthnhh.exe189⤵
-
\??\c:\bthhhn.exec:\bthhhn.exe190⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe191⤵
-
\??\c:\fxxrrrl.exec:\fxxrrrl.exe192⤵
-
\??\c:\5rxrrrl.exec:\5rxrrrl.exe193⤵
-
\??\c:\btbbbb.exec:\btbbbb.exe194⤵
-
\??\c:\9vpjd.exec:\9vpjd.exe195⤵
-
\??\c:\3lxrfff.exec:\3lxrfff.exe196⤵
-
\??\c:\xlffrlx.exec:\xlffrlx.exe197⤵
-
\??\c:\hbnnbb.exec:\hbnnbb.exe198⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe199⤵
-
\??\c:\xxxrlll.exec:\xxxrlll.exe200⤵
-
\??\c:\bbnbnb.exec:\bbnbnb.exe201⤵
-
\??\c:\5jpjj.exec:\5jpjj.exe202⤵
-
\??\c:\lrrfllf.exec:\lrrfllf.exe203⤵
-
\??\c:\bhhbbn.exec:\bhhbbn.exe204⤵
-
\??\c:\bhhnnh.exec:\bhhnnh.exe205⤵
-
\??\c:\ffrlxlx.exec:\ffrlxlx.exe206⤵
-
\??\c:\htntnn.exec:\htntnn.exe207⤵
-
\??\c:\vvjdp.exec:\vvjdp.exe208⤵
-
\??\c:\fxxrxxr.exec:\fxxrxxr.exe209⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe210⤵
-
\??\c:\hnhbth.exec:\hnhbth.exe211⤵
-
\??\c:\vvjjj.exec:\vvjjj.exe212⤵
-
\??\c:\ttnbnb.exec:\ttnbnb.exe213⤵
-
\??\c:\9tnntb.exec:\9tnntb.exe214⤵
-
\??\c:\dppvv.exec:\dppvv.exe215⤵
-
\??\c:\frffrrr.exec:\frffrrr.exe216⤵
-
\??\c:\lffffff.exec:\lffffff.exe217⤵
-
\??\c:\bnnhhb.exec:\bnnhhb.exe218⤵
-
\??\c:\1nttnh.exec:\1nttnh.exe219⤵
-
\??\c:\jjppp.exec:\jjppp.exe220⤵
-
\??\c:\lrrlrff.exec:\lrrlrff.exe221⤵
-
\??\c:\xfrfrfx.exec:\xfrfrfx.exe222⤵
-
\??\c:\bbnbnt.exec:\bbnbnt.exe223⤵
-
\??\c:\9ddpj.exec:\9ddpj.exe224⤵
-
\??\c:\vppjv.exec:\vppjv.exe225⤵
-
\??\c:\xffxlfx.exec:\xffxlfx.exe226⤵
-
\??\c:\thhbnh.exec:\thhbnh.exe227⤵
-
\??\c:\hbhhtn.exec:\hbhhtn.exe228⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe229⤵
-
\??\c:\7lrfxxf.exec:\7lrfxxf.exe230⤵
-
\??\c:\1rxlfff.exec:\1rxlfff.exe231⤵
-
\??\c:\htnbbh.exec:\htnbbh.exe232⤵
-
\??\c:\hhnnbb.exec:\hhnnbb.exe233⤵
-
\??\c:\jjpjd.exec:\jjpjd.exe234⤵
-
\??\c:\djddp.exec:\djddp.exe235⤵
-
\??\c:\fxfrrrr.exec:\fxfrrrr.exe236⤵
-
\??\c:\1llffxf.exec:\1llffxf.exe237⤵
-
\??\c:\tthtbn.exec:\tthtbn.exe238⤵
-
\??\c:\tntnhh.exec:\tntnhh.exe239⤵
-
\??\c:\vjppp.exec:\vjppp.exe240⤵
-
\??\c:\lfllxlx.exec:\lfllxlx.exe241⤵