Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
19-05-2024 22:46
General
-
Target
68478c981ce66933325a6f946fd6c5c6af85b2851ba4360a64e0e3c6e1829c24.exe
-
Size
224KB
-
MD5
c34a6d6d5a19c8125a85ff4f89dc499d
-
SHA1
58a9aaa0a1fd469566ce6822e269ed3c76120c01
-
SHA256
68478c981ce66933325a6f946fd6c5c6af85b2851ba4360a64e0e3c6e1829c24
-
SHA512
3d34f9e751106b82fbeba83be8063c62d1fcea14733e48900fa76c468e81f8d20fc5676fe33511c4daac57eb6e9c5691704d5fd03564d141001359427f0417c8
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4xL7m:n3C9BRo7MlrWKo+lxKy
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
UPX dump on OEP (original entry point) 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\68478c981ce66933325a6f946fd6c5c6af85b2851ba4360a64e0e3c6e1829c24.exe"C:\Users\Admin\AppData\Local\Temp\68478c981ce66933325a6f946fd6c5c6af85b2851ba4360a64e0e3c6e1829c24.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlxrfx.exec:\lrlxrfx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbttht.exec:\hbttht.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pjdd.exec:\1pjdd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxlxrx.exec:\fxxlxrx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xrlffr.exec:\3xrlffr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbttnn.exec:\hbttnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tnthn.exec:\5tnthn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vjvv.exec:\7vjvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdjd.exec:\vvdjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxfrfr.exec:\xrxfrfr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhntn.exec:\tnhntn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbnbn.exec:\bhbnbn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpjv.exec:\ddpjv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxlfrf.exec:\llxlfrf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhbh.exec:\tnhhbh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hbbnh.exec:\5hbbnh.exe17⤵
- Executes dropped EXE
-
\??\c:\ppddj.exec:\ppddj.exe18⤵
- Executes dropped EXE
-
\??\c:\llxxxfx.exec:\llxxxfx.exe19⤵
- Executes dropped EXE
-
\??\c:\rrflxfl.exec:\rrflxfl.exe20⤵
- Executes dropped EXE
-
\??\c:\nnbhth.exec:\nnbhth.exe21⤵
- Executes dropped EXE
-
\??\c:\vpjjd.exec:\vpjjd.exe22⤵
- Executes dropped EXE
-
\??\c:\7fxxffl.exec:\7fxxffl.exe23⤵
- Executes dropped EXE
-
\??\c:\3xrlflx.exec:\3xrlflx.exe24⤵
- Executes dropped EXE
-
\??\c:\htbnhb.exec:\htbnhb.exe25⤵
- Executes dropped EXE
-
\??\c:\hthnht.exec:\hthnht.exe26⤵
- Executes dropped EXE
-
\??\c:\ppjpd.exec:\ppjpd.exe27⤵
- Executes dropped EXE
-
\??\c:\3btbtn.exec:\3btbtn.exe28⤵
- Executes dropped EXE
-
\??\c:\pjjjv.exec:\pjjjv.exe29⤵
- Executes dropped EXE
-
\??\c:\rrrrlrl.exec:\rrrrlrl.exe30⤵
- Executes dropped EXE
-
\??\c:\5lrxffr.exec:\5lrxffr.exe31⤵
- Executes dropped EXE
-
\??\c:\bthntb.exec:\bthntb.exe32⤵
- Executes dropped EXE
-
\??\c:\7hbhnn.exec:\7hbhnn.exe33⤵
- Executes dropped EXE
-
\??\c:\1vvpd.exec:\1vvpd.exe34⤵
- Executes dropped EXE
-
\??\c:\llrflrf.exec:\llrflrf.exe35⤵
- Executes dropped EXE
-
\??\c:\xflxxrx.exec:\xflxxrx.exe36⤵
- Executes dropped EXE
-
\??\c:\3bttnn.exec:\3bttnn.exe37⤵
- Executes dropped EXE
-
\??\c:\nhbhnn.exec:\nhbhnn.exe38⤵
- Executes dropped EXE
-
\??\c:\dvpvp.exec:\dvpvp.exe39⤵
- Executes dropped EXE
-
\??\c:\pvjdv.exec:\pvjdv.exe40⤵
- Executes dropped EXE
-
\??\c:\rlfrlxl.exec:\rlfrlxl.exe41⤵
- Executes dropped EXE
-
\??\c:\rrrffrx.exec:\rrrffrx.exe42⤵
- Executes dropped EXE
-
\??\c:\bhbtht.exec:\bhbtht.exe43⤵
- Executes dropped EXE
-
\??\c:\htnhbb.exec:\htnhbb.exe44⤵
- Executes dropped EXE
-
\??\c:\dpjvp.exec:\dpjvp.exe45⤵
- Executes dropped EXE
-
\??\c:\jjpvp.exec:\jjpvp.exe46⤵
- Executes dropped EXE
-
\??\c:\rrlrfrx.exec:\rrlrfrx.exe47⤵
- Executes dropped EXE
-
\??\c:\7lflllf.exec:\7lflllf.exe48⤵
- Executes dropped EXE
-
\??\c:\bnhnbh.exec:\bnhnbh.exe49⤵
- Executes dropped EXE
-
\??\c:\vvppd.exec:\vvppd.exe50⤵
- Executes dropped EXE
-
\??\c:\1jdjp.exec:\1jdjp.exe51⤵
- Executes dropped EXE
-
\??\c:\5dpvj.exec:\5dpvj.exe52⤵
- Executes dropped EXE
-
\??\c:\5lxxxxf.exec:\5lxxxxf.exe53⤵
- Executes dropped EXE
-
\??\c:\hbbhtt.exec:\hbbhtt.exe54⤵
- Executes dropped EXE
-
\??\c:\tnhhnt.exec:\tnhhnt.exe55⤵
- Executes dropped EXE
-
\??\c:\vdvpd.exec:\vdvpd.exe56⤵
- Executes dropped EXE
-
\??\c:\djppj.exec:\djppj.exe57⤵
- Executes dropped EXE
-
\??\c:\3llxxll.exec:\3llxxll.exe58⤵
- Executes dropped EXE
-
\??\c:\bhbtbt.exec:\bhbtbt.exe59⤵
- Executes dropped EXE
-
\??\c:\vpdvv.exec:\vpdvv.exe60⤵
- Executes dropped EXE
-
\??\c:\dvjpv.exec:\dvjpv.exe61⤵
- Executes dropped EXE
-
\??\c:\xrflrrx.exec:\xrflrrx.exe62⤵
- Executes dropped EXE
-
\??\c:\3xllrll.exec:\3xllrll.exe63⤵
- Executes dropped EXE
-
\??\c:\thnttb.exec:\thnttb.exe64⤵
- Executes dropped EXE
-
\??\c:\htbthn.exec:\htbthn.exe65⤵
- Executes dropped EXE
-
\??\c:\jvpvv.exec:\jvpvv.exe66⤵
-
\??\c:\pjddp.exec:\pjddp.exe67⤵
-
\??\c:\xrlflxl.exec:\xrlflxl.exe68⤵
-
\??\c:\hthnhn.exec:\hthnhn.exe69⤵
-
\??\c:\3hnhnt.exec:\3hnhnt.exe70⤵
-
\??\c:\1vjjd.exec:\1vjjd.exe71⤵
-
\??\c:\ddppj.exec:\ddppj.exe72⤵
-
\??\c:\xrflxxl.exec:\xrflxxl.exe73⤵
-
\??\c:\rrxffrl.exec:\rrxffrl.exe74⤵
-
\??\c:\5hnbbb.exec:\5hnbbb.exe75⤵
-
\??\c:\tnhhhn.exec:\tnhhhn.exe76⤵
-
\??\c:\jdvjv.exec:\jdvjv.exe77⤵
-
\??\c:\7jvvj.exec:\7jvvj.exe78⤵
-
\??\c:\9xrrflr.exec:\9xrrflr.exe79⤵
-
\??\c:\7xlfxlx.exec:\7xlfxlx.exe80⤵
-
\??\c:\3bbbhn.exec:\3bbbhn.exe81⤵
-
\??\c:\btbbhb.exec:\btbbhb.exe82⤵
-
\??\c:\vjjpd.exec:\vjjpd.exe83⤵
-
\??\c:\vjjjj.exec:\vjjjj.exe84⤵
-
\??\c:\rrxffxl.exec:\rrxffxl.exe85⤵
-
\??\c:\hhbtnt.exec:\hhbtnt.exe86⤵
-
\??\c:\vdjdp.exec:\vdjdp.exe87⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe88⤵
-
\??\c:\7flffrf.exec:\7flffrf.exe89⤵
-
\??\c:\nhhbbt.exec:\nhhbbt.exe90⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe91⤵
-
\??\c:\ppddp.exec:\ppddp.exe92⤵
-
\??\c:\xxlrflr.exec:\xxlrflr.exe93⤵
-
\??\c:\dpvjp.exec:\dpvjp.exe94⤵
-
\??\c:\rlfxrxr.exec:\rlfxrxr.exe95⤵
-
\??\c:\bttbbn.exec:\bttbbn.exe96⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe97⤵
-
\??\c:\jjjvv.exec:\jjjvv.exe98⤵
-
\??\c:\lffxlxl.exec:\lffxlxl.exe99⤵
-
\??\c:\bbhttt.exec:\bbhttt.exe100⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe101⤵
-
\??\c:\1rfflxr.exec:\1rfflxr.exe102⤵
-
\??\c:\3lrxffx.exec:\3lrxffx.exe103⤵
-
\??\c:\vdvjd.exec:\vdvjd.exe104⤵
-
\??\c:\xrffflr.exec:\xrffflr.exe105⤵
-
\??\c:\hbbbnn.exec:\hbbbnn.exe106⤵
-
\??\c:\jvjjv.exec:\jvjjv.exe107⤵
-
\??\c:\xrllxfr.exec:\xrllxfr.exe108⤵
-
\??\c:\bttnbb.exec:\bttnbb.exe109⤵
-
\??\c:\nhbnth.exec:\nhbnth.exe110⤵
-
\??\c:\9jvpd.exec:\9jvpd.exe111⤵
-
\??\c:\5dvpp.exec:\5dvpp.exe112⤵
-
\??\c:\rlflrlx.exec:\rlflrlx.exe113⤵
-
\??\c:\bnnnbh.exec:\bnnnbh.exe114⤵
-
\??\c:\1hhnbh.exec:\1hhnbh.exe115⤵
-
\??\c:\djddp.exec:\djddp.exe116⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe117⤵
-
\??\c:\rlxxrxr.exec:\rlxxrxr.exe118⤵
-
\??\c:\hhhnth.exec:\hhhnth.exe119⤵
-
\??\c:\ntbbhb.exec:\ntbbhb.exe120⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe121⤵
-
\??\c:\fffrfxr.exec:\fffrfxr.exe122⤵
-
\??\c:\frlxfrl.exec:\frlxfrl.exe123⤵
-
\??\c:\hhbhbb.exec:\hhbhbb.exe124⤵
-
\??\c:\tnbthn.exec:\tnbthn.exe125⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe126⤵
-
\??\c:\rfxxflx.exec:\rfxxflx.exe127⤵
-
\??\c:\rfffrlx.exec:\rfffrlx.exe128⤵
-
\??\c:\btbhth.exec:\btbhth.exe129⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe130⤵
-
\??\c:\pjdjd.exec:\pjdjd.exe131⤵
-
\??\c:\xrflxfr.exec:\xrflxfr.exe132⤵
-
\??\c:\xfxfrxr.exec:\xfxfrxr.exe133⤵
-
\??\c:\nhbhtb.exec:\nhbhtb.exe134⤵
-
\??\c:\pjjvj.exec:\pjjvj.exe135⤵
-
\??\c:\jjvdp.exec:\jjvdp.exe136⤵
-
\??\c:\7xxfrxf.exec:\7xxfrxf.exe137⤵
-
\??\c:\fxlrfrf.exec:\fxlrfrf.exe138⤵
-
\??\c:\tnbbbb.exec:\tnbbbb.exe139⤵
-
\??\c:\1pjpj.exec:\1pjpj.exe140⤵
-
\??\c:\jjppd.exec:\jjppd.exe141⤵
-
\??\c:\9flrfrr.exec:\9flrfrr.exe142⤵
-
\??\c:\xxrfrlf.exec:\xxrfrlf.exe143⤵
-
\??\c:\btttbn.exec:\btttbn.exe144⤵
-
\??\c:\7tnthn.exec:\7tnthn.exe145⤵
-
\??\c:\9pdjp.exec:\9pdjp.exe146⤵
-
\??\c:\rlxfllr.exec:\rlxfllr.exe147⤵
-
\??\c:\nntttt.exec:\nntttt.exe148⤵
-
\??\c:\nhhbtn.exec:\nhhbtn.exe149⤵
-
\??\c:\7ppdj.exec:\7ppdj.exe150⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe151⤵
-
\??\c:\xrfrffr.exec:\xrfrffr.exe152⤵
-
\??\c:\nnhntn.exec:\nnhntn.exe153⤵
-
\??\c:\7nhhtt.exec:\7nhhtt.exe154⤵
-
\??\c:\jjjvj.exec:\jjjvj.exe155⤵
-
\??\c:\vpppd.exec:\vpppd.exe156⤵
-
\??\c:\rxlrflr.exec:\rxlrflr.exe157⤵
-
\??\c:\1btthn.exec:\1btthn.exe158⤵
-
\??\c:\7djdv.exec:\7djdv.exe159⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe160⤵
-
\??\c:\xxxxflf.exec:\xxxxflf.exe161⤵
-
\??\c:\hbtbnn.exec:\hbtbnn.exe162⤵
-
\??\c:\1thnth.exec:\1thnth.exe163⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe164⤵
-
\??\c:\1pdjp.exec:\1pdjp.exe165⤵
-
\??\c:\xxllxxr.exec:\xxllxxr.exe166⤵
-
\??\c:\bbtbhn.exec:\bbtbhn.exe167⤵
-
\??\c:\bbhnnn.exec:\bbhnnn.exe168⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe169⤵
-
\??\c:\dvpdv.exec:\dvpdv.exe170⤵
-
\??\c:\fxflflx.exec:\fxflflx.exe171⤵
-
\??\c:\hhttnn.exec:\hhttnn.exe172⤵
-
\??\c:\5thbnn.exec:\5thbnn.exe173⤵
-
\??\c:\7vjvd.exec:\7vjvd.exe174⤵
-
\??\c:\vpjpj.exec:\vpjpj.exe175⤵
-
\??\c:\lfxfrxl.exec:\lfxfrxl.exe176⤵
-
\??\c:\nhbbnh.exec:\nhbbnh.exe177⤵
-
\??\c:\3nntnh.exec:\3nntnh.exe178⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe179⤵
-
\??\c:\9dvdj.exec:\9dvdj.exe180⤵
-
\??\c:\lfxlxfx.exec:\lfxlxfx.exe181⤵
-
\??\c:\lrlxlxf.exec:\lrlxlxf.exe182⤵
-
\??\c:\7tntbh.exec:\7tntbh.exe183⤵
-
\??\c:\tnhbhn.exec:\tnhbhn.exe184⤵
-
\??\c:\vddpd.exec:\vddpd.exe185⤵
-
\??\c:\1rlrrxl.exec:\1rlrrxl.exe186⤵
-
\??\c:\xrxxrxl.exec:\xrxxrxl.exe187⤵
-
\??\c:\ntbtbh.exec:\ntbtbh.exe188⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe189⤵
-
\??\c:\jddjp.exec:\jddjp.exe190⤵
-
\??\c:\fxrxrfr.exec:\fxrxrfr.exe191⤵
-
\??\c:\htbnbh.exec:\htbnbh.exe192⤵
-
\??\c:\htnhnh.exec:\htnhnh.exe193⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe194⤵
-
\??\c:\xxrlrrf.exec:\xxrlrrf.exe195⤵
-
\??\c:\xxfllff.exec:\xxfllff.exe196⤵
-
\??\c:\bhthtt.exec:\bhthtt.exe197⤵
-
\??\c:\pjdpj.exec:\pjdpj.exe198⤵
-
\??\c:\jjjvv.exec:\jjjvv.exe199⤵
-
\??\c:\xrrfllr.exec:\xrrfllr.exe200⤵
-
\??\c:\5nhnnn.exec:\5nhnnn.exe201⤵
-
\??\c:\nhbnnt.exec:\nhbnnt.exe202⤵
-
\??\c:\jjjvv.exec:\jjjvv.exe203⤵
-
\??\c:\xxxlrxl.exec:\xxxlrxl.exe204⤵
-
\??\c:\rrflffr.exec:\rrflffr.exe205⤵
-
\??\c:\bnbtbn.exec:\bnbtbn.exe206⤵
-
\??\c:\btnnbh.exec:\btnnbh.exe207⤵
-
\??\c:\7pvdp.exec:\7pvdp.exe208⤵
-
\??\c:\vjvpv.exec:\vjvpv.exe209⤵
-
\??\c:\rllllff.exec:\rllllff.exe210⤵
-
\??\c:\bbbhhb.exec:\bbbhhb.exe211⤵
-
\??\c:\ddvjp.exec:\ddvjp.exe212⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe213⤵
-
\??\c:\5frfllf.exec:\5frfllf.exe214⤵
-
\??\c:\xxxlxfr.exec:\xxxlxfr.exe215⤵
-
\??\c:\bbnbht.exec:\bbnbht.exe216⤵
-
\??\c:\7dpjv.exec:\7dpjv.exe217⤵
-
\??\c:\djpjd.exec:\djpjd.exe218⤵
-
\??\c:\9frfrxr.exec:\9frfrxr.exe219⤵
-
\??\c:\1rlrffl.exec:\1rlrffl.exe220⤵
-
\??\c:\hhhbht.exec:\hhhbht.exe221⤵
-
\??\c:\5nthnb.exec:\5nthnb.exe222⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe223⤵
-
\??\c:\vpdjd.exec:\vpdjd.exe224⤵
-
\??\c:\llxfxlx.exec:\llxfxlx.exe225⤵
-
\??\c:\bbtntb.exec:\bbtntb.exe226⤵
-
\??\c:\hhhhnt.exec:\hhhhnt.exe227⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe228⤵
-
\??\c:\vvdjd.exec:\vvdjd.exe229⤵
-
\??\c:\lfxxfrf.exec:\lfxxfrf.exe230⤵
-
\??\c:\ffflxlx.exec:\ffflxlx.exe231⤵
-
\??\c:\nnttnt.exec:\nnttnt.exe232⤵
-
\??\c:\7hnnbn.exec:\7hnnbn.exe233⤵
-
\??\c:\3pjpp.exec:\3pjpp.exe234⤵
-
\??\c:\vddpj.exec:\vddpj.exe235⤵
-
\??\c:\lllflrf.exec:\lllflrf.exe236⤵
-
\??\c:\btntnh.exec:\btntnh.exe237⤵
-
\??\c:\hnbnbn.exec:\hnbnbn.exe238⤵
-
\??\c:\dddvj.exec:\dddvj.exe239⤵
-
\??\c:\rrxlfrf.exec:\rrxlfrf.exe240⤵
-
\??\c:\xxflrxr.exec:\xxflrxr.exe241⤵