Analysis
-
max time kernel
150s -
max time network
116s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
19-05-2024 22:56
General
-
Target
6c2399a3ffea4b5f33a4474c02dce3e44847e61f1e6ce2665dd0c89bc18a8491.exe
-
Size
66KB
-
MD5
084734274535f7960c809dd4d7c8ca8a
-
SHA1
5a41275a92158c966188af9d94d3d484e40c4127
-
SHA256
6c2399a3ffea4b5f33a4474c02dce3e44847e61f1e6ce2665dd0c89bc18a8491
-
SHA512
7d53cfb8464ff681086047bdcba0ab9fd558c5daabda00144f6563931d08ba8e7a701bca33262ade8f353c38c5af96dc6ef14e14b37e3482d207d64a275ef2c1
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUPqrDZs:ymb3NkkiQ3mdBjF0yUmW
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
UPX dump on OEP (original entry point) 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6c2399a3ffea4b5f33a4474c02dce3e44847e61f1e6ce2665dd0c89bc18a8491.exe"C:\Users\Admin\AppData\Local\Temp\6c2399a3ffea4b5f33a4474c02dce3e44847e61f1e6ce2665dd0c89bc18a8491.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhhb.exec:\tnnhhb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbtn.exec:\nhhbtn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfflff.exec:\llfflff.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbbnn.exec:\ttbbnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddv.exec:\dvddv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfflxxf.exec:\lfflxxf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hnhbt.exec:\5hnhbt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbtbbh.exec:\tbtbbh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxxlrf.exec:\rfxxlrf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfxxxx.exec:\llfxxxx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbbnb.exec:\nbbbnb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvvd.exec:\ppvvd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjjj.exec:\ddjjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrrfff.exec:\xxrrfff.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnbhh.exec:\bnnbhh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvvv.exec:\ddvvv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxflrx.exec:\lrxflrx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthhhn.exec:\hthhhn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdddv.exec:\vdddv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpdv.exec:\vvpdv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrxlfr.exec:\fxrxlfr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tnnth.exec:\1tnnth.exe23⤵
- Executes dropped EXE
-
\??\c:\bntttb.exec:\bntttb.exe24⤵
- Executes dropped EXE
-
\??\c:\pvjpj.exec:\pvjpj.exe25⤵
- Executes dropped EXE
-
\??\c:\rlrrflf.exec:\rlrrflf.exe26⤵
- Executes dropped EXE
-
\??\c:\5ffxlxx.exec:\5ffxlxx.exe27⤵
- Executes dropped EXE
-
\??\c:\nbbhhn.exec:\nbbhhn.exe28⤵
- Executes dropped EXE
-
\??\c:\vvvpj.exec:\vvvpj.exe29⤵
- Executes dropped EXE
-
\??\c:\3ddvj.exec:\3ddvj.exe30⤵
- Executes dropped EXE
-
\??\c:\frrrlll.exec:\frrrlll.exe31⤵
- Executes dropped EXE
-
\??\c:\1tnttn.exec:\1tnttn.exe32⤵
- Executes dropped EXE
-
\??\c:\pjdvj.exec:\pjdvj.exe33⤵
- Executes dropped EXE
-
\??\c:\pvddv.exec:\pvddv.exe34⤵
- Executes dropped EXE
-
\??\c:\fllrrlf.exec:\fllrrlf.exe35⤵
- Executes dropped EXE
-
\??\c:\bbhbhn.exec:\bbhbhn.exe36⤵
- Executes dropped EXE
-
\??\c:\jvpjj.exec:\jvpjj.exe37⤵
- Executes dropped EXE
-
\??\c:\pjvjd.exec:\pjvjd.exe38⤵
- Executes dropped EXE
-
\??\c:\bbhhnn.exec:\bbhhnn.exe39⤵
- Executes dropped EXE
-
\??\c:\tttnbt.exec:\tttnbt.exe40⤵
- Executes dropped EXE
-
\??\c:\dpppv.exec:\dpppv.exe41⤵
- Executes dropped EXE
-
\??\c:\rlfxxff.exec:\rlfxxff.exe42⤵
- Executes dropped EXE
-
\??\c:\rlfxrlf.exec:\rlfxrlf.exe43⤵
- Executes dropped EXE
-
\??\c:\nhnthn.exec:\nhnthn.exe44⤵
- Executes dropped EXE
-
\??\c:\pvdvp.exec:\pvdvp.exe45⤵
- Executes dropped EXE
-
\??\c:\3jvpp.exec:\3jvpp.exe46⤵
-
\??\c:\rrllxfl.exec:\rrllxfl.exe47⤵
- Executes dropped EXE
-
\??\c:\bhnnbh.exec:\bhnnbh.exe48⤵
- Executes dropped EXE
-
\??\c:\jdjjd.exec:\jdjjd.exe49⤵
- Executes dropped EXE
-
\??\c:\dpppv.exec:\dpppv.exe50⤵
- Executes dropped EXE
-
\??\c:\5frfxrr.exec:\5frfxrr.exe51⤵
- Executes dropped EXE
-
\??\c:\httthh.exec:\httthh.exe52⤵
- Executes dropped EXE
-
\??\c:\nhbbtb.exec:\nhbbtb.exe53⤵
- Executes dropped EXE
-
\??\c:\ddjpp.exec:\ddjpp.exe54⤵
- Executes dropped EXE
-
\??\c:\fxxrlrr.exec:\fxxrlrr.exe55⤵
- Executes dropped EXE
-
\??\c:\htnnnn.exec:\htnnnn.exe56⤵
- Executes dropped EXE
-
\??\c:\vpvpj.exec:\vpvpj.exe57⤵
- Executes dropped EXE
-
\??\c:\rllffrr.exec:\rllffrr.exe58⤵
- Executes dropped EXE
-
\??\c:\3ffxrrl.exec:\3ffxrrl.exe59⤵
- Executes dropped EXE
-
\??\c:\httnhh.exec:\httnhh.exe60⤵
- Executes dropped EXE
-
\??\c:\1bhbtb.exec:\1bhbtb.exe61⤵
- Executes dropped EXE
-
\??\c:\jjvjv.exec:\jjvjv.exe62⤵
- Executes dropped EXE
-
\??\c:\rlflfff.exec:\rlflfff.exe63⤵
- Executes dropped EXE
-
\??\c:\hbhbtb.exec:\hbhbtb.exe64⤵
- Executes dropped EXE
-
\??\c:\hhhhbb.exec:\hhhhbb.exe65⤵
- Executes dropped EXE
-
\??\c:\vvppp.exec:\vvppp.exe66⤵
- Executes dropped EXE
-
\??\c:\rrffxxr.exec:\rrffxxr.exe67⤵
-
\??\c:\ntbbtt.exec:\ntbbtt.exe68⤵
-
\??\c:\btnnnn.exec:\btnnnn.exe69⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe70⤵
-
\??\c:\rxxflrr.exec:\rxxflrr.exe71⤵
-
\??\c:\tnhhbn.exec:\tnhhbn.exe72⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe73⤵
-
\??\c:\5ffrfrx.exec:\5ffrfrx.exe74⤵
-
\??\c:\nhtttt.exec:\nhtttt.exe75⤵
-
\??\c:\vppvp.exec:\vppvp.exe76⤵
-
\??\c:\dpjpp.exec:\dpjpp.exe77⤵
-
\??\c:\rfrxlfr.exec:\rfrxlfr.exe78⤵
-
\??\c:\3lfxflx.exec:\3lfxflx.exe79⤵
-
\??\c:\ttnttn.exec:\ttnttn.exe80⤵
-
\??\c:\dpjpp.exec:\dpjpp.exe81⤵
-
\??\c:\rlflffx.exec:\rlflffx.exe82⤵
-
\??\c:\rxfllxx.exec:\rxfllxx.exe83⤵
-
\??\c:\bbbbbb.exec:\bbbbbb.exe84⤵
-
\??\c:\djvvd.exec:\djvvd.exe85⤵
-
\??\c:\pjdjd.exec:\pjdjd.exe86⤵
-
\??\c:\ntbnth.exec:\ntbnth.exe87⤵
-
\??\c:\9tnhbh.exec:\9tnhbh.exe88⤵
-
\??\c:\vvjpv.exec:\vvjpv.exe89⤵
-
\??\c:\ddjvv.exec:\ddjvv.exe90⤵
-
\??\c:\rfrffxr.exec:\rfrffxr.exe91⤵
-
\??\c:\fxlllll.exec:\fxlllll.exe92⤵
-
\??\c:\9hhhhn.exec:\9hhhhn.exe93⤵
-
\??\c:\djdjp.exec:\djdjp.exe94⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe95⤵
-
\??\c:\1lfflrr.exec:\1lfflrr.exe96⤵
-
\??\c:\bbhtbh.exec:\bbhtbh.exe97⤵
-
\??\c:\nbhhhh.exec:\nbhhhh.exe98⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe99⤵
-
\??\c:\3pjvd.exec:\3pjvd.exe100⤵
-
\??\c:\xrrrrrr.exec:\xrrrrrr.exe101⤵
-
\??\c:\tttbtt.exec:\tttbtt.exe102⤵
-
\??\c:\bhhtnn.exec:\bhhtnn.exe103⤵
-
\??\c:\djvdv.exec:\djvdv.exe104⤵
-
\??\c:\1lrlrrr.exec:\1lrlrrr.exe105⤵
-
\??\c:\llrrlxx.exec:\llrrlxx.exe106⤵
-
\??\c:\pppvv.exec:\pppvv.exe107⤵
-
\??\c:\jpvvv.exec:\jpvvv.exe108⤵
-
\??\c:\xfxflxx.exec:\xfxflxx.exe109⤵
-
\??\c:\tbnnnt.exec:\tbnnnt.exe110⤵
-
\??\c:\ttnnnb.exec:\ttnnnb.exe111⤵
-
\??\c:\pdppp.exec:\pdppp.exe112⤵
-
\??\c:\lxxxflr.exec:\lxxxflr.exe113⤵
-
\??\c:\vjjvp.exec:\vjjvp.exe114⤵
-
\??\c:\rfxxrll.exec:\rfxxrll.exe115⤵
-
\??\c:\5ntnhh.exec:\5ntnhh.exe116⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe117⤵
-
\??\c:\9jvjp.exec:\9jvjp.exe118⤵
-
\??\c:\rlxflfx.exec:\rlxflfx.exe119⤵
-
\??\c:\nhhbhh.exec:\nhhbhh.exe120⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe121⤵
-
\??\c:\jvddd.exec:\jvddd.exe122⤵
-
\??\c:\llrrllf.exec:\llrrllf.exe123⤵
-
\??\c:\hbttbh.exec:\hbttbh.exe124⤵
-
\??\c:\ttbbbn.exec:\ttbbbn.exe125⤵
-
\??\c:\pjppj.exec:\pjppj.exe126⤵
-
\??\c:\rllllrl.exec:\rllllrl.exe127⤵
-
\??\c:\lxlrxfl.exec:\lxlrxfl.exe128⤵
-
\??\c:\bnhnhn.exec:\bnhnhn.exe129⤵
-
\??\c:\7dvpj.exec:\7dvpj.exe130⤵
-
\??\c:\rfllxrf.exec:\rfllxrf.exe131⤵
-
\??\c:\lrffllr.exec:\lrffllr.exe132⤵
-
\??\c:\rllllrr.exec:\rllllrr.exe133⤵
-
\??\c:\bhbbtb.exec:\bhbbtb.exe134⤵
-
\??\c:\ttbbbb.exec:\ttbbbb.exe135⤵
-
\??\c:\dpvdj.exec:\dpvdj.exe136⤵
-
\??\c:\pvpvv.exec:\pvpvv.exe137⤵
-
\??\c:\3rfflrx.exec:\3rfflrx.exe138⤵
-
\??\c:\xfrrllf.exec:\xfrrllf.exe139⤵
-
\??\c:\ttntbt.exec:\ttntbt.exe140⤵
-
\??\c:\pdjjv.exec:\pdjjv.exe141⤵
-
\??\c:\ppvvv.exec:\ppvvv.exe142⤵
-
\??\c:\5frxfxl.exec:\5frxfxl.exe143⤵
-
\??\c:\btthnb.exec:\btthnb.exe144⤵
-
\??\c:\fxxrrrl.exec:\fxxrrrl.exe145⤵
-
\??\c:\tnhntn.exec:\tnhntn.exe146⤵
-
\??\c:\9jppv.exec:\9jppv.exe147⤵
-
\??\c:\3flfxfx.exec:\3flfxfx.exe148⤵
-
\??\c:\ppjjj.exec:\ppjjj.exe149⤵
-
\??\c:\rrllrrr.exec:\rrllrrr.exe150⤵
-
\??\c:\hnbhnb.exec:\hnbhnb.exe151⤵
-
\??\c:\djvjd.exec:\djvjd.exe152⤵
-
\??\c:\5fxxlxr.exec:\5fxxlxr.exe153⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe154⤵
-
\??\c:\rxrllff.exec:\rxrllff.exe155⤵
-
\??\c:\7bnhbt.exec:\7bnhbt.exe156⤵
-
\??\c:\jvvdd.exec:\jvvdd.exe157⤵
-
\??\c:\flrrrrx.exec:\flrrrrx.exe158⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe159⤵
-
\??\c:\xrfffll.exec:\xrfffll.exe160⤵
-
\??\c:\nhnnnh.exec:\nhnnnh.exe161⤵
-
\??\c:\3pvpj.exec:\3pvpj.exe162⤵
-
\??\c:\ffxflrx.exec:\ffxflrx.exe163⤵
-
\??\c:\bhhhnb.exec:\bhhhnb.exe164⤵
-
\??\c:\1nbntn.exec:\1nbntn.exe165⤵
-
\??\c:\jpdvd.exec:\jpdvd.exe166⤵
-
\??\c:\9pjjp.exec:\9pjjp.exe167⤵
-
\??\c:\7rfrfrl.exec:\7rfrfrl.exe168⤵
-
\??\c:\tthntb.exec:\tthntb.exe169⤵
-
\??\c:\djpvj.exec:\djpvj.exe170⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe171⤵
-
\??\c:\llflxxr.exec:\llflxxr.exe172⤵
-
\??\c:\5tbtnn.exec:\5tbtnn.exe173⤵
-
\??\c:\7nhtbt.exec:\7nhtbt.exe174⤵
-
\??\c:\pjjpj.exec:\pjjpj.exe175⤵
-
\??\c:\vvpdd.exec:\vvpdd.exe176⤵
-
\??\c:\7ffrfrl.exec:\7ffrfrl.exe177⤵
-
\??\c:\rlrrflr.exec:\rlrrflr.exe178⤵
-
\??\c:\hhhthb.exec:\hhhthb.exe179⤵
-
\??\c:\5btthn.exec:\5btthn.exe180⤵
-
\??\c:\dddjd.exec:\dddjd.exe181⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe182⤵
-
\??\c:\3llfxfr.exec:\3llfxfr.exe183⤵
-
\??\c:\tbtnbn.exec:\tbtnbn.exe184⤵
-
\??\c:\btbthn.exec:\btbthn.exe185⤵
-
\??\c:\dppjj.exec:\dppjj.exe186⤵
-
\??\c:\7vdpj.exec:\7vdpj.exe187⤵
-
\??\c:\rlfxlfr.exec:\rlfxlfr.exe188⤵
-
\??\c:\rlrrlrl.exec:\rlrrlrl.exe189⤵
-
\??\c:\hnhhhh.exec:\hnhhhh.exe190⤵
-
\??\c:\nhhhhn.exec:\nhhhhn.exe191⤵
-
\??\c:\jdppv.exec:\jdppv.exe192⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe193⤵
-
\??\c:\ffxrlrr.exec:\ffxrlrr.exe194⤵
-
\??\c:\rlxxxxx.exec:\rlxxxxx.exe195⤵
-
\??\c:\hbnhtn.exec:\hbnhtn.exe196⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe197⤵
-
\??\c:\fflrrlr.exec:\fflrrlr.exe198⤵
-
\??\c:\rfxffll.exec:\rfxffll.exe199⤵
-
\??\c:\1rxxxff.exec:\1rxxxff.exe200⤵
-
\??\c:\nntbhn.exec:\nntbhn.exe201⤵
-
\??\c:\htbbhn.exec:\htbbhn.exe202⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe203⤵
-
\??\c:\5djdp.exec:\5djdp.exe204⤵
-
\??\c:\rxlrrxr.exec:\rxlrrxr.exe205⤵
-
\??\c:\xxxxxfl.exec:\xxxxxfl.exe206⤵
-
\??\c:\tnnhnt.exec:\tnnhnt.exe207⤵
-
\??\c:\ttbhbn.exec:\ttbhbn.exe208⤵
-
\??\c:\1vvvp.exec:\1vvvp.exe209⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe210⤵
-
\??\c:\rfxrlrr.exec:\rfxrlrr.exe211⤵
-
\??\c:\hhhhhh.exec:\hhhhhh.exe212⤵
-
\??\c:\3nnnht.exec:\3nnnht.exe213⤵
-
\??\c:\vpddd.exec:\vpddd.exe214⤵
-
\??\c:\rlxlffx.exec:\rlxlffx.exe215⤵
-
\??\c:\rflrfff.exec:\rflrfff.exe216⤵
-
\??\c:\ntbbtb.exec:\ntbbtb.exe217⤵
-
\??\c:\7nttnt.exec:\7nttnt.exe218⤵
-
\??\c:\djddj.exec:\djddj.exe219⤵
-
\??\c:\lxlrfxx.exec:\lxlrfxx.exe220⤵
-
\??\c:\xlflffr.exec:\xlflffr.exe221⤵
-
\??\c:\hbbbhb.exec:\hbbbhb.exe222⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe223⤵
-
\??\c:\pjvjj.exec:\pjvjj.exe224⤵
-
\??\c:\rlxrrrr.exec:\rlxrrrr.exe225⤵
-
\??\c:\nntnnn.exec:\nntnnn.exe226⤵
-
\??\c:\ppppv.exec:\ppppv.exe227⤵
-
\??\c:\fxrllrx.exec:\fxrllrx.exe228⤵
-
\??\c:\lfxxxff.exec:\lfxxxff.exe229⤵
-
\??\c:\tnbhhh.exec:\tnbhhh.exe230⤵
-
\??\c:\bttntb.exec:\bttntb.exe231⤵
-
\??\c:\ppvdd.exec:\ppvdd.exe232⤵
-
\??\c:\lfllflr.exec:\lfllflr.exe233⤵
-
\??\c:\7xrrlfr.exec:\7xrrlfr.exe234⤵
-
\??\c:\9bbttb.exec:\9bbttb.exe235⤵
-
\??\c:\7tbthh.exec:\7tbthh.exe236⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe237⤵
-
\??\c:\ddddj.exec:\ddddj.exe238⤵
-
\??\c:\fflllrr.exec:\fflllrr.exe239⤵
-
\??\c:\9lxrrrr.exec:\9lxrrrr.exe240⤵
-
\??\c:\hhbbtt.exec:\hhbbtt.exe241⤵