Analysis
-
max time kernel
149s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
19-05-2024 02:33
General
-
Target
cbf3c8473c0750fa44fe095059509bb6fc1965dd5ecb5ec24b559869578dc955.exe
-
Size
99KB
-
MD5
e50c2ae097fd2a808fbc3a0d559b2020
-
SHA1
d4a12df09db7465bf810e0954395e7b05142da16
-
SHA256
cbf3c8473c0750fa44fe095059509bb6fc1965dd5ecb5ec24b559869578dc955
-
SHA512
6bc0c6ed817a28d927c834dcaaaa327059d3830d312c475aa0d31ca44d2856bc6e2944a4485277352613f5f117c439ce3bfb88b9a7e4a1e0bdde37570ebcabbc
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73tvn+Yp99zm+/KZBHq/4wcD:n3C9BRo7tvnJ99T/KZE/8
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
UPX dump on OEP (original entry point) 30 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cbf3c8473c0750fa44fe095059509bb6fc1965dd5ecb5ec24b559869578dc955.exe"C:\Users\Admin\AppData\Local\Temp\cbf3c8473c0750fa44fe095059509bb6fc1965dd5ecb5ec24b559869578dc955.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppj.exec:\pjppj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5thbhn.exec:\5thbhn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjv.exec:\dvjjv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlrxxf.exec:\lxlrxxf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbnbh.exec:\hhbnbh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bnnbb.exec:\9bnnbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjvj.exec:\jpjvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rrxxxl.exec:\7rrxxxl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxlffx.exec:\rfxlffx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhthh.exec:\nhhthh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pdvd.exec:\1pdvd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rlffrx.exec:\5rlffrx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxffrlr.exec:\lxffrlr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nhhnn.exec:\5nhhnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvpv.exec:\pjvpv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflrflx.exec:\fflrflx.exe17⤵
- Executes dropped EXE
-
\??\c:\xlrrrrf.exec:\xlrrrrf.exe18⤵
- Executes dropped EXE
-
\??\c:\hhntnb.exec:\hhntnb.exe19⤵
- Executes dropped EXE
-
\??\c:\ppvdj.exec:\ppvdj.exe20⤵
- Executes dropped EXE
-
\??\c:\vpvvd.exec:\vpvvd.exe21⤵
- Executes dropped EXE
-
\??\c:\lrxxrlx.exec:\lrxxrlx.exe22⤵
- Executes dropped EXE
-
\??\c:\nbbnhh.exec:\nbbnhh.exe23⤵
- Executes dropped EXE
-
\??\c:\jjjjd.exec:\jjjjd.exe24⤵
- Executes dropped EXE
-
\??\c:\fxxxxrr.exec:\fxxxxrr.exe25⤵
- Executes dropped EXE
-
\??\c:\rffllxf.exec:\rffllxf.exe26⤵
- Executes dropped EXE
-
\??\c:\7tbnbn.exec:\7tbnbn.exe27⤵
- Executes dropped EXE
-
\??\c:\jpdpv.exec:\jpdpv.exe28⤵
- Executes dropped EXE
-
\??\c:\dvddj.exec:\dvddj.exe29⤵
- Executes dropped EXE
-
\??\c:\lllxxxr.exec:\lllxxxr.exe30⤵
- Executes dropped EXE
-
\??\c:\htbbbt.exec:\htbbbt.exe31⤵
- Executes dropped EXE
-
\??\c:\thntbh.exec:\thntbh.exe32⤵
- Executes dropped EXE
-
\??\c:\dpppj.exec:\dpppj.exe33⤵
- Executes dropped EXE
-
\??\c:\vpdvj.exec:\vpdvj.exe34⤵
- Executes dropped EXE
-
\??\c:\7rlrrrr.exec:\7rlrrrr.exe35⤵
- Executes dropped EXE
-
\??\c:\lxxxrrf.exec:\lxxxrrf.exe36⤵
- Executes dropped EXE
-
\??\c:\3nbntb.exec:\3nbntb.exe37⤵
- Executes dropped EXE
-
\??\c:\nhhbbb.exec:\nhhbbb.exe38⤵
- Executes dropped EXE
-
\??\c:\dpvdp.exec:\dpvdp.exe39⤵
- Executes dropped EXE
-
\??\c:\pdjdd.exec:\pdjdd.exe40⤵
- Executes dropped EXE
-
\??\c:\7fxflll.exec:\7fxflll.exe41⤵
- Executes dropped EXE
-
\??\c:\3lxrrrf.exec:\3lxrrrf.exe42⤵
- Executes dropped EXE
-
\??\c:\thhnhb.exec:\thhnhb.exe43⤵
- Executes dropped EXE
-
\??\c:\5hnbtn.exec:\5hnbtn.exe44⤵
- Executes dropped EXE
-
\??\c:\1pvvd.exec:\1pvvd.exe45⤵
- Executes dropped EXE
-
\??\c:\xlrxffl.exec:\xlrxffl.exe46⤵
- Executes dropped EXE
-
\??\c:\5fxflff.exec:\5fxflff.exe47⤵
- Executes dropped EXE
-
\??\c:\9ntttt.exec:\9ntttt.exe48⤵
- Executes dropped EXE
-
\??\c:\hbbbnn.exec:\hbbbnn.exe49⤵
- Executes dropped EXE
-
\??\c:\jdjpv.exec:\jdjpv.exe50⤵
- Executes dropped EXE
-
\??\c:\jjjdd.exec:\jjjdd.exe51⤵
- Executes dropped EXE
-
\??\c:\lfxfrxf.exec:\lfxfrxf.exe52⤵
- Executes dropped EXE
-
\??\c:\xfxrfrx.exec:\xfxrfrx.exe53⤵
- Executes dropped EXE
-
\??\c:\ntthnn.exec:\ntthnn.exe54⤵
- Executes dropped EXE
-
\??\c:\ppjvd.exec:\ppjvd.exe55⤵
- Executes dropped EXE
-
\??\c:\jppdd.exec:\jppdd.exe56⤵
- Executes dropped EXE
-
\??\c:\rlxxlll.exec:\rlxxlll.exe57⤵
- Executes dropped EXE
-
\??\c:\nthhhh.exec:\nthhhh.exe58⤵
- Executes dropped EXE
-
\??\c:\9nhhhh.exec:\9nhhhh.exe59⤵
- Executes dropped EXE
-
\??\c:\vjpvp.exec:\vjpvp.exe60⤵
- Executes dropped EXE
-
\??\c:\dvvdd.exec:\dvvdd.exe61⤵
- Executes dropped EXE
-
\??\c:\9rxlfff.exec:\9rxlfff.exe62⤵
- Executes dropped EXE
-
\??\c:\xrxxxff.exec:\xrxxxff.exe63⤵
- Executes dropped EXE
-
\??\c:\nhtbtn.exec:\nhtbtn.exe64⤵
- Executes dropped EXE
-
\??\c:\nbhhhh.exec:\nbhhhh.exe65⤵
- Executes dropped EXE
-
\??\c:\vdjjd.exec:\vdjjd.exe66⤵
-
\??\c:\3frrxlr.exec:\3frrxlr.exe67⤵
-
\??\c:\rfflrxf.exec:\rfflrxf.exe68⤵
-
\??\c:\5httbb.exec:\5httbb.exe69⤵
-
\??\c:\btbbtb.exec:\btbbtb.exe70⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe71⤵
-
\??\c:\dvddd.exec:\dvddd.exe72⤵
-
\??\c:\frxfxxx.exec:\frxfxxx.exe73⤵
-
\??\c:\9fflffx.exec:\9fflffx.exe74⤵
-
\??\c:\1btttt.exec:\1btttt.exe75⤵
-
\??\c:\tnhnnn.exec:\tnhnnn.exe76⤵
-
\??\c:\pdpvj.exec:\pdpvj.exe77⤵
-
\??\c:\jvpdj.exec:\jvpdj.exe78⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe79⤵
-
\??\c:\rlxrxxr.exec:\rlxrxxr.exe80⤵
-
\??\c:\nhhhnh.exec:\nhhhnh.exe81⤵
-
\??\c:\tnttnh.exec:\tnttnh.exe82⤵
-
\??\c:\pvpjp.exec:\pvpjp.exe83⤵
-
\??\c:\fxllxfr.exec:\fxllxfr.exe84⤵
-
\??\c:\rlrfffl.exec:\rlrfffl.exe85⤵
-
\??\c:\1xlrlrf.exec:\1xlrlrf.exe86⤵
-
\??\c:\ttbhbh.exec:\ttbhbh.exe87⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe88⤵
-
\??\c:\rlrrrrx.exec:\rlrrrrx.exe89⤵
-
\??\c:\fxflllx.exec:\fxflllx.exe90⤵
-
\??\c:\thnhtt.exec:\thnhtt.exe91⤵
-
\??\c:\hbtbth.exec:\hbtbth.exe92⤵
-
\??\c:\dppdd.exec:\dppdd.exe93⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe94⤵
-
\??\c:\xrflrrf.exec:\xrflrrf.exe95⤵
-
\??\c:\rlffrxf.exec:\rlffrxf.exe96⤵
-
\??\c:\5tnthh.exec:\5tnthh.exe97⤵
-
\??\c:\7nbhnt.exec:\7nbhnt.exe98⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe99⤵
-
\??\c:\jdjvd.exec:\jdjvd.exe100⤵
-
\??\c:\lfxxffl.exec:\lfxxffl.exe101⤵
-
\??\c:\flfxfxf.exec:\flfxfxf.exe102⤵
-
\??\c:\nhnbhn.exec:\nhnbhn.exe103⤵
-
\??\c:\5vjdj.exec:\5vjdj.exe104⤵
-
\??\c:\vpddd.exec:\vpddd.exe105⤵
-
\??\c:\7rrlffl.exec:\7rrlffl.exe106⤵
-
\??\c:\lxlffff.exec:\lxlffff.exe107⤵
-
\??\c:\nnhhtt.exec:\nnhhtt.exe108⤵
-
\??\c:\thhhbh.exec:\thhhbh.exe109⤵
-
\??\c:\7bnnnn.exec:\7bnnnn.exe110⤵
-
\??\c:\5dppd.exec:\5dppd.exe111⤵
-
\??\c:\vvjvj.exec:\vvjvj.exe112⤵
-
\??\c:\1lffflr.exec:\1lffflr.exe113⤵
-
\??\c:\flrrfxr.exec:\flrrfxr.exe114⤵
-
\??\c:\9tnnbh.exec:\9tnnbh.exe115⤵
-
\??\c:\bthhtn.exec:\bthhtn.exe116⤵
-
\??\c:\ddvvj.exec:\ddvvj.exe117⤵
-
\??\c:\pvvvj.exec:\pvvvj.exe118⤵
-
\??\c:\1frrlff.exec:\1frrlff.exe119⤵
-
\??\c:\1lxxfff.exec:\1lxxfff.exe120⤵
-
\??\c:\nnthtt.exec:\nnthtt.exe121⤵
-
\??\c:\bbtnbt.exec:\bbtnbt.exe122⤵
-
\??\c:\vpjdj.exec:\vpjdj.exe123⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe124⤵
-
\??\c:\7xllrrx.exec:\7xllrrx.exe125⤵
-
\??\c:\xrxfffl.exec:\xrxfffl.exe126⤵
-
\??\c:\9tbbhh.exec:\9tbbhh.exe127⤵
-
\??\c:\jdddj.exec:\jdddj.exe128⤵
-
\??\c:\pvvdj.exec:\pvvdj.exe129⤵
-
\??\c:\rflllxf.exec:\rflllxf.exe130⤵
-
\??\c:\frxfllr.exec:\frxfllr.exe131⤵
-
\??\c:\tnthtb.exec:\tnthtb.exe132⤵
-
\??\c:\5ttnnh.exec:\5ttnnh.exe133⤵
-
\??\c:\nbhbhh.exec:\nbhbhh.exe134⤵
-
\??\c:\dvpvp.exec:\dvpvp.exe135⤵
-
\??\c:\jjpvd.exec:\jjpvd.exe136⤵
-
\??\c:\fxxxfxf.exec:\fxxxfxf.exe137⤵
-
\??\c:\5lrrrlf.exec:\5lrrrlf.exe138⤵
-
\??\c:\bnhnbb.exec:\bnhnbb.exe139⤵
-
\??\c:\5htnnt.exec:\5htnnt.exe140⤵
-
\??\c:\pdjpp.exec:\pdjpp.exe141⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe142⤵
-
\??\c:\rfxflfl.exec:\rfxflfl.exe143⤵
-
\??\c:\xlxxfff.exec:\xlxxfff.exe144⤵
-
\??\c:\5bbhtn.exec:\5bbhtn.exe145⤵
-
\??\c:\5btthh.exec:\5btthh.exe146⤵
-
\??\c:\1bhbhh.exec:\1bhbhh.exe147⤵
-
\??\c:\9dpdd.exec:\9dpdd.exe148⤵
-
\??\c:\dvvjd.exec:\dvvjd.exe149⤵
-
\??\c:\lxffrrf.exec:\lxffrrf.exe150⤵
-
\??\c:\9lllxrr.exec:\9lllxrr.exe151⤵
-
\??\c:\bthbhb.exec:\bthbhb.exe152⤵
-
\??\c:\dpvdj.exec:\dpvdj.exe153⤵
-
\??\c:\rllfrxf.exec:\rllfrxf.exe154⤵
-
\??\c:\rlxfllr.exec:\rlxfllr.exe155⤵
-
\??\c:\1bbhhn.exec:\1bbhhn.exe156⤵
-
\??\c:\hhnnhh.exec:\hhnnhh.exe157⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe158⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe159⤵
-
\??\c:\xrflxfl.exec:\xrflxfl.exe160⤵
-
\??\c:\ffxrrxf.exec:\ffxrrxf.exe161⤵
-
\??\c:\3nhnbb.exec:\3nhnbb.exe162⤵
-
\??\c:\nbtnnb.exec:\nbtnnb.exe163⤵
-
\??\c:\jjddj.exec:\jjddj.exe164⤵
-
\??\c:\7dpjp.exec:\7dpjp.exe165⤵
-
\??\c:\lxllfff.exec:\lxllfff.exe166⤵
-
\??\c:\rrxfrxf.exec:\rrxfrxf.exe167⤵
-
\??\c:\tttbht.exec:\tttbht.exe168⤵
-
\??\c:\tttbnh.exec:\tttbnh.exe169⤵
-
\??\c:\1dvjp.exec:\1dvjp.exe170⤵
-
\??\c:\vpppv.exec:\vpppv.exe171⤵
-
\??\c:\xlrrrlx.exec:\xlrrrlx.exe172⤵
-
\??\c:\fxflrxr.exec:\fxflrxr.exe173⤵
-
\??\c:\1htbnh.exec:\1htbnh.exe174⤵
-
\??\c:\hbnnbb.exec:\hbnnbb.exe175⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe176⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe177⤵
-
\??\c:\1pjpv.exec:\1pjpv.exe178⤵
-
\??\c:\fxfxlff.exec:\fxfxlff.exe179⤵
-
\??\c:\nntnnt.exec:\nntnnt.exe180⤵
-
\??\c:\btbbnh.exec:\btbbnh.exe181⤵
-
\??\c:\5jvvp.exec:\5jvvp.exe182⤵
-
\??\c:\dpvvj.exec:\dpvvj.exe183⤵
-
\??\c:\lxfxrlr.exec:\lxfxrlr.exe184⤵
-
\??\c:\xrflrrx.exec:\xrflrrx.exe185⤵
-
\??\c:\bhntnb.exec:\bhntnb.exe186⤵
-
\??\c:\thtbbb.exec:\thtbbb.exe187⤵
-
\??\c:\vpppv.exec:\vpppv.exe188⤵
-
\??\c:\jjjvd.exec:\jjjvd.exe189⤵
-
\??\c:\1rffllx.exec:\1rffllx.exe190⤵
-
\??\c:\3xffxxx.exec:\3xffxxx.exe191⤵
-
\??\c:\hbhttt.exec:\hbhttt.exe192⤵
-
\??\c:\bnhntb.exec:\bnhntb.exe193⤵
-
\??\c:\3pdjj.exec:\3pdjj.exe194⤵
-
\??\c:\7jjpv.exec:\7jjpv.exe195⤵
-
\??\c:\7frxlrl.exec:\7frxlrl.exe196⤵
-
\??\c:\ntbhhb.exec:\ntbhhb.exe197⤵
-
\??\c:\vpvdj.exec:\vpvdj.exe198⤵
-
\??\c:\3vjjj.exec:\3vjjj.exe199⤵
-
\??\c:\fxllxxf.exec:\fxllxxf.exe200⤵
-
\??\c:\btbhnn.exec:\btbhnn.exe201⤵
-
\??\c:\tnhhbb.exec:\tnhhbb.exe202⤵
-
\??\c:\5jdvv.exec:\5jdvv.exe203⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe204⤵
-
\??\c:\5flrfll.exec:\5flrfll.exe205⤵
-
\??\c:\rfllxxl.exec:\rfllxxl.exe206⤵
-
\??\c:\nhtbnt.exec:\nhtbnt.exe207⤵
-
\??\c:\btnhtn.exec:\btnhtn.exe208⤵
-
\??\c:\1dvpv.exec:\1dvpv.exe209⤵
-
\??\c:\jpppp.exec:\jpppp.exe210⤵
-
\??\c:\lxxfxxl.exec:\lxxfxxl.exe211⤵
-
\??\c:\1lfxxxl.exec:\1lfxxxl.exe212⤵
-
\??\c:\thnhhb.exec:\thnhhb.exe213⤵
-
\??\c:\hbnnbt.exec:\hbnnbt.exe214⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe215⤵
-
\??\c:\pjddv.exec:\pjddv.exe216⤵
-
\??\c:\frlrrrf.exec:\frlrrrf.exe217⤵
-
\??\c:\hbntnn.exec:\hbntnn.exe218⤵
-
\??\c:\hnbnbn.exec:\hnbnbn.exe219⤵
-
\??\c:\jdvjd.exec:\jdvjd.exe220⤵
-
\??\c:\dppdd.exec:\dppdd.exe221⤵
-
\??\c:\xlfflxf.exec:\xlfflxf.exe222⤵
-
\??\c:\frxxxrx.exec:\frxxxrx.exe223⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe224⤵
-
\??\c:\9jdvp.exec:\9jdvp.exe225⤵
-
\??\c:\ddppv.exec:\ddppv.exe226⤵
-
\??\c:\dvddv.exec:\dvddv.exe227⤵
-
\??\c:\rlxxrrf.exec:\rlxxrrf.exe228⤵
-
\??\c:\ffrxxrr.exec:\ffrxxrr.exe229⤵
-
\??\c:\5ttthn.exec:\5ttthn.exe230⤵
-
\??\c:\9tbnhn.exec:\9tbnhn.exe231⤵
-
\??\c:\3vjjj.exec:\3vjjj.exe232⤵
-
\??\c:\dpddd.exec:\dpddd.exe233⤵
-
\??\c:\xrxrxxf.exec:\xrxrxxf.exe234⤵
-
\??\c:\xrllrlr.exec:\xrllrlr.exe235⤵
-
\??\c:\9tbhbh.exec:\9tbhbh.exe236⤵
-
\??\c:\tnbttt.exec:\tnbttt.exe237⤵
-
\??\c:\9djjv.exec:\9djjv.exe238⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe239⤵
-
\??\c:\rrfxfrx.exec:\rrfxfrx.exe240⤵
-
\??\c:\3lxxffl.exec:\3lxxffl.exe241⤵