Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
19-05-2024 02:37
General
-
Target
cde05ef71face0a2bf35d80554a58cfd463bd19c31f5c1013b4ac110dff56a7d.exe
-
Size
200KB
-
MD5
e4777e975db8e4eb21c579c3fed15ed9
-
SHA1
e912968867961c142b752b2b95c8cb198c5e4532
-
SHA256
cde05ef71face0a2bf35d80554a58cfd463bd19c31f5c1013b4ac110dff56a7d
-
SHA512
1849c030ea9859f2c4495c0b32eac8bdb75ba7e24969670f9ddfdb88462de9f76334f9fe57a1ce8e7146d727c77056d5c7b94f1c8b22f06cc1d28685c7f255c3
-
SSDEEP
3072:ymb3NkkiQ3mdBjFIi/0RU6QeYQsm71vPmc51+GqekBJCvr6zJBUVv1Tu:n3C9BRIG0asYFm71m8+GdkB9Cv1i
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 18 IoCs
-
UPX dump on OEP (original entry point) 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 20 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cde05ef71face0a2bf35d80554a58cfd463bd19c31f5c1013b4ac110dff56a7d.exe"C:\Users\Admin\AppData\Local\Temp\cde05ef71face0a2bf35d80554a58cfd463bd19c31f5c1013b4ac110dff56a7d.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rfffrrx.exec:\rfffrrx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hnbtt.exec:\7hnbtt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7htbhn.exec:\7htbhn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjpd.exec:\ppjpd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrflrll.exec:\rrflrll.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrxxxl.exec:\xlrxxxl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbnbh.exec:\tnbnbh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tnnbh.exec:\7tnnbh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjd.exec:\vpjjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvvv.exec:\pdvvv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xxrllf.exec:\1xxrllf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbhhn.exec:\ttbhhn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbnhn.exec:\bhbnhn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjpd.exec:\jjjpd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrxlrf.exec:\rrrxlrf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxlrxx.exec:\lfxlrxx.exe17⤵
- Executes dropped EXE
-
\??\c:\hbbnbh.exec:\hbbnbh.exe18⤵
- Executes dropped EXE
-
\??\c:\1dpvj.exec:\1dpvj.exe19⤵
- Executes dropped EXE
-
\??\c:\vpjjd.exec:\vpjjd.exe20⤵
- Executes dropped EXE
-
\??\c:\1lrlrrx.exec:\1lrlrrx.exe21⤵
- Executes dropped EXE
-
\??\c:\9llrfxx.exec:\9llrfxx.exe22⤵
- Executes dropped EXE
-
\??\c:\nbtntb.exec:\nbtntb.exe23⤵
- Executes dropped EXE
-
\??\c:\9dppp.exec:\9dppp.exe24⤵
- Executes dropped EXE
-
\??\c:\pdjjp.exec:\pdjjp.exe25⤵
- Executes dropped EXE
-
\??\c:\xxrxlxr.exec:\xxrxlxr.exe26⤵
- Executes dropped EXE
-
\??\c:\1tbhhb.exec:\1tbhhb.exe27⤵
- Executes dropped EXE
-
\??\c:\ppjdj.exec:\ppjdj.exe28⤵
- Executes dropped EXE
-
\??\c:\7pdvd.exec:\7pdvd.exe29⤵
- Executes dropped EXE
-
\??\c:\lllxxff.exec:\lllxxff.exe30⤵
- Executes dropped EXE
-
\??\c:\ttnhnt.exec:\ttnhnt.exe31⤵
- Executes dropped EXE
-
\??\c:\1thhtt.exec:\1thhtt.exe32⤵
- Executes dropped EXE
-
\??\c:\jjdpv.exec:\jjdpv.exe33⤵
- Executes dropped EXE
-
\??\c:\xrllxrf.exec:\xrllxrf.exe34⤵
- Executes dropped EXE
-
\??\c:\lffrxlf.exec:\lffrxlf.exe35⤵
- Executes dropped EXE
-
\??\c:\hbtbnh.exec:\hbtbnh.exe36⤵
- Executes dropped EXE
-
\??\c:\vjjpd.exec:\vjjpd.exe37⤵
- Executes dropped EXE
-
\??\c:\vvvjd.exec:\vvvjd.exe38⤵
- Executes dropped EXE
-
\??\c:\lffxrrf.exec:\lffxrrf.exe39⤵
- Executes dropped EXE
-
\??\c:\rlflrxl.exec:\rlflrxl.exe40⤵
- Executes dropped EXE
-
\??\c:\3ttbbt.exec:\3ttbbt.exe41⤵
- Executes dropped EXE
-
\??\c:\nbttbh.exec:\nbttbh.exe42⤵
- Executes dropped EXE
-
\??\c:\5dpjv.exec:\5dpjv.exe43⤵
- Executes dropped EXE
-
\??\c:\vvpvj.exec:\vvpvj.exe44⤵
- Executes dropped EXE
-
\??\c:\rlxrfrx.exec:\rlxrfrx.exe45⤵
- Executes dropped EXE
-
\??\c:\hhbnbn.exec:\hhbnbn.exe46⤵
- Executes dropped EXE
-
\??\c:\htbbbh.exec:\htbbbh.exe47⤵
- Executes dropped EXE
-
\??\c:\nhnbth.exec:\nhnbth.exe48⤵
- Executes dropped EXE
-
\??\c:\vvpvv.exec:\vvpvv.exe49⤵
- Executes dropped EXE
-
\??\c:\vvpvp.exec:\vvpvp.exe50⤵
- Executes dropped EXE
-
\??\c:\xrfxxxl.exec:\xrfxxxl.exe51⤵
- Executes dropped EXE
-
\??\c:\rlfrrfx.exec:\rlfrrfx.exe52⤵
- Executes dropped EXE
-
\??\c:\bnhnnn.exec:\bnhnnn.exe53⤵
- Executes dropped EXE
-
\??\c:\hnbbhh.exec:\hnbbhh.exe54⤵
- Executes dropped EXE
-
\??\c:\vjjdj.exec:\vjjdj.exe55⤵
- Executes dropped EXE
-
\??\c:\7jdjp.exec:\7jdjp.exe56⤵
- Executes dropped EXE
-
\??\c:\3lflrxl.exec:\3lflrxl.exe57⤵
- Executes dropped EXE
-
\??\c:\1ffxrrx.exec:\1ffxrrx.exe58⤵
- Executes dropped EXE
-
\??\c:\7nthnt.exec:\7nthnt.exe59⤵
- Executes dropped EXE
-
\??\c:\bbbhbn.exec:\bbbhbn.exe60⤵
- Executes dropped EXE
-
\??\c:\vpjpv.exec:\vpjpv.exe61⤵
- Executes dropped EXE
-
\??\c:\9jvjv.exec:\9jvjv.exe62⤵
- Executes dropped EXE
-
\??\c:\1rfxrxl.exec:\1rfxrxl.exe63⤵
- Executes dropped EXE
-
\??\c:\7llfxxl.exec:\7llfxxl.exe64⤵
- Executes dropped EXE
-
\??\c:\1bttht.exec:\1bttht.exe65⤵
- Executes dropped EXE
-
\??\c:\tnnbhh.exec:\tnnbhh.exe66⤵
-
\??\c:\jdppv.exec:\jdppv.exe67⤵
-
\??\c:\7pjpv.exec:\7pjpv.exe68⤵
-
\??\c:\llxrffx.exec:\llxrffx.exe69⤵
-
\??\c:\flffxxx.exec:\flffxxx.exe70⤵
-
\??\c:\hntbnt.exec:\hntbnt.exe71⤵
-
\??\c:\nbntbt.exec:\nbntbt.exe72⤵
-
\??\c:\3dppp.exec:\3dppp.exe73⤵
-
\??\c:\jjvdv.exec:\jjvdv.exe74⤵
-
\??\c:\7jjjv.exec:\7jjjv.exe75⤵
-
\??\c:\9frflxx.exec:\9frflxx.exe76⤵
-
\??\c:\1nhnbh.exec:\1nhnbh.exe77⤵
-
\??\c:\nhnbnb.exec:\nhnbnb.exe78⤵
-
\??\c:\hhhnhn.exec:\hhhnhn.exe79⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe80⤵
-
\??\c:\jpvdj.exec:\jpvdj.exe81⤵
-
\??\c:\fxxflrl.exec:\fxxflrl.exe82⤵
-
\??\c:\fxlrfrx.exec:\fxlrfrx.exe83⤵
-
\??\c:\rfrfflx.exec:\rfrfflx.exe84⤵
-
\??\c:\5bhttt.exec:\5bhttt.exe85⤵
-
\??\c:\bbtnhn.exec:\bbtnhn.exe86⤵
-
\??\c:\9vvjv.exec:\9vvjv.exe87⤵
-
\??\c:\dvddp.exec:\dvddp.exe88⤵
-
\??\c:\dpddd.exec:\dpddd.exe89⤵
-
\??\c:\xlxlrrf.exec:\xlxlrrf.exe90⤵
-
\??\c:\lfflrxf.exec:\lfflrxf.exe91⤵
-
\??\c:\ttbbtb.exec:\ttbbtb.exe92⤵
-
\??\c:\btnbhn.exec:\btnbhn.exe93⤵
-
\??\c:\vpvjv.exec:\vpvjv.exe94⤵
-
\??\c:\vvvjv.exec:\vvvjv.exe95⤵
-
\??\c:\xrflrxr.exec:\xrflrxr.exe96⤵
-
\??\c:\rlxxfxl.exec:\rlxxfxl.exe97⤵
-
\??\c:\fxrxllx.exec:\fxrxllx.exe98⤵
-
\??\c:\3hnthn.exec:\3hnthn.exe99⤵
-
\??\c:\nhhtbt.exec:\nhhtbt.exe100⤵
-
\??\c:\3htbhn.exec:\3htbhn.exe101⤵
-
\??\c:\vppvd.exec:\vppvd.exe102⤵
-
\??\c:\rflfxll.exec:\rflfxll.exe103⤵
-
\??\c:\llxrxxl.exec:\llxrxxl.exe104⤵
-
\??\c:\nnbhnt.exec:\nnbhnt.exe105⤵
-
\??\c:\hbhthn.exec:\hbhthn.exe106⤵
-
\??\c:\hbthtb.exec:\hbthtb.exe107⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe108⤵
-
\??\c:\3pjpp.exec:\3pjpp.exe109⤵
-
\??\c:\rrlrfxr.exec:\rrlrfxr.exe110⤵
-
\??\c:\lffxfxl.exec:\lffxfxl.exe111⤵
-
\??\c:\btntnt.exec:\btntnt.exe112⤵
-
\??\c:\nhtbhh.exec:\nhtbhh.exe113⤵
-
\??\c:\hntnhh.exec:\hntnhh.exe114⤵
-
\??\c:\pdvvp.exec:\pdvvp.exe115⤵
-
\??\c:\7jdjp.exec:\7jdjp.exe116⤵
-
\??\c:\lxrrffl.exec:\lxrrffl.exe117⤵
-
\??\c:\llfrxfl.exec:\llfrxfl.exe118⤵
-
\??\c:\7hbbbn.exec:\7hbbbn.exe119⤵
-
\??\c:\3thnbn.exec:\3thnbn.exe120⤵
-
\??\c:\nnnbnt.exec:\nnnbnt.exe121⤵
-
\??\c:\dvjvd.exec:\dvjvd.exe122⤵
-
\??\c:\5djjd.exec:\5djjd.exe123⤵
-
\??\c:\7pvjj.exec:\7pvjj.exe124⤵
-
\??\c:\xrllflr.exec:\xrllflr.exe125⤵
-
\??\c:\rxflxfl.exec:\rxflxfl.exe126⤵
-
\??\c:\tnhhhh.exec:\tnhhhh.exe127⤵
-
\??\c:\9bbhth.exec:\9bbhth.exe128⤵
-
\??\c:\pvpjp.exec:\pvpjp.exe129⤵
-
\??\c:\3pdjp.exec:\3pdjp.exe130⤵
-
\??\c:\xrrlffr.exec:\xrrlffr.exe131⤵
-
\??\c:\7xllxxf.exec:\7xllxxf.exe132⤵
-
\??\c:\5flxxff.exec:\5flxxff.exe133⤵
-
\??\c:\nttttb.exec:\nttttb.exe134⤵
-
\??\c:\nnbtht.exec:\nnbtht.exe135⤵
-
\??\c:\pdjjj.exec:\pdjjj.exe136⤵
-
\??\c:\dvppj.exec:\dvppj.exe137⤵
-
\??\c:\xxlxlxl.exec:\xxlxlxl.exe138⤵
-
\??\c:\9rxrxxf.exec:\9rxrxxf.exe139⤵
-
\??\c:\xrlxxxf.exec:\xrlxxxf.exe140⤵
-
\??\c:\bnnthh.exec:\bnnthh.exe141⤵
-
\??\c:\nhthhn.exec:\nhthhn.exe142⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe143⤵
-
\??\c:\jjpjv.exec:\jjpjv.exe144⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe145⤵
-
\??\c:\fxrflrf.exec:\fxrflrf.exe146⤵
-
\??\c:\7fxxlrl.exec:\7fxxlrl.exe147⤵
-
\??\c:\nhtbtt.exec:\nhtbtt.exe148⤵
-
\??\c:\hhtbhn.exec:\hhtbhn.exe149⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe150⤵
-
\??\c:\dvdjv.exec:\dvdjv.exe151⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe152⤵
-
\??\c:\xlfrxlr.exec:\xlfrxlr.exe153⤵
-
\??\c:\5lxfxll.exec:\5lxfxll.exe154⤵
-
\??\c:\7lllrrx.exec:\7lllrrx.exe155⤵
-
\??\c:\1ttbbb.exec:\1ttbbb.exe156⤵
-
\??\c:\btbbnh.exec:\btbbnh.exe157⤵
-
\??\c:\jdppp.exec:\jdppp.exe158⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe159⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe160⤵
-
\??\c:\9rlffxx.exec:\9rlffxx.exe161⤵
-
\??\c:\3xrrflr.exec:\3xrrflr.exe162⤵
-
\??\c:\9htbhh.exec:\9htbhh.exe163⤵
-
\??\c:\nhtbtt.exec:\nhtbtt.exe164⤵
-
\??\c:\7htnnt.exec:\7htnnt.exe165⤵
-
\??\c:\5jvdj.exec:\5jvdj.exe166⤵
-
\??\c:\dpjdd.exec:\dpjdd.exe167⤵
-
\??\c:\llrrflx.exec:\llrrflx.exe168⤵
-
\??\c:\rllrflf.exec:\rllrflf.exe169⤵
-
\??\c:\bnbhbh.exec:\bnbhbh.exe170⤵
-
\??\c:\bhthbb.exec:\bhthbb.exe171⤵
-
\??\c:\hnthtn.exec:\hnthtn.exe172⤵
-
\??\c:\9pjdp.exec:\9pjdp.exe173⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe174⤵
-
\??\c:\rrfflrf.exec:\rrfflrf.exe175⤵
-
\??\c:\7lfxxrx.exec:\7lfxxrx.exe176⤵
-
\??\c:\rlxxfxx.exec:\rlxxfxx.exe177⤵
-
\??\c:\nhhnhh.exec:\nhhnhh.exe178⤵
-
\??\c:\9bhnnn.exec:\9bhnnn.exe179⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe180⤵
-
\??\c:\vpdjd.exec:\vpdjd.exe181⤵
-
\??\c:\lfrxlrl.exec:\lfrxlrl.exe182⤵
-
\??\c:\xxlrllx.exec:\xxlrllx.exe183⤵
-
\??\c:\fffrfrl.exec:\fffrfrl.exe184⤵
-
\??\c:\btnnbh.exec:\btnnbh.exe185⤵
-
\??\c:\1hnbnb.exec:\1hnbnb.exe186⤵
-
\??\c:\vvdpd.exec:\vvdpd.exe187⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe188⤵
-
\??\c:\lrflfll.exec:\lrflfll.exe189⤵
-
\??\c:\rxxxxrl.exec:\rxxxxrl.exe190⤵
-
\??\c:\bbhhhn.exec:\bbhhhn.exe191⤵
-
\??\c:\9tbbbn.exec:\9tbbbn.exe192⤵
-
\??\c:\pddjv.exec:\pddjv.exe193⤵
-
\??\c:\7jjdp.exec:\7jjdp.exe194⤵
-
\??\c:\7djvp.exec:\7djvp.exe195⤵
-
\??\c:\7fllllr.exec:\7fllllr.exe196⤵
-
\??\c:\lfxxlrl.exec:\lfxxlrl.exe197⤵
-
\??\c:\5hbhnn.exec:\5hbhnn.exe198⤵
-
\??\c:\bnhhbt.exec:\bnhhbt.exe199⤵
-
\??\c:\7hnnhn.exec:\7hnnhn.exe200⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe201⤵
-
\??\c:\1vpvj.exec:\1vpvj.exe202⤵
-
\??\c:\rfxlxxr.exec:\rfxlxxr.exe203⤵
-
\??\c:\xrrlxrf.exec:\xrrlxrf.exe204⤵
-
\??\c:\rrlffxr.exec:\rrlffxr.exe205⤵
-
\??\c:\hhbtth.exec:\hhbtth.exe206⤵
-
\??\c:\hhbnbn.exec:\hhbnbn.exe207⤵
-
\??\c:\dddjp.exec:\dddjp.exe208⤵
-
\??\c:\5dvdv.exec:\5dvdv.exe209⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe210⤵
-
\??\c:\rxlxlrf.exec:\rxlxlrf.exe211⤵
-
\??\c:\3llfrfx.exec:\3llfrfx.exe212⤵
-
\??\c:\tbnthh.exec:\tbnthh.exe213⤵
-
\??\c:\btbhth.exec:\btbhth.exe214⤵
-
\??\c:\ddjpj.exec:\ddjpj.exe215⤵
-
\??\c:\dppvd.exec:\dppvd.exe216⤵
-
\??\c:\dddvv.exec:\dddvv.exe217⤵
-
\??\c:\rfxlfll.exec:\rfxlfll.exe218⤵
-
\??\c:\fflrflr.exec:\fflrflr.exe219⤵
-
\??\c:\3tntnn.exec:\3tntnn.exe220⤵
-
\??\c:\hbtthh.exec:\hbtthh.exe221⤵
-
\??\c:\1vjjp.exec:\1vjjp.exe222⤵
-
\??\c:\5xrrlff.exec:\5xrrlff.exe223⤵
-
\??\c:\ffrrllr.exec:\ffrrllr.exe224⤵
-
\??\c:\tnhnbb.exec:\tnhnbb.exe225⤵
-
\??\c:\pdpvv.exec:\pdpvv.exe226⤵
-
\??\c:\xrxfrxf.exec:\xrxfrxf.exe227⤵
-
\??\c:\ttttbt.exec:\ttttbt.exe228⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe229⤵
-
\??\c:\xrfflrl.exec:\xrfflrl.exe230⤵
-
\??\c:\9nhbnb.exec:\9nhbnb.exe231⤵
-
\??\c:\fxrfrrr.exec:\fxrfrrr.exe232⤵
-
\??\c:\9rfrxxl.exec:\9rfrxxl.exe233⤵
-
\??\c:\vdjvv.exec:\vdjvv.exe234⤵
-
\??\c:\xxrffxr.exec:\xxrffxr.exe235⤵
-
\??\c:\7bbnth.exec:\7bbnth.exe236⤵
-
\??\c:\vppdj.exec:\vppdj.exe237⤵
-
\??\c:\3vvdp.exec:\3vvdp.exe238⤵
-
\??\c:\xrrrffr.exec:\xrrrffr.exe239⤵
-
\??\c:\ppppp.exec:\ppppp.exe240⤵
-
\??\c:\5rrflxx.exec:\5rrflxx.exe241⤵