Analysis
-
max time kernel
123s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
19-05-2024 02:42
General
-
Target
d0305465c3cc05440f228102bcf7280cabefc8ebf77bb0bc0f83d254c98bf9e7.exe
-
Size
116KB
-
MD5
26b8c42a9693ca9aa4fd04884a821313
-
SHA1
8a63585009ac13e516b50220feed86469acc9bb9
-
SHA256
d0305465c3cc05440f228102bcf7280cabefc8ebf77bb0bc0f83d254c98bf9e7
-
SHA512
92f5d32e72ae8a9f459ff9423e42a97ae62944ab3c6b374787fec662b7c58c3061365b154ac186b1148ac2381fc78f8f5e74ee49191b89bd2541e8817aa29305
-
SSDEEP
3072:ymb3NkkiQ3mdBjFosxXGPXbXQMFHLgDWSmjlkFK:n3C9BRosxW8MFHLMWvlR
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
UPX dump on OEP (original entry point) 31 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d0305465c3cc05440f228102bcf7280cabefc8ebf77bb0bc0f83d254c98bf9e7.exe"C:\Users\Admin\AppData\Local\Temp\d0305465c3cc05440f228102bcf7280cabefc8ebf77bb0bc0f83d254c98bf9e7.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlfll.exec:\fxrlfll.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lrfxrf.exec:\3lrfxrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhnnn.exec:\bbhnnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpdj.exec:\pjpdj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxffxx.exec:\lrxffxx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvjp.exec:\jjvjp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjd.exec:\dvjjd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxfrrf.exec:\rlxfrrf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhntb.exec:\hbhntb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vjjj.exec:\9vjjj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdpp.exec:\dpdpp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxllxxf.exec:\xxllxxf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tbnnn.exec:\5tbnnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhtth.exec:\thhtth.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dpvd.exec:\3dpvd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrrxfr.exec:\fxrrxfr.exe17⤵
- Executes dropped EXE
-
\??\c:\7frlrlr.exec:\7frlrlr.exe18⤵
- Executes dropped EXE
-
\??\c:\bbtbnn.exec:\bbtbnn.exe19⤵
- Executes dropped EXE
-
\??\c:\jvjvv.exec:\jvjvv.exe20⤵
- Executes dropped EXE
-
\??\c:\vpjjp.exec:\vpjjp.exe21⤵
- Executes dropped EXE
-
\??\c:\rlxffxf.exec:\rlxffxf.exe22⤵
- Executes dropped EXE
-
\??\c:\nhtbbb.exec:\nhtbbb.exe23⤵
- Executes dropped EXE
-
\??\c:\3ththh.exec:\3ththh.exe24⤵
- Executes dropped EXE
-
\??\c:\vvppj.exec:\vvppj.exe25⤵
- Executes dropped EXE
-
\??\c:\9dpdp.exec:\9dpdp.exe26⤵
- Executes dropped EXE
-
\??\c:\xllxfxx.exec:\xllxfxx.exe27⤵
- Executes dropped EXE
-
\??\c:\httnnh.exec:\httnnh.exe28⤵
- Executes dropped EXE
-
\??\c:\9hnbbh.exec:\9hnbbh.exe29⤵
- Executes dropped EXE
-
\??\c:\vpddv.exec:\vpddv.exe30⤵
- Executes dropped EXE
-
\??\c:\frffrxl.exec:\frffrxl.exe31⤵
- Executes dropped EXE
-
\??\c:\xrxxfrf.exec:\xrxxfrf.exe32⤵
- Executes dropped EXE
-
\??\c:\bnbnbb.exec:\bnbnbb.exe33⤵
- Executes dropped EXE
-
\??\c:\9jvjp.exec:\9jvjp.exe34⤵
- Executes dropped EXE
-
\??\c:\vpvpp.exec:\vpvpp.exe35⤵
- Executes dropped EXE
-
\??\c:\7xlflff.exec:\7xlflff.exe36⤵
- Executes dropped EXE
-
\??\c:\fxflrrf.exec:\fxflrrf.exe37⤵
- Executes dropped EXE
-
\??\c:\bnhhtn.exec:\bnhhtn.exe38⤵
- Executes dropped EXE
-
\??\c:\1ntttb.exec:\1ntttb.exe39⤵
- Executes dropped EXE
-
\??\c:\1pdjv.exec:\1pdjv.exe40⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe41⤵
- Executes dropped EXE
-
\??\c:\xxxxxrf.exec:\xxxxxrf.exe42⤵
- Executes dropped EXE
-
\??\c:\xrffrxl.exec:\xrffrxl.exe43⤵
- Executes dropped EXE
-
\??\c:\hnbttn.exec:\hnbttn.exe44⤵
- Executes dropped EXE
-
\??\c:\tnbhnn.exec:\tnbhnn.exe45⤵
- Executes dropped EXE
-
\??\c:\7ddvp.exec:\7ddvp.exe46⤵
- Executes dropped EXE
-
\??\c:\vpdjj.exec:\vpdjj.exe47⤵
- Executes dropped EXE
-
\??\c:\frlrffr.exec:\frlrffr.exe48⤵
- Executes dropped EXE
-
\??\c:\rrfrlxr.exec:\rrfrlxr.exe49⤵
- Executes dropped EXE
-
\??\c:\tntnbb.exec:\tntnbb.exe50⤵
- Executes dropped EXE
-
\??\c:\hhtthn.exec:\hhtthn.exe51⤵
- Executes dropped EXE
-
\??\c:\5jppj.exec:\5jppj.exe52⤵
- Executes dropped EXE
-
\??\c:\ppvpd.exec:\ppvpd.exe53⤵
- Executes dropped EXE
-
\??\c:\rfffffl.exec:\rfffffl.exe54⤵
- Executes dropped EXE
-
\??\c:\rxflxfx.exec:\rxflxfx.exe55⤵
- Executes dropped EXE
-
\??\c:\btbnnb.exec:\btbnnb.exe56⤵
- Executes dropped EXE
-
\??\c:\hbnnnn.exec:\hbnnnn.exe57⤵
- Executes dropped EXE
-
\??\c:\7vjjj.exec:\7vjjj.exe58⤵
- Executes dropped EXE
-
\??\c:\jvjdp.exec:\jvjdp.exe59⤵
- Executes dropped EXE
-
\??\c:\lfrfrxl.exec:\lfrfrxl.exe60⤵
- Executes dropped EXE
-
\??\c:\1rxfrrf.exec:\1rxfrrf.exe61⤵
- Executes dropped EXE
-
\??\c:\xflrxff.exec:\xflrxff.exe62⤵
- Executes dropped EXE
-
\??\c:\bthnbb.exec:\bthnbb.exe63⤵
- Executes dropped EXE
-
\??\c:\9pddd.exec:\9pddd.exe64⤵
- Executes dropped EXE
-
\??\c:\7jdpp.exec:\7jdpp.exe65⤵
- Executes dropped EXE
-
\??\c:\frxrlff.exec:\frxrlff.exe66⤵
-
\??\c:\3lrxflr.exec:\3lrxflr.exe67⤵
-
\??\c:\hthhht.exec:\hthhht.exe68⤵
-
\??\c:\hbtnbh.exec:\hbtnbh.exe69⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe70⤵
-
\??\c:\jdppv.exec:\jdppv.exe71⤵
-
\??\c:\lrrllrr.exec:\lrrllrr.exe72⤵
-
\??\c:\rlxxlxl.exec:\rlxxlxl.exe73⤵
-
\??\c:\hbbbhh.exec:\hbbbhh.exe74⤵
-
\??\c:\5jppd.exec:\5jppd.exe75⤵
-
\??\c:\9vddv.exec:\9vddv.exe76⤵
-
\??\c:\xrflxxf.exec:\xrflxxf.exe77⤵
-
\??\c:\frrrrrr.exec:\frrrrrr.exe78⤵
-
\??\c:\xxllxrx.exec:\xxllxrx.exe79⤵
-
\??\c:\ntbbhh.exec:\ntbbhh.exe80⤵
-
\??\c:\nthbbt.exec:\nthbbt.exe81⤵
-
\??\c:\pppdv.exec:\pppdv.exe82⤵
-
\??\c:\1dpjp.exec:\1dpjp.exe83⤵
-
\??\c:\frrrrlx.exec:\frrrrlx.exe84⤵
-
\??\c:\1flffxx.exec:\1flffxx.exe85⤵
-
\??\c:\tntttb.exec:\tntttb.exe86⤵
-
\??\c:\bttttt.exec:\bttttt.exe87⤵
-
\??\c:\bnthhb.exec:\bnthhb.exe88⤵
-
\??\c:\jvvpv.exec:\jvvpv.exe89⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe90⤵
-
\??\c:\5lxrxrx.exec:\5lxrxrx.exe91⤵
-
\??\c:\xflllff.exec:\xflllff.exe92⤵
-
\??\c:\nbhntn.exec:\nbhntn.exe93⤵
-
\??\c:\btbtbt.exec:\btbtbt.exe94⤵
-
\??\c:\bnttbb.exec:\bnttbb.exe95⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe96⤵
-
\??\c:\9pppj.exec:\9pppj.exe97⤵
-
\??\c:\rflfffl.exec:\rflfffl.exe98⤵
-
\??\c:\lfrlfrl.exec:\lfrlfrl.exe99⤵
-
\??\c:\7lrrxrr.exec:\7lrrxrr.exe100⤵
-
\??\c:\bntbhh.exec:\bntbhh.exe101⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe102⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe103⤵
-
\??\c:\vjppj.exec:\vjppj.exe104⤵
-
\??\c:\3rxrrrr.exec:\3rxrrrr.exe105⤵
-
\??\c:\lxxxrlr.exec:\lxxxrlr.exe106⤵
-
\??\c:\xrlxrfx.exec:\xrlxrfx.exe107⤵
-
\??\c:\hnbbbn.exec:\hnbbbn.exe108⤵
-
\??\c:\7bhtbh.exec:\7bhtbh.exe109⤵
-
\??\c:\pdjvv.exec:\pdjvv.exe110⤵
-
\??\c:\1jdpp.exec:\1jdpp.exe111⤵
-
\??\c:\7xxxrfl.exec:\7xxxrfl.exe112⤵
-
\??\c:\1rfrlxr.exec:\1rfrlxr.exe113⤵
-
\??\c:\5htthn.exec:\5htthn.exe114⤵
-
\??\c:\hbhnbb.exec:\hbhnbb.exe115⤵
-
\??\c:\pdjpp.exec:\pdjpp.exe116⤵
-
\??\c:\1jppj.exec:\1jppj.exe117⤵
-
\??\c:\xrfflrx.exec:\xrfflrx.exe118⤵
-
\??\c:\lxfllrx.exec:\lxfllrx.exe119⤵
-
\??\c:\hbhnnh.exec:\hbhnnh.exe120⤵
-
\??\c:\htbbnn.exec:\htbbnn.exe121⤵
-
\??\c:\jdjvv.exec:\jdjvv.exe122⤵
-
\??\c:\jdvjp.exec:\jdvjp.exe123⤵
-
\??\c:\xlrrxrr.exec:\xlrrxrr.exe124⤵
-
\??\c:\fxflxlr.exec:\fxflxlr.exe125⤵
-
\??\c:\3bhhbh.exec:\3bhhbh.exe126⤵
-
\??\c:\bthhtn.exec:\bthhtn.exe127⤵
-
\??\c:\vjjdj.exec:\vjjdj.exe128⤵
-
\??\c:\vjppp.exec:\vjppp.exe129⤵
-
\??\c:\xrxlrrx.exec:\xrxlrrx.exe130⤵
-
\??\c:\rfrfrrf.exec:\rfrfrrf.exe131⤵
-
\??\c:\httnhh.exec:\httnhh.exe132⤵
-
\??\c:\hbnntn.exec:\hbnntn.exe133⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe134⤵
-
\??\c:\7jjdp.exec:\7jjdp.exe135⤵
-
\??\c:\1ffrrll.exec:\1ffrrll.exe136⤵
-
\??\c:\llrxrxr.exec:\llrxrxr.exe137⤵
-
\??\c:\thnhhn.exec:\thnhhn.exe138⤵
-
\??\c:\ttnntt.exec:\ttnntt.exe139⤵
-
\??\c:\dppjd.exec:\dppjd.exe140⤵
-
\??\c:\9vppp.exec:\9vppp.exe141⤵
-
\??\c:\llxlxfx.exec:\llxlxfx.exe142⤵
-
\??\c:\lxxxxxx.exec:\lxxxxxx.exe143⤵
-
\??\c:\5jdvd.exec:\5jdvd.exe144⤵
-
\??\c:\vpvdd.exec:\vpvdd.exe145⤵
-
\??\c:\7flllff.exec:\7flllff.exe146⤵
-
\??\c:\frffffl.exec:\frffffl.exe147⤵
-
\??\c:\bntbbt.exec:\bntbbt.exe148⤵
-
\??\c:\5thntb.exec:\5thntb.exe149⤵
-
\??\c:\9nbhhn.exec:\9nbhhn.exe150⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe151⤵
-
\??\c:\9rrllff.exec:\9rrllff.exe152⤵
-
\??\c:\rflllff.exec:\rflllff.exe153⤵
-
\??\c:\tntnbt.exec:\tntnbt.exe154⤵
-
\??\c:\nhnttt.exec:\nhnttt.exe155⤵
-
\??\c:\thnnnb.exec:\thnnnb.exe156⤵
-
\??\c:\5dppv.exec:\5dppv.exe157⤵
-
\??\c:\rflxxrx.exec:\rflxxrx.exe158⤵
-
\??\c:\lxfxxrx.exec:\lxfxxrx.exe159⤵
-
\??\c:\bnntbt.exec:\bnntbt.exe160⤵
-
\??\c:\5bhbhb.exec:\5bhbhb.exe161⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe162⤵
-
\??\c:\jvjvp.exec:\jvjvp.exe163⤵
-
\??\c:\xlrxfxf.exec:\xlrxfxf.exe164⤵
-
\??\c:\rllllll.exec:\rllllll.exe165⤵
-
\??\c:\nnhhbb.exec:\nnhhbb.exe166⤵
-
\??\c:\btnhth.exec:\btnhth.exe167⤵
-
\??\c:\jjvpv.exec:\jjvpv.exe168⤵
-
\??\c:\1dppj.exec:\1dppj.exe169⤵
-
\??\c:\5flllfl.exec:\5flllfl.exe170⤵
-
\??\c:\5frrrrr.exec:\5frrrrr.exe171⤵
-
\??\c:\nbhhht.exec:\nbhhht.exe172⤵
-
\??\c:\thtnbt.exec:\thtnbt.exe173⤵
-
\??\c:\1pvjd.exec:\1pvjd.exe174⤵
-
\??\c:\vdjjj.exec:\vdjjj.exe175⤵
-
\??\c:\xfrfxrr.exec:\xfrfxrr.exe176⤵
-
\??\c:\xlllllr.exec:\xlllllr.exe177⤵
-
\??\c:\nhnnnh.exec:\nhnnnh.exe178⤵
-
\??\c:\nbhnhn.exec:\nbhnhn.exe179⤵
-
\??\c:\1ddvv.exec:\1ddvv.exe180⤵
-
\??\c:\vpvdv.exec:\vpvdv.exe181⤵
-
\??\c:\frxrxrr.exec:\frxrxrr.exe182⤵
-
\??\c:\lfxxxxf.exec:\lfxxxxf.exe183⤵
-
\??\c:\1tnnhh.exec:\1tnnhh.exe184⤵
-
\??\c:\5thhhh.exec:\5thhhh.exe185⤵
-
\??\c:\3ntnht.exec:\3ntnht.exe186⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe187⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe188⤵
-
\??\c:\rflllfl.exec:\rflllfl.exe189⤵
-
\??\c:\1xxffxx.exec:\1xxffxx.exe190⤵
-
\??\c:\hnnthb.exec:\hnnthb.exe191⤵
-
\??\c:\nhttnt.exec:\nhttnt.exe192⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe193⤵
-
\??\c:\3jpvd.exec:\3jpvd.exe194⤵
-
\??\c:\5fxxxxl.exec:\5fxxxxl.exe195⤵
-
\??\c:\3lxfffl.exec:\3lxfffl.exe196⤵
-
\??\c:\3nbhhh.exec:\3nbhhh.exe197⤵
-
\??\c:\7tnntb.exec:\7tnntb.exe198⤵
-
\??\c:\nbtttt.exec:\nbtttt.exe199⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe200⤵
-
\??\c:\pjpvj.exec:\pjpvj.exe201⤵
-
\??\c:\rflrxfl.exec:\rflrxfl.exe202⤵
-
\??\c:\9rxrrlr.exec:\9rxrrlr.exe203⤵
-
\??\c:\btttth.exec:\btttth.exe204⤵
-
\??\c:\tnnntt.exec:\tnnntt.exe205⤵
-
\??\c:\5ntbhn.exec:\5ntbhn.exe206⤵
-
\??\c:\7vddj.exec:\7vddj.exe207⤵
-
\??\c:\vdddd.exec:\vdddd.exe208⤵
-
\??\c:\7lxrxxf.exec:\7lxrxxf.exe209⤵
-
\??\c:\rflxxrr.exec:\rflxxrr.exe210⤵
-
\??\c:\frfffff.exec:\frfffff.exe211⤵
-
\??\c:\rfrxxxx.exec:\rfrxxxx.exe212⤵
-
\??\c:\1ntnnt.exec:\1ntnnt.exe213⤵
-
\??\c:\nbhbbh.exec:\nbhbbh.exe214⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe215⤵
-
\??\c:\5jvpv.exec:\5jvpv.exe216⤵
-
\??\c:\lxfxfxx.exec:\lxfxfxx.exe217⤵
-
\??\c:\3xlllll.exec:\3xlllll.exe218⤵
-
\??\c:\bnbhht.exec:\bnbhht.exe219⤵
-
\??\c:\htthbb.exec:\htthbb.exe220⤵
-
\??\c:\htttbt.exec:\htttbt.exe221⤵
-
\??\c:\7jdjv.exec:\7jdjv.exe222⤵
-
\??\c:\3rfxxxr.exec:\3rfxxxr.exe223⤵
-
\??\c:\lxxrrrx.exec:\lxxrrrx.exe224⤵
-
\??\c:\bthbbn.exec:\bthbbn.exe225⤵
-
\??\c:\hbhttt.exec:\hbhttt.exe226⤵
-
\??\c:\vpvdv.exec:\vpvdv.exe227⤵
-
\??\c:\pdpvp.exec:\pdpvp.exe228⤵
-
\??\c:\vddjj.exec:\vddjj.exe229⤵
-
\??\c:\fllfffl.exec:\fllfffl.exe230⤵
-
\??\c:\bnbbtb.exec:\bnbbtb.exe231⤵
-
\??\c:\hbtbbb.exec:\hbtbbb.exe232⤵
-
\??\c:\9hnnbb.exec:\9hnnbb.exe233⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe234⤵
-
\??\c:\jjdjj.exec:\jjdjj.exe235⤵
-
\??\c:\7flfllr.exec:\7flfllr.exe236⤵
-
\??\c:\lxflllr.exec:\lxflllr.exe237⤵
-
\??\c:\nbtttt.exec:\nbtttt.exe238⤵
-
\??\c:\hhntnt.exec:\hhntnt.exe239⤵
-
\??\c:\vjpdd.exec:\vjpdd.exe240⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe241⤵