Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
19-05-2024 02:03
General
-
Target
bff6d0cca96d3021f622e093f6ed843f8f1962e9b98247921e854afdb52d9941.exe
-
Size
247KB
-
MD5
61230f922120a18697f197e01635d880
-
SHA1
d7cd1ce566e2f175b728420db54a5bbefaa0de1a
-
SHA256
bff6d0cca96d3021f622e093f6ed843f8f1962e9b98247921e854afdb52d9941
-
SHA512
683e4e95626b73a115850e5b50ce688e337ffe2b6cff83ce2806fe8703f4c1f621da2631909676d26ca4b00c1eff366bfb89e1a6562218bbf677e3b2603b2a5c
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4MAWvGjR1q:n3C9BRo7MlrWKo+lxtvGt1q
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 30 IoCs
-
UPX dump on OEP (original entry point) 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\bff6d0cca96d3021f622e093f6ed843f8f1962e9b98247921e854afdb52d9941.exe"C:\Users\Admin\AppData\Local\Temp\bff6d0cca96d3021f622e093f6ed843f8f1962e9b98247921e854afdb52d9941.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbbh.exec:\hthbbh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxfff.exec:\rrxxfff.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntbbh.exec:\tntbbh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdpv.exec:\vpdpv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjd.exec:\pjpjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflrxlx.exec:\xflrxlx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nttbh.exec:\9nttbh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjd.exec:\dvjjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxxfx.exec:\lffxxfx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhnhh.exec:\bbhnhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjjv.exec:\vvjjv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlrfrr.exec:\frlrfrr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrfrfr.exec:\xxrfrfr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxrxxx.exec:\rrxrxxx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnnnt.exec:\hbnnnt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpdj.exec:\jdpdj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvpp.exec:\vvvpp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrlfrx.exec:\rlrlfrx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddv.exec:\dvddv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rrlrxl.exec:\5rrlrxl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnhht.exec:\ttnhht.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjjd.exec:\vdjjd.exe23⤵
- Executes dropped EXE
-
\??\c:\tnhbbb.exec:\tnhbbb.exe24⤵
- Executes dropped EXE
-
\??\c:\pjpjd.exec:\pjpjd.exe25⤵
- Executes dropped EXE
-
\??\c:\lxfrlrf.exec:\lxfrlrf.exe26⤵
- Executes dropped EXE
-
\??\c:\vjvvp.exec:\vjvvp.exe27⤵
- Executes dropped EXE
-
\??\c:\xlllffl.exec:\xlllffl.exe28⤵
- Executes dropped EXE
-
\??\c:\vdjdd.exec:\vdjdd.exe29⤵
- Executes dropped EXE
-
\??\c:\xlxrlrr.exec:\xlxrlrr.exe30⤵
- Executes dropped EXE
-
\??\c:\7lrrllr.exec:\7lrrllr.exe31⤵
- Executes dropped EXE
-
\??\c:\jpdvp.exec:\jpdvp.exe32⤵
- Executes dropped EXE
-
\??\c:\bbhbhb.exec:\bbhbhb.exe33⤵
- Executes dropped EXE
-
\??\c:\djjdv.exec:\djjdv.exe34⤵
- Executes dropped EXE
-
\??\c:\flxlfff.exec:\flxlfff.exe35⤵
- Executes dropped EXE
-
\??\c:\3lfxxxx.exec:\3lfxxxx.exe36⤵
- Executes dropped EXE
-
\??\c:\hthhhh.exec:\hthhhh.exe37⤵
- Executes dropped EXE
-
\??\c:\jjdjv.exec:\jjdjv.exe38⤵
- Executes dropped EXE
-
\??\c:\7lrlfxr.exec:\7lrlfxr.exe39⤵
- Executes dropped EXE
-
\??\c:\tntttb.exec:\tntttb.exe40⤵
- Executes dropped EXE
-
\??\c:\htbbtt.exec:\htbbtt.exe41⤵
- Executes dropped EXE
-
\??\c:\jpdpj.exec:\jpdpj.exe42⤵
- Executes dropped EXE
-
\??\c:\rxfrrll.exec:\rxfrrll.exe43⤵
- Executes dropped EXE
-
\??\c:\ntbbnb.exec:\ntbbnb.exe44⤵
- Executes dropped EXE
-
\??\c:\jvdvv.exec:\jvdvv.exe45⤵
- Executes dropped EXE
-
\??\c:\rlxrrrl.exec:\rlxrrrl.exe46⤵
- Executes dropped EXE
-
\??\c:\hhthtb.exec:\hhthtb.exe47⤵
- Executes dropped EXE
-
\??\c:\bbnhnb.exec:\bbnhnb.exe48⤵
- Executes dropped EXE
-
\??\c:\jvjvp.exec:\jvjvp.exe49⤵
- Executes dropped EXE
-
\??\c:\nhhbtb.exec:\nhhbtb.exe50⤵
- Executes dropped EXE
-
\??\c:\5jdjp.exec:\5jdjp.exe51⤵
- Executes dropped EXE
-
\??\c:\9rxrllf.exec:\9rxrllf.exe52⤵
- Executes dropped EXE
-
\??\c:\hnbbbb.exec:\hnbbbb.exe53⤵
- Executes dropped EXE
-
\??\c:\ppddd.exec:\ppddd.exe54⤵
- Executes dropped EXE
-
\??\c:\frfflll.exec:\frfflll.exe55⤵
- Executes dropped EXE
-
\??\c:\hnnhnt.exec:\hnnhnt.exe56⤵
- Executes dropped EXE
-
\??\c:\7pppj.exec:\7pppj.exe57⤵
- Executes dropped EXE
-
\??\c:\lrrllrr.exec:\lrrllrr.exe58⤵
- Executes dropped EXE
-
\??\c:\lffxrrr.exec:\lffxrrr.exe59⤵
- Executes dropped EXE
-
\??\c:\lrffxlf.exec:\lrffxlf.exe60⤵
- Executes dropped EXE
-
\??\c:\nbntbn.exec:\nbntbn.exe61⤵
- Executes dropped EXE
-
\??\c:\ddjpv.exec:\ddjpv.exe62⤵
- Executes dropped EXE
-
\??\c:\rfflrlx.exec:\rfflrlx.exe63⤵
- Executes dropped EXE
-
\??\c:\btbbbb.exec:\btbbbb.exe64⤵
- Executes dropped EXE
-
\??\c:\vpppd.exec:\vpppd.exe65⤵
- Executes dropped EXE
-
\??\c:\tbnntb.exec:\tbnntb.exe66⤵
-
\??\c:\1djjd.exec:\1djjd.exe67⤵
-
\??\c:\djpdd.exec:\djpdd.exe68⤵
-
\??\c:\llxlfrl.exec:\llxlfrl.exe69⤵
-
\??\c:\nnbttb.exec:\nnbttb.exe70⤵
-
\??\c:\3pppp.exec:\3pppp.exe71⤵
-
\??\c:\xlfffrx.exec:\xlfffrx.exe72⤵
-
\??\c:\tbhhnb.exec:\tbhhnb.exe73⤵
-
\??\c:\lflrlxf.exec:\lflrlxf.exe74⤵
-
\??\c:\nbhhht.exec:\nbhhht.exe75⤵
-
\??\c:\vpppv.exec:\vpppv.exe76⤵
-
\??\c:\xfrrlrx.exec:\xfrrlrx.exe77⤵
-
\??\c:\tbnbnt.exec:\tbnbnt.exe78⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe79⤵
-
\??\c:\3xrllrr.exec:\3xrllrr.exe80⤵
-
\??\c:\vjpvd.exec:\vjpvd.exe81⤵
-
\??\c:\xrxrxxl.exec:\xrxrxxl.exe82⤵
-
\??\c:\hbnhhh.exec:\hbnhhh.exe83⤵
-
\??\c:\jjpjj.exec:\jjpjj.exe84⤵
-
\??\c:\rxrxrlr.exec:\rxrxrlr.exe85⤵
-
\??\c:\nhhhbt.exec:\nhhhbt.exe86⤵
-
\??\c:\xrllffl.exec:\xrllffl.exe87⤵
-
\??\c:\xrxffrx.exec:\xrxffrx.exe88⤵
-
\??\c:\bhbhhn.exec:\bhbhhn.exe89⤵
-
\??\c:\xxffrxx.exec:\xxffrxx.exe90⤵
-
\??\c:\ppjjj.exec:\ppjjj.exe91⤵
-
\??\c:\djjvv.exec:\djjvv.exe92⤵
-
\??\c:\flfffxl.exec:\flfffxl.exe93⤵
-
\??\c:\ntttnn.exec:\ntttnn.exe94⤵
-
\??\c:\ppjjp.exec:\ppjjp.exe95⤵
-
\??\c:\fflllrr.exec:\fflllrr.exe96⤵
-
\??\c:\nnthhn.exec:\nnthhn.exe97⤵
-
\??\c:\pjjjj.exec:\pjjjj.exe98⤵
-
\??\c:\bbnhbh.exec:\bbnhbh.exe99⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe100⤵
-
\??\c:\xrxxxfx.exec:\xrxxxfx.exe101⤵
-
\??\c:\rrxxrrf.exec:\rrxxrrf.exe102⤵
-
\??\c:\btnnnt.exec:\btnnnt.exe103⤵
-
\??\c:\lfxffff.exec:\lfxffff.exe104⤵
-
\??\c:\1lxxxrr.exec:\1lxxxrr.exe105⤵
-
\??\c:\ntbtnn.exec:\ntbtnn.exe106⤵
-
\??\c:\jddvv.exec:\jddvv.exe107⤵
-
\??\c:\xfffxxr.exec:\xfffxxr.exe108⤵
-
\??\c:\llfrxfx.exec:\llfrxfx.exe109⤵
-
\??\c:\tnbbtt.exec:\tnbbtt.exe110⤵
-
\??\c:\jpdvd.exec:\jpdvd.exe111⤵
-
\??\c:\jpjdp.exec:\jpjdp.exe112⤵
-
\??\c:\xxffxxx.exec:\xxffxxx.exe113⤵
-
\??\c:\7hbttt.exec:\7hbttt.exe114⤵
-
\??\c:\nthbbb.exec:\nthbbb.exe115⤵
-
\??\c:\vjjpj.exec:\vjjpj.exe116⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe117⤵
-
\??\c:\lfrlfll.exec:\lfrlfll.exe118⤵
-
\??\c:\bntttt.exec:\bntttt.exe119⤵
-
\??\c:\vvppv.exec:\vvppv.exe120⤵
-
\??\c:\ffxfxxx.exec:\ffxfxxx.exe121⤵
-
\??\c:\vdppp.exec:\vdppp.exe122⤵
-
\??\c:\tntnhh.exec:\tntnhh.exe123⤵
-
\??\c:\xxxxrxx.exec:\xxxxrxx.exe124⤵
-
\??\c:\bhbthh.exec:\bhbthh.exe125⤵
-
\??\c:\vvvpp.exec:\vvvpp.exe126⤵
-
\??\c:\fxlfffx.exec:\fxlfffx.exe127⤵
-
\??\c:\hbnnhn.exec:\hbnnhn.exe128⤵
-
\??\c:\3jdvp.exec:\3jdvp.exe129⤵
-
\??\c:\frxlfxx.exec:\frxlfxx.exe130⤵
-
\??\c:\fxxxrrl.exec:\fxxxrrl.exe131⤵
-
\??\c:\bbhbhh.exec:\bbhbhh.exe132⤵
-
\??\c:\jvjdv.exec:\jvjdv.exe133⤵
-
\??\c:\xrflxxx.exec:\xrflxxx.exe134⤵
-
\??\c:\tnbbnn.exec:\tnbbnn.exe135⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe136⤵
-
\??\c:\lrfffxr.exec:\lrfffxr.exe137⤵
-
\??\c:\bnttbh.exec:\bnttbh.exe138⤵
-
\??\c:\bhthth.exec:\bhthth.exe139⤵
-
\??\c:\jvvvj.exec:\jvvvj.exe140⤵
-
\??\c:\flrrrrr.exec:\flrrrrr.exe141⤵
-
\??\c:\7nnhhb.exec:\7nnhhb.exe142⤵
-
\??\c:\jjjdj.exec:\jjjdj.exe143⤵
-
\??\c:\lrxlflr.exec:\lrxlflr.exe144⤵
-
\??\c:\nnbthb.exec:\nnbthb.exe145⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe146⤵
-
\??\c:\ffxlrfr.exec:\ffxlrfr.exe147⤵
-
\??\c:\hhtntb.exec:\hhtntb.exe148⤵
-
\??\c:\vvppp.exec:\vvppp.exe149⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe150⤵
-
\??\c:\lxxlxrl.exec:\lxxlxrl.exe151⤵
-
\??\c:\7hnbbn.exec:\7hnbbn.exe152⤵
-
\??\c:\vppjd.exec:\vppjd.exe153⤵
-
\??\c:\lfffffl.exec:\lfffffl.exe154⤵
-
\??\c:\nbbthh.exec:\nbbthh.exe155⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe156⤵
-
\??\c:\7dpjv.exec:\7dpjv.exe157⤵
-
\??\c:\1rxxlll.exec:\1rxxlll.exe158⤵
-
\??\c:\hhbhtt.exec:\hhbhtt.exe159⤵
-
\??\c:\jvjjj.exec:\jvjjj.exe160⤵
-
\??\c:\7lrfffl.exec:\7lrfffl.exe161⤵
-
\??\c:\nhnhbh.exec:\nhnhbh.exe162⤵
-
\??\c:\tbhntn.exec:\tbhntn.exe163⤵
-
\??\c:\ppjdp.exec:\ppjdp.exe164⤵
-
\??\c:\lxrrxfx.exec:\lxrrxfx.exe165⤵
-
\??\c:\nttnht.exec:\nttnht.exe166⤵
-
\??\c:\1jdjv.exec:\1jdjv.exe167⤵
-
\??\c:\fxrrlxr.exec:\fxrrlxr.exe168⤵
-
\??\c:\flrrllf.exec:\flrrllf.exe169⤵
-
\??\c:\hbnnhb.exec:\hbnnhb.exe170⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe171⤵
-
\??\c:\xflxlll.exec:\xflxlll.exe172⤵
-
\??\c:\nnhbnb.exec:\nnhbnb.exe173⤵
-
\??\c:\3hbnhn.exec:\3hbnhn.exe174⤵
-
\??\c:\1pppd.exec:\1pppd.exe175⤵
-
\??\c:\lrfffff.exec:\lrfffff.exe176⤵
-
\??\c:\lrfllrx.exec:\lrfllrx.exe177⤵
-
\??\c:\5thnhh.exec:\5thnhh.exe178⤵
-
\??\c:\pdjjp.exec:\pdjjp.exe179⤵
-
\??\c:\llrlfff.exec:\llrlfff.exe180⤵
-
\??\c:\lfllffx.exec:\lfllffx.exe181⤵
-
\??\c:\bttnnn.exec:\bttnnn.exe182⤵
-
\??\c:\pjpdp.exec:\pjpdp.exe183⤵
-
\??\c:\xrxrrrr.exec:\xrxrrrr.exe184⤵
-
\??\c:\nnbttt.exec:\nnbttt.exe185⤵
-
\??\c:\3nnhhn.exec:\3nnhhn.exe186⤵
-
\??\c:\pppjd.exec:\pppjd.exe187⤵
-
\??\c:\lxxlflx.exec:\lxxlflx.exe188⤵
-
\??\c:\tntbhn.exec:\tntbhn.exe189⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe190⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe191⤵
-
\??\c:\rrxrrll.exec:\rrxrrll.exe192⤵
-
\??\c:\btbbtn.exec:\btbbtn.exe193⤵
-
\??\c:\vdpjv.exec:\vdpjv.exe194⤵
-
\??\c:\jvdjp.exec:\jvdjp.exe195⤵
-
\??\c:\lxlllrr.exec:\lxlllrr.exe196⤵
-
\??\c:\1hnnbb.exec:\1hnnbb.exe197⤵
-
\??\c:\jjvpp.exec:\jjvpp.exe198⤵
-
\??\c:\xfxxxfx.exec:\xfxxxfx.exe199⤵
-
\??\c:\ntnhtn.exec:\ntnhtn.exe200⤵
-
\??\c:\djdvv.exec:\djdvv.exe201⤵
-
\??\c:\rxfxlrf.exec:\rxfxlrf.exe202⤵
-
\??\c:\nbtbhb.exec:\nbtbhb.exe203⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe204⤵
-
\??\c:\xfrxxxl.exec:\xfrxxxl.exe205⤵
-
\??\c:\3rlllll.exec:\3rlllll.exe206⤵
-
\??\c:\bthnht.exec:\bthnht.exe207⤵
-
\??\c:\ppjdv.exec:\ppjdv.exe208⤵
-
\??\c:\flrfrxf.exec:\flrfrxf.exe209⤵
-
\??\c:\lfffrlx.exec:\lfffrlx.exe210⤵
-
\??\c:\bbtbht.exec:\bbtbht.exe211⤵
-
\??\c:\jvvdv.exec:\jvvdv.exe212⤵
-
\??\c:\xrrxfxl.exec:\xrrxfxl.exe213⤵
-
\??\c:\tbtthb.exec:\tbtthb.exe214⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe215⤵
-
\??\c:\frlrxxx.exec:\frlrxxx.exe216⤵
-
\??\c:\nhbttt.exec:\nhbttt.exe217⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe218⤵
-
\??\c:\xlrllll.exec:\xlrllll.exe219⤵
-
\??\c:\xfllrrr.exec:\xfllrrr.exe220⤵
-
\??\c:\bthbbh.exec:\bthbbh.exe221⤵
-
\??\c:\nhbbbb.exec:\nhbbbb.exe222⤵
-
\??\c:\pvvpp.exec:\pvvpp.exe223⤵
-
\??\c:\rflfflf.exec:\rflfflf.exe224⤵
-
\??\c:\bnhbbb.exec:\bnhbbb.exe225⤵
-
\??\c:\dpddd.exec:\dpddd.exe226⤵
-
\??\c:\fxfxxxr.exec:\fxfxxxr.exe227⤵
-
\??\c:\7bhbbh.exec:\7bhbbh.exe228⤵
-
\??\c:\tnnnth.exec:\tnnnth.exe229⤵
-
\??\c:\1pppj.exec:\1pppj.exe230⤵
-
\??\c:\lxlffll.exec:\lxlffll.exe231⤵
-
\??\c:\bhbtbn.exec:\bhbtbn.exe232⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe233⤵
-
\??\c:\pjjpv.exec:\pjjpv.exe234⤵
-
\??\c:\xxrrlff.exec:\xxrrlff.exe235⤵
-
\??\c:\ttnnhh.exec:\ttnnhh.exe236⤵
-
\??\c:\bbhhnn.exec:\bbhhnn.exe237⤵
-
\??\c:\pjppp.exec:\pjppp.exe238⤵
-
\??\c:\llxxllr.exec:\llxxllr.exe239⤵
-
\??\c:\nhnnhb.exec:\nhnnhb.exe240⤵
-
\??\c:\tbhhbb.exec:\tbhhbb.exe241⤵