Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
19-05-2024 02:24
General
-
Target
c80cca9970613056bcfe795861817e5190f0e792593319b919a626e1406218a3.exe
-
Size
204KB
-
MD5
d49b6025468f9de2be613ac205266e0d
-
SHA1
3c89a48f9862be9b82d160b6aa6d3329e9873629
-
SHA256
c80cca9970613056bcfe795861817e5190f0e792593319b919a626e1406218a3
-
SHA512
be63e7ebeecac1e89c4decad46e14065ab70e9302797d60e7f09fc0ead7565dad8a700cdea43adbf38796684cbe6d9bf4ee6a01cd0ead4a87e4ea1b76b78e64d
-
SSDEEP
6144:rcm4FmowdHoStBuhW246lCXb7YpdnSj6Ksan:x4wFHoSLjr0+Hsan
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 52 IoCs
-
UPX dump on OEP (original entry point) 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c80cca9970613056bcfe795861817e5190f0e792593319b919a626e1406218a3.exe"C:\Users\Admin\AppData\Local\Temp\c80cca9970613056bcfe795861817e5190f0e792593319b919a626e1406218a3.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fjlfnr.exec:\fjlfnr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dttblbp.exec:\dttblbp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vtplfvx.exec:\vtplfvx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xbbnb.exec:\xbbnb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dfddx.exec:\dfddx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rbtxb.exec:\rbtxb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jbbfjt.exec:\jbbfjt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhxdh.exec:\hbhxdh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ndlxfhd.exec:\ndlxfhd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bxvjnvx.exec:\bxvjnvx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhjnjl.exec:\nhjnjl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xtvfbb.exec:\xtvfbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nxlvbdj.exec:\nxlvbdj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bljhrxn.exec:\bljhrxn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hvrttrf.exec:\hvrttrf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffftnrh.exec:\ffftnrh.exe17⤵
- Executes dropped EXE
-
\??\c:\xjjbjt.exec:\xjjbjt.exe18⤵
- Executes dropped EXE
-
\??\c:\rjdvh.exec:\rjdvh.exe19⤵
- Executes dropped EXE
-
\??\c:\fnlthb.exec:\fnlthb.exe20⤵
- Executes dropped EXE
-
\??\c:\fnbpr.exec:\fnbpr.exe21⤵
- Executes dropped EXE
-
\??\c:\vvptb.exec:\vvptb.exe22⤵
- Executes dropped EXE
-
\??\c:\xndbrlh.exec:\xndbrlh.exe23⤵
- Executes dropped EXE
-
\??\c:\prdjx.exec:\prdjx.exe24⤵
- Executes dropped EXE
-
\??\c:\vjpnrv.exec:\vjpnrv.exe25⤵
- Executes dropped EXE
-
\??\c:\jlpddt.exec:\jlpddt.exe26⤵
- Executes dropped EXE
-
\??\c:\dnxndxt.exec:\dnxndxt.exe27⤵
- Executes dropped EXE
-
\??\c:\pxnbdv.exec:\pxnbdv.exe28⤵
- Executes dropped EXE
-
\??\c:\rbnvh.exec:\rbnvh.exe29⤵
- Executes dropped EXE
-
\??\c:\ddtvjft.exec:\ddtvjft.exe30⤵
- Executes dropped EXE
-
\??\c:\drlxp.exec:\drlxp.exe31⤵
- Executes dropped EXE
-
\??\c:\bdllfdt.exec:\bdllfdt.exe32⤵
- Executes dropped EXE
-
\??\c:\hrjrd.exec:\hrjrd.exe33⤵
- Executes dropped EXE
-
\??\c:\bvndff.exec:\bvndff.exe34⤵
- Executes dropped EXE
-
\??\c:\fpbdd.exec:\fpbdd.exe35⤵
- Executes dropped EXE
-
\??\c:\frdxd.exec:\frdxd.exe36⤵
-
\??\c:\vlrbn.exec:\vlrbn.exe37⤵
- Executes dropped EXE
-
\??\c:\tnbtf.exec:\tnbtf.exe38⤵
- Executes dropped EXE
-
\??\c:\thxvxth.exec:\thxvxth.exe39⤵
- Executes dropped EXE
-
\??\c:\fnvbbb.exec:\fnvbbb.exe40⤵
- Executes dropped EXE
-
\??\c:\nhvhtdj.exec:\nhvhtdj.exe41⤵
- Executes dropped EXE
-
\??\c:\vnfbl.exec:\vnfbl.exe42⤵
- Executes dropped EXE
-
\??\c:\nvrbjnt.exec:\nvrbjnt.exe43⤵
- Executes dropped EXE
-
\??\c:\rtbtn.exec:\rtbtn.exe44⤵
- Executes dropped EXE
-
\??\c:\djppbb.exec:\djppbb.exe45⤵
- Executes dropped EXE
-
\??\c:\djhrn.exec:\djhrn.exe46⤵
- Executes dropped EXE
-
\??\c:\ttpvdbt.exec:\ttpvdbt.exe47⤵
- Executes dropped EXE
-
\??\c:\dfdjfnr.exec:\dfdjfnr.exe48⤵
- Executes dropped EXE
-
\??\c:\thphpjb.exec:\thphpjb.exe49⤵
- Executes dropped EXE
-
\??\c:\lthltpv.exec:\lthltpv.exe50⤵
- Executes dropped EXE
-
\??\c:\hlnrprr.exec:\hlnrprr.exe51⤵
- Executes dropped EXE
-
\??\c:\lbtxd.exec:\lbtxd.exe52⤵
- Executes dropped EXE
-
\??\c:\bbfhh.exec:\bbfhh.exe53⤵
- Executes dropped EXE
-
\??\c:\pnxbrd.exec:\pnxbrd.exe54⤵
- Executes dropped EXE
-
\??\c:\jhndrt.exec:\jhndrt.exe55⤵
- Executes dropped EXE
-
\??\c:\xjvlb.exec:\xjvlb.exe56⤵
- Executes dropped EXE
-
\??\c:\jfrflr.exec:\jfrflr.exe57⤵
- Executes dropped EXE
-
\??\c:\jhltxhf.exec:\jhltxhf.exe58⤵
- Executes dropped EXE
-
\??\c:\dlhdjrd.exec:\dlhdjrd.exe59⤵
- Executes dropped EXE
-
\??\c:\pptxppn.exec:\pptxppn.exe60⤵
- Executes dropped EXE
-
\??\c:\jnjltx.exec:\jnjltx.exe61⤵
- Executes dropped EXE
-
\??\c:\lrfbv.exec:\lrfbv.exe62⤵
- Executes dropped EXE
-
\??\c:\jtffp.exec:\jtffp.exe63⤵
- Executes dropped EXE
-
\??\c:\bjxhpp.exec:\bjxhpp.exe64⤵
- Executes dropped EXE
-
\??\c:\rdnlhl.exec:\rdnlhl.exe65⤵
- Executes dropped EXE
-
\??\c:\hjdrjv.exec:\hjdrjv.exe66⤵
- Executes dropped EXE
-
\??\c:\dbfnt.exec:\dbfnt.exe67⤵
-
\??\c:\lxfvp.exec:\lxfvp.exe68⤵
-
\??\c:\vhltlv.exec:\vhltlv.exe69⤵
-
\??\c:\hvdrrbv.exec:\hvdrrbv.exe70⤵
-
\??\c:\drbfp.exec:\drbfp.exe71⤵
-
\??\c:\xdjhhl.exec:\xdjhhl.exe72⤵
-
\??\c:\rftbtjn.exec:\rftbtjn.exe73⤵
-
\??\c:\fnfbr.exec:\fnfbr.exe74⤵
-
\??\c:\pdjxf.exec:\pdjxf.exe75⤵
-
\??\c:\ndrpdht.exec:\ndrpdht.exe76⤵
-
\??\c:\xplxhlv.exec:\xplxhlv.exe77⤵
-
\??\c:\jbjpdj.exec:\jbjpdj.exe78⤵
-
\??\c:\dtpdhll.exec:\dtpdhll.exe79⤵
-
\??\c:\hjprt.exec:\hjprt.exe80⤵
-
\??\c:\pfnnfh.exec:\pfnnfh.exe81⤵
-
\??\c:\rhljfn.exec:\rhljfn.exe82⤵
-
\??\c:\vptdh.exec:\vptdh.exe83⤵
-
\??\c:\dpphphh.exec:\dpphphh.exe84⤵
-
\??\c:\tnvvntv.exec:\tnvvntv.exe85⤵
-
\??\c:\jplrlr.exec:\jplrlr.exe86⤵
-
\??\c:\xvtdtnd.exec:\xvtdtnd.exe87⤵
-
\??\c:\nxlxt.exec:\nxlxt.exe88⤵
-
\??\c:\xhtljp.exec:\xhtljp.exe89⤵
-
\??\c:\xbpbj.exec:\xbpbj.exe90⤵
-
\??\c:\lvpptj.exec:\lvpptj.exe91⤵
-
\??\c:\fxhbpvp.exec:\fxhbpvp.exe92⤵
-
\??\c:\xlnbtjp.exec:\xlnbtjp.exe93⤵
-
\??\c:\dtftjd.exec:\dtftjd.exe94⤵
-
\??\c:\ldlhvhj.exec:\ldlhvhj.exe95⤵
-
\??\c:\rppjbx.exec:\rppjbx.exe96⤵
-
\??\c:\vxdlf.exec:\vxdlf.exe97⤵
-
\??\c:\nrdrfxt.exec:\nrdrfxt.exe98⤵
-
\??\c:\fvnnnh.exec:\fvnnnh.exe99⤵
-
\??\c:\rhtjrjl.exec:\rhtjrjl.exe100⤵
-
\??\c:\vjfxdxf.exec:\vjfxdxf.exe101⤵
-
\??\c:\vltjbtp.exec:\vltjbtp.exe102⤵
-
\??\c:\rlphvp.exec:\rlphvp.exe103⤵
-
\??\c:\vvjnld.exec:\vvjnld.exe104⤵
-
\??\c:\dpdvp.exec:\dpdvp.exe105⤵
-
\??\c:\hbhltfn.exec:\hbhltfn.exe106⤵
-
\??\c:\vltprdr.exec:\vltprdr.exe107⤵
-
\??\c:\fhbdhdf.exec:\fhbdhdf.exe108⤵
-
\??\c:\jbttnn.exec:\jbttnn.exe109⤵
-
\??\c:\rxjhpv.exec:\rxjhpv.exe110⤵
-
\??\c:\vljbnf.exec:\vljbnf.exe111⤵
-
\??\c:\vjjdxnr.exec:\vjjdxnr.exe112⤵
-
\??\c:\jfptbtj.exec:\jfptbtj.exe113⤵
-
\??\c:\nrnjtlr.exec:\nrnjtlr.exe114⤵
-
\??\c:\htnrdh.exec:\htnrdh.exe115⤵
-
\??\c:\hpxnp.exec:\hpxnp.exe116⤵
-
\??\c:\fllxn.exec:\fllxn.exe117⤵
-
\??\c:\fthld.exec:\fthld.exe118⤵
-
\??\c:\lbjtrpj.exec:\lbjtrpj.exe119⤵
-
\??\c:\rxtpf.exec:\rxtpf.exe120⤵
-
\??\c:\hljnf.exec:\hljnf.exe121⤵
-
\??\c:\dxlfd.exec:\dxlfd.exe122⤵
-
\??\c:\tdltlt.exec:\tdltlt.exe123⤵
-
\??\c:\xptlff.exec:\xptlff.exe124⤵
-
\??\c:\jtbprv.exec:\jtbprv.exe125⤵
-
\??\c:\tdxpv.exec:\tdxpv.exe126⤵
-
\??\c:\rnffv.exec:\rnffv.exe127⤵
-
\??\c:\jvddhj.exec:\jvddhj.exe128⤵
-
\??\c:\xltfl.exec:\xltfl.exe129⤵
-
\??\c:\lbdtrj.exec:\lbdtrj.exe130⤵
-
\??\c:\tlfxblv.exec:\tlfxblv.exe131⤵
-
\??\c:\hnhnxh.exec:\hnhnxh.exe132⤵
-
\??\c:\bxvlvrd.exec:\bxvlvrd.exe133⤵
-
\??\c:\xpttjr.exec:\xpttjr.exe134⤵
-
\??\c:\dhltfx.exec:\dhltfx.exe135⤵
-
\??\c:\lfrxbt.exec:\lfrxbt.exe136⤵
-
\??\c:\hfpvvv.exec:\hfpvvv.exe137⤵
-
\??\c:\dxvfpdn.exec:\dxvfpdn.exe138⤵
-
\??\c:\fddfd.exec:\fddfd.exe139⤵
-
\??\c:\frvlhfj.exec:\frvlhfj.exe140⤵
-
\??\c:\xllxj.exec:\xllxj.exe141⤵
-
\??\c:\dnfrjhd.exec:\dnfrjhd.exe142⤵
-
\??\c:\hlvvr.exec:\hlvvr.exe143⤵
-
\??\c:\phtlbtt.exec:\phtlbtt.exe144⤵
-
\??\c:\jpptnd.exec:\jpptnd.exe145⤵
-
\??\c:\thtrdj.exec:\thtrdj.exe146⤵
-
\??\c:\jbttj.exec:\jbttj.exe147⤵
-
\??\c:\xfrxnjj.exec:\xfrxnjj.exe148⤵
-
\??\c:\thxxftr.exec:\thxxftr.exe149⤵
-
\??\c:\rprpt.exec:\rprpt.exe150⤵
-
\??\c:\hhtlh.exec:\hhtlh.exe151⤵
-
\??\c:\pjpfd.exec:\pjpfd.exe152⤵
-
\??\c:\pvvtxth.exec:\pvvtxth.exe153⤵
-
\??\c:\tfvfbvj.exec:\tfvfbvj.exe154⤵
-
\??\c:\rnphhb.exec:\rnphhb.exe155⤵
-
\??\c:\ntxprth.exec:\ntxprth.exe156⤵
-
\??\c:\tddlhvx.exec:\tddlhvx.exe157⤵
-
\??\c:\jnlnl.exec:\jnlnl.exe158⤵
-
\??\c:\jnhllbj.exec:\jnhllbj.exe159⤵
-
\??\c:\bhnjjpv.exec:\bhnjjpv.exe160⤵
-
\??\c:\lrppxbj.exec:\lrppxbj.exe161⤵
-
\??\c:\bhlbd.exec:\bhlbd.exe162⤵
-
\??\c:\dfvrxh.exec:\dfvrxh.exe163⤵
-
\??\c:\ndhtfx.exec:\ndhtfx.exe164⤵
-
\??\c:\fjtdvl.exec:\fjtdvl.exe165⤵
-
\??\c:\xvfxxp.exec:\xvfxxp.exe166⤵
-
\??\c:\vlptdf.exec:\vlptdf.exe167⤵
-
\??\c:\rpthpp.exec:\rpthpp.exe168⤵
-
\??\c:\xxrxj.exec:\xxrxj.exe169⤵
-
\??\c:\lpvjvx.exec:\lpvjvx.exe170⤵
-
\??\c:\nfvvtb.exec:\nfvvtb.exe171⤵
-
\??\c:\njjbjjd.exec:\njjbjjd.exe172⤵
-
\??\c:\rvrxnrt.exec:\rvrxnrt.exe173⤵
-
\??\c:\tvvhv.exec:\tvvhv.exe174⤵
-
\??\c:\hjvrn.exec:\hjvrn.exe175⤵
-
\??\c:\pjvhxbf.exec:\pjvhxbf.exe176⤵
-
\??\c:\ttdbnxj.exec:\ttdbnxj.exe177⤵
-
\??\c:\vpjldf.exec:\vpjldf.exe178⤵
-
\??\c:\tnlfhfl.exec:\tnlfhfl.exe179⤵
-
\??\c:\bvphllv.exec:\bvphllv.exe180⤵
-
\??\c:\lflnvvx.exec:\lflnvvx.exe181⤵
-
\??\c:\fnjdtf.exec:\fnjdtf.exe182⤵
-
\??\c:\ftfftnp.exec:\ftfftnp.exe183⤵
-
\??\c:\lnbbjdd.exec:\lnbbjdd.exe184⤵
-
\??\c:\bxtlhnv.exec:\bxtlhnv.exe185⤵
-
\??\c:\lnbhlnj.exec:\lnbhlnj.exe186⤵
-
\??\c:\rjpjdnd.exec:\rjpjdnd.exe187⤵
-
\??\c:\ljlrdx.exec:\ljlrdx.exe188⤵
-
\??\c:\xrpjhfn.exec:\xrpjhfn.exe189⤵
-
\??\c:\xpfbnvx.exec:\xpfbnvx.exe190⤵
-
\??\c:\xbvjf.exec:\xbvjf.exe191⤵
-
\??\c:\ljxvbxp.exec:\ljxvbxp.exe192⤵
-
\??\c:\xjxxl.exec:\xjxxl.exe193⤵
-
\??\c:\bjdvpxl.exec:\bjdvpxl.exe194⤵
-
\??\c:\lxdrdnp.exec:\lxdrdnp.exe195⤵
-
\??\c:\pdljjvh.exec:\pdljjvh.exe196⤵
-
\??\c:\rpndjxj.exec:\rpndjxj.exe197⤵
-
\??\c:\ppjpvh.exec:\ppjpvh.exe198⤵
-
\??\c:\txnrnhl.exec:\txnrnhl.exe199⤵
-
\??\c:\jxvdnjx.exec:\jxvdnjx.exe200⤵
-
\??\c:\bxjnt.exec:\bxjnt.exe201⤵
-
\??\c:\lxjvfb.exec:\lxjvfb.exe202⤵
-
\??\c:\blhxrdx.exec:\blhxrdx.exe203⤵
-
\??\c:\nnblt.exec:\nnblt.exe204⤵
-
\??\c:\flxvd.exec:\flxvd.exe205⤵
-
\??\c:\hptfxpp.exec:\hptfxpp.exe206⤵
-
\??\c:\xxhtlv.exec:\xxhtlv.exe207⤵
-
\??\c:\nfxlbb.exec:\nfxlbb.exe208⤵
-
\??\c:\tvtft.exec:\tvtft.exe209⤵
-
\??\c:\vvddlph.exec:\vvddlph.exe210⤵
-
\??\c:\thnvt.exec:\thnvt.exe211⤵
-
\??\c:\lhhttn.exec:\lhhttn.exe212⤵
-
\??\c:\phpvjlr.exec:\phpvjlr.exe213⤵
-
\??\c:\fpdxl.exec:\fpdxl.exe214⤵
-
\??\c:\xjrttbh.exec:\xjrttbh.exe215⤵
-
\??\c:\dnbphn.exec:\dnbphn.exe216⤵
-
\??\c:\bbrfff.exec:\bbrfff.exe217⤵
-
\??\c:\trrvhjr.exec:\trrvhjr.exe218⤵
-
\??\c:\jxptntn.exec:\jxptntn.exe219⤵
-
\??\c:\jxxtd.exec:\jxxtd.exe220⤵
-
\??\c:\trnjxjb.exec:\trnjxjb.exe221⤵
-
\??\c:\bjhxbd.exec:\bjhxbd.exe222⤵
-
\??\c:\rpbvpdb.exec:\rpbvpdb.exe223⤵
-
\??\c:\pjxxbx.exec:\pjxxbx.exe224⤵
-
\??\c:\jjdbrf.exec:\jjdbrf.exe225⤵
-
\??\c:\dvfdft.exec:\dvfdft.exe226⤵
-
\??\c:\dhhfr.exec:\dhhfr.exe227⤵
-
\??\c:\dvxfbbv.exec:\dvxfbbv.exe228⤵
-
\??\c:\fxtbr.exec:\fxtbr.exe229⤵
-
\??\c:\pxjlv.exec:\pxjlv.exe230⤵
-
\??\c:\fhhvpl.exec:\fhhvpl.exe231⤵
-
\??\c:\lfpfx.exec:\lfpfx.exe232⤵
-
\??\c:\tbnnvt.exec:\tbnnvt.exe233⤵
-
\??\c:\xxthp.exec:\xxthp.exe234⤵
-
\??\c:\nhjvrhp.exec:\nhjvrhp.exe235⤵
-
\??\c:\lpvxxt.exec:\lpvxxt.exe236⤵
-
\??\c:\jpfttn.exec:\jpfttn.exe237⤵
-
\??\c:\brdvxn.exec:\brdvxn.exe238⤵
-
\??\c:\ppttp.exec:\ppttp.exe239⤵
-
\??\c:\jpndjf.exec:\jpndjf.exe240⤵
-
\??\c:\bnhjnvl.exec:\bnhjnvl.exe241⤵