Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
19-05-2024 03:24
General
-
Target
e3318ff5ecd96730e84f89c2ab8e1b19c511a2ca66c55d347f2194ac59d51a0a.exe
-
Size
965KB
-
MD5
a3ec3fad379ca2d3c563da2d2204d2d8
-
SHA1
b9533760494c9672482171b16011b4931629ca03
-
SHA256
e3318ff5ecd96730e84f89c2ab8e1b19c511a2ca66c55d347f2194ac59d51a0a
-
SHA512
5b5af4a4393e6671bcf02dab39fef6fd075d4c17ae8a911d1cb1944d2f4008975f7ef9b29ab52fe02c1b76d3e8382c5185831e609b0b6ed7d577da039f971cd3
-
SSDEEP
12288:n3C9ytvngQjy3C9I3YEWpYe+GalTLfOX+I3C9S3C9ytvngQj65syLr9fuWpV:SgdnJVwLgdnJq9fuW
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
UPX dump on OEP (original entry point) 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e3318ff5ecd96730e84f89c2ab8e1b19c511a2ca66c55d347f2194ac59d51a0a.exe"C:\Users\Admin\AppData\Local\Temp\e3318ff5ecd96730e84f89c2ab8e1b19c511a2ca66c55d347f2194ac59d51a0a.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dddvj.exec:\dddvj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdv.exec:\pjvdv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthnhn.exec:\bthnhn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhtht.exec:\nnhtht.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxlfrx.exec:\xxxlfrx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7btbhn.exec:\7btbhn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrffr.exec:\fxlrffr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdpv.exec:\vpdpv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbntnt.exec:\hbntnt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vddp.exec:\1vddp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvdp.exec:\dvvdp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfrflx.exec:\xrfrflx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrffrrf.exec:\xrffrrf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rlrllr.exec:\9rlrllr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dppv.exec:\5dppv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxllxxl.exec:\xxllxxl.exe17⤵
- Executes dropped EXE
-
\??\c:\lllllxx.exec:\lllllxx.exe18⤵
- Executes dropped EXE
-
\??\c:\bbbhnb.exec:\bbbhnb.exe19⤵
- Executes dropped EXE
-
\??\c:\1rlrxfr.exec:\1rlrxfr.exe20⤵
- Executes dropped EXE
-
\??\c:\5ddjp.exec:\5ddjp.exe21⤵
- Executes dropped EXE
-
\??\c:\9rllfrf.exec:\9rllfrf.exe22⤵
- Executes dropped EXE
-
\??\c:\3nbnth.exec:\3nbnth.exe23⤵
- Executes dropped EXE
-
\??\c:\1hhhbn.exec:\1hhhbn.exe24⤵
- Executes dropped EXE
-
\??\c:\ppvjv.exec:\ppvjv.exe25⤵
- Executes dropped EXE
-
\??\c:\llrlxrf.exec:\llrlxrf.exe26⤵
- Executes dropped EXE
-
\??\c:\vpdjv.exec:\vpdjv.exe27⤵
- Executes dropped EXE
-
\??\c:\nntnbh.exec:\nntnbh.exe28⤵
- Executes dropped EXE
-
\??\c:\1dddd.exec:\1dddd.exe29⤵
- Executes dropped EXE
-
\??\c:\ttnbht.exec:\ttnbht.exe30⤵
- Executes dropped EXE
-
\??\c:\1jjpv.exec:\1jjpv.exe31⤵
- Executes dropped EXE
-
\??\c:\bbthbn.exec:\bbthbn.exe32⤵
- Executes dropped EXE
-
\??\c:\xxrxlxl.exec:\xxrxlxl.exe33⤵
- Executes dropped EXE
-
\??\c:\vvpvp.exec:\vvpvp.exe34⤵
- Executes dropped EXE
-
\??\c:\rxlxxlr.exec:\rxlxxlr.exe35⤵
- Executes dropped EXE
-
\??\c:\bbbbnn.exec:\bbbbnn.exe36⤵
- Executes dropped EXE
-
\??\c:\vdpjd.exec:\vdpjd.exe37⤵
- Executes dropped EXE
-
\??\c:\lllxlxf.exec:\lllxlxf.exe38⤵
- Executes dropped EXE
-
\??\c:\tntttb.exec:\tntttb.exe39⤵
- Executes dropped EXE
-
\??\c:\jpdpv.exec:\jpdpv.exe40⤵
- Executes dropped EXE
-
\??\c:\llxlrxl.exec:\llxlrxl.exe41⤵
- Executes dropped EXE
-
\??\c:\htnhbt.exec:\htnhbt.exe42⤵
- Executes dropped EXE
-
\??\c:\dpjpp.exec:\dpjpp.exe43⤵
- Executes dropped EXE
-
\??\c:\9fxlxfr.exec:\9fxlxfr.exe44⤵
- Executes dropped EXE
-
\??\c:\tnhhbb.exec:\tnhhbb.exe45⤵
- Executes dropped EXE
-
\??\c:\9vjvv.exec:\9vjvv.exe46⤵
- Executes dropped EXE
-
\??\c:\1xxllfl.exec:\1xxllfl.exe47⤵
- Executes dropped EXE
-
\??\c:\hththt.exec:\hththt.exe48⤵
- Executes dropped EXE
-
\??\c:\jpppd.exec:\jpppd.exe49⤵
- Executes dropped EXE
-
\??\c:\rlflxfr.exec:\rlflxfr.exe50⤵
- Executes dropped EXE
-
\??\c:\5nhnnn.exec:\5nhnnn.exe51⤵
- Executes dropped EXE
-
\??\c:\jpjjj.exec:\jpjjj.exe52⤵
- Executes dropped EXE
-
\??\c:\rfxfflx.exec:\rfxfflx.exe53⤵
- Executes dropped EXE
-
\??\c:\nnnbnt.exec:\nnnbnt.exe54⤵
- Executes dropped EXE
-
\??\c:\7jvjd.exec:\7jvjd.exe55⤵
- Executes dropped EXE
-
\??\c:\ffrxrrf.exec:\ffrxrrf.exe56⤵
- Executes dropped EXE
-
\??\c:\9hbhhn.exec:\9hbhhn.exe57⤵
- Executes dropped EXE
-
\??\c:\vdvvd.exec:\vdvvd.exe58⤵
- Executes dropped EXE
-
\??\c:\fxrffrf.exec:\fxrffrf.exe59⤵
- Executes dropped EXE
-
\??\c:\lllrflx.exec:\lllrflx.exe60⤵
- Executes dropped EXE
-
\??\c:\thbbnn.exec:\thbbnn.exe61⤵
- Executes dropped EXE
-
\??\c:\pddjv.exec:\pddjv.exe62⤵
- Executes dropped EXE
-
\??\c:\xrrflrr.exec:\xrrflrr.exe63⤵
- Executes dropped EXE
-
\??\c:\9hthbh.exec:\9hthbh.exe64⤵
- Executes dropped EXE
-
\??\c:\jvjjv.exec:\jvjjv.exe65⤵
- Executes dropped EXE
-
\??\c:\xrlxfrf.exec:\xrlxfrf.exe66⤵
-
\??\c:\1hbbht.exec:\1hbbht.exe67⤵
-
\??\c:\5bbtbn.exec:\5bbtbn.exe68⤵
-
\??\c:\fflrfrx.exec:\fflrfrx.exe69⤵
-
\??\c:\lfflrrf.exec:\lfflrrf.exe70⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe71⤵
-
\??\c:\djpvd.exec:\djpvd.exe72⤵
-
\??\c:\ffrfrxf.exec:\ffrfrxf.exe73⤵
-
\??\c:\vpddj.exec:\vpddj.exe74⤵
-
\??\c:\ddjpp.exec:\ddjpp.exe75⤵
-
\??\c:\fxrflrx.exec:\fxrflrx.exe76⤵
-
\??\c:\3nbhnn.exec:\3nbhnn.exe77⤵
-
\??\c:\vvvjp.exec:\vvvjp.exe78⤵
-
\??\c:\3xxrrxx.exec:\3xxrrxx.exe79⤵
-
\??\c:\btbtbh.exec:\btbtbh.exe80⤵
-
\??\c:\djpdj.exec:\djpdj.exe81⤵
-
\??\c:\llrflxf.exec:\llrflxf.exe82⤵
-
\??\c:\bnhntt.exec:\bnhntt.exe83⤵
-
\??\c:\vvddj.exec:\vvddj.exe84⤵
-
\??\c:\frfxrll.exec:\frfxrll.exe85⤵
-
\??\c:\htbtth.exec:\htbtth.exe86⤵
-
\??\c:\jdvjd.exec:\jdvjd.exe87⤵
-
\??\c:\1nhhth.exec:\1nhhth.exe88⤵
-
\??\c:\bthbhn.exec:\bthbhn.exe89⤵
-
\??\c:\9pvdd.exec:\9pvdd.exe90⤵
-
\??\c:\xrrffrr.exec:\xrrffrr.exe91⤵
-
\??\c:\bhhntn.exec:\bhhntn.exe92⤵
-
\??\c:\5dvjj.exec:\5dvjj.exe93⤵
-
\??\c:\rfrxffl.exec:\rfrxffl.exe94⤵
-
\??\c:\nhnnth.exec:\nhnnth.exe95⤵
-
\??\c:\jpvdp.exec:\jpvdp.exe96⤵
-
\??\c:\xrrxlxl.exec:\xrrxlxl.exe97⤵
-
\??\c:\httthb.exec:\httthb.exe98⤵
-
\??\c:\5vjjj.exec:\5vjjj.exe99⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe100⤵
-
\??\c:\rfrfxfr.exec:\rfrfxfr.exe101⤵
-
\??\c:\hbbnbh.exec:\hbbnbh.exe102⤵
-
\??\c:\jddvv.exec:\jddvv.exe103⤵
-
\??\c:\lfrxlrx.exec:\lfrxlrx.exe104⤵
-
\??\c:\9bhnhb.exec:\9bhnhb.exe105⤵
-
\??\c:\7jvjj.exec:\7jvjj.exe106⤵
-
\??\c:\rlrxlxx.exec:\rlrxlxx.exe107⤵
-
\??\c:\tntntt.exec:\tntntt.exe108⤵
-
\??\c:\dpdpd.exec:\dpdpd.exe109⤵
-
\??\c:\1rflfrx.exec:\1rflfrx.exe110⤵
-
\??\c:\9nhnnt.exec:\9nhnnt.exe111⤵
-
\??\c:\9vpvd.exec:\9vpvd.exe112⤵
-
\??\c:\flrrxxx.exec:\flrrxxx.exe113⤵
-
\??\c:\nhtthh.exec:\nhtthh.exe114⤵
-
\??\c:\3vvvd.exec:\3vvvd.exe115⤵
-
\??\c:\5lrxffl.exec:\5lrxffl.exe116⤵
-
\??\c:\1thhnn.exec:\1thhnn.exe117⤵
-
\??\c:\jvpjp.exec:\jvpjp.exe118⤵
-
\??\c:\5jvvd.exec:\5jvvd.exe119⤵
-
\??\c:\lxfxlll.exec:\lxfxlll.exe120⤵
-
\??\c:\hbtnhb.exec:\hbtnhb.exe121⤵
-
\??\c:\djddj.exec:\djddj.exe122⤵
-
\??\c:\rrxxfxx.exec:\rrxxfxx.exe123⤵
-
\??\c:\nbntbb.exec:\nbntbb.exe124⤵
-
\??\c:\pjpjv.exec:\pjpjv.exe125⤵
-
\??\c:\dpddd.exec:\dpddd.exe126⤵
-
\??\c:\9rxfxff.exec:\9rxfxff.exe127⤵
-
\??\c:\1bbtth.exec:\1bbtth.exe128⤵
-
\??\c:\7dppp.exec:\7dppp.exe129⤵
-
\??\c:\5lfllrr.exec:\5lfllrr.exe130⤵
-
\??\c:\5bnnht.exec:\5bnnht.exe131⤵
-
\??\c:\dvvdp.exec:\dvvdp.exe132⤵
-
\??\c:\lfxlrlr.exec:\lfxlrlr.exe133⤵
-
\??\c:\ththtt.exec:\ththtt.exe134⤵
-
\??\c:\dppdv.exec:\dppdv.exe135⤵
-
\??\c:\3lrlxxr.exec:\3lrlxxr.exe136⤵
-
\??\c:\nhnbhb.exec:\nhnbhb.exe137⤵
-
\??\c:\9vddd.exec:\9vddd.exe138⤵
-
\??\c:\9lxffxx.exec:\9lxffxx.exe139⤵
-
\??\c:\9nbhhh.exec:\9nbhhh.exe140⤵
-
\??\c:\9pvvv.exec:\9pvvv.exe141⤵
-
\??\c:\rlxflrx.exec:\rlxflrx.exe142⤵
-
\??\c:\nhtbbb.exec:\nhtbbb.exe143⤵
-
\??\c:\bbnntb.exec:\bbnntb.exe144⤵
-
\??\c:\1xffrlr.exec:\1xffrlr.exe145⤵
-
\??\c:\nbtbhh.exec:\nbtbhh.exe146⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe147⤵
-
\??\c:\xrxxffx.exec:\xrxxffx.exe148⤵
-
\??\c:\7hntnt.exec:\7hntnt.exe149⤵
-
\??\c:\jdppd.exec:\jdppd.exe150⤵
-
\??\c:\rrflxlx.exec:\rrflxlx.exe151⤵
-
\??\c:\9nbhnh.exec:\9nbhnh.exe152⤵
-
\??\c:\1dppp.exec:\1dppp.exe153⤵
-
\??\c:\7xflllx.exec:\7xflllx.exe154⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe155⤵
-
\??\c:\pdppp.exec:\pdppp.exe156⤵
-
\??\c:\fxlxfrr.exec:\fxlxfrr.exe157⤵
-
\??\c:\7tbbhb.exec:\7tbbhb.exe158⤵
-
\??\c:\7ddvv.exec:\7ddvv.exe159⤵
-
\??\c:\1frffrr.exec:\1frffrr.exe160⤵
-
\??\c:\bnhnbb.exec:\bnhnbb.exe161⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe162⤵
-
\??\c:\9xlflrl.exec:\9xlflrl.exe163⤵
-
\??\c:\5bhhth.exec:\5bhhth.exe164⤵
-
\??\c:\3jvvv.exec:\3jvvv.exe165⤵
-
\??\c:\rllfffx.exec:\rllfffx.exe166⤵
-
\??\c:\htbbhb.exec:\htbbhb.exe167⤵
-
\??\c:\jpddj.exec:\jpddj.exe168⤵
-
\??\c:\jpjdj.exec:\jpjdj.exe169⤵
-
\??\c:\frxrrlr.exec:\frxrrlr.exe170⤵
-
\??\c:\5httbt.exec:\5httbt.exe171⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe172⤵
-
\??\c:\fxllrrr.exec:\fxllrrr.exe173⤵
-
\??\c:\nhhhnb.exec:\nhhhnb.exe174⤵
-
\??\c:\ppvdd.exec:\ppvdd.exe175⤵
-
\??\c:\rrrxflr.exec:\rrrxflr.exe176⤵
-
\??\c:\9nbnnh.exec:\9nbnnh.exe177⤵
-
\??\c:\7dvpj.exec:\7dvpj.exe178⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe179⤵
-
\??\c:\rlfflxx.exec:\rlfflxx.exe180⤵
-
\??\c:\bthbbb.exec:\bthbbb.exe181⤵
-
\??\c:\5jjpv.exec:\5jjpv.exe182⤵
-
\??\c:\xrllrxx.exec:\xrllrxx.exe183⤵
-
\??\c:\ttnnht.exec:\ttnnht.exe184⤵
-
\??\c:\3jpjj.exec:\3jpjj.exe185⤵
-
\??\c:\rlxxflr.exec:\rlxxflr.exe186⤵
-
\??\c:\bthnnn.exec:\bthnnn.exe187⤵
-
\??\c:\nbbbht.exec:\nbbbht.exe188⤵
-
\??\c:\pdddp.exec:\pdddp.exe189⤵
-
\??\c:\xrllllx.exec:\xrllllx.exe190⤵
-
\??\c:\bthnnn.exec:\bthnnn.exe191⤵
-
\??\c:\7pvdp.exec:\7pvdp.exe192⤵
-
\??\c:\xrffllr.exec:\xrffllr.exe193⤵
-
\??\c:\ntnntb.exec:\ntnntb.exe194⤵
-
\??\c:\dpddv.exec:\dpddv.exe195⤵
-
\??\c:\xlffllr.exec:\xlffllr.exe196⤵
-
\??\c:\tnbhnb.exec:\tnbhnb.exe197⤵
-
\??\c:\jvpjv.exec:\jvpjv.exe198⤵
-
\??\c:\rxfrrfr.exec:\rxfrrfr.exe199⤵
-
\??\c:\5tbbbt.exec:\5tbbbt.exe200⤵
-
\??\c:\9pddp.exec:\9pddp.exe201⤵
-
\??\c:\rrlrxxr.exec:\rrlrxxr.exe202⤵
-
\??\c:\7tbhhh.exec:\7tbhhh.exe203⤵
-
\??\c:\7pjpp.exec:\7pjpp.exe204⤵
-
\??\c:\xlxllll.exec:\xlxllll.exe205⤵
-
\??\c:\tnbhtb.exec:\tnbhtb.exe206⤵
-
\??\c:\9pjjv.exec:\9pjjv.exe207⤵
-
\??\c:\3hhhtt.exec:\3hhhtt.exe208⤵
-
\??\c:\pdjvd.exec:\pdjvd.exe209⤵
-
\??\c:\5xlllrf.exec:\5xlllrf.exe210⤵
-
\??\c:\fxlfrxx.exec:\fxlfrxx.exe211⤵
-
\??\c:\bttbnn.exec:\bttbnn.exe212⤵
-
\??\c:\pdppv.exec:\pdppv.exe213⤵
-
\??\c:\3xfxflr.exec:\3xfxflr.exe214⤵
-
\??\c:\hhtbtn.exec:\hhtbtn.exe215⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe216⤵
-
\??\c:\lxlfrll.exec:\lxlfrll.exe217⤵
-
\??\c:\thbbnh.exec:\thbbnh.exe218⤵
-
\??\c:\jvddd.exec:\jvddd.exe219⤵
-
\??\c:\ffxfxlr.exec:\ffxfxlr.exe220⤵
-
\??\c:\5nntbh.exec:\5nntbh.exe221⤵
-
\??\c:\7dppd.exec:\7dppd.exe222⤵
-
\??\c:\xrfflrl.exec:\xrfflrl.exe223⤵
-
\??\c:\1nbbhh.exec:\1nbbhh.exe224⤵
-
\??\c:\7tbbtt.exec:\7tbbtt.exe225⤵
-
\??\c:\ppjjv.exec:\ppjjv.exe226⤵
-
\??\c:\frfxffl.exec:\frfxffl.exe227⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe228⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe229⤵
-
\??\c:\xrfxffl.exec:\xrfxffl.exe230⤵
-
\??\c:\nhnnbb.exec:\nhnnbb.exe231⤵
-
\??\c:\7jpjd.exec:\7jpjd.exe232⤵
-
\??\c:\xxrxffl.exec:\xxrxffl.exe233⤵
-
\??\c:\nbtttt.exec:\nbtttt.exe234⤵
-
\??\c:\tnbtnh.exec:\tnbtnh.exe235⤵
-
\??\c:\1jvpd.exec:\1jvpd.exe236⤵
-
\??\c:\rfrrxxx.exec:\rfrrxxx.exe237⤵
-
\??\c:\nhbhbb.exec:\nhbhbb.exe238⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe239⤵
-
\??\c:\9frrrxf.exec:\9frrrxf.exe240⤵
-
\??\c:\3bthtb.exec:\3bthtb.exe241⤵