Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
19-05-2024 09:57
General
-
Target
1dae485d62ae9d661163b79ed908c0adb85b59c33ae4d8598b64e44cd5941070.exe
-
Size
400KB
-
MD5
93da5a656d4fdb7d121f73e7345fa5cc
-
SHA1
eb747d4fb0572c0992f5ee0e241f20f8bcb343f1
-
SHA256
1dae485d62ae9d661163b79ed908c0adb85b59c33ae4d8598b64e44cd5941070
-
SHA512
8e9cb986a753d854c7d92a25857fea15efd2f2dd1a223bcdbf86e5a74600c3c6f57d96c5e42b7c64c444524d0795f866c7ada43985a5bbbaa54cb21dae5eb079
-
SSDEEP
6144:Jcm4FmowdHoSEubDcAkOCOu0EajNVBZr6y2WXxLO1UqW9E3R:T4wFHoSEubD2P3R
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 37 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1dae485d62ae9d661163b79ed908c0adb85b59c33ae4d8598b64e44cd5941070.exe"C:\Users\Admin\AppData\Local\Temp\1dae485d62ae9d661163b79ed908c0adb85b59c33ae4d8598b64e44cd5941070.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5jvvj.exec:\5jvvj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btntbh.exec:\btntbh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrxffr.exec:\rlrxffr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnntt.exec:\tnnntt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdjp.exec:\dpdjp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhttbb.exec:\nhttbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjp.exec:\vpjjp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxffllx.exec:\xxffllx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvvd.exec:\ddvvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffrllf.exec:\lffrllf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnhbb.exec:\ttnhbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllxlrl.exec:\rllxlrl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nnbht.exec:\5nnbht.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdpv.exec:\ppdpv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfflrf.exec:\rlfflrf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvjd.exec:\vdvjd.exe17⤵
- Executes dropped EXE
-
\??\c:\3xllrfl.exec:\3xllrfl.exe18⤵
- Executes dropped EXE
-
\??\c:\bhhnht.exec:\bhhnht.exe19⤵
- Executes dropped EXE
-
\??\c:\xrlflrf.exec:\xrlflrf.exe20⤵
- Executes dropped EXE
-
\??\c:\nhhnht.exec:\nhhnht.exe21⤵
- Executes dropped EXE
-
\??\c:\lfrxlrl.exec:\lfrxlrl.exe22⤵
- Executes dropped EXE
-
\??\c:\tnhtnb.exec:\tnhtnb.exe23⤵
- Executes dropped EXE
-
\??\c:\5jddd.exec:\5jddd.exe24⤵
- Executes dropped EXE
-
\??\c:\3lflrxf.exec:\3lflrxf.exe25⤵
- Executes dropped EXE
-
\??\c:\9jddv.exec:\9jddv.exe26⤵
- Executes dropped EXE
-
\??\c:\1hhbnh.exec:\1hhbnh.exe27⤵
- Executes dropped EXE
-
\??\c:\ppddj.exec:\ppddj.exe28⤵
- Executes dropped EXE
-
\??\c:\3fxlfxl.exec:\3fxlfxl.exe29⤵
- Executes dropped EXE
-
\??\c:\jjvjv.exec:\jjvjv.exe30⤵
- Executes dropped EXE
-
\??\c:\rrfxrrl.exec:\rrfxrrl.exe31⤵
- Executes dropped EXE
-
\??\c:\1bhbtn.exec:\1bhbtn.exe32⤵
- Executes dropped EXE
-
\??\c:\vpppd.exec:\vpppd.exe33⤵
- Executes dropped EXE
-
\??\c:\tnnbbb.exec:\tnnbbb.exe34⤵
- Executes dropped EXE
-
\??\c:\1ddpd.exec:\1ddpd.exe35⤵
- Executes dropped EXE
-
\??\c:\dvpvd.exec:\dvpvd.exe36⤵
-
\??\c:\llffxrl.exec:\llffxrl.exe37⤵
- Executes dropped EXE
-
\??\c:\3pddp.exec:\3pddp.exe38⤵
- Executes dropped EXE
-
\??\c:\1xflffr.exec:\1xflffr.exe39⤵
- Executes dropped EXE
-
\??\c:\bnhhtb.exec:\bnhhtb.exe40⤵
- Executes dropped EXE
-
\??\c:\jjdvp.exec:\jjdvp.exe41⤵
- Executes dropped EXE
-
\??\c:\jdvdp.exec:\jdvdp.exe42⤵
- Executes dropped EXE
-
\??\c:\xxllxfr.exec:\xxllxfr.exe43⤵
- Executes dropped EXE
-
\??\c:\3nhhtt.exec:\3nhhtt.exe44⤵
- Executes dropped EXE
-
\??\c:\vppjp.exec:\vppjp.exe45⤵
- Executes dropped EXE
-
\??\c:\llffxfl.exec:\llffxfl.exe46⤵
- Executes dropped EXE
-
\??\c:\bbhhbb.exec:\bbhhbb.exe47⤵
- Executes dropped EXE
-
\??\c:\9pdpv.exec:\9pdpv.exe48⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe49⤵
- Executes dropped EXE
-
\??\c:\lrrflxx.exec:\lrrflxx.exe50⤵
- Executes dropped EXE
-
\??\c:\bbbtnb.exec:\bbbtnb.exe51⤵
- Executes dropped EXE
-
\??\c:\vvvjd.exec:\vvvjd.exe52⤵
- Executes dropped EXE
-
\??\c:\frlrxlx.exec:\frlrxlx.exe53⤵
- Executes dropped EXE
-
\??\c:\1btbnt.exec:\1btbnt.exe54⤵
- Executes dropped EXE
-
\??\c:\pjvjv.exec:\pjvjv.exe55⤵
- Executes dropped EXE
-
\??\c:\3vddj.exec:\3vddj.exe56⤵
- Executes dropped EXE
-
\??\c:\fxxrrfl.exec:\fxxrrfl.exe57⤵
- Executes dropped EXE
-
\??\c:\9tnbbb.exec:\9tnbbb.exe58⤵
- Executes dropped EXE
-
\??\c:\pjddp.exec:\pjddp.exe59⤵
- Executes dropped EXE
-
\??\c:\rlflrxf.exec:\rlflrxf.exe60⤵
- Executes dropped EXE
-
\??\c:\ffrxlrf.exec:\ffrxlrf.exe61⤵
- Executes dropped EXE
-
\??\c:\1tntbh.exec:\1tntbh.exe62⤵
- Executes dropped EXE
-
\??\c:\vvpvj.exec:\vvpvj.exe63⤵
- Executes dropped EXE
-
\??\c:\dvvpd.exec:\dvvpd.exe64⤵
- Executes dropped EXE
-
\??\c:\lfxxlxl.exec:\lfxxlxl.exe65⤵
- Executes dropped EXE
-
\??\c:\hhthnt.exec:\hhthnt.exe66⤵
- Executes dropped EXE
-
\??\c:\1jdpv.exec:\1jdpv.exe67⤵
-
\??\c:\jjjpd.exec:\jjjpd.exe68⤵
-
\??\c:\fxrxlxl.exec:\fxrxlxl.exe69⤵
-
\??\c:\hhbnhh.exec:\hhbnhh.exe70⤵
-
\??\c:\dddpj.exec:\dddpj.exe71⤵
-
\??\c:\ddpvd.exec:\ddpvd.exe72⤵
-
\??\c:\rrxflrl.exec:\rrxflrl.exe73⤵
-
\??\c:\tbhhnt.exec:\tbhhnt.exe74⤵
-
\??\c:\3ddpd.exec:\3ddpd.exe75⤵
-
\??\c:\dddjp.exec:\dddjp.exe76⤵
-
\??\c:\xflrrll.exec:\xflrrll.exe77⤵
-
\??\c:\9nttnt.exec:\9nttnt.exe78⤵
-
\??\c:\pppdd.exec:\pppdd.exe79⤵
-
\??\c:\rfrxrfl.exec:\rfrxrfl.exe80⤵
-
\??\c:\lfxlxxl.exec:\lfxlxxl.exe81⤵
-
\??\c:\bthtbn.exec:\bthtbn.exe82⤵
-
\??\c:\ddjpj.exec:\ddjpj.exe83⤵
-
\??\c:\pppvj.exec:\pppvj.exe84⤵
-
\??\c:\xfxrxfr.exec:\xfxrxfr.exe85⤵
-
\??\c:\hnhhth.exec:\hnhhth.exe86⤵
-
\??\c:\jjdjd.exec:\jjdjd.exe87⤵
-
\??\c:\9pdpv.exec:\9pdpv.exe88⤵
-
\??\c:\rxxfrxr.exec:\rxxfrxr.exe89⤵
-
\??\c:\tnbbhn.exec:\tnbbhn.exe90⤵
-
\??\c:\5dppv.exec:\5dppv.exe91⤵
-
\??\c:\vppvd.exec:\vppvd.exe92⤵
-
\??\c:\lxrxflr.exec:\lxrxflr.exe93⤵
-
\??\c:\btnbbh.exec:\btnbbh.exe94⤵
-
\??\c:\pjdjj.exec:\pjdjj.exe95⤵
-
\??\c:\ffxlrxl.exec:\ffxlrxl.exe96⤵
-
\??\c:\5rflrxf.exec:\5rflrxf.exe97⤵
-
\??\c:\hhthtt.exec:\hhthtt.exe98⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe99⤵
-
\??\c:\vjdjd.exec:\vjdjd.exe100⤵
-
\??\c:\xxrfllf.exec:\xxrfllf.exe101⤵
-
\??\c:\bnhnbn.exec:\bnhnbn.exe102⤵
-
\??\c:\vjdjj.exec:\vjdjj.exe103⤵
-
\??\c:\jjdjp.exec:\jjdjp.exe104⤵
-
\??\c:\lfxfllr.exec:\lfxfllr.exe105⤵
-
\??\c:\nnhntb.exec:\nnhntb.exe106⤵
-
\??\c:\1hhtbn.exec:\1hhtbn.exe107⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe108⤵
-
\??\c:\ffxxfff.exec:\ffxxfff.exe109⤵
-
\??\c:\5xxxllr.exec:\5xxxllr.exe110⤵
-
\??\c:\bnnbnh.exec:\bnnbnh.exe111⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe112⤵
-
\??\c:\jpppd.exec:\jpppd.exe113⤵
-
\??\c:\rlxfllf.exec:\rlxfllf.exe114⤵
-
\??\c:\5bbnnn.exec:\5bbnnn.exe115⤵
-
\??\c:\jjdpd.exec:\jjdpd.exe116⤵
-
\??\c:\xxxxflr.exec:\xxxxflr.exe117⤵
-
\??\c:\hbbbhn.exec:\hbbbhn.exe118⤵
-
\??\c:\pjddp.exec:\pjddp.exe119⤵
-
\??\c:\vvdpv.exec:\vvdpv.exe120⤵
-
\??\c:\fxlrffr.exec:\fxlrffr.exe121⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe122⤵
-
\??\c:\9flxxfx.exec:\9flxxfx.exe123⤵
-
\??\c:\1fflxfr.exec:\1fflxfr.exe124⤵
-
\??\c:\nnnnhn.exec:\nnnnhn.exe125⤵
-
\??\c:\jjpdp.exec:\jjpdp.exe126⤵
-
\??\c:\pjjvj.exec:\pjjvj.exe127⤵
-
\??\c:\fxrrxfr.exec:\fxrrxfr.exe128⤵
-
\??\c:\tttbtt.exec:\tttbtt.exe129⤵
-
\??\c:\jjjvd.exec:\jjjvd.exe130⤵
-
\??\c:\djjpv.exec:\djjpv.exe131⤵
-
\??\c:\9llrxxr.exec:\9llrxxr.exe132⤵
-
\??\c:\9hbthh.exec:\9hbthh.exe133⤵
-
\??\c:\jjjvd.exec:\jjjvd.exe134⤵
-
\??\c:\dpvpd.exec:\dpvpd.exe135⤵
-
\??\c:\rxxxlrl.exec:\rxxxlrl.exe136⤵
-
\??\c:\tbnbnn.exec:\tbnbnn.exe137⤵
-
\??\c:\ppjdv.exec:\ppjdv.exe138⤵
-
\??\c:\jddpd.exec:\jddpd.exe139⤵
-
\??\c:\xxflxfx.exec:\xxflxfx.exe140⤵
-
\??\c:\rlxxlrl.exec:\rlxxlrl.exe141⤵
-
\??\c:\hhthbh.exec:\hhthbh.exe142⤵
-
\??\c:\vpdpv.exec:\vpdpv.exe143⤵
-
\??\c:\rlfrffr.exec:\rlfrffr.exe144⤵
-
\??\c:\lfxfllx.exec:\lfxfllx.exe145⤵
-
\??\c:\1bbbhn.exec:\1bbbhn.exe146⤵
-
\??\c:\7hbnbh.exec:\7hbnbh.exe147⤵
-
\??\c:\pjjjp.exec:\pjjjp.exe148⤵
-
\??\c:\llrxrxl.exec:\llrxrxl.exe149⤵
-
\??\c:\xrllffx.exec:\xrllffx.exe150⤵
-
\??\c:\bbnnnt.exec:\bbnnnt.exe151⤵
-
\??\c:\nnhthn.exec:\nnhthn.exe152⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe153⤵
-
\??\c:\xrllxrf.exec:\xrllxrf.exe154⤵
-
\??\c:\1lflrrx.exec:\1lflrrx.exe155⤵
-
\??\c:\hbnbnn.exec:\hbnbnn.exe156⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe157⤵
-
\??\c:\1pvvd.exec:\1pvvd.exe158⤵
-
\??\c:\7lxrrrf.exec:\7lxrrrf.exe159⤵
-
\??\c:\rrffllx.exec:\rrffllx.exe160⤵
-
\??\c:\5bbbhh.exec:\5bbbhh.exe161⤵
-
\??\c:\1vppj.exec:\1vppj.exe162⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe163⤵
-
\??\c:\1xrrxfl.exec:\1xrrxfl.exe164⤵
-
\??\c:\hhbhtb.exec:\hhbhtb.exe165⤵
-
\??\c:\nntbtt.exec:\nntbtt.exe166⤵
-
\??\c:\vvpvd.exec:\vvpvd.exe167⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe168⤵
-
\??\c:\7xrfffl.exec:\7xrfffl.exe169⤵
-
\??\c:\hhbnhn.exec:\hhbnhn.exe170⤵
-
\??\c:\vdddd.exec:\vdddd.exe171⤵
-
\??\c:\ppjpv.exec:\ppjpv.exe172⤵
-
\??\c:\xrrfrxr.exec:\xrrfrxr.exe173⤵
-
\??\c:\3ttbhh.exec:\3ttbhh.exe174⤵
-
\??\c:\ththhb.exec:\ththhb.exe175⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe176⤵
-
\??\c:\lllxrfr.exec:\lllxrfr.exe177⤵
-
\??\c:\7frlxfr.exec:\7frlxfr.exe178⤵
-
\??\c:\btnbhh.exec:\btnbhh.exe179⤵
-
\??\c:\djddj.exec:\djddj.exe180⤵
-
\??\c:\rxrlxfx.exec:\rxrlxfx.exe181⤵
-
\??\c:\hhbnht.exec:\hhbnht.exe182⤵
-
\??\c:\djjvd.exec:\djjvd.exe183⤵
-
\??\c:\1pjdj.exec:\1pjdj.exe184⤵
-
\??\c:\lrrfxlx.exec:\lrrfxlx.exe185⤵
-
\??\c:\bbhbth.exec:\bbhbth.exe186⤵
-
\??\c:\nbttbb.exec:\nbttbb.exe187⤵
-
\??\c:\3pppj.exec:\3pppj.exe188⤵
-
\??\c:\flflxfl.exec:\flflxfl.exe189⤵
-
\??\c:\lllxllx.exec:\lllxllx.exe190⤵
-
\??\c:\btbtbb.exec:\btbtbb.exe191⤵
-
\??\c:\5jvvd.exec:\5jvvd.exe192⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe193⤵
-
\??\c:\5flrxxl.exec:\5flrxxl.exe194⤵
-
\??\c:\1nhntb.exec:\1nhntb.exe195⤵
-
\??\c:\jddpd.exec:\jddpd.exe196⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe197⤵
-
\??\c:\9ffxfxf.exec:\9ffxfxf.exe198⤵
-
\??\c:\hhhtnb.exec:\hhhtnb.exe199⤵
-
\??\c:\tnhthh.exec:\tnhthh.exe200⤵
-
\??\c:\jdddp.exec:\jdddp.exe201⤵
-
\??\c:\ffxlrfr.exec:\ffxlrfr.exe202⤵
-
\??\c:\5rfxlxr.exec:\5rfxlxr.exe203⤵
-
\??\c:\nhtnbh.exec:\nhtnbh.exe204⤵
-
\??\c:\bthhnh.exec:\bthhnh.exe205⤵
-
\??\c:\3vdvv.exec:\3vdvv.exe206⤵
-
\??\c:\ffxlxxr.exec:\ffxlxxr.exe207⤵
-
\??\c:\tthntt.exec:\tthntt.exe208⤵
-
\??\c:\hhhnbb.exec:\hhhnbb.exe209⤵
-
\??\c:\vvdjp.exec:\vvdjp.exe210⤵
-
\??\c:\vvvpv.exec:\vvvpv.exe211⤵
-
\??\c:\llfrrxf.exec:\llfrrxf.exe212⤵
-
\??\c:\hbbtbb.exec:\hbbtbb.exe213⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe214⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe215⤵
-
\??\c:\1xfxxfr.exec:\1xfxxfr.exe216⤵
-
\??\c:\ffrxflx.exec:\ffrxflx.exe217⤵
-
\??\c:\nhnnhb.exec:\nhnnhb.exe218⤵
-
\??\c:\ddvpd.exec:\ddvpd.exe219⤵
-
\??\c:\jjdvj.exec:\jjdvj.exe220⤵
-
\??\c:\3rfrxfr.exec:\3rfrxfr.exe221⤵
-
\??\c:\hntbnt.exec:\hntbnt.exe222⤵
-
\??\c:\nhbnhh.exec:\nhbnhh.exe223⤵
-
\??\c:\vvdjp.exec:\vvdjp.exe224⤵
-
\??\c:\lfxrffr.exec:\lfxrffr.exe225⤵
-
\??\c:\xxrrfxr.exec:\xxrrfxr.exe226⤵
-
\??\c:\bthnbh.exec:\bthnbh.exe227⤵
-
\??\c:\dddpd.exec:\dddpd.exe228⤵
-
\??\c:\3jdjv.exec:\3jdjv.exe229⤵
-
\??\c:\xrffrfl.exec:\xrffrfl.exe230⤵
-
\??\c:\nhnbnn.exec:\nhnbnn.exe231⤵
-
\??\c:\nbtbnb.exec:\nbtbnb.exe232⤵
-
\??\c:\1pjvj.exec:\1pjvj.exe233⤵
-
\??\c:\lfffflx.exec:\lfffflx.exe234⤵
-
\??\c:\fxlrllx.exec:\fxlrllx.exe235⤵
-
\??\c:\3nntbh.exec:\3nntbh.exe236⤵
-
\??\c:\dvvjp.exec:\dvvjp.exe237⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe238⤵
-
\??\c:\9xxlrfl.exec:\9xxlrfl.exe239⤵
-
\??\c:\llxfxrf.exec:\llxfxrf.exe240⤵
-
\??\c:\7bnntb.exec:\7bnntb.exe241⤵