Analysis
-
max time kernel
150s -
max time network
113s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
19-05-2024 10:20
General
-
Target
49dd87bf9edc1f76a03a42644bdbe304e308ee5a1c9c0200cfb026d6e0ebf7b6.exe
-
Size
73KB
-
MD5
0a7a399e48a235cfc1ff92e152af1f00
-
SHA1
b4916d1f22c1cebbca40e8c03f35abb87ecc9360
-
SHA256
49dd87bf9edc1f76a03a42644bdbe304e308ee5a1c9c0200cfb026d6e0ebf7b6
-
SHA512
a224947809ce22c4f311db1ef27dce5e93c48d966d99a08b5001a520f99b2b0d18f616937885dff84731ba98737d4a31d46e10658e7df2cc3d00ff240111060e
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIrmCeRMKeWqNSU:ymb3NkkiQ3mdBjFIjek5x
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\49dd87bf9edc1f76a03a42644bdbe304e308ee5a1c9c0200cfb026d6e0ebf7b6.exe"C:\Users\Admin\AppData\Local\Temp\49dd87bf9edc1f76a03a42644bdbe304e308ee5a1c9c0200cfb026d6e0ebf7b6.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnnth.exec:\ttnnth.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dvvp.exec:\9dvvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rxrfll.exec:\5rxrfll.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxrlxx.exec:\ffxrlxx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbthbt.exec:\nbthbt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjd.exec:\dppjd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrfffl.exec:\lxrfffl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffxrrl.exec:\rffxrrl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbnn.exec:\nhhbnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnbnb.exec:\htnbnb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdvd.exec:\vvdvd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djddv.exec:\djddv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxfrlr.exec:\fxxfrlr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxxrlf.exec:\rfxxrlf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbbt.exec:\hbhbbt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvdv.exec:\pdvdv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpjd.exec:\jvpjd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xffrrr.exec:\1xffrrr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xffffxx.exec:\xffffxx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httbnn.exec:\httbnn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpv.exec:\ppvpv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdv.exec:\vjjdv.exe23⤵
- Executes dropped EXE
-
\??\c:\3jdvv.exec:\3jdvv.exe24⤵
- Executes dropped EXE
-
\??\c:\xrfxllx.exec:\xrfxllx.exe25⤵
- Executes dropped EXE
-
\??\c:\llxrfff.exec:\llxrfff.exe26⤵
- Executes dropped EXE
-
\??\c:\djjdv.exec:\djjdv.exe27⤵
- Executes dropped EXE
-
\??\c:\dpvvp.exec:\dpvvp.exe28⤵
- Executes dropped EXE
-
\??\c:\1rxxrxx.exec:\1rxxrxx.exe29⤵
- Executes dropped EXE
-
\??\c:\xfffxff.exec:\xfffxff.exe30⤵
- Executes dropped EXE
-
\??\c:\5htttb.exec:\5htttb.exe31⤵
- Executes dropped EXE
-
\??\c:\vvdvj.exec:\vvdvj.exe32⤵
- Executes dropped EXE
-
\??\c:\pvvpj.exec:\pvvpj.exe33⤵
- Executes dropped EXE
-
\??\c:\rlllfxx.exec:\rlllfxx.exe34⤵
- Executes dropped EXE
-
\??\c:\rrrxflf.exec:\rrrxflf.exe35⤵
- Executes dropped EXE
-
\??\c:\nhbtnn.exec:\nhbtnn.exe36⤵
- Executes dropped EXE
-
\??\c:\tbbtbh.exec:\tbbtbh.exe37⤵
- Executes dropped EXE
-
\??\c:\dvdvj.exec:\dvdvj.exe38⤵
- Executes dropped EXE
-
\??\c:\fxxrfxx.exec:\fxxrfxx.exe39⤵
- Executes dropped EXE
-
\??\c:\xflxlxx.exec:\xflxlxx.exe40⤵
- Executes dropped EXE
-
\??\c:\bhhbnn.exec:\bhhbnn.exe41⤵
- Executes dropped EXE
-
\??\c:\djjjj.exec:\djjjj.exe42⤵
- Executes dropped EXE
-
\??\c:\djddp.exec:\djddp.exe43⤵
- Executes dropped EXE
-
\??\c:\9lfxfrl.exec:\9lfxfrl.exe44⤵
- Executes dropped EXE
-
\??\c:\fxxxlll.exec:\fxxxlll.exe45⤵
- Executes dropped EXE
-
\??\c:\tbnnnn.exec:\tbnnnn.exe46⤵
- Executes dropped EXE
-
\??\c:\bhhbnn.exec:\bhhbnn.exe47⤵
- Executes dropped EXE
-
\??\c:\jddjd.exec:\jddjd.exe48⤵
- Executes dropped EXE
-
\??\c:\dpvpp.exec:\dpvpp.exe49⤵
- Executes dropped EXE
-
\??\c:\xrxrrll.exec:\xrxrrll.exe50⤵
- Executes dropped EXE
-
\??\c:\9rxrlfx.exec:\9rxrlfx.exe51⤵
- Executes dropped EXE
-
\??\c:\nnhbtt.exec:\nnhbtt.exe52⤵
- Executes dropped EXE
-
\??\c:\ntnhtt.exec:\ntnhtt.exe53⤵
- Executes dropped EXE
-
\??\c:\dvpvv.exec:\dvpvv.exe54⤵
- Executes dropped EXE
-
\??\c:\jddvv.exec:\jddvv.exe55⤵
- Executes dropped EXE
-
\??\c:\djjvp.exec:\djjvp.exe56⤵
- Executes dropped EXE
-
\??\c:\flffxxx.exec:\flffxxx.exe57⤵
- Executes dropped EXE
-
\??\c:\rfrrrxr.exec:\rfrrrxr.exe58⤵
- Executes dropped EXE
-
\??\c:\5nttnn.exec:\5nttnn.exe59⤵
- Executes dropped EXE
-
\??\c:\tnhnth.exec:\tnhnth.exe60⤵
- Executes dropped EXE
-
\??\c:\pdvpj.exec:\pdvpj.exe61⤵
- Executes dropped EXE
-
\??\c:\pdvdp.exec:\pdvdp.exe62⤵
- Executes dropped EXE
-
\??\c:\fxlfxrr.exec:\fxlfxrr.exe63⤵
- Executes dropped EXE
-
\??\c:\rxlfxxr.exec:\rxlfxxr.exe64⤵
- Executes dropped EXE
-
\??\c:\ntnnhh.exec:\ntnnhh.exe65⤵
- Executes dropped EXE
-
\??\c:\9btnhb.exec:\9btnhb.exe66⤵
-
\??\c:\pvvpd.exec:\pvvpd.exe67⤵
-
\??\c:\vvvpp.exec:\vvvpp.exe68⤵
-
\??\c:\rfxxrrl.exec:\rfxxrrl.exe69⤵
-
\??\c:\lllffxx.exec:\lllffxx.exe70⤵
-
\??\c:\tbhhbt.exec:\tbhhbt.exe71⤵
-
\??\c:\hthnhn.exec:\hthnhn.exe72⤵
-
\??\c:\hhnnhh.exec:\hhnnhh.exe73⤵
-
\??\c:\7vpjd.exec:\7vpjd.exe74⤵
-
\??\c:\dpppj.exec:\dpppj.exe75⤵
-
\??\c:\rllfxxr.exec:\rllfxxr.exe76⤵
-
\??\c:\llxxffl.exec:\llxxffl.exe77⤵
-
\??\c:\nhnhtt.exec:\nhnhtt.exe78⤵
-
\??\c:\tttttt.exec:\tttttt.exe79⤵
-
\??\c:\pvjdv.exec:\pvjdv.exe80⤵
-
\??\c:\vpjvp.exec:\vpjvp.exe81⤵
-
\??\c:\5ffxffr.exec:\5ffxffr.exe82⤵
-
\??\c:\lrxrlxx.exec:\lrxrlxx.exe83⤵
-
\??\c:\thtnbt.exec:\thtnbt.exe84⤵
-
\??\c:\btbbhb.exec:\btbbhb.exe85⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe86⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe87⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe88⤵
-
\??\c:\xrrrxxf.exec:\xrrrxxf.exe89⤵
-
\??\c:\7rllfff.exec:\7rllfff.exe90⤵
-
\??\c:\hhbttn.exec:\hhbttn.exe91⤵
-
\??\c:\3nbttt.exec:\3nbttt.exe92⤵
-
\??\c:\ppvvv.exec:\ppvvv.exe93⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe94⤵
-
\??\c:\rfxrffx.exec:\rfxrffx.exe95⤵
-
\??\c:\rrlfxlf.exec:\rrlfxlf.exe96⤵
-
\??\c:\nbhhbb.exec:\nbhhbb.exe97⤵
-
\??\c:\nbbbtt.exec:\nbbbtt.exe98⤵
-
\??\c:\btbtnh.exec:\btbtnh.exe99⤵
-
\??\c:\jvppp.exec:\jvppp.exe100⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe101⤵
-
\??\c:\llffxxr.exec:\llffxxr.exe102⤵
-
\??\c:\xrlfxrr.exec:\xrlfxrr.exe103⤵
-
\??\c:\nthhnt.exec:\nthhnt.exe104⤵
-
\??\c:\tnnhhh.exec:\tnnhhh.exe105⤵
-
\??\c:\jddjd.exec:\jddjd.exe106⤵
-
\??\c:\5rfllrf.exec:\5rfllrf.exe107⤵
-
\??\c:\flxrllf.exec:\flxrllf.exe108⤵
-
\??\c:\httbtb.exec:\httbtb.exe109⤵
-
\??\c:\ththbb.exec:\ththbb.exe110⤵
-
\??\c:\9jjjd.exec:\9jjjd.exe111⤵
-
\??\c:\djpjj.exec:\djpjj.exe112⤵
-
\??\c:\pjddj.exec:\pjddj.exe113⤵
-
\??\c:\rxfxrrr.exec:\rxfxrrr.exe114⤵
-
\??\c:\5lfxxrr.exec:\5lfxxrr.exe115⤵
-
\??\c:\bntnhh.exec:\bntnhh.exe116⤵
-
\??\c:\nhttbn.exec:\nhttbn.exe117⤵
-
\??\c:\dppjd.exec:\dppjd.exe118⤵
-
\??\c:\vppjd.exec:\vppjd.exe119⤵
-
\??\c:\xfflfxr.exec:\xfflfxr.exe120⤵
-
\??\c:\ththbt.exec:\ththbt.exe121⤵
-
\??\c:\dddpd.exec:\dddpd.exe122⤵
-
\??\c:\5jpjv.exec:\5jpjv.exe123⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe124⤵
-
\??\c:\xrlxffx.exec:\xrlxffx.exe125⤵
-
\??\c:\xllxlxr.exec:\xllxlxr.exe126⤵
-
\??\c:\htnbnb.exec:\htnbnb.exe127⤵
-
\??\c:\hbhbnh.exec:\hbhbnh.exe128⤵
-
\??\c:\nbnhtn.exec:\nbnhtn.exe129⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe130⤵
-
\??\c:\dppdp.exec:\dppdp.exe131⤵
-
\??\c:\rlrfrlf.exec:\rlrfrlf.exe132⤵
-
\??\c:\rflffxx.exec:\rflffxx.exe133⤵
-
\??\c:\tbbtnn.exec:\tbbtnn.exe134⤵
-
\??\c:\3nnbtt.exec:\3nnbtt.exe135⤵
-
\??\c:\vpvjj.exec:\vpvjj.exe136⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe137⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe138⤵
-
\??\c:\1fflxrr.exec:\1fflxrr.exe139⤵
-
\??\c:\1nbbtt.exec:\1nbbtt.exe140⤵
-
\??\c:\tnbbtt.exec:\tnbbtt.exe141⤵
-
\??\c:\djjdv.exec:\djjdv.exe142⤵
-
\??\c:\5pjdp.exec:\5pjdp.exe143⤵
-
\??\c:\5rlxrlf.exec:\5rlxrlf.exe144⤵
-
\??\c:\xfffxxf.exec:\xfffxxf.exe145⤵
-
\??\c:\vppjd.exec:\vppjd.exe146⤵
-
\??\c:\5dvjv.exec:\5dvjv.exe147⤵
-
\??\c:\lxfrrff.exec:\lxfrrff.exe148⤵
-
\??\c:\nhnhtt.exec:\nhnhtt.exe149⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe150⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe151⤵
-
\??\c:\rfxxrlf.exec:\rfxxrlf.exe152⤵
-
\??\c:\flxxxfl.exec:\flxxxfl.exe153⤵
-
\??\c:\bthbtn.exec:\bthbtn.exe154⤵
-
\??\c:\hnhtnh.exec:\hnhtnh.exe155⤵
-
\??\c:\jvpdp.exec:\jvpdp.exe156⤵
-
\??\c:\jddjv.exec:\jddjv.exe157⤵
-
\??\c:\fxlfrrl.exec:\fxlfrrl.exe158⤵
-
\??\c:\xrfrlll.exec:\xrfrlll.exe159⤵
-
\??\c:\nnnhbb.exec:\nnnhbb.exe160⤵
-
\??\c:\bnnnbt.exec:\bnnnbt.exe161⤵
-
\??\c:\pdvpd.exec:\pdvpd.exe162⤵
-
\??\c:\lrrxrlf.exec:\lrrxrlf.exe163⤵
-
\??\c:\hnhbnh.exec:\hnhbnh.exe164⤵
-
\??\c:\9dvpd.exec:\9dvpd.exe165⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe166⤵
-
\??\c:\xfxrlff.exec:\xfxrlff.exe167⤵
-
\??\c:\fllfxrf.exec:\fllfxrf.exe168⤵
-
\??\c:\xlxlrll.exec:\xlxlrll.exe169⤵
-
\??\c:\tnhbnh.exec:\tnhbnh.exe170⤵
-
\??\c:\nbthtn.exec:\nbthtn.exe171⤵
-
\??\c:\5jjdv.exec:\5jjdv.exe172⤵
-
\??\c:\9ddpd.exec:\9ddpd.exe173⤵
-
\??\c:\jdjvd.exec:\jdjvd.exe174⤵
-
\??\c:\fxrlffl.exec:\fxrlffl.exe175⤵
-
\??\c:\lxxllrl.exec:\lxxllrl.exe176⤵
-
\??\c:\hbtnhb.exec:\hbtnhb.exe177⤵
-
\??\c:\hhhbtn.exec:\hhhbtn.exe178⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe179⤵
-
\??\c:\jvpdp.exec:\jvpdp.exe180⤵
-
\??\c:\lffxlrl.exec:\lffxlrl.exe181⤵
-
\??\c:\lffxrlf.exec:\lffxrlf.exe182⤵
-
\??\c:\1bnbth.exec:\1bnbth.exe183⤵
-
\??\c:\7tthtn.exec:\7tthtn.exe184⤵
-
\??\c:\tththb.exec:\tththb.exe185⤵
-
\??\c:\vdvjv.exec:\vdvjv.exe186⤵
-
\??\c:\5ffxllx.exec:\5ffxllx.exe187⤵
-
\??\c:\lffxxxx.exec:\lffxxxx.exe188⤵
-
\??\c:\nntbhn.exec:\nntbhn.exe189⤵
-
\??\c:\1ttnhh.exec:\1ttnhh.exe190⤵
-
\??\c:\vjppv.exec:\vjppv.exe191⤵
-
\??\c:\lfxffxl.exec:\lfxffxl.exe192⤵
-
\??\c:\xxrllff.exec:\xxrllff.exe193⤵
-
\??\c:\3tbnnh.exec:\3tbnnh.exe194⤵
-
\??\c:\nttnnt.exec:\nttnnt.exe195⤵
-
\??\c:\vvppv.exec:\vvppv.exe196⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe197⤵
-
\??\c:\xfxlxxl.exec:\xfxlxxl.exe198⤵
-
\??\c:\rxxrlfx.exec:\rxxrlfx.exe199⤵
-
\??\c:\3tnnhh.exec:\3tnnhh.exe200⤵
-
\??\c:\htnhnh.exec:\htnhnh.exe201⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe202⤵
-
\??\c:\dppjv.exec:\dppjv.exe203⤵
-
\??\c:\rxrlxrf.exec:\rxrlxrf.exe204⤵
-
\??\c:\xrrfxxr.exec:\xrrfxxr.exe205⤵
-
\??\c:\bttbhh.exec:\bttbhh.exe206⤵
-
\??\c:\hntbtb.exec:\hntbtb.exe207⤵
-
\??\c:\ntnhhb.exec:\ntnhhb.exe208⤵
-
\??\c:\pjdvd.exec:\pjdvd.exe209⤵
-
\??\c:\vjpjv.exec:\vjpjv.exe210⤵
-
\??\c:\llrlrrf.exec:\llrlrrf.exe211⤵
-
\??\c:\lxrfrlx.exec:\lxrfrlx.exe212⤵
-
\??\c:\hnbhtb.exec:\hnbhtb.exe213⤵
-
\??\c:\bnthth.exec:\bnthth.exe214⤵
-
\??\c:\llfxrfl.exec:\llfxrfl.exe215⤵
-
\??\c:\xrfffff.exec:\xrfffff.exe216⤵
-
\??\c:\vppjj.exec:\vppjj.exe217⤵
-
\??\c:\xrxlxrl.exec:\xrxlxrl.exe218⤵
-
\??\c:\1hbbbt.exec:\1hbbbt.exe219⤵
-
\??\c:\1hbnbt.exec:\1hbnbt.exe220⤵
-
\??\c:\vppdp.exec:\vppdp.exe221⤵
-
\??\c:\5rfxrlf.exec:\5rfxrlf.exe222⤵
-
\??\c:\5ttnhb.exec:\5ttnhb.exe223⤵
-
\??\c:\5vdvj.exec:\5vdvj.exe224⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe225⤵
-
\??\c:\nhbthh.exec:\nhbthh.exe226⤵
-
\??\c:\ddvjd.exec:\ddvjd.exe227⤵
-
\??\c:\1jdpd.exec:\1jdpd.exe228⤵
-
\??\c:\thhbth.exec:\thhbth.exe229⤵
-
\??\c:\xffxrrr.exec:\xffxrrr.exe230⤵
-
\??\c:\nnttnn.exec:\nnttnn.exe231⤵
-
\??\c:\vvdvp.exec:\vvdvp.exe232⤵
-
\??\c:\tbhbhh.exec:\tbhbhh.exe233⤵
-
\??\c:\vdpdj.exec:\vdpdj.exe234⤵
-
\??\c:\flfrlfx.exec:\flfrlfx.exe235⤵
-
\??\c:\xlllxrl.exec:\xlllxrl.exe236⤵
-
\??\c:\5bttnh.exec:\5bttnh.exe237⤵
-
\??\c:\bthbnn.exec:\bthbnn.exe238⤵
-
\??\c:\vvvvp.exec:\vvvvp.exe239⤵
-
\??\c:\3djdd.exec:\3djdd.exe240⤵
-
\??\c:\ddvjd.exec:\ddvjd.exe241⤵