Analysis
-
max time kernel
150s -
max time network
109s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
19-05-2024 10:27
General
-
Target
5b468e60848a7a6647784effd9550418941ce35847f7c2e1099168be1d2648c4.exe
-
Size
92KB
-
MD5
17f63e29f8a0b50732a2c260197e1140
-
SHA1
43ff1980086b01b8c1ecfc6c8699a4490c38c654
-
SHA256
5b468e60848a7a6647784effd9550418941ce35847f7c2e1099168be1d2648c4
-
SHA512
6b4640084b6140ad69e1ae1a3683387b4a39c2a90309650b85f1199cd14240c3d6ffaa089e14cffa8b3e05326631f0de3f70b1d296370b98264f02cc3583abf5
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxS1rj/21t:ymb3NkkiQ3mdBjFo73PYP1lri3K8Gf
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5b468e60848a7a6647784effd9550418941ce35847f7c2e1099168be1d2648c4.exe"C:\Users\Admin\AppData\Local\Temp\5b468e60848a7a6647784effd9550418941ce35847f7c2e1099168be1d2648c4.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jppdj.exec:\jppdj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrllff.exec:\ffrllff.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7fllffx.exec:\7fllffx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhbb.exec:\btnhbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddppp.exec:\ddppp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvpp.exec:\vvvpp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlffxf.exec:\xxlffxf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nnbth.exec:\3nnbth.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhtt.exec:\nhhhtt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbtn.exec:\hhhbtn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbtnt.exec:\tnbtnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddd.exec:\jdddd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vddd.exec:\7vddd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrlfff.exec:\rlrlfff.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthnnn.exec:\hthnnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvvv.exec:\jvvvv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvvd.exec:\pdvvd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxfrrr.exec:\fxxfrrr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnntnn.exec:\hnntnn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhhnn.exec:\tbhhnn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdd.exec:\pdjdd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jjjv.exec:\3jjjv.exe23⤵
- Executes dropped EXE
-
\??\c:\lllfllf.exec:\lllfllf.exe24⤵
- Executes dropped EXE
-
\??\c:\1lxxrxx.exec:\1lxxrxx.exe25⤵
- Executes dropped EXE
-
\??\c:\hbbttt.exec:\hbbttt.exe26⤵
- Executes dropped EXE
-
\??\c:\vjppv.exec:\vjppv.exe27⤵
- Executes dropped EXE
-
\??\c:\xrffxxx.exec:\xrffxxx.exe28⤵
- Executes dropped EXE
-
\??\c:\rrfffff.exec:\rrfffff.exe29⤵
- Executes dropped EXE
-
\??\c:\5nbtbb.exec:\5nbtbb.exe30⤵
- Executes dropped EXE
-
\??\c:\ppppj.exec:\ppppj.exe31⤵
- Executes dropped EXE
-
\??\c:\pjjdp.exec:\pjjdp.exe32⤵
- Executes dropped EXE
-
\??\c:\rflffrl.exec:\rflffrl.exe33⤵
- Executes dropped EXE
-
\??\c:\xrrlfff.exec:\xrrlfff.exe34⤵
- Executes dropped EXE
-
\??\c:\bttnnn.exec:\bttnnn.exe35⤵
- Executes dropped EXE
-
\??\c:\hbhbtt.exec:\hbhbtt.exe36⤵
- Executes dropped EXE
-
\??\c:\pjvpd.exec:\pjvpd.exe37⤵
- Executes dropped EXE
-
\??\c:\dddjj.exec:\dddjj.exe38⤵
- Executes dropped EXE
-
\??\c:\rlrflll.exec:\rlrflll.exe39⤵
- Executes dropped EXE
-
\??\c:\fxfrfxl.exec:\fxfrfxl.exe40⤵
- Executes dropped EXE
-
\??\c:\thnnnh.exec:\thnnnh.exe41⤵
- Executes dropped EXE
-
\??\c:\nnnhbn.exec:\nnnhbn.exe42⤵
- Executes dropped EXE
-
\??\c:\vpjvv.exec:\vpjvv.exe43⤵
- Executes dropped EXE
-
\??\c:\jpddp.exec:\jpddp.exe44⤵
- Executes dropped EXE
-
\??\c:\xrxrlll.exec:\xrxrlll.exe45⤵
- Executes dropped EXE
-
\??\c:\bthnnn.exec:\bthnnn.exe46⤵
- Executes dropped EXE
-
\??\c:\vpvpp.exec:\vpvpp.exe47⤵
- Executes dropped EXE
-
\??\c:\3vdpd.exec:\3vdpd.exe48⤵
- Executes dropped EXE
-
\??\c:\fxxllfr.exec:\fxxllfr.exe49⤵
- Executes dropped EXE
-
\??\c:\3xfxxrr.exec:\3xfxxrr.exe50⤵
- Executes dropped EXE
-
\??\c:\tnttnn.exec:\tnttnn.exe51⤵
- Executes dropped EXE
-
\??\c:\nbhhbb.exec:\nbhhbb.exe52⤵
- Executes dropped EXE
-
\??\c:\pjpvd.exec:\pjpvd.exe53⤵
- Executes dropped EXE
-
\??\c:\rffxfrl.exec:\rffxfrl.exe54⤵
- Executes dropped EXE
-
\??\c:\hhhbth.exec:\hhhbth.exe55⤵
- Executes dropped EXE
-
\??\c:\djpjj.exec:\djpjj.exe56⤵
- Executes dropped EXE
-
\??\c:\lxlxfxr.exec:\lxlxfxr.exe57⤵
- Executes dropped EXE
-
\??\c:\rlllffx.exec:\rlllffx.exe58⤵
- Executes dropped EXE
-
\??\c:\btbbbb.exec:\btbbbb.exe59⤵
- Executes dropped EXE
-
\??\c:\tbbthh.exec:\tbbthh.exe60⤵
- Executes dropped EXE
-
\??\c:\pjdjv.exec:\pjdjv.exe61⤵
- Executes dropped EXE
-
\??\c:\dddvv.exec:\dddvv.exe62⤵
- Executes dropped EXE
-
\??\c:\5lfxxxf.exec:\5lfxxxf.exe63⤵
- Executes dropped EXE
-
\??\c:\ttnnhh.exec:\ttnnhh.exe64⤵
- Executes dropped EXE
-
\??\c:\tnhhbb.exec:\tnhhbb.exe65⤵
- Executes dropped EXE
-
\??\c:\pdpjv.exec:\pdpjv.exe66⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe67⤵
-
\??\c:\rrfxrrr.exec:\rrfxrrr.exe68⤵
-
\??\c:\xfllfll.exec:\xfllfll.exe69⤵
-
\??\c:\hhhbbb.exec:\hhhbbb.exe70⤵
-
\??\c:\tthhbn.exec:\tthhbn.exe71⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe72⤵
-
\??\c:\jppjd.exec:\jppjd.exe73⤵
-
\??\c:\1flfxrr.exec:\1flfxrr.exe74⤵
-
\??\c:\rrrfxfx.exec:\rrrfxfx.exe75⤵
-
\??\c:\rlrrxxf.exec:\rlrrxxf.exe76⤵
-
\??\c:\nnnbtt.exec:\nnnbtt.exe77⤵
-
\??\c:\nntnhh.exec:\nntnhh.exe78⤵
-
\??\c:\7djdv.exec:\7djdv.exe79⤵
-
\??\c:\pddpd.exec:\pddpd.exe80⤵
-
\??\c:\frfxxff.exec:\frfxxff.exe81⤵
-
\??\c:\nnhhhh.exec:\nnhhhh.exe82⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe83⤵
-
\??\c:\bbhhnn.exec:\bbhhnn.exe84⤵
-
\??\c:\9dddp.exec:\9dddp.exe85⤵
-
\??\c:\vjdvp.exec:\vjdvp.exe86⤵
-
\??\c:\xrrlfff.exec:\xrrlfff.exe87⤵
-
\??\c:\1llrlll.exec:\1llrlll.exe88⤵
-
\??\c:\5nnnnn.exec:\5nnnnn.exe89⤵
-
\??\c:\ttbbtb.exec:\ttbbtb.exe90⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe91⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe92⤵
-
\??\c:\5xxrfff.exec:\5xxrfff.exe93⤵
-
\??\c:\7bbtnn.exec:\7bbtnn.exe94⤵
-
\??\c:\vdjjv.exec:\vdjjv.exe95⤵
-
\??\c:\1jddv.exec:\1jddv.exe96⤵
-
\??\c:\1llrrxx.exec:\1llrrxx.exe97⤵
-
\??\c:\9rllfll.exec:\9rllfll.exe98⤵
-
\??\c:\bbttnt.exec:\bbttnt.exe99⤵
-
\??\c:\tthbtb.exec:\tthbtb.exe100⤵
-
\??\c:\ppvpd.exec:\ppvpd.exe101⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe102⤵
-
\??\c:\rlxrlll.exec:\rlxrlll.exe103⤵
-
\??\c:\fxrrrrr.exec:\fxrrrrr.exe104⤵
-
\??\c:\hhbbbb.exec:\hhbbbb.exe105⤵
-
\??\c:\nntthn.exec:\nntthn.exe106⤵
-
\??\c:\vdjjd.exec:\vdjjd.exe107⤵
-
\??\c:\lfffxxx.exec:\lfffxxx.exe108⤵
-
\??\c:\frxxrrr.exec:\frxxrrr.exe109⤵
-
\??\c:\bbbhtt.exec:\bbbhtt.exe110⤵
-
\??\c:\pjvdv.exec:\pjvdv.exe111⤵
-
\??\c:\jvjpv.exec:\jvjpv.exe112⤵
-
\??\c:\llrrllr.exec:\llrrllr.exe113⤵
-
\??\c:\bnnhbt.exec:\bnnhbt.exe114⤵
-
\??\c:\bbtnnn.exec:\bbtnnn.exe115⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe116⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe117⤵
-
\??\c:\fxrlxxr.exec:\fxrlxxr.exe118⤵
-
\??\c:\lxfxfxr.exec:\lxfxfxr.exe119⤵
-
\??\c:\7bbtnn.exec:\7bbtnn.exe120⤵
-
\??\c:\3jdpj.exec:\3jdpj.exe121⤵
-
\??\c:\lxlllxx.exec:\lxlllxx.exe122⤵
-
\??\c:\5hhhhh.exec:\5hhhhh.exe123⤵
-
\??\c:\ttttnt.exec:\ttttnt.exe124⤵
-
\??\c:\pdvpp.exec:\pdvpp.exe125⤵
-
\??\c:\rlfrrlr.exec:\rlfrrlr.exe126⤵
-
\??\c:\nntbhn.exec:\nntbhn.exe127⤵
-
\??\c:\thbttt.exec:\thbttt.exe128⤵
-
\??\c:\9jdvp.exec:\9jdvp.exe129⤵
-
\??\c:\7jddv.exec:\7jddv.exe130⤵
-
\??\c:\7rflllf.exec:\7rflllf.exe131⤵
-
\??\c:\tnhbbb.exec:\tnhbbb.exe132⤵
-
\??\c:\1dppp.exec:\1dppp.exe133⤵
-
\??\c:\frfxflr.exec:\frfxflr.exe134⤵
-
\??\c:\rrxlffx.exec:\rrxlffx.exe135⤵
-
\??\c:\thnhbb.exec:\thnhbb.exe136⤵
-
\??\c:\nhnhbb.exec:\nhnhbb.exe137⤵
-
\??\c:\pvjvj.exec:\pvjvj.exe138⤵
-
\??\c:\3dvjd.exec:\3dvjd.exe139⤵
-
\??\c:\flrlrrr.exec:\flrlrrr.exe140⤵
-
\??\c:\rrffrrx.exec:\rrffrrx.exe141⤵
-
\??\c:\9nnhbh.exec:\9nnhbh.exe142⤵
-
\??\c:\rfxrxxr.exec:\rfxrxxr.exe143⤵
-
\??\c:\rffxrrr.exec:\rffxrrr.exe144⤵
-
\??\c:\thhhhb.exec:\thhhhb.exe145⤵
-
\??\c:\bhbttn.exec:\bhbttn.exe146⤵
-
\??\c:\9dvpj.exec:\9dvpj.exe147⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe148⤵
-
\??\c:\xrlxlfx.exec:\xrlxlfx.exe149⤵
-
\??\c:\thnhth.exec:\thnhth.exe150⤵
-
\??\c:\9tthtn.exec:\9tthtn.exe151⤵
-
\??\c:\jpjdv.exec:\jpjdv.exe152⤵
-
\??\c:\pdvjv.exec:\pdvjv.exe153⤵
-
\??\c:\lxxlfxr.exec:\lxxlfxr.exe154⤵
-
\??\c:\5rlfrrf.exec:\5rlfrrf.exe155⤵
-
\??\c:\thnbht.exec:\thnbht.exe156⤵
-
\??\c:\bbtnbn.exec:\bbtnbn.exe157⤵
-
\??\c:\1bthbb.exec:\1bthbb.exe158⤵
-
\??\c:\vvdpp.exec:\vvdpp.exe159⤵
-
\??\c:\xxxfrlr.exec:\xxxfrlr.exe160⤵
-
\??\c:\fxfxfxx.exec:\fxfxfxx.exe161⤵
-
\??\c:\ffllxrf.exec:\ffllxrf.exe162⤵
-
\??\c:\bnnhbt.exec:\bnnhbt.exe163⤵
-
\??\c:\pjddv.exec:\pjddv.exe164⤵
-
\??\c:\jppjp.exec:\jppjp.exe165⤵
-
\??\c:\lxrxlfx.exec:\lxrxlfx.exe166⤵
-
\??\c:\hbntnb.exec:\hbntnb.exe167⤵
-
\??\c:\tthnbh.exec:\tthnbh.exe168⤵
-
\??\c:\pjdpj.exec:\pjdpj.exe169⤵
-
\??\c:\djdpj.exec:\djdpj.exe170⤵
-
\??\c:\rfxlxrf.exec:\rfxlxrf.exe171⤵
-
\??\c:\xllxrlf.exec:\xllxrlf.exe172⤵
-
\??\c:\nhbtnh.exec:\nhbtnh.exe173⤵
-
\??\c:\bbbnhb.exec:\bbbnhb.exe174⤵
-
\??\c:\bhhthb.exec:\bhhthb.exe175⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe176⤵
-
\??\c:\1dpdd.exec:\1dpdd.exe177⤵
-
\??\c:\frlxlfx.exec:\frlxlfx.exe178⤵
-
\??\c:\lxfxxrl.exec:\lxfxxrl.exe179⤵
-
\??\c:\ntthtt.exec:\ntthtt.exe180⤵
-
\??\c:\bhnhbb.exec:\bhnhbb.exe181⤵
-
\??\c:\hbnhhb.exec:\hbnhhb.exe182⤵
-
\??\c:\9pvpj.exec:\9pvpj.exe183⤵
-
\??\c:\jddvj.exec:\jddvj.exe184⤵
-
\??\c:\rxxlxrl.exec:\rxxlxrl.exe185⤵
-
\??\c:\5rlfxxl.exec:\5rlfxxl.exe186⤵
-
\??\c:\rrfxrrl.exec:\rrfxrrl.exe187⤵
-
\??\c:\nhtnhh.exec:\nhtnhh.exe188⤵
-
\??\c:\tttthh.exec:\tttthh.exe189⤵
-
\??\c:\jvpjd.exec:\jvpjd.exe190⤵
-
\??\c:\7jdvj.exec:\7jdvj.exe191⤵
-
\??\c:\rflxlfl.exec:\rflxlfl.exe192⤵
-
\??\c:\lrfxxxr.exec:\lrfxxxr.exe193⤵
-
\??\c:\thnhbb.exec:\thnhbb.exe194⤵
-
\??\c:\5tnnhh.exec:\5tnnhh.exe195⤵
-
\??\c:\fffrffr.exec:\fffrffr.exe196⤵
-
\??\c:\xxfxffx.exec:\xxfxffx.exe197⤵
-
\??\c:\1rrrlff.exec:\1rrrlff.exe198⤵
-
\??\c:\nhtnhh.exec:\nhtnhh.exe199⤵
-
\??\c:\ttttnn.exec:\ttttnn.exe200⤵
-
\??\c:\5vpjv.exec:\5vpjv.exe201⤵
-
\??\c:\vjpdv.exec:\vjpdv.exe202⤵
-
\??\c:\ppvpd.exec:\ppvpd.exe203⤵
-
\??\c:\xrlfrlf.exec:\xrlfrlf.exe204⤵
-
\??\c:\lxlfxxf.exec:\lxlfxxf.exe205⤵
-
\??\c:\hbbtnh.exec:\hbbtnh.exe206⤵
-
\??\c:\nhnbnh.exec:\nhnbnh.exe207⤵
-
\??\c:\ppjdv.exec:\ppjdv.exe208⤵
-
\??\c:\3rfrffx.exec:\3rfrffx.exe209⤵
-
\??\c:\lxrlfxr.exec:\lxrlfxr.exe210⤵
-
\??\c:\htttnn.exec:\htttnn.exe211⤵
-
\??\c:\hthtbt.exec:\hthtbt.exe212⤵
-
\??\c:\3vpjv.exec:\3vpjv.exe213⤵
-
\??\c:\jvppj.exec:\jvppj.exe214⤵
-
\??\c:\xrrlfxx.exec:\xrrlfxx.exe215⤵
-
\??\c:\xllllfx.exec:\xllllfx.exe216⤵
-
\??\c:\tnnbhn.exec:\tnnbhn.exe217⤵
-
\??\c:\tntnhh.exec:\tntnhh.exe218⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe219⤵
-
\??\c:\jjjvp.exec:\jjjvp.exe220⤵
-
\??\c:\frflffx.exec:\frflffx.exe221⤵
-
\??\c:\hhhhbt.exec:\hhhhbt.exe222⤵
-
\??\c:\nbhbtn.exec:\nbhbtn.exe223⤵
-
\??\c:\3ppjd.exec:\3ppjd.exe224⤵
-
\??\c:\vjdvj.exec:\vjdvj.exe225⤵
-
\??\c:\3vvpr.exec:\3vvpr.exe226⤵
-
\??\c:\rllxllf.exec:\rllxllf.exe227⤵
-
\??\c:\xflxlrl.exec:\xflxlrl.exe228⤵
-
\??\c:\nbbtnh.exec:\nbbtnh.exe229⤵
-
\??\c:\vjddj.exec:\vjddj.exe230⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe231⤵
-
\??\c:\flrfrrf.exec:\flrfrrf.exe232⤵
-
\??\c:\rxrxfxl.exec:\rxrxfxl.exe233⤵
-
\??\c:\ntbtnh.exec:\ntbtnh.exe234⤵
-
\??\c:\jvdvd.exec:\jvdvd.exe235⤵
-
\??\c:\dpvjd.exec:\dpvjd.exe236⤵
-
\??\c:\rxxrfxr.exec:\rxxrfxr.exe237⤵
-
\??\c:\thbnbn.exec:\thbnbn.exe238⤵
-
\??\c:\1btnbb.exec:\1btnbb.exe239⤵
-
\??\c:\pvpvj.exec:\pvpvj.exe240⤵
-
\??\c:\djppj.exec:\djppj.exe241⤵