Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
19-05-2024 10:30
General
-
Target
61c781b01dc729ca062cfa5fe0e94c8c9dcdf705ce618fe03bff74116df1582a.exe
-
Size
65KB
-
MD5
d0f12b7854af3212c3613488cd969290
-
SHA1
c46e686a426eeaef004261cc37bc1a0438f15afc
-
SHA256
61c781b01dc729ca062cfa5fe0e94c8c9dcdf705ce618fe03bff74116df1582a
-
SHA512
7e4f5b03ad7d3ffcf2c8a024e9c67aa3bf5b46ce5c8d78ae43b21d5f6d7f142c74e78b1901a61f472f61241f7b115c9085f33d6c220bd1aebb6968e6b6c6cecf
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6Mu/ePS3AyXmcx:ymb3NkkiQ3mdBjFI46TQyXmcx
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\61c781b01dc729ca062cfa5fe0e94c8c9dcdf705ce618fe03bff74116df1582a.exe"C:\Users\Admin\AppData\Local\Temp\61c781b01dc729ca062cfa5fe0e94c8c9dcdf705ce618fe03bff74116df1582a.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\llxfrxl.exec:\llxfrxl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tntbb.exec:\1tntbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvvj.exec:\vpvvj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxlxlx.exec:\xxxlxlx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbnn.exec:\nhbbnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpjd.exec:\pvpjd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrrrr.exec:\rxxrrrr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bthnt.exec:\3bthnt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjp.exec:\pjpjp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddj.exec:\dvddj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlxfll.exec:\fxlxfll.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtntt.exec:\hbtntt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbnhn.exec:\thbnhn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdppv.exec:\pdppv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdjv.exec:\dvdjv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lxfllr.exec:\3lxfllr.exe17⤵
- Executes dropped EXE
-
\??\c:\hbtnbh.exec:\hbtnbh.exe18⤵
- Executes dropped EXE
-
\??\c:\5nbtbh.exec:\5nbtbh.exe19⤵
- Executes dropped EXE
-
\??\c:\pjvvj.exec:\pjvvj.exe20⤵
- Executes dropped EXE
-
\??\c:\pjpjj.exec:\pjpjj.exe21⤵
- Executes dropped EXE
-
\??\c:\rlflrrf.exec:\rlflrrf.exe22⤵
- Executes dropped EXE
-
\??\c:\nhnbht.exec:\nhnbht.exe23⤵
- Executes dropped EXE
-
\??\c:\vvpjv.exec:\vvpjv.exe24⤵
- Executes dropped EXE
-
\??\c:\dvpdp.exec:\dvpdp.exe25⤵
- Executes dropped EXE
-
\??\c:\rllxflx.exec:\rllxflx.exe26⤵
- Executes dropped EXE
-
\??\c:\bhnnht.exec:\bhnnht.exe27⤵
- Executes dropped EXE
-
\??\c:\vvdjp.exec:\vvdjp.exe28⤵
- Executes dropped EXE
-
\??\c:\vjjpv.exec:\vjjpv.exe29⤵
- Executes dropped EXE
-
\??\c:\9xffllr.exec:\9xffllr.exe30⤵
- Executes dropped EXE
-
\??\c:\bbbbnt.exec:\bbbbnt.exe31⤵
- Executes dropped EXE
-
\??\c:\jvjvd.exec:\jvjvd.exe32⤵
- Executes dropped EXE
-
\??\c:\1vjjd.exec:\1vjjd.exe33⤵
- Executes dropped EXE
-
\??\c:\xrflrrf.exec:\xrflrrf.exe34⤵
- Executes dropped EXE
-
\??\c:\fxrxlrf.exec:\fxrxlrf.exe35⤵
- Executes dropped EXE
-
\??\c:\nbhbhb.exec:\nbhbhb.exe36⤵
- Executes dropped EXE
-
\??\c:\nbhnnn.exec:\nbhnnn.exe37⤵
- Executes dropped EXE
-
\??\c:\dpdjp.exec:\dpdjp.exe38⤵
- Executes dropped EXE
-
\??\c:\vpppv.exec:\vpppv.exe39⤵
- Executes dropped EXE
-
\??\c:\vjvvj.exec:\vjvvj.exe40⤵
- Executes dropped EXE
-
\??\c:\3lrrlrx.exec:\3lrrlrx.exe41⤵
- Executes dropped EXE
-
\??\c:\rfxxfff.exec:\rfxxfff.exe42⤵
- Executes dropped EXE
-
\??\c:\7nbhhh.exec:\7nbhhh.exe43⤵
- Executes dropped EXE
-
\??\c:\bbnhhh.exec:\bbnhhh.exe44⤵
- Executes dropped EXE
-
\??\c:\5pdpj.exec:\5pdpj.exe45⤵
- Executes dropped EXE
-
\??\c:\jdvdj.exec:\jdvdj.exe46⤵
- Executes dropped EXE
-
\??\c:\7vpjd.exec:\7vpjd.exe47⤵
- Executes dropped EXE
-
\??\c:\lfllrxl.exec:\lfllrxl.exe48⤵
- Executes dropped EXE
-
\??\c:\9hbbhh.exec:\9hbbhh.exe49⤵
- Executes dropped EXE
-
\??\c:\9ttbnb.exec:\9ttbnb.exe50⤵
- Executes dropped EXE
-
\??\c:\dvjpd.exec:\dvjpd.exe51⤵
- Executes dropped EXE
-
\??\c:\jdvpv.exec:\jdvpv.exe52⤵
- Executes dropped EXE
-
\??\c:\lfrrrrx.exec:\lfrrrrx.exe53⤵
- Executes dropped EXE
-
\??\c:\fxfllrx.exec:\fxfllrx.exe54⤵
- Executes dropped EXE
-
\??\c:\bbnbth.exec:\bbnbth.exe55⤵
- Executes dropped EXE
-
\??\c:\9bbthh.exec:\9bbthh.exe56⤵
- Executes dropped EXE
-
\??\c:\dpvpj.exec:\dpvpj.exe57⤵
- Executes dropped EXE
-
\??\c:\1dvjp.exec:\1dvjp.exe58⤵
- Executes dropped EXE
-
\??\c:\rrflrrf.exec:\rrflrrf.exe59⤵
- Executes dropped EXE
-
\??\c:\frxxfxx.exec:\frxxfxx.exe60⤵
- Executes dropped EXE
-
\??\c:\3nbhnb.exec:\3nbhnb.exe61⤵
- Executes dropped EXE
-
\??\c:\btttbh.exec:\btttbh.exe62⤵
- Executes dropped EXE
-
\??\c:\pdpdv.exec:\pdpdv.exe63⤵
- Executes dropped EXE
-
\??\c:\jdjdv.exec:\jdjdv.exe64⤵
- Executes dropped EXE
-
\??\c:\3rllrrr.exec:\3rllrrr.exe65⤵
- Executes dropped EXE
-
\??\c:\ffffxlx.exec:\ffffxlx.exe66⤵
-
\??\c:\nhtnbb.exec:\nhtnbb.exe67⤵
-
\??\c:\hhthhn.exec:\hhthhn.exe68⤵
-
\??\c:\ddpvd.exec:\ddpvd.exe69⤵
-
\??\c:\llfxrxl.exec:\llfxrxl.exe70⤵
-
\??\c:\lxfrflf.exec:\lxfrflf.exe71⤵
-
\??\c:\5nntbn.exec:\5nntbn.exe72⤵
-
\??\c:\5ttnbt.exec:\5ttnbt.exe73⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe74⤵
-
\??\c:\1pjpv.exec:\1pjpv.exe75⤵
-
\??\c:\xxlrflx.exec:\xxlrflx.exe76⤵
-
\??\c:\3htttt.exec:\3htttt.exe77⤵
-
\??\c:\1hnhhb.exec:\1hnhhb.exe78⤵
-
\??\c:\pjjjp.exec:\pjjjp.exe79⤵
-
\??\c:\3pvjp.exec:\3pvjp.exe80⤵
-
\??\c:\3pjpp.exec:\3pjpp.exe81⤵
-
\??\c:\7xrrxrx.exec:\7xrrxrx.exe82⤵
-
\??\c:\tbhtnh.exec:\tbhtnh.exe83⤵
-
\??\c:\thtbnn.exec:\thtbnn.exe84⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe85⤵
-
\??\c:\1dddv.exec:\1dddv.exe86⤵
-
\??\c:\xlxfrxf.exec:\xlxfrxf.exe87⤵
-
\??\c:\rrllxxl.exec:\rrllxxl.exe88⤵
-
\??\c:\1hbhtt.exec:\1hbhtt.exe89⤵
-
\??\c:\bthhtt.exec:\bthhtt.exe90⤵
-
\??\c:\9jjjv.exec:\9jjjv.exe91⤵
-
\??\c:\lllfrxf.exec:\lllfrxf.exe92⤵
-
\??\c:\3rlllrf.exec:\3rlllrf.exe93⤵
-
\??\c:\nbbbhh.exec:\nbbbhh.exe94⤵
-
\??\c:\7tnntt.exec:\7tnntt.exe95⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe96⤵
-
\??\c:\dvvjd.exec:\dvvjd.exe97⤵
-
\??\c:\lfxxffl.exec:\lfxxffl.exe98⤵
-
\??\c:\rrfllfl.exec:\rrfllfl.exe99⤵
-
\??\c:\nbttbb.exec:\nbttbb.exe100⤵
-
\??\c:\nnbbhn.exec:\nnbbhn.exe101⤵
-
\??\c:\pdpvd.exec:\pdpvd.exe102⤵
-
\??\c:\dddpv.exec:\dddpv.exe103⤵
-
\??\c:\7xxxffl.exec:\7xxxffl.exe104⤵
-
\??\c:\lflrxfr.exec:\lflrxfr.exe105⤵
-
\??\c:\bbnbbh.exec:\bbnbbh.exe106⤵
-
\??\c:\nbntbh.exec:\nbntbh.exe107⤵
-
\??\c:\jddjv.exec:\jddjv.exe108⤵
-
\??\c:\pjjvj.exec:\pjjvj.exe109⤵
-
\??\c:\rlflfrl.exec:\rlflfrl.exe110⤵
-
\??\c:\ffrrrrx.exec:\ffrrrrx.exe111⤵
-
\??\c:\1thhnt.exec:\1thhnt.exe112⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe113⤵
-
\??\c:\ddvdd.exec:\ddvdd.exe114⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe115⤵
-
\??\c:\fxrxrxf.exec:\fxrxrxf.exe116⤵
-
\??\c:\rlrxxlr.exec:\rlrxxlr.exe117⤵
-
\??\c:\tntnbb.exec:\tntnbb.exe118⤵
-
\??\c:\bnhbbh.exec:\bnhbbh.exe119⤵
-
\??\c:\vjdjp.exec:\vjdjp.exe120⤵
-
\??\c:\3dvjj.exec:\3dvjj.exe121⤵
-
\??\c:\lxrxxff.exec:\lxrxxff.exe122⤵
-
\??\c:\1xxfllr.exec:\1xxfllr.exe123⤵
-
\??\c:\nhbtbh.exec:\nhbtbh.exe124⤵
-
\??\c:\htnnbb.exec:\htnnbb.exe125⤵
-
\??\c:\dddpv.exec:\dddpv.exe126⤵
-
\??\c:\7pjvd.exec:\7pjvd.exe127⤵
-
\??\c:\xrrlrrx.exec:\xrrlrrx.exe128⤵
-
\??\c:\7lflrrx.exec:\7lflrrx.exe129⤵
-
\??\c:\nnbntb.exec:\nnbntb.exe130⤵
-
\??\c:\3tnntt.exec:\3tnntt.exe131⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe132⤵
-
\??\c:\vvpdv.exec:\vvpdv.exe133⤵
-
\??\c:\lflfrlr.exec:\lflfrlr.exe134⤵
-
\??\c:\fxrxflx.exec:\fxrxflx.exe135⤵
-
\??\c:\ntbnbb.exec:\ntbnbb.exe136⤵
-
\??\c:\pjjpd.exec:\pjjpd.exe137⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe138⤵
-
\??\c:\rlxfllr.exec:\rlxfllr.exe139⤵
-
\??\c:\lfxxllx.exec:\lfxxllx.exe140⤵
-
\??\c:\htnntb.exec:\htnntb.exe141⤵
-
\??\c:\ttbtbt.exec:\ttbtbt.exe142⤵
-
\??\c:\vpjjj.exec:\vpjjj.exe143⤵
-
\??\c:\ppjpp.exec:\ppjpp.exe144⤵
-
\??\c:\1fflxlx.exec:\1fflxlx.exe145⤵
-
\??\c:\rrxxflx.exec:\rrxxflx.exe146⤵
-
\??\c:\thbbhb.exec:\thbbhb.exe147⤵
-
\??\c:\hhhthn.exec:\hhhthn.exe148⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe149⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe150⤵
-
\??\c:\5rlxxfl.exec:\5rlxxfl.exe151⤵
-
\??\c:\xrrrxrx.exec:\xrrrxrx.exe152⤵
-
\??\c:\tnhntt.exec:\tnhntt.exe153⤵
-
\??\c:\nhtttt.exec:\nhtttt.exe154⤵
-
\??\c:\9vpvj.exec:\9vpvj.exe155⤵
-
\??\c:\9pjjv.exec:\9pjjv.exe156⤵
-
\??\c:\5fxfflx.exec:\5fxfflx.exe157⤵
-
\??\c:\fxfflll.exec:\fxfflll.exe158⤵
-
\??\c:\bthnnt.exec:\bthnnt.exe159⤵
-
\??\c:\thbhnb.exec:\thbhnb.exe160⤵
-
\??\c:\ppvpp.exec:\ppvpp.exe161⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe162⤵
-
\??\c:\5flllrx.exec:\5flllrx.exe163⤵
-
\??\c:\fxxrlll.exec:\fxxrlll.exe164⤵
-
\??\c:\lxfffll.exec:\lxfffll.exe165⤵
-
\??\c:\tthbhb.exec:\tthbhb.exe166⤵
-
\??\c:\1hbbhn.exec:\1hbbhn.exe167⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe168⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe169⤵
-
\??\c:\3rxrrrx.exec:\3rxrrrx.exe170⤵
-
\??\c:\fxllrfr.exec:\fxllrfr.exe171⤵
-
\??\c:\bbtnth.exec:\bbtnth.exe172⤵
-
\??\c:\hnntbh.exec:\hnntbh.exe173⤵
-
\??\c:\pjdjj.exec:\pjdjj.exe174⤵
-
\??\c:\9vvpd.exec:\9vvpd.exe175⤵
-
\??\c:\dpddj.exec:\dpddj.exe176⤵
-
\??\c:\7rxflrx.exec:\7rxflrx.exe177⤵
-
\??\c:\frfffxl.exec:\frfffxl.exe178⤵
-
\??\c:\7btttt.exec:\7btttt.exe179⤵
-
\??\c:\btbhhn.exec:\btbhhn.exe180⤵
-
\??\c:\pdppd.exec:\pdppd.exe181⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe182⤵
-
\??\c:\lfxlrxx.exec:\lfxlrxx.exe183⤵
-
\??\c:\xrllrrf.exec:\xrllrrf.exe184⤵
-
\??\c:\bthtbh.exec:\bthtbh.exe185⤵
-
\??\c:\bnbbbh.exec:\bnbbbh.exe186⤵
-
\??\c:\3vpvv.exec:\3vpvv.exe187⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe188⤵
-
\??\c:\1lfrffl.exec:\1lfrffl.exe189⤵
-
\??\c:\lfflllx.exec:\lfflllx.exe190⤵
-
\??\c:\lfxfllr.exec:\lfxfllr.exe191⤵
-
\??\c:\7nbtbh.exec:\7nbtbh.exe192⤵
-
\??\c:\hhnbth.exec:\hhnbth.exe193⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe194⤵
-
\??\c:\3jpvj.exec:\3jpvj.exe195⤵
-
\??\c:\lxlfllx.exec:\lxlfllx.exe196⤵
-
\??\c:\rrllxxl.exec:\rrllxxl.exe197⤵
-
\??\c:\1bnhnt.exec:\1bnhnt.exe198⤵
-
\??\c:\5tnnhh.exec:\5tnnhh.exe199⤵
-
\??\c:\5ppdp.exec:\5ppdp.exe200⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe201⤵
-
\??\c:\xxxrrrl.exec:\xxxrrrl.exe202⤵
-
\??\c:\lrlxrxf.exec:\lrlxrxf.exe203⤵
-
\??\c:\tntbnn.exec:\tntbnn.exe204⤵
-
\??\c:\9lxxrlf.exec:\9lxxrlf.exe205⤵
-
\??\c:\tththb.exec:\tththb.exe206⤵
-
\??\c:\5hbhbt.exec:\5hbhbt.exe207⤵
-
\??\c:\9ddvj.exec:\9ddvj.exe208⤵
-
\??\c:\3pddd.exec:\3pddd.exe209⤵
-
\??\c:\nhtbbb.exec:\nhtbbb.exe210⤵
-
\??\c:\bthbtb.exec:\bthbtb.exe211⤵
-
\??\c:\bbnntt.exec:\bbnntt.exe212⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe213⤵
-
\??\c:\vjddp.exec:\vjddp.exe214⤵
-
\??\c:\fxlxrrx.exec:\fxlxrrx.exe215⤵
-
\??\c:\5lxfffl.exec:\5lxfffl.exe216⤵
-
\??\c:\btbthh.exec:\btbthh.exe217⤵
-
\??\c:\nhtthn.exec:\nhtthn.exe218⤵
-
\??\c:\dddjv.exec:\dddjv.exe219⤵
-
\??\c:\7dpdp.exec:\7dpdp.exe220⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe221⤵
-
\??\c:\7xrllrf.exec:\7xrllrf.exe222⤵
-
\??\c:\9rrxlrf.exec:\9rrxlrf.exe223⤵
-
\??\c:\nhnbbn.exec:\nhnbbn.exe224⤵
-
\??\c:\9htbhh.exec:\9htbhh.exe225⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe226⤵
-
\??\c:\1jjdj.exec:\1jjdj.exe227⤵
-
\??\c:\fxlxflx.exec:\fxlxflx.exe228⤵
-
\??\c:\xrlfllr.exec:\xrlfllr.exe229⤵
-
\??\c:\1xrxxfr.exec:\1xrxxfr.exe230⤵
-
\??\c:\3nhntt.exec:\3nhntt.exe231⤵
-
\??\c:\vpddd.exec:\vpddd.exe232⤵
-
\??\c:\1djdd.exec:\1djdd.exe233⤵
-
\??\c:\rfxxxxf.exec:\rfxxxxf.exe234⤵
-
\??\c:\lxrrrrx.exec:\lxrrrrx.exe235⤵
-
\??\c:\7thhnn.exec:\7thhnn.exe236⤵
-
\??\c:\hbhnth.exec:\hbhnth.exe237⤵
-
\??\c:\thbtbh.exec:\thbtbh.exe238⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe239⤵
-
\??\c:\vdvpv.exec:\vdvpv.exe240⤵
-
\??\c:\lfllxxf.exec:\lfllxxf.exe241⤵