Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
19-05-2024 10:36
General
-
Target
6c035b3b7df743cc179f723060852c524ad0fd1c2eb594d0dc033860b2578060.exe
-
Size
74KB
-
MD5
0bc22e0eaaccefea20c16c45f787a250
-
SHA1
fa671e0c1f34fdc8bc37e79470051b8d217b2f98
-
SHA256
6c035b3b7df743cc179f723060852c524ad0fd1c2eb594d0dc033860b2578060
-
SHA512
be2b8bbd90d628cff3a2a8efe28ee2e849502607dff391f540c62bcb6ed612818250cbddf455941e722f561c767f58cc0a3faf4da3ce7e18c7748914e29f8f77
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIfv7+afCD+QsQbKQPV790638y:ymb3NkkiQ3mdBjFIfvTfCD+HlQgVy
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6c035b3b7df743cc179f723060852c524ad0fd1c2eb594d0dc033860b2578060.exe"C:\Users\Admin\AppData\Local\Temp\6c035b3b7df743cc179f723060852c524ad0fd1c2eb594d0dc033860b2578060.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nntbbn.exec:\nntbbn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvp.exec:\pjdvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjpj.exec:\vpjpj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfffll.exec:\xxfffll.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxfffx.exec:\flxfffx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhhhn.exec:\tbhhhn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvvv.exec:\jdvvv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrrflf.exec:\xxrrflf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbtt.exec:\nhbbtt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddd.exec:\vpddd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddv.exec:\dvddv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthbhn.exec:\tthbhn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbbtt.exec:\bhbbtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdj.exec:\vvjdj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllrlll.exec:\rllrlll.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tbbtt.exec:\3tbbtt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhnhh.exec:\thhnhh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvjj.exec:\jvvjj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllxxff.exec:\xllxxff.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbtnt.exec:\thbtnt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbtt.exec:\hhhbtt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddddp.exec:\ddddp.exe23⤵
- Executes dropped EXE
-
\??\c:\xrxxxxr.exec:\xrxxxxr.exe24⤵
- Executes dropped EXE
-
\??\c:\tbbbtt.exec:\tbbbtt.exe25⤵
- Executes dropped EXE
-
\??\c:\ddpjv.exec:\ddpjv.exe26⤵
- Executes dropped EXE
-
\??\c:\pddjj.exec:\pddjj.exe27⤵
- Executes dropped EXE
-
\??\c:\fflxxxx.exec:\fflxxxx.exe28⤵
- Executes dropped EXE
-
\??\c:\fxlflll.exec:\fxlflll.exe29⤵
- Executes dropped EXE
-
\??\c:\tbbtbb.exec:\tbbtbb.exe30⤵
- Executes dropped EXE
-
\??\c:\5ppjv.exec:\5ppjv.exe31⤵
- Executes dropped EXE
-
\??\c:\5xxrrxr.exec:\5xxrrxr.exe32⤵
- Executes dropped EXE
-
\??\c:\rlffxxr.exec:\rlffxxr.exe33⤵
- Executes dropped EXE
-
\??\c:\nbtnhb.exec:\nbtnhb.exe34⤵
- Executes dropped EXE
-
\??\c:\3vjdj.exec:\3vjdj.exe35⤵
- Executes dropped EXE
-
\??\c:\ppjjd.exec:\ppjjd.exe36⤵
- Executes dropped EXE
-
\??\c:\3fxrfrr.exec:\3fxrfrr.exe37⤵
- Executes dropped EXE
-
\??\c:\fxrlffx.exec:\fxrlffx.exe38⤵
- Executes dropped EXE
-
\??\c:\nhnnhh.exec:\nhnnhh.exe39⤵
- Executes dropped EXE
-
\??\c:\1bbbtt.exec:\1bbbtt.exe40⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe41⤵
- Executes dropped EXE
-
\??\c:\3ppjd.exec:\3ppjd.exe42⤵
- Executes dropped EXE
-
\??\c:\lxllxrr.exec:\lxllxrr.exe43⤵
- Executes dropped EXE
-
\??\c:\xxrrxrl.exec:\xxrrxrl.exe44⤵
- Executes dropped EXE
-
\??\c:\nhhbtn.exec:\nhhbtn.exe45⤵
- Executes dropped EXE
-
\??\c:\hbhbtn.exec:\hbhbtn.exe46⤵
- Executes dropped EXE
-
\??\c:\5vvpj.exec:\5vvpj.exe47⤵
- Executes dropped EXE
-
\??\c:\xflxfrx.exec:\xflxfrx.exe48⤵
- Executes dropped EXE
-
\??\c:\1ffxrxr.exec:\1ffxrxr.exe49⤵
- Executes dropped EXE
-
\??\c:\hbhhhh.exec:\hbhhhh.exe50⤵
- Executes dropped EXE
-
\??\c:\1pvpd.exec:\1pvpd.exe51⤵
- Executes dropped EXE
-
\??\c:\pdjjp.exec:\pdjjp.exe52⤵
- Executes dropped EXE
-
\??\c:\3lxrllf.exec:\3lxrllf.exe53⤵
- Executes dropped EXE
-
\??\c:\rrfflxl.exec:\rrfflxl.exe54⤵
- Executes dropped EXE
-
\??\c:\bnhbbt.exec:\bnhbbt.exe55⤵
- Executes dropped EXE
-
\??\c:\hntbhb.exec:\hntbhb.exe56⤵
- Executes dropped EXE
-
\??\c:\9pjdv.exec:\9pjdv.exe57⤵
- Executes dropped EXE
-
\??\c:\dvddd.exec:\dvddd.exe58⤵
- Executes dropped EXE
-
\??\c:\fxlxrlf.exec:\fxlxrlf.exe59⤵
- Executes dropped EXE
-
\??\c:\htthbb.exec:\htthbb.exe60⤵
- Executes dropped EXE
-
\??\c:\nnhtnh.exec:\nnhtnh.exe61⤵
- Executes dropped EXE
-
\??\c:\ddpjp.exec:\ddpjp.exe62⤵
- Executes dropped EXE
-
\??\c:\lxllffx.exec:\lxllffx.exe63⤵
- Executes dropped EXE
-
\??\c:\fxffllr.exec:\fxffllr.exe64⤵
- Executes dropped EXE
-
\??\c:\7bttnh.exec:\7bttnh.exe65⤵
- Executes dropped EXE
-
\??\c:\thtnnn.exec:\thtnnn.exe66⤵
-
\??\c:\5nhtnn.exec:\5nhtnn.exe67⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe68⤵
-
\??\c:\jddpj.exec:\jddpj.exe69⤵
-
\??\c:\lfrrxfl.exec:\lfrrxfl.exe70⤵
-
\??\c:\7xffflf.exec:\7xffflf.exe71⤵
-
\??\c:\lffxxxr.exec:\lffxxxr.exe72⤵
-
\??\c:\tnhbtn.exec:\tnhbtn.exe73⤵
-
\??\c:\7dpjj.exec:\7dpjj.exe74⤵
-
\??\c:\3jpjv.exec:\3jpjv.exe75⤵
-
\??\c:\xfllfxx.exec:\xfllfxx.exe76⤵
-
\??\c:\1lffxrr.exec:\1lffxrr.exe77⤵
-
\??\c:\hbhbtn.exec:\hbhbtn.exe78⤵
-
\??\c:\9nnbbt.exec:\9nnbbt.exe79⤵
-
\??\c:\ddvpd.exec:\ddvpd.exe80⤵
-
\??\c:\vvppd.exec:\vvppd.exe81⤵
-
\??\c:\frxlxxf.exec:\frxlxxf.exe82⤵
-
\??\c:\lxlfxxx.exec:\lxlfxxx.exe83⤵
-
\??\c:\7hnnnn.exec:\7hnnnn.exe84⤵
-
\??\c:\nhbtnn.exec:\nhbtnn.exe85⤵
-
\??\c:\7jpjd.exec:\7jpjd.exe86⤵
-
\??\c:\fxrrlfx.exec:\fxrrlfx.exe87⤵
-
\??\c:\llxfrlf.exec:\llxfrlf.exe88⤵
-
\??\c:\nhbtnh.exec:\nhbtnh.exe89⤵
-
\??\c:\btbttn.exec:\btbttn.exe90⤵
-
\??\c:\vvvjv.exec:\vvvjv.exe91⤵
-
\??\c:\fllfxrr.exec:\fllfxrr.exe92⤵
-
\??\c:\hhbtnn.exec:\hhbtnn.exe93⤵
-
\??\c:\ttbnth.exec:\ttbnth.exe94⤵
-
\??\c:\1djdd.exec:\1djdd.exe95⤵
-
\??\c:\pddjv.exec:\pddjv.exe96⤵
-
\??\c:\rlfllfr.exec:\rlfllfr.exe97⤵
-
\??\c:\lrlrrll.exec:\lrlrrll.exe98⤵
-
\??\c:\nhhhbh.exec:\nhhhbh.exe99⤵
-
\??\c:\3tthnn.exec:\3tthnn.exe100⤵
-
\??\c:\pddjv.exec:\pddjv.exe101⤵
-
\??\c:\xrrfrff.exec:\xrrfrff.exe102⤵
-
\??\c:\nthhbb.exec:\nthhbb.exe103⤵
-
\??\c:\tbnthb.exec:\tbnthb.exe104⤵
-
\??\c:\jpvpd.exec:\jpvpd.exe105⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe106⤵
-
\??\c:\7fffxlf.exec:\7fffxlf.exe107⤵
-
\??\c:\1ffffll.exec:\1ffffll.exe108⤵
-
\??\c:\bbhnhh.exec:\bbhnhh.exe109⤵
-
\??\c:\nhhhbb.exec:\nhhhbb.exe110⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe111⤵
-
\??\c:\jvpvp.exec:\jvpvp.exe112⤵
-
\??\c:\frrrllf.exec:\frrrllf.exe113⤵
-
\??\c:\lfrrlll.exec:\lfrrlll.exe114⤵
-
\??\c:\3nnhbb.exec:\3nnhbb.exe115⤵
-
\??\c:\nthhhh.exec:\nthhhh.exe116⤵
-
\??\c:\ppjvp.exec:\ppjvp.exe117⤵
-
\??\c:\jpdpp.exec:\jpdpp.exe118⤵
-
\??\c:\xlrrlll.exec:\xlrrlll.exe119⤵
-
\??\c:\fxxrffl.exec:\fxxrffl.exe120⤵
-
\??\c:\9nnhbb.exec:\9nnhbb.exe121⤵
-
\??\c:\bttnbb.exec:\bttnbb.exe122⤵
-
\??\c:\vvppd.exec:\vvppd.exe123⤵
-
\??\c:\1jpjd.exec:\1jpjd.exe124⤵
-
\??\c:\rrxxrxr.exec:\rrxxrxr.exe125⤵
-
\??\c:\fllrxfr.exec:\fllrxfr.exe126⤵
-
\??\c:\nnbbtt.exec:\nnbbtt.exe127⤵
-
\??\c:\hthhth.exec:\hthhth.exe128⤵
-
\??\c:\vppvv.exec:\vppvv.exe129⤵
-
\??\c:\ddjjp.exec:\ddjjp.exe130⤵
-
\??\c:\xrrlffx.exec:\xrrlffx.exe131⤵
-
\??\c:\frrfxrl.exec:\frrfxrl.exe132⤵
-
\??\c:\nhnnbt.exec:\nhnnbt.exe133⤵
-
\??\c:\hnnbth.exec:\hnnbth.exe134⤵
-
\??\c:\pdvdd.exec:\pdvdd.exe135⤵
-
\??\c:\9ppdv.exec:\9ppdv.exe136⤵
-
\??\c:\llrxflr.exec:\llrxflr.exe137⤵
-
\??\c:\tnntnt.exec:\tnntnt.exe138⤵
-
\??\c:\tbhbbb.exec:\tbhbbb.exe139⤵
-
\??\c:\dppdp.exec:\dppdp.exe140⤵
-
\??\c:\pvjdv.exec:\pvjdv.exe141⤵
-
\??\c:\frlfxxl.exec:\frlfxxl.exe142⤵
-
\??\c:\5flllrr.exec:\5flllrr.exe143⤵
-
\??\c:\lrffxrl.exec:\lrffxrl.exe144⤵
-
\??\c:\9fffxxr.exec:\9fffxxr.exe145⤵
-
\??\c:\9nhbbt.exec:\9nhbbt.exe146⤵
-
\??\c:\9btnbb.exec:\9btnbb.exe147⤵
-
\??\c:\5pjvp.exec:\5pjvp.exe148⤵
-
\??\c:\pdjvv.exec:\pdjvv.exe149⤵
-
\??\c:\1ntnbb.exec:\1ntnbb.exe150⤵
-
\??\c:\1tnhtn.exec:\1tnhtn.exe151⤵
-
\??\c:\ppdvp.exec:\ppdvp.exe152⤵
-
\??\c:\jvvjd.exec:\jvvjd.exe153⤵
-
\??\c:\rlrlffr.exec:\rlrlffr.exe154⤵
-
\??\c:\rffxrlx.exec:\rffxrlx.exe155⤵
-
\??\c:\tntntt.exec:\tntntt.exe156⤵
-
\??\c:\bthbtt.exec:\bthbtt.exe157⤵
-
\??\c:\dpjdj.exec:\dpjdj.exe158⤵
-
\??\c:\vdvdd.exec:\vdvdd.exe159⤵
-
\??\c:\rxlllll.exec:\rxlllll.exe160⤵
-
\??\c:\lxrlxrr.exec:\lxrlxrr.exe161⤵
-
\??\c:\tnttbt.exec:\tnttbt.exe162⤵
-
\??\c:\ntnhth.exec:\ntnhth.exe163⤵
-
\??\c:\1pjvp.exec:\1pjvp.exe164⤵
-
\??\c:\1djvd.exec:\1djvd.exe165⤵
-
\??\c:\dpdpd.exec:\dpdpd.exe166⤵
-
\??\c:\lxlxrfx.exec:\lxlxrfx.exe167⤵
-
\??\c:\frlfxxr.exec:\frlfxxr.exe168⤵
-
\??\c:\5thbhh.exec:\5thbhh.exe169⤵
-
\??\c:\vdvdp.exec:\vdvdp.exe170⤵
-
\??\c:\djddp.exec:\djddp.exe171⤵
-
\??\c:\7pdpp.exec:\7pdpp.exe172⤵
-
\??\c:\7xrfllf.exec:\7xrfllf.exe173⤵
-
\??\c:\flfxrrl.exec:\flfxrrl.exe174⤵
-
\??\c:\7nhbnn.exec:\7nhbnn.exe175⤵
-
\??\c:\1vvvp.exec:\1vvvp.exe176⤵
-
\??\c:\dddvv.exec:\dddvv.exe177⤵
-
\??\c:\fxlfxfr.exec:\fxlfxfr.exe178⤵
-
\??\c:\9xxxrxr.exec:\9xxxrxr.exe179⤵
-
\??\c:\5nbtnh.exec:\5nbtnh.exe180⤵
-
\??\c:\nhbbnt.exec:\nhbbnt.exe181⤵
-
\??\c:\pddvd.exec:\pddvd.exe182⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe183⤵
-
\??\c:\fxrflfl.exec:\fxrflfl.exe184⤵
-
\??\c:\xlrllxr.exec:\xlrllxr.exe185⤵
-
\??\c:\hbtnhb.exec:\hbtnhb.exe186⤵
-
\??\c:\9hbhbt.exec:\9hbhbt.exe187⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe188⤵
-
\??\c:\7ddjj.exec:\7ddjj.exe189⤵
-
\??\c:\rlxlfrf.exec:\rlxlfrf.exe190⤵
-
\??\c:\fflrllx.exec:\fflrllx.exe191⤵
-
\??\c:\bnhbtn.exec:\bnhbtn.exe192⤵
-
\??\c:\pppjd.exec:\pppjd.exe193⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe194⤵
-
\??\c:\xxxxrlx.exec:\xxxxrlx.exe195⤵
-
\??\c:\bntttb.exec:\bntttb.exe196⤵
-
\??\c:\7thnnn.exec:\7thnnn.exe197⤵
-
\??\c:\hhnnbn.exec:\hhnnbn.exe198⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe199⤵
-
\??\c:\pppjp.exec:\pppjp.exe200⤵
-
\??\c:\rxxxlrl.exec:\rxxxlrl.exe201⤵
-
\??\c:\tttthb.exec:\tttthb.exe202⤵
-
\??\c:\tbhhbb.exec:\tbhhbb.exe203⤵
-
\??\c:\5jjdj.exec:\5jjdj.exe204⤵
-
\??\c:\3vvjj.exec:\3vvjj.exe205⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe206⤵
-
\??\c:\7xrlffx.exec:\7xrlffx.exe207⤵
-
\??\c:\xxrrrff.exec:\xxrrrff.exe208⤵
-
\??\c:\btnbbt.exec:\btnbbt.exe209⤵
-
\??\c:\hbbbtt.exec:\hbbbtt.exe210⤵
-
\??\c:\jjdpp.exec:\jjdpp.exe211⤵
-
\??\c:\rlrlrrf.exec:\rlrlrrf.exe212⤵
-
\??\c:\nhhhhh.exec:\nhhhhh.exe213⤵
-
\??\c:\jjppp.exec:\jjppp.exe214⤵
-
\??\c:\hhtnnh.exec:\hhtnnh.exe215⤵
-
\??\c:\hbbthh.exec:\hbbthh.exe216⤵
-
\??\c:\lxrlxrl.exec:\lxrlxrl.exe217⤵
-
\??\c:\pjjjj.exec:\pjjjj.exe218⤵
-
\??\c:\lrlrlfr.exec:\lrlrlfr.exe219⤵
-
\??\c:\hnbnhb.exec:\hnbnhb.exe220⤵
-
\??\c:\jjddp.exec:\jjddp.exe221⤵
-
\??\c:\pdvjv.exec:\pdvjv.exe222⤵
-
\??\c:\fflffxr.exec:\fflffxr.exe223⤵
-
\??\c:\hthbtt.exec:\hthbtt.exe224⤵
-
\??\c:\tbhnhh.exec:\tbhnhh.exe225⤵
-
\??\c:\vpvpv.exec:\vpvpv.exe226⤵
-
\??\c:\vjppj.exec:\vjppj.exe227⤵
-
\??\c:\xrfrxlx.exec:\xrfrxlx.exe228⤵
-
\??\c:\xffxrrf.exec:\xffxrrf.exe229⤵
-
\??\c:\nbnhbt.exec:\nbnhbt.exe230⤵
-
\??\c:\tnbtnn.exec:\tnbtnn.exe231⤵
-
\??\c:\jddpj.exec:\jddpj.exe232⤵
-
\??\c:\xxlxfxl.exec:\xxlxfxl.exe233⤵
-
\??\c:\nhhbtn.exec:\nhhbtn.exe234⤵
-
\??\c:\tbhnbh.exec:\tbhnbh.exe235⤵
-
\??\c:\vvddv.exec:\vvddv.exe236⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe237⤵
-
\??\c:\5xxxrrr.exec:\5xxxrrr.exe238⤵
-
\??\c:\htnnhh.exec:\htnnhh.exe239⤵
-
\??\c:\hhbntt.exec:\hhbntt.exe240⤵
-
\??\c:\pjddv.exec:\pjddv.exe241⤵