Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
19-05-2024 10:39
General
-
Target
73c0baaae752addd26288324a52fa6521f1d97f2d556f3bd1ecc51c4e36833ec.exe
-
Size
67KB
-
MD5
ccd52c6dfd02d57fb0ef7741e1a24510
-
SHA1
103a8c9753059bd92788fc804fcf2d1e013b7217
-
SHA256
73c0baaae752addd26288324a52fa6521f1d97f2d556f3bd1ecc51c4e36833ec
-
SHA512
207f6507d8e327d96cfbeb281f74d3026496a6d6157c67f913c2ccde71300cdea25393282c1b1b467ff42a47bb8348384c0deb79282bc8c6c2ffef6629d209f1
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFdJUDbAIaS:ymb3NkkiQ3mdBjFIFdJ8bP
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\73c0baaae752addd26288324a52fa6521f1d97f2d556f3bd1ecc51c4e36833ec.exe"C:\Users\Admin\AppData\Local\Temp\73c0baaae752addd26288324a52fa6521f1d97f2d556f3bd1ecc51c4e36833ec.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1nthhb.exec:\1nthhb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvv.exec:\pjdvv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvv.exec:\jdpvv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dvdj.exec:\7dvdj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ttnnt.exec:\9ttnnt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhbbb.exec:\bnhbbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrflrfr.exec:\xrflrfr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlffxx.exec:\lxlffxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bhhnn.exec:\3bhhnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnbbn.exec:\tnnbbn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdjp.exec:\dvdjp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xlrxxl.exec:\5xlrxxl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fflrxx.exec:\9fflrxx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbhnt.exec:\nnbhnt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntnnh.exec:\tntnnh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jppj.exec:\7jppj.exe17⤵
- Executes dropped EXE
-
\??\c:\1lxxfxx.exec:\1lxxfxx.exe18⤵
- Executes dropped EXE
-
\??\c:\3fllfxl.exec:\3fllfxl.exe19⤵
- Executes dropped EXE
-
\??\c:\nhntbh.exec:\nhntbh.exe20⤵
- Executes dropped EXE
-
\??\c:\tnbhht.exec:\tnbhht.exe21⤵
- Executes dropped EXE
-
\??\c:\3vjpp.exec:\3vjpp.exe22⤵
- Executes dropped EXE
-
\??\c:\jvjvv.exec:\jvjvv.exe23⤵
- Executes dropped EXE
-
\??\c:\xlrlllr.exec:\xlrlllr.exe24⤵
- Executes dropped EXE
-
\??\c:\rrxlrlr.exec:\rrxlrlr.exe25⤵
- Executes dropped EXE
-
\??\c:\nbnthn.exec:\nbnthn.exe26⤵
- Executes dropped EXE
-
\??\c:\dvvvp.exec:\dvvvp.exe27⤵
- Executes dropped EXE
-
\??\c:\fxfxlrx.exec:\fxfxlrx.exe28⤵
- Executes dropped EXE
-
\??\c:\xlxllxr.exec:\xlxllxr.exe29⤵
- Executes dropped EXE
-
\??\c:\5bnhbt.exec:\5bnhbt.exe30⤵
- Executes dropped EXE
-
\??\c:\nbnnnn.exec:\nbnnnn.exe31⤵
- Executes dropped EXE
-
\??\c:\vjdvv.exec:\vjdvv.exe32⤵
- Executes dropped EXE
-
\??\c:\lxlxflx.exec:\lxlxflx.exe33⤵
- Executes dropped EXE
-
\??\c:\fxrxfrl.exec:\fxrxfrl.exe34⤵
- Executes dropped EXE
-
\??\c:\9hnbbt.exec:\9hnbbt.exe35⤵
- Executes dropped EXE
-
\??\c:\vvjpv.exec:\vvjpv.exe36⤵
- Executes dropped EXE
-
\??\c:\jvppp.exec:\jvppp.exe37⤵
- Executes dropped EXE
-
\??\c:\fxrxfrr.exec:\fxrxfrr.exe38⤵
- Executes dropped EXE
-
\??\c:\9rlrrrf.exec:\9rlrrrf.exe39⤵
- Executes dropped EXE
-
\??\c:\hbhhhn.exec:\hbhhhn.exe40⤵
- Executes dropped EXE
-
\??\c:\hthbhh.exec:\hthbhh.exe41⤵
- Executes dropped EXE
-
\??\c:\vvjdv.exec:\vvjdv.exe42⤵
- Executes dropped EXE
-
\??\c:\pjvvd.exec:\pjvvd.exe43⤵
- Executes dropped EXE
-
\??\c:\1fxfrxf.exec:\1fxfrxf.exe44⤵
- Executes dropped EXE
-
\??\c:\frllllf.exec:\frllllf.exe45⤵
- Executes dropped EXE
-
\??\c:\9nhhhh.exec:\9nhhhh.exe46⤵
- Executes dropped EXE
-
\??\c:\thnttb.exec:\thnttb.exe47⤵
- Executes dropped EXE
-
\??\c:\dvpvv.exec:\dvpvv.exe48⤵
- Executes dropped EXE
-
\??\c:\3jvvv.exec:\3jvvv.exe49⤵
- Executes dropped EXE
-
\??\c:\1lfflrr.exec:\1lfflrr.exe50⤵
- Executes dropped EXE
-
\??\c:\rfxxfrx.exec:\rfxxfrx.exe51⤵
- Executes dropped EXE
-
\??\c:\nbtbhh.exec:\nbtbhh.exe52⤵
- Executes dropped EXE
-
\??\c:\dvjjv.exec:\dvjjv.exe53⤵
- Executes dropped EXE
-
\??\c:\dpvdv.exec:\dpvdv.exe54⤵
- Executes dropped EXE
-
\??\c:\5rlxfxl.exec:\5rlxfxl.exe55⤵
- Executes dropped EXE
-
\??\c:\xrllllr.exec:\xrllllr.exe56⤵
- Executes dropped EXE
-
\??\c:\7thhnn.exec:\7thhnn.exe57⤵
- Executes dropped EXE
-
\??\c:\tnhnnn.exec:\tnhnnn.exe58⤵
- Executes dropped EXE
-
\??\c:\bthhtn.exec:\bthhtn.exe59⤵
- Executes dropped EXE
-
\??\c:\7vppj.exec:\7vppj.exe60⤵
- Executes dropped EXE
-
\??\c:\vjjjd.exec:\vjjjd.exe61⤵
- Executes dropped EXE
-
\??\c:\xrflrxf.exec:\xrflrxf.exe62⤵
- Executes dropped EXE
-
\??\c:\fflrflr.exec:\fflrflr.exe63⤵
- Executes dropped EXE
-
\??\c:\tbtbtb.exec:\tbtbtb.exe64⤵
- Executes dropped EXE
-
\??\c:\hbbhnt.exec:\hbbhnt.exe65⤵
- Executes dropped EXE
-
\??\c:\jvppp.exec:\jvppp.exe66⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe67⤵
-
\??\c:\5rlxxrx.exec:\5rlxxrx.exe68⤵
-
\??\c:\5xxlxrf.exec:\5xxlxrf.exe69⤵
-
\??\c:\3hntbb.exec:\3hntbb.exe70⤵
-
\??\c:\bthhnt.exec:\bthhnt.exe71⤵
-
\??\c:\7dpdj.exec:\7dpdj.exe72⤵
-
\??\c:\dpddd.exec:\dpddd.exe73⤵
-
\??\c:\fxllrxr.exec:\fxllrxr.exe74⤵
-
\??\c:\rlrflrx.exec:\rlrflrx.exe75⤵
-
\??\c:\nntttt.exec:\nntttt.exe76⤵
-
\??\c:\tnbhbh.exec:\tnbhbh.exe77⤵
-
\??\c:\1vddj.exec:\1vddj.exe78⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe79⤵
-
\??\c:\7lfffxf.exec:\7lfffxf.exe80⤵
-
\??\c:\1fflrxf.exec:\1fflrxf.exe81⤵
-
\??\c:\7tnbbb.exec:\7tnbbb.exe82⤵
-
\??\c:\hbhhnt.exec:\hbhhnt.exe83⤵
-
\??\c:\7dpvv.exec:\7dpvv.exe84⤵
-
\??\c:\vjppd.exec:\vjppd.exe85⤵
-
\??\c:\xlrlrlr.exec:\xlrlrlr.exe86⤵
-
\??\c:\5xlxffr.exec:\5xlxffr.exe87⤵
-
\??\c:\tnnbnn.exec:\tnnbnn.exe88⤵
-
\??\c:\hbnhnn.exec:\hbnhnn.exe89⤵
-
\??\c:\thnnnn.exec:\thnnnn.exe90⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe91⤵
-
\??\c:\9dpdd.exec:\9dpdd.exe92⤵
-
\??\c:\rlllrrx.exec:\rlllrrx.exe93⤵
-
\??\c:\1lfrlrx.exec:\1lfrlrx.exe94⤵
-
\??\c:\hbhhnn.exec:\hbhhnn.exe95⤵
-
\??\c:\hbthnn.exec:\hbthnn.exe96⤵
-
\??\c:\pjjpv.exec:\pjjpv.exe97⤵
-
\??\c:\vjvdd.exec:\vjvdd.exe98⤵
-
\??\c:\pjpvp.exec:\pjpvp.exe99⤵
-
\??\c:\xrxxffl.exec:\xrxxffl.exe100⤵
-
\??\c:\rlrxlfl.exec:\rlrxlfl.exe101⤵
-
\??\c:\nhbbnn.exec:\nhbbnn.exe102⤵
-
\??\c:\5tnnhn.exec:\5tnnhn.exe103⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe104⤵
-
\??\c:\5pdjp.exec:\5pdjp.exe105⤵
-
\??\c:\lfrlllr.exec:\lfrlllr.exe106⤵
-
\??\c:\lxlrxff.exec:\lxlrxff.exe107⤵
-
\??\c:\1bnhhb.exec:\1bnhhb.exe108⤵
-
\??\c:\tttnbh.exec:\tttnbh.exe109⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe110⤵
-
\??\c:\jvvvv.exec:\jvvvv.exe111⤵
-
\??\c:\rlrlrrf.exec:\rlrlrrf.exe112⤵
-
\??\c:\frfxxrl.exec:\frfxxrl.exe113⤵
-
\??\c:\thbbbt.exec:\thbbbt.exe114⤵
-
\??\c:\7bthnt.exec:\7bthnt.exe115⤵
-
\??\c:\hhbbhh.exec:\hhbbhh.exe116⤵
-
\??\c:\5jjjj.exec:\5jjjj.exe117⤵
-
\??\c:\3jvvd.exec:\3jvvd.exe118⤵
-
\??\c:\lfxfllr.exec:\lfxfllr.exe119⤵
-
\??\c:\ffrxllr.exec:\ffrxllr.exe120⤵
-
\??\c:\btnthn.exec:\btnthn.exe121⤵
-
\??\c:\nhhbhn.exec:\nhhbhn.exe122⤵
-
\??\c:\pdpvv.exec:\pdpvv.exe123⤵
-
\??\c:\pdvvj.exec:\pdvvj.exe124⤵
-
\??\c:\lxlffll.exec:\lxlffll.exe125⤵
-
\??\c:\rlxxlrl.exec:\rlxxlrl.exe126⤵
-
\??\c:\xxxflrf.exec:\xxxflrf.exe127⤵
-
\??\c:\tnbttb.exec:\tnbttb.exe128⤵
-
\??\c:\btthnt.exec:\btthnt.exe129⤵
-
\??\c:\jjvpp.exec:\jjvpp.exe130⤵
-
\??\c:\1jdvd.exec:\1jdvd.exe131⤵
-
\??\c:\rfllrxf.exec:\rfllrxf.exe132⤵
-
\??\c:\rfrrxxf.exec:\rfrrxxf.exe133⤵
-
\??\c:\htnntb.exec:\htnntb.exe134⤵
-
\??\c:\hbhnbh.exec:\hbhnbh.exe135⤵
-
\??\c:\jvjjj.exec:\jvjjj.exe136⤵
-
\??\c:\pjjvj.exec:\pjjvj.exe137⤵
-
\??\c:\9pdpp.exec:\9pdpp.exe138⤵
-
\??\c:\lfrxffl.exec:\lfrxffl.exe139⤵
-
\??\c:\frxxxxl.exec:\frxxxxl.exe140⤵
-
\??\c:\nbnnnn.exec:\nbnnnn.exe141⤵
-
\??\c:\7httnh.exec:\7httnh.exe142⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe143⤵
-
\??\c:\vjddp.exec:\vjddp.exe144⤵
-
\??\c:\rlxfrrf.exec:\rlxfrrf.exe145⤵
-
\??\c:\rrllrxf.exec:\rrllrxf.exe146⤵
-
\??\c:\xrlxxxr.exec:\xrlxxxr.exe147⤵
-
\??\c:\bnbnbb.exec:\bnbnbb.exe148⤵
-
\??\c:\hbnhtn.exec:\hbnhtn.exe149⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe150⤵
-
\??\c:\jdvpv.exec:\jdvpv.exe151⤵
-
\??\c:\9rrlllf.exec:\9rrlllf.exe152⤵
-
\??\c:\7xffrrx.exec:\7xffrrx.exe153⤵
-
\??\c:\ntthtn.exec:\ntthtn.exe154⤵
-
\??\c:\7htnbb.exec:\7htnbb.exe155⤵
-
\??\c:\jdppv.exec:\jdppv.exe156⤵
-
\??\c:\pjjpj.exec:\pjjpj.exe157⤵
-
\??\c:\3frlfff.exec:\3frlfff.exe158⤵
-
\??\c:\rlfffxl.exec:\rlfffxl.exe159⤵
-
\??\c:\rffxxxl.exec:\rffxxxl.exe160⤵
-
\??\c:\tnbbnn.exec:\tnbbnn.exe161⤵
-
\??\c:\5tbhnb.exec:\5tbhnb.exe162⤵
-
\??\c:\pjjpv.exec:\pjjpv.exe163⤵
-
\??\c:\pdvjj.exec:\pdvjj.exe164⤵
-
\??\c:\lflflfr.exec:\lflflfr.exe165⤵
-
\??\c:\rrrrffl.exec:\rrrrffl.exe166⤵
-
\??\c:\btbhtt.exec:\btbhtt.exe167⤵
-
\??\c:\nbttbh.exec:\nbttbh.exe168⤵
-
\??\c:\5vdvv.exec:\5vdvv.exe169⤵
-
\??\c:\3jvjd.exec:\3jvjd.exe170⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe171⤵
-
\??\c:\xrlrrxx.exec:\xrlrrxx.exe172⤵
-
\??\c:\5rllxxr.exec:\5rllxxr.exe173⤵
-
\??\c:\9tbnnn.exec:\9tbnnn.exe174⤵
-
\??\c:\bthntt.exec:\bthntt.exe175⤵
-
\??\c:\pjjjj.exec:\pjjjj.exe176⤵
-
\??\c:\1dppp.exec:\1dppp.exe177⤵
-
\??\c:\frlffff.exec:\frlffff.exe178⤵
-
\??\c:\1llrrrr.exec:\1llrrrr.exe179⤵
-
\??\c:\nbtttt.exec:\nbtttt.exe180⤵
-
\??\c:\btbhhn.exec:\btbhhn.exe181⤵
-
\??\c:\jddvd.exec:\jddvd.exe182⤵
-
\??\c:\ppvvd.exec:\ppvvd.exe183⤵
-
\??\c:\lxxfxfr.exec:\lxxfxfr.exe184⤵
-
\??\c:\1flffff.exec:\1flffff.exe185⤵
-
\??\c:\btbnbh.exec:\btbnbh.exe186⤵
-
\??\c:\1bnbhb.exec:\1bnbhb.exe187⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe188⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe189⤵
-
\??\c:\5pddp.exec:\5pddp.exe190⤵
-
\??\c:\dpddj.exec:\dpddj.exe191⤵
-
\??\c:\jvppj.exec:\jvppj.exe192⤵
-
\??\c:\fxlxflr.exec:\fxlxflr.exe193⤵
-
\??\c:\7lfflfl.exec:\7lfflfl.exe194⤵
-
\??\c:\fxxlflf.exec:\fxxlflf.exe195⤵
-
\??\c:\hbbbbb.exec:\hbbbbb.exe196⤵
-
\??\c:\nhnbhn.exec:\nhnbhn.exe197⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe198⤵
-
\??\c:\1dpvp.exec:\1dpvp.exe199⤵
-
\??\c:\fxrlrff.exec:\fxrlrff.exe200⤵
-
\??\c:\fxrllll.exec:\fxrllll.exe201⤵
-
\??\c:\tnbbnt.exec:\tnbbnt.exe202⤵
-
\??\c:\thbhnh.exec:\thbhnh.exe203⤵
-
\??\c:\dvjvv.exec:\dvjvv.exe204⤵
-
\??\c:\3dvdp.exec:\3dvdp.exe205⤵
-
\??\c:\fxlrrlr.exec:\fxlrrlr.exe206⤵
-
\??\c:\lfrfxxr.exec:\lfrfxxr.exe207⤵
-
\??\c:\tnbbbb.exec:\tnbbbb.exe208⤵
-
\??\c:\5bnbhh.exec:\5bnbhh.exe209⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe210⤵
-
\??\c:\3dvdd.exec:\3dvdd.exe211⤵
-
\??\c:\frflllx.exec:\frflllx.exe212⤵
-
\??\c:\rfrxxfx.exec:\rfrxxfx.exe213⤵
-
\??\c:\thhntn.exec:\thhntn.exe214⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe215⤵
-
\??\c:\pjppd.exec:\pjppd.exe216⤵
-
\??\c:\rlflxxx.exec:\rlflxxx.exe217⤵
-
\??\c:\rlflxfx.exec:\rlflxfx.exe218⤵
-
\??\c:\thtbbb.exec:\thtbbb.exe219⤵
-
\??\c:\hbbnhb.exec:\hbbnhb.exe220⤵
-
\??\c:\jdpdj.exec:\jdpdj.exe221⤵
-
\??\c:\pvvpp.exec:\pvvpp.exe222⤵
-
\??\c:\frflffl.exec:\frflffl.exe223⤵
-
\??\c:\jddjj.exec:\jddjj.exe224⤵
-
\??\c:\jvppp.exec:\jvppp.exe225⤵
-
\??\c:\5xlllrf.exec:\5xlllrf.exe226⤵
-
\??\c:\xrlxxxl.exec:\xrlxxxl.exe227⤵
-
\??\c:\hhnhnt.exec:\hhnhnt.exe228⤵
-
\??\c:\bthhnt.exec:\bthhnt.exe229⤵
-
\??\c:\vppdj.exec:\vppdj.exe230⤵
-
\??\c:\pddjp.exec:\pddjp.exe231⤵
-
\??\c:\jvppp.exec:\jvppp.exe232⤵
-
\??\c:\xrrxlxr.exec:\xrrxlxr.exe233⤵
-
\??\c:\9rlffff.exec:\9rlffff.exe234⤵
-
\??\c:\nhtttt.exec:\nhtttt.exe235⤵
-
\??\c:\3btbhh.exec:\3btbhh.exe236⤵
-
\??\c:\vjvjp.exec:\vjvjp.exe237⤵
-
\??\c:\dpvvj.exec:\dpvvj.exe238⤵
-
\??\c:\7frxlll.exec:\7frxlll.exe239⤵
-
\??\c:\3xlxxxl.exec:\3xlxxxl.exe240⤵
-
\??\c:\htttbb.exec:\htttbb.exe241⤵