Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
19-05-2024 10:42
General
-
Target
78c9ba651a59e549d579042341f942273ebbef1942e3b00cebcbda43389a6e89.exe
-
Size
440KB
-
MD5
0e30696faf2af47c270f0ea2e75f3960
-
SHA1
2cdab8659ccd4679da2efb27df740ac3b33b87dc
-
SHA256
78c9ba651a59e549d579042341f942273ebbef1942e3b00cebcbda43389a6e89
-
SHA512
e5f203d4b47016b71afaa4cb115985cbf5cd77cd4b0c15fe51038738109b509970e6a554f79731578b4c7a8ab857d60e4a8109bb33a7d027276b51999513f304
-
SSDEEP
12288:w4wFHoS9KxbNnidEhjEJd1kNpeUgI95yRoZHVaoJMOxFXnRV4PiGO0hUmHt:kKxbNndhjEJd1kNpeUgI95yRoZHgoJMX
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 37 IoCs
-
Malware Dropper & Backdoor - Berbew 32 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\78c9ba651a59e549d579042341f942273ebbef1942e3b00cebcbda43389a6e89.exe"C:\Users\Admin\AppData\Local\Temp\78c9ba651a59e549d579042341f942273ebbef1942e3b00cebcbda43389a6e89.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbnn.exec:\bbtbnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjjv.exec:\jpjjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrlrrf.exec:\lxrlrrf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nhhtb.exec:\1nhhtb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppdp.exec:\pppdp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflrrlr.exec:\xflrrlr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjd.exec:\pjpjd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flflrxr.exec:\flflrxr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdj.exec:\vvjdj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jdpv.exec:\7jdpv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfxrrx.exec:\frfxrrx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrfrfr.exec:\xrrfrfr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tbtbh.exec:\3tbtbh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rrlxfl.exec:\9rrlxfl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jvjv.exec:\1jvjv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrxffr.exec:\rrrxffr.exe17⤵
- Executes dropped EXE
-
\??\c:\tnhhtt.exec:\tnhhtt.exe18⤵
- Executes dropped EXE
-
\??\c:\jjdjv.exec:\jjdjv.exe19⤵
- Executes dropped EXE
-
\??\c:\lrrfrfx.exec:\lrrfrfx.exe20⤵
- Executes dropped EXE
-
\??\c:\hbbtbh.exec:\hbbtbh.exe21⤵
- Executes dropped EXE
-
\??\c:\9thhtt.exec:\9thhtt.exe22⤵
- Executes dropped EXE
-
\??\c:\pjppv.exec:\pjppv.exe23⤵
- Executes dropped EXE
-
\??\c:\tbthtb.exec:\tbthtb.exe24⤵
- Executes dropped EXE
-
\??\c:\jpjjv.exec:\jpjjv.exe25⤵
- Executes dropped EXE
-
\??\c:\hbttbb.exec:\hbttbb.exe26⤵
- Executes dropped EXE
-
\??\c:\jjddp.exec:\jjddp.exe27⤵
- Executes dropped EXE
-
\??\c:\bnbbhh.exec:\bnbbhh.exe28⤵
- Executes dropped EXE
-
\??\c:\7vpvd.exec:\7vpvd.exe29⤵
- Executes dropped EXE
-
\??\c:\llfxlfr.exec:\llfxlfr.exe30⤵
- Executes dropped EXE
-
\??\c:\nhbbnt.exec:\nhbbnt.exe31⤵
- Executes dropped EXE
-
\??\c:\frlrflx.exec:\frlrflx.exe32⤵
- Executes dropped EXE
-
\??\c:\lfxxllr.exec:\lfxxllr.exe33⤵
- Executes dropped EXE
-
\??\c:\jdvdj.exec:\jdvdj.exe34⤵
- Executes dropped EXE
-
\??\c:\rlxxffl.exec:\rlxxffl.exe35⤵
- Executes dropped EXE
-
\??\c:\lxrxffr.exec:\lxrxffr.exe36⤵
- Executes dropped EXE
-
\??\c:\hbthtt.exec:\hbthtt.exe37⤵
- Executes dropped EXE
-
\??\c:\jdddp.exec:\jdddp.exe38⤵
- Executes dropped EXE
-
\??\c:\9ffrffr.exec:\9ffrffr.exe39⤵
- Executes dropped EXE
-
\??\c:\fxrrflx.exec:\fxrrflx.exe40⤵
- Executes dropped EXE
-
\??\c:\bnbhtt.exec:\bnbhtt.exe41⤵
- Executes dropped EXE
-
\??\c:\1jpdd.exec:\1jpdd.exe42⤵
- Executes dropped EXE
-
\??\c:\9vjvd.exec:\9vjvd.exe43⤵
- Executes dropped EXE
-
\??\c:\lfrxflr.exec:\lfrxflr.exe44⤵
- Executes dropped EXE
-
\??\c:\hhtbnt.exec:\hhtbnt.exe45⤵
- Executes dropped EXE
-
\??\c:\jdvdp.exec:\jdvdp.exe46⤵
- Executes dropped EXE
-
\??\c:\frlllrx.exec:\frlllrx.exe47⤵
- Executes dropped EXE
-
\??\c:\9httbb.exec:\9httbb.exe48⤵
- Executes dropped EXE
-
\??\c:\nhbbnh.exec:\nhbbnh.exe49⤵
- Executes dropped EXE
-
\??\c:\ddvdv.exec:\ddvdv.exe50⤵
- Executes dropped EXE
-
\??\c:\rrlxflx.exec:\rrlxflx.exe51⤵
- Executes dropped EXE
-
\??\c:\btnbtb.exec:\btnbtb.exe52⤵
- Executes dropped EXE
-
\??\c:\nnhbhh.exec:\nnhbhh.exe53⤵
- Executes dropped EXE
-
\??\c:\5dddj.exec:\5dddj.exe54⤵
- Executes dropped EXE
-
\??\c:\lfxlxfr.exec:\lfxlxfr.exe55⤵
- Executes dropped EXE
-
\??\c:\xlxflrf.exec:\xlxflrf.exe56⤵
- Executes dropped EXE
-
\??\c:\nnhbnb.exec:\nnhbnb.exe57⤵
- Executes dropped EXE
-
\??\c:\1vpvp.exec:\1vpvp.exe58⤵
- Executes dropped EXE
-
\??\c:\xxlxrxl.exec:\xxlxrxl.exe59⤵
- Executes dropped EXE
-
\??\c:\xrlrxfl.exec:\xrlrxfl.exe60⤵
- Executes dropped EXE
-
\??\c:\tnhhnn.exec:\tnhhnn.exe61⤵
- Executes dropped EXE
-
\??\c:\pjdjp.exec:\pjdjp.exe62⤵
- Executes dropped EXE
-
\??\c:\rfxrrxx.exec:\rfxrrxx.exe63⤵
- Executes dropped EXE
-
\??\c:\7lflrxf.exec:\7lflrxf.exe64⤵
- Executes dropped EXE
-
\??\c:\bthnbh.exec:\bthnbh.exe65⤵
- Executes dropped EXE
-
\??\c:\7pddd.exec:\7pddd.exe66⤵
-
\??\c:\3fffrrf.exec:\3fffrrf.exe67⤵
-
\??\c:\xrffrxl.exec:\xrffrxl.exe68⤵
-
\??\c:\nbntbb.exec:\nbntbb.exe69⤵
-
\??\c:\1jjdj.exec:\1jjdj.exe70⤵
-
\??\c:\pjjpd.exec:\pjjpd.exe71⤵
-
\??\c:\fxfrrxl.exec:\fxfrrxl.exe72⤵
-
\??\c:\3bhnnt.exec:\3bhnnt.exe73⤵
-
\??\c:\bhbhtt.exec:\bhbhtt.exe74⤵
-
\??\c:\ppjdp.exec:\ppjdp.exe75⤵
-
\??\c:\rfflxxr.exec:\rfflxxr.exe76⤵
-
\??\c:\hthbhb.exec:\hthbhb.exe77⤵
-
\??\c:\jpddp.exec:\jpddp.exe78⤵
-
\??\c:\llfrxfx.exec:\llfrxfx.exe79⤵
-
\??\c:\xlxllfl.exec:\xlxllfl.exe80⤵
-
\??\c:\bbntbt.exec:\bbntbt.exe81⤵
-
\??\c:\pjdjd.exec:\pjdjd.exe82⤵
-
\??\c:\jvppv.exec:\jvppv.exe83⤵
-
\??\c:\lfxlrxr.exec:\lfxlrxr.exe84⤵
-
\??\c:\5tbntt.exec:\5tbntt.exe85⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe86⤵
-
\??\c:\xlflrrf.exec:\xlflrrf.exe87⤵
-
\??\c:\9btbhh.exec:\9btbhh.exe88⤵
-
\??\c:\nnbhnt.exec:\nnbhnt.exe89⤵
-
\??\c:\3ppdv.exec:\3ppdv.exe90⤵
-
\??\c:\7xrxrrf.exec:\7xrxrrf.exe91⤵
-
\??\c:\htnnhh.exec:\htnnhh.exe92⤵
-
\??\c:\pvvjp.exec:\pvvjp.exe93⤵
-
\??\c:\fxrxflf.exec:\fxrxflf.exe94⤵
-
\??\c:\rllrlrl.exec:\rllrlrl.exe95⤵
-
\??\c:\hbnnhn.exec:\hbnnhn.exe96⤵
-
\??\c:\3jvdp.exec:\3jvdp.exe97⤵
-
\??\c:\lfrrxfl.exec:\lfrrxfl.exe98⤵
-
\??\c:\rlxrxfr.exec:\rlxrxfr.exe99⤵
-
\??\c:\hbthth.exec:\hbthth.exe100⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe101⤵
-
\??\c:\pdpdp.exec:\pdpdp.exe102⤵
-
\??\c:\xrffrrx.exec:\xrffrrx.exe103⤵
-
\??\c:\tttthn.exec:\tttthn.exe104⤵
-
\??\c:\nhbnbh.exec:\nhbnbh.exe105⤵
-
\??\c:\jddpv.exec:\jddpv.exe106⤵
-
\??\c:\fxrffxl.exec:\fxrffxl.exe107⤵
-
\??\c:\9nbbhh.exec:\9nbbhh.exe108⤵
-
\??\c:\7nhhnt.exec:\7nhhnt.exe109⤵
-
\??\c:\pdjpv.exec:\pdjpv.exe110⤵
-
\??\c:\rffrxxf.exec:\rffrxxf.exe111⤵
-
\??\c:\ttnntb.exec:\ttnntb.exe112⤵
-
\??\c:\nhtbhh.exec:\nhtbhh.exe113⤵
-
\??\c:\dpddj.exec:\dpddj.exe114⤵
-
\??\c:\9llxlrl.exec:\9llxlrl.exe115⤵
-
\??\c:\hbhnbb.exec:\hbhnbb.exe116⤵
-
\??\c:\fxlrllx.exec:\fxlrllx.exe117⤵
-
\??\c:\hbttbh.exec:\hbttbh.exe118⤵
-
\??\c:\nhbhtb.exec:\nhbhtb.exe119⤵
-
\??\c:\rrrxllr.exec:\rrrxllr.exe120⤵
-
\??\c:\9rlrxxl.exec:\9rlrxxl.exe121⤵
-
\??\c:\9tntnn.exec:\9tntnn.exe122⤵
-
\??\c:\jvjpd.exec:\jvjpd.exe123⤵
-
\??\c:\jdvdd.exec:\jdvdd.exe124⤵
-
\??\c:\5lxxxff.exec:\5lxxxff.exe125⤵
-
\??\c:\5fffllr.exec:\5fffllr.exe126⤵
-
\??\c:\nbnbhb.exec:\nbnbhb.exe127⤵
-
\??\c:\9pjvd.exec:\9pjvd.exe128⤵
-
\??\c:\llflrxl.exec:\llflrxl.exe129⤵
-
\??\c:\lfrflrf.exec:\lfrflrf.exe130⤵
-
\??\c:\httbnn.exec:\httbnn.exe131⤵
-
\??\c:\vpvjp.exec:\vpvjp.exe132⤵
-
\??\c:\vdpjp.exec:\vdpjp.exe133⤵
-
\??\c:\rflrxrx.exec:\rflrxrx.exe134⤵
-
\??\c:\5xxxfff.exec:\5xxxfff.exe135⤵
-
\??\c:\hnhntt.exec:\hnhntt.exe136⤵
-
\??\c:\1djpv.exec:\1djpv.exe137⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe138⤵
-
\??\c:\ffxxffr.exec:\ffxxffr.exe139⤵
-
\??\c:\nhtbnt.exec:\nhtbnt.exe140⤵
-
\??\c:\nnhbbb.exec:\nnhbbb.exe141⤵
-
\??\c:\pdpvd.exec:\pdpvd.exe142⤵
-
\??\c:\7rllxfl.exec:\7rllxfl.exe143⤵
-
\??\c:\thbbhn.exec:\thbbhn.exe144⤵
-
\??\c:\nbthnt.exec:\nbthnt.exe145⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe146⤵
-
\??\c:\jjdjp.exec:\jjdjp.exe147⤵
-
\??\c:\5fxfllx.exec:\5fxfllx.exe148⤵
-
\??\c:\1ttthn.exec:\1ttthn.exe149⤵
-
\??\c:\htnttb.exec:\htnttb.exe150⤵
-
\??\c:\7vvvd.exec:\7vvvd.exe151⤵
-
\??\c:\llfrflr.exec:\llfrflr.exe152⤵
-
\??\c:\xrllxxl.exec:\xrllxxl.exe153⤵
-
\??\c:\ntthbh.exec:\ntthbh.exe154⤵
-
\??\c:\jdjvv.exec:\jdjvv.exe155⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe156⤵
-
\??\c:\rllrxxf.exec:\rllrxxf.exe157⤵
-
\??\c:\rlxxllx.exec:\rlxxllx.exe158⤵
-
\??\c:\bthhhn.exec:\bthhhn.exe159⤵
-
\??\c:\jdddj.exec:\jdddj.exe160⤵
-
\??\c:\5dvvd.exec:\5dvvd.exe161⤵
-
\??\c:\5rxxlrx.exec:\5rxxlrx.exe162⤵
-
\??\c:\9btthh.exec:\9btthh.exe163⤵
-
\??\c:\htnbhn.exec:\htnbhn.exe164⤵
-
\??\c:\3jjvd.exec:\3jjvd.exe165⤵
-
\??\c:\xlfrxfr.exec:\xlfrxfr.exe166⤵
-
\??\c:\xrffrrf.exec:\xrffrrf.exe167⤵
-
\??\c:\tnbhnn.exec:\tnbhnn.exe168⤵
-
\??\c:\vjvdd.exec:\vjvdd.exe169⤵
-
\??\c:\3vvdj.exec:\3vvdj.exe170⤵
-
\??\c:\xrrxflx.exec:\xrrxflx.exe171⤵
-
\??\c:\5btbhh.exec:\5btbhh.exe172⤵
-
\??\c:\9bhntb.exec:\9bhntb.exe173⤵
-
\??\c:\vvpvd.exec:\vvpvd.exe174⤵
-
\??\c:\rfrxffl.exec:\rfrxffl.exe175⤵
-
\??\c:\9fxfrrf.exec:\9fxfrrf.exe176⤵
-
\??\c:\tbnhbn.exec:\tbnhbn.exe177⤵
-
\??\c:\jjjvd.exec:\jjjvd.exe178⤵
-
\??\c:\dppdd.exec:\dppdd.exe179⤵
-
\??\c:\rrrflxl.exec:\rrrflxl.exe180⤵
-
\??\c:\llffrrf.exec:\llffrrf.exe181⤵
-
\??\c:\tnnhtt.exec:\tnnhtt.exe182⤵
-
\??\c:\pjdvd.exec:\pjdvd.exe183⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe184⤵
-
\??\c:\ffxfllx.exec:\ffxfllx.exe185⤵
-
\??\c:\tbbhbn.exec:\tbbhbn.exe186⤵
-
\??\c:\tnbnhh.exec:\tnbnhh.exe187⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe188⤵
-
\??\c:\1rffrxl.exec:\1rffrxl.exe189⤵
-
\??\c:\rrlrllf.exec:\rrlrllf.exe190⤵
-
\??\c:\ttntbh.exec:\ttntbh.exe191⤵
-
\??\c:\nbtbhh.exec:\nbtbhh.exe192⤵
-
\??\c:\ddvjv.exec:\ddvjv.exe193⤵
-
\??\c:\1bnnhn.exec:\1bnnhn.exe194⤵
-
\??\c:\bnhhnn.exec:\bnhhnn.exe195⤵
-
\??\c:\vjvdd.exec:\vjvdd.exe196⤵
-
\??\c:\5frxllr.exec:\5frxllr.exe197⤵
-
\??\c:\3lrrlrf.exec:\3lrrlrf.exe198⤵
-
\??\c:\thbntt.exec:\thbntt.exe199⤵
-
\??\c:\vjppv.exec:\vjppv.exe200⤵
-
\??\c:\pjjvd.exec:\pjjvd.exe201⤵
-
\??\c:\xxrflrf.exec:\xxrflrf.exe202⤵
-
\??\c:\rfxlrrf.exec:\rfxlrrf.exe203⤵
-
\??\c:\thhbnt.exec:\thhbnt.exe204⤵
-
\??\c:\vjddj.exec:\vjddj.exe205⤵
-
\??\c:\fxrrffl.exec:\fxrrffl.exe206⤵
-
\??\c:\7nnthh.exec:\7nnthh.exe207⤵
-
\??\c:\nbthnn.exec:\nbthnn.exe208⤵
-
\??\c:\vvpvj.exec:\vvpvj.exe209⤵
-
\??\c:\lrlrflr.exec:\lrlrflr.exe210⤵
-
\??\c:\9xlrrxl.exec:\9xlrrxl.exe211⤵
-
\??\c:\nnnhbh.exec:\nnnhbh.exe212⤵
-
\??\c:\pjddj.exec:\pjddj.exe213⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe214⤵
-
\??\c:\lxrrrxf.exec:\lxrrrxf.exe215⤵
-
\??\c:\tnhtbh.exec:\tnhtbh.exe216⤵
-
\??\c:\bnhnnn.exec:\bnhnnn.exe217⤵
-
\??\c:\djdvj.exec:\djdvj.exe218⤵
-
\??\c:\xrrrllx.exec:\xrrrllx.exe219⤵
-
\??\c:\3htntt.exec:\3htntt.exe220⤵
-
\??\c:\nbhnbh.exec:\nbhnbh.exe221⤵
-
\??\c:\pjpdp.exec:\pjpdp.exe222⤵
-
\??\c:\pdvjp.exec:\pdvjp.exe223⤵
-
\??\c:\rlfrxfx.exec:\rlfrxfx.exe224⤵
-
\??\c:\tnhnbh.exec:\tnhnbh.exe225⤵
-
\??\c:\nntntn.exec:\nntntn.exe226⤵
-
\??\c:\7jpjv.exec:\7jpjv.exe227⤵
-
\??\c:\xxrxlfl.exec:\xxrxlfl.exe228⤵
-
\??\c:\flrrxrf.exec:\flrrxrf.exe229⤵
-
\??\c:\hbbhbh.exec:\hbbhbh.exe230⤵
-
\??\c:\3djvj.exec:\3djvj.exe231⤵
-
\??\c:\vjdjv.exec:\vjdjv.exe232⤵
-
\??\c:\rrrfxfx.exec:\rrrfxfx.exe233⤵
-
\??\c:\bbtbnb.exec:\bbtbnb.exe234⤵
-
\??\c:\nthhnn.exec:\nthhnn.exe235⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe236⤵
-
\??\c:\3rfrlrx.exec:\3rfrlrx.exe237⤵
-
\??\c:\9rlrxxx.exec:\9rlrxxx.exe238⤵
-
\??\c:\tnnbhh.exec:\tnnbhh.exe239⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe240⤵
-
\??\c:\5pvdj.exec:\5pvdj.exe241⤵