Analysis
-
max time kernel
150s -
max time network
110s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
19-05-2024 10:48
General
-
Target
84d1963cdef0996a7b20a8f4b092ba7a33f02326f753317865f3640105e6a2e9.exe
-
Size
94KB
-
MD5
15aabe3ce919ebcbef36d032cd0d35c0
-
SHA1
deccf6316d3023b3bb23d3db50ec3f25e3f50c7b
-
SHA256
84d1963cdef0996a7b20a8f4b092ba7a33f02326f753317865f3640105e6a2e9
-
SHA512
cf5da920146eabf6b78dc3e83bbe079f42a78a0f8b021a0ac52842731e307cc00bd6a704f5a33f5935f2a80c2793c92e2505657ce7137403813a35723b7d0d5d
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIkpi+qP1hvZo66Ox4oq2SQwfTQ5:ymb3NkkiQ3mdBjFIj+qNhvZuHQY05
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\84d1963cdef0996a7b20a8f4b092ba7a33f02326f753317865f3640105e6a2e9.exe"C:\Users\Admin\AppData\Local\Temp\84d1963cdef0996a7b20a8f4b092ba7a33f02326f753317865f3640105e6a2e9.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvdv.exec:\vpvdv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnbnn.exec:\ntnbnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnhtn.exec:\htnhtn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflxlfx.exec:\rflxlfx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrlxrl.exec:\lxrlxrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnht.exec:\bttnht.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvvj.exec:\jpvvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpd.exec:\jvvpd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xrlffr.exec:\7xrlffr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbbh.exec:\nbhbbh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjd.exec:\pjdjd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlxrl.exec:\fxrlxrl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nhbbn.exec:\5nhbbn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnhhh.exec:\hnnhhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdj.exec:\vpjdj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxxrrl.exec:\ffxxrrl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbthb.exec:\hbbthb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnhhb.exec:\htnhhb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppp.exec:\pjppp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflrlfx.exec:\fflrlfx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhhbb.exec:\thhhbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppddv.exec:\ppddv.exe23⤵
- Executes dropped EXE
-
\??\c:\pddvj.exec:\pddvj.exe24⤵
- Executes dropped EXE
-
\??\c:\lfrlfxr.exec:\lfrlfxr.exe25⤵
- Executes dropped EXE
-
\??\c:\rxlfxrl.exec:\rxlfxrl.exe26⤵
- Executes dropped EXE
-
\??\c:\nhhbbb.exec:\nhhbbb.exe27⤵
- Executes dropped EXE
-
\??\c:\vpvpd.exec:\vpvpd.exe28⤵
- Executes dropped EXE
-
\??\c:\9lxrffx.exec:\9lxrffx.exe29⤵
- Executes dropped EXE
-
\??\c:\nnntnt.exec:\nnntnt.exe30⤵
- Executes dropped EXE
-
\??\c:\vvppd.exec:\vvppd.exe31⤵
- Executes dropped EXE
-
\??\c:\xfrlxfr.exec:\xfrlxfr.exe32⤵
- Executes dropped EXE
-
\??\c:\rrxxrxf.exec:\rrxxrxf.exe33⤵
- Executes dropped EXE
-
\??\c:\httthh.exec:\httthh.exe34⤵
- Executes dropped EXE
-
\??\c:\bhbbtn.exec:\bhbbtn.exe35⤵
- Executes dropped EXE
-
\??\c:\pjdpd.exec:\pjdpd.exe36⤵
- Executes dropped EXE
-
\??\c:\lfxlflf.exec:\lfxlflf.exe37⤵
- Executes dropped EXE
-
\??\c:\lflrrff.exec:\lflrrff.exe38⤵
- Executes dropped EXE
-
\??\c:\dpjjd.exec:\dpjjd.exe39⤵
- Executes dropped EXE
-
\??\c:\pjjdp.exec:\pjjdp.exe40⤵
- Executes dropped EXE
-
\??\c:\xlrlflf.exec:\xlrlflf.exe41⤵
- Executes dropped EXE
-
\??\c:\tthhnn.exec:\tthhnn.exe42⤵
- Executes dropped EXE
-
\??\c:\hhnttb.exec:\hhnttb.exe43⤵
- Executes dropped EXE
-
\??\c:\dvddj.exec:\dvddj.exe44⤵
- Executes dropped EXE
-
\??\c:\lfxlxrl.exec:\lfxlxrl.exe45⤵
- Executes dropped EXE
-
\??\c:\tbhbnn.exec:\tbhbnn.exe46⤵
- Executes dropped EXE
-
\??\c:\9pvpv.exec:\9pvpv.exe47⤵
- Executes dropped EXE
-
\??\c:\9djdp.exec:\9djdp.exe48⤵
- Executes dropped EXE
-
\??\c:\xlxrrrl.exec:\xlxrrrl.exe49⤵
- Executes dropped EXE
-
\??\c:\xfxrrll.exec:\xfxrrll.exe50⤵
- Executes dropped EXE
-
\??\c:\1ttnhh.exec:\1ttnhh.exe51⤵
- Executes dropped EXE
-
\??\c:\ddvpj.exec:\ddvpj.exe52⤵
- Executes dropped EXE
-
\??\c:\xxfrfll.exec:\xxfrfll.exe53⤵
- Executes dropped EXE
-
\??\c:\1xxlfff.exec:\1xxlfff.exe54⤵
- Executes dropped EXE
-
\??\c:\nbnnnh.exec:\nbnnnh.exe55⤵
- Executes dropped EXE
-
\??\c:\htttbb.exec:\htttbb.exe56⤵
- Executes dropped EXE
-
\??\c:\djvpj.exec:\djvpj.exe57⤵
- Executes dropped EXE
-
\??\c:\xffxrlf.exec:\xffxrlf.exe58⤵
- Executes dropped EXE
-
\??\c:\7lfxrrl.exec:\7lfxrrl.exe59⤵
- Executes dropped EXE
-
\??\c:\bhbhbh.exec:\bhbhbh.exe60⤵
- Executes dropped EXE
-
\??\c:\hnnbtn.exec:\hnnbtn.exe61⤵
- Executes dropped EXE
-
\??\c:\dddvj.exec:\dddvj.exe62⤵
- Executes dropped EXE
-
\??\c:\dvvjd.exec:\dvvjd.exe63⤵
- Executes dropped EXE
-
\??\c:\xrlflfl.exec:\xrlflfl.exe64⤵
- Executes dropped EXE
-
\??\c:\flrlllf.exec:\flrlllf.exe65⤵
- Executes dropped EXE
-
\??\c:\btbttn.exec:\btbttn.exe66⤵
-
\??\c:\bhnbtn.exec:\bhnbtn.exe67⤵
-
\??\c:\pddvp.exec:\pddvp.exe68⤵
-
\??\c:\jddvd.exec:\jddvd.exe69⤵
-
\??\c:\9lxrxxf.exec:\9lxrxxf.exe70⤵
-
\??\c:\lxfxrrl.exec:\lxfxrrl.exe71⤵
-
\??\c:\5nhbth.exec:\5nhbth.exe72⤵
-
\??\c:\nbbbbt.exec:\nbbbbt.exe73⤵
-
\??\c:\3ppjv.exec:\3ppjv.exe74⤵
-
\??\c:\9llfrll.exec:\9llfrll.exe75⤵
-
\??\c:\bnnhhb.exec:\bnnhhb.exe76⤵
-
\??\c:\nnbnnb.exec:\nnbnnb.exe77⤵
-
\??\c:\3jvpd.exec:\3jvpd.exe78⤵
-
\??\c:\xrxrrrr.exec:\xrxrrrr.exe79⤵
-
\??\c:\1rlxrfr.exec:\1rlxrfr.exe80⤵
-
\??\c:\lllxrrr.exec:\lllxrrr.exe81⤵
-
\??\c:\hhhhht.exec:\hhhhht.exe82⤵
-
\??\c:\jdddp.exec:\jdddp.exe83⤵
-
\??\c:\fxrrxxx.exec:\fxrrxxx.exe84⤵
-
\??\c:\llrrrrr.exec:\llrrrrr.exe85⤵
-
\??\c:\nnntnn.exec:\nnntnn.exe86⤵
-
\??\c:\ddvdv.exec:\ddvdv.exe87⤵
-
\??\c:\rrllfll.exec:\rrllfll.exe88⤵
-
\??\c:\1ffffff.exec:\1ffffff.exe89⤵
-
\??\c:\7thhnt.exec:\7thhnt.exe90⤵
-
\??\c:\bbhhbb.exec:\bbhhbb.exe91⤵
-
\??\c:\dpjpj.exec:\dpjpj.exe92⤵
-
\??\c:\flllllr.exec:\flllllr.exe93⤵
-
\??\c:\3xxxxxr.exec:\3xxxxxr.exe94⤵
-
\??\c:\nnttnt.exec:\nnttnt.exe95⤵
-
\??\c:\hnbtbb.exec:\hnbtbb.exe96⤵
-
\??\c:\ddjdd.exec:\ddjdd.exe97⤵
-
\??\c:\ppdvv.exec:\ppdvv.exe98⤵
-
\??\c:\flfxrxr.exec:\flfxrxr.exe99⤵
-
\??\c:\frfrxff.exec:\frfrxff.exe100⤵
-
\??\c:\ntbhhn.exec:\ntbhhn.exe101⤵
-
\??\c:\hthhtn.exec:\hthhtn.exe102⤵
-
\??\c:\pvddd.exec:\pvddd.exe103⤵
-
\??\c:\djpvv.exec:\djpvv.exe104⤵
-
\??\c:\3rfxrrr.exec:\3rfxrrr.exe105⤵
-
\??\c:\rlrlrxx.exec:\rlrlrxx.exe106⤵
-
\??\c:\hnntnt.exec:\hnntnt.exe107⤵
-
\??\c:\nbhbbb.exec:\nbhbbb.exe108⤵
-
\??\c:\1hnhnt.exec:\1hnhnt.exe109⤵
-
\??\c:\ddjdv.exec:\ddjdv.exe110⤵
-
\??\c:\ddddv.exec:\ddddv.exe111⤵
-
\??\c:\rrxrlrl.exec:\rrxrlrl.exe112⤵
-
\??\c:\fxfxrxx.exec:\fxfxrxx.exe113⤵
-
\??\c:\3thhbh.exec:\3thhbh.exe114⤵
-
\??\c:\tbnnhn.exec:\tbnnhn.exe115⤵
-
\??\c:\dddvd.exec:\dddvd.exe116⤵
-
\??\c:\pvdjj.exec:\pvdjj.exe117⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe118⤵
-
\??\c:\xllffff.exec:\xllffff.exe119⤵
-
\??\c:\lfllffx.exec:\lfllffx.exe120⤵
-
\??\c:\tbntnt.exec:\tbntnt.exe121⤵
-
\??\c:\1nthbh.exec:\1nthbh.exe122⤵
-
\??\c:\vpvdp.exec:\vpvdp.exe123⤵
-
\??\c:\pppjd.exec:\pppjd.exe124⤵
-
\??\c:\pvppp.exec:\pvppp.exe125⤵
-
\??\c:\fxxrrlf.exec:\fxxrrlf.exe126⤵
-
\??\c:\flxxxxf.exec:\flxxxxf.exe127⤵
-
\??\c:\3hnttb.exec:\3hnttb.exe128⤵
-
\??\c:\bnttnt.exec:\bnttnt.exe129⤵
-
\??\c:\jdddv.exec:\jdddv.exe130⤵
-
\??\c:\ppvjj.exec:\ppvjj.exe131⤵
-
\??\c:\xxrlffl.exec:\xxrlffl.exe132⤵
-
\??\c:\7xrrrxx.exec:\7xrrrxx.exe133⤵
-
\??\c:\rfxxxxx.exec:\rfxxxxx.exe134⤵
-
\??\c:\5thnnb.exec:\5thnnb.exe135⤵
-
\??\c:\tbhhnn.exec:\tbhhnn.exe136⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe137⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe138⤵
-
\??\c:\xlrrlll.exec:\xlrrlll.exe139⤵
-
\??\c:\rlfxrlx.exec:\rlfxrlx.exe140⤵
-
\??\c:\djdvp.exec:\djdvp.exe141⤵
-
\??\c:\llrxfrx.exec:\llrxfrx.exe142⤵
-
\??\c:\rflllll.exec:\rflllll.exe143⤵
-
\??\c:\3bhhbb.exec:\3bhhbb.exe144⤵
-
\??\c:\hntttt.exec:\hntttt.exe145⤵
-
\??\c:\jdddj.exec:\jdddj.exe146⤵
-
\??\c:\pvppv.exec:\pvppv.exe147⤵
-
\??\c:\rrfllrl.exec:\rrfllrl.exe148⤵
-
\??\c:\7xrrrrl.exec:\7xrrrrl.exe149⤵
-
\??\c:\ntnnhn.exec:\ntnnhn.exe150⤵
-
\??\c:\nbhhbn.exec:\nbhhbn.exe151⤵
-
\??\c:\jjppp.exec:\jjppp.exe152⤵
-
\??\c:\ffxxxxf.exec:\ffxxxxf.exe153⤵
-
\??\c:\lllllll.exec:\lllllll.exe154⤵
-
\??\c:\hnhnnt.exec:\hnhnnt.exe155⤵
-
\??\c:\djjjd.exec:\djjjd.exe156⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe157⤵
-
\??\c:\hhnnhb.exec:\hhnnhb.exe158⤵
-
\??\c:\3jvvp.exec:\3jvvp.exe159⤵
-
\??\c:\3vjjj.exec:\3vjjj.exe160⤵
-
\??\c:\lxxxrrf.exec:\lxxxrrf.exe161⤵
-
\??\c:\9xlrxxx.exec:\9xlrxxx.exe162⤵
-
\??\c:\pppvv.exec:\pppvv.exe163⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe164⤵
-
\??\c:\xxxxrxx.exec:\xxxxrxx.exe165⤵
-
\??\c:\hnhhtn.exec:\hnhhtn.exe166⤵
-
\??\c:\1jpvd.exec:\1jpvd.exe167⤵
-
\??\c:\xfxxfll.exec:\xfxxfll.exe168⤵
-
\??\c:\btttbh.exec:\btttbh.exe169⤵
-
\??\c:\jjddd.exec:\jjddd.exe170⤵
-
\??\c:\rrllrrf.exec:\rrllrrf.exe171⤵
-
\??\c:\9frlfll.exec:\9frlfll.exe172⤵
-
\??\c:\bbhhbh.exec:\bbhhbh.exe173⤵
-
\??\c:\pvjjp.exec:\pvjjp.exe174⤵
-
\??\c:\lxrrfff.exec:\lxrrfff.exe175⤵
-
\??\c:\5nnntb.exec:\5nnntb.exe176⤵
-
\??\c:\ddvjj.exec:\ddvjj.exe177⤵
-
\??\c:\jvddd.exec:\jvddd.exe178⤵
-
\??\c:\rrffrxl.exec:\rrffrxl.exe179⤵
-
\??\c:\rllllxf.exec:\rllllxf.exe180⤵
-
\??\c:\nbbbbb.exec:\nbbbbb.exe181⤵
-
\??\c:\bbntbh.exec:\bbntbh.exe182⤵
-
\??\c:\dppdd.exec:\dppdd.exe183⤵
-
\??\c:\rlrrxxx.exec:\rlrrxxx.exe184⤵
-
\??\c:\xxrlfll.exec:\xxrlfll.exe185⤵
-
\??\c:\nhnnhn.exec:\nhnnhn.exe186⤵
-
\??\c:\tttbnn.exec:\tttbnn.exe187⤵
-
\??\c:\1ddvp.exec:\1ddvp.exe188⤵
-
\??\c:\pddvp.exec:\pddvp.exe189⤵
-
\??\c:\fxffrrr.exec:\fxffrrr.exe190⤵
-
\??\c:\bnnttt.exec:\bnnttt.exe191⤵
-
\??\c:\hhhbbh.exec:\hhhbbh.exe192⤵
-
\??\c:\vjjvj.exec:\vjjvj.exe193⤵
-
\??\c:\3vjjj.exec:\3vjjj.exe194⤵
-
\??\c:\9rrfxfr.exec:\9rrfxfr.exe195⤵
-
\??\c:\frrrllf.exec:\frrrllf.exe196⤵
-
\??\c:\hntttt.exec:\hntttt.exe197⤵
-
\??\c:\nhhhtn.exec:\nhhhtn.exe198⤵
-
\??\c:\pdvvv.exec:\pdvvv.exe199⤵
-
\??\c:\jvddd.exec:\jvddd.exe200⤵
-
\??\c:\xrxrffx.exec:\xrxrffx.exe201⤵
-
\??\c:\fxllffr.exec:\fxllffr.exe202⤵
-
\??\c:\bthhhn.exec:\bthhhn.exe203⤵
-
\??\c:\djpjv.exec:\djpjv.exe204⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe205⤵
-
\??\c:\9llxrlf.exec:\9llxrlf.exe206⤵
-
\??\c:\rlfxrlf.exec:\rlfxrlf.exe207⤵
-
\??\c:\nnttnh.exec:\nnttnh.exe208⤵
-
\??\c:\ntnbnh.exec:\ntnbnh.exe209⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe210⤵
-
\??\c:\9llxrlf.exec:\9llxrlf.exe211⤵
-
\??\c:\9nhbth.exec:\9nhbth.exe212⤵
-
\??\c:\bthttn.exec:\bthttn.exe213⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe214⤵
-
\??\c:\xrfxxxx.exec:\xrfxxxx.exe215⤵
-
\??\c:\1hnnnn.exec:\1hnnnn.exe216⤵
-
\??\c:\tttnhb.exec:\tttnhb.exe217⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe218⤵
-
\??\c:\lffrffx.exec:\lffrffx.exe219⤵
-
\??\c:\bbnhtb.exec:\bbnhtb.exe220⤵
-
\??\c:\xxlffxx.exec:\xxlffxx.exe221⤵
-
\??\c:\9nhbtn.exec:\9nhbtn.exe222⤵
-
\??\c:\ddpdj.exec:\ddpdj.exe223⤵
-
\??\c:\frxlxrl.exec:\frxlxrl.exe224⤵
-
\??\c:\bbttnn.exec:\bbttnn.exe225⤵
-
\??\c:\tnnnbt.exec:\tnnnbt.exe226⤵
-
\??\c:\9vdvd.exec:\9vdvd.exe227⤵
-
\??\c:\nnhbhn.exec:\nnhbhn.exe228⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe229⤵
-
\??\c:\hhnnnh.exec:\hhnnnh.exe230⤵
-
\??\c:\hnnhtb.exec:\hnnhtb.exe231⤵
-
\??\c:\vpjjd.exec:\vpjjd.exe232⤵
-
\??\c:\dvddv.exec:\dvddv.exe233⤵
-
\??\c:\3xrllll.exec:\3xrllll.exe234⤵
-
\??\c:\tnttnb.exec:\tnttnb.exe235⤵
-
\??\c:\ddjpp.exec:\ddjpp.exe236⤵
-
\??\c:\rflffxf.exec:\rflffxf.exe237⤵
-
\??\c:\3xxrllf.exec:\3xxrllf.exe238⤵
-
\??\c:\nnhbth.exec:\nnhbth.exe239⤵
-
\??\c:\jjpjj.exec:\jjpjj.exe240⤵
-
\??\c:\vvjdv.exec:\vvjdv.exe241⤵