Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
19-05-2024 18:29
General
-
Target
0938ddb998b765feaf5017821daa7d41169af2d257397de8156d557b058eadab.exe
-
Size
55KB
-
MD5
c9bebe2d63ce5ba0e60bfb71ed34e673
-
SHA1
4a60cea2c515e9e2841e83347faa63925f2bc5b0
-
SHA256
0938ddb998b765feaf5017821daa7d41169af2d257397de8156d557b058eadab
-
SHA512
bb26fee5163e777875682c0f717bdd3eab3e45998af9a9de94db6d8343f31f2a7c79bdcbfc637fd535d239f23799d46ebc5a73bd5b19c719b59a7e555eabe2d2
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFP:ymb3NkkiQ3mdBjFIFP
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
UPX dump on OEP (original entry point) 34 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0938ddb998b765feaf5017821daa7d41169af2d257397de8156d557b058eadab.exe"C:\Users\Admin\AppData\Local\Temp\0938ddb998b765feaf5017821daa7d41169af2d257397de8156d557b058eadab.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rlflxlx.exec:\rlflxlx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpjp.exec:\vvpjp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3fxflrf.exec:\3fxflrf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpvp.exec:\dvpvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxfxfr.exec:\fxxfxfr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhbbt.exec:\nnhbbt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhnth.exec:\nnhnth.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxlrfr.exec:\fxxlrfr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhtth.exec:\nhhtth.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjv.exec:\jdpjv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflrlrr.exec:\fflrlrr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xfrffl.exec:\9xfrffl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnntn.exec:\ntnntn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvvv.exec:\vjvvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfxrxl.exec:\llfxrxl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnhnb.exec:\bhnhnb.exe17⤵
- Executes dropped EXE
-
\??\c:\vpjpd.exec:\vpjpd.exe18⤵
- Executes dropped EXE
-
\??\c:\pvdpp.exec:\pvdpp.exe19⤵
- Executes dropped EXE
-
\??\c:\rllfrfx.exec:\rllfrfx.exe20⤵
- Executes dropped EXE
-
\??\c:\hbhtbh.exec:\hbhtbh.exe21⤵
- Executes dropped EXE
-
\??\c:\pjdvp.exec:\pjdvp.exe22⤵
- Executes dropped EXE
-
\??\c:\jddvj.exec:\jddvj.exe23⤵
- Executes dropped EXE
-
\??\c:\lxllrlr.exec:\lxllrlr.exe24⤵
- Executes dropped EXE
-
\??\c:\btnbnt.exec:\btnbnt.exe25⤵
- Executes dropped EXE
-
\??\c:\jdvdp.exec:\jdvdp.exe26⤵
- Executes dropped EXE
-
\??\c:\vdpvv.exec:\vdpvv.exe27⤵
- Executes dropped EXE
-
\??\c:\nnbttt.exec:\nnbttt.exe28⤵
- Executes dropped EXE
-
\??\c:\hhhbht.exec:\hhhbht.exe29⤵
- Executes dropped EXE
-
\??\c:\ddpjp.exec:\ddpjp.exe30⤵
- Executes dropped EXE
-
\??\c:\lfrxlxf.exec:\lfrxlxf.exe31⤵
- Executes dropped EXE
-
\??\c:\hbnnth.exec:\hbnnth.exe32⤵
- Executes dropped EXE
-
\??\c:\nthntn.exec:\nthntn.exe33⤵
- Executes dropped EXE
-
\??\c:\jjdvj.exec:\jjdvj.exe34⤵
- Executes dropped EXE
-
\??\c:\3rlrxfl.exec:\3rlrxfl.exe35⤵
- Executes dropped EXE
-
\??\c:\5nbttn.exec:\5nbttn.exe36⤵
- Executes dropped EXE
-
\??\c:\bbhttt.exec:\bbhttt.exe37⤵
- Executes dropped EXE
-
\??\c:\vdjpp.exec:\vdjpp.exe38⤵
- Executes dropped EXE
-
\??\c:\1lrrllr.exec:\1lrrllr.exe39⤵
- Executes dropped EXE
-
\??\c:\lfrflrf.exec:\lfrflrf.exe40⤵
- Executes dropped EXE
-
\??\c:\thhnnn.exec:\thhnnn.exe41⤵
- Executes dropped EXE
-
\??\c:\tbtntn.exec:\tbtntn.exe42⤵
- Executes dropped EXE
-
\??\c:\dddpd.exec:\dddpd.exe43⤵
- Executes dropped EXE
-
\??\c:\xlxrxlr.exec:\xlxrxlr.exe44⤵
- Executes dropped EXE
-
\??\c:\xlfflfl.exec:\xlfflfl.exe45⤵
- Executes dropped EXE
-
\??\c:\hthhnb.exec:\hthhnb.exe46⤵
- Executes dropped EXE
-
\??\c:\vpvdp.exec:\vpvdp.exe47⤵
- Executes dropped EXE
-
\??\c:\jdvvd.exec:\jdvvd.exe48⤵
- Executes dropped EXE
-
\??\c:\9xlxfxx.exec:\9xlxfxx.exe49⤵
- Executes dropped EXE
-
\??\c:\nhthnb.exec:\nhthnb.exe50⤵
- Executes dropped EXE
-
\??\c:\ddddp.exec:\ddddp.exe51⤵
- Executes dropped EXE
-
\??\c:\dpddv.exec:\dpddv.exe52⤵
- Executes dropped EXE
-
\??\c:\1lxlxxf.exec:\1lxlxxf.exe53⤵
- Executes dropped EXE
-
\??\c:\fxlxflx.exec:\fxlxflx.exe54⤵
- Executes dropped EXE
-
\??\c:\hbnhbn.exec:\hbnhbn.exe55⤵
- Executes dropped EXE
-
\??\c:\3ppjj.exec:\3ppjj.exe56⤵
- Executes dropped EXE
-
\??\c:\pjvpd.exec:\pjvpd.exe57⤵
- Executes dropped EXE
-
\??\c:\rrrfrxl.exec:\rrrfrxl.exe58⤵
- Executes dropped EXE
-
\??\c:\llxrrxl.exec:\llxrrxl.exe59⤵
- Executes dropped EXE
-
\??\c:\nhbnbb.exec:\nhbnbb.exe60⤵
- Executes dropped EXE
-
\??\c:\nbhbnt.exec:\nbhbnt.exe61⤵
- Executes dropped EXE
-
\??\c:\vpdpj.exec:\vpdpj.exe62⤵
- Executes dropped EXE
-
\??\c:\xrlxfrx.exec:\xrlxfrx.exe63⤵
- Executes dropped EXE
-
\??\c:\rlrffxx.exec:\rlrffxx.exe64⤵
- Executes dropped EXE
-
\??\c:\hbthtb.exec:\hbthtb.exe65⤵
- Executes dropped EXE
-
\??\c:\bhtbbn.exec:\bhtbbn.exe66⤵
-
\??\c:\pdjdj.exec:\pdjdj.exe67⤵
-
\??\c:\rlflflf.exec:\rlflflf.exe68⤵
-
\??\c:\1fllrlx.exec:\1fllrlx.exe69⤵
-
\??\c:\hhtnhh.exec:\hhtnhh.exe70⤵
-
\??\c:\djvpd.exec:\djvpd.exe71⤵
-
\??\c:\9jjpd.exec:\9jjpd.exe72⤵
-
\??\c:\7rflxfl.exec:\7rflxfl.exe73⤵
-
\??\c:\3bhtht.exec:\3bhtht.exe74⤵
-
\??\c:\nhhthn.exec:\nhhthn.exe75⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe76⤵
-
\??\c:\vvdjj.exec:\vvdjj.exe77⤵
-
\??\c:\xxxlflf.exec:\xxxlflf.exe78⤵
-
\??\c:\nnhbbn.exec:\nnhbbn.exe79⤵
-
\??\c:\hhnhhn.exec:\hhnhhn.exe80⤵
-
\??\c:\pjdjd.exec:\pjdjd.exe81⤵
-
\??\c:\7dddp.exec:\7dddp.exe82⤵
-
\??\c:\ffrflxr.exec:\ffrflxr.exe83⤵
-
\??\c:\bnhntb.exec:\bnhntb.exe84⤵
-
\??\c:\nnbnbt.exec:\nnbnbt.exe85⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe86⤵
-
\??\c:\vvpjv.exec:\vvpjv.exe87⤵
-
\??\c:\7ffllxf.exec:\7ffllxf.exe88⤵
-
\??\c:\xrffrrl.exec:\xrffrrl.exe89⤵
-
\??\c:\hhbbtt.exec:\hhbbtt.exe90⤵
-
\??\c:\vppjv.exec:\vppjv.exe91⤵
-
\??\c:\vvjpj.exec:\vvjpj.exe92⤵
-
\??\c:\7fxfxfr.exec:\7fxfxfr.exe93⤵
-
\??\c:\rlxxlxr.exec:\rlxxlxr.exe94⤵
-
\??\c:\1bnbbb.exec:\1bnbbb.exe95⤵
-
\??\c:\jppdj.exec:\jppdj.exe96⤵
-
\??\c:\dvppd.exec:\dvppd.exe97⤵
-
\??\c:\3fxrffl.exec:\3fxrffl.exe98⤵
-
\??\c:\fxlxllr.exec:\fxlxllr.exe99⤵
-
\??\c:\bbbthb.exec:\bbbthb.exe100⤵
-
\??\c:\hbnhtn.exec:\hbnhtn.exe101⤵
-
\??\c:\jjdvj.exec:\jjdvj.exe102⤵
-
\??\c:\1xxfllx.exec:\1xxfllx.exe103⤵
-
\??\c:\1frlxxf.exec:\1frlxxf.exe104⤵
-
\??\c:\bbhtnt.exec:\bbhtnt.exe105⤵
-
\??\c:\nntbht.exec:\nntbht.exe106⤵
-
\??\c:\vvvdv.exec:\vvvdv.exe107⤵
-
\??\c:\jdjvd.exec:\jdjvd.exe108⤵
-
\??\c:\xrfrrxr.exec:\xrfrrxr.exe109⤵
-
\??\c:\llfrffr.exec:\llfrffr.exe110⤵
-
\??\c:\nthbbn.exec:\nthbbn.exe111⤵
-
\??\c:\ppdjd.exec:\ppdjd.exe112⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe113⤵
-
\??\c:\xrlxfrx.exec:\xrlxfrx.exe114⤵
-
\??\c:\lrllxfr.exec:\lrllxfr.exe115⤵
-
\??\c:\1bbtbn.exec:\1bbtbn.exe116⤵
-
\??\c:\vvpvv.exec:\vvpvv.exe117⤵
-
\??\c:\dppvd.exec:\dppvd.exe118⤵
-
\??\c:\xfrrrll.exec:\xfrrrll.exe119⤵
-
\??\c:\nhbthn.exec:\nhbthn.exe120⤵
-
\??\c:\bntbht.exec:\bntbht.exe121⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe122⤵
-
\??\c:\jjvpv.exec:\jjvpv.exe123⤵
-
\??\c:\1xxlfxx.exec:\1xxlfxx.exe124⤵
-
\??\c:\5rrflrx.exec:\5rrflrx.exe125⤵
-
\??\c:\3tbttb.exec:\3tbttb.exe126⤵
-
\??\c:\btntbh.exec:\btntbh.exe127⤵
-
\??\c:\9vddv.exec:\9vddv.exe128⤵
-
\??\c:\3vpvp.exec:\3vpvp.exe129⤵
-
\??\c:\fxxlxlx.exec:\fxxlxlx.exe130⤵
-
\??\c:\7rrlflf.exec:\7rrlflf.exe131⤵
-
\??\c:\bttnth.exec:\bttnth.exe132⤵
-
\??\c:\hhhbhh.exec:\hhhbhh.exe133⤵
-
\??\c:\5ppdd.exec:\5ppdd.exe134⤵
-
\??\c:\rlflrxf.exec:\rlflrxf.exe135⤵
-
\??\c:\rlfrrfr.exec:\rlfrrfr.exe136⤵
-
\??\c:\btntht.exec:\btntht.exe137⤵
-
\??\c:\9bntht.exec:\9bntht.exe138⤵
-
\??\c:\jjpvd.exec:\jjpvd.exe139⤵
-
\??\c:\pjvjv.exec:\pjvjv.exe140⤵
-
\??\c:\llfrrxl.exec:\llfrrxl.exe141⤵
-
\??\c:\3bnhbh.exec:\3bnhbh.exe142⤵
-
\??\c:\nnhhhn.exec:\nnhhhn.exe143⤵
-
\??\c:\pvjvj.exec:\pvjvj.exe144⤵
-
\??\c:\xrlrrxx.exec:\xrlrrxx.exe145⤵
-
\??\c:\fxxxffl.exec:\fxxxffl.exe146⤵
-
\??\c:\ttbbtb.exec:\ttbbtb.exe147⤵
-
\??\c:\tnntnt.exec:\tnntnt.exe148⤵
-
\??\c:\dvjpj.exec:\dvjpj.exe149⤵
-
\??\c:\pdppv.exec:\pdppv.exe150⤵
-
\??\c:\ffxxlxl.exec:\ffxxlxl.exe151⤵
-
\??\c:\fxxflxx.exec:\fxxflxx.exe152⤵
-
\??\c:\9tbthn.exec:\9tbthn.exe153⤵
-
\??\c:\pddvd.exec:\pddvd.exe154⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe155⤵
-
\??\c:\5djvd.exec:\5djvd.exe156⤵
-
\??\c:\xfxfxrl.exec:\xfxfxrl.exe157⤵
-
\??\c:\nnbtbh.exec:\nnbtbh.exe158⤵
-
\??\c:\nhnbtt.exec:\nhnbtt.exe159⤵
-
\??\c:\7vjvj.exec:\7vjvj.exe160⤵
-
\??\c:\vdppd.exec:\vdppd.exe161⤵
-
\??\c:\9lrffrf.exec:\9lrffrf.exe162⤵
-
\??\c:\xxlxflx.exec:\xxlxflx.exe163⤵
-
\??\c:\3ffrfrx.exec:\3ffrfrx.exe164⤵
-
\??\c:\tnthtt.exec:\tnthtt.exe165⤵
-
\??\c:\9hbbnn.exec:\9hbbnn.exe166⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe167⤵
-
\??\c:\htbbnb.exec:\htbbnb.exe168⤵
-
\??\c:\pjdjd.exec:\pjdjd.exe169⤵
-
\??\c:\pdvdp.exec:\pdvdp.exe170⤵
-
\??\c:\fxrxfxr.exec:\fxrxfxr.exe171⤵
-
\??\c:\3lfflrf.exec:\3lfflrf.exe172⤵
-
\??\c:\ffllrxf.exec:\ffllrxf.exe173⤵
-
\??\c:\bbntbn.exec:\bbntbn.exe174⤵
-
\??\c:\jppjd.exec:\jppjd.exe175⤵
-
\??\c:\rrrlxfr.exec:\rrrlxfr.exe176⤵
-
\??\c:\rlxllxx.exec:\rlxllxx.exe177⤵
-
\??\c:\bbbnbh.exec:\bbbnbh.exe178⤵
-
\??\c:\tnnnbb.exec:\tnnnbb.exe179⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe180⤵
-
\??\c:\jpddj.exec:\jpddj.exe181⤵
-
\??\c:\5rfflrf.exec:\5rfflrf.exe182⤵
-
\??\c:\5xrrxlr.exec:\5xrrxlr.exe183⤵
-
\??\c:\hnnhbh.exec:\hnnhbh.exe184⤵
-
\??\c:\jdjvd.exec:\jdjvd.exe185⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe186⤵
-
\??\c:\jdddp.exec:\jdddp.exe187⤵
-
\??\c:\xlxxxxf.exec:\xlxxxxf.exe188⤵
-
\??\c:\3rrrflf.exec:\3rrrflf.exe189⤵
-
\??\c:\tnbnnb.exec:\tnbnnb.exe190⤵
-
\??\c:\nhhnnn.exec:\nhhnnn.exe191⤵
-
\??\c:\3vppd.exec:\3vppd.exe192⤵
-
\??\c:\jpppj.exec:\jpppj.exe193⤵
-
\??\c:\rfxfrxf.exec:\rfxfrxf.exe194⤵
-
\??\c:\lffxlrx.exec:\lffxlrx.exe195⤵
-
\??\c:\hnbtbb.exec:\hnbtbb.exe196⤵
-
\??\c:\nnhbhn.exec:\nnhbhn.exe197⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe198⤵
-
\??\c:\vvpjj.exec:\vvpjj.exe199⤵
-
\??\c:\fllxflx.exec:\fllxflx.exe200⤵
-
\??\c:\rlfrfll.exec:\rlfrfll.exe201⤵
-
\??\c:\hthtbh.exec:\hthtbh.exe202⤵
-
\??\c:\tnhntt.exec:\tnhntt.exe203⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe204⤵
-
\??\c:\jjjvj.exec:\jjjvj.exe205⤵
-
\??\c:\rrlrfrf.exec:\rrlrfrf.exe206⤵
-
\??\c:\xxlllrx.exec:\xxlllrx.exe207⤵
-
\??\c:\9ttnhn.exec:\9ttnhn.exe208⤵
-
\??\c:\tnhhtn.exec:\tnhhtn.exe209⤵
-
\??\c:\dpdjv.exec:\dpdjv.exe210⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe211⤵
-
\??\c:\5rlxffl.exec:\5rlxffl.exe212⤵
-
\??\c:\hbnnbn.exec:\hbnnbn.exe213⤵
-
\??\c:\3thntb.exec:\3thntb.exe214⤵
-
\??\c:\7tnnhh.exec:\7tnnhh.exe215⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe216⤵
-
\??\c:\3vpvv.exec:\3vpvv.exe217⤵
-
\??\c:\5xrxxxf.exec:\5xrxxxf.exe218⤵
-
\??\c:\bnthbt.exec:\bnthbt.exe219⤵
-
\??\c:\nbbnnn.exec:\nbbnnn.exe220⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe221⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe222⤵
-
\??\c:\3xrfrxl.exec:\3xrfrxl.exe223⤵
-
\??\c:\1fxlrfr.exec:\1fxlrfr.exe224⤵
-
\??\c:\nbhnbt.exec:\nbhnbt.exe225⤵
-
\??\c:\3nhnnb.exec:\3nhnnb.exe226⤵
-
\??\c:\1vjdj.exec:\1vjdj.exe227⤵
-
\??\c:\vjvdj.exec:\vjvdj.exe228⤵
-
\??\c:\1xllrxx.exec:\1xllrxx.exe229⤵
-
\??\c:\rfrxxrx.exec:\rfrxxrx.exe230⤵
-
\??\c:\tnnbbh.exec:\tnnbbh.exe231⤵
-
\??\c:\3tnhhh.exec:\3tnhhh.exe232⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe233⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe234⤵
-
\??\c:\9rrfflr.exec:\9rrfflr.exe235⤵
-
\??\c:\rfxllrf.exec:\rfxllrf.exe236⤵
-
\??\c:\nnbthh.exec:\nnbthh.exe237⤵
-
\??\c:\hbhnnt.exec:\hbhnnt.exe238⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe239⤵
-
\??\c:\vpvdj.exec:\vpvdj.exe240⤵
-
\??\c:\9rxflrl.exec:\9rxflrl.exe241⤵