Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
19-05-2024 18:57
General
-
Target
125319481a0ff85547a0065201549aa9e8d969ff7ae3d4ab233b8a59402ef596.exe
-
Size
95KB
-
MD5
b6283a2550579e2d76267d3247134272
-
SHA1
fc10464de1a86d79102047fc0a560182108b953b
-
SHA256
125319481a0ff85547a0065201549aa9e8d969ff7ae3d4ab233b8a59402ef596
-
SHA512
356971a0c8810bc94601175c34f9ac9e92018cd522fdb53cda76c8cf0e0e363d541bb5e6fb85c4ba4d9f63dd34528765befeb1338c0ce87f888a3c0bcc14d7da
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIkpi+qP1hvZo66Ox4oq2SQwfTQu:ymb3NkkiQ3mdBjFIj+qNhvZuHQY0u
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\125319481a0ff85547a0065201549aa9e8d969ff7ae3d4ab233b8a59402ef596.exe"C:\Users\Admin\AppData\Local\Temp\125319481a0ff85547a0065201549aa9e8d969ff7ae3d4ab233b8a59402ef596.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5jjpj.exec:\5jjpj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlxlxl.exec:\fxlxlxl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbthtn.exec:\tbthtn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vvvv.exec:\9vvvv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vjvd.exec:\9vjvd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfllrrr.exec:\rfllrrr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntnnt.exec:\tntnnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhthnn.exec:\nhthnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjvd.exec:\dvjvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jpjp.exec:\5jpjp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrlxlr.exec:\lrrlxlr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnntnt.exec:\bnntnt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjdj.exec:\vdjdj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlflll.exec:\lxlflll.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthbnb.exec:\tthbnb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hntbn.exec:\5hntbn.exe17⤵
- Executes dropped EXE
-
\??\c:\vvjvj.exec:\vvjvj.exe18⤵
- Executes dropped EXE
-
\??\c:\7llllfr.exec:\7llllfr.exe19⤵
- Executes dropped EXE
-
\??\c:\3frxfff.exec:\3frxfff.exe20⤵
- Executes dropped EXE
-
\??\c:\nbhbbb.exec:\nbhbbb.exe21⤵
- Executes dropped EXE
-
\??\c:\5djjd.exec:\5djjd.exe22⤵
- Executes dropped EXE
-
\??\c:\pvpvd.exec:\pvpvd.exe23⤵
- Executes dropped EXE
-
\??\c:\lfrxflr.exec:\lfrxflr.exe24⤵
- Executes dropped EXE
-
\??\c:\5llxfrr.exec:\5llxfrr.exe25⤵
- Executes dropped EXE
-
\??\c:\hthnnt.exec:\hthnnt.exe26⤵
- Executes dropped EXE
-
\??\c:\dpjpj.exec:\dpjpj.exe27⤵
- Executes dropped EXE
-
\??\c:\pdjjv.exec:\pdjjv.exe28⤵
- Executes dropped EXE
-
\??\c:\rxlffrx.exec:\rxlffrx.exe29⤵
- Executes dropped EXE
-
\??\c:\1nbhnn.exec:\1nbhnn.exe30⤵
- Executes dropped EXE
-
\??\c:\9tntnt.exec:\9tntnt.exe31⤵
- Executes dropped EXE
-
\??\c:\vpjvd.exec:\vpjvd.exe32⤵
- Executes dropped EXE
-
\??\c:\lrrxrff.exec:\lrrxrff.exe33⤵
- Executes dropped EXE
-
\??\c:\nhnnbb.exec:\nhnnbb.exe34⤵
- Executes dropped EXE
-
\??\c:\pvpvv.exec:\pvpvv.exe35⤵
- Executes dropped EXE
-
\??\c:\5lrllfr.exec:\5lrllfr.exe36⤵
- Executes dropped EXE
-
\??\c:\xxrxlrf.exec:\xxrxlrf.exe37⤵
- Executes dropped EXE
-
\??\c:\bnnhhb.exec:\bnnhhb.exe38⤵
- Executes dropped EXE
-
\??\c:\bthbbb.exec:\bthbbb.exe39⤵
- Executes dropped EXE
-
\??\c:\jdjdd.exec:\jdjdd.exe40⤵
- Executes dropped EXE
-
\??\c:\jdvdj.exec:\jdvdj.exe41⤵
- Executes dropped EXE
-
\??\c:\3xllllr.exec:\3xllllr.exe42⤵
- Executes dropped EXE
-
\??\c:\xrffrlx.exec:\xrffrlx.exe43⤵
- Executes dropped EXE
-
\??\c:\1htnnb.exec:\1htnnb.exe44⤵
- Executes dropped EXE
-
\??\c:\1tnnnn.exec:\1tnnnn.exe45⤵
- Executes dropped EXE
-
\??\c:\jjdvj.exec:\jjdvj.exe46⤵
- Executes dropped EXE
-
\??\c:\pjvpj.exec:\pjvpj.exe47⤵
- Executes dropped EXE
-
\??\c:\frxrxfl.exec:\frxrxfl.exe48⤵
- Executes dropped EXE
-
\??\c:\thnnbt.exec:\thnnbt.exe49⤵
- Executes dropped EXE
-
\??\c:\bttbhb.exec:\bttbhb.exe50⤵
- Executes dropped EXE
-
\??\c:\jdpdd.exec:\jdpdd.exe51⤵
- Executes dropped EXE
-
\??\c:\dvjpp.exec:\dvjpp.exe52⤵
- Executes dropped EXE
-
\??\c:\rlflxlx.exec:\rlflxlx.exe53⤵
- Executes dropped EXE
-
\??\c:\1tntbt.exec:\1tntbt.exe54⤵
- Executes dropped EXE
-
\??\c:\vjvpv.exec:\vjvpv.exe55⤵
- Executes dropped EXE
-
\??\c:\pdjdv.exec:\pdjdv.exe56⤵
- Executes dropped EXE
-
\??\c:\xlrrrxf.exec:\xlrrrxf.exe57⤵
- Executes dropped EXE
-
\??\c:\htbhtb.exec:\htbhtb.exe58⤵
- Executes dropped EXE
-
\??\c:\tthbth.exec:\tthbth.exe59⤵
- Executes dropped EXE
-
\??\c:\dvjjd.exec:\dvjjd.exe60⤵
- Executes dropped EXE
-
\??\c:\3djpj.exec:\3djpj.exe61⤵
- Executes dropped EXE
-
\??\c:\fxxllrr.exec:\fxxllrr.exe62⤵
- Executes dropped EXE
-
\??\c:\xxlffxf.exec:\xxlffxf.exe63⤵
- Executes dropped EXE
-
\??\c:\btbhhb.exec:\btbhhb.exe64⤵
- Executes dropped EXE
-
\??\c:\thtnnn.exec:\thtnnn.exe65⤵
- Executes dropped EXE
-
\??\c:\pvpdj.exec:\pvpdj.exe66⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe67⤵
-
\??\c:\fxxxfrl.exec:\fxxxfrl.exe68⤵
-
\??\c:\fxlrrlr.exec:\fxlrrlr.exe69⤵
-
\??\c:\tntbhh.exec:\tntbhh.exe70⤵
-
\??\c:\nnbbnn.exec:\nnbbnn.exe71⤵
-
\??\c:\5pdvd.exec:\5pdvd.exe72⤵
-
\??\c:\jvjpp.exec:\jvjpp.exe73⤵
-
\??\c:\frfxfxf.exec:\frfxfxf.exe74⤵
-
\??\c:\flxxfrx.exec:\flxxfrx.exe75⤵
-
\??\c:\9htntt.exec:\9htntt.exe76⤵
-
\??\c:\5nbbhb.exec:\5nbbhb.exe77⤵
-
\??\c:\jpdvd.exec:\jpdvd.exe78⤵
-
\??\c:\jvppd.exec:\jvppd.exe79⤵
-
\??\c:\lffflrl.exec:\lffflrl.exe80⤵
-
\??\c:\xrlrflf.exec:\xrlrflf.exe81⤵
-
\??\c:\tttntb.exec:\tttntb.exe82⤵
-
\??\c:\hnbttt.exec:\hnbttt.exe83⤵
-
\??\c:\ppjjp.exec:\ppjjp.exe84⤵
-
\??\c:\1jvjv.exec:\1jvjv.exe85⤵
-
\??\c:\llrxlrx.exec:\llrxlrx.exe86⤵
-
\??\c:\rxrlllx.exec:\rxrlllx.exe87⤵
-
\??\c:\tbthtb.exec:\tbthtb.exe88⤵
-
\??\c:\ppdjd.exec:\ppdjd.exe89⤵
-
\??\c:\pdvvj.exec:\pdvvj.exe90⤵
-
\??\c:\7lrlrrl.exec:\7lrlrrl.exe91⤵
-
\??\c:\fxllrrr.exec:\fxllrrr.exe92⤵
-
\??\c:\ffrfllx.exec:\ffrfllx.exe93⤵
-
\??\c:\hbnntb.exec:\hbnntb.exe94⤵
-
\??\c:\vvvdp.exec:\vvvdp.exe95⤵
-
\??\c:\vdpjd.exec:\vdpjd.exe96⤵
-
\??\c:\9rlllxf.exec:\9rlllxf.exe97⤵
-
\??\c:\1lflrrf.exec:\1lflrrf.exe98⤵
-
\??\c:\hnnbhb.exec:\hnnbhb.exe99⤵
-
\??\c:\bnbtbn.exec:\bnbtbn.exe100⤵
-
\??\c:\nbhhbh.exec:\nbhhbh.exe101⤵
-
\??\c:\pdjpd.exec:\pdjpd.exe102⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe103⤵
-
\??\c:\5xrfffl.exec:\5xrfffl.exe104⤵
-
\??\c:\llrxrxr.exec:\llrxrxr.exe105⤵
-
\??\c:\9nhnnh.exec:\9nhnnh.exe106⤵
-
\??\c:\hbnnbt.exec:\hbnnbt.exe107⤵
-
\??\c:\ddjvv.exec:\ddjvv.exe108⤵
-
\??\c:\1dvdj.exec:\1dvdj.exe109⤵
-
\??\c:\rlxxlxl.exec:\rlxxlxl.exe110⤵
-
\??\c:\9lfrfll.exec:\9lfrfll.exe111⤵
-
\??\c:\nhtbnn.exec:\nhtbnn.exe112⤵
-
\??\c:\nnntnb.exec:\nnntnb.exe113⤵
-
\??\c:\rrrrfrf.exec:\rrrrfrf.exe114⤵
-
\??\c:\ffrxlrx.exec:\ffrxlrx.exe115⤵
-
\??\c:\nnhntb.exec:\nnhntb.exe116⤵
-
\??\c:\nhnntb.exec:\nhnntb.exe117⤵
-
\??\c:\pvjjp.exec:\pvjjp.exe118⤵
-
\??\c:\dvppv.exec:\dvppv.exe119⤵
-
\??\c:\9rrflxl.exec:\9rrflxl.exe120⤵
-
\??\c:\rrflflr.exec:\rrflflr.exe121⤵
-
\??\c:\nntnhh.exec:\nntnhh.exe122⤵
-
\??\c:\9btbhn.exec:\9btbhn.exe123⤵
-
\??\c:\3jjpd.exec:\3jjpd.exe124⤵
-
\??\c:\dpdvj.exec:\dpdvj.exe125⤵
-
\??\c:\fxllrxl.exec:\fxllrxl.exe126⤵
-
\??\c:\rflxrxl.exec:\rflxrxl.exe127⤵
-
\??\c:\tthntt.exec:\tthntt.exe128⤵
-
\??\c:\hbbbtb.exec:\hbbbtb.exe129⤵
-
\??\c:\bhbtht.exec:\bhbtht.exe130⤵
-
\??\c:\5jdpv.exec:\5jdpv.exe131⤵
-
\??\c:\ddvvj.exec:\ddvvj.exe132⤵
-
\??\c:\xrflllx.exec:\xrflllx.exe133⤵
-
\??\c:\rxlrfll.exec:\rxlrfll.exe134⤵
-
\??\c:\hbnbhh.exec:\hbnbhh.exe135⤵
-
\??\c:\tbnhnh.exec:\tbnhnh.exe136⤵
-
\??\c:\1vjpv.exec:\1vjpv.exe137⤵
-
\??\c:\1dpvj.exec:\1dpvj.exe138⤵
-
\??\c:\xxrflrl.exec:\xxrflrl.exe139⤵
-
\??\c:\fxflflf.exec:\fxflflf.exe140⤵
-
\??\c:\xxxlxfr.exec:\xxxlxfr.exe141⤵
-
\??\c:\bbtbbh.exec:\bbtbbh.exe142⤵
-
\??\c:\hhbtnb.exec:\hhbtnb.exe143⤵
-
\??\c:\9pddd.exec:\9pddd.exe144⤵
-
\??\c:\vddvj.exec:\vddvj.exe145⤵
-
\??\c:\dvdpp.exec:\dvdpp.exe146⤵
-
\??\c:\3rrxllr.exec:\3rrxllr.exe147⤵
-
\??\c:\fxlxrfr.exec:\fxlxrfr.exe148⤵
-
\??\c:\3btbhn.exec:\3btbhn.exe149⤵
-
\??\c:\5htbhb.exec:\5htbhb.exe150⤵
-
\??\c:\dddjv.exec:\dddjv.exe151⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe152⤵
-
\??\c:\rlxrffl.exec:\rlxrffl.exe153⤵
-
\??\c:\fflfrxl.exec:\fflfrxl.exe154⤵
-
\??\c:\nnnbbh.exec:\nnnbbh.exe155⤵
-
\??\c:\btbnbb.exec:\btbnbb.exe156⤵
-
\??\c:\vvjvd.exec:\vvjvd.exe157⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe158⤵
-
\??\c:\9xxxrxf.exec:\9xxxrxf.exe159⤵
-
\??\c:\rrrfxfx.exec:\rrrfxfx.exe160⤵
-
\??\c:\3nthth.exec:\3nthth.exe161⤵
-
\??\c:\nnhtnn.exec:\nnhtnn.exe162⤵
-
\??\c:\jdjpv.exec:\jdjpv.exe163⤵
-
\??\c:\9rxllll.exec:\9rxllll.exe164⤵
-
\??\c:\fxxrffx.exec:\fxxrffx.exe165⤵
-
\??\c:\nntttt.exec:\nntttt.exe166⤵
-
\??\c:\nbhtbt.exec:\nbhtbt.exe167⤵
-
\??\c:\vpppd.exec:\vpppd.exe168⤵
-
\??\c:\3jjpd.exec:\3jjpd.exe169⤵
-
\??\c:\fxlrflx.exec:\fxlrflx.exe170⤵
-
\??\c:\3lxxxxf.exec:\3lxxxxf.exe171⤵
-
\??\c:\bnbnnt.exec:\bnbnnt.exe172⤵
-
\??\c:\7htbbh.exec:\7htbbh.exe173⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe174⤵
-
\??\c:\vvjpv.exec:\vvjpv.exe175⤵
-
\??\c:\9rrrxfr.exec:\9rrrxfr.exe176⤵
-
\??\c:\fxrfrrf.exec:\fxrfrrf.exe177⤵
-
\??\c:\7htbht.exec:\7htbht.exe178⤵
-
\??\c:\1bthnt.exec:\1bthnt.exe179⤵
-
\??\c:\vdpdd.exec:\vdpdd.exe180⤵
-
\??\c:\pjpdj.exec:\pjpdj.exe181⤵
-
\??\c:\rrfrffx.exec:\rrfrffx.exe182⤵
-
\??\c:\hhbhnt.exec:\hhbhnt.exe183⤵
-
\??\c:\nnnttn.exec:\nnnttn.exe184⤵
-
\??\c:\pppvd.exec:\pppvd.exe185⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe186⤵
-
\??\c:\ffxffxx.exec:\ffxffxx.exe187⤵
-
\??\c:\9rfrxxl.exec:\9rfrxxl.exe188⤵
-
\??\c:\nhtbnh.exec:\nhtbnh.exe189⤵
-
\??\c:\hbhnbh.exec:\hbhnbh.exe190⤵
-
\??\c:\vvddp.exec:\vvddp.exe191⤵
-
\??\c:\llfxrrf.exec:\llfxrrf.exe192⤵
-
\??\c:\rlflrrx.exec:\rlflrrx.exe193⤵
-
\??\c:\ffrflxl.exec:\ffrflxl.exe194⤵
-
\??\c:\tntbht.exec:\tntbht.exe195⤵
-
\??\c:\9dvjv.exec:\9dvjv.exe196⤵
-
\??\c:\llrrlfx.exec:\llrrlfx.exe197⤵
-
\??\c:\7bthth.exec:\7bthth.exe198⤵
-
\??\c:\ddvpd.exec:\ddvpd.exe199⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe200⤵
-
\??\c:\fffrxxr.exec:\fffrxxr.exe201⤵
-
\??\c:\fxxfrrf.exec:\fxxfrrf.exe202⤵
-
\??\c:\hbbtth.exec:\hbbtth.exe203⤵
-
\??\c:\nhbhtn.exec:\nhbhtn.exe204⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe205⤵
-
\??\c:\vpdvd.exec:\vpdvd.exe206⤵
-
\??\c:\lrlfflx.exec:\lrlfflx.exe207⤵
-
\??\c:\3lxfllf.exec:\3lxfllf.exe208⤵
-
\??\c:\bbhhnt.exec:\bbhhnt.exe209⤵
-
\??\c:\nnhnbn.exec:\nnhnbn.exe210⤵
-
\??\c:\jjvvv.exec:\jjvvv.exe211⤵
-
\??\c:\rrfflll.exec:\rrfflll.exe212⤵
-
\??\c:\3lfrxfl.exec:\3lfrxfl.exe213⤵
-
\??\c:\5hhnbh.exec:\5hhnbh.exe214⤵
-
\??\c:\3thhbn.exec:\3thhbn.exe215⤵
-
\??\c:\dvpdv.exec:\dvpdv.exe216⤵
-
\??\c:\1jddj.exec:\1jddj.exe217⤵
-
\??\c:\rlxfrrx.exec:\rlxfrrx.exe218⤵
-
\??\c:\lrfllrx.exec:\lrfllrx.exe219⤵
-
\??\c:\btnbth.exec:\btnbth.exe220⤵
-
\??\c:\nhtnnb.exec:\nhtnnb.exe221⤵
-
\??\c:\3jdpd.exec:\3jdpd.exe222⤵
-
\??\c:\fflrxrx.exec:\fflrxrx.exe223⤵
-
\??\c:\1lxrrrx.exec:\1lxrrrx.exe224⤵
-
\??\c:\bbnbnb.exec:\bbnbnb.exe225⤵
-
\??\c:\hbhbbb.exec:\hbhbbb.exe226⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe227⤵
-
\??\c:\9frllfr.exec:\9frllfr.exe228⤵
-
\??\c:\5xxfffx.exec:\5xxfffx.exe229⤵
-
\??\c:\llflrfr.exec:\llflrfr.exe230⤵
-
\??\c:\nbthnt.exec:\nbthnt.exe231⤵
-
\??\c:\vvvpv.exec:\vvvpv.exe232⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe233⤵
-
\??\c:\3frxrxl.exec:\3frxrxl.exe234⤵
-
\??\c:\hhhnbn.exec:\hhhnbn.exe235⤵
-
\??\c:\bthnbb.exec:\bthnbb.exe236⤵
-
\??\c:\9dvvj.exec:\9dvvj.exe237⤵
-
\??\c:\pdddd.exec:\pdddd.exe238⤵
-
\??\c:\rrlrlrx.exec:\rrlrlrx.exe239⤵
-
\??\c:\llxlllf.exec:\llxlllf.exe240⤵
-
\??\c:\hbbhtt.exec:\hbbhtt.exe241⤵