Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
19-05-2024 20:12
General
-
Target
2fe3de2352dfefb9525becb358bde79165f0e61bca8e7dec3be789ec0b1abd54.exe
-
Size
115KB
-
MD5
2217c376d2c06994d8a6e6249e13dac4
-
SHA1
1a88ad31d018021073cb20e54913bdc238eafa3c
-
SHA256
2fe3de2352dfefb9525becb358bde79165f0e61bca8e7dec3be789ec0b1abd54
-
SHA512
087136b2dabb879c5a1d1395cc630c1253c385efbc18ba5354922de2c939bc9ecc3f388c31bca7dbbc4fdac13586ad967564c4af5277d6da6aacba0ec37e8dfb
-
SSDEEP
3072:ymb3NkkiQ3mdBjFosxXGPXbXQMFHLgDWSmjlkFb:n3C9BRosxW8MFHLMWvl6
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
UPX dump on OEP (original entry point) 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2fe3de2352dfefb9525becb358bde79165f0e61bca8e7dec3be789ec0b1abd54.exe"C:\Users\Admin\AppData\Local\Temp\2fe3de2352dfefb9525becb358bde79165f0e61bca8e7dec3be789ec0b1abd54.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5tnntb.exec:\5tnntb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntbbh.exec:\tntbbh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvpj.exec:\dpvpj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbhbh.exec:\bhbhbh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtbtt.exec:\hbtbtt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpdj.exec:\jjpdj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1frrfxf.exec:\1frrfxf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxrxrr.exec:\lfxrxrr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnntn.exec:\nbnntn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttthhn.exec:\ttthhn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vjjv.exec:\1vjjv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3fxxxxx.exec:\3fxxxxx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frflllr.exec:\frflllr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nbhnh.exec:\1nbhnh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhnnn.exec:\bnhnnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjj.exec:\vjpjj.exe17⤵
- Executes dropped EXE
-
\??\c:\pjddd.exec:\pjddd.exe18⤵
- Executes dropped EXE
-
\??\c:\rfxxffx.exec:\rfxxffx.exe19⤵
- Executes dropped EXE
-
\??\c:\ttntbb.exec:\ttntbb.exe20⤵
- Executes dropped EXE
-
\??\c:\1djvv.exec:\1djvv.exe21⤵
- Executes dropped EXE
-
\??\c:\fxxffxf.exec:\fxxffxf.exe22⤵
- Executes dropped EXE
-
\??\c:\5xrxxff.exec:\5xrxxff.exe23⤵
- Executes dropped EXE
-
\??\c:\9nbhhh.exec:\9nbhhh.exe24⤵
- Executes dropped EXE
-
\??\c:\hbnhnh.exec:\hbnhnh.exe25⤵
- Executes dropped EXE
-
\??\c:\pdvdp.exec:\pdvdp.exe26⤵
- Executes dropped EXE
-
\??\c:\rlxfllr.exec:\rlxfllr.exe27⤵
- Executes dropped EXE
-
\??\c:\fffxfff.exec:\fffxfff.exe28⤵
- Executes dropped EXE
-
\??\c:\nnhttb.exec:\nnhttb.exe29⤵
- Executes dropped EXE
-
\??\c:\vvppv.exec:\vvppv.exe30⤵
- Executes dropped EXE
-
\??\c:\pdpvv.exec:\pdpvv.exe31⤵
- Executes dropped EXE
-
\??\c:\xlrrxrx.exec:\xlrrxrx.exe32⤵
- Executes dropped EXE
-
\??\c:\tbttbt.exec:\tbttbt.exe33⤵
- Executes dropped EXE
-
\??\c:\dvddp.exec:\dvddp.exe34⤵
- Executes dropped EXE
-
\??\c:\dpdvv.exec:\dpdvv.exe35⤵
- Executes dropped EXE
-
\??\c:\rlxllfl.exec:\rlxllfl.exe36⤵
- Executes dropped EXE
-
\??\c:\rrflxlr.exec:\rrflxlr.exe37⤵
- Executes dropped EXE
-
\??\c:\ddvjv.exec:\ddvjv.exe38⤵
- Executes dropped EXE
-
\??\c:\vppjp.exec:\vppjp.exe39⤵
- Executes dropped EXE
-
\??\c:\rrxrlxl.exec:\rrxrlxl.exe40⤵
- Executes dropped EXE
-
\??\c:\rffxxrr.exec:\rffxxrr.exe41⤵
- Executes dropped EXE
-
\??\c:\nbtbbt.exec:\nbtbbt.exe42⤵
- Executes dropped EXE
-
\??\c:\htbbbh.exec:\htbbbh.exe43⤵
- Executes dropped EXE
-
\??\c:\djdpj.exec:\djdpj.exe44⤵
- Executes dropped EXE
-
\??\c:\pppvd.exec:\pppvd.exe45⤵
- Executes dropped EXE
-
\??\c:\lxllxlf.exec:\lxllxlf.exe46⤵
- Executes dropped EXE
-
\??\c:\fxrfxrr.exec:\fxrfxrr.exe47⤵
- Executes dropped EXE
-
\??\c:\9hnthh.exec:\9hnthh.exe48⤵
- Executes dropped EXE
-
\??\c:\nhntbb.exec:\nhntbb.exe49⤵
- Executes dropped EXE
-
\??\c:\3ddjj.exec:\3ddjj.exe50⤵
- Executes dropped EXE
-
\??\c:\7ppdj.exec:\7ppdj.exe51⤵
- Executes dropped EXE
-
\??\c:\7fllllr.exec:\7fllllr.exe52⤵
- Executes dropped EXE
-
\??\c:\bhhbth.exec:\bhhbth.exe53⤵
- Executes dropped EXE
-
\??\c:\ttntth.exec:\ttntth.exe54⤵
- Executes dropped EXE
-
\??\c:\dpdvd.exec:\dpdvd.exe55⤵
- Executes dropped EXE
-
\??\c:\9jjdp.exec:\9jjdp.exe56⤵
- Executes dropped EXE
-
\??\c:\fxflxxx.exec:\fxflxxx.exe57⤵
- Executes dropped EXE
-
\??\c:\lfrrxrf.exec:\lfrrxrf.exe58⤵
- Executes dropped EXE
-
\??\c:\hhhnhn.exec:\hhhnhn.exe59⤵
- Executes dropped EXE
-
\??\c:\3hhthn.exec:\3hhthn.exe60⤵
- Executes dropped EXE
-
\??\c:\vvpvj.exec:\vvpvj.exe61⤵
- Executes dropped EXE
-
\??\c:\pdvdj.exec:\pdvdj.exe62⤵
- Executes dropped EXE
-
\??\c:\3xlffxf.exec:\3xlffxf.exe63⤵
- Executes dropped EXE
-
\??\c:\5lffflr.exec:\5lffflr.exe64⤵
- Executes dropped EXE
-
\??\c:\9hhtbh.exec:\9hhtbh.exe65⤵
- Executes dropped EXE
-
\??\c:\tnhtbh.exec:\tnhtbh.exe66⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe67⤵
-
\??\c:\pdjdj.exec:\pdjdj.exe68⤵
-
\??\c:\fxlffxr.exec:\fxlffxr.exe69⤵
-
\??\c:\rrlxrlx.exec:\rrlxrlx.exe70⤵
-
\??\c:\bhbhnn.exec:\bhbhnn.exe71⤵
-
\??\c:\bthhnn.exec:\bthhnn.exe72⤵
-
\??\c:\pjddv.exec:\pjddv.exe73⤵
-
\??\c:\5vdjp.exec:\5vdjp.exe74⤵
-
\??\c:\fxfrflx.exec:\fxfrflx.exe75⤵
-
\??\c:\xxxfrrl.exec:\xxxfrrl.exe76⤵
-
\??\c:\nthnhn.exec:\nthnhn.exe77⤵
-
\??\c:\5nhhbb.exec:\5nhhbb.exe78⤵
-
\??\c:\hbtnbh.exec:\hbtnbh.exe79⤵
-
\??\c:\vvvdv.exec:\vvvdv.exe80⤵
-
\??\c:\5ppdp.exec:\5ppdp.exe81⤵
-
\??\c:\1lrlxfr.exec:\1lrlxfr.exe82⤵
-
\??\c:\1ffxffx.exec:\1ffxffx.exe83⤵
-
\??\c:\9ttbht.exec:\9ttbht.exe84⤵
-
\??\c:\3ttbnt.exec:\3ttbnt.exe85⤵
-
\??\c:\jvdjd.exec:\jvdjd.exe86⤵
-
\??\c:\jdjvj.exec:\jdjvj.exe87⤵
-
\??\c:\vpddp.exec:\vpddp.exe88⤵
-
\??\c:\lrrxlff.exec:\lrrxlff.exe89⤵
-
\??\c:\fflrfxr.exec:\fflrfxr.exe90⤵
-
\??\c:\hhbbnb.exec:\hhbbnb.exe91⤵
-
\??\c:\tbnntt.exec:\tbnntt.exe92⤵
-
\??\c:\dvpjp.exec:\dvpjp.exe93⤵
-
\??\c:\rrffllx.exec:\rrffllx.exe94⤵
-
\??\c:\rlxfffr.exec:\rlxfffr.exe95⤵
-
\??\c:\9fxrlrr.exec:\9fxrlrr.exe96⤵
-
\??\c:\tbnthh.exec:\tbnthh.exe97⤵
-
\??\c:\7jdpj.exec:\7jdpj.exe98⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe99⤵
-
\??\c:\xfllrrf.exec:\xfllrrf.exe100⤵
-
\??\c:\xrfrxlr.exec:\xrfrxlr.exe101⤵
-
\??\c:\hhbntb.exec:\hhbntb.exe102⤵
-
\??\c:\hhhtnt.exec:\hhhtnt.exe103⤵
-
\??\c:\vvvjd.exec:\vvvjd.exe104⤵
-
\??\c:\vvdjp.exec:\vvdjp.exe105⤵
-
\??\c:\xrrxlrf.exec:\xrrxlrf.exe106⤵
-
\??\c:\7tbhbb.exec:\7tbhbb.exe107⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe108⤵
-
\??\c:\vpjvv.exec:\vpjvv.exe109⤵
-
\??\c:\lflrfrf.exec:\lflrfrf.exe110⤵
-
\??\c:\rrlrlxl.exec:\rrlrlxl.exe111⤵
-
\??\c:\9ttbth.exec:\9ttbth.exe112⤵
-
\??\c:\pvpdj.exec:\pvpdj.exe113⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe114⤵
-
\??\c:\llfrxll.exec:\llfrxll.exe115⤵
-
\??\c:\ffxflxl.exec:\ffxflxl.exe116⤵
-
\??\c:\xlxfxxl.exec:\xlxfxxl.exe117⤵
-
\??\c:\nbtbth.exec:\nbtbth.exe118⤵
-
\??\c:\1nhntt.exec:\1nhntt.exe119⤵
-
\??\c:\vdpvj.exec:\vdpvj.exe120⤵
-
\??\c:\1xlrxfr.exec:\1xlrxfr.exe121⤵
-
\??\c:\xxxlrxl.exec:\xxxlrxl.exe122⤵
-
\??\c:\5ddpv.exec:\5ddpv.exe123⤵
-
\??\c:\vvpdv.exec:\vvpdv.exe124⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe125⤵
-
\??\c:\rlxrrrf.exec:\rlxrrrf.exe126⤵
-
\??\c:\xxrfxxl.exec:\xxrfxxl.exe127⤵
-
\??\c:\hhthnt.exec:\hhthnt.exe128⤵
-
\??\c:\tnhhnt.exec:\tnhhnt.exe129⤵
-
\??\c:\7vvdj.exec:\7vvdj.exe130⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe131⤵
-
\??\c:\xxrxffr.exec:\xxrxffr.exe132⤵
-
\??\c:\xfxxlrx.exec:\xfxxlrx.exe133⤵
-
\??\c:\3nttbb.exec:\3nttbb.exe134⤵
-
\??\c:\nnhbbt.exec:\nnhbbt.exe135⤵
-
\??\c:\jjjpj.exec:\jjjpj.exe136⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe137⤵
-
\??\c:\xrllrxl.exec:\xrllrxl.exe138⤵
-
\??\c:\3lxlxxr.exec:\3lxlxxr.exe139⤵
-
\??\c:\btbbhn.exec:\btbbhn.exe140⤵
-
\??\c:\7hbnhh.exec:\7hbnhh.exe141⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe142⤵
-
\??\c:\dddjp.exec:\dddjp.exe143⤵
-
\??\c:\xllfllx.exec:\xllfllx.exe144⤵
-
\??\c:\1fflxxf.exec:\1fflxxf.exe145⤵
-
\??\c:\5frxllx.exec:\5frxllx.exe146⤵
-
\??\c:\tnhhnt.exec:\tnhhnt.exe147⤵
-
\??\c:\ttbbhn.exec:\ttbbhn.exe148⤵
-
\??\c:\9vvdv.exec:\9vvdv.exe149⤵
-
\??\c:\jddpv.exec:\jddpv.exe150⤵
-
\??\c:\3frfrxf.exec:\3frfrxf.exe151⤵
-
\??\c:\flrlxrl.exec:\flrlxrl.exe152⤵
-
\??\c:\nnhnbh.exec:\nnhnbh.exe153⤵
-
\??\c:\hbtbnt.exec:\hbtbnt.exe154⤵
-
\??\c:\vdvvv.exec:\vdvvv.exe155⤵
-
\??\c:\fxlrxlr.exec:\fxlrxlr.exe156⤵
-
\??\c:\xxrxlrl.exec:\xxrxlrl.exe157⤵
-
\??\c:\hhbbnt.exec:\hhbbnt.exe158⤵
-
\??\c:\bbbhbb.exec:\bbbhbb.exe159⤵
-
\??\c:\vppvv.exec:\vppvv.exe160⤵
-
\??\c:\ddvvv.exec:\ddvvv.exe161⤵
-
\??\c:\jddjv.exec:\jddjv.exe162⤵
-
\??\c:\xxllxfl.exec:\xxllxfl.exe163⤵
-
\??\c:\rxxllrl.exec:\rxxllrl.exe164⤵
-
\??\c:\1bhbnt.exec:\1bhbnt.exe165⤵
-
\??\c:\hhbtht.exec:\hhbtht.exe166⤵
-
\??\c:\vpjvv.exec:\vpjvv.exe167⤵
-
\??\c:\pjvpj.exec:\pjvpj.exe168⤵
-
\??\c:\rrllffr.exec:\rrllffr.exe169⤵
-
\??\c:\tntbbn.exec:\tntbbn.exe170⤵
-
\??\c:\1ttnth.exec:\1ttnth.exe171⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe172⤵
-
\??\c:\ddjdd.exec:\ddjdd.exe173⤵
-
\??\c:\dvppv.exec:\dvppv.exe174⤵
-
\??\c:\xrflflf.exec:\xrflflf.exe175⤵
-
\??\c:\7thhbn.exec:\7thhbn.exe176⤵
-
\??\c:\ttnnbh.exec:\ttnnbh.exe177⤵
-
\??\c:\jdvjp.exec:\jdvjp.exe178⤵
-
\??\c:\jdvjp.exec:\jdvjp.exe179⤵
-
\??\c:\7ffxffr.exec:\7ffxffr.exe180⤵
-
\??\c:\flflrrf.exec:\flflrrf.exe181⤵
-
\??\c:\ntthnh.exec:\ntthnh.exe182⤵
-
\??\c:\1bnnhn.exec:\1bnnhn.exe183⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe184⤵
-
\??\c:\vvjjv.exec:\vvjjv.exe185⤵
-
\??\c:\xrlllrf.exec:\xrlllrf.exe186⤵
-
\??\c:\lrlrlrl.exec:\lrlrlrl.exe187⤵
-
\??\c:\9thhtb.exec:\9thhtb.exe188⤵
-
\??\c:\1bhbnh.exec:\1bhbnh.exe189⤵
-
\??\c:\9jjdj.exec:\9jjdj.exe190⤵
-
\??\c:\3dvvj.exec:\3dvvj.exe191⤵
-
\??\c:\3lrxrrx.exec:\3lrxrrx.exe192⤵
-
\??\c:\lfxlfxf.exec:\lfxlfxf.exe193⤵
-
\??\c:\3hbtht.exec:\3hbtht.exe194⤵
-
\??\c:\tbthnb.exec:\tbthnb.exe195⤵
-
\??\c:\7vdpd.exec:\7vdpd.exe196⤵
-
\??\c:\9ppdp.exec:\9ppdp.exe197⤵
-
\??\c:\vvvdp.exec:\vvvdp.exe198⤵
-
\??\c:\fxxxrrx.exec:\fxxxrrx.exe199⤵
-
\??\c:\fxllxlr.exec:\fxllxlr.exe200⤵
-
\??\c:\1tnhnb.exec:\1tnhnb.exe201⤵
-
\??\c:\btnthn.exec:\btnthn.exe202⤵
-
\??\c:\jjjvj.exec:\jjjvj.exe203⤵
-
\??\c:\1xrxlrf.exec:\1xrxlrf.exe204⤵
-
\??\c:\ttbhbn.exec:\ttbhbn.exe205⤵
-
\??\c:\9nthbh.exec:\9nthbh.exe206⤵
-
\??\c:\pvjdv.exec:\pvjdv.exe207⤵
-
\??\c:\9jdjp.exec:\9jdjp.exe208⤵
-
\??\c:\rxfxlxr.exec:\rxfxlxr.exe209⤵
-
\??\c:\lfflxlx.exec:\lfflxlx.exe210⤵
-
\??\c:\hnhbhn.exec:\hnhbhn.exe211⤵
-
\??\c:\bbtbnn.exec:\bbtbnn.exe212⤵
-
\??\c:\pjpvv.exec:\pjpvv.exe213⤵
-
\??\c:\vvpvd.exec:\vvpvd.exe214⤵
-
\??\c:\vddpj.exec:\vddpj.exe215⤵
-
\??\c:\lfxlxfr.exec:\lfxlxfr.exe216⤵
-
\??\c:\fffrxfr.exec:\fffrxfr.exe217⤵
-
\??\c:\7tnbhb.exec:\7tnbhb.exe218⤵
-
\??\c:\ttnthb.exec:\ttnthb.exe219⤵
-
\??\c:\ddjpd.exec:\ddjpd.exe220⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe221⤵
-
\??\c:\lfrxflx.exec:\lfrxflx.exe222⤵
-
\??\c:\5rlxflx.exec:\5rlxflx.exe223⤵
-
\??\c:\9hbbhn.exec:\9hbbhn.exe224⤵
-
\??\c:\nnnbbb.exec:\nnnbbb.exe225⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe226⤵
-
\??\c:\pjddd.exec:\pjddd.exe227⤵
-
\??\c:\5rlxffr.exec:\5rlxffr.exe228⤵
-
\??\c:\7xfxlxr.exec:\7xfxlxr.exe229⤵
-
\??\c:\5llflrf.exec:\5llflrf.exe230⤵
-
\??\c:\hntnbn.exec:\hntnbn.exe231⤵
-
\??\c:\bbthhn.exec:\bbthhn.exe232⤵
-
\??\c:\7dvvd.exec:\7dvvd.exe233⤵
-
\??\c:\dvpjp.exec:\dvpjp.exe234⤵
-
\??\c:\fxrrrrx.exec:\fxrrrrx.exe235⤵
-
\??\c:\5rllxlx.exec:\5rllxlx.exe236⤵
-
\??\c:\httttt.exec:\httttt.exe237⤵
-
\??\c:\hhtbhh.exec:\hhtbhh.exe238⤵
-
\??\c:\vpddj.exec:\vpddj.exe239⤵
-
\??\c:\dvpdp.exec:\dvpdp.exe240⤵
-
\??\c:\1rrfxlx.exec:\1rrfxlx.exe241⤵