Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
19-05-2024 20:49
General
-
Target
3f3236c1edc5229bd56c5c2774df365b8f688ef8172f801d3e6ac294a9eeb4eb.exe
-
Size
443KB
-
MD5
38b96ee34f68ab75acbdfddf60acb163
-
SHA1
8c77a2284b5abec17b50ecf1ff414b43378e6700
-
SHA256
3f3236c1edc5229bd56c5c2774df365b8f688ef8172f801d3e6ac294a9eeb4eb
-
SHA512
52fb7279762dfaa304ed68621e9864ca2e23e47e35cd1aed3a82696b5900f9cbd625aaa5b7c4eb94e4af9827e5c90ec9c7ed9bbcdbb0bf15c175c26e8806e47e
-
SSDEEP
6144:n3C9BRo7tvnJ9Fywhk/T4i37K3BoKg0p5WI09Jn:n3C9ytvn8whkb4i3e3GFO6Jn
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
UPX dump on OEP (original entry point) 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3f3236c1edc5229bd56c5c2774df365b8f688ef8172f801d3e6ac294a9eeb4eb.exe"C:\Users\Admin\AppData\Local\Temp\3f3236c1edc5229bd56c5c2774df365b8f688ef8172f801d3e6ac294a9eeb4eb.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbtn.exec:\bbtbtn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxxxxx.exec:\frxxxxx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtthh.exec:\bbtthh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvdp.exec:\dvvdp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrrxr.exec:\xrxrrxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnnhh.exec:\btnnhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntnnn.exec:\nntnnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppp.exec:\jdppp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfffxrx.exec:\lfffxrx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlllrr.exec:\xxlllrr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhttt.exec:\tbhttt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllffrf.exec:\xllffrf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbtt.exec:\btbbtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvpp.exec:\dpvpp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrrlll.exec:\fxrrlll.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7fffrrr.exec:\7fffrrr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ddvp.exec:\1ddvp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfffx.exec:\lflfffx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbhhn.exec:\hnbhhn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppj.exec:\pjppj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllllrr.exec:\fllllrr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tttnn.exec:\1tttnn.exe23⤵
- Executes dropped EXE
-
\??\c:\pppjd.exec:\pppjd.exe24⤵
- Executes dropped EXE
-
\??\c:\nttnhn.exec:\nttnhn.exe25⤵
- Executes dropped EXE
-
\??\c:\pvpjj.exec:\pvpjj.exe26⤵
- Executes dropped EXE
-
\??\c:\5lrrrxx.exec:\5lrrrxx.exe27⤵
- Executes dropped EXE
-
\??\c:\tbhnnb.exec:\tbhnnb.exe28⤵
- Executes dropped EXE
-
\??\c:\1ttnnn.exec:\1ttnnn.exe29⤵
- Executes dropped EXE
-
\??\c:\pvpjj.exec:\pvpjj.exe30⤵
- Executes dropped EXE
-
\??\c:\xxfxxrr.exec:\xxfxxrr.exe31⤵
- Executes dropped EXE
-
\??\c:\3rfxxlx.exec:\3rfxxlx.exe32⤵
- Executes dropped EXE
-
\??\c:\xllllfl.exec:\xllllfl.exe33⤵
- Executes dropped EXE
-
\??\c:\hbhtnn.exec:\hbhtnn.exe34⤵
- Executes dropped EXE
-
\??\c:\dpvpd.exec:\dpvpd.exe35⤵
- Executes dropped EXE
-
\??\c:\frrlffx.exec:\frrlffx.exe36⤵
- Executes dropped EXE
-
\??\c:\hbtnnh.exec:\hbtnnh.exe37⤵
- Executes dropped EXE
-
\??\c:\vjpjv.exec:\vjpjv.exe38⤵
- Executes dropped EXE
-
\??\c:\xrxxxxr.exec:\xrxxxxr.exe39⤵
- Executes dropped EXE
-
\??\c:\3tbthh.exec:\3tbthh.exe40⤵
- Executes dropped EXE
-
\??\c:\1pjpp.exec:\1pjpp.exe41⤵
- Executes dropped EXE
-
\??\c:\pvvvv.exec:\pvvvv.exe42⤵
- Executes dropped EXE
-
\??\c:\fxfxxxr.exec:\fxfxxxr.exe43⤵
- Executes dropped EXE
-
\??\c:\hnhnnb.exec:\hnhnnb.exe44⤵
- Executes dropped EXE
-
\??\c:\flrllrl.exec:\flrllrl.exe45⤵
- Executes dropped EXE
-
\??\c:\jjjdv.exec:\jjjdv.exe46⤵
- Executes dropped EXE
-
\??\c:\lfrrxfx.exec:\lfrrxfx.exe47⤵
- Executes dropped EXE
-
\??\c:\btthhb.exec:\btthhb.exe48⤵
- Executes dropped EXE
-
\??\c:\dvvvv.exec:\dvvvv.exe49⤵
- Executes dropped EXE
-
\??\c:\rffxxrr.exec:\rffxxrr.exe50⤵
- Executes dropped EXE
-
\??\c:\bthbbn.exec:\bthbbn.exe51⤵
- Executes dropped EXE
-
\??\c:\pjppj.exec:\pjppj.exe52⤵
- Executes dropped EXE
-
\??\c:\xxffxlf.exec:\xxffxlf.exe53⤵
- Executes dropped EXE
-
\??\c:\nhtnhh.exec:\nhtnhh.exe54⤵
- Executes dropped EXE
-
\??\c:\pjjdd.exec:\pjjdd.exe55⤵
- Executes dropped EXE
-
\??\c:\pjvvv.exec:\pjvvv.exe56⤵
- Executes dropped EXE
-
\??\c:\9lxrrxx.exec:\9lxrrxx.exe57⤵
- Executes dropped EXE
-
\??\c:\7hhbtt.exec:\7hhbtt.exe58⤵
- Executes dropped EXE
-
\??\c:\jvddd.exec:\jvddd.exe59⤵
- Executes dropped EXE
-
\??\c:\lxxxrxx.exec:\lxxxrxx.exe60⤵
- Executes dropped EXE
-
\??\c:\hhttbb.exec:\hhttbb.exe61⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe62⤵
- Executes dropped EXE
-
\??\c:\fffflll.exec:\fffflll.exe63⤵
- Executes dropped EXE
-
\??\c:\bnbnnn.exec:\bnbnnn.exe64⤵
- Executes dropped EXE
-
\??\c:\pdjvv.exec:\pdjvv.exe65⤵
- Executes dropped EXE
-
\??\c:\rflffff.exec:\rflffff.exe66⤵
-
\??\c:\tbhhbb.exec:\tbhhbb.exe67⤵
-
\??\c:\thbbbb.exec:\thbbbb.exe68⤵
-
\??\c:\vjppp.exec:\vjppp.exe69⤵
-
\??\c:\7llfrrf.exec:\7llfrrf.exe70⤵
-
\??\c:\7llfxxr.exec:\7llfxxr.exe71⤵
-
\??\c:\hthbbb.exec:\hthbbb.exe72⤵
-
\??\c:\1ddvp.exec:\1ddvp.exe73⤵
-
\??\c:\vvddv.exec:\vvddv.exe74⤵
-
\??\c:\1xrxxll.exec:\1xrxxll.exe75⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe76⤵
-
\??\c:\hbnhtt.exec:\hbnhtt.exe77⤵
-
\??\c:\ddjdv.exec:\ddjdv.exe78⤵
-
\??\c:\rrxrrrr.exec:\rrxrrrr.exe79⤵
-
\??\c:\rlrllll.exec:\rlrllll.exe80⤵
-
\??\c:\tntnhh.exec:\tntnhh.exe81⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe82⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe83⤵
-
\??\c:\lflflfl.exec:\lflflfl.exe84⤵
-
\??\c:\tthhbn.exec:\tthhbn.exe85⤵
-
\??\c:\nbnhbb.exec:\nbnhbb.exe86⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe87⤵
-
\??\c:\9xxrrrr.exec:\9xxrrrr.exe88⤵
-
\??\c:\bhnnnn.exec:\bhnnnn.exe89⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe90⤵
-
\??\c:\pvjpj.exec:\pvjpj.exe91⤵
-
\??\c:\1frrlrl.exec:\1frrlrl.exe92⤵
-
\??\c:\xrrrlfr.exec:\xrrrlfr.exe93⤵
-
\??\c:\hhttnb.exec:\hhttnb.exe94⤵
-
\??\c:\ddjdv.exec:\ddjdv.exe95⤵
-
\??\c:\ppvpp.exec:\ppvpp.exe96⤵
-
\??\c:\ffffxxl.exec:\ffffxxl.exe97⤵
-
\??\c:\pjppv.exec:\pjppv.exe98⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe99⤵
-
\??\c:\rfrrlll.exec:\rfrrlll.exe100⤵
-
\??\c:\3ddvv.exec:\3ddvv.exe101⤵
-
\??\c:\rfllxxx.exec:\rfllxxx.exe102⤵
-
\??\c:\xfrlxxx.exec:\xfrlxxx.exe103⤵
-
\??\c:\3hnbbn.exec:\3hnbbn.exe104⤵
-
\??\c:\jvjdj.exec:\jvjdj.exe105⤵
-
\??\c:\rrlfxfx.exec:\rrlfxfx.exe106⤵
-
\??\c:\nnnnbb.exec:\nnnnbb.exe107⤵
-
\??\c:\bntbtb.exec:\bntbtb.exe108⤵
-
\??\c:\dddvp.exec:\dddvp.exe109⤵
-
\??\c:\lfxrfrr.exec:\lfxrfrr.exe110⤵
-
\??\c:\ttttnt.exec:\ttttnt.exe111⤵
-
\??\c:\bhbttt.exec:\bhbttt.exe112⤵
-
\??\c:\jjvvp.exec:\jjvvp.exe113⤵
-
\??\c:\fxlflll.exec:\fxlflll.exe114⤵
-
\??\c:\xxxxxxx.exec:\xxxxxxx.exe115⤵
-
\??\c:\nhhhbb.exec:\nhhhbb.exe116⤵
-
\??\c:\jdddd.exec:\jdddd.exe117⤵
-
\??\c:\rlxlffl.exec:\rlxlffl.exe118⤵
-
\??\c:\9ntntt.exec:\9ntntt.exe119⤵
-
\??\c:\dddvv.exec:\dddvv.exe120⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe121⤵
-
\??\c:\xrxrllf.exec:\xrxrllf.exe122⤵
-
\??\c:\btbbbt.exec:\btbbbt.exe123⤵
-
\??\c:\hbbtbt.exec:\hbbtbt.exe124⤵
-
\??\c:\7dvpd.exec:\7dvpd.exe125⤵
-
\??\c:\fxlfffr.exec:\fxlfffr.exe126⤵
-
\??\c:\7bbnnt.exec:\7bbnnt.exe127⤵
-
\??\c:\3thbnn.exec:\3thbnn.exe128⤵
-
\??\c:\djpjj.exec:\djpjj.exe129⤵
-
\??\c:\lfrflfx.exec:\lfrflfx.exe130⤵
-
\??\c:\nnhbtb.exec:\nnhbtb.exe131⤵
-
\??\c:\vjdpj.exec:\vjdpj.exe132⤵
-
\??\c:\5pvpj.exec:\5pvpj.exe133⤵
-
\??\c:\lflfffx.exec:\lflfffx.exe134⤵
-
\??\c:\hhhhbb.exec:\hhhhbb.exe135⤵
-
\??\c:\dppjj.exec:\dppjj.exe136⤵
-
\??\c:\rrxxfxl.exec:\rrxxfxl.exe137⤵
-
\??\c:\hbhhhh.exec:\hbhhhh.exe138⤵
-
\??\c:\hbhbhh.exec:\hbhbhh.exe139⤵
-
\??\c:\vvppp.exec:\vvppp.exe140⤵
-
\??\c:\7flffxr.exec:\7flffxr.exe141⤵
-
\??\c:\bnnhnn.exec:\bnnhnn.exe142⤵
-
\??\c:\5vvvp.exec:\5vvvp.exe143⤵
-
\??\c:\3xxrrrl.exec:\3xxrrrl.exe144⤵
-
\??\c:\5bnntt.exec:\5bnntt.exe145⤵
-
\??\c:\nntnnh.exec:\nntnnh.exe146⤵
-
\??\c:\jvjdv.exec:\jvjdv.exe147⤵
-
\??\c:\rlxrxrf.exec:\rlxrxrf.exe148⤵
-
\??\c:\rllfffl.exec:\rllfffl.exe149⤵
-
\??\c:\ntbtnn.exec:\ntbtnn.exe150⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe151⤵
-
\??\c:\rlrlllf.exec:\rlrlllf.exe152⤵
-
\??\c:\hhhnhb.exec:\hhhnhb.exe153⤵
-
\??\c:\5vdvp.exec:\5vdvp.exe154⤵
-
\??\c:\1jdvp.exec:\1jdvp.exe155⤵
-
\??\c:\xxlffxx.exec:\xxlffxx.exe156⤵
-
\??\c:\htttth.exec:\htttth.exe157⤵
-
\??\c:\bhhhhh.exec:\bhhhhh.exe158⤵
-
\??\c:\5pvpj.exec:\5pvpj.exe159⤵
-
\??\c:\1xxffff.exec:\1xxffff.exe160⤵
-
\??\c:\rflffff.exec:\rflffff.exe161⤵
-
\??\c:\ttntth.exec:\ttntth.exe162⤵
-
\??\c:\tnbbnn.exec:\tnbbnn.exe163⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe164⤵
-
\??\c:\fllllxx.exec:\fllllxx.exe165⤵
-
\??\c:\nhttnb.exec:\nhttnb.exe166⤵
-
\??\c:\djjdd.exec:\djjdd.exe167⤵
-
\??\c:\3lllffx.exec:\3lllffx.exe168⤵
-
\??\c:\thnnhb.exec:\thnnhb.exe169⤵
-
\??\c:\vvvdv.exec:\vvvdv.exe170⤵
-
\??\c:\flxrrrx.exec:\flxrrrx.exe171⤵
-
\??\c:\rlrlllf.exec:\rlrlllf.exe172⤵
-
\??\c:\hbhbbb.exec:\hbhbbb.exe173⤵
-
\??\c:\vpddv.exec:\vpddv.exe174⤵
-
\??\c:\fffxxrr.exec:\fffxxrr.exe175⤵
-
\??\c:\9nhhhh.exec:\9nhhhh.exe176⤵
-
\??\c:\nbbbtb.exec:\nbbbtb.exe177⤵
-
\??\c:\pdpdv.exec:\pdpdv.exe178⤵
-
\??\c:\llrrxxr.exec:\llrrxxr.exe179⤵
-
\??\c:\hbbttt.exec:\hbbttt.exe180⤵
-
\??\c:\djjdp.exec:\djjdp.exe181⤵
-
\??\c:\rrffrrx.exec:\rrffrrx.exe182⤵
-
\??\c:\3fllllf.exec:\3fllllf.exe183⤵
-
\??\c:\btbtnt.exec:\btbtnt.exe184⤵
-
\??\c:\dpvvj.exec:\dpvvj.exe185⤵
-
\??\c:\llrlffx.exec:\llrlffx.exe186⤵
-
\??\c:\1ttnnn.exec:\1ttnnn.exe187⤵
-
\??\c:\5vvpd.exec:\5vvpd.exe188⤵
-
\??\c:\5pjdd.exec:\5pjdd.exe189⤵
-
\??\c:\lffxrrl.exec:\lffxrrl.exe190⤵
-
\??\c:\nhbtbb.exec:\nhbtbb.exe191⤵
-
\??\c:\5vdvp.exec:\5vdvp.exe192⤵
-
\??\c:\pppvp.exec:\pppvp.exe193⤵
-
\??\c:\fxfxxff.exec:\fxfxxff.exe194⤵
-
\??\c:\bbhnhh.exec:\bbhnhh.exe195⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe196⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe197⤵
-
\??\c:\ffxllff.exec:\ffxllff.exe198⤵
-
\??\c:\nbtntn.exec:\nbtntn.exe199⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe200⤵
-
\??\c:\dvvpv.exec:\dvvpv.exe201⤵
-
\??\c:\llxxxfl.exec:\llxxxfl.exe202⤵
-
\??\c:\bttnnn.exec:\bttnnn.exe203⤵
-
\??\c:\9hnntn.exec:\9hnntn.exe204⤵
-
\??\c:\5pppp.exec:\5pppp.exe205⤵
-
\??\c:\5rrlffx.exec:\5rrlffx.exe206⤵
-
\??\c:\tntttt.exec:\tntttt.exe207⤵
-
\??\c:\hhbbtt.exec:\hhbbtt.exe208⤵
-
\??\c:\vjvpv.exec:\vjvpv.exe209⤵
-
\??\c:\lfxrllf.exec:\lfxrllf.exe210⤵
-
\??\c:\hhhbbn.exec:\hhhbbn.exe211⤵
-
\??\c:\pvdpv.exec:\pvdpv.exe212⤵
-
\??\c:\fxfxrrl.exec:\fxfxrrl.exe213⤵
-
\??\c:\bhnnhh.exec:\bhnnhh.exe214⤵
-
\??\c:\btbbtn.exec:\btbbtn.exe215⤵
-
\??\c:\pppjj.exec:\pppjj.exe216⤵
-
\??\c:\lrlfflf.exec:\lrlfflf.exe217⤵
-
\??\c:\hhtttn.exec:\hhtttn.exe218⤵
-
\??\c:\nnhhtt.exec:\nnhhtt.exe219⤵
-
\??\c:\jjpvd.exec:\jjpvd.exe220⤵
-
\??\c:\5vvvj.exec:\5vvvj.exe221⤵
-
\??\c:\rffxrll.exec:\rffxrll.exe222⤵
-
\??\c:\tntthb.exec:\tntthb.exe223⤵
-
\??\c:\9jjjd.exec:\9jjjd.exe224⤵
-
\??\c:\xxxxxll.exec:\xxxxxll.exe225⤵
-
\??\c:\tttttn.exec:\tttttn.exe226⤵
-
\??\c:\ddjjp.exec:\ddjjp.exe227⤵
-
\??\c:\9rrxrff.exec:\9rrxrff.exe228⤵
-
\??\c:\nnbbth.exec:\nnbbth.exe229⤵
-
\??\c:\ntbbbh.exec:\ntbbbh.exe230⤵
-
\??\c:\djvvv.exec:\djvvv.exe231⤵
-
\??\c:\xlxxrxr.exec:\xlxxrxr.exe232⤵
-
\??\c:\nthbtt.exec:\nthbtt.exe233⤵
-
\??\c:\tntnhn.exec:\tntnhn.exe234⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe235⤵
-
\??\c:\rlffflf.exec:\rlffflf.exe236⤵
-
\??\c:\nhttht.exec:\nhttht.exe237⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe238⤵
-
\??\c:\fxfffff.exec:\fxfffff.exe239⤵
-
\??\c:\xrxxrrl.exec:\xrxxrrl.exe240⤵
-
\??\c:\tbhhhn.exec:\tbhhhn.exe241⤵