Analysis
-
max time kernel
150s -
max time network
112s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
20-05-2024 22:08
General
-
Target
4bed605c0c3cb63d04ccb5b529cb57e5e6b11e48162d859612a9d9c031a4776a.exe
-
Size
78KB
-
MD5
658c5738d0a091bca866df4b9bbd4589
-
SHA1
b41b9da5cc1d293f7cabb566c5c1be1ed6de09ce
-
SHA256
4bed605c0c3cb63d04ccb5b529cb57e5e6b11e48162d859612a9d9c031a4776a
-
SHA512
e5b042addb9b0bf1c8b4fb403bc1d26ad547a2e9a9d029e883c9d64d6bb7a12dc48029bc49ca942325b375a0c678a05c6898f7049527450d691d2a123cdd1f2a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIYgC/KSLJEd2aw:ymb3NkkiQ3mdBjFI3eFC/w
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
UPX dump on OEP (original entry point) 30 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4bed605c0c3cb63d04ccb5b529cb57e5e6b11e48162d859612a9d9c031a4776a.exe"C:\Users\Admin\AppData\Local\Temp\4bed605c0c3cb63d04ccb5b529cb57e5e6b11e48162d859612a9d9c031a4776a.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhbtn.exec:\nnhbtn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpjd.exec:\ddpjd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvjj.exec:\vjvjj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfffxxr.exec:\lfffxxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrlff.exec:\rlrrlff.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnhhh.exec:\hbnhhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjd.exec:\vppjd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvv.exec:\dvdvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxxfxf.exec:\xfxxfxf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdv.exec:\vvjdv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpd.exec:\jvvpd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhnnt.exec:\bnhnnt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdv.exec:\vjjdv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxllf.exec:\lffxllf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httttt.exec:\httttt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjddd.exec:\pjddd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjjj.exec:\jjjjj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrllff.exec:\lrrllff.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7htnnh.exec:\7htnnh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbnhb.exec:\htbnhb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvdv.exec:\vdvdv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfxrlf.exec:\rrfxrlf.exe23⤵
- Executes dropped EXE
-
\??\c:\xlrlxrx.exec:\xlrlxrx.exe24⤵
- Executes dropped EXE
-
\??\c:\nhnbbb.exec:\nhnbbb.exe25⤵
- Executes dropped EXE
-
\??\c:\djppj.exec:\djppj.exe26⤵
- Executes dropped EXE
-
\??\c:\ffffxxx.exec:\ffffxxx.exe27⤵
- Executes dropped EXE
-
\??\c:\llrrllf.exec:\llrrllf.exe28⤵
- Executes dropped EXE
-
\??\c:\3hhbtt.exec:\3hhbtt.exe29⤵
- Executes dropped EXE
-
\??\c:\pdppv.exec:\pdppv.exe30⤵
- Executes dropped EXE
-
\??\c:\pdjdv.exec:\pdjdv.exe31⤵
- Executes dropped EXE
-
\??\c:\fxxrrll.exec:\fxxrrll.exe32⤵
- Executes dropped EXE
-
\??\c:\hbbtnn.exec:\hbbtnn.exe33⤵
- Executes dropped EXE
-
\??\c:\nhtthb.exec:\nhtthb.exe34⤵
- Executes dropped EXE
-
\??\c:\ppvpv.exec:\ppvpv.exe35⤵
- Executes dropped EXE
-
\??\c:\ppjjv.exec:\ppjjv.exe36⤵
- Executes dropped EXE
-
\??\c:\lflxxlx.exec:\lflxxlx.exe37⤵
- Executes dropped EXE
-
\??\c:\llrflll.exec:\llrflll.exe38⤵
- Executes dropped EXE
-
\??\c:\ttnhbb.exec:\ttnhbb.exe39⤵
- Executes dropped EXE
-
\??\c:\ddvvv.exec:\ddvvv.exe40⤵
- Executes dropped EXE
-
\??\c:\djjdv.exec:\djjdv.exe41⤵
- Executes dropped EXE
-
\??\c:\flfffxf.exec:\flfffxf.exe42⤵
- Executes dropped EXE
-
\??\c:\xrrlfff.exec:\xrrlfff.exe43⤵
- Executes dropped EXE
-
\??\c:\nhhhtb.exec:\nhhhtb.exe44⤵
- Executes dropped EXE
-
\??\c:\htnnbt.exec:\htnnbt.exe45⤵
- Executes dropped EXE
-
\??\c:\ppjjd.exec:\ppjjd.exe46⤵
- Executes dropped EXE
-
\??\c:\pjvpd.exec:\pjvpd.exe47⤵
- Executes dropped EXE
-
\??\c:\lllfrrl.exec:\lllfrrl.exe48⤵
- Executes dropped EXE
-
\??\c:\ttnbbt.exec:\ttnbbt.exe49⤵
- Executes dropped EXE
-
\??\c:\lllflll.exec:\lllflll.exe50⤵
- Executes dropped EXE
-
\??\c:\7xrrrfx.exec:\7xrrrfx.exe51⤵
- Executes dropped EXE
-
\??\c:\hbntbn.exec:\hbntbn.exe52⤵
- Executes dropped EXE
-
\??\c:\tnthbt.exec:\tnthbt.exe53⤵
- Executes dropped EXE
-
\??\c:\pddvv.exec:\pddvv.exe54⤵
- Executes dropped EXE
-
\??\c:\xxffllr.exec:\xxffllr.exe55⤵
- Executes dropped EXE
-
\??\c:\fxxxffl.exec:\fxxxffl.exe56⤵
- Executes dropped EXE
-
\??\c:\hhnbhn.exec:\hhnbhn.exe57⤵
- Executes dropped EXE
-
\??\c:\vpjdd.exec:\vpjdd.exe58⤵
- Executes dropped EXE
-
\??\c:\lrxlrfr.exec:\lrxlrfr.exe59⤵
- Executes dropped EXE
-
\??\c:\hhtnhb.exec:\hhtnhb.exe60⤵
- Executes dropped EXE
-
\??\c:\bbbnbb.exec:\bbbnbb.exe61⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe62⤵
- Executes dropped EXE
-
\??\c:\9fffxfx.exec:\9fffxfx.exe63⤵
- Executes dropped EXE
-
\??\c:\fxfrlxx.exec:\fxfrlxx.exe64⤵
- Executes dropped EXE
-
\??\c:\ffxxxxx.exec:\ffxxxxx.exe65⤵
- Executes dropped EXE
-
\??\c:\tnnhhb.exec:\tnnhhb.exe66⤵
-
\??\c:\httbnb.exec:\httbnb.exe67⤵
-
\??\c:\jvpjd.exec:\jvpjd.exe68⤵
-
\??\c:\xrlrlxr.exec:\xrlrlxr.exe69⤵
-
\??\c:\rlfxrrl.exec:\rlfxrrl.exe70⤵
-
\??\c:\htttnn.exec:\htttnn.exe71⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe72⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe73⤵
-
\??\c:\xrlrffl.exec:\xrlrffl.exe74⤵
-
\??\c:\3rxrlrl.exec:\3rxrlrl.exe75⤵
-
\??\c:\bbttnn.exec:\bbttnn.exe76⤵
-
\??\c:\hnnhbb.exec:\hnnhbb.exe77⤵
-
\??\c:\frrrllf.exec:\frrrllf.exe78⤵
-
\??\c:\lxxrlxf.exec:\lxxrlxf.exe79⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe80⤵
-
\??\c:\9bhbnb.exec:\9bhbnb.exe81⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe82⤵
-
\??\c:\lrllfll.exec:\lrllfll.exe83⤵
-
\??\c:\htbbbb.exec:\htbbbb.exe84⤵
-
\??\c:\bthbbt.exec:\bthbbt.exe85⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe86⤵
-
\??\c:\xflfrrl.exec:\xflfrrl.exe87⤵
-
\??\c:\lxrfrfr.exec:\lxrfrfr.exe88⤵
-
\??\c:\tnbthh.exec:\tnbthh.exe89⤵
-
\??\c:\hhnbtn.exec:\hhnbtn.exe90⤵
-
\??\c:\vjvvp.exec:\vjvvp.exe91⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe92⤵
-
\??\c:\rlxlrlr.exec:\rlxlrlr.exe93⤵
-
\??\c:\xffxrrl.exec:\xffxrrl.exe94⤵
-
\??\c:\nhnhhh.exec:\nhnhhh.exe95⤵
-
\??\c:\nhhntt.exec:\nhhntt.exe96⤵
-
\??\c:\ppvpd.exec:\ppvpd.exe97⤵
-
\??\c:\jjdvj.exec:\jjdvj.exe98⤵
-
\??\c:\rlrxrxx.exec:\rlrxrxx.exe99⤵
-
\??\c:\rfffxxx.exec:\rfffxxx.exe100⤵
-
\??\c:\bnhbtt.exec:\bnhbtt.exe101⤵
-
\??\c:\btbtnn.exec:\btbtnn.exe102⤵
-
\??\c:\3vjvp.exec:\3vjvp.exe103⤵
-
\??\c:\5vvvp.exec:\5vvvp.exe104⤵
-
\??\c:\lrrfrxr.exec:\lrrfrxr.exe105⤵
-
\??\c:\fxrrrrl.exec:\fxrrrrl.exe106⤵
-
\??\c:\hbnnhh.exec:\hbnnhh.exe107⤵
-
\??\c:\jjddd.exec:\jjddd.exe108⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe109⤵
-
\??\c:\rrxlffr.exec:\rrxlffr.exe110⤵
-
\??\c:\ffrrxlf.exec:\ffrrxlf.exe111⤵
-
\??\c:\tnnbbh.exec:\tnnbbh.exe112⤵
-
\??\c:\vjdpv.exec:\vjdpv.exe113⤵
-
\??\c:\9pppd.exec:\9pppd.exe114⤵
-
\??\c:\5lrlllr.exec:\5lrlllr.exe115⤵
-
\??\c:\xlffxxx.exec:\xlffxxx.exe116⤵
-
\??\c:\bnbtnn.exec:\bnbtnn.exe117⤵
-
\??\c:\bhnbtt.exec:\bhnbtt.exe118⤵
-
\??\c:\vdpjj.exec:\vdpjj.exe119⤵
-
\??\c:\pppjv.exec:\pppjv.exe120⤵
-
\??\c:\fxrlfff.exec:\fxrlfff.exe121⤵
-
\??\c:\fxfxrrl.exec:\fxfxrrl.exe122⤵
-
\??\c:\ntbhbb.exec:\ntbhbb.exe123⤵
-
\??\c:\hhnhhb.exec:\hhnhhb.exe124⤵
-
\??\c:\jjdvv.exec:\jjdvv.exe125⤵
-
\??\c:\ddddv.exec:\ddddv.exe126⤵
-
\??\c:\fxxrrrr.exec:\fxxrrrr.exe127⤵
-
\??\c:\ntnhbb.exec:\ntnhbb.exe128⤵
-
\??\c:\htbthh.exec:\htbthh.exe129⤵
-
\??\c:\7btnhh.exec:\7btnhh.exe130⤵
-
\??\c:\jpvpp.exec:\jpvpp.exe131⤵
-
\??\c:\jvjdv.exec:\jvjdv.exe132⤵
-
\??\c:\rllfrrl.exec:\rllfrrl.exe133⤵
-
\??\c:\hbnnbb.exec:\hbnnbb.exe134⤵
-
\??\c:\btnnhn.exec:\btnnhn.exe135⤵
-
\??\c:\7pvpj.exec:\7pvpj.exe136⤵
-
\??\c:\hthhtn.exec:\hthhtn.exe137⤵
-
\??\c:\btbtnh.exec:\btbtnh.exe138⤵
-
\??\c:\jvdpj.exec:\jvdpj.exe139⤵
-
\??\c:\jvvvp.exec:\jvvvp.exe140⤵
-
\??\c:\9frlxrf.exec:\9frlxrf.exe141⤵
-
\??\c:\lxxxrlf.exec:\lxxxrlf.exe142⤵
-
\??\c:\rlfxrlf.exec:\rlfxrlf.exe143⤵
-
\??\c:\3hhbnh.exec:\3hhbnh.exe144⤵
-
\??\c:\7tnbnh.exec:\7tnbnh.exe145⤵
-
\??\c:\jddpj.exec:\jddpj.exe146⤵
-
\??\c:\fxrfxrl.exec:\fxrfxrl.exe147⤵
-
\??\c:\9rrlffx.exec:\9rrlffx.exe148⤵
-
\??\c:\5tbtnb.exec:\5tbtnb.exe149⤵
-
\??\c:\pppjv.exec:\pppjv.exe150⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe151⤵
-
\??\c:\rrxrllf.exec:\rrxrllf.exe152⤵
-
\??\c:\tnnbtn.exec:\tnnbtn.exe153⤵
-
\??\c:\7jdvp.exec:\7jdvp.exe154⤵
-
\??\c:\vjdvd.exec:\vjdvd.exe155⤵
-
\??\c:\7lrlrlr.exec:\7lrlrlr.exe156⤵
-
\??\c:\7hhbbt.exec:\7hhbbt.exe157⤵
-
\??\c:\btnnhn.exec:\btnnhn.exe158⤵
-
\??\c:\vjjvj.exec:\vjjvj.exe159⤵
-
\??\c:\pddvj.exec:\pddvj.exe160⤵
-
\??\c:\xrrfrfx.exec:\xrrfrfx.exe161⤵
-
\??\c:\3ttnnn.exec:\3ttnnn.exe162⤵
-
\??\c:\thbtbb.exec:\thbtbb.exe163⤵
-
\??\c:\vvdpj.exec:\vvdpj.exe164⤵
-
\??\c:\pppdp.exec:\pppdp.exe165⤵
-
\??\c:\lrrlfff.exec:\lrrlfff.exe166⤵
-
\??\c:\rxrlfll.exec:\rxrlfll.exe167⤵
-
\??\c:\9nttnh.exec:\9nttnh.exe168⤵
-
\??\c:\pvjpj.exec:\pvjpj.exe169⤵
-
\??\c:\xxrlfxx.exec:\xxrlfxx.exe170⤵
-
\??\c:\rllfrrl.exec:\rllfrrl.exe171⤵
-
\??\c:\xrxxlfx.exec:\xrxxlfx.exe172⤵
-
\??\c:\nhbhht.exec:\nhbhht.exe173⤵
-
\??\c:\hnnhhn.exec:\hnnhhn.exe174⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe175⤵
-
\??\c:\lxxrlff.exec:\lxxrlff.exe176⤵
-
\??\c:\9lllfxr.exec:\9lllfxr.exe177⤵
-
\??\c:\rrlfxrl.exec:\rrlfxrl.exe178⤵
-
\??\c:\nbtnhh.exec:\nbtnhh.exe179⤵
-
\??\c:\1tnhtn.exec:\1tnhtn.exe180⤵
-
\??\c:\vvvdp.exec:\vvvdp.exe181⤵
-
\??\c:\7rrfrlf.exec:\7rrfrlf.exe182⤵
-
\??\c:\hhbnhb.exec:\hhbnhb.exe183⤵
-
\??\c:\bnnhnn.exec:\bnnhnn.exe184⤵
-
\??\c:\5pdvv.exec:\5pdvv.exe185⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe186⤵
-
\??\c:\lrrlxxr.exec:\lrrlxxr.exe187⤵
-
\??\c:\rxxrllf.exec:\rxxrllf.exe188⤵
-
\??\c:\hhtnhb.exec:\hhtnhb.exe189⤵
-
\??\c:\bbnnnh.exec:\bbnnnh.exe190⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe191⤵
-
\??\c:\rlfxllf.exec:\rlfxllf.exe192⤵
-
\??\c:\9rrrrrr.exec:\9rrrrrr.exe193⤵
-
\??\c:\nnbhtb.exec:\nnbhtb.exe194⤵
-
\??\c:\btnnnh.exec:\btnnnh.exe195⤵
-
\??\c:\5dpjv.exec:\5dpjv.exe196⤵
-
\??\c:\frrlxxr.exec:\frrlxxr.exe197⤵
-
\??\c:\ffrfxrf.exec:\ffrfxrf.exe198⤵
-
\??\c:\3bbbbb.exec:\3bbbbb.exe199⤵
-
\??\c:\pvdpj.exec:\pvdpj.exe200⤵
-
\??\c:\frxxxxl.exec:\frxxxxl.exe201⤵
-
\??\c:\rfxrfxr.exec:\rfxrfxr.exe202⤵
-
\??\c:\nbthbt.exec:\nbthbt.exe203⤵
-
\??\c:\tnhbhh.exec:\tnhbhh.exe204⤵
-
\??\c:\pvjvj.exec:\pvjvj.exe205⤵
-
\??\c:\jvddv.exec:\jvddv.exe206⤵
-
\??\c:\xrxlxrf.exec:\xrxlxrf.exe207⤵
-
\??\c:\bnhbnh.exec:\bnhbnh.exe208⤵
-
\??\c:\hnnnhh.exec:\hnnnhh.exe209⤵
-
\??\c:\vjvpv.exec:\vjvpv.exe210⤵
-
\??\c:\vvvvj.exec:\vvvvj.exe211⤵
-
\??\c:\xlxfrfr.exec:\xlxfrfr.exe212⤵
-
\??\c:\thbtnh.exec:\thbtnh.exe213⤵
-
\??\c:\hnnhhb.exec:\hnnhhb.exe214⤵
-
\??\c:\hbthtn.exec:\hbthtn.exe215⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe216⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe217⤵
-
\??\c:\lrrrllf.exec:\lrrrllf.exe218⤵
-
\??\c:\frfxlrf.exec:\frfxlrf.exe219⤵
-
\??\c:\bnnnhn.exec:\bnnnhn.exe220⤵
-
\??\c:\hbtnbb.exec:\hbtnbb.exe221⤵
-
\??\c:\jpppv.exec:\jpppv.exe222⤵
-
\??\c:\5jjdp.exec:\5jjdp.exe223⤵
-
\??\c:\llrlfxx.exec:\llrlfxx.exe224⤵
-
\??\c:\hbbtbb.exec:\hbbtbb.exe225⤵
-
\??\c:\7tnhtt.exec:\7tnhtt.exe226⤵
-
\??\c:\nbbnnn.exec:\nbbnnn.exe227⤵
-
\??\c:\vvdjv.exec:\vvdjv.exe228⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe229⤵
-
\??\c:\1xxrffx.exec:\1xxrffx.exe230⤵
-
\??\c:\lxlxxxx.exec:\lxlxxxx.exe231⤵
-
\??\c:\tbnnhb.exec:\tbnnhb.exe232⤵
-
\??\c:\hntbhb.exec:\hntbhb.exe233⤵
-
\??\c:\vdjdp.exec:\vdjdp.exe234⤵
-
\??\c:\rxxlxrf.exec:\rxxlxrf.exe235⤵
-
\??\c:\rrfrffr.exec:\rrfrffr.exe236⤵
-
\??\c:\tttttb.exec:\tttttb.exe237⤵
-
\??\c:\tnntnt.exec:\tnntnt.exe238⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe239⤵
-
\??\c:\djpdp.exec:\djpdp.exe240⤵
-
\??\c:\lfllllx.exec:\lfllllx.exe241⤵