Analysis
-
max time kernel
150s -
max time network
133s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
20-05-2024 21:32
General
-
Target
401d53c2cfdb012d2df7cb50c22e26fdf65ce054a7e72265e6151473c0fe9a64.exe
-
Size
367KB
-
MD5
617065ed1a10d50c0cca41b980b5ef39
-
SHA1
199ed43735a0d36745f9361023817af056f46297
-
SHA256
401d53c2cfdb012d2df7cb50c22e26fdf65ce054a7e72265e6151473c0fe9a64
-
SHA512
56e15f560e1606f9ed4952f3ad4afe3288a878e7a76057516a1d519c953243d909224ef23369e691cfb7bc541acd816c6abad5d4ff2879f0f34db52716387849
-
SSDEEP
6144:9cm4FmowdHoSdSyEAxyx/ZrTTr4qIMgE8Z:/4wFHoSQuxy3rTXIM18Z
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
UPX dump on OEP (original entry point) 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\401d53c2cfdb012d2df7cb50c22e26fdf65ce054a7e72265e6151473c0fe9a64.exe"C:\Users\Admin\AppData\Local\Temp\401d53c2cfdb012d2df7cb50c22e26fdf65ce054a7e72265e6151473c0fe9a64.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpdd.exec:\vjpdd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhnnb.exec:\hbhnnb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppj.exec:\dvppj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpvp.exec:\djpvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfxrll.exec:\rxfxrll.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnnnt.exec:\tnnnnt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdv.exec:\pdjdv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjppp.exec:\vjppp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfllffx.exec:\xfllffx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ntbtb.exec:\7ntbtb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthntt.exec:\bthntt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjdv.exec:\vdjdv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pppj.exec:\9pppj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ffffll.exec:\1ffffll.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bhhbb.exec:\7bhhbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7thbbb.exec:\7thbbb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vpjp.exec:\7vpjp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjd.exec:\jdjjd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlrflx.exec:\xxlrflx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtnhh.exec:\nhtnhh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nnbtb.exec:\5nnbtb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjdd.exec:\dvjdd.exe23⤵
- Executes dropped EXE
-
\??\c:\rxllffx.exec:\rxllffx.exe24⤵
- Executes dropped EXE
-
\??\c:\frrllff.exec:\frrllff.exe25⤵
- Executes dropped EXE
-
\??\c:\tbnhnn.exec:\tbnhnn.exe26⤵
- Executes dropped EXE
-
\??\c:\tntnbb.exec:\tntnbb.exe27⤵
- Executes dropped EXE
-
\??\c:\jpvpp.exec:\jpvpp.exe28⤵
- Executes dropped EXE
-
\??\c:\dpvvp.exec:\dpvvp.exe29⤵
- Executes dropped EXE
-
\??\c:\flfllrx.exec:\flfllrx.exe30⤵
- Executes dropped EXE
-
\??\c:\9btnnn.exec:\9btnnn.exe31⤵
- Executes dropped EXE
-
\??\c:\tntntn.exec:\tntntn.exe32⤵
- Executes dropped EXE
-
\??\c:\7jjpp.exec:\7jjpp.exe33⤵
- Executes dropped EXE
-
\??\c:\7jjdv.exec:\7jjdv.exe34⤵
- Executes dropped EXE
-
\??\c:\3lffxff.exec:\3lffxff.exe35⤵
- Executes dropped EXE
-
\??\c:\nhnhhh.exec:\nhnhhh.exe36⤵
- Executes dropped EXE
-
\??\c:\thnnhh.exec:\thnnhh.exe37⤵
- Executes dropped EXE
-
\??\c:\pjvpj.exec:\pjvpj.exe38⤵
- Executes dropped EXE
-
\??\c:\vvddd.exec:\vvddd.exe39⤵
- Executes dropped EXE
-
\??\c:\lxrlrfl.exec:\lxrlrfl.exe40⤵
- Executes dropped EXE
-
\??\c:\thhhhb.exec:\thhhhb.exe41⤵
- Executes dropped EXE
-
\??\c:\tbbtnn.exec:\tbbtnn.exe42⤵
- Executes dropped EXE
-
\??\c:\djpjj.exec:\djpjj.exe43⤵
- Executes dropped EXE
-
\??\c:\7lrllll.exec:\7lrllll.exe44⤵
- Executes dropped EXE
-
\??\c:\lfxrllf.exec:\lfxrllf.exe45⤵
- Executes dropped EXE
-
\??\c:\tnhbhh.exec:\tnhbhh.exe46⤵
- Executes dropped EXE
-
\??\c:\7tthnt.exec:\7tthnt.exe47⤵
- Executes dropped EXE
-
\??\c:\dpvpp.exec:\dpvpp.exe48⤵
- Executes dropped EXE
-
\??\c:\fflfffx.exec:\fflfffx.exe49⤵
- Executes dropped EXE
-
\??\c:\xrrlflf.exec:\xrrlflf.exe50⤵
- Executes dropped EXE
-
\??\c:\hnbbtn.exec:\hnbbtn.exe51⤵
- Executes dropped EXE
-
\??\c:\3vdvj.exec:\3vdvj.exe52⤵
- Executes dropped EXE
-
\??\c:\jjjjj.exec:\jjjjj.exe53⤵
- Executes dropped EXE
-
\??\c:\lfrrxrx.exec:\lfrrxrx.exe54⤵
- Executes dropped EXE
-
\??\c:\llrllfr.exec:\llrllfr.exe55⤵
- Executes dropped EXE
-
\??\c:\nhttbn.exec:\nhttbn.exe56⤵
- Executes dropped EXE
-
\??\c:\7jdvv.exec:\7jdvv.exe57⤵
- Executes dropped EXE
-
\??\c:\pvddd.exec:\pvddd.exe58⤵
- Executes dropped EXE
-
\??\c:\rflrllf.exec:\rflrllf.exe59⤵
- Executes dropped EXE
-
\??\c:\rxfffxr.exec:\rxfffxr.exe60⤵
- Executes dropped EXE
-
\??\c:\nbbnnn.exec:\nbbnnn.exe61⤵
- Executes dropped EXE
-
\??\c:\7jdjd.exec:\7jdjd.exe62⤵
- Executes dropped EXE
-
\??\c:\dpjvp.exec:\dpjvp.exe63⤵
- Executes dropped EXE
-
\??\c:\1ffxrxr.exec:\1ffxrxr.exe64⤵
- Executes dropped EXE
-
\??\c:\bntnnb.exec:\bntnnb.exe65⤵
- Executes dropped EXE
-
\??\c:\jdppp.exec:\jdppp.exe66⤵
-
\??\c:\fflfxxr.exec:\fflfxxr.exe67⤵
-
\??\c:\rllxrlr.exec:\rllxrlr.exe68⤵
-
\??\c:\9hhbtt.exec:\9hhbtt.exe69⤵
-
\??\c:\3dvvp.exec:\3dvvp.exe70⤵
-
\??\c:\lfrfxxx.exec:\lfrfxxx.exe71⤵
-
\??\c:\tttnhh.exec:\tttnhh.exe72⤵
-
\??\c:\bnbnhh.exec:\bnbnhh.exe73⤵
-
\??\c:\jpjdj.exec:\jpjdj.exe74⤵
-
\??\c:\lflrllr.exec:\lflrllr.exe75⤵
-
\??\c:\bbttnn.exec:\bbttnn.exe76⤵
-
\??\c:\nnnbnb.exec:\nnnbnb.exe77⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe78⤵
-
\??\c:\9xffffx.exec:\9xffffx.exe79⤵
-
\??\c:\nntnnn.exec:\nntnnn.exe80⤵
-
\??\c:\btbbbb.exec:\btbbbb.exe81⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe82⤵
-
\??\c:\xrxrllf.exec:\xrxrllf.exe83⤵
-
\??\c:\btbtbb.exec:\btbtbb.exe84⤵
-
\??\c:\bbtnbn.exec:\bbtnbn.exe85⤵
-
\??\c:\jdvjj.exec:\jdvjj.exe86⤵
-
\??\c:\xlrrlll.exec:\xlrrlll.exe87⤵
-
\??\c:\3xxrllf.exec:\3xxrllf.exe88⤵
-
\??\c:\5nbttb.exec:\5nbttb.exe89⤵
-
\??\c:\1thbbb.exec:\1thbbb.exe90⤵
-
\??\c:\7jvvj.exec:\7jvvj.exe91⤵
-
\??\c:\3ffrrrl.exec:\3ffrrrl.exe92⤵
-
\??\c:\nbtbbh.exec:\nbtbbh.exe93⤵
-
\??\c:\fxfrllx.exec:\fxfrllx.exe94⤵
-
\??\c:\tbbbnn.exec:\tbbbnn.exe95⤵
-
\??\c:\tnnnnt.exec:\tnnnnt.exe96⤵
-
\??\c:\vvvvp.exec:\vvvvp.exe97⤵
-
\??\c:\jpvvv.exec:\jpvvv.exe98⤵
-
\??\c:\rllffll.exec:\rllffll.exe99⤵
-
\??\c:\hbnhnh.exec:\hbnhnh.exe100⤵
-
\??\c:\pjpjv.exec:\pjpjv.exe101⤵
-
\??\c:\ddjpj.exec:\ddjpj.exe102⤵
-
\??\c:\1lrlfll.exec:\1lrlfll.exe103⤵
-
\??\c:\nbttnn.exec:\nbttnn.exe104⤵
-
\??\c:\dpdjv.exec:\dpdjv.exe105⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe106⤵
-
\??\c:\llfllfx.exec:\llfllfx.exe107⤵
-
\??\c:\7rxxffx.exec:\7rxxffx.exe108⤵
-
\??\c:\bbhhbh.exec:\bbhhbh.exe109⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe110⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe111⤵
-
\??\c:\fxfxrrl.exec:\fxfxrrl.exe112⤵
-
\??\c:\hhbbhn.exec:\hhbbhn.exe113⤵
-
\??\c:\tthbhh.exec:\tthbhh.exe114⤵
-
\??\c:\5jppj.exec:\5jppj.exe115⤵
-
\??\c:\rlxrrrf.exec:\rlxrrrf.exe116⤵
-
\??\c:\nhnnnh.exec:\nhnnnh.exe117⤵
-
\??\c:\bttttt.exec:\bttttt.exe118⤵
-
\??\c:\vppjd.exec:\vppjd.exe119⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe120⤵
-
\??\c:\rxflrlf.exec:\rxflrlf.exe121⤵
-
\??\c:\tbbttn.exec:\tbbttn.exe122⤵
-
\??\c:\1bnhhh.exec:\1bnhhh.exe123⤵
-
\??\c:\ddpjd.exec:\ddpjd.exe124⤵
-
\??\c:\7flxxxr.exec:\7flxxxr.exe125⤵
-
\??\c:\rlrllff.exec:\rlrllff.exe126⤵
-
\??\c:\nhbttn.exec:\nhbttn.exe127⤵
-
\??\c:\1ddvp.exec:\1ddvp.exe128⤵
-
\??\c:\frrlxxl.exec:\frrlxxl.exe129⤵
-
\??\c:\nhnnhb.exec:\nhnnhb.exe130⤵
-
\??\c:\jjddd.exec:\jjddd.exe131⤵
-
\??\c:\xrrlffx.exec:\xrrlffx.exe132⤵
-
\??\c:\ntnnhb.exec:\ntnnhb.exe133⤵
-
\??\c:\3djdd.exec:\3djdd.exe134⤵
-
\??\c:\3djjj.exec:\3djjj.exe135⤵
-
\??\c:\xxxlxfr.exec:\xxxlxfr.exe136⤵
-
\??\c:\9nttht.exec:\9nttht.exe137⤵
-
\??\c:\ddppv.exec:\ddppv.exe138⤵
-
\??\c:\7frrxfl.exec:\7frrxfl.exe139⤵
-
\??\c:\1xxrllf.exec:\1xxrllf.exe140⤵
-
\??\c:\5bhhtb.exec:\5bhhtb.exe141⤵
-
\??\c:\djpjd.exec:\djpjd.exe142⤵
-
\??\c:\7dpdj.exec:\7dpdj.exe143⤵
-
\??\c:\lffxrrl.exec:\lffxrrl.exe144⤵
-
\??\c:\tbhbhn.exec:\tbhbhn.exe145⤵
-
\??\c:\9vdvp.exec:\9vdvp.exe146⤵
-
\??\c:\rlxllff.exec:\rlxllff.exe147⤵
-
\??\c:\7bbttt.exec:\7bbttt.exe148⤵
-
\??\c:\pppjj.exec:\pppjj.exe149⤵
-
\??\c:\9ppjp.exec:\9ppjp.exe150⤵
-
\??\c:\9xrrfxl.exec:\9xrrfxl.exe151⤵
-
\??\c:\hnhnbt.exec:\hnhnbt.exe152⤵
-
\??\c:\jvppj.exec:\jvppj.exe153⤵
-
\??\c:\ffrllll.exec:\ffrllll.exe154⤵
-
\??\c:\xfxfrrx.exec:\xfxfrrx.exe155⤵
-
\??\c:\nhbbtt.exec:\nhbbtt.exe156⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe157⤵
-
\??\c:\dddjd.exec:\dddjd.exe158⤵
-
\??\c:\5rfxxxr.exec:\5rfxxxr.exe159⤵
-
\??\c:\5xfxxxx.exec:\5xfxxxx.exe160⤵
-
\??\c:\nbntnn.exec:\nbntnn.exe161⤵
-
\??\c:\ntbbnn.exec:\ntbbnn.exe162⤵
-
\??\c:\jddvp.exec:\jddvp.exe163⤵
-
\??\c:\rlrllll.exec:\rlrllll.exe164⤵
-
\??\c:\9xfrrrl.exec:\9xfrrrl.exe165⤵
-
\??\c:\hnnnbt.exec:\hnnnbt.exe166⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe167⤵
-
\??\c:\pjppj.exec:\pjppj.exe168⤵
-
\??\c:\xlxxlll.exec:\xlxxlll.exe169⤵
-
\??\c:\9hhbtt.exec:\9hhbtt.exe170⤵
-
\??\c:\1bnnnn.exec:\1bnnnn.exe171⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe172⤵
-
\??\c:\vvvdv.exec:\vvvdv.exe173⤵
-
\??\c:\rxllfll.exec:\rxllfll.exe174⤵
-
\??\c:\7rfxrrl.exec:\7rfxrrl.exe175⤵
-
\??\c:\hbtnnh.exec:\hbtnnh.exe176⤵
-
\??\c:\jjvdd.exec:\jjvdd.exe177⤵
-
\??\c:\jpjjd.exec:\jpjjd.exe178⤵
-
\??\c:\fxxrlrl.exec:\fxxrlrl.exe179⤵
-
\??\c:\1flffff.exec:\1flffff.exe180⤵
-
\??\c:\tbnnhh.exec:\tbnnhh.exe181⤵
-
\??\c:\tthbbb.exec:\tthbbb.exe182⤵
-
\??\c:\5vdvp.exec:\5vdvp.exe183⤵
-
\??\c:\rllfxrl.exec:\rllfxrl.exe184⤵
-
\??\c:\xrrrxxx.exec:\xrrrxxx.exe185⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe186⤵
-
\??\c:\hthhhn.exec:\hthhhn.exe187⤵
-
\??\c:\ppddv.exec:\ppddv.exe188⤵
-
\??\c:\djppp.exec:\djppp.exe189⤵
-
\??\c:\frrlfxx.exec:\frrlfxx.exe190⤵
-
\??\c:\7bbttt.exec:\7bbttt.exe191⤵
-
\??\c:\hhnnnn.exec:\hhnnnn.exe192⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe193⤵
-
\??\c:\9ddvv.exec:\9ddvv.exe194⤵
-
\??\c:\9xfxxxx.exec:\9xfxxxx.exe195⤵
-
\??\c:\fffrrrx.exec:\fffrrrx.exe196⤵
-
\??\c:\hbnnnt.exec:\hbnnnt.exe197⤵
-
\??\c:\ttttbb.exec:\ttttbb.exe198⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe199⤵
-
\??\c:\rrllfff.exec:\rrllfff.exe200⤵
-
\??\c:\rlxxfxl.exec:\rlxxfxl.exe201⤵
-
\??\c:\tnntnb.exec:\tnntnb.exe202⤵
-
\??\c:\tnbbtb.exec:\tnbbtb.exe203⤵
-
\??\c:\vvddv.exec:\vvddv.exe204⤵
-
\??\c:\flfffxr.exec:\flfffxr.exe205⤵
-
\??\c:\hhnbbn.exec:\hhnbbn.exe206⤵
-
\??\c:\hhnnhh.exec:\hhnnhh.exe207⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe208⤵
-
\??\c:\pvjjd.exec:\pvjjd.exe209⤵
-
\??\c:\fffxffx.exec:\fffxffx.exe210⤵
-
\??\c:\nthhht.exec:\nthhht.exe211⤵
-
\??\c:\nhtnnt.exec:\nhtnnt.exe212⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe213⤵
-
\??\c:\1vppj.exec:\1vppj.exe214⤵
-
\??\c:\lfrllll.exec:\lfrllll.exe215⤵
-
\??\c:\nnbbnt.exec:\nnbbnt.exe216⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe217⤵
-
\??\c:\5flrllf.exec:\5flrllf.exe218⤵
-
\??\c:\ttnnnn.exec:\ttnnnn.exe219⤵
-
\??\c:\rrfxrlf.exec:\rrfxrlf.exe220⤵
-
\??\c:\nhhtnn.exec:\nhhtnn.exe221⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe222⤵
-
\??\c:\lxffxfx.exec:\lxffxfx.exe223⤵
-
\??\c:\bhnnhh.exec:\bhnnhh.exe224⤵
-
\??\c:\vvjdj.exec:\vvjdj.exe225⤵
-
\??\c:\3fxlflf.exec:\3fxlflf.exe226⤵
-
\??\c:\3pjvj.exec:\3pjvj.exe227⤵
-
\??\c:\5xlfxfx.exec:\5xlfxfx.exe228⤵
-
\??\c:\rlrllrr.exec:\rlrllrr.exe229⤵
-
\??\c:\jvddv.exec:\jvddv.exe230⤵
-
\??\c:\rllffff.exec:\rllffff.exe231⤵
-
\??\c:\jpjdv.exec:\jpjdv.exe232⤵
-
\??\c:\lfrrllf.exec:\lfrrllf.exe233⤵
-
\??\c:\hthhtt.exec:\hthhtt.exe234⤵
-
\??\c:\9dpvv.exec:\9dpvv.exe235⤵
-
\??\c:\rlllfxx.exec:\rlllfxx.exe236⤵
-
\??\c:\btbnhh.exec:\btbnhh.exe237⤵
-
\??\c:\bthhbn.exec:\bthhbn.exe238⤵
-
\??\c:\dpdvv.exec:\dpdvv.exe239⤵
-
\??\c:\xlxrlfx.exec:\xlxrlfx.exe240⤵
-
\??\c:\1hnhtt.exec:\1hnhtt.exe241⤵