Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
20-05-2024 22:57
General
-
Target
5fb2c2652e9e528cd4b746cac18288007c66fd5aee02fa7883a7daaab92e3aae.exe
-
Size
56KB
-
MD5
15b1e1ab0e0592611953347c38d841f7
-
SHA1
5ac123d0ba1a31f1a3d1281ab2c00839ad3285e2
-
SHA256
5fb2c2652e9e528cd4b746cac18288007c66fd5aee02fa7883a7daaab92e3aae
-
SHA512
bac7a6463f419ab7eab75e37e454603bfe44e9303022958f45fac2aefec47a8faaa3be710bee429839e94f1627fdc9edacf4da25ba44f775de96a4fc0fc44610
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0chVng:ymb3NkkiQ3mdBjF0crg
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
UPX dump on OEP (original entry point) 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 21 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5fb2c2652e9e528cd4b746cac18288007c66fd5aee02fa7883a7daaab92e3aae.exe"C:\Users\Admin\AppData\Local\Temp\5fb2c2652e9e528cd4b746cac18288007c66fd5aee02fa7883a7daaab92e3aae.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnbhh.exec:\ttnbhh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnthn.exec:\nhnthn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdv.exec:\vvjdv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfrrxr.exec:\rlfrrxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxxfxf.exec:\llxxfxf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvpv.exec:\vvvpv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpd.exec:\jdvpd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrflfrx.exec:\xrflfrx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hbbhh.exec:\3hbbhh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7btnth.exec:\7btnth.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pvvv.exec:\3pvvv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdpd.exec:\vpdpd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxlllr.exec:\rlxlllr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlxrxr.exec:\xrlxrxr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbth.exec:\btbbth.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jddp.exec:\3jddp.exe17⤵
- Executes dropped EXE
-
\??\c:\vjvdd.exec:\vjvdd.exe18⤵
- Executes dropped EXE
-
\??\c:\rrllrxl.exec:\rrllrxl.exe19⤵
- Executes dropped EXE
-
\??\c:\1fxlxxl.exec:\1fxlxxl.exe20⤵
- Executes dropped EXE
-
\??\c:\3hnntt.exec:\3hnntt.exe21⤵
- Executes dropped EXE
-
\??\c:\bttbbb.exec:\bttbbb.exe22⤵
- Executes dropped EXE
-
\??\c:\pjddp.exec:\pjddp.exe23⤵
- Executes dropped EXE
-
\??\c:\dvvdv.exec:\dvvdv.exe24⤵
- Executes dropped EXE
-
\??\c:\rlllffl.exec:\rlllffl.exe25⤵
- Executes dropped EXE
-
\??\c:\llflxrx.exec:\llflxrx.exe26⤵
- Executes dropped EXE
-
\??\c:\5hhtnn.exec:\5hhtnn.exe27⤵
- Executes dropped EXE
-
\??\c:\3btnnn.exec:\3btnnn.exe28⤵
- Executes dropped EXE
-
\??\c:\vjjvv.exec:\vjjvv.exe29⤵
- Executes dropped EXE
-
\??\c:\lfxxlfl.exec:\lfxxlfl.exe30⤵
- Executes dropped EXE
-
\??\c:\lxllfrf.exec:\lxllfrf.exe31⤵
- Executes dropped EXE
-
\??\c:\9nhntb.exec:\9nhntb.exe32⤵
- Executes dropped EXE
-
\??\c:\tnbhtt.exec:\tnbhtt.exe33⤵
- Executes dropped EXE
-
\??\c:\jdjpv.exec:\jdjpv.exe34⤵
- Executes dropped EXE
-
\??\c:\jjpvd.exec:\jjpvd.exe35⤵
- Executes dropped EXE
-
\??\c:\ffxxrxx.exec:\ffxxrxx.exe36⤵
- Executes dropped EXE
-
\??\c:\fxlrrxx.exec:\fxlrrxx.exe37⤵
- Executes dropped EXE
-
\??\c:\9bhnnn.exec:\9bhnnn.exe38⤵
- Executes dropped EXE
-
\??\c:\hnhbtb.exec:\hnhbtb.exe39⤵
- Executes dropped EXE
-
\??\c:\hbthth.exec:\hbthth.exe40⤵
- Executes dropped EXE
-
\??\c:\dpjjj.exec:\dpjjj.exe41⤵
- Executes dropped EXE
-
\??\c:\vvpdp.exec:\vvpdp.exe42⤵
- Executes dropped EXE
-
\??\c:\xxxffff.exec:\xxxffff.exe43⤵
- Executes dropped EXE
-
\??\c:\lxlxlxr.exec:\lxlxlxr.exe44⤵
- Executes dropped EXE
-
\??\c:\hnbbhb.exec:\hnbbhb.exe45⤵
- Executes dropped EXE
-
\??\c:\7dvjp.exec:\7dvjp.exe46⤵
- Executes dropped EXE
-
\??\c:\jvddj.exec:\jvddj.exe47⤵
- Executes dropped EXE
-
\??\c:\vdvvj.exec:\vdvvj.exe48⤵
- Executes dropped EXE
-
\??\c:\rfrxlll.exec:\rfrxlll.exe49⤵
- Executes dropped EXE
-
\??\c:\9fffrrf.exec:\9fffrrf.exe50⤵
- Executes dropped EXE
-
\??\c:\tbnnnh.exec:\tbnnnh.exe51⤵
- Executes dropped EXE
-
\??\c:\3htntt.exec:\3htntt.exe52⤵
- Executes dropped EXE
-
\??\c:\dpdjp.exec:\dpdjp.exe53⤵
- Executes dropped EXE
-
\??\c:\jjdjp.exec:\jjdjp.exe54⤵
- Executes dropped EXE
-
\??\c:\rxfxxrx.exec:\rxfxxrx.exe55⤵
- Executes dropped EXE
-
\??\c:\1rrfrrf.exec:\1rrfrrf.exe56⤵
- Executes dropped EXE
-
\??\c:\fffrxxf.exec:\fffrxxf.exe57⤵
- Executes dropped EXE
-
\??\c:\3tthtn.exec:\3tthtn.exe58⤵
- Executes dropped EXE
-
\??\c:\nhttbn.exec:\nhttbn.exe59⤵
- Executes dropped EXE
-
\??\c:\vpvvd.exec:\vpvvd.exe60⤵
- Executes dropped EXE
-
\??\c:\jdpdp.exec:\jdpdp.exe61⤵
- Executes dropped EXE
-
\??\c:\xrxfrxf.exec:\xrxfrxf.exe62⤵
- Executes dropped EXE
-
\??\c:\rxxrfxl.exec:\rxxrfxl.exe63⤵
- Executes dropped EXE
-
\??\c:\nhnhtn.exec:\nhnhtn.exe64⤵
- Executes dropped EXE
-
\??\c:\tnttnt.exec:\tnttnt.exe65⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe66⤵
-
\??\c:\vvvjv.exec:\vvvjv.exe67⤵
-
\??\c:\rfxrffx.exec:\rfxrffx.exe68⤵
-
\??\c:\xlxlllr.exec:\xlxlllr.exe69⤵
-
\??\c:\btnhth.exec:\btnhth.exe70⤵
-
\??\c:\3bhbhb.exec:\3bhbhb.exe71⤵
-
\??\c:\9vvvd.exec:\9vvvd.exe72⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe73⤵
-
\??\c:\xlllrlr.exec:\xlllrlr.exe74⤵
-
\??\c:\rfrrflx.exec:\rfrrflx.exe75⤵
-
\??\c:\1bnbhn.exec:\1bnbhn.exe76⤵
-
\??\c:\tnhnbt.exec:\tnhnbt.exe77⤵
-
\??\c:\pjdpp.exec:\pjdpp.exe78⤵
-
\??\c:\jjjvp.exec:\jjjvp.exe79⤵
-
\??\c:\1fllxfl.exec:\1fllxfl.exe80⤵
-
\??\c:\flxrxrx.exec:\flxrxrx.exe81⤵
-
\??\c:\nbhhtb.exec:\nbhhtb.exe82⤵
-
\??\c:\7tntbh.exec:\7tntbh.exe83⤵
-
\??\c:\7pddj.exec:\7pddj.exe84⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe85⤵
-
\??\c:\xxllxfr.exec:\xxllxfr.exe86⤵
-
\??\c:\5rrfxff.exec:\5rrfxff.exe87⤵
-
\??\c:\5nnntt.exec:\5nnntt.exe88⤵
-
\??\c:\nbbnnb.exec:\nbbnnb.exe89⤵
-
\??\c:\bbnbbb.exec:\bbnbbb.exe90⤵
-
\??\c:\5vjjd.exec:\5vjjd.exe91⤵
-
\??\c:\jjvjp.exec:\jjvjp.exe92⤵
-
\??\c:\rlxfflr.exec:\rlxfflr.exe93⤵
-
\??\c:\lxxllrf.exec:\lxxllrf.exe94⤵
-
\??\c:\1fxrxrx.exec:\1fxrxrx.exe95⤵
-
\??\c:\1nbhth.exec:\1nbhth.exe96⤵
-
\??\c:\nhbhnn.exec:\nhbhnn.exe97⤵
-
\??\c:\tnnnnn.exec:\tnnnnn.exe98⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe99⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe100⤵
-
\??\c:\5xllfxf.exec:\5xllfxf.exe101⤵
-
\??\c:\3lfrrfr.exec:\3lfrrfr.exe102⤵
-
\??\c:\nhtbnb.exec:\nhtbnb.exe103⤵
-
\??\c:\5nbtbb.exec:\5nbtbb.exe104⤵
-
\??\c:\1pddd.exec:\1pddd.exe105⤵
-
\??\c:\vjvpv.exec:\vjvpv.exe106⤵
-
\??\c:\jvpvd.exec:\jvpvd.exe107⤵
-
\??\c:\xrfxfff.exec:\xrfxfff.exe108⤵
-
\??\c:\lxxlrrl.exec:\lxxlrrl.exe109⤵
-
\??\c:\bnhtnn.exec:\bnhtnn.exe110⤵
-
\??\c:\nbnnth.exec:\nbnnth.exe111⤵
-
\??\c:\jvjpp.exec:\jvjpp.exe112⤵
-
\??\c:\dpddj.exec:\dpddj.exe113⤵
-
\??\c:\fxlrrxl.exec:\fxlrrxl.exe114⤵
-
\??\c:\lflxfrx.exec:\lflxfrx.exe115⤵
-
\??\c:\3llrfff.exec:\3llrfff.exe116⤵
-
\??\c:\7nbhnt.exec:\7nbhnt.exe117⤵
-
\??\c:\hbtbtb.exec:\hbtbtb.exe118⤵
-
\??\c:\dpjjv.exec:\dpjjv.exe119⤵
-
\??\c:\7dppp.exec:\7dppp.exe120⤵
-
\??\c:\xlxxxfl.exec:\xlxxxfl.exe121⤵
-
\??\c:\9fllrll.exec:\9fllrll.exe122⤵
-
\??\c:\tnbbnn.exec:\tnbbnn.exe123⤵
-
\??\c:\btbbnn.exec:\btbbnn.exe124⤵
-
\??\c:\7bhhhh.exec:\7bhhhh.exe125⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe126⤵
-
\??\c:\fxffrrf.exec:\fxffrrf.exe127⤵
-
\??\c:\lrxlrrx.exec:\lrxlrrx.exe128⤵
-
\??\c:\xrrxffl.exec:\xrrxffl.exe129⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe130⤵
-
\??\c:\bnnhnn.exec:\bnnhnn.exe131⤵
-
\??\c:\dvjvp.exec:\dvjvp.exe132⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe133⤵
-
\??\c:\fxrxlrf.exec:\fxrxlrf.exe134⤵
-
\??\c:\5xxxfff.exec:\5xxxfff.exe135⤵
-
\??\c:\ttthbh.exec:\ttthbh.exe136⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe137⤵
-
\??\c:\nhtthb.exec:\nhtthb.exe138⤵
-
\??\c:\7jjvd.exec:\7jjvd.exe139⤵
-
\??\c:\3vjpv.exec:\3vjpv.exe140⤵
-
\??\c:\frfrlrx.exec:\frfrlrx.exe141⤵
-
\??\c:\rlxlxff.exec:\rlxlxff.exe142⤵
-
\??\c:\rlfrxxf.exec:\rlfrxxf.exe143⤵
-
\??\c:\nbnbbh.exec:\nbnbbh.exe144⤵
-
\??\c:\ntttnh.exec:\ntttnh.exe145⤵
-
\??\c:\vjvdp.exec:\vjvdp.exe146⤵
-
\??\c:\ppdvj.exec:\ppdvj.exe147⤵
-
\??\c:\rlxlxff.exec:\rlxlxff.exe148⤵
-
\??\c:\xlrrffr.exec:\xlrrffr.exe149⤵
-
\??\c:\rfrrxxx.exec:\rfrrxxx.exe150⤵
-
\??\c:\nhtnbn.exec:\nhtnbn.exe151⤵
-
\??\c:\hbtbnn.exec:\hbtbnn.exe152⤵
-
\??\c:\htnntn.exec:\htnntn.exe153⤵
-
\??\c:\vjppj.exec:\vjppj.exe154⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe155⤵
-
\??\c:\5lrrxfl.exec:\5lrrxfl.exe156⤵
-
\??\c:\lllxrfr.exec:\lllxrfr.exe157⤵
-
\??\c:\1bnhhn.exec:\1bnhhn.exe158⤵
-
\??\c:\hbhnth.exec:\hbhnth.exe159⤵
-
\??\c:\jdpvv.exec:\jdpvv.exe160⤵
-
\??\c:\jvjjd.exec:\jvjjd.exe161⤵
-
\??\c:\rfxxxfl.exec:\rfxxxfl.exe162⤵
-
\??\c:\3nhhnn.exec:\3nhhnn.exe163⤵
-
\??\c:\1htnnn.exec:\1htnnn.exe164⤵
-
\??\c:\bthnnn.exec:\bthnnn.exe165⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe166⤵
-
\??\c:\xlfffxf.exec:\xlfffxf.exe167⤵
-
\??\c:\frflxrr.exec:\frflxrr.exe168⤵
-
\??\c:\bbnbhn.exec:\bbnbhn.exe169⤵
-
\??\c:\btnntt.exec:\btnntt.exe170⤵
-
\??\c:\bbhtht.exec:\bbhtht.exe171⤵
-
\??\c:\jdpvv.exec:\jdpvv.exe172⤵
-
\??\c:\jjdvv.exec:\jjdvv.exe173⤵
-
\??\c:\fxfllrl.exec:\fxfllrl.exe174⤵
-
\??\c:\3rffffr.exec:\3rffffr.exe175⤵
-
\??\c:\3thhtb.exec:\3thhtb.exe176⤵
-
\??\c:\tnhthn.exec:\tnhthn.exe177⤵
-
\??\c:\bnthnt.exec:\bnthnt.exe178⤵
-
\??\c:\9pddv.exec:\9pddv.exe179⤵
-
\??\c:\djvpj.exec:\djvpj.exe180⤵
-
\??\c:\frxfrrl.exec:\frxfrrl.exe181⤵
-
\??\c:\3lxrxxf.exec:\3lxrxxf.exe182⤵
-
\??\c:\5frlllr.exec:\5frlllr.exe183⤵
-
\??\c:\5btnnn.exec:\5btnnn.exe184⤵
-
\??\c:\5bnnhh.exec:\5bnnhh.exe185⤵
-
\??\c:\pdvdv.exec:\pdvdv.exe186⤵
-
\??\c:\ppdjp.exec:\ppdjp.exe187⤵
-
\??\c:\flrlrll.exec:\flrlrll.exe188⤵
-
\??\c:\xlrffff.exec:\xlrffff.exe189⤵
-
\??\c:\xrxfffr.exec:\xrxfffr.exe190⤵
-
\??\c:\ttbbtt.exec:\ttbbtt.exe191⤵
-
\??\c:\nhbhht.exec:\nhbhht.exe192⤵
-
\??\c:\vpppv.exec:\vpppv.exe193⤵
-
\??\c:\vdjdd.exec:\vdjdd.exe194⤵
-
\??\c:\pjdpj.exec:\pjdpj.exe195⤵
-
\??\c:\xrffffl.exec:\xrffffl.exe196⤵
-
\??\c:\xrflrrx.exec:\xrflrrx.exe197⤵
-
\??\c:\9bnbhh.exec:\9bnbhh.exe198⤵
-
\??\c:\nhbbnh.exec:\nhbbnh.exe199⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe200⤵
-
\??\c:\vpddd.exec:\vpddd.exe201⤵
-
\??\c:\xrfxrxl.exec:\xrfxrxl.exe202⤵
-
\??\c:\1lffffl.exec:\1lffffl.exe203⤵
-
\??\c:\1thbbb.exec:\1thbbb.exe204⤵
-
\??\c:\nbhttb.exec:\nbhttb.exe205⤵
-
\??\c:\httttn.exec:\httttn.exe206⤵
-
\??\c:\9vjjp.exec:\9vjjp.exe207⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe208⤵
-
\??\c:\7lffllx.exec:\7lffllx.exe209⤵
-
\??\c:\xlflxlx.exec:\xlflxlx.exe210⤵
-
\??\c:\thnthh.exec:\thnthh.exe211⤵
-
\??\c:\7btbbt.exec:\7btbbt.exe212⤵
-
\??\c:\5pdjp.exec:\5pdjp.exe213⤵
-
\??\c:\jvjpp.exec:\jvjpp.exe214⤵
-
\??\c:\vpvjj.exec:\vpvjj.exe215⤵
-
\??\c:\1fxfxxx.exec:\1fxfxxx.exe216⤵
-
\??\c:\3lxflrx.exec:\3lxflrx.exe217⤵
-
\??\c:\rlrffll.exec:\rlrffll.exe218⤵
-
\??\c:\hnbbhb.exec:\hnbbhb.exe219⤵
-
\??\c:\bnbbbt.exec:\bnbbbt.exe220⤵
-
\??\c:\ddjjd.exec:\ddjjd.exe221⤵
-
\??\c:\vdpjv.exec:\vdpjv.exe222⤵
-
\??\c:\xflllrr.exec:\xflllrr.exe223⤵
-
\??\c:\xlrxxrx.exec:\xlrxxrx.exe224⤵
-
\??\c:\bnhhnt.exec:\bnhhnt.exe225⤵
-
\??\c:\bnnnhb.exec:\bnnnhb.exe226⤵
-
\??\c:\djvpv.exec:\djvpv.exe227⤵
-
\??\c:\pvdpj.exec:\pvdpj.exe228⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe229⤵
-
\??\c:\3lxlrrr.exec:\3lxlrrr.exe230⤵
-
\??\c:\lxlllfx.exec:\lxlllfx.exe231⤵
-
\??\c:\lfrxlrl.exec:\lfrxlrl.exe232⤵
-
\??\c:\bnbnnh.exec:\bnbnnh.exe233⤵
-
\??\c:\jdppv.exec:\jdppv.exe234⤵
-
\??\c:\lxlxxrx.exec:\lxlxxrx.exe235⤵
-
\??\c:\nbhbtt.exec:\nbhbtt.exe236⤵
-
\??\c:\7ntbtt.exec:\7ntbtt.exe237⤵
-
\??\c:\nbbbtn.exec:\nbbbtn.exe238⤵
-
\??\c:\vjppp.exec:\vjppp.exe239⤵
-
\??\c:\pjddj.exec:\pjddj.exe240⤵
-
\??\c:\3lfxrxf.exec:\3lfxrxf.exe241⤵