Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
20-05-2024 23:58
General
-
Target
764aff13316076daabfa692aabceeba947761e42bde3616373cea91c5544c8ef.exe
-
Size
55KB
-
MD5
cacca09003116b7c9c7cdfb29ed41a03
-
SHA1
d97e5916789f675219674d810e1f6117cb370790
-
SHA256
764aff13316076daabfa692aabceeba947761e42bde3616373cea91c5544c8ef
-
SHA512
b345e53a609627ccc69e0c7cb70c4f202b833c92536aafa3cfc8544bc93443b694bde08f15e5ba3f5201e62f078b209868191a845c6eec5dd52122a876c8921c
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFH:ymb3NkkiQ3mdBjFIFH
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
UPX dump on OEP (original entry point) 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\764aff13316076daabfa692aabceeba947761e42bde3616373cea91c5544c8ef.exe"C:\Users\Admin\AppData\Local\Temp\764aff13316076daabfa692aabceeba947761e42bde3616373cea91c5544c8ef.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxxllx.exec:\xxxxllx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnbbh.exec:\ntnbbh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ntnbb.exec:\1ntnbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvvp.exec:\ddvvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfrflr.exec:\rrfrflr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdj.exec:\pdjdj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pjdp.exec:\5pjdp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lxfrff.exec:\1lxfrff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthtnn.exec:\bthtnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ddpd.exec:\1ddpd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdv.exec:\pjvdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxfxlx.exec:\rxxfxlx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrrffr.exec:\llrrffr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnhnh.exec:\htnhnh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ththhn.exec:\ththhn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppvv.exec:\pppvv.exe17⤵
- Executes dropped EXE
-
\??\c:\ddvvd.exec:\ddvvd.exe18⤵
- Executes dropped EXE
-
\??\c:\lfxfxll.exec:\lfxfxll.exe19⤵
- Executes dropped EXE
-
\??\c:\7htnbn.exec:\7htnbn.exe20⤵
- Executes dropped EXE
-
\??\c:\9hthnh.exec:\9hthnh.exe21⤵
- Executes dropped EXE
-
\??\c:\dvvjp.exec:\dvvjp.exe22⤵
- Executes dropped EXE
-
\??\c:\dvvdd.exec:\dvvdd.exe23⤵
- Executes dropped EXE
-
\??\c:\fxlfrxr.exec:\fxlfrxr.exe24⤵
- Executes dropped EXE
-
\??\c:\rlfxrxr.exec:\rlfxrxr.exe25⤵
- Executes dropped EXE
-
\??\c:\tnbthn.exec:\tnbthn.exe26⤵
- Executes dropped EXE
-
\??\c:\nbhhhh.exec:\nbhhhh.exe27⤵
- Executes dropped EXE
-
\??\c:\vjpvd.exec:\vjpvd.exe28⤵
- Executes dropped EXE
-
\??\c:\rfrxffl.exec:\rfrxffl.exe29⤵
- Executes dropped EXE
-
\??\c:\ntnbhb.exec:\ntnbhb.exe30⤵
- Executes dropped EXE
-
\??\c:\thtttt.exec:\thtttt.exe31⤵
- Executes dropped EXE
-
\??\c:\9ddpv.exec:\9ddpv.exe32⤵
- Executes dropped EXE
-
\??\c:\vvvdv.exec:\vvvdv.exe33⤵
- Executes dropped EXE
-
\??\c:\xxflrrf.exec:\xxflrrf.exe34⤵
- Executes dropped EXE
-
\??\c:\hhbtbh.exec:\hhbtbh.exe35⤵
- Executes dropped EXE
-
\??\c:\9tnbhb.exec:\9tnbhb.exe36⤵
- Executes dropped EXE
-
\??\c:\dvppv.exec:\dvppv.exe37⤵
- Executes dropped EXE
-
\??\c:\djvpd.exec:\djvpd.exe38⤵
- Executes dropped EXE
-
\??\c:\7frrrrf.exec:\7frrrrf.exe39⤵
- Executes dropped EXE
-
\??\c:\5bbnth.exec:\5bbnth.exe40⤵
- Executes dropped EXE
-
\??\c:\7nhnnh.exec:\7nhnnh.exe41⤵
- Executes dropped EXE
-
\??\c:\1vpdv.exec:\1vpdv.exe42⤵
- Executes dropped EXE
-
\??\c:\9pvdp.exec:\9pvdp.exe43⤵
- Executes dropped EXE
-
\??\c:\rrlxrrx.exec:\rrlxrrx.exe44⤵
- Executes dropped EXE
-
\??\c:\rxrrffl.exec:\rxrrffl.exe45⤵
- Executes dropped EXE
-
\??\c:\7hnnhn.exec:\7hnnhn.exe46⤵
- Executes dropped EXE
-
\??\c:\hbtthn.exec:\hbtthn.exe47⤵
- Executes dropped EXE
-
\??\c:\jjpdd.exec:\jjpdd.exe48⤵
- Executes dropped EXE
-
\??\c:\dvjjd.exec:\dvjjd.exe49⤵
- Executes dropped EXE
-
\??\c:\3lxflxl.exec:\3lxflxl.exe50⤵
- Executes dropped EXE
-
\??\c:\nbttbb.exec:\nbttbb.exe51⤵
- Executes dropped EXE
-
\??\c:\jvppp.exec:\jvppp.exe52⤵
- Executes dropped EXE
-
\??\c:\vpjpv.exec:\vpjpv.exe53⤵
- Executes dropped EXE
-
\??\c:\xrrfrxl.exec:\xrrfrxl.exe54⤵
- Executes dropped EXE
-
\??\c:\rlrflfr.exec:\rlrflfr.exe55⤵
- Executes dropped EXE
-
\??\c:\tnnhtb.exec:\tnnhtb.exe56⤵
- Executes dropped EXE
-
\??\c:\bbttnn.exec:\bbttnn.exe57⤵
- Executes dropped EXE
-
\??\c:\jjpjp.exec:\jjpjp.exe58⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe59⤵
- Executes dropped EXE
-
\??\c:\xfffrrf.exec:\xfffrrf.exe60⤵
- Executes dropped EXE
-
\??\c:\1nntth.exec:\1nntth.exe61⤵
- Executes dropped EXE
-
\??\c:\ntnbtt.exec:\ntnbtt.exe62⤵
- Executes dropped EXE
-
\??\c:\vpvpd.exec:\vpvpd.exe63⤵
- Executes dropped EXE
-
\??\c:\vpjpv.exec:\vpjpv.exe64⤵
- Executes dropped EXE
-
\??\c:\lfrrxrf.exec:\lfrrxrf.exe65⤵
- Executes dropped EXE
-
\??\c:\7xlfrfl.exec:\7xlfrfl.exe66⤵
-
\??\c:\tnnnnn.exec:\tnnnnn.exe67⤵
-
\??\c:\5ntbbb.exec:\5ntbbb.exe68⤵
-
\??\c:\ddvvd.exec:\ddvvd.exe69⤵
-
\??\c:\3jjvd.exec:\3jjvd.exe70⤵
-
\??\c:\frfxxxl.exec:\frfxxxl.exe71⤵
-
\??\c:\fxllffr.exec:\fxllffr.exe72⤵
-
\??\c:\nnhtnh.exec:\nnhtnh.exe73⤵
-
\??\c:\ntntbh.exec:\ntntbh.exe74⤵
-
\??\c:\7vpjj.exec:\7vpjj.exe75⤵
-
\??\c:\lrfxllx.exec:\lrfxllx.exe76⤵
-
\??\c:\xrllflr.exec:\xrllflr.exe77⤵
-
\??\c:\hhhbtn.exec:\hhhbtn.exe78⤵
-
\??\c:\hbhbhb.exec:\hbhbhb.exe79⤵
-
\??\c:\7vpdv.exec:\7vpdv.exe80⤵
-
\??\c:\ppdjj.exec:\ppdjj.exe81⤵
-
\??\c:\1flxlrx.exec:\1flxlrx.exe82⤵
-
\??\c:\hthbnt.exec:\hthbnt.exe83⤵
-
\??\c:\7ttnbn.exec:\7ttnbn.exe84⤵
-
\??\c:\1vpdj.exec:\1vpdj.exe85⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe86⤵
-
\??\c:\rfllxxl.exec:\rfllxxl.exe87⤵
-
\??\c:\rfffrff.exec:\rfffrff.exe88⤵
-
\??\c:\thhbnt.exec:\thhbnt.exe89⤵
-
\??\c:\bhnbht.exec:\bhnbht.exe90⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe91⤵
-
\??\c:\ddjvv.exec:\ddjvv.exe92⤵
-
\??\c:\fxrfrxr.exec:\fxrfrxr.exe93⤵
-
\??\c:\3bntbh.exec:\3bntbh.exe94⤵
-
\??\c:\7nhhhh.exec:\7nhhhh.exe95⤵
-
\??\c:\hhnbtt.exec:\hhnbtt.exe96⤵
-
\??\c:\5vppp.exec:\5vppp.exe97⤵
-
\??\c:\flrrrxx.exec:\flrrrxx.exe98⤵
-
\??\c:\xffrfrf.exec:\xffrfrf.exe99⤵
-
\??\c:\tnhtbn.exec:\tnhtbn.exe100⤵
-
\??\c:\nnnthn.exec:\nnnthn.exe101⤵
-
\??\c:\1dvvj.exec:\1dvvj.exe102⤵
-
\??\c:\lfxfflr.exec:\lfxfflr.exe103⤵
-
\??\c:\llxlxrf.exec:\llxlxrf.exe104⤵
-
\??\c:\lllrrrf.exec:\lllrrrf.exe105⤵
-
\??\c:\tntbnb.exec:\tntbnb.exe106⤵
-
\??\c:\bnnhhb.exec:\bnnhhb.exe107⤵
-
\??\c:\1vpvp.exec:\1vpvp.exe108⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe109⤵
-
\??\c:\fxlfffx.exec:\fxlfffx.exe110⤵
-
\??\c:\ffrlflr.exec:\ffrlflr.exe111⤵
-
\??\c:\hhbhtt.exec:\hhbhtt.exe112⤵
-
\??\c:\nhntbh.exec:\nhntbh.exe113⤵
-
\??\c:\3bntbb.exec:\3bntbb.exe114⤵
-
\??\c:\pjjjp.exec:\pjjjp.exe115⤵
-
\??\c:\5pdpv.exec:\5pdpv.exe116⤵
-
\??\c:\xrfflrx.exec:\xrfflrx.exe117⤵
-
\??\c:\9llflxf.exec:\9llflxf.exe118⤵
-
\??\c:\hhbbhh.exec:\hhbbhh.exe119⤵
-
\??\c:\tbtbht.exec:\tbtbht.exe120⤵
-
\??\c:\3vjpj.exec:\3vjpj.exe121⤵
-
\??\c:\1dvjd.exec:\1dvjd.exe122⤵
-
\??\c:\rlrxflr.exec:\rlrxflr.exe123⤵
-
\??\c:\5llxlrr.exec:\5llxlrr.exe124⤵
-
\??\c:\9nbbnn.exec:\9nbbnn.exe125⤵
-
\??\c:\nbbhhn.exec:\nbbhhn.exe126⤵
-
\??\c:\vvjpv.exec:\vvjpv.exe127⤵
-
\??\c:\pdvjd.exec:\pdvjd.exe128⤵
-
\??\c:\rxlfflr.exec:\rxlfflr.exe129⤵
-
\??\c:\lfxfrrx.exec:\lfxfrrx.exe130⤵
-
\??\c:\tntnnn.exec:\tntnnn.exe131⤵
-
\??\c:\bnnntn.exec:\bnnntn.exe132⤵
-
\??\c:\jpjdd.exec:\jpjdd.exe133⤵
-
\??\c:\3rffllr.exec:\3rffllr.exe134⤵
-
\??\c:\xlffrxl.exec:\xlffrxl.exe135⤵
-
\??\c:\thnntn.exec:\thnntn.exe136⤵
-
\??\c:\tnbhnn.exec:\tnbhnn.exe137⤵
-
\??\c:\1pvpp.exec:\1pvpp.exe138⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe139⤵
-
\??\c:\rlrfxxf.exec:\rlrfxxf.exe140⤵
-
\??\c:\3lxfxfr.exec:\3lxfxfr.exe141⤵
-
\??\c:\hthnnn.exec:\hthnnn.exe142⤵
-
\??\c:\hbhhtb.exec:\hbhhtb.exe143⤵
-
\??\c:\djddj.exec:\djddj.exe144⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe145⤵
-
\??\c:\9xfrxrx.exec:\9xfrxrx.exe146⤵
-
\??\c:\lrxrxff.exec:\lrxrxff.exe147⤵
-
\??\c:\tnnttt.exec:\tnnttt.exe148⤵
-
\??\c:\tnhhtt.exec:\tnhhtt.exe149⤵
-
\??\c:\vjddd.exec:\vjddd.exe150⤵
-
\??\c:\7jjpj.exec:\7jjpj.exe151⤵
-
\??\c:\fxlffxf.exec:\fxlffxf.exe152⤵
-
\??\c:\rfxfrll.exec:\rfxfrll.exe153⤵
-
\??\c:\5hnttt.exec:\5hnttt.exe154⤵
-
\??\c:\httbbb.exec:\httbbb.exe155⤵
-
\??\c:\hhtbbb.exec:\hhtbbb.exe156⤵
-
\??\c:\3jvdj.exec:\3jvdj.exe157⤵
-
\??\c:\jvjjd.exec:\jvjjd.exe158⤵
-
\??\c:\3rfllll.exec:\3rfllll.exe159⤵
-
\??\c:\xlxfxff.exec:\xlxfxff.exe160⤵
-
\??\c:\tnhhnh.exec:\tnhhnh.exe161⤵
-
\??\c:\bnhttt.exec:\bnhttt.exe162⤵
-
\??\c:\nbbttt.exec:\nbbttt.exe163⤵
-
\??\c:\jpjjj.exec:\jpjjj.exe164⤵
-
\??\c:\jvddd.exec:\jvddd.exe165⤵
-
\??\c:\9rlfllr.exec:\9rlfllr.exe166⤵
-
\??\c:\rxllrlx.exec:\rxllrlx.exe167⤵
-
\??\c:\3hbtbt.exec:\3hbtbt.exe168⤵
-
\??\c:\bbtbtn.exec:\bbtbtn.exe169⤵
-
\??\c:\5pjjj.exec:\5pjjj.exe170⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe171⤵
-
\??\c:\3frlxxx.exec:\3frlxxx.exe172⤵
-
\??\c:\7rfrrxx.exec:\7rfrrxx.exe173⤵
-
\??\c:\nhtttt.exec:\nhtttt.exe174⤵
-
\??\c:\hthntt.exec:\hthntt.exe175⤵
-
\??\c:\bnnntt.exec:\bnnntt.exe176⤵
-
\??\c:\pdvdj.exec:\pdvdj.exe177⤵
-
\??\c:\rfrlfxf.exec:\rfrlfxf.exe178⤵
-
\??\c:\3ffxffl.exec:\3ffxffl.exe179⤵
-
\??\c:\1fxrrll.exec:\1fxrrll.exe180⤵
-
\??\c:\btbhht.exec:\btbhht.exe181⤵
-
\??\c:\5tnhhb.exec:\5tnhhb.exe182⤵
-
\??\c:\vjvvp.exec:\vjvvp.exe183⤵
-
\??\c:\9vjpv.exec:\9vjpv.exe184⤵
-
\??\c:\rlfxlrr.exec:\rlfxlrr.exe185⤵
-
\??\c:\flfrrxx.exec:\flfrrxx.exe186⤵
-
\??\c:\thtthn.exec:\thtthn.exe187⤵
-
\??\c:\nbnhhb.exec:\nbnhhb.exe188⤵
-
\??\c:\7ppdj.exec:\7ppdj.exe189⤵
-
\??\c:\jdppp.exec:\jdppp.exe190⤵
-
\??\c:\jvjdj.exec:\jvjdj.exe191⤵
-
\??\c:\5frxxxr.exec:\5frxxxr.exe192⤵
-
\??\c:\fxfllrx.exec:\fxfllrx.exe193⤵
-
\??\c:\bhthbt.exec:\bhthbt.exe194⤵
-
\??\c:\bthhhh.exec:\bthhhh.exe195⤵
-
\??\c:\nhttbt.exec:\nhttbt.exe196⤵
-
\??\c:\1jdjv.exec:\1jdjv.exe197⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe198⤵
-
\??\c:\xrfrlrx.exec:\xrfrlrx.exe199⤵
-
\??\c:\rlxxlfl.exec:\rlxxlfl.exe200⤵
-
\??\c:\rlxrrff.exec:\rlxrrff.exe201⤵
-
\??\c:\tnthnh.exec:\tnthnh.exe202⤵
-
\??\c:\jdvdd.exec:\jdvdd.exe203⤵
-
\??\c:\xlfrxrx.exec:\xlfrxrx.exe204⤵
-
\??\c:\fxllrxx.exec:\fxllrxx.exe205⤵
-
\??\c:\nbbbhn.exec:\nbbbhn.exe206⤵
-
\??\c:\bnbnbh.exec:\bnbnbh.exe207⤵
-
\??\c:\1bthhh.exec:\1bthhh.exe208⤵
-
\??\c:\ddpjp.exec:\ddpjp.exe209⤵
-
\??\c:\dddjv.exec:\dddjv.exe210⤵
-
\??\c:\7xxfflf.exec:\7xxfflf.exe211⤵
-
\??\c:\lxxffff.exec:\lxxffff.exe212⤵
-
\??\c:\btnbnt.exec:\btnbnt.exe213⤵
-
\??\c:\nbtbhh.exec:\nbtbhh.exe214⤵
-
\??\c:\nbnnnt.exec:\nbnnnt.exe215⤵
-
\??\c:\jvjvj.exec:\jvjvj.exe216⤵
-
\??\c:\pdvpj.exec:\pdvpj.exe217⤵
-
\??\c:\xlrlxxx.exec:\xlrlxxx.exe218⤵
-
\??\c:\rllxxrf.exec:\rllxxrf.exe219⤵
-
\??\c:\tnbnnn.exec:\tnbnnn.exe220⤵
-
\??\c:\hntbth.exec:\hntbth.exe221⤵
-
\??\c:\9pvpp.exec:\9pvpp.exe222⤵
-
\??\c:\dvpvv.exec:\dvpvv.exe223⤵
-
\??\c:\rlxflxl.exec:\rlxflxl.exe224⤵
-
\??\c:\rxflrfr.exec:\rxflrfr.exe225⤵
-
\??\c:\7nbhnn.exec:\7nbhnn.exe226⤵
-
\??\c:\tthtnt.exec:\tthtnt.exe227⤵
-
\??\c:\ddvdj.exec:\ddvdj.exe228⤵
-
\??\c:\ddddj.exec:\ddddj.exe229⤵
-
\??\c:\rlllxxf.exec:\rlllxxf.exe230⤵
-
\??\c:\rlfffxx.exec:\rlfffxx.exe231⤵
-
\??\c:\3nnbtb.exec:\3nnbtb.exe232⤵
-
\??\c:\7nthth.exec:\7nthth.exe233⤵
-
\??\c:\3httbt.exec:\3httbt.exe234⤵
-
\??\c:\9jjjd.exec:\9jjjd.exe235⤵
-
\??\c:\vpjjj.exec:\vpjjj.exe236⤵
-
\??\c:\9lrxlrf.exec:\9lrxlrf.exe237⤵
-
\??\c:\5frrllf.exec:\5frrllf.exe238⤵
-
\??\c:\tttbbn.exec:\tttbbn.exe239⤵
-
\??\c:\tthhtb.exec:\tthhtb.exe240⤵
-
\??\c:\5dvdj.exec:\5dvdj.exe241⤵