Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
20-05-2024 00:00
General
-
Target
8611ab486e64482d9c33859891b937b09803718329f7f5740c328ec531f8dab9.exe
-
Size
81KB
-
MD5
54d21f843b65560a988e8ca6faee40f7
-
SHA1
7e931c487cd3f0ee4eaf07d9456cdbf939ad2b8a
-
SHA256
8611ab486e64482d9c33859891b937b09803718329f7f5740c328ec531f8dab9
-
SHA512
b07286da49311b7158f1f6d3630bfaf01e99e97f357f43763459c22c602ad05be17a8d252e7e8af178d3b3954ad158bfb4a3754021ad2a6218233e8f333de412
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo7xCkTsIwtOa2dYS8nje:ymb3NkkiQ3mdBjFo7LAIbT6je
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 18 IoCs
-
UPX dump on OEP (original entry point) 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8611ab486e64482d9c33859891b937b09803718329f7f5740c328ec531f8dab9.exe"C:\Users\Admin\AppData\Local\Temp\8611ab486e64482d9c33859891b937b09803718329f7f5740c328ec531f8dab9.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fffxxlr.exec:\fffxxlr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hhtbh.exec:\9hhtbh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjpv.exec:\dvjpv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvdp.exec:\ppvdp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llflxff.exec:\llflxff.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbhn.exec:\bbtbhn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpjv.exec:\ddpjv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjjv.exec:\jvjjv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlrflx.exec:\xxlrflx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrlxx.exec:\fxlrlxx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnbnt.exec:\bbnbnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3thntb.exec:\3thntb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjpd.exec:\ppjpd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxllxf.exec:\rlxllxf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xxrffr.exec:\5xxrffr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnhbb.exec:\nbnhbb.exe17⤵
- Executes dropped EXE
-
\??\c:\7hbnbh.exec:\7hbnbh.exe18⤵
- Executes dropped EXE
-
\??\c:\jjpjp.exec:\jjpjp.exe19⤵
- Executes dropped EXE
-
\??\c:\llxlxlx.exec:\llxlxlx.exe20⤵
- Executes dropped EXE
-
\??\c:\9rffrff.exec:\9rffrff.exe21⤵
- Executes dropped EXE
-
\??\c:\bhhnhb.exec:\bhhnhb.exe22⤵
- Executes dropped EXE
-
\??\c:\tbtnhb.exec:\tbtnhb.exe23⤵
- Executes dropped EXE
-
\??\c:\9jpvj.exec:\9jpvj.exe24⤵
- Executes dropped EXE
-
\??\c:\5vvdp.exec:\5vvdp.exe25⤵
- Executes dropped EXE
-
\??\c:\flxxllr.exec:\flxxllr.exe26⤵
- Executes dropped EXE
-
\??\c:\1thhnt.exec:\1thhnt.exe27⤵
- Executes dropped EXE
-
\??\c:\vjvjv.exec:\vjvjv.exe28⤵
- Executes dropped EXE
-
\??\c:\dvvdj.exec:\dvvdj.exe29⤵
- Executes dropped EXE
-
\??\c:\5frlrlr.exec:\5frlrlr.exe30⤵
- Executes dropped EXE
-
\??\c:\ntthnb.exec:\ntthnb.exe31⤵
- Executes dropped EXE
-
\??\c:\vdvvp.exec:\vdvvp.exe32⤵
- Executes dropped EXE
-
\??\c:\pjvpv.exec:\pjvpv.exe33⤵
- Executes dropped EXE
-
\??\c:\3rrxfrx.exec:\3rrxfrx.exe34⤵
- Executes dropped EXE
-
\??\c:\hhbnnb.exec:\hhbnnb.exe35⤵
- Executes dropped EXE
-
\??\c:\3tbhht.exec:\3tbhht.exe36⤵
- Executes dropped EXE
-
\??\c:\ddjvj.exec:\ddjvj.exe37⤵
- Executes dropped EXE
-
\??\c:\pjvvj.exec:\pjvvj.exe38⤵
- Executes dropped EXE
-
\??\c:\xrflflr.exec:\xrflflr.exe39⤵
- Executes dropped EXE
-
\??\c:\7ttbnt.exec:\7ttbnt.exe40⤵
- Executes dropped EXE
-
\??\c:\hbbbhb.exec:\hbbbhb.exe41⤵
- Executes dropped EXE
-
\??\c:\pdppj.exec:\pdppj.exe42⤵
- Executes dropped EXE
-
\??\c:\pjddd.exec:\pjddd.exe43⤵
- Executes dropped EXE
-
\??\c:\3rxxxlx.exec:\3rxxxlx.exe44⤵
- Executes dropped EXE
-
\??\c:\hhnbbh.exec:\hhnbbh.exe45⤵
- Executes dropped EXE
-
\??\c:\btbhtt.exec:\btbhtt.exe46⤵
- Executes dropped EXE
-
\??\c:\vpvdp.exec:\vpvdp.exe47⤵
- Executes dropped EXE
-
\??\c:\dvvdj.exec:\dvvdj.exe48⤵
- Executes dropped EXE
-
\??\c:\ppvvv.exec:\ppvvv.exe49⤵
- Executes dropped EXE
-
\??\c:\1rrxffl.exec:\1rrxffl.exe50⤵
- Executes dropped EXE
-
\??\c:\xrxfllx.exec:\xrxfllx.exe51⤵
- Executes dropped EXE
-
\??\c:\bttntb.exec:\bttntb.exe52⤵
- Executes dropped EXE
-
\??\c:\bthbth.exec:\bthbth.exe53⤵
- Executes dropped EXE
-
\??\c:\pdpvp.exec:\pdpvp.exe54⤵
- Executes dropped EXE
-
\??\c:\vjvpv.exec:\vjvpv.exe55⤵
- Executes dropped EXE
-
\??\c:\rfllllr.exec:\rfllllr.exe56⤵
- Executes dropped EXE
-
\??\c:\flfrrfl.exec:\flfrrfl.exe57⤵
- Executes dropped EXE
-
\??\c:\tnbnnt.exec:\tnbnnt.exe58⤵
- Executes dropped EXE
-
\??\c:\1djjd.exec:\1djjd.exe59⤵
- Executes dropped EXE
-
\??\c:\ppddp.exec:\ppddp.exe60⤵
- Executes dropped EXE
-
\??\c:\lflrxxl.exec:\lflrxxl.exe61⤵
- Executes dropped EXE
-
\??\c:\9fxlflr.exec:\9fxlflr.exe62⤵
- Executes dropped EXE
-
\??\c:\htnbtb.exec:\htnbtb.exe63⤵
- Executes dropped EXE
-
\??\c:\dpddj.exec:\dpddj.exe64⤵
- Executes dropped EXE
-
\??\c:\pjpjd.exec:\pjpjd.exe65⤵
- Executes dropped EXE
-
\??\c:\rllrrxr.exec:\rllrrxr.exe66⤵
-
\??\c:\fffxfxr.exec:\fffxfxr.exe67⤵
-
\??\c:\hhtbhb.exec:\hhtbhb.exe68⤵
-
\??\c:\bbtnnh.exec:\bbtnnh.exe69⤵
-
\??\c:\lxrrxrf.exec:\lxrrxrf.exe70⤵
-
\??\c:\frffrlf.exec:\frffrlf.exe71⤵
-
\??\c:\9tnthn.exec:\9tnthn.exe72⤵
-
\??\c:\3nnnbn.exec:\3nnnbn.exe73⤵
-
\??\c:\ppjjp.exec:\ppjjp.exe74⤵
-
\??\c:\vpppv.exec:\vpppv.exe75⤵
-
\??\c:\fxxxfff.exec:\fxxxfff.exe76⤵
-
\??\c:\frfrxll.exec:\frfrxll.exe77⤵
-
\??\c:\nthtbn.exec:\nthtbn.exe78⤵
-
\??\c:\ppddj.exec:\ppddj.exe79⤵
-
\??\c:\lrxlflf.exec:\lrxlflf.exe80⤵
-
\??\c:\1xlxrxl.exec:\1xlxrxl.exe81⤵
-
\??\c:\3thbht.exec:\3thbht.exe82⤵
-
\??\c:\dvpdp.exec:\dvpdp.exe83⤵
-
\??\c:\7dvvd.exec:\7dvvd.exe84⤵
-
\??\c:\9lfllxr.exec:\9lfllxr.exe85⤵
-
\??\c:\rrxlfxr.exec:\rrxlfxr.exe86⤵
-
\??\c:\tnhntt.exec:\tnhntt.exe87⤵
-
\??\c:\bhtnbn.exec:\bhtnbn.exe88⤵
-
\??\c:\ppddv.exec:\ppddv.exe89⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe90⤵
-
\??\c:\frfflfr.exec:\frfflfr.exe91⤵
-
\??\c:\fxlflrf.exec:\fxlflrf.exe92⤵
-
\??\c:\nbbttn.exec:\nbbttn.exe93⤵
-
\??\c:\5jdjd.exec:\5jdjd.exe94⤵
-
\??\c:\pvpvj.exec:\pvpvj.exe95⤵
-
\??\c:\fxrxlrf.exec:\fxrxlrf.exe96⤵
-
\??\c:\lrrxfxl.exec:\lrrxfxl.exe97⤵
-
\??\c:\fflfrrf.exec:\fflfrrf.exe98⤵
-
\??\c:\tttbht.exec:\tttbht.exe99⤵
-
\??\c:\nhthtb.exec:\nhthtb.exe100⤵
-
\??\c:\ddppv.exec:\ddppv.exe101⤵
-
\??\c:\djddd.exec:\djddd.exe102⤵
-
\??\c:\ffxffxr.exec:\ffxffxr.exe103⤵
-
\??\c:\rlffrff.exec:\rlffrff.exe104⤵
-
\??\c:\tththt.exec:\tththt.exe105⤵
-
\??\c:\nhnntb.exec:\nhnntb.exe106⤵
-
\??\c:\tthbnt.exec:\tthbnt.exe107⤵
-
\??\c:\ddvdd.exec:\ddvdd.exe108⤵
-
\??\c:\3ddvj.exec:\3ddvj.exe109⤵
-
\??\c:\xxlflxl.exec:\xxlflxl.exe110⤵
-
\??\c:\llxxllx.exec:\llxxllx.exe111⤵
-
\??\c:\1bnbht.exec:\1bnbht.exe112⤵
-
\??\c:\tttbnn.exec:\tttbnn.exe113⤵
-
\??\c:\pvpdv.exec:\pvpdv.exe114⤵
-
\??\c:\pvdvj.exec:\pvdvj.exe115⤵
-
\??\c:\xlxrxff.exec:\xlxrxff.exe116⤵
-
\??\c:\fxxfllr.exec:\fxxfllr.exe117⤵
-
\??\c:\hnbtbh.exec:\hnbtbh.exe118⤵
-
\??\c:\hhbtbh.exec:\hhbtbh.exe119⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe120⤵
-
\??\c:\9dpvj.exec:\9dpvj.exe121⤵
-
\??\c:\xxrlrll.exec:\xxrlrll.exe122⤵
-
\??\c:\lxfxxrr.exec:\lxfxxrr.exe123⤵
-
\??\c:\lflxffx.exec:\lflxffx.exe124⤵
-
\??\c:\bnbtbn.exec:\bnbtbn.exe125⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe126⤵
-
\??\c:\jdpvv.exec:\jdpvv.exe127⤵
-
\??\c:\llxlrxf.exec:\llxlrxf.exe128⤵
-
\??\c:\5xxfrxr.exec:\5xxfrxr.exe129⤵
-
\??\c:\tntbht.exec:\tntbht.exe130⤵
-
\??\c:\9nnnbh.exec:\9nnnbh.exe131⤵
-
\??\c:\7jpdv.exec:\7jpdv.exe132⤵
-
\??\c:\vpddv.exec:\vpddv.exe133⤵
-
\??\c:\xlrrxfl.exec:\xlrrxfl.exe134⤵
-
\??\c:\3rflrfl.exec:\3rflrfl.exe135⤵
-
\??\c:\nnnhbn.exec:\nnnhbn.exe136⤵
-
\??\c:\hhtthn.exec:\hhtthn.exe137⤵
-
\??\c:\ntnbhn.exec:\ntnbhn.exe138⤵
-
\??\c:\vdjdj.exec:\vdjdj.exe139⤵
-
\??\c:\5pdjj.exec:\5pdjj.exe140⤵
-
\??\c:\xxrlxlx.exec:\xxrlxlx.exe141⤵
-
\??\c:\lrlrrfl.exec:\lrlrrfl.exe142⤵
-
\??\c:\bbthnt.exec:\bbthnt.exe143⤵
-
\??\c:\hbbhnn.exec:\hbbhnn.exe144⤵
-
\??\c:\vvpdv.exec:\vvpdv.exe145⤵
-
\??\c:\1pddp.exec:\1pddp.exe146⤵
-
\??\c:\ddvdv.exec:\ddvdv.exe147⤵
-
\??\c:\ffxxllf.exec:\ffxxllf.exe148⤵
-
\??\c:\xxlxflr.exec:\xxlxflr.exe149⤵
-
\??\c:\bbtbhh.exec:\bbtbhh.exe150⤵
-
\??\c:\7tnttb.exec:\7tnttb.exe151⤵
-
\??\c:\nnnthh.exec:\nnnthh.exe152⤵
-
\??\c:\dddpj.exec:\dddpj.exe153⤵
-
\??\c:\ddvdd.exec:\ddvdd.exe154⤵
-
\??\c:\rrlrflx.exec:\rrlrflx.exe155⤵
-
\??\c:\3frxllx.exec:\3frxllx.exe156⤵
-
\??\c:\nnnthh.exec:\nnnthh.exe157⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe158⤵
-
\??\c:\jppvj.exec:\jppvj.exe159⤵
-
\??\c:\xffffrf.exec:\xffffrf.exe160⤵
-
\??\c:\9xrlrxl.exec:\9xrlrxl.exe161⤵
-
\??\c:\bbthnt.exec:\bbthnt.exe162⤵
-
\??\c:\hhhnth.exec:\hhhnth.exe163⤵
-
\??\c:\ppddj.exec:\ppddj.exe164⤵
-
\??\c:\ddjpv.exec:\ddjpv.exe165⤵
-
\??\c:\rlrxrrl.exec:\rlrxrrl.exe166⤵
-
\??\c:\rlxlrrr.exec:\rlxlrrr.exe167⤵
-
\??\c:\hntnnb.exec:\hntnnb.exe168⤵
-
\??\c:\bhthbt.exec:\bhthbt.exe169⤵
-
\??\c:\ddppv.exec:\ddppv.exe170⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe171⤵
-
\??\c:\rllrflr.exec:\rllrflr.exe172⤵
-
\??\c:\bthtbt.exec:\bthtbt.exe173⤵
-
\??\c:\1bbthn.exec:\1bbthn.exe174⤵
-
\??\c:\3jvjj.exec:\3jvjj.exe175⤵
-
\??\c:\5vppd.exec:\5vppd.exe176⤵
-
\??\c:\xxrfxfl.exec:\xxrfxfl.exe177⤵
-
\??\c:\5rrffll.exec:\5rrffll.exe178⤵
-
\??\c:\hhbntt.exec:\hhbntt.exe179⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe180⤵
-
\??\c:\jjdjj.exec:\jjdjj.exe181⤵
-
\??\c:\5fxrfxl.exec:\5fxrfxl.exe182⤵
-
\??\c:\lxlrxff.exec:\lxlrxff.exe183⤵
-
\??\c:\bthnbn.exec:\bthnbn.exe184⤵
-
\??\c:\bnbhnh.exec:\bnbhnh.exe185⤵
-
\??\c:\vvpjj.exec:\vvpjj.exe186⤵
-
\??\c:\xrxflrx.exec:\xrxflrx.exe187⤵
-
\??\c:\llfrrlf.exec:\llfrrlf.exe188⤵
-
\??\c:\9lfflxf.exec:\9lfflxf.exe189⤵
-
\??\c:\9nnbtt.exec:\9nnbtt.exe190⤵
-
\??\c:\tntthn.exec:\tntthn.exe191⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe192⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe193⤵
-
\??\c:\1lrflrx.exec:\1lrflrx.exe194⤵
-
\??\c:\xfrfflx.exec:\xfrfflx.exe195⤵
-
\??\c:\httttt.exec:\httttt.exe196⤵
-
\??\c:\hbhntn.exec:\hbhntn.exe197⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe198⤵
-
\??\c:\dddjv.exec:\dddjv.exe199⤵
-
\??\c:\fxrrxfr.exec:\fxrrxfr.exe200⤵
-
\??\c:\tnthht.exec:\tnthht.exe201⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe202⤵
-
\??\c:\rfrrrlr.exec:\rfrrrlr.exe203⤵
-
\??\c:\fflxlrl.exec:\fflxlrl.exe204⤵
-
\??\c:\btbnbn.exec:\btbnbn.exe205⤵
-
\??\c:\pdvvv.exec:\pdvvv.exe206⤵
-
\??\c:\xxrxrrr.exec:\xxrxrrr.exe207⤵
-
\??\c:\rrfrffl.exec:\rrfrffl.exe208⤵
-
\??\c:\bhnnbb.exec:\bhnnbb.exe209⤵
-
\??\c:\btnntt.exec:\btnntt.exe210⤵
-
\??\c:\dpdpd.exec:\dpdpd.exe211⤵
-
\??\c:\1pdvd.exec:\1pdvd.exe212⤵
-
\??\c:\3xrxfxx.exec:\3xrxfxx.exe213⤵
-
\??\c:\llflfxx.exec:\llflfxx.exe214⤵
-
\??\c:\7nbbbt.exec:\7nbbbt.exe215⤵
-
\??\c:\bbnthn.exec:\bbnthn.exe216⤵
-
\??\c:\dpvvj.exec:\dpvvj.exe217⤵
-
\??\c:\5vppd.exec:\5vppd.exe218⤵
-
\??\c:\frrrflr.exec:\frrrflr.exe219⤵
-
\??\c:\lfxflrf.exec:\lfxflrf.exe220⤵
-
\??\c:\1tbnbb.exec:\1tbnbb.exe221⤵
-
\??\c:\tnnntt.exec:\tnnntt.exe222⤵
-
\??\c:\jvvvd.exec:\jvvvd.exe223⤵
-
\??\c:\jdjpp.exec:\jdjpp.exe224⤵
-
\??\c:\fxxxllx.exec:\fxxxllx.exe225⤵
-
\??\c:\rllrxxf.exec:\rllrxxf.exe226⤵
-
\??\c:\1nbhnn.exec:\1nbhnn.exe227⤵
-
\??\c:\3bnhnn.exec:\3bnhnn.exe228⤵
-
\??\c:\vpvdj.exec:\vpvdj.exe229⤵
-
\??\c:\pjddj.exec:\pjddj.exe230⤵
-
\??\c:\ffxxfrl.exec:\ffxxfrl.exe231⤵
-
\??\c:\rlrrrlr.exec:\rlrrrlr.exe232⤵
-
\??\c:\bhhhnb.exec:\bhhhnb.exe233⤵
-
\??\c:\bthnnn.exec:\bthnnn.exe234⤵
-
\??\c:\jdppp.exec:\jdppp.exe235⤵
-
\??\c:\fllfflr.exec:\fllfflr.exe236⤵
-
\??\c:\xlxxxxl.exec:\xlxxxxl.exe237⤵
-
\??\c:\httbbn.exec:\httbbn.exe238⤵
-
\??\c:\3tnbbb.exec:\3tnbbb.exe239⤵
-
\??\c:\dppvd.exec:\dppvd.exe240⤵
-
\??\c:\dvdpd.exec:\dvdpd.exe241⤵