Analysis
-
max time kernel
150s -
max time network
133s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
20-05-2024 00:00
General
-
Target
8611ab486e64482d9c33859891b937b09803718329f7f5740c328ec531f8dab9.exe
-
Size
81KB
-
MD5
54d21f843b65560a988e8ca6faee40f7
-
SHA1
7e931c487cd3f0ee4eaf07d9456cdbf939ad2b8a
-
SHA256
8611ab486e64482d9c33859891b937b09803718329f7f5740c328ec531f8dab9
-
SHA512
b07286da49311b7158f1f6d3630bfaf01e99e97f357f43763459c22c602ad05be17a8d252e7e8af178d3b3954ad158bfb4a3754021ad2a6218233e8f333de412
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo7xCkTsIwtOa2dYS8nje:ymb3NkkiQ3mdBjFo7LAIbT6je
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
UPX dump on OEP (original entry point) 30 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8611ab486e64482d9c33859891b937b09803718329f7f5740c328ec531f8dab9.exe"C:\Users\Admin\AppData\Local\Temp\8611ab486e64482d9c33859891b937b09803718329f7f5740c328ec531f8dab9.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjdv.exec:\vdjdv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlfxr.exec:\fxrlfxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthtnt.exec:\tthtnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrlfll.exec:\rlrlfll.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjppd.exec:\vjppd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lrfxxx.exec:\9lrfxxx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbnbh.exec:\hhbnbh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbhth.exec:\nbbhth.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdjj.exec:\dvdjj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7llfxlx.exec:\7llfxlx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrlfff.exec:\rlrlfff.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfllxx.exec:\llfllxx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bhnht.exec:\3bhnht.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddv.exec:\vpddv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrlll.exec:\rxxrlll.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfffrrl.exec:\rfffrrl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bthhh.exec:\5bthhh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddd.exec:\vvddd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrlrrr.exec:\lfrlrrr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btttbn.exec:\btttbn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjdv.exec:\dpjdv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxllffx.exec:\xxllffx.exe23⤵
- Executes dropped EXE
-
\??\c:\1rrfrlx.exec:\1rrfrlx.exe24⤵
- Executes dropped EXE
-
\??\c:\tntbnn.exec:\tntbnn.exe25⤵
- Executes dropped EXE
-
\??\c:\jjjjd.exec:\jjjjd.exe26⤵
- Executes dropped EXE
-
\??\c:\lrfffxf.exec:\lrfffxf.exe27⤵
- Executes dropped EXE
-
\??\c:\thnnnn.exec:\thnnnn.exe28⤵
- Executes dropped EXE
-
\??\c:\dvjpj.exec:\dvjpj.exe29⤵
- Executes dropped EXE
-
\??\c:\dpvpj.exec:\dpvpj.exe30⤵
- Executes dropped EXE
-
\??\c:\rllrlfr.exec:\rllrlfr.exe31⤵
- Executes dropped EXE
-
\??\c:\bbtbtn.exec:\bbtbtn.exe32⤵
- Executes dropped EXE
-
\??\c:\pjjjp.exec:\pjjjp.exe33⤵
- Executes dropped EXE
-
\??\c:\5rxlxfx.exec:\5rxlxfx.exe34⤵
- Executes dropped EXE
-
\??\c:\pvjjp.exec:\pvjjp.exe35⤵
- Executes dropped EXE
-
\??\c:\fxffrll.exec:\fxffrll.exe36⤵
- Executes dropped EXE
-
\??\c:\xxfxllf.exec:\xxfxllf.exe37⤵
- Executes dropped EXE
-
\??\c:\tbtttn.exec:\tbtttn.exe38⤵
- Executes dropped EXE
-
\??\c:\pjvvp.exec:\pjvvp.exe39⤵
- Executes dropped EXE
-
\??\c:\fxflrxx.exec:\fxflrxx.exe40⤵
- Executes dropped EXE
-
\??\c:\rxfxxlr.exec:\rxfxxlr.exe41⤵
- Executes dropped EXE
-
\??\c:\tthbbb.exec:\tthbbb.exe42⤵
- Executes dropped EXE
-
\??\c:\jdddp.exec:\jdddp.exe43⤵
- Executes dropped EXE
-
\??\c:\pdjpp.exec:\pdjpp.exe44⤵
- Executes dropped EXE
-
\??\c:\rrxrlrl.exec:\rrxrlrl.exe45⤵
- Executes dropped EXE
-
\??\c:\5bnbnh.exec:\5bnbnh.exe46⤵
- Executes dropped EXE
-
\??\c:\hbhbth.exec:\hbhbth.exe47⤵
- Executes dropped EXE
-
\??\c:\jjjpp.exec:\jjjpp.exe48⤵
- Executes dropped EXE
-
\??\c:\vjjjd.exec:\vjjjd.exe49⤵
- Executes dropped EXE
-
\??\c:\lfrlrlf.exec:\lfrlrlf.exe50⤵
- Executes dropped EXE
-
\??\c:\ttnnhh.exec:\ttnnhh.exe51⤵
- Executes dropped EXE
-
\??\c:\nbtntb.exec:\nbtntb.exe52⤵
- Executes dropped EXE
-
\??\c:\ddvpv.exec:\ddvpv.exe53⤵
- Executes dropped EXE
-
\??\c:\frxrxfl.exec:\frxrxfl.exe54⤵
- Executes dropped EXE
-
\??\c:\frrlrfl.exec:\frrlrfl.exe55⤵
- Executes dropped EXE
-
\??\c:\3tttnn.exec:\3tttnn.exe56⤵
- Executes dropped EXE
-
\??\c:\pvdpd.exec:\pvdpd.exe57⤵
- Executes dropped EXE
-
\??\c:\rlrxrxr.exec:\rlrxrxr.exe58⤵
- Executes dropped EXE
-
\??\c:\5xfxllr.exec:\5xfxllr.exe59⤵
- Executes dropped EXE
-
\??\c:\7hnhbh.exec:\7hnhbh.exe60⤵
- Executes dropped EXE
-
\??\c:\3tnbtt.exec:\3tnbtt.exe61⤵
- Executes dropped EXE
-
\??\c:\9dddv.exec:\9dddv.exe62⤵
- Executes dropped EXE
-
\??\c:\lrflfrr.exec:\lrflfrr.exe63⤵
- Executes dropped EXE
-
\??\c:\hbnhhb.exec:\hbnhhb.exe64⤵
- Executes dropped EXE
-
\??\c:\hbtnhb.exec:\hbtnhb.exe65⤵
- Executes dropped EXE
-
\??\c:\jppdv.exec:\jppdv.exe66⤵
-
\??\c:\lrrlllf.exec:\lrrlllf.exe67⤵
-
\??\c:\ntnbhn.exec:\ntnbhn.exe68⤵
-
\??\c:\nnnbhn.exec:\nnnbhn.exe69⤵
-
\??\c:\pdpvp.exec:\pdpvp.exe70⤵
-
\??\c:\rxxffll.exec:\rxxffll.exe71⤵
-
\??\c:\hbhbnn.exec:\hbhbnn.exe72⤵
-
\??\c:\nbhtbh.exec:\nbhtbh.exe73⤵
-
\??\c:\fffxxff.exec:\fffxxff.exe74⤵
-
\??\c:\5xfffff.exec:\5xfffff.exe75⤵
-
\??\c:\tnnntt.exec:\tnnntt.exe76⤵
-
\??\c:\pjppv.exec:\pjppv.exe77⤵
-
\??\c:\lxrrrxx.exec:\lxrrrxx.exe78⤵
-
\??\c:\lrrfffx.exec:\lrrfffx.exe79⤵
-
\??\c:\7tttbn.exec:\7tttbn.exe80⤵
-
\??\c:\vjjvj.exec:\vjjvj.exe81⤵
-
\??\c:\5bhbbb.exec:\5bhbbb.exe82⤵
-
\??\c:\7vdjp.exec:\7vdjp.exe83⤵
-
\??\c:\xlxffll.exec:\xlxffll.exe84⤵
-
\??\c:\thhthb.exec:\thhthb.exe85⤵
-
\??\c:\vdpdd.exec:\vdpdd.exe86⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe87⤵
-
\??\c:\xfrlfxf.exec:\xfrlfxf.exe88⤵
-
\??\c:\bttbtt.exec:\bttbtt.exe89⤵
-
\??\c:\jpvdv.exec:\jpvdv.exe90⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe91⤵
-
\??\c:\xrlffxx.exec:\xrlffxx.exe92⤵
-
\??\c:\llxrlff.exec:\llxrlff.exe93⤵
-
\??\c:\bttnbb.exec:\bttnbb.exe94⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe95⤵
-
\??\c:\9xflfll.exec:\9xflfll.exe96⤵
-
\??\c:\bbthnh.exec:\bbthnh.exe97⤵
-
\??\c:\ntnhbt.exec:\ntnhbt.exe98⤵
-
\??\c:\5jddv.exec:\5jddv.exe99⤵
-
\??\c:\fxfffxx.exec:\fxfffxx.exe100⤵
-
\??\c:\dppvj.exec:\dppvj.exe101⤵
-
\??\c:\lllrxfr.exec:\lllrxfr.exe102⤵
-
\??\c:\nhhnhh.exec:\nhhnhh.exe103⤵
-
\??\c:\9bhhtb.exec:\9bhhtb.exe104⤵
-
\??\c:\ppdvp.exec:\ppdvp.exe105⤵
-
\??\c:\ffrlfll.exec:\ffrlfll.exe106⤵
-
\??\c:\lrrllff.exec:\lrrllff.exe107⤵
-
\??\c:\bhbbht.exec:\bhbbht.exe108⤵
-
\??\c:\djpjd.exec:\djpjd.exe109⤵
-
\??\c:\lxfrlfr.exec:\lxfrlfr.exe110⤵
-
\??\c:\fxxfffl.exec:\fxxfffl.exe111⤵
-
\??\c:\btnnhb.exec:\btnnhb.exe112⤵
-
\??\c:\dpddv.exec:\dpddv.exe113⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe114⤵
-
\??\c:\5flrffr.exec:\5flrffr.exe115⤵
-
\??\c:\hhtnbh.exec:\hhtnbh.exe116⤵
-
\??\c:\pppdd.exec:\pppdd.exe117⤵
-
\??\c:\pdvdj.exec:\pdvdj.exe118⤵
-
\??\c:\lllxxfx.exec:\lllxxfx.exe119⤵
-
\??\c:\lflffff.exec:\lflffff.exe120⤵
-
\??\c:\tnbhtb.exec:\tnbhtb.exe121⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe122⤵
-
\??\c:\jjppp.exec:\jjppp.exe123⤵
-
\??\c:\9lxrxxf.exec:\9lxrxxf.exe124⤵
-
\??\c:\xflffff.exec:\xflffff.exe125⤵
-
\??\c:\nnbbnb.exec:\nnbbnb.exe126⤵
-
\??\c:\5hnnht.exec:\5hnnht.exe127⤵
-
\??\c:\djvpp.exec:\djvpp.exe128⤵
-
\??\c:\rfrfrrf.exec:\rfrfrrf.exe129⤵
-
\??\c:\xfffffx.exec:\xfffffx.exe130⤵
-
\??\c:\bntnhh.exec:\bntnhh.exe131⤵
-
\??\c:\tntnnt.exec:\tntnnt.exe132⤵
-
\??\c:\djvpj.exec:\djvpj.exe133⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe134⤵
-
\??\c:\7xlxlfx.exec:\7xlxlfx.exe135⤵
-
\??\c:\ttbtnn.exec:\ttbtnn.exe136⤵
-
\??\c:\bbbhnh.exec:\bbbhnh.exe137⤵
-
\??\c:\pvppj.exec:\pvppj.exe138⤵
-
\??\c:\9ppjv.exec:\9ppjv.exe139⤵
-
\??\c:\lxxxxxx.exec:\lxxxxxx.exe140⤵
-
\??\c:\bbhnnb.exec:\bbhnnb.exe141⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe142⤵
-
\??\c:\5rfrxxx.exec:\5rfrxxx.exe143⤵
-
\??\c:\nnbthn.exec:\nnbthn.exe144⤵
-
\??\c:\hbhbtt.exec:\hbhbtt.exe145⤵
-
\??\c:\vjjpp.exec:\vjjpp.exe146⤵
-
\??\c:\1fffxxr.exec:\1fffxxr.exe147⤵
-
\??\c:\rrxxrlf.exec:\rrxxrlf.exe148⤵
-
\??\c:\hntnnn.exec:\hntnnn.exe149⤵
-
\??\c:\hnthbt.exec:\hnthbt.exe150⤵
-
\??\c:\vvdvd.exec:\vvdvd.exe151⤵
-
\??\c:\xrxfffx.exec:\xrxfffx.exe152⤵
-
\??\c:\hbnnbb.exec:\hbnnbb.exe153⤵
-
\??\c:\jjvvv.exec:\jjvvv.exe154⤵
-
\??\c:\dpjjp.exec:\dpjjp.exe155⤵
-
\??\c:\1xxxffx.exec:\1xxxffx.exe156⤵
-
\??\c:\xxflxxf.exec:\xxflxxf.exe157⤵
-
\??\c:\bnnhhn.exec:\bnnhhn.exe158⤵
-
\??\c:\dpjdv.exec:\dpjdv.exe159⤵
-
\??\c:\xfxxrlf.exec:\xfxxrlf.exe160⤵
-
\??\c:\fxffffl.exec:\fxffffl.exe161⤵
-
\??\c:\bhhttn.exec:\bhhttn.exe162⤵
-
\??\c:\ddjpd.exec:\ddjpd.exe163⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe164⤵
-
\??\c:\xxxxflx.exec:\xxxxflx.exe165⤵
-
\??\c:\fflrxlx.exec:\fflrxlx.exe166⤵
-
\??\c:\thhtnt.exec:\thhtnt.exe167⤵
-
\??\c:\vpdpv.exec:\vpdpv.exe168⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe169⤵
-
\??\c:\llrrrfl.exec:\llrrrfl.exe170⤵
-
\??\c:\nhbbtt.exec:\nhbbtt.exe171⤵
-
\??\c:\jppjd.exec:\jppjd.exe172⤵
-
\??\c:\fxrffxx.exec:\fxrffxx.exe173⤵
-
\??\c:\tntnnn.exec:\tntnnn.exe174⤵
-
\??\c:\nnttnn.exec:\nnttnn.exe175⤵
-
\??\c:\ddpjj.exec:\ddpjj.exe176⤵
-
\??\c:\ddppj.exec:\ddppj.exe177⤵
-
\??\c:\5tnnht.exec:\5tnnht.exe178⤵
-
\??\c:\jpdvp.exec:\jpdvp.exe179⤵
-
\??\c:\lfllfff.exec:\lfllfff.exe180⤵
-
\??\c:\htbhnb.exec:\htbhnb.exe181⤵
-
\??\c:\llfxlxf.exec:\llfxlxf.exe182⤵
-
\??\c:\ddvvp.exec:\ddvvp.exe183⤵
-
\??\c:\rfrfxrx.exec:\rfrfxrx.exe184⤵
-
\??\c:\hbttnt.exec:\hbttnt.exe185⤵
-
\??\c:\thhhnh.exec:\thhhnh.exe186⤵
-
\??\c:\9jjdp.exec:\9jjdp.exe187⤵
-
\??\c:\lrrrlrr.exec:\lrrrlrr.exe188⤵
-
\??\c:\3rxrllx.exec:\3rxrllx.exe189⤵
-
\??\c:\hbhttn.exec:\hbhttn.exe190⤵
-
\??\c:\jpddd.exec:\jpddd.exe191⤵
-
\??\c:\5jdjp.exec:\5jdjp.exe192⤵
-
\??\c:\1lllrrr.exec:\1lllrrr.exe193⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe194⤵
-
\??\c:\nntnhh.exec:\nntnhh.exe195⤵
-
\??\c:\pjddv.exec:\pjddv.exe196⤵
-
\??\c:\xxrlfff.exec:\xxrlfff.exe197⤵
-
\??\c:\lflxrfx.exec:\lflxrfx.exe198⤵
-
\??\c:\1bnttt.exec:\1bnttt.exe199⤵
-
\??\c:\djpjj.exec:\djpjj.exe200⤵
-
\??\c:\jvppd.exec:\jvppd.exe201⤵
-
\??\c:\flflxxr.exec:\flflxxr.exe202⤵
-
\??\c:\hhbhhb.exec:\hhbhhb.exe203⤵
-
\??\c:\ppddv.exec:\ppddv.exe204⤵
-
\??\c:\xrrrrrl.exec:\xrrrrrl.exe205⤵
-
\??\c:\xrrrllr.exec:\xrrrllr.exe206⤵
-
\??\c:\ntbbbn.exec:\ntbbbn.exe207⤵
-
\??\c:\tbttbt.exec:\tbttbt.exe208⤵
-
\??\c:\9jpdj.exec:\9jpdj.exe209⤵
-
\??\c:\5vvjd.exec:\5vvjd.exe210⤵
-
\??\c:\rxlfxxr.exec:\rxlfxxr.exe211⤵
-
\??\c:\nnbttb.exec:\nnbttb.exe212⤵
-
\??\c:\ttbttn.exec:\ttbttn.exe213⤵
-
\??\c:\3jjdp.exec:\3jjdp.exe214⤵
-
\??\c:\flxfxrf.exec:\flxfxrf.exe215⤵
-
\??\c:\rxlrlxr.exec:\rxlrlxr.exe216⤵
-
\??\c:\hhnbtb.exec:\hhnbtb.exe217⤵
-
\??\c:\htbttt.exec:\htbttt.exe218⤵
-
\??\c:\pddpj.exec:\pddpj.exe219⤵
-
\??\c:\9vdvp.exec:\9vdvp.exe220⤵
-
\??\c:\9rfrrrr.exec:\9rfrrrr.exe221⤵
-
\??\c:\ttttnb.exec:\ttttnb.exe222⤵
-
\??\c:\ntbbhh.exec:\ntbbhh.exe223⤵
-
\??\c:\jvddp.exec:\jvddp.exe224⤵
-
\??\c:\9dpjd.exec:\9dpjd.exe225⤵
-
\??\c:\xrrllff.exec:\xrrllff.exe226⤵
-
\??\c:\xfffxxx.exec:\xfffxxx.exe227⤵
-
\??\c:\bhnnbb.exec:\bhnnbb.exe228⤵
-
\??\c:\hbtnnn.exec:\hbtnnn.exe229⤵
-
\??\c:\jjjpv.exec:\jjjpv.exe230⤵
-
\??\c:\jddvp.exec:\jddvp.exe231⤵
-
\??\c:\lffxrrr.exec:\lffxrrr.exe232⤵
-
\??\c:\lfffflf.exec:\lfffflf.exe233⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe234⤵
-
\??\c:\nnttbb.exec:\nnttbb.exe235⤵
-
\??\c:\3dvvd.exec:\3dvvd.exe236⤵
-
\??\c:\9ppjv.exec:\9ppjv.exe237⤵
-
\??\c:\llrllll.exec:\llrllll.exe238⤵
-
\??\c:\xxlllll.exec:\xxlllll.exe239⤵
-
\??\c:\nnbbbh.exec:\nnbbbh.exe240⤵
-
\??\c:\thhhbh.exec:\thhhbh.exe241⤵