Analysis
-
max time kernel
150s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
20/05/2024, 00:28
General
-
Target
91f745951ad6f914a937127f46688479fc0d52119c8fa7920928c7a50db022ad.exe
-
Size
64KB
-
MD5
d85f99d7ed70b69c3fbd2b696f497030
-
SHA1
9f3490fbbe9c908dcf55fb064bc0f25136eade1e
-
SHA256
91f745951ad6f914a937127f46688479fc0d52119c8fa7920928c7a50db022ad
-
SHA512
ecf8fc16da914cedb5bf0f422f8e60644c62f797f250ef33d302b2e2531070167b91cf05ea23c8f12aa142978dcf1ac0fe3a928fef8fc6a4536e31af3ccfbb28
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUuYp+5C8+LuvdY:ymb3NkkiQ3mdBjF0yMl9
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
UPX dump on OEP (original entry point) 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\91f745951ad6f914a937127f46688479fc0d52119c8fa7920928c7a50db022ad.exe"C:\Users\Admin\AppData\Local\Temp\91f745951ad6f914a937127f46688479fc0d52119c8fa7920928c7a50db022ad.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjp.exec:\jdpjp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffrlfl.exec:\fffrlfl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbttt.exec:\hhbttt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppppp.exec:\ppppp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3djdv.exec:\3djdv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlfxxf.exec:\rrlfxxf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnnth.exec:\hnnnth.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbnb.exec:\tnbbnb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpvp.exec:\djpvp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxrllf.exec:\rlxrllf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llllfll.exec:\llllfll.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthnhh.exec:\tthnhh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbbnn.exec:\nbbbnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddjj.exec:\jddjj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpd.exec:\dvvpd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxlfff.exec:\rlxlfff.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lffxrl.exec:\3lffxrl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xrxrrr.exec:\1xrxrrr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9btnnt.exec:\9btnnt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnbtb.exec:\hhnbtb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9djjd.exec:\9djjd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpdd.exec:\pjpdd.exe23⤵
- Executes dropped EXE
-
\??\c:\xxrrxxl.exec:\xxrrxxl.exe24⤵
- Executes dropped EXE
-
\??\c:\rlfxrrr.exec:\rlfxrrr.exe25⤵
- Executes dropped EXE
-
\??\c:\hhbbhh.exec:\hhbbhh.exe26⤵
- Executes dropped EXE
-
\??\c:\bbbttn.exec:\bbbttn.exe27⤵
- Executes dropped EXE
-
\??\c:\vpjpp.exec:\vpjpp.exe28⤵
- Executes dropped EXE
-
\??\c:\ddjjd.exec:\ddjjd.exe29⤵
- Executes dropped EXE
-
\??\c:\vjpjd.exec:\vjpjd.exe30⤵
- Executes dropped EXE
-
\??\c:\xfxxxfx.exec:\xfxxxfx.exe31⤵
- Executes dropped EXE
-
\??\c:\xrlfffx.exec:\xrlfffx.exe32⤵
- Executes dropped EXE
-
\??\c:\1hhnhh.exec:\1hhnhh.exe33⤵
- Executes dropped EXE
-
\??\c:\bnttnb.exec:\bnttnb.exe34⤵
- Executes dropped EXE
-
\??\c:\tntbtt.exec:\tntbtt.exe35⤵
- Executes dropped EXE
-
\??\c:\5jpjv.exec:\5jpjv.exe36⤵
- Executes dropped EXE
-
\??\c:\1jjdd.exec:\1jjdd.exe37⤵
- Executes dropped EXE
-
\??\c:\rlllfff.exec:\rlllfff.exe38⤵
- Executes dropped EXE
-
\??\c:\nbhbnn.exec:\nbhbnn.exe39⤵
- Executes dropped EXE
-
\??\c:\htntbh.exec:\htntbh.exe40⤵
- Executes dropped EXE
-
\??\c:\dvdvd.exec:\dvdvd.exe41⤵
- Executes dropped EXE
-
\??\c:\5ffxrll.exec:\5ffxrll.exe42⤵
- Executes dropped EXE
-
\??\c:\lfxxrrl.exec:\lfxxrrl.exe43⤵
- Executes dropped EXE
-
\??\c:\nhnnnn.exec:\nhnnnn.exe44⤵
- Executes dropped EXE
-
\??\c:\ntttnt.exec:\ntttnt.exe45⤵
- Executes dropped EXE
-
\??\c:\vvvvj.exec:\vvvvj.exe46⤵
- Executes dropped EXE
-
\??\c:\lffxxxr.exec:\lffxxxr.exe47⤵
- Executes dropped EXE
-
\??\c:\lfffxlf.exec:\lfffxlf.exe48⤵
- Executes dropped EXE
-
\??\c:\bhthbt.exec:\bhthbt.exe49⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe50⤵
- Executes dropped EXE
-
\??\c:\lffxxxf.exec:\lffxxxf.exe51⤵
- Executes dropped EXE
-
\??\c:\nhnhhh.exec:\nhnhhh.exe52⤵
- Executes dropped EXE
-
\??\c:\btnhtn.exec:\btnhtn.exe53⤵
- Executes dropped EXE
-
\??\c:\tnnnnn.exec:\tnnnnn.exe54⤵
- Executes dropped EXE
-
\??\c:\tnnbth.exec:\tnnbth.exe55⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe56⤵
- Executes dropped EXE
-
\??\c:\lfrlffx.exec:\lfrlffx.exe57⤵
- Executes dropped EXE
-
\??\c:\tnbbnn.exec:\tnbbnn.exe58⤵
- Executes dropped EXE
-
\??\c:\jjjjv.exec:\jjjjv.exe59⤵
- Executes dropped EXE
-
\??\c:\jjpjp.exec:\jjpjp.exe60⤵
- Executes dropped EXE
-
\??\c:\rllfrrl.exec:\rllfrrl.exe61⤵
- Executes dropped EXE
-
\??\c:\hhhthb.exec:\hhhthb.exe62⤵
- Executes dropped EXE
-
\??\c:\tnbnbb.exec:\tnbnbb.exe63⤵
- Executes dropped EXE
-
\??\c:\vvddj.exec:\vvddj.exe64⤵
- Executes dropped EXE
-
\??\c:\djdvd.exec:\djdvd.exe65⤵
- Executes dropped EXE
-
\??\c:\5xrlflf.exec:\5xrlflf.exe66⤵
-
\??\c:\bnhhhh.exec:\bnhhhh.exe67⤵
-
\??\c:\vppjd.exec:\vppjd.exe68⤵
-
\??\c:\jvdpj.exec:\jvdpj.exe69⤵
-
\??\c:\lfxrrrf.exec:\lfxrrrf.exe70⤵
-
\??\c:\xllfxff.exec:\xllfxff.exe71⤵
-
\??\c:\3tnnhn.exec:\3tnnhn.exe72⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe73⤵
-
\??\c:\dpddd.exec:\dpddd.exe74⤵
-
\??\c:\rxxxrxr.exec:\rxxxrxr.exe75⤵
-
\??\c:\bhnbtt.exec:\bhnbtt.exe76⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe77⤵
-
\??\c:\lrrrllf.exec:\lrrrllf.exe78⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe79⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe80⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe81⤵
-
\??\c:\frlxlrl.exec:\frlxlrl.exe82⤵
-
\??\c:\1bnhtt.exec:\1bnhtt.exe83⤵
-
\??\c:\jvdpv.exec:\jvdpv.exe84⤵
-
\??\c:\3vvjd.exec:\3vvjd.exe85⤵
-
\??\c:\3xfxrrr.exec:\3xfxrrr.exe86⤵
-
\??\c:\bttnbb.exec:\bttnbb.exe87⤵
-
\??\c:\3ddpj.exec:\3ddpj.exe88⤵
-
\??\c:\rlrlrxx.exec:\rlrlrxx.exe89⤵
-
\??\c:\vjjpp.exec:\vjjpp.exe90⤵
-
\??\c:\bbtbbn.exec:\bbtbbn.exe91⤵
-
\??\c:\xxfxrrl.exec:\xxfxrrl.exe92⤵
-
\??\c:\bhnnhb.exec:\bhnnhb.exe93⤵
-
\??\c:\dppvv.exec:\dppvv.exe94⤵
-
\??\c:\3lllflf.exec:\3lllflf.exe95⤵
-
\??\c:\tbhhbb.exec:\tbhhbb.exe96⤵
-
\??\c:\rxlfxrl.exec:\rxlfxrl.exe97⤵
-
\??\c:\vvjdp.exec:\vvjdp.exe98⤵
-
\??\c:\lrlfffx.exec:\lrlfffx.exe99⤵
-
\??\c:\btbttn.exec:\btbttn.exe100⤵
-
\??\c:\1dddd.exec:\1dddd.exe101⤵
-
\??\c:\jvpvv.exec:\jvpvv.exe102⤵
-
\??\c:\lxxrflf.exec:\lxxrflf.exe103⤵
-
\??\c:\htbbtn.exec:\htbbtn.exe104⤵
-
\??\c:\7hbtnn.exec:\7hbtnn.exe105⤵
-
\??\c:\vvpjd.exec:\vvpjd.exe106⤵
-
\??\c:\lrxxrlf.exec:\lrxxrlf.exe107⤵
-
\??\c:\tnhnbb.exec:\tnhnbb.exe108⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe109⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe110⤵
-
\??\c:\rflxlfx.exec:\rflxlfx.exe111⤵
-
\??\c:\llffrll.exec:\llffrll.exe112⤵
-
\??\c:\bnnhbt.exec:\bnnhbt.exe113⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe114⤵
-
\??\c:\xffxfll.exec:\xffxfll.exe115⤵
-
\??\c:\hnbthn.exec:\hnbthn.exe116⤵
-
\??\c:\thnhbb.exec:\thnhbb.exe117⤵
-
\??\c:\pjddv.exec:\pjddv.exe118⤵
-
\??\c:\frrfrlf.exec:\frrfrlf.exe119⤵
-
\??\c:\nhnntt.exec:\nhnntt.exe120⤵
-
\??\c:\hhbthh.exec:\hhbthh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-