Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
20-05-2024 03:40
General
-
Target
de987544389df960e2d348a6a2aa531aab207995a7a9a9a85ab8ca905e136c2d.exe
-
Size
245KB
-
MD5
6588e6442ca562303a06c08a6e9ad0c7
-
SHA1
4e3d73ad83dab235ba6a9cd4620d55be4cc1efe1
-
SHA256
de987544389df960e2d348a6a2aa531aab207995a7a9a9a85ab8ca905e136c2d
-
SHA512
c49785771528602130d4b0e36a863944e79003adbad90920e0d0dc461ca10bed6042daa51e55acdc9e9bef1167e676e35562517acc71eae8402636e278009345
-
SSDEEP
6144:n3C9BRo7tvnJ9oEz2Eu9XgcVyDOoZU0wGFspp:n3C9ytvnV2NQAo20wGFC
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
UPX dump on OEP (original entry point) 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\de987544389df960e2d348a6a2aa531aab207995a7a9a9a85ab8ca905e136c2d.exe"C:\Users\Admin\AppData\Local\Temp\de987544389df960e2d348a6a2aa531aab207995a7a9a9a85ab8ca905e136c2d.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlrrlf.exec:\xxlrrlf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhtnb.exec:\tnhtnb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxlff.exec:\rlxxlff.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbtnb.exec:\tbbtnb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjvj.exec:\jdjvj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rfffxr.exec:\3rfffxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bnnbh.exec:\1bnnbh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdvv.exec:\jjdvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxfxlx.exec:\llxfxlx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnthh.exec:\nbnthh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjpj.exec:\dvjpj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxflrff.exec:\lxflrff.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthtnt.exec:\bthtnt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlffxrr.exec:\rlffxrr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfrxr.exec:\rllfrxr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthntb.exec:\nthntb.exe17⤵
- Executes dropped EXE
-
\??\c:\rflflxl.exec:\rflflxl.exe18⤵
- Executes dropped EXE
-
\??\c:\xxxfrfr.exec:\xxxfrfr.exe19⤵
- Executes dropped EXE
-
\??\c:\tnhnbb.exec:\tnhnbb.exe20⤵
- Executes dropped EXE
-
\??\c:\jdpdp.exec:\jdpdp.exe21⤵
- Executes dropped EXE
-
\??\c:\9lxfrrf.exec:\9lxfrrf.exe22⤵
- Executes dropped EXE
-
\??\c:\hthhnn.exec:\hthhnn.exe23⤵
- Executes dropped EXE
-
\??\c:\3vjvj.exec:\3vjvj.exe24⤵
- Executes dropped EXE
-
\??\c:\vvpvj.exec:\vvpvj.exe25⤵
- Executes dropped EXE
-
\??\c:\frllxfr.exec:\frllxfr.exe26⤵
- Executes dropped EXE
-
\??\c:\htbtht.exec:\htbtht.exe27⤵
- Executes dropped EXE
-
\??\c:\pjjvj.exec:\pjjvj.exe28⤵
- Executes dropped EXE
-
\??\c:\5rlrxxl.exec:\5rlrxxl.exe29⤵
- Executes dropped EXE
-
\??\c:\hbttnt.exec:\hbttnt.exe30⤵
- Executes dropped EXE
-
\??\c:\dpdjp.exec:\dpdjp.exe31⤵
- Executes dropped EXE
-
\??\c:\fxxlrff.exec:\fxxlrff.exe32⤵
- Executes dropped EXE
-
\??\c:\fxllxxr.exec:\fxllxxr.exe33⤵
- Executes dropped EXE
-
\??\c:\hhthnb.exec:\hhthnb.exe34⤵
- Executes dropped EXE
-
\??\c:\dddvd.exec:\dddvd.exe35⤵
- Executes dropped EXE
-
\??\c:\5pddd.exec:\5pddd.exe36⤵
- Executes dropped EXE
-
\??\c:\rlxfxrr.exec:\rlxfxrr.exe37⤵
- Executes dropped EXE
-
\??\c:\5tnthn.exec:\5tnthn.exe38⤵
- Executes dropped EXE
-
\??\c:\hnhtbb.exec:\hnhtbb.exe39⤵
- Executes dropped EXE
-
\??\c:\pvddd.exec:\pvddd.exe40⤵
- Executes dropped EXE
-
\??\c:\vvpjv.exec:\vvpjv.exe41⤵
- Executes dropped EXE
-
\??\c:\rlfffrf.exec:\rlfffrf.exe42⤵
- Executes dropped EXE
-
\??\c:\1tntnn.exec:\1tntnn.exe43⤵
- Executes dropped EXE
-
\??\c:\hhbntb.exec:\hhbntb.exe44⤵
- Executes dropped EXE
-
\??\c:\vpdjd.exec:\vpdjd.exe45⤵
- Executes dropped EXE
-
\??\c:\3xrrlrf.exec:\3xrrlrf.exe46⤵
- Executes dropped EXE
-
\??\c:\fxrlxxl.exec:\fxrlxxl.exe47⤵
- Executes dropped EXE
-
\??\c:\1hhbhn.exec:\1hhbhn.exe48⤵
- Executes dropped EXE
-
\??\c:\hbbhtb.exec:\hbbhtb.exe49⤵
- Executes dropped EXE
-
\??\c:\vppdj.exec:\vppdj.exe50⤵
- Executes dropped EXE
-
\??\c:\vpdpv.exec:\vpdpv.exe51⤵
- Executes dropped EXE
-
\??\c:\llfrlrf.exec:\llfrlrf.exe52⤵
- Executes dropped EXE
-
\??\c:\1xllxlr.exec:\1xllxlr.exe53⤵
- Executes dropped EXE
-
\??\c:\nhbbhh.exec:\nhbbhh.exe54⤵
- Executes dropped EXE
-
\??\c:\ddvdj.exec:\ddvdj.exe55⤵
- Executes dropped EXE
-
\??\c:\pjjvj.exec:\pjjvj.exe56⤵
- Executes dropped EXE
-
\??\c:\llxfxfx.exec:\llxfxfx.exe57⤵
- Executes dropped EXE
-
\??\c:\1xrlxxf.exec:\1xrlxxf.exe58⤵
- Executes dropped EXE
-
\??\c:\hhttbh.exec:\hhttbh.exe59⤵
- Executes dropped EXE
-
\??\c:\nntthn.exec:\nntthn.exe60⤵
- Executes dropped EXE
-
\??\c:\3jpvp.exec:\3jpvp.exe61⤵
- Executes dropped EXE
-
\??\c:\jdpdp.exec:\jdpdp.exe62⤵
- Executes dropped EXE
-
\??\c:\9xrxrfr.exec:\9xrxrfr.exe63⤵
- Executes dropped EXE
-
\??\c:\1rlrrlr.exec:\1rlrrlr.exe64⤵
- Executes dropped EXE
-
\??\c:\hhhthh.exec:\hhhthh.exe65⤵
- Executes dropped EXE
-
\??\c:\btnnbb.exec:\btnnbb.exe66⤵
-
\??\c:\pjppp.exec:\pjppp.exe67⤵
-
\??\c:\3rfrlxr.exec:\3rfrlxr.exe68⤵
-
\??\c:\3lfxrxl.exec:\3lfxrxl.exe69⤵
-
\??\c:\nhtnht.exec:\nhtnht.exe70⤵
-
\??\c:\7nhhbh.exec:\7nhhbh.exe71⤵
-
\??\c:\jvjpd.exec:\jvjpd.exe72⤵
-
\??\c:\pddjv.exec:\pddjv.exe73⤵
-
\??\c:\7xrxxfr.exec:\7xrxxfr.exe74⤵
-
\??\c:\hhnbbh.exec:\hhnbbh.exe75⤵
-
\??\c:\ttnbbh.exec:\ttnbbh.exe76⤵
-
\??\c:\jvjpv.exec:\jvjpv.exe77⤵
-
\??\c:\ppdjj.exec:\ppdjj.exe78⤵
-
\??\c:\rlxfrxf.exec:\rlxfrxf.exe79⤵
-
\??\c:\3rrxllf.exec:\3rrxllf.exe80⤵
-
\??\c:\5nnhth.exec:\5nnhth.exe81⤵
-
\??\c:\3jppv.exec:\3jppv.exe82⤵
-
\??\c:\vjdjv.exec:\vjdjv.exe83⤵
-
\??\c:\1rxxxfr.exec:\1rxxxfr.exe84⤵
-
\??\c:\llfrlfr.exec:\llfrlfr.exe85⤵
-
\??\c:\tntthh.exec:\tntthh.exe86⤵
-
\??\c:\pdvdj.exec:\pdvdj.exe87⤵
-
\??\c:\5dpdp.exec:\5dpdp.exe88⤵
-
\??\c:\fllxrlr.exec:\fllxrlr.exe89⤵
-
\??\c:\7fxrflx.exec:\7fxrflx.exe90⤵
-
\??\c:\bbntnt.exec:\bbntnt.exe91⤵
-
\??\c:\bthnbh.exec:\bthnbh.exe92⤵
-
\??\c:\pppdp.exec:\pppdp.exe93⤵
-
\??\c:\rrxlxll.exec:\rrxlxll.exe94⤵
-
\??\c:\fxrflll.exec:\fxrflll.exe95⤵
-
\??\c:\hbntht.exec:\hbntht.exe96⤵
-
\??\c:\3tthtb.exec:\3tthtb.exe97⤵
-
\??\c:\jdppj.exec:\jdppj.exe98⤵
-
\??\c:\7jpdp.exec:\7jpdp.exe99⤵
-
\??\c:\5fxxxlx.exec:\5fxxxlx.exe100⤵
-
\??\c:\xrlllrf.exec:\xrlllrf.exe101⤵
-
\??\c:\hhthbn.exec:\hhthbn.exe102⤵
-
\??\c:\hbnnbb.exec:\hbnnbb.exe103⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe104⤵
-
\??\c:\3xxlxfx.exec:\3xxlxfx.exe105⤵
-
\??\c:\xxrlxlx.exec:\xxrlxlx.exe106⤵
-
\??\c:\hnntth.exec:\hnntth.exe107⤵
-
\??\c:\bbbtht.exec:\bbbtht.exe108⤵
-
\??\c:\5djdd.exec:\5djdd.exe109⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe110⤵
-
\??\c:\rllxflx.exec:\rllxflx.exe111⤵
-
\??\c:\nhthnt.exec:\nhthnt.exe112⤵
-
\??\c:\hhbnbh.exec:\hhbnbh.exe113⤵
-
\??\c:\pdvvd.exec:\pdvvd.exe114⤵
-
\??\c:\dppvv.exec:\dppvv.exe115⤵
-
\??\c:\rfllrlr.exec:\rfllrlr.exe116⤵
-
\??\c:\9rrlrxf.exec:\9rrlrxf.exe117⤵
-
\??\c:\tttbtb.exec:\tttbtb.exe118⤵
-
\??\c:\btbhnt.exec:\btbhnt.exe119⤵
-
\??\c:\5jvvd.exec:\5jvvd.exe120⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe121⤵
-
\??\c:\rxxrlxl.exec:\rxxrlxl.exe122⤵
-
\??\c:\hhtbnb.exec:\hhtbnb.exe123⤵
-
\??\c:\nbhtbt.exec:\nbhtbt.exe124⤵
-
\??\c:\1vdpp.exec:\1vdpp.exe125⤵
-
\??\c:\7jvvd.exec:\7jvvd.exe126⤵
-
\??\c:\ffrxrfr.exec:\ffrxrfr.exe127⤵
-
\??\c:\9xxfrxl.exec:\9xxfrxl.exe128⤵
-
\??\c:\3bbhhh.exec:\3bbhhh.exe129⤵
-
\??\c:\vjvdj.exec:\vjvdj.exe130⤵
-
\??\c:\jpjdp.exec:\jpjdp.exe131⤵
-
\??\c:\xfrrlrf.exec:\xfrrlrf.exe132⤵
-
\??\c:\bnttbb.exec:\bnttbb.exe133⤵
-
\??\c:\btthnb.exec:\btthnb.exe134⤵
-
\??\c:\vpjvp.exec:\vpjvp.exe135⤵
-
\??\c:\jddpv.exec:\jddpv.exe136⤵
-
\??\c:\frrflff.exec:\frrflff.exe137⤵
-
\??\c:\rlfxxlf.exec:\rlfxxlf.exe138⤵
-
\??\c:\7hhtbn.exec:\7hhtbn.exe139⤵
-
\??\c:\btnhbh.exec:\btnhbh.exe140⤵
-
\??\c:\ddppv.exec:\ddppv.exe141⤵
-
\??\c:\rrrxlfr.exec:\rrrxlfr.exe142⤵
-
\??\c:\fxlrffx.exec:\fxlrffx.exe143⤵
-
\??\c:\7tnbhh.exec:\7tnbhh.exe144⤵
-
\??\c:\nhbttb.exec:\nhbttb.exe145⤵
-
\??\c:\vvpvj.exec:\vvpvj.exe146⤵
-
\??\c:\7pjpd.exec:\7pjpd.exe147⤵
-
\??\c:\rrffxxr.exec:\rrffxxr.exe148⤵
-
\??\c:\9ntbtt.exec:\9ntbtt.exe149⤵
-
\??\c:\1htbbh.exec:\1htbbh.exe150⤵
-
\??\c:\dvpdp.exec:\dvpdp.exe151⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe152⤵
-
\??\c:\9frrxxf.exec:\9frrxxf.exe153⤵
-
\??\c:\rlffrxx.exec:\rlffrxx.exe154⤵
-
\??\c:\hbntnb.exec:\hbntnb.exe155⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe156⤵
-
\??\c:\9dpdj.exec:\9dpdj.exe157⤵
-
\??\c:\xxlrlfx.exec:\xxlrlfx.exe158⤵
-
\??\c:\xfxflrf.exec:\xfxflrf.exe159⤵
-
\??\c:\7bntbb.exec:\7bntbb.exe160⤵
-
\??\c:\bbbnnb.exec:\bbbnnb.exe161⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe162⤵
-
\??\c:\dvdpv.exec:\dvdpv.exe163⤵
-
\??\c:\rlrrxfr.exec:\rlrrxfr.exe164⤵
-
\??\c:\lfxfrrx.exec:\lfxfrrx.exe165⤵
-
\??\c:\3hbntb.exec:\3hbntb.exe166⤵
-
\??\c:\bnhttb.exec:\bnhttb.exe167⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe168⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe169⤵
-
\??\c:\lfflffr.exec:\lfflffr.exe170⤵
-
\??\c:\ntnnhn.exec:\ntnnhn.exe171⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe172⤵
-
\??\c:\llfxrfr.exec:\llfxrfr.exe173⤵
-
\??\c:\xrllxfx.exec:\xrllxfx.exe174⤵
-
\??\c:\nhhntb.exec:\nhhntb.exe175⤵
-
\??\c:\ttnnbb.exec:\ttnnbb.exe176⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe177⤵
-
\??\c:\lffllrr.exec:\lffllrr.exe178⤵
-
\??\c:\7rlxfrx.exec:\7rlxfrx.exe179⤵
-
\??\c:\hbnnbb.exec:\hbnnbb.exe180⤵
-
\??\c:\1tnttb.exec:\1tnttb.exe181⤵
-
\??\c:\5pjjp.exec:\5pjjp.exe182⤵
-
\??\c:\pdpvd.exec:\pdpvd.exe183⤵
-
\??\c:\fxrrlxl.exec:\fxrrlxl.exe184⤵
-
\??\c:\rlxxflf.exec:\rlxxflf.exe185⤵
-
\??\c:\btnbtb.exec:\btnbtb.exe186⤵
-
\??\c:\tbbnbn.exec:\tbbnbn.exe187⤵
-
\??\c:\vpvdv.exec:\vpvdv.exe188⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe189⤵
-
\??\c:\ffrlrrf.exec:\ffrlrrf.exe190⤵
-
\??\c:\llxfflx.exec:\llxfflx.exe191⤵
-
\??\c:\hbnbnb.exec:\hbnbnb.exe192⤵
-
\??\c:\thbbnn.exec:\thbbnn.exe193⤵
-
\??\c:\3dpdp.exec:\3dpdp.exe194⤵
-
\??\c:\pjjdj.exec:\pjjdj.exe195⤵
-
\??\c:\ffxfrrx.exec:\ffxfrrx.exe196⤵
-
\??\c:\lfxxlrf.exec:\lfxxlrf.exe197⤵
-
\??\c:\hbthht.exec:\hbthht.exe198⤵
-
\??\c:\hbttht.exec:\hbttht.exe199⤵
-
\??\c:\7jvdj.exec:\7jvdj.exe200⤵
-
\??\c:\vvdpd.exec:\vvdpd.exe201⤵
-
\??\c:\xlrrrrf.exec:\xlrrrrf.exe202⤵
-
\??\c:\lfxlxlx.exec:\lfxlxlx.exe203⤵
-
\??\c:\hbthbb.exec:\hbthbb.exe204⤵
-
\??\c:\9hnhbh.exec:\9hnhbh.exe205⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe206⤵
-
\??\c:\dpjpd.exec:\dpjpd.exe207⤵
-
\??\c:\lxrxffx.exec:\lxrxffx.exe208⤵
-
\??\c:\tbbtbn.exec:\tbbtbn.exe209⤵
-
\??\c:\ntbhbt.exec:\ntbhbt.exe210⤵
-
\??\c:\pjdjd.exec:\pjdjd.exe211⤵
-
\??\c:\1pdjv.exec:\1pdjv.exe212⤵
-
\??\c:\rfrrxrr.exec:\rfrrxrr.exe213⤵
-
\??\c:\rlrfllx.exec:\rlrfllx.exe214⤵
-
\??\c:\9thnnt.exec:\9thnnt.exe215⤵
-
\??\c:\nnttht.exec:\nnttht.exe216⤵
-
\??\c:\3dvvj.exec:\3dvvj.exe217⤵
-
\??\c:\5xxxffr.exec:\5xxxffr.exe218⤵
-
\??\c:\fxrlrxf.exec:\fxrlrxf.exe219⤵
-
\??\c:\thnnhb.exec:\thnnhb.exe220⤵
-
\??\c:\hthbbb.exec:\hthbbb.exe221⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe222⤵
-
\??\c:\3dpjp.exec:\3dpjp.exe223⤵
-
\??\c:\rflrxrx.exec:\rflrxrx.exe224⤵
-
\??\c:\1rfxrxx.exec:\1rfxrxx.exe225⤵
-
\??\c:\tnbhnh.exec:\tnbhnh.exe226⤵
-
\??\c:\nbbbbt.exec:\nbbbbt.exe227⤵
-
\??\c:\pdjvd.exec:\pdjvd.exe228⤵
-
\??\c:\vjppd.exec:\vjppd.exe229⤵
-
\??\c:\rlrrrxr.exec:\rlrrrxr.exe230⤵
-
\??\c:\lfllrxl.exec:\lfllrxl.exe231⤵
-
\??\c:\bhbnbb.exec:\bhbnbb.exe232⤵
-
\??\c:\dvppj.exec:\dvppj.exe233⤵
-
\??\c:\1vjvd.exec:\1vjvd.exe234⤵
-
\??\c:\xlrrrxr.exec:\xlrrrxr.exe235⤵
-
\??\c:\rlxxlxx.exec:\rlxxlxx.exe236⤵
-
\??\c:\9bbbbh.exec:\9bbbbh.exe237⤵
-
\??\c:\nbntnn.exec:\nbntnn.exe238⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe239⤵
-
\??\c:\llxrrlr.exec:\llxrrlr.exe240⤵
-
\??\c:\nbnntt.exec:\nbnntt.exe241⤵