Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
20-05-2024 02:52
General
-
Target
cc73d82a1c9a8ebc2ac8abbd0ed393fa688d576cc64668064a7540e13d658fbd.exe
-
Size
57KB
-
MD5
b51bdd5df765e7dcb1055b4d8323ae4c
-
SHA1
e8df4da0bfeb0f4401d1cc4489378192b0be4f0d
-
SHA256
cc73d82a1c9a8ebc2ac8abbd0ed393fa688d576cc64668064a7540e13d658fbd
-
SHA512
e832b20d9325a545338f46b0b1047448386e288978d47329abb7bb3c983e5fa2302cc0bc090738fe3f8c76284666fc2465e2da7067d64137ab582f4f60665c01
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuSwFaEt:ymb3NkkiQ3mdBjFIvIFaEt
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
UPX dump on OEP (original entry point) 19 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 19 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cc73d82a1c9a8ebc2ac8abbd0ed393fa688d576cc64668064a7540e13d658fbd.exe"C:\Users\Admin\AppData\Local\Temp\cc73d82a1c9a8ebc2ac8abbd0ed393fa688d576cc64668064a7540e13d658fbd.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5pdjj.exec:\5pdjj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lfflrf.exec:\5lfflrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhtnnb.exec:\bhtnnb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vvpv.exec:\7vvpv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrxrfr.exec:\xxrxrfr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnhnh.exec:\ttnhnh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvvv.exec:\vvvvv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvvd.exec:\ddvvd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfllrx.exec:\rlfllrx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtthn.exec:\nbtthn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhthh.exec:\tnhthh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dpvv.exec:\1dpvv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlflrxf.exec:\xlflrxf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flfrrfl.exec:\flfrrfl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntbtb.exec:\nntbtb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhnbn.exec:\tnhnbn.exe17⤵
- Executes dropped EXE
-
\??\c:\pppdj.exec:\pppdj.exe18⤵
- Executes dropped EXE
-
\??\c:\rrfrffx.exec:\rrfrffx.exe19⤵
- Executes dropped EXE
-
\??\c:\xrllrff.exec:\xrllrff.exe20⤵
- Executes dropped EXE
-
\??\c:\bbnbht.exec:\bbnbht.exe21⤵
- Executes dropped EXE
-
\??\c:\btthnn.exec:\btthnn.exe22⤵
- Executes dropped EXE
-
\??\c:\vpddp.exec:\vpddp.exe23⤵
- Executes dropped EXE
-
\??\c:\jjdjd.exec:\jjdjd.exe24⤵
- Executes dropped EXE
-
\??\c:\ffflffx.exec:\ffflffx.exe25⤵
- Executes dropped EXE
-
\??\c:\9htnth.exec:\9htnth.exe26⤵
- Executes dropped EXE
-
\??\c:\nhtntb.exec:\nhtntb.exe27⤵
- Executes dropped EXE
-
\??\c:\pjvdp.exec:\pjvdp.exe28⤵
- Executes dropped EXE
-
\??\c:\llfxlfl.exec:\llfxlfl.exe29⤵
- Executes dropped EXE
-
\??\c:\ffxflrx.exec:\ffxflrx.exe30⤵
- Executes dropped EXE
-
\??\c:\tthhnt.exec:\tthhnt.exe31⤵
- Executes dropped EXE
-
\??\c:\hhnthh.exec:\hhnthh.exe32⤵
- Executes dropped EXE
-
\??\c:\vppvj.exec:\vppvj.exe33⤵
- Executes dropped EXE
-
\??\c:\ppppv.exec:\ppppv.exe34⤵
- Executes dropped EXE
-
\??\c:\7xrrflx.exec:\7xrrflx.exe35⤵
- Executes dropped EXE
-
\??\c:\ttnthn.exec:\ttnthn.exe36⤵
- Executes dropped EXE
-
\??\c:\tnthtb.exec:\tnthtb.exe37⤵
- Executes dropped EXE
-
\??\c:\dvpdj.exec:\dvpdj.exe38⤵
- Executes dropped EXE
-
\??\c:\djvpv.exec:\djvpv.exe39⤵
- Executes dropped EXE
-
\??\c:\ffflrxf.exec:\ffflrxf.exe40⤵
- Executes dropped EXE
-
\??\c:\fxxfllf.exec:\fxxfllf.exe41⤵
- Executes dropped EXE
-
\??\c:\9tttnt.exec:\9tttnt.exe42⤵
- Executes dropped EXE
-
\??\c:\nhbhnt.exec:\nhbhnt.exe43⤵
- Executes dropped EXE
-
\??\c:\ddppd.exec:\ddppd.exe44⤵
- Executes dropped EXE
-
\??\c:\vvjpv.exec:\vvjpv.exe45⤵
- Executes dropped EXE
-
\??\c:\9fxrxrx.exec:\9fxrxrx.exe46⤵
- Executes dropped EXE
-
\??\c:\lxfrrxf.exec:\lxfrrxf.exe47⤵
- Executes dropped EXE
-
\??\c:\fflxlrx.exec:\fflxlrx.exe48⤵
- Executes dropped EXE
-
\??\c:\nhthnb.exec:\nhthnb.exe49⤵
- Executes dropped EXE
-
\??\c:\tthntt.exec:\tthntt.exe50⤵
- Executes dropped EXE
-
\??\c:\jdjvv.exec:\jdjvv.exe51⤵
- Executes dropped EXE
-
\??\c:\jdpvd.exec:\jdpvd.exe52⤵
- Executes dropped EXE
-
\??\c:\llrfrrf.exec:\llrfrrf.exe53⤵
- Executes dropped EXE
-
\??\c:\1rllrrx.exec:\1rllrrx.exe54⤵
- Executes dropped EXE
-
\??\c:\btnttb.exec:\btnttb.exe55⤵
- Executes dropped EXE
-
\??\c:\ttbnnb.exec:\ttbnnb.exe56⤵
- Executes dropped EXE
-
\??\c:\pjjpd.exec:\pjjpd.exe57⤵
- Executes dropped EXE
-
\??\c:\vvppd.exec:\vvppd.exe58⤵
- Executes dropped EXE
-
\??\c:\frrlflx.exec:\frrlflx.exe59⤵
- Executes dropped EXE
-
\??\c:\7rfrrxf.exec:\7rfrrxf.exe60⤵
- Executes dropped EXE
-
\??\c:\lxrxflx.exec:\lxrxflx.exe61⤵
- Executes dropped EXE
-
\??\c:\nnbntb.exec:\nnbntb.exe62⤵
- Executes dropped EXE
-
\??\c:\tntbhn.exec:\tntbhn.exe63⤵
- Executes dropped EXE
-
\??\c:\jjpdd.exec:\jjpdd.exe64⤵
- Executes dropped EXE
-
\??\c:\rlxxffl.exec:\rlxxffl.exe65⤵
- Executes dropped EXE
-
\??\c:\tnbbhn.exec:\tnbbhn.exe66⤵
-
\??\c:\bhttbt.exec:\bhttbt.exe67⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe68⤵
-
\??\c:\7jddd.exec:\7jddd.exe69⤵
-
\??\c:\vpjjj.exec:\vpjjj.exe70⤵
-
\??\c:\7xfrxxl.exec:\7xfrxxl.exe71⤵
-
\??\c:\fllrlfr.exec:\fllrlfr.exe72⤵
-
\??\c:\1ththh.exec:\1ththh.exe73⤵
-
\??\c:\btnnbb.exec:\btnnbb.exe74⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe75⤵
-
\??\c:\9jjpv.exec:\9jjpv.exe76⤵
-
\??\c:\rlxfllx.exec:\rlxfllx.exe77⤵
-
\??\c:\frlrxfl.exec:\frlrxfl.exe78⤵
-
\??\c:\3nhbnn.exec:\3nhbnn.exe79⤵
-
\??\c:\nnthtt.exec:\nnthtt.exe80⤵
-
\??\c:\dvvvd.exec:\dvvvd.exe81⤵
-
\??\c:\dvpjp.exec:\dvpjp.exe82⤵
-
\??\c:\7rrrffr.exec:\7rrrffr.exe83⤵
-
\??\c:\rrlxlxl.exec:\rrlxlxl.exe84⤵
-
\??\c:\bnnnbb.exec:\bnnnbb.exe85⤵
-
\??\c:\bbbhbn.exec:\bbbhbn.exe86⤵
-
\??\c:\ppddp.exec:\ppddp.exe87⤵
-
\??\c:\pdvpv.exec:\pdvpv.exe88⤵
-
\??\c:\7rlxrlf.exec:\7rlxrlf.exe89⤵
-
\??\c:\llrflrx.exec:\llrflrx.exe90⤵
-
\??\c:\btbhnt.exec:\btbhnt.exe91⤵
-
\??\c:\tnbthh.exec:\tnbthh.exe92⤵
-
\??\c:\pppvd.exec:\pppvd.exe93⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe94⤵
-
\??\c:\dddvd.exec:\dddvd.exe95⤵
-
\??\c:\rlllrxr.exec:\rlllrxr.exe96⤵
-
\??\c:\5rffffr.exec:\5rffffr.exe97⤵
-
\??\c:\nhtnhb.exec:\nhtnhb.exe98⤵
-
\??\c:\bnbnbn.exec:\bnbnbn.exe99⤵
-
\??\c:\9jjjp.exec:\9jjjp.exe100⤵
-
\??\c:\1vpvd.exec:\1vpvd.exe101⤵
-
\??\c:\llfrflx.exec:\llfrflx.exe102⤵
-
\??\c:\rlrfllx.exec:\rlrfllx.exe103⤵
-
\??\c:\btbhhh.exec:\btbhhh.exe104⤵
-
\??\c:\3btbnb.exec:\3btbnb.exe105⤵
-
\??\c:\1vpvj.exec:\1vpvj.exe106⤵
-
\??\c:\9jdvd.exec:\9jdvd.exe107⤵
-
\??\c:\rrlfxfx.exec:\rrlfxfx.exe108⤵
-
\??\c:\rlxfrrx.exec:\rlxfrrx.exe109⤵
-
\??\c:\btbtbb.exec:\btbtbb.exe110⤵
-
\??\c:\bnhtbb.exec:\bnhtbb.exe111⤵
-
\??\c:\hhbhnt.exec:\hhbhnt.exe112⤵
-
\??\c:\7pvdj.exec:\7pvdj.exe113⤵
-
\??\c:\1vjjp.exec:\1vjjp.exe114⤵
-
\??\c:\xxfxxlf.exec:\xxfxxlf.exe115⤵
-
\??\c:\lfxflll.exec:\lfxflll.exe116⤵
-
\??\c:\bthntb.exec:\bthntb.exe117⤵
-
\??\c:\nhtttt.exec:\nhtttt.exe118⤵
-
\??\c:\vvpdd.exec:\vvpdd.exe119⤵
-
\??\c:\vpppv.exec:\vpppv.exe120⤵
-
\??\c:\rxxllfr.exec:\rxxllfr.exe121⤵
-
\??\c:\ffxxlfx.exec:\ffxxlfx.exe122⤵
-
\??\c:\ntthnt.exec:\ntthnt.exe123⤵
-
\??\c:\bthhhh.exec:\bthhhh.exe124⤵
-
\??\c:\ddvvv.exec:\ddvvv.exe125⤵
-
\??\c:\9vvdj.exec:\9vvdj.exe126⤵
-
\??\c:\fflrxfl.exec:\fflrxfl.exe127⤵
-
\??\c:\fxrrxfl.exec:\fxrrxfl.exe128⤵
-
\??\c:\hhtntn.exec:\hhtntn.exe129⤵
-
\??\c:\nbttbb.exec:\nbttbb.exe130⤵
-
\??\c:\1tnbnt.exec:\1tnbnt.exe131⤵
-
\??\c:\ppppd.exec:\ppppd.exe132⤵
-
\??\c:\dddpp.exec:\dddpp.exe133⤵
-
\??\c:\xrrrxxr.exec:\xrrrxxr.exe134⤵
-
\??\c:\hthntb.exec:\hthntb.exe135⤵
-
\??\c:\3nnttt.exec:\3nnttt.exe136⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe137⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe138⤵
-
\??\c:\7djvj.exec:\7djvj.exe139⤵
-
\??\c:\llxxlxf.exec:\llxxlxf.exe140⤵
-
\??\c:\xrflxlr.exec:\xrflxlr.exe141⤵
-
\??\c:\btnhnn.exec:\btnhnn.exe142⤵
-
\??\c:\5ntbhb.exec:\5ntbhb.exe143⤵
-
\??\c:\dvvdj.exec:\dvvdj.exe144⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe145⤵
-
\??\c:\llrrrfl.exec:\llrrrfl.exe146⤵
-
\??\c:\ffxxfrf.exec:\ffxxfrf.exe147⤵
-
\??\c:\xxflrrx.exec:\xxflrrx.exe148⤵
-
\??\c:\1nhttt.exec:\1nhttt.exe149⤵
-
\??\c:\ttttbt.exec:\ttttbt.exe150⤵
-
\??\c:\dvvdj.exec:\dvvdj.exe151⤵
-
\??\c:\dvvdd.exec:\dvvdd.exe152⤵
-
\??\c:\xrlrrlr.exec:\xrlrrlr.exe153⤵
-
\??\c:\llrrfxl.exec:\llrrfxl.exe154⤵
-
\??\c:\fxllxfl.exec:\fxllxfl.exe155⤵
-
\??\c:\btbhtb.exec:\btbhtb.exe156⤵
-
\??\c:\vvjdj.exec:\vvjdj.exe157⤵
-
\??\c:\jjjvd.exec:\jjjvd.exe158⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe159⤵
-
\??\c:\9rrrffl.exec:\9rrrffl.exe160⤵
-
\??\c:\tnhbnb.exec:\tnhbnb.exe161⤵
-
\??\c:\1bhhhh.exec:\1bhhhh.exe162⤵
-
\??\c:\bbthhn.exec:\bbthhn.exe163⤵
-
\??\c:\ddvjp.exec:\ddvjp.exe164⤵
-
\??\c:\jjpvd.exec:\jjpvd.exe165⤵
-
\??\c:\lfrfrxl.exec:\lfrfrxl.exe166⤵
-
\??\c:\3xxlrxf.exec:\3xxlrxf.exe167⤵
-
\??\c:\1rfxflr.exec:\1rfxflr.exe168⤵
-
\??\c:\9nhhtb.exec:\9nhhtb.exe169⤵
-
\??\c:\3tnbbh.exec:\3tnbbh.exe170⤵
-
\??\c:\vvjdd.exec:\vvjdd.exe171⤵
-
\??\c:\9pjjp.exec:\9pjjp.exe172⤵
-
\??\c:\llffllx.exec:\llffllx.exe173⤵
-
\??\c:\rlflrxl.exec:\rlflrxl.exe174⤵
-
\??\c:\bnhnhn.exec:\bnhnhn.exe175⤵
-
\??\c:\bbthhn.exec:\bbthhn.exe176⤵
-
\??\c:\vjjpp.exec:\vjjpp.exe177⤵
-
\??\c:\jdppp.exec:\jdppp.exe178⤵
-
\??\c:\1dvpv.exec:\1dvpv.exe179⤵
-
\??\c:\lflxxxf.exec:\lflxxxf.exe180⤵
-
\??\c:\5llflrx.exec:\5llflrx.exe181⤵
-
\??\c:\nhttbn.exec:\nhttbn.exe182⤵
-
\??\c:\3nhnbt.exec:\3nhnbt.exe183⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe184⤵
-
\??\c:\5dvvd.exec:\5dvvd.exe185⤵
-
\??\c:\pjppv.exec:\pjppv.exe186⤵
-
\??\c:\lfrrxxl.exec:\lfrrxxl.exe187⤵
-
\??\c:\1fxxfxf.exec:\1fxxfxf.exe188⤵
-
\??\c:\7tthtb.exec:\7tthtb.exe189⤵
-
\??\c:\tnbbhn.exec:\tnbbhn.exe190⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe191⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe192⤵
-
\??\c:\fxxlrfr.exec:\fxxlrfr.exe193⤵
-
\??\c:\fxrrxxx.exec:\fxrrxxx.exe194⤵
-
\??\c:\nhnnhn.exec:\nhnnhn.exe195⤵
-
\??\c:\7nthhh.exec:\7nthhh.exe196⤵
-
\??\c:\nhtbnn.exec:\nhtbnn.exe197⤵
-
\??\c:\3dpjp.exec:\3dpjp.exe198⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe199⤵
-
\??\c:\fxlxxxl.exec:\fxlxxxl.exe200⤵
-
\??\c:\rrrfxff.exec:\rrrfxff.exe201⤵
-
\??\c:\3frrxxx.exec:\3frrxxx.exe202⤵
-
\??\c:\bhnbnt.exec:\bhnbnt.exe203⤵
-
\??\c:\ttthhb.exec:\ttthhb.exe204⤵
-
\??\c:\jjjjv.exec:\jjjjv.exe205⤵
-
\??\c:\ppdpp.exec:\ppdpp.exe206⤵
-
\??\c:\ffxxlxf.exec:\ffxxlxf.exe207⤵
-
\??\c:\bbtthh.exec:\bbtthh.exe208⤵
-
\??\c:\nhbntt.exec:\nhbntt.exe209⤵
-
\??\c:\hhtbbn.exec:\hhtbbn.exe210⤵
-
\??\c:\3vvvd.exec:\3vvvd.exe211⤵
-
\??\c:\xrfrfxx.exec:\xrfrfxx.exe212⤵
-
\??\c:\xrflrxx.exec:\xrflrxx.exe213⤵
-
\??\c:\1ffxxrl.exec:\1ffxxrl.exe214⤵
-
\??\c:\nhbhbh.exec:\nhbhbh.exe215⤵
-
\??\c:\9tnttt.exec:\9tnttt.exe216⤵
-
\??\c:\rlffllx.exec:\rlffllx.exe217⤵
-
\??\c:\xrfrlfr.exec:\xrfrlfr.exe218⤵
-
\??\c:\btntnt.exec:\btntnt.exe219⤵
-
\??\c:\pvpvp.exec:\pvpvp.exe220⤵
-
\??\c:\ppdjp.exec:\ppdjp.exe221⤵
-
\??\c:\rlxxfrl.exec:\rlxxfrl.exe222⤵
-
\??\c:\bthnnh.exec:\bthnnh.exe223⤵
-
\??\c:\nhhnbt.exec:\nhhnbt.exe224⤵
-
\??\c:\ttnbhn.exec:\ttnbhn.exe225⤵
-
\??\c:\7dvdp.exec:\7dvdp.exe226⤵
-
\??\c:\7dvvv.exec:\7dvvv.exe227⤵
-
\??\c:\rlffrrx.exec:\rlffrrx.exe228⤵
-
\??\c:\fxlrxxl.exec:\fxlrxxl.exe229⤵
-
\??\c:\1htbbh.exec:\1htbbh.exe230⤵
-
\??\c:\nhbnth.exec:\nhbnth.exe231⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe232⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe233⤵
-
\??\c:\1xxrflx.exec:\1xxrflx.exe234⤵
-
\??\c:\5rllrrl.exec:\5rllrrl.exe235⤵
-
\??\c:\7tntbn.exec:\7tntbn.exe236⤵
-
\??\c:\nnttbb.exec:\nnttbb.exe237⤵
-
\??\c:\vdddd.exec:\vdddd.exe238⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe239⤵
-
\??\c:\lfxllxf.exec:\lfxllxf.exe240⤵
-
\??\c:\fxxlrfl.exec:\fxxlrfl.exe241⤵