Analysis
-
max time kernel
150s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
20-05-2024 03:26
General
-
Target
d9448dc0e6303c0638d6d8e2b60f29003a2a420111ee49916bc2e302a91984f0.exe
-
Size
214KB
-
MD5
6ab41c9b4b6f57757d95356a581343ca
-
SHA1
79127bdf8658cac329aeff048a9ce6b0c3224201
-
SHA256
d9448dc0e6303c0638d6d8e2b60f29003a2a420111ee49916bc2e302a91984f0
-
SHA512
fda8c42822a1d23d525cf09972a328cc8519a0d6ea4ff16eb537be3cb3e0dd9ebdd72d5be2a55289ded6bd24e821aebd18414cf5aeaaa24d245b259bf2ca2c93
-
SSDEEP
3072:ZhOm2sI93UufdC67ciEu0P5axvqdUmdznCvs7BuRoYFBg/gXVqPfSoi0yG24ePj:Zcm7ImGddXEu0ucju6/4kf724e
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 46 IoCs
-
UPX dump on OEP (original entry point) 52 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 54 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d9448dc0e6303c0638d6d8e2b60f29003a2a420111ee49916bc2e302a91984f0.exe"C:\Users\Admin\AppData\Local\Temp\d9448dc0e6303c0638d6d8e2b60f29003a2a420111ee49916bc2e302a91984f0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rrphxpn.exec:\rrphxpn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjbpphl.exec:\pjbpphl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhdfbjp.exec:\hhdfbjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dphljr.exec:\dphljr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dxprnn.exec:\dxprnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpthxhj.exec:\vpthxhj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rnvxf.exec:\rnvxf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\blfrxpd.exec:\blfrxpd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhpxdld.exec:\bhpxdld.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vxjxt.exec:\vxjxt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ftftt.exec:\ftftt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rjjrnv.exec:\rjjrnv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\plvdrh.exec:\plvdrh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btvvdth.exec:\btvvdth.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\njfxhlh.exec:\njfxhlh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\prxtflv.exec:\prxtflv.exe17⤵
- Executes dropped EXE
-
\??\c:\jjdlv.exec:\jjdlv.exe18⤵
- Executes dropped EXE
-
\??\c:\bnrhtrx.exec:\bnrhtrx.exe19⤵
- Executes dropped EXE
-
\??\c:\nhffrnv.exec:\nhffrnv.exe20⤵
- Executes dropped EXE
-
\??\c:\rllbn.exec:\rllbn.exe21⤵
- Executes dropped EXE
-
\??\c:\rrjbbp.exec:\rrjbbp.exe22⤵
- Executes dropped EXE
-
\??\c:\tbvdh.exec:\tbvdh.exe23⤵
- Executes dropped EXE
-
\??\c:\ldjjt.exec:\ldjjt.exe24⤵
- Executes dropped EXE
-
\??\c:\nvxhhtv.exec:\nvxhhtv.exe25⤵
- Executes dropped EXE
-
\??\c:\vxxnb.exec:\vxxnb.exe26⤵
- Executes dropped EXE
-
\??\c:\btnndrf.exec:\btnndrf.exe27⤵
- Executes dropped EXE
-
\??\c:\rvjrvp.exec:\rvjrvp.exe28⤵
- Executes dropped EXE
-
\??\c:\xntxvh.exec:\xntxvh.exe29⤵
- Executes dropped EXE
-
\??\c:\rvnxxd.exec:\rvnxxd.exe30⤵
- Executes dropped EXE
-
\??\c:\tbhddx.exec:\tbhddx.exe31⤵
- Executes dropped EXE
-
\??\c:\btbnprf.exec:\btbnprf.exe32⤵
- Executes dropped EXE
-
\??\c:\hpplnhx.exec:\hpplnhx.exe33⤵
- Executes dropped EXE
-
\??\c:\prntp.exec:\prntp.exe34⤵
- Executes dropped EXE
-
\??\c:\rrjrd.exec:\rrjrd.exe35⤵
- Executes dropped EXE
-
\??\c:\ldhhl.exec:\ldhhl.exe36⤵
- Executes dropped EXE
-
\??\c:\rjvtx.exec:\rjvtx.exe37⤵
- Executes dropped EXE
-
\??\c:\pxhbdpv.exec:\pxhbdpv.exe38⤵
- Executes dropped EXE
-
\??\c:\blvjv.exec:\blvjv.exe39⤵
- Executes dropped EXE
-
\??\c:\brdpjf.exec:\brdpjf.exe40⤵
- Executes dropped EXE
-
\??\c:\tbbhvp.exec:\tbbhvp.exe41⤵
- Executes dropped EXE
-
\??\c:\jlvjbt.exec:\jlvjbt.exe42⤵
- Executes dropped EXE
-
\??\c:\ttfvrx.exec:\ttfvrx.exe43⤵
- Executes dropped EXE
-
\??\c:\bfdjpxl.exec:\bfdjpxl.exe44⤵
- Executes dropped EXE
-
\??\c:\pjvfft.exec:\pjvfft.exe45⤵
- Executes dropped EXE
-
\??\c:\tvffflv.exec:\tvffflv.exe46⤵
- Executes dropped EXE
-
\??\c:\vvdjr.exec:\vvdjr.exe47⤵
- Executes dropped EXE
-
\??\c:\nlpplv.exec:\nlpplv.exe48⤵
- Executes dropped EXE
-
\??\c:\ftxvvx.exec:\ftxvvx.exe49⤵
- Executes dropped EXE
-
\??\c:\lxxrh.exec:\lxxrh.exe50⤵
- Executes dropped EXE
-
\??\c:\pddhplr.exec:\pddhplr.exe51⤵
- Executes dropped EXE
-
\??\c:\xnldtb.exec:\xnldtb.exe52⤵
- Executes dropped EXE
-
\??\c:\pfbjbn.exec:\pfbjbn.exe53⤵
- Executes dropped EXE
-
\??\c:\fphppr.exec:\fphppr.exe54⤵
- Executes dropped EXE
-
\??\c:\bdfllx.exec:\bdfllx.exe55⤵
- Executes dropped EXE
-
\??\c:\xhplx.exec:\xhplx.exe56⤵
- Executes dropped EXE
-
\??\c:\dxtpv.exec:\dxtpv.exe57⤵
- Executes dropped EXE
-
\??\c:\bnrvr.exec:\bnrvr.exe58⤵
- Executes dropped EXE
-
\??\c:\jxnbpp.exec:\jxnbpp.exe59⤵
- Executes dropped EXE
-
\??\c:\dtdlrh.exec:\dtdlrh.exe60⤵
- Executes dropped EXE
-
\??\c:\vtffxj.exec:\vtffxj.exe61⤵
- Executes dropped EXE
-
\??\c:\rdbdx.exec:\rdbdx.exe62⤵
- Executes dropped EXE
-
\??\c:\lfpphr.exec:\lfpphr.exe63⤵
- Executes dropped EXE
-
\??\c:\lxvxrjd.exec:\lxvxrjd.exe64⤵
- Executes dropped EXE
-
\??\c:\hpbjnhn.exec:\hpbjnhn.exe65⤵
- Executes dropped EXE
-
\??\c:\pxbttp.exec:\pxbttp.exe66⤵
-
\??\c:\fbpjppd.exec:\fbpjppd.exe67⤵
-
\??\c:\nfhxxhf.exec:\nfhxxhf.exe68⤵
-
\??\c:\fprhxfv.exec:\fprhxfv.exe69⤵
-
\??\c:\tbdvnh.exec:\tbdvnh.exe70⤵
-
\??\c:\htddl.exec:\htddl.exe71⤵
-
\??\c:\dhrbn.exec:\dhrbn.exe72⤵
-
\??\c:\nlthttn.exec:\nlthttn.exe73⤵
-
\??\c:\vhvhh.exec:\vhvhh.exe74⤵
-
\??\c:\bfpvp.exec:\bfpvp.exe75⤵
-
\??\c:\thdnb.exec:\thdnb.exe76⤵
-
\??\c:\jdlhfdn.exec:\jdlhfdn.exe77⤵
-
\??\c:\rnbbh.exec:\rnbbh.exe78⤵
-
\??\c:\nbthnbv.exec:\nbthnbv.exe79⤵
-
\??\c:\rxhrlrd.exec:\rxhrlrd.exe80⤵
-
\??\c:\vxjpxtx.exec:\vxjpxtx.exe81⤵
-
\??\c:\jrnhdx.exec:\jrnhdx.exe82⤵
-
\??\c:\xdnrj.exec:\xdnrj.exe83⤵
-
\??\c:\rhjddv.exec:\rhjddv.exe84⤵
-
\??\c:\pxbvhhn.exec:\pxbvhhn.exe85⤵
-
\??\c:\phhhh.exec:\phhhh.exe86⤵
-
\??\c:\rhjhxx.exec:\rhjhxx.exe87⤵
-
\??\c:\tfvxpbd.exec:\tfvxpbd.exe88⤵
-
\??\c:\xhxrx.exec:\xhxrx.exe89⤵
-
\??\c:\jblfdf.exec:\jblfdf.exe90⤵
-
\??\c:\njbtbh.exec:\njbtbh.exe91⤵
-
\??\c:\rdpfh.exec:\rdpfh.exe92⤵
-
\??\c:\xbrbhpx.exec:\xbrbhpx.exe93⤵
-
\??\c:\hjlxlvj.exec:\hjlxlvj.exe94⤵
-
\??\c:\lnbpt.exec:\lnbpt.exe95⤵
-
\??\c:\xjxnx.exec:\xjxnx.exe96⤵
-
\??\c:\hlhvdp.exec:\hlhvdp.exe97⤵
-
\??\c:\vlbdn.exec:\vlbdn.exe98⤵
-
\??\c:\fbprb.exec:\fbprb.exe99⤵
-
\??\c:\vbhplp.exec:\vbhplp.exe100⤵
-
\??\c:\nbxxlrx.exec:\nbxxlrx.exe101⤵
-
\??\c:\rxhdx.exec:\rxhdx.exe102⤵
-
\??\c:\jvdhd.exec:\jvdhd.exe103⤵
-
\??\c:\lblnjp.exec:\lblnjp.exe104⤵
-
\??\c:\pfvvndb.exec:\pfvvndb.exe105⤵
-
\??\c:\rtjftbd.exec:\rtjftbd.exe106⤵
-
\??\c:\dvvxh.exec:\dvvxh.exe107⤵
-
\??\c:\tnbbvxt.exec:\tnbbvxt.exe108⤵
-
\??\c:\jphnh.exec:\jphnh.exe109⤵
-
\??\c:\hjbjh.exec:\hjbjh.exe110⤵
-
\??\c:\nfhdbx.exec:\nfhdbx.exe111⤵
-
\??\c:\hldfxph.exec:\hldfxph.exe112⤵
-
\??\c:\pfjfbhv.exec:\pfjfbhv.exe113⤵
-
\??\c:\lnlvvxd.exec:\lnlvvxd.exe114⤵
-
\??\c:\jthdvr.exec:\jthdvr.exe115⤵
-
\??\c:\djxxpx.exec:\djxxpx.exe116⤵
-
\??\c:\vntrtd.exec:\vntrtd.exe117⤵
-
\??\c:\rnrffx.exec:\rnrffx.exe118⤵
-
\??\c:\xfthxl.exec:\xfthxl.exe119⤵
-
\??\c:\vjddnt.exec:\vjddnt.exe120⤵
-
\??\c:\jpxnd.exec:\jpxnd.exe121⤵
-
\??\c:\rvdjlb.exec:\rvdjlb.exe122⤵
-
\??\c:\bdttnxf.exec:\bdttnxf.exe123⤵
-
\??\c:\rbhbr.exec:\rbhbr.exe124⤵
-
\??\c:\jltrt.exec:\jltrt.exe125⤵
-
\??\c:\dtxpt.exec:\dtxpt.exe126⤵
-
\??\c:\ftfrr.exec:\ftfrr.exe127⤵
-
\??\c:\dbjvt.exec:\dbjvt.exe128⤵
-
\??\c:\lpjld.exec:\lpjld.exe129⤵
-
\??\c:\brrrp.exec:\brrrp.exe130⤵
-
\??\c:\bbtpbt.exec:\bbtpbt.exe131⤵
-
\??\c:\vdpjv.exec:\vdpjv.exe132⤵
-
\??\c:\pbdbh.exec:\pbdbh.exe133⤵
-
\??\c:\phfdh.exec:\phfdh.exe134⤵
-
\??\c:\nbrtx.exec:\nbrtx.exe135⤵
-
\??\c:\xvfdtnn.exec:\xvfdtnn.exe136⤵
-
\??\c:\hjljrxb.exec:\hjljrxb.exe137⤵
-
\??\c:\pvxhv.exec:\pvxhv.exe138⤵
-
\??\c:\bhrldn.exec:\bhrldn.exe139⤵
-
\??\c:\llntrhl.exec:\llntrhl.exe140⤵
-
\??\c:\hxlnrhh.exec:\hxlnrhh.exe141⤵
-
\??\c:\xprhnlh.exec:\xprhnlh.exe142⤵
-
\??\c:\ltntn.exec:\ltntn.exe143⤵
-
\??\c:\lxnjxx.exec:\lxnjxx.exe144⤵
-
\??\c:\nhxtbr.exec:\nhxtbr.exe145⤵
-
\??\c:\bxdnndr.exec:\bxdnndr.exe146⤵
-
\??\c:\btvrntr.exec:\btvrntr.exe147⤵
-
\??\c:\brpjxnd.exec:\brpjxnd.exe148⤵
-
\??\c:\vtrltp.exec:\vtrltp.exe149⤵
-
\??\c:\txxlvj.exec:\txxlvj.exe150⤵
-
\??\c:\rphvdl.exec:\rphvdl.exe151⤵
-
\??\c:\hrtdvjx.exec:\hrtdvjx.exe152⤵
-
\??\c:\dtrhfn.exec:\dtrhfn.exe153⤵
-
\??\c:\vxthh.exec:\vxthh.exe154⤵
-
\??\c:\hnltjrp.exec:\hnltjrp.exe155⤵
-
\??\c:\ltbrd.exec:\ltbrd.exe156⤵
-
\??\c:\bpxlhvd.exec:\bpxlhvd.exe157⤵
-
\??\c:\pphxrl.exec:\pphxrl.exe158⤵
-
\??\c:\xdhhdvt.exec:\xdhhdvt.exe159⤵
-
\??\c:\blxdphv.exec:\blxdphv.exe160⤵
-
\??\c:\fjbjb.exec:\fjbjb.exe161⤵
-
\??\c:\drxrxht.exec:\drxrxht.exe162⤵
-
\??\c:\xvbdtl.exec:\xvbdtl.exe163⤵
-
\??\c:\rjhlr.exec:\rjhlr.exe164⤵
-
\??\c:\hpxdp.exec:\hpxdp.exe165⤵
-
\??\c:\ftbpr.exec:\ftbpr.exe166⤵
-
\??\c:\lfvvhf.exec:\lfvvhf.exe167⤵
-
\??\c:\jrltxpf.exec:\jrltxpf.exe168⤵
-
\??\c:\tnvrx.exec:\tnvrx.exe169⤵
-
\??\c:\rvdlp.exec:\rvdlp.exe170⤵
-
\??\c:\hnnxdxt.exec:\hnnxdxt.exe171⤵
-
\??\c:\vxdphx.exec:\vxdphx.exe172⤵
-
\??\c:\hrrljnd.exec:\hrrljnd.exe173⤵
-
\??\c:\tnhjlvf.exec:\tnhjlvf.exe174⤵
-
\??\c:\fpdpbx.exec:\fpdpbx.exe175⤵
-
\??\c:\rjrxnjv.exec:\rjrxnjv.exe176⤵
-
\??\c:\fbbrbh.exec:\fbbrbh.exe177⤵
-
\??\c:\vhnnnp.exec:\vhnnnp.exe178⤵
-
\??\c:\vjdhhbx.exec:\vjdhhbx.exe179⤵
-
\??\c:\xldxx.exec:\xldxx.exe180⤵
-
\??\c:\fffrlpv.exec:\fffrlpv.exe181⤵
-
\??\c:\prvxvd.exec:\prvxvd.exe182⤵
-
\??\c:\frfnnh.exec:\frfnnh.exe183⤵
-
\??\c:\tvrrn.exec:\tvrrn.exe184⤵
-
\??\c:\xbfjx.exec:\xbfjx.exe185⤵
-
\??\c:\blpdtlj.exec:\blpdtlj.exe186⤵
-
\??\c:\ldlbf.exec:\ldlbf.exe187⤵
-
\??\c:\tljjdtj.exec:\tljjdtj.exe188⤵
-
\??\c:\xpvbpfn.exec:\xpvbpfn.exe189⤵
-
\??\c:\pxttxpv.exec:\pxttxpv.exe190⤵
-
\??\c:\hdlhl.exec:\hdlhl.exe191⤵
-
\??\c:\rfvjv.exec:\rfvjv.exe192⤵
-
\??\c:\lfrnjlx.exec:\lfrnjlx.exe193⤵
-
\??\c:\vnjbh.exec:\vnjbh.exe194⤵
-
\??\c:\hhhvf.exec:\hhhvf.exe195⤵
-
\??\c:\thrtj.exec:\thrtj.exe196⤵
-
\??\c:\tdjln.exec:\tdjln.exe197⤵
-
\??\c:\hrdhld.exec:\hrdhld.exe198⤵
-
\??\c:\ndhftl.exec:\ndhftl.exe199⤵
-
\??\c:\lnvnhdl.exec:\lnvnhdl.exe200⤵
-
\??\c:\djprvfx.exec:\djprvfx.exe201⤵
-
\??\c:\hhjnxj.exec:\hhjnxj.exe202⤵
-
\??\c:\ppdhxll.exec:\ppdhxll.exe203⤵
-
\??\c:\jrfrrh.exec:\jrfrrh.exe204⤵
-
\??\c:\xbrjnp.exec:\xbrjnp.exe205⤵
-
\??\c:\jxpnhvr.exec:\jxpnhvr.exe206⤵
-
\??\c:\bblxf.exec:\bblxf.exe207⤵
-
\??\c:\pxfdj.exec:\pxfdj.exe208⤵
-
\??\c:\xnxhld.exec:\xnxhld.exe209⤵
-
\??\c:\vpbtff.exec:\vpbtff.exe210⤵
-
\??\c:\tjphx.exec:\tjphx.exe211⤵
-
\??\c:\dlxrfhb.exec:\dlxrfhb.exe212⤵
-
\??\c:\bndjhf.exec:\bndjhf.exe213⤵
-
\??\c:\xfrxh.exec:\xfrxh.exe214⤵
-
\??\c:\npxxb.exec:\npxxb.exe215⤵
-
\??\c:\fvlxpl.exec:\fvlxpl.exe216⤵
-
\??\c:\vjvbxnd.exec:\vjvbxnd.exe217⤵
-
\??\c:\rbxfpr.exec:\rbxfpr.exe218⤵
-
\??\c:\pdbnvv.exec:\pdbnvv.exe219⤵
-
\??\c:\lnhbxj.exec:\lnhbxj.exe220⤵
-
\??\c:\vhtpxf.exec:\vhtpxf.exe221⤵
-
\??\c:\llrfx.exec:\llrfx.exe222⤵
-
\??\c:\vdjtlhh.exec:\vdjtlhh.exe223⤵
-
\??\c:\rpdpl.exec:\rpdpl.exe224⤵
-
\??\c:\lbjlhjp.exec:\lbjlhjp.exe225⤵
-
\??\c:\bppxh.exec:\bppxh.exe226⤵
-
\??\c:\jjbttb.exec:\jjbttb.exe227⤵
-
\??\c:\llvhbn.exec:\llvhbn.exe228⤵
-
\??\c:\vvjhp.exec:\vvjhp.exe229⤵
-
\??\c:\xvbth.exec:\xvbth.exe230⤵
-
\??\c:\rrjllh.exec:\rrjllh.exe231⤵
-
\??\c:\trjplv.exec:\trjplv.exe232⤵
-
\??\c:\jffvp.exec:\jffvp.exe233⤵
-
\??\c:\jnthjtr.exec:\jnthjtr.exe234⤵
-
\??\c:\vndjvh.exec:\vndjvh.exe235⤵
-
\??\c:\nlllht.exec:\nlllht.exe236⤵
-
\??\c:\xlnbntd.exec:\xlnbntd.exe237⤵
-
\??\c:\nfttnjf.exec:\nfttnjf.exe238⤵
-
\??\c:\nntlljt.exec:\nntlljt.exe239⤵
-
\??\c:\hnbrlh.exec:\hnbrlh.exe240⤵
-
\??\c:\vxxfr.exec:\vxxfr.exe241⤵