Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
20-05-2024 03:48
General
-
Target
e0d5b9e60e31baf21b6d3f9d98b6b0bbee1e02c92b9492f11fdeb53a4db70f09.exe
-
Size
78KB
-
MD5
465e1a10c435ef5bbe3cccb01ecaa198
-
SHA1
06a1a9d6569792d6329b2717760e51d4d7aac54c
-
SHA256
e0d5b9e60e31baf21b6d3f9d98b6b0bbee1e02c92b9492f11fdeb53a4db70f09
-
SHA512
39bc65593e3e866f07521284c7f24b1c39e2fee5270d557166a604244e5d76bf33d5263e6b6b49156f13fc54552bdc7051cb5daf4b08d2395c78eddf37f626f5
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoAX8YieVIJclPvPJtcdck:ymb3NkkiQ3mdBjFo68YBVIJc9Jtxk
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e0d5b9e60e31baf21b6d3f9d98b6b0bbee1e02c92b9492f11fdeb53a4db70f09.exe"C:\Users\Admin\AppData\Local\Temp\e0d5b9e60e31baf21b6d3f9d98b6b0bbee1e02c92b9492f11fdeb53a4db70f09.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhhnn.exec:\nbhhnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhntt.exec:\nbhntt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjdv.exec:\dvjdv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxrlr.exec:\rlxxrlr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnntt.exec:\htnntt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthtnb.exec:\tthtnb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpvd.exec:\jvpvd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tbbhb.exec:\3tbbhb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jvjv.exec:\5jvjv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrrfrf.exec:\llrrfrf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflxrfr.exec:\lflxrfr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddpd.exec:\vddpd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvjd.exec:\vdvjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rlxrfr.exec:\1rlxrfr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnhht.exec:\nnnhht.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vvdp.exec:\7vvdp.exe17⤵
- Executes dropped EXE
-
\??\c:\djddj.exec:\djddj.exe18⤵
- Executes dropped EXE
-
\??\c:\ffxxrfr.exec:\ffxxrfr.exe19⤵
- Executes dropped EXE
-
\??\c:\hnnhhb.exec:\hnnhhb.exe20⤵
- Executes dropped EXE
-
\??\c:\pjjjv.exec:\pjjjv.exe21⤵
- Executes dropped EXE
-
\??\c:\xffxlxr.exec:\xffxlxr.exe22⤵
- Executes dropped EXE
-
\??\c:\bbthbn.exec:\bbthbn.exe23⤵
- Executes dropped EXE
-
\??\c:\1pdjv.exec:\1pdjv.exe24⤵
- Executes dropped EXE
-
\??\c:\fflfxxx.exec:\fflfxxx.exe25⤵
- Executes dropped EXE
-
\??\c:\9flxfrx.exec:\9flxfrx.exe26⤵
- Executes dropped EXE
-
\??\c:\9nntht.exec:\9nntht.exe27⤵
- Executes dropped EXE
-
\??\c:\ppdpv.exec:\ppdpv.exe28⤵
- Executes dropped EXE
-
\??\c:\lflrrxf.exec:\lflrrxf.exe29⤵
- Executes dropped EXE
-
\??\c:\xrlflrx.exec:\xrlflrx.exe30⤵
- Executes dropped EXE
-
\??\c:\bbtnnb.exec:\bbtnnb.exe31⤵
- Executes dropped EXE
-
\??\c:\pvpdp.exec:\pvpdp.exe32⤵
- Executes dropped EXE
-
\??\c:\djjpv.exec:\djjpv.exe33⤵
- Executes dropped EXE
-
\??\c:\llrlrrr.exec:\llrlrrr.exe34⤵
- Executes dropped EXE
-
\??\c:\flxlfxr.exec:\flxlfxr.exe35⤵
- Executes dropped EXE
-
\??\c:\htttnn.exec:\htttnn.exe36⤵
- Executes dropped EXE
-
\??\c:\9jvjj.exec:\9jvjj.exe37⤵
- Executes dropped EXE
-
\??\c:\pjjdp.exec:\pjjdp.exe38⤵
- Executes dropped EXE
-
\??\c:\fxllrfl.exec:\fxllrfl.exe39⤵
- Executes dropped EXE
-
\??\c:\xrlxlrx.exec:\xrlxlrx.exe40⤵
- Executes dropped EXE
-
\??\c:\hbthbh.exec:\hbthbh.exe41⤵
- Executes dropped EXE
-
\??\c:\pjdpd.exec:\pjdpd.exe42⤵
- Executes dropped EXE
-
\??\c:\pppdd.exec:\pppdd.exe43⤵
- Executes dropped EXE
-
\??\c:\flfxrlr.exec:\flfxrlr.exe44⤵
- Executes dropped EXE
-
\??\c:\hbnnhn.exec:\hbnnhn.exe45⤵
- Executes dropped EXE
-
\??\c:\5hhhbt.exec:\5hhhbt.exe46⤵
- Executes dropped EXE
-
\??\c:\hhhtnh.exec:\hhhtnh.exe47⤵
- Executes dropped EXE
-
\??\c:\ffxfrll.exec:\ffxfrll.exe48⤵
- Executes dropped EXE
-
\??\c:\xxrxlrl.exec:\xxrxlrl.exe49⤵
- Executes dropped EXE
-
\??\c:\1thnbh.exec:\1thnbh.exe50⤵
- Executes dropped EXE
-
\??\c:\pjvvp.exec:\pjvvp.exe51⤵
- Executes dropped EXE
-
\??\c:\jdvpj.exec:\jdvpj.exe52⤵
- Executes dropped EXE
-
\??\c:\xrlrfxl.exec:\xrlrfxl.exe53⤵
- Executes dropped EXE
-
\??\c:\xllrrxr.exec:\xllrrxr.exe54⤵
- Executes dropped EXE
-
\??\c:\ttnbtn.exec:\ttnbtn.exe55⤵
- Executes dropped EXE
-
\??\c:\nhbhnb.exec:\nhbhnb.exe56⤵
- Executes dropped EXE
-
\??\c:\5dvjp.exec:\5dvjp.exe57⤵
- Executes dropped EXE
-
\??\c:\ddvjp.exec:\ddvjp.exe58⤵
- Executes dropped EXE
-
\??\c:\3rxflrf.exec:\3rxflrf.exe59⤵
- Executes dropped EXE
-
\??\c:\7ttthb.exec:\7ttthb.exe60⤵
- Executes dropped EXE
-
\??\c:\bbbnbh.exec:\bbbnbh.exe61⤵
- Executes dropped EXE
-
\??\c:\vpvdj.exec:\vpvdj.exe62⤵
- Executes dropped EXE
-
\??\c:\9ddjj.exec:\9ddjj.exe63⤵
- Executes dropped EXE
-
\??\c:\rrrffrl.exec:\rrrffrl.exe64⤵
- Executes dropped EXE
-
\??\c:\flxllxf.exec:\flxllxf.exe65⤵
- Executes dropped EXE
-
\??\c:\hbbhnb.exec:\hbbhnb.exe66⤵
-
\??\c:\hhhnbt.exec:\hhhnbt.exe67⤵
-
\??\c:\jjjdp.exec:\jjjdp.exe68⤵
-
\??\c:\ppjvv.exec:\ppjvv.exe69⤵
-
\??\c:\rrlfrxl.exec:\rrlfrxl.exe70⤵
-
\??\c:\nnbnbt.exec:\nnbnbt.exe71⤵
-
\??\c:\5nnbnb.exec:\5nnbnb.exe72⤵
-
\??\c:\djpjp.exec:\djpjp.exe73⤵
-
\??\c:\vjdjp.exec:\vjdjp.exe74⤵
-
\??\c:\rrlrxfl.exec:\rrlrxfl.exe75⤵
-
\??\c:\xllxffr.exec:\xllxffr.exe76⤵
-
\??\c:\nnbhtb.exec:\nnbhtb.exe77⤵
-
\??\c:\nhhtnb.exec:\nhhtnb.exe78⤵
-
\??\c:\7jvpd.exec:\7jvpd.exe79⤵
-
\??\c:\flxlfff.exec:\flxlfff.exe80⤵
-
\??\c:\rxrlfrl.exec:\rxrlfrl.exe81⤵
-
\??\c:\nnthnh.exec:\nnthnh.exe82⤵
-
\??\c:\tnntbn.exec:\tnntbn.exe83⤵
-
\??\c:\pppvj.exec:\pppvj.exe84⤵
-
\??\c:\xxxfrrf.exec:\xxxfrrf.exe85⤵
-
\??\c:\xxxrffr.exec:\xxxrffr.exe86⤵
-
\??\c:\nbtbnt.exec:\nbtbnt.exe87⤵
-
\??\c:\1nnbht.exec:\1nnbht.exe88⤵
-
\??\c:\jpdvj.exec:\jpdvj.exe89⤵
-
\??\c:\3pjpj.exec:\3pjpj.exe90⤵
-
\??\c:\ffrfxrx.exec:\ffrfxrx.exe91⤵
-
\??\c:\hhtthb.exec:\hhtthb.exe92⤵
-
\??\c:\1hbnbh.exec:\1hbnbh.exe93⤵
-
\??\c:\pvvdj.exec:\pvvdj.exe94⤵
-
\??\c:\pvvjj.exec:\pvvjj.exe95⤵
-
\??\c:\ffrflrx.exec:\ffrflrx.exe96⤵
-
\??\c:\9lxxxxr.exec:\9lxxxxr.exe97⤵
-
\??\c:\nhbhtb.exec:\nhbhtb.exe98⤵
-
\??\c:\jvddd.exec:\jvddd.exe99⤵
-
\??\c:\vvjvv.exec:\vvjvv.exe100⤵
-
\??\c:\9xlflxl.exec:\9xlflxl.exe101⤵
-
\??\c:\rfrrllr.exec:\rfrrllr.exe102⤵
-
\??\c:\nhhbnh.exec:\nhhbnh.exe103⤵
-
\??\c:\jjpdd.exec:\jjpdd.exe104⤵
-
\??\c:\3vpvp.exec:\3vpvp.exe105⤵
-
\??\c:\frxrlxx.exec:\frxrlxx.exe106⤵
-
\??\c:\5xxllxx.exec:\5xxllxx.exe107⤵
-
\??\c:\hbthnn.exec:\hbthnn.exe108⤵
-
\??\c:\ntnhnn.exec:\ntnhnn.exe109⤵
-
\??\c:\dvvdp.exec:\dvvdp.exe110⤵
-
\??\c:\jjdjd.exec:\jjdjd.exe111⤵
-
\??\c:\xlxxxrf.exec:\xlxxxrf.exe112⤵
-
\??\c:\fxxrrrf.exec:\fxxrrrf.exe113⤵
-
\??\c:\hbntht.exec:\hbntht.exe114⤵
-
\??\c:\tthhbh.exec:\tthhbh.exe115⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe116⤵
-
\??\c:\xxxfrxr.exec:\xxxfrxr.exe117⤵
-
\??\c:\flrfrxl.exec:\flrfrxl.exe118⤵
-
\??\c:\tthnbh.exec:\tthnbh.exe119⤵
-
\??\c:\bbttnb.exec:\bbttnb.exe120⤵
-
\??\c:\vdvvj.exec:\vdvvj.exe121⤵
-
\??\c:\pjppv.exec:\pjppv.exe122⤵
-
\??\c:\fffrxxf.exec:\fffrxxf.exe123⤵
-
\??\c:\xxxrrlf.exec:\xxxrrlf.exe124⤵
-
\??\c:\1flfrrx.exec:\1flfrrx.exe125⤵
-
\??\c:\btbbbb.exec:\btbbbb.exe126⤵
-
\??\c:\jjdpd.exec:\jjdpd.exe127⤵
-
\??\c:\7rfffll.exec:\7rfffll.exe128⤵
-
\??\c:\llrfrlx.exec:\llrfrlx.exe129⤵
-
\??\c:\thnthb.exec:\thnthb.exe130⤵
-
\??\c:\9vvdv.exec:\9vvdv.exe131⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe132⤵
-
\??\c:\fffrrfx.exec:\fffrrfx.exe133⤵
-
\??\c:\9tnnnn.exec:\9tnnnn.exe134⤵
-
\??\c:\nnttth.exec:\nnttth.exe135⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe136⤵
-
\??\c:\dddjp.exec:\dddjp.exe137⤵
-
\??\c:\lllxlxl.exec:\lllxlxl.exe138⤵
-
\??\c:\fxlrflf.exec:\fxlrflf.exe139⤵
-
\??\c:\bnbntb.exec:\bnbntb.exe140⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe141⤵
-
\??\c:\ppjpd.exec:\ppjpd.exe142⤵
-
\??\c:\3rfxlxr.exec:\3rfxlxr.exe143⤵
-
\??\c:\fffrxlx.exec:\fffrxlx.exe144⤵
-
\??\c:\bbhhbb.exec:\bbhhbb.exe145⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe146⤵
-
\??\c:\djpdv.exec:\djpdv.exe147⤵
-
\??\c:\xrlxrxl.exec:\xrlxrxl.exe148⤵
-
\??\c:\7fxlllf.exec:\7fxlllf.exe149⤵
-
\??\c:\1rflxrl.exec:\1rflxrl.exe150⤵
-
\??\c:\hnbbtb.exec:\hnbbtb.exe151⤵
-
\??\c:\vvpjv.exec:\vvpjv.exe152⤵
-
\??\c:\jjpdd.exec:\jjpdd.exe153⤵
-
\??\c:\xxflrxl.exec:\xxflrxl.exe154⤵
-
\??\c:\rrrflrf.exec:\rrrflrf.exe155⤵
-
\??\c:\ntnhnh.exec:\ntnhnh.exe156⤵
-
\??\c:\nbhhbh.exec:\nbhhbh.exe157⤵
-
\??\c:\dvdpj.exec:\dvdpj.exe158⤵
-
\??\c:\ddvdj.exec:\ddvdj.exe159⤵
-
\??\c:\fxxlxfr.exec:\fxxlxfr.exe160⤵
-
\??\c:\7bthtb.exec:\7bthtb.exe161⤵
-
\??\c:\bbtnbt.exec:\bbtnbt.exe162⤵
-
\??\c:\9dpdp.exec:\9dpdp.exe163⤵
-
\??\c:\1vjpv.exec:\1vjpv.exe164⤵
-
\??\c:\3fllrxl.exec:\3fllrxl.exe165⤵
-
\??\c:\3xllxlf.exec:\3xllxlf.exe166⤵
-
\??\c:\hbbnht.exec:\hbbnht.exe167⤵
-
\??\c:\3htnbb.exec:\3htnbb.exe168⤵
-
\??\c:\jdddv.exec:\jdddv.exe169⤵
-
\??\c:\dpddp.exec:\dpddp.exe170⤵
-
\??\c:\frxrrrx.exec:\frxrrrx.exe171⤵
-
\??\c:\rrllfxx.exec:\rrllfxx.exe172⤵
-
\??\c:\hhnntb.exec:\hhnntb.exe173⤵
-
\??\c:\nnnhtb.exec:\nnnhtb.exe174⤵
-
\??\c:\9pdpd.exec:\9pdpd.exe175⤵
-
\??\c:\lllfrxf.exec:\lllfrxf.exe176⤵
-
\??\c:\lfxlxfx.exec:\lfxlxfx.exe177⤵
-
\??\c:\1jpvv.exec:\1jpvv.exe178⤵
-
\??\c:\flrlrxl.exec:\flrlrxl.exe179⤵
-
\??\c:\bbbnbh.exec:\bbbnbh.exe180⤵
-
\??\c:\1btttb.exec:\1btttb.exe181⤵
-
\??\c:\vdvvv.exec:\vdvvv.exe182⤵
-
\??\c:\btthtb.exec:\btthtb.exe183⤵
-
\??\c:\htnhnh.exec:\htnhnh.exe184⤵
-
\??\c:\vvdpp.exec:\vvdpp.exe185⤵
-
\??\c:\3dvvj.exec:\3dvvj.exe186⤵
-
\??\c:\ffrrllf.exec:\ffrrllf.exe187⤵
-
\??\c:\rlrrfrx.exec:\rlrrfrx.exe188⤵
-
\??\c:\9bbhhh.exec:\9bbhhh.exe189⤵
-
\??\c:\5hhnbn.exec:\5hhnbn.exe190⤵
-
\??\c:\1ddvd.exec:\1ddvd.exe191⤵
-
\??\c:\vvppj.exec:\vvppj.exe192⤵
-
\??\c:\lrlxllr.exec:\lrlxllr.exe193⤵
-
\??\c:\bthntb.exec:\bthntb.exe194⤵
-
\??\c:\5nhhbh.exec:\5nhhbh.exe195⤵
-
\??\c:\djpdd.exec:\djpdd.exe196⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe197⤵
-
\??\c:\3llffrl.exec:\3llffrl.exe198⤵
-
\??\c:\5xrfrfx.exec:\5xrfrfx.exe199⤵
-
\??\c:\7nnnhh.exec:\7nnnhh.exe200⤵
-
\??\c:\ppjdd.exec:\ppjdd.exe201⤵
-
\??\c:\vdjdj.exec:\vdjdj.exe202⤵
-
\??\c:\llflrxl.exec:\llflrxl.exe203⤵
-
\??\c:\frxllxr.exec:\frxllxr.exe204⤵
-
\??\c:\3tntbn.exec:\3tntbn.exe205⤵
-
\??\c:\ppjpj.exec:\ppjpj.exe206⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe207⤵
-
\??\c:\3rrxlff.exec:\3rrxlff.exe208⤵
-
\??\c:\llfrlfx.exec:\llfrlfx.exe209⤵
-
\??\c:\tnnnbh.exec:\tnnnbh.exe210⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe211⤵
-
\??\c:\5vpvv.exec:\5vpvv.exe212⤵
-
\??\c:\xrrrxfx.exec:\xrrrxfx.exe213⤵
-
\??\c:\5lxrrxx.exec:\5lxrrxx.exe214⤵
-
\??\c:\bthbnn.exec:\bthbnn.exe215⤵
-
\??\c:\9hntnh.exec:\9hntnh.exe216⤵
-
\??\c:\9jpdv.exec:\9jpdv.exe217⤵
-
\??\c:\flrllff.exec:\flrllff.exe218⤵
-
\??\c:\fflxrff.exec:\fflxrff.exe219⤵
-
\??\c:\bthtbh.exec:\bthtbh.exe220⤵
-
\??\c:\9tnthh.exec:\9tnthh.exe221⤵
-
\??\c:\ddjpv.exec:\ddjpv.exe222⤵
-
\??\c:\jjjvj.exec:\jjjvj.exe223⤵
-
\??\c:\ffxxflr.exec:\ffxxflr.exe224⤵
-
\??\c:\9fxlxff.exec:\9fxlxff.exe225⤵
-
\??\c:\hhhbhn.exec:\hhhbhn.exe226⤵
-
\??\c:\nnnhbn.exec:\nnnhbn.exe227⤵
-
\??\c:\5vpdp.exec:\5vpdp.exe228⤵
-
\??\c:\1pjjp.exec:\1pjjp.exe229⤵
-
\??\c:\xrrxxll.exec:\xrrxxll.exe230⤵
-
\??\c:\ffxrxfr.exec:\ffxrxfr.exe231⤵
-
\??\c:\3tntnt.exec:\3tntnt.exe232⤵
-
\??\c:\nbhbnb.exec:\nbhbnb.exe233⤵
-
\??\c:\jdppd.exec:\jdppd.exe234⤵
-
\??\c:\llflflr.exec:\llflflr.exe235⤵
-
\??\c:\rfrxflr.exec:\rfrxflr.exe236⤵
-
\??\c:\fxxrxrl.exec:\fxxrxrl.exe237⤵
-
\??\c:\1ntbnt.exec:\1ntbnt.exe238⤵
-
\??\c:\dpppd.exec:\dpppd.exe239⤵
-
\??\c:\3vjpv.exec:\3vjpv.exe240⤵
-
\??\c:\rllrfrx.exec:\rllrfrx.exe241⤵