Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
20-05-2024 03:48
General
-
Target
e0d5b9e60e31baf21b6d3f9d98b6b0bbee1e02c92b9492f11fdeb53a4db70f09.exe
-
Size
78KB
-
MD5
465e1a10c435ef5bbe3cccb01ecaa198
-
SHA1
06a1a9d6569792d6329b2717760e51d4d7aac54c
-
SHA256
e0d5b9e60e31baf21b6d3f9d98b6b0bbee1e02c92b9492f11fdeb53a4db70f09
-
SHA512
39bc65593e3e866f07521284c7f24b1c39e2fee5270d557166a604244e5d76bf33d5263e6b6b49156f13fc54552bdc7051cb5daf4b08d2395c78eddf37f626f5
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoAX8YieVIJclPvPJtcdck:ymb3NkkiQ3mdBjFo68YBVIJc9Jtxk
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e0d5b9e60e31baf21b6d3f9d98b6b0bbee1e02c92b9492f11fdeb53a4db70f09.exe"C:\Users\Admin\AppData\Local\Temp\e0d5b9e60e31baf21b6d3f9d98b6b0bbee1e02c92b9492f11fdeb53a4db70f09.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxffl.exec:\rlxxffl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnntt.exec:\bnnntt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dvdv.exec:\3dvdv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllrlrr.exec:\xllrlrr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrrxxx.exec:\rxrrxxx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbttn.exec:\ttbttn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddjj.exec:\pddjj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hthbh.exec:\9hthbh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrrlll.exec:\frrrlll.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrffllr.exec:\xrffllr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjddv.exec:\jjddv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdjd.exec:\dpdjd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httnht.exec:\httnht.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddd.exec:\vvddd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxrxfl.exec:\llxrxfl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntttb.exec:\bntttb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjj.exec:\vjpjj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjj.exec:\dvjjj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbhh.exec:\hbhbhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjjd.exec:\vdjjd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrrllf.exec:\rfrrllf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxrlrl.exec:\llxrlrl.exe23⤵
- Executes dropped EXE
-
\??\c:\thhnhn.exec:\thhnhn.exe24⤵
- Executes dropped EXE
-
\??\c:\pppvj.exec:\pppvj.exe25⤵
- Executes dropped EXE
-
\??\c:\xxrrllf.exec:\xxrrllf.exe26⤵
- Executes dropped EXE
-
\??\c:\bnbntt.exec:\bnbntt.exe27⤵
- Executes dropped EXE
-
\??\c:\pdpjd.exec:\pdpjd.exe28⤵
- Executes dropped EXE
-
\??\c:\ppvvv.exec:\ppvvv.exe29⤵
- Executes dropped EXE
-
\??\c:\bnnbth.exec:\bnnbth.exe30⤵
- Executes dropped EXE
-
\??\c:\nbhnhb.exec:\nbhnhb.exe31⤵
- Executes dropped EXE
-
\??\c:\lfrrllf.exec:\lfrrllf.exe32⤵
- Executes dropped EXE
-
\??\c:\hbhhhh.exec:\hbhhhh.exe33⤵
- Executes dropped EXE
-
\??\c:\jpvvj.exec:\jpvvj.exe34⤵
- Executes dropped EXE
-
\??\c:\vvvvv.exec:\vvvvv.exe35⤵
- Executes dropped EXE
-
\??\c:\xrrffxl.exec:\xrrffxl.exe36⤵
- Executes dropped EXE
-
\??\c:\bbtnhn.exec:\bbtnhn.exe37⤵
- Executes dropped EXE
-
\??\c:\jpdvv.exec:\jpdvv.exe38⤵
- Executes dropped EXE
-
\??\c:\lflfllx.exec:\lflfllx.exe39⤵
- Executes dropped EXE
-
\??\c:\3xxxrrl.exec:\3xxxrrl.exe40⤵
- Executes dropped EXE
-
\??\c:\pdvpj.exec:\pdvpj.exe41⤵
- Executes dropped EXE
-
\??\c:\3vvpj.exec:\3vvpj.exe42⤵
- Executes dropped EXE
-
\??\c:\fxffxxr.exec:\fxffxxr.exe43⤵
- Executes dropped EXE
-
\??\c:\hhnbnt.exec:\hhnbnt.exe44⤵
- Executes dropped EXE
-
\??\c:\jpdjj.exec:\jpdjj.exe45⤵
- Executes dropped EXE
-
\??\c:\5rxrrlf.exec:\5rxrrlf.exe46⤵
- Executes dropped EXE
-
\??\c:\bnbnhh.exec:\bnbnhh.exe47⤵
- Executes dropped EXE
-
\??\c:\nnttnn.exec:\nnttnn.exe48⤵
- Executes dropped EXE
-
\??\c:\pppdv.exec:\pppdv.exe49⤵
- Executes dropped EXE
-
\??\c:\fxfffff.exec:\fxfffff.exe50⤵
- Executes dropped EXE
-
\??\c:\ffllrrx.exec:\ffllrrx.exe51⤵
- Executes dropped EXE
-
\??\c:\hnnthh.exec:\hnnthh.exe52⤵
- Executes dropped EXE
-
\??\c:\7rffxff.exec:\7rffxff.exe53⤵
- Executes dropped EXE
-
\??\c:\lfxffxr.exec:\lfxffxr.exe54⤵
- Executes dropped EXE
-
\??\c:\hhnntb.exec:\hhnntb.exe55⤵
- Executes dropped EXE
-
\??\c:\vdvjv.exec:\vdvjv.exe56⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe57⤵
- Executes dropped EXE
-
\??\c:\xrxrrrl.exec:\xrxrrrl.exe58⤵
- Executes dropped EXE
-
\??\c:\xrfxxxx.exec:\xrfxxxx.exe59⤵
- Executes dropped EXE
-
\??\c:\nhttnn.exec:\nhttnn.exe60⤵
- Executes dropped EXE
-
\??\c:\5vddv.exec:\5vddv.exe61⤵
- Executes dropped EXE
-
\??\c:\pvppp.exec:\pvppp.exe62⤵
- Executes dropped EXE
-
\??\c:\ffffxff.exec:\ffffxff.exe63⤵
- Executes dropped EXE
-
\??\c:\9ntnnt.exec:\9ntnnt.exe64⤵
- Executes dropped EXE
-
\??\c:\1vjjd.exec:\1vjjd.exe65⤵
- Executes dropped EXE
-
\??\c:\pjdvv.exec:\pjdvv.exe66⤵
-
\??\c:\xxxrllf.exec:\xxxrllf.exe67⤵
-
\??\c:\nbbttn.exec:\nbbttn.exe68⤵
-
\??\c:\bbhhnh.exec:\bbhhnh.exe69⤵
-
\??\c:\ppppj.exec:\ppppj.exe70⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe71⤵
-
\??\c:\fxxxllr.exec:\fxxxllr.exe72⤵
-
\??\c:\ffrlffl.exec:\ffrlffl.exe73⤵
-
\??\c:\thtbtb.exec:\thtbtb.exe74⤵
-
\??\c:\dvppp.exec:\dvppp.exe75⤵
-
\??\c:\jvpjd.exec:\jvpjd.exe76⤵
-
\??\c:\xlrlxxr.exec:\xlrlxxr.exe77⤵
-
\??\c:\9llffff.exec:\9llffff.exe78⤵
-
\??\c:\bhhnnn.exec:\bhhnnn.exe79⤵
-
\??\c:\9pdvv.exec:\9pdvv.exe80⤵
-
\??\c:\vjppj.exec:\vjppj.exe81⤵
-
\??\c:\bhtnhb.exec:\bhtnhb.exe82⤵
-
\??\c:\jdddv.exec:\jdddv.exe83⤵
-
\??\c:\xffxrxr.exec:\xffxrxr.exe84⤵
-
\??\c:\bntbtb.exec:\bntbtb.exe85⤵
-
\??\c:\hnttnn.exec:\hnttnn.exe86⤵
-
\??\c:\vvvjd.exec:\vvvjd.exe87⤵
-
\??\c:\tnnbbh.exec:\tnnbbh.exe88⤵
-
\??\c:\ntbbnn.exec:\ntbbnn.exe89⤵
-
\??\c:\vvjdd.exec:\vvjdd.exe90⤵
-
\??\c:\rlrllll.exec:\rlrllll.exe91⤵
-
\??\c:\nntthb.exec:\nntthb.exe92⤵
-
\??\c:\9vdjv.exec:\9vdjv.exe93⤵
-
\??\c:\jpdjd.exec:\jpdjd.exe94⤵
-
\??\c:\flxrrrf.exec:\flxrrrf.exe95⤵
-
\??\c:\nbnhbt.exec:\nbnhbt.exe96⤵
-
\??\c:\nthhbb.exec:\nthhbb.exe97⤵
-
\??\c:\jjjpj.exec:\jjjpj.exe98⤵
-
\??\c:\djdvj.exec:\djdvj.exe99⤵
-
\??\c:\xxlfxxl.exec:\xxlfxxl.exe100⤵
-
\??\c:\bnhhhh.exec:\bnhhhh.exe101⤵
-
\??\c:\fllllrr.exec:\fllllrr.exe102⤵
-
\??\c:\hhtbhn.exec:\hhtbhn.exe103⤵
-
\??\c:\ppppj.exec:\ppppj.exe104⤵
-
\??\c:\ffffxxf.exec:\ffffxxf.exe105⤵
-
\??\c:\xrxlrxf.exec:\xrxlrxf.exe106⤵
-
\??\c:\1bnbnn.exec:\1bnbnn.exe107⤵
-
\??\c:\htbhtb.exec:\htbhtb.exe108⤵
-
\??\c:\vpvdv.exec:\vpvdv.exe109⤵
-
\??\c:\llfxxff.exec:\llfxxff.exe110⤵
-
\??\c:\flffxxl.exec:\flffxxl.exe111⤵
-
\??\c:\bnhhtn.exec:\bnhhtn.exe112⤵
-
\??\c:\jjjpp.exec:\jjjpp.exe113⤵
-
\??\c:\jjppj.exec:\jjppj.exe114⤵
-
\??\c:\1xffffl.exec:\1xffffl.exe115⤵
-
\??\c:\tbhhnt.exec:\tbhhnt.exe116⤵
-
\??\c:\7nbtbb.exec:\7nbtbb.exe117⤵
-
\??\c:\ppdvd.exec:\ppdvd.exe118⤵
-
\??\c:\7djjp.exec:\7djjp.exe119⤵
-
\??\c:\lfxfrfr.exec:\lfxfrfr.exe120⤵
-
\??\c:\ttnnnh.exec:\ttnnnh.exe121⤵
-
\??\c:\5bhbht.exec:\5bhbht.exe122⤵
-
\??\c:\vjppj.exec:\vjppj.exe123⤵
-
\??\c:\xfxrlxx.exec:\xfxrlxx.exe124⤵
-
\??\c:\ttttnt.exec:\ttttnt.exe125⤵
-
\??\c:\hbhhnb.exec:\hbhhnb.exe126⤵
-
\??\c:\pvjpj.exec:\pvjpj.exe127⤵
-
\??\c:\xrxxfxr.exec:\xrxxfxr.exe128⤵
-
\??\c:\rlrrlrl.exec:\rlrrlrl.exe129⤵
-
\??\c:\tnntth.exec:\tnntth.exe130⤵
-
\??\c:\nhnbtt.exec:\nhnbtt.exe131⤵
-
\??\c:\vjppj.exec:\vjppj.exe132⤵
-
\??\c:\xrxrrrx.exec:\xrxrrrx.exe133⤵
-
\??\c:\flrrlll.exec:\flrrlll.exe134⤵
-
\??\c:\hbhbbb.exec:\hbhbbb.exe135⤵
-
\??\c:\1ppjd.exec:\1ppjd.exe136⤵
-
\??\c:\lrrlxfr.exec:\lrrlxfr.exe137⤵
-
\??\c:\nnnntb.exec:\nnnntb.exe138⤵
-
\??\c:\nntnnn.exec:\nntnnn.exe139⤵
-
\??\c:\vjddv.exec:\vjddv.exe140⤵
-
\??\c:\rlrlfff.exec:\rlrlfff.exe141⤵
-
\??\c:\htbbtt.exec:\htbbtt.exe142⤵
-
\??\c:\bbtbht.exec:\bbtbht.exe143⤵
-
\??\c:\jvvjp.exec:\jvvjp.exe144⤵
-
\??\c:\fxxxxxl.exec:\fxxxxxl.exe145⤵
-
\??\c:\btttnt.exec:\btttnt.exe146⤵
-
\??\c:\jpddd.exec:\jpddd.exe147⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe148⤵
-
\??\c:\lflfflf.exec:\lflfflf.exe149⤵
-
\??\c:\nhbbbh.exec:\nhbbbh.exe150⤵
-
\??\c:\7jvpj.exec:\7jvpj.exe151⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe152⤵
-
\??\c:\rfllfll.exec:\rfllfll.exe153⤵
-
\??\c:\thhhhn.exec:\thhhhn.exe154⤵
-
\??\c:\vvpvj.exec:\vvpvj.exe155⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe156⤵
-
\??\c:\rxxxlrr.exec:\rxxxlrr.exe157⤵
-
\??\c:\nntnbb.exec:\nntnbb.exe158⤵
-
\??\c:\1djvj.exec:\1djvj.exe159⤵
-
\??\c:\hbbttn.exec:\hbbttn.exe160⤵
-
\??\c:\1djdd.exec:\1djdd.exe161⤵
-
\??\c:\ffllrrl.exec:\ffllrrl.exe162⤵
-
\??\c:\nttbbb.exec:\nttbbb.exe163⤵
-
\??\c:\vvvjv.exec:\vvvjv.exe164⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe165⤵
-
\??\c:\rrrlfff.exec:\rrrlfff.exe166⤵
-
\??\c:\hbbbtt.exec:\hbbbtt.exe167⤵
-
\??\c:\hhhhhh.exec:\hhhhhh.exe168⤵
-
\??\c:\pdjjj.exec:\pdjjj.exe169⤵
-
\??\c:\xxxlfff.exec:\xxxlfff.exe170⤵
-
\??\c:\frfxxfx.exec:\frfxxfx.exe171⤵
-
\??\c:\nbbbtt.exec:\nbbbtt.exe172⤵
-
\??\c:\nthhhh.exec:\nthhhh.exe173⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe174⤵
-
\??\c:\7rrrrfx.exec:\7rrrrfx.exe175⤵
-
\??\c:\xlrxxxx.exec:\xlrxxxx.exe176⤵
-
\??\c:\1ffrrxx.exec:\1ffrrxx.exe177⤵
-
\??\c:\9hthht.exec:\9hthht.exe178⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe179⤵
-
\??\c:\djjdj.exec:\djjdj.exe180⤵
-
\??\c:\lxllfff.exec:\lxllfff.exe181⤵
-
\??\c:\rxlrrrx.exec:\rxlrrrx.exe182⤵
-
\??\c:\hhbbhn.exec:\hhbbhn.exe183⤵
-
\??\c:\btbttt.exec:\btbttt.exe184⤵
-
\??\c:\vvddj.exec:\vvddj.exe185⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe186⤵
-
\??\c:\3xrrflf.exec:\3xrrflf.exe187⤵
-
\??\c:\lllfxxx.exec:\lllfxxx.exe188⤵
-
\??\c:\btbtnt.exec:\btbtnt.exe189⤵
-
\??\c:\nhtnnn.exec:\nhtnnn.exe190⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe191⤵
-
\??\c:\djddv.exec:\djddv.exe192⤵
-
\??\c:\rrlfllx.exec:\rrlfllx.exe193⤵
-
\??\c:\lfxxxxf.exec:\lfxxxxf.exe194⤵
-
\??\c:\1nnnnn.exec:\1nnnnn.exe195⤵
-
\??\c:\ttnnhh.exec:\ttnnhh.exe196⤵
-
\??\c:\jddpp.exec:\jddpp.exe197⤵
-
\??\c:\3pvpd.exec:\3pvpd.exe198⤵
-
\??\c:\xfrlllr.exec:\xfrlllr.exe199⤵
-
\??\c:\xxxxxff.exec:\xxxxxff.exe200⤵
-
\??\c:\nhhhbh.exec:\nhhhbh.exe201⤵
-
\??\c:\pjjvp.exec:\pjjvp.exe202⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe203⤵
-
\??\c:\llrlrff.exec:\llrlrff.exe204⤵
-
\??\c:\xxffllr.exec:\xxffllr.exe205⤵
-
\??\c:\bbnttt.exec:\bbnttt.exe206⤵
-
\??\c:\5tnntt.exec:\5tnntt.exe207⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe208⤵
-
\??\c:\9jddv.exec:\9jddv.exe209⤵
-
\??\c:\llxrffl.exec:\llxrffl.exe210⤵
-
\??\c:\fxrrrrl.exec:\fxrrrrl.exe211⤵
-
\??\c:\tbtttn.exec:\tbtttn.exe212⤵
-
\??\c:\nbtbbh.exec:\nbtbbh.exe213⤵
-
\??\c:\pdvvp.exec:\pdvvp.exe214⤵
-
\??\c:\dvvpv.exec:\dvvpv.exe215⤵
-
\??\c:\lrlxxxl.exec:\lrlxxxl.exe216⤵
-
\??\c:\frrxxxr.exec:\frrxxxr.exe217⤵
-
\??\c:\nnthnh.exec:\nnthnh.exe218⤵
-
\??\c:\vvdpj.exec:\vvdpj.exe219⤵
-
\??\c:\xffllfx.exec:\xffllfx.exe220⤵
-
\??\c:\nbhhnt.exec:\nbhhnt.exe221⤵
-
\??\c:\ttbbhh.exec:\ttbbhh.exe222⤵
-
\??\c:\jjvvd.exec:\jjvvd.exe223⤵
-
\??\c:\llxfllr.exec:\llxfllr.exe224⤵
-
\??\c:\hhbbnn.exec:\hhbbnn.exe225⤵
-
\??\c:\rffxrrl.exec:\rffxrrl.exe226⤵
-
\??\c:\jvddv.exec:\jvddv.exe227⤵
-
\??\c:\ffllxxx.exec:\ffllxxx.exe228⤵
-
\??\c:\fllfffx.exec:\fllfffx.exe229⤵
-
\??\c:\xrlrrfr.exec:\xrlrrfr.exe230⤵
-
\??\c:\tbbbtt.exec:\tbbbtt.exe231⤵
-
\??\c:\ddpjj.exec:\ddpjj.exe232⤵
-
\??\c:\frrlffl.exec:\frrlffl.exe233⤵
-
\??\c:\ddjdd.exec:\ddjdd.exe234⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe235⤵
-
\??\c:\rffxfrx.exec:\rffxfrx.exe236⤵
-
\??\c:\tbnhhn.exec:\tbnhhn.exe237⤵
-
\??\c:\9dvdd.exec:\9dvdd.exe238⤵
-
\??\c:\lfxfllx.exec:\lfxfllx.exe239⤵
-
\??\c:\3llxrfx.exec:\3llxrfx.exe240⤵
-
\??\c:\bnthbt.exec:\bnthbt.exe241⤵