Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
20-05-2024 03:50
General
-
Target
e2852207c8a34c404e0b69ddff0ad670730a135cb34466670f9b618cb1561c92.exe
-
Size
306KB
-
MD5
693c1aaaef7076cb4e027f766860003a
-
SHA1
36701e4a89b13e0099ea36679f23b320103edb4c
-
SHA256
e2852207c8a34c404e0b69ddff0ad670730a135cb34466670f9b618cb1561c92
-
SHA512
a27356609d2ecaf232afb7a658160bae992f43394209a4b02eccc780f44e40a1cccef547c611263b43575bf79a0cba7739101fd9c351af1a3e61427a07f478a1
-
SSDEEP
6144:n3C9BRo/CH26ZAmaOXicLrnRukAPXt1UP+3OgEbXeTiDSd2vh:n3C9uUnAvtd3Ogld2vh
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
UPX dump on OEP (original entry point) 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e2852207c8a34c404e0b69ddff0ad670730a135cb34466670f9b618cb1561c92.exe"C:\Users\Admin\AppData\Local\Temp\e2852207c8a34c404e0b69ddff0ad670730a135cb34466670f9b618cb1561c92.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nhttnn.exec:\nhttnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfflrf.exec:\rlfflrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hthnt.exec:\5hthnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfrlll.exec:\llfrlll.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bbnbn.exec:\5bbnbn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjppd.exec:\jjppd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrfllx.exec:\ffrfllx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tththt.exec:\tththt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddpd.exec:\dddpd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbnn.exec:\hbhbnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdjp.exec:\jjdjp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlflffl.exec:\xlflffl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tbnhn.exec:\5tbnhn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpdj.exec:\jdpdj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfffxxl.exec:\lfffxxl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhnhn.exec:\bnhnhn.exe17⤵
- Executes dropped EXE
-
\??\c:\ddvvp.exec:\ddvvp.exe18⤵
- Executes dropped EXE
-
\??\c:\xxxfxlf.exec:\xxxfxlf.exe19⤵
- Executes dropped EXE
-
\??\c:\9ntnbb.exec:\9ntnbb.exe20⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe21⤵
- Executes dropped EXE
-
\??\c:\rlrrflr.exec:\rlrrflr.exe22⤵
- Executes dropped EXE
-
\??\c:\bnbhbh.exec:\bnbhbh.exe23⤵
- Executes dropped EXE
-
\??\c:\pvpvp.exec:\pvpvp.exe24⤵
- Executes dropped EXE
-
\??\c:\xrxxflx.exec:\xrxxflx.exe25⤵
- Executes dropped EXE
-
\??\c:\ppdjv.exec:\ppdjv.exe26⤵
- Executes dropped EXE
-
\??\c:\3xfrrxl.exec:\3xfrrxl.exe27⤵
- Executes dropped EXE
-
\??\c:\vjpdp.exec:\vjpdp.exe28⤵
- Executes dropped EXE
-
\??\c:\lflrfll.exec:\lflrfll.exe29⤵
- Executes dropped EXE
-
\??\c:\7thbhb.exec:\7thbhb.exe30⤵
- Executes dropped EXE
-
\??\c:\1vvjv.exec:\1vvjv.exe31⤵
- Executes dropped EXE
-
\??\c:\xxrxlxf.exec:\xxrxlxf.exe32⤵
- Executes dropped EXE
-
\??\c:\9xflfxr.exec:\9xflfxr.exe33⤵
- Executes dropped EXE
-
\??\c:\9nnhbn.exec:\9nnhbn.exe34⤵
- Executes dropped EXE
-
\??\c:\vpvjv.exec:\vpvjv.exe35⤵
- Executes dropped EXE
-
\??\c:\1xxfrrx.exec:\1xxfrrx.exe36⤵
- Executes dropped EXE
-
\??\c:\5lflrxr.exec:\5lflrxr.exe37⤵
- Executes dropped EXE
-
\??\c:\ttnthh.exec:\ttnthh.exe38⤵
- Executes dropped EXE
-
\??\c:\ttnbht.exec:\ttnbht.exe39⤵
- Executes dropped EXE
-
\??\c:\7jpvv.exec:\7jpvv.exe40⤵
- Executes dropped EXE
-
\??\c:\1ffxrxf.exec:\1ffxrxf.exe41⤵
- Executes dropped EXE
-
\??\c:\5frrxrf.exec:\5frrxrf.exe42⤵
- Executes dropped EXE
-
\??\c:\nnhnbh.exec:\nnhnbh.exe43⤵
- Executes dropped EXE
-
\??\c:\bbnbht.exec:\bbnbht.exe44⤵
- Executes dropped EXE
-
\??\c:\3dvdp.exec:\3dvdp.exe45⤵
- Executes dropped EXE
-
\??\c:\llllxfl.exec:\llllxfl.exe46⤵
- Executes dropped EXE
-
\??\c:\fxrfflf.exec:\fxrfflf.exe47⤵
- Executes dropped EXE
-
\??\c:\nnhtbh.exec:\nnhtbh.exe48⤵
- Executes dropped EXE
-
\??\c:\pvjdd.exec:\pvjdd.exe49⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe50⤵
- Executes dropped EXE
-
\??\c:\lfxlxfl.exec:\lfxlxfl.exe51⤵
- Executes dropped EXE
-
\??\c:\bbbntb.exec:\bbbntb.exe52⤵
- Executes dropped EXE
-
\??\c:\ttntht.exec:\ttntht.exe53⤵
- Executes dropped EXE
-
\??\c:\pjpdv.exec:\pjpdv.exe54⤵
- Executes dropped EXE
-
\??\c:\pjjpv.exec:\pjjpv.exe55⤵
- Executes dropped EXE
-
\??\c:\5lxfllx.exec:\5lxfllx.exe56⤵
- Executes dropped EXE
-
\??\c:\ffxlxfr.exec:\ffxlxfr.exe57⤵
- Executes dropped EXE
-
\??\c:\tnhnth.exec:\tnhnth.exe58⤵
- Executes dropped EXE
-
\??\c:\jdvpd.exec:\jdvpd.exe59⤵
- Executes dropped EXE
-
\??\c:\1pjpp.exec:\1pjpp.exe60⤵
- Executes dropped EXE
-
\??\c:\rlxxlxl.exec:\rlxxlxl.exe61⤵
- Executes dropped EXE
-
\??\c:\xrrfxrr.exec:\xrrfxrr.exe62⤵
- Executes dropped EXE
-
\??\c:\nnbhbn.exec:\nnbhbn.exe63⤵
- Executes dropped EXE
-
\??\c:\ddjdj.exec:\ddjdj.exe64⤵
- Executes dropped EXE
-
\??\c:\djdpd.exec:\djdpd.exe65⤵
- Executes dropped EXE
-
\??\c:\lflrflx.exec:\lflrflx.exe66⤵
-
\??\c:\hbthth.exec:\hbthth.exe67⤵
-
\??\c:\hhbnhn.exec:\hhbnhn.exe68⤵
-
\??\c:\9jjpv.exec:\9jjpv.exe69⤵
-
\??\c:\3vvdp.exec:\3vvdp.exe70⤵
-
\??\c:\3xrflrl.exec:\3xrflrl.exe71⤵
-
\??\c:\tbnbth.exec:\tbnbth.exe72⤵
-
\??\c:\hbtttt.exec:\hbtttt.exe73⤵
-
\??\c:\1vvdp.exec:\1vvdp.exe74⤵
-
\??\c:\7lrlllr.exec:\7lrlllr.exe75⤵
-
\??\c:\rlrrllf.exec:\rlrrllf.exe76⤵
-
\??\c:\hbttbb.exec:\hbttbb.exe77⤵
-
\??\c:\hhbtnn.exec:\hhbtnn.exe78⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe79⤵
-
\??\c:\rrlfxfx.exec:\rrlfxfx.exe80⤵
-
\??\c:\ffxlxrf.exec:\ffxlxrf.exe81⤵
-
\??\c:\tthnbh.exec:\tthnbh.exe82⤵
-
\??\c:\pppdp.exec:\pppdp.exe83⤵
-
\??\c:\7dppd.exec:\7dppd.exe84⤵
-
\??\c:\lfllllx.exec:\lfllllx.exe85⤵
-
\??\c:\llfxlxl.exec:\llfxlxl.exe86⤵
-
\??\c:\7nbbnn.exec:\7nbbnn.exe87⤵
-
\??\c:\dvvjp.exec:\dvvjp.exe88⤵
-
\??\c:\vvppd.exec:\vvppd.exe89⤵
-
\??\c:\rrlfxfx.exec:\rrlfxfx.exe90⤵
-
\??\c:\rrfrlrf.exec:\rrfrlrf.exe91⤵
-
\??\c:\hhthnt.exec:\hhthnt.exe92⤵
-
\??\c:\nhhtbt.exec:\nhhtbt.exe93⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe94⤵
-
\??\c:\xxllflx.exec:\xxllflx.exe95⤵
-
\??\c:\hhthhh.exec:\hhthhh.exe96⤵
-
\??\c:\hhtntt.exec:\hhtntt.exe97⤵
-
\??\c:\jjjpj.exec:\jjjpj.exe98⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe99⤵
-
\??\c:\xxlrlrf.exec:\xxlrlrf.exe100⤵
-
\??\c:\9nntbh.exec:\9nntbh.exe101⤵
-
\??\c:\htbbbb.exec:\htbbbb.exe102⤵
-
\??\c:\vvjpd.exec:\vvjpd.exe103⤵
-
\??\c:\lfxfxlx.exec:\lfxfxlx.exe104⤵
-
\??\c:\xxrlxlx.exec:\xxrlxlx.exe105⤵
-
\??\c:\bbbbth.exec:\bbbbth.exe106⤵
-
\??\c:\nbbnth.exec:\nbbnth.exe107⤵
-
\??\c:\1dvjd.exec:\1dvjd.exe108⤵
-
\??\c:\9lllxxl.exec:\9lllxxl.exe109⤵
-
\??\c:\1rlfrxr.exec:\1rlfrxr.exe110⤵
-
\??\c:\7nnbtb.exec:\7nnbtb.exe111⤵
-
\??\c:\5thhht.exec:\5thhht.exe112⤵
-
\??\c:\3pjdp.exec:\3pjdp.exe113⤵
-
\??\c:\rrflrxr.exec:\rrflrxr.exe114⤵
-
\??\c:\rrlrffr.exec:\rrlrffr.exe115⤵
-
\??\c:\9nhbnt.exec:\9nhbnt.exe116⤵
-
\??\c:\tthntb.exec:\tthntb.exe117⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe118⤵
-
\??\c:\pvjdp.exec:\pvjdp.exe119⤵
-
\??\c:\llflrfr.exec:\llflrfr.exe120⤵
-
\??\c:\fxfxrfx.exec:\fxfxrfx.exe121⤵
-
\??\c:\1nbntt.exec:\1nbntt.exe122⤵
-
\??\c:\htnhnb.exec:\htnhnb.exe123⤵
-
\??\c:\dddjd.exec:\dddjd.exe124⤵
-
\??\c:\1frlxlr.exec:\1frlxlr.exe125⤵
-
\??\c:\lfxfrxl.exec:\lfxfrxl.exe126⤵
-
\??\c:\bhbntb.exec:\bhbntb.exe127⤵
-
\??\c:\7hhnhh.exec:\7hhnhh.exe128⤵
-
\??\c:\3jjpd.exec:\3jjpd.exe129⤵
-
\??\c:\xrflxxl.exec:\xrflxxl.exe130⤵
-
\??\c:\llxlrrx.exec:\llxlrrx.exe131⤵
-
\??\c:\hnnthn.exec:\hnnthn.exe132⤵
-
\??\c:\nhhhnh.exec:\nhhhnh.exe133⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe134⤵
-
\??\c:\fxfxrrx.exec:\fxfxrrx.exe135⤵
-
\??\c:\9rrrlrf.exec:\9rrrlrf.exe136⤵
-
\??\c:\nbbtth.exec:\nbbtth.exe137⤵
-
\??\c:\vvppj.exec:\vvppj.exe138⤵
-
\??\c:\3jpvp.exec:\3jpvp.exe139⤵
-
\??\c:\fllxrfx.exec:\fllxrfx.exe140⤵
-
\??\c:\thtnth.exec:\thtnth.exe141⤵
-
\??\c:\ttbbbb.exec:\ttbbbb.exe142⤵
-
\??\c:\3rrllll.exec:\3rrllll.exe143⤵
-
\??\c:\lrlxlrf.exec:\lrlxlrf.exe144⤵
-
\??\c:\hhbhtn.exec:\hhbhtn.exe145⤵
-
\??\c:\7pjjv.exec:\7pjjv.exe146⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe147⤵
-
\??\c:\lfrxflr.exec:\lfrxflr.exe148⤵
-
\??\c:\5hthnn.exec:\5hthnn.exe149⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe150⤵
-
\??\c:\5dpjd.exec:\5dpjd.exe151⤵
-
\??\c:\xlxfllx.exec:\xlxfllx.exe152⤵
-
\??\c:\tntnth.exec:\tntnth.exe153⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe154⤵
-
\??\c:\7dvdd.exec:\7dvdd.exe155⤵
-
\??\c:\3lxrxxx.exec:\3lxrxxx.exe156⤵
-
\??\c:\7ttttb.exec:\7ttttb.exe157⤵
-
\??\c:\bntbtt.exec:\bntbtt.exe158⤵
-
\??\c:\ppddp.exec:\ppddp.exe159⤵
-
\??\c:\xxrxllf.exec:\xxrxllf.exe160⤵
-
\??\c:\bhnnhh.exec:\bhnnhh.exe161⤵
-
\??\c:\9bttbn.exec:\9bttbn.exe162⤵
-
\??\c:\1dvjp.exec:\1dvjp.exe163⤵
-
\??\c:\rrrlxxf.exec:\rrrlxxf.exe164⤵
-
\??\c:\btntht.exec:\btntht.exe165⤵
-
\??\c:\9bbhht.exec:\9bbhht.exe166⤵
-
\??\c:\3pdpv.exec:\3pdpv.exe167⤵
-
\??\c:\ffxflrf.exec:\ffxflrf.exe168⤵
-
\??\c:\xfxlfll.exec:\xfxlfll.exe169⤵
-
\??\c:\hhhbbn.exec:\hhhbbn.exe170⤵
-
\??\c:\jjjdp.exec:\jjjdp.exe171⤵
-
\??\c:\5jvdp.exec:\5jvdp.exe172⤵
-
\??\c:\rrflrxx.exec:\rrflrxx.exe173⤵
-
\??\c:\bnhhbt.exec:\bnhhbt.exe174⤵
-
\??\c:\ddppv.exec:\ddppv.exe175⤵
-
\??\c:\jdjdj.exec:\jdjdj.exe176⤵
-
\??\c:\rrlrrfx.exec:\rrlrrfx.exe177⤵
-
\??\c:\bnnbhh.exec:\bnnbhh.exe178⤵
-
\??\c:\3nhhhb.exec:\3nhhhb.exe179⤵
-
\??\c:\1vddd.exec:\1vddd.exe180⤵
-
\??\c:\ppjjv.exec:\ppjjv.exe181⤵
-
\??\c:\xrxxffl.exec:\xrxxffl.exe182⤵
-
\??\c:\lfflxxf.exec:\lfflxxf.exe183⤵
-
\??\c:\hhbhnn.exec:\hhbhnn.exe184⤵
-
\??\c:\tnbbtt.exec:\tnbbtt.exe185⤵
-
\??\c:\dpvpv.exec:\dpvpv.exe186⤵
-
\??\c:\9xrffrx.exec:\9xrffrx.exe187⤵
-
\??\c:\rfrlrrx.exec:\rfrlrrx.exe188⤵
-
\??\c:\9bnnnh.exec:\9bnnnh.exe189⤵
-
\??\c:\bbtbnn.exec:\bbtbnn.exe190⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe191⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe192⤵
-
\??\c:\lflfrxf.exec:\lflfrxf.exe193⤵
-
\??\c:\hnnbtt.exec:\hnnbtt.exe194⤵
-
\??\c:\bnntht.exec:\bnntht.exe195⤵
-
\??\c:\dpvpv.exec:\dpvpv.exe196⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe197⤵
-
\??\c:\3lxxffl.exec:\3lxxffl.exe198⤵
-
\??\c:\tntbbh.exec:\tntbbh.exe199⤵
-
\??\c:\btbnbt.exec:\btbnbt.exe200⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe201⤵
-
\??\c:\7rfllrr.exec:\7rfllrr.exe202⤵
-
\??\c:\xllfllr.exec:\xllfllr.exe203⤵
-
\??\c:\btnbnn.exec:\btnbnn.exe204⤵
-
\??\c:\dvpjp.exec:\dvpjp.exe205⤵
-
\??\c:\dvddj.exec:\dvddj.exe206⤵
-
\??\c:\7fxrffl.exec:\7fxrffl.exe207⤵
-
\??\c:\xlxfllr.exec:\xlxfllr.exe208⤵
-
\??\c:\thnhnn.exec:\thnhnn.exe209⤵
-
\??\c:\jvpvd.exec:\jvpvd.exe210⤵
-
\??\c:\dddvj.exec:\dddvj.exe211⤵
-
\??\c:\frfrrrx.exec:\frfrrrx.exe212⤵
-
\??\c:\9bntbh.exec:\9bntbh.exe213⤵
-
\??\c:\tbnbnb.exec:\tbnbnb.exe214⤵
-
\??\c:\vjddj.exec:\vjddj.exe215⤵
-
\??\c:\vpddj.exec:\vpddj.exe216⤵
-
\??\c:\rfrfllr.exec:\rfrfllr.exe217⤵
-
\??\c:\htbhbt.exec:\htbhbt.exe218⤵
-
\??\c:\7hnnnt.exec:\7hnnnt.exe219⤵
-
\??\c:\jdddv.exec:\jdddv.exe220⤵
-
\??\c:\pvvpv.exec:\pvvpv.exe221⤵
-
\??\c:\5lrllrf.exec:\5lrllrf.exe222⤵
-
\??\c:\htttnb.exec:\htttnb.exe223⤵
-
\??\c:\vvvvv.exec:\vvvvv.exe224⤵
-
\??\c:\pjppv.exec:\pjppv.exe225⤵
-
\??\c:\rxllflx.exec:\rxllflx.exe226⤵
-
\??\c:\nbhhhb.exec:\nbhhhb.exe227⤵
-
\??\c:\hbntnn.exec:\hbntnn.exe228⤵
-
\??\c:\vvjdv.exec:\vvjdv.exe229⤵
-
\??\c:\lflfrxl.exec:\lflfrxl.exe230⤵
-
\??\c:\fxxflrx.exec:\fxxflrx.exe231⤵
-
\??\c:\btntbh.exec:\btntbh.exe232⤵
-
\??\c:\vvjpp.exec:\vvjpp.exe233⤵
-
\??\c:\pjppd.exec:\pjppd.exe234⤵
-
\??\c:\fxrxlrf.exec:\fxrxlrf.exe235⤵
-
\??\c:\hbntbt.exec:\hbntbt.exe236⤵
-
\??\c:\jdddj.exec:\jdddj.exe237⤵
-
\??\c:\5jjjd.exec:\5jjjd.exe238⤵
-
\??\c:\3rxxffl.exec:\3rxxffl.exe239⤵
-
\??\c:\rxxflxf.exec:\rxxflxf.exe240⤵
-
\??\c:\thnnnh.exec:\thnnnh.exe241⤵