Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
20-05-2024 03:50
General
-
Target
e2852207c8a34c404e0b69ddff0ad670730a135cb34466670f9b618cb1561c92.exe
-
Size
306KB
-
MD5
693c1aaaef7076cb4e027f766860003a
-
SHA1
36701e4a89b13e0099ea36679f23b320103edb4c
-
SHA256
e2852207c8a34c404e0b69ddff0ad670730a135cb34466670f9b618cb1561c92
-
SHA512
a27356609d2ecaf232afb7a658160bae992f43394209a4b02eccc780f44e40a1cccef547c611263b43575bf79a0cba7739101fd9c351af1a3e61427a07f478a1
-
SSDEEP
6144:n3C9BRo/CH26ZAmaOXicLrnRukAPXt1UP+3OgEbXeTiDSd2vh:n3C9uUnAvtd3Ogld2vh
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
UPX dump on OEP (original entry point) 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e2852207c8a34c404e0b69ddff0ad670730a135cb34466670f9b618cb1561c92.exe"C:\Users\Admin\AppData\Local\Temp\e2852207c8a34c404e0b69ddff0ad670730a135cb34466670f9b618cb1561c92.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnhnn.exec:\hbnhnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvp.exec:\jddvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfllxxr.exec:\lfllxxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhbtt.exec:\hnhbtt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvvv.exec:\dpvvv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpd.exec:\jdvpd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrrrrr.exec:\xlrrrrr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbbhn.exec:\tbbbhn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfrlrf.exec:\rlfrlrf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdp.exec:\vjjdp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnnhb.exec:\tbnnhb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddppj.exec:\ddppj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxffxxf.exec:\lxffxxf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjj.exec:\jdjjj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtnbh.exec:\thtnbh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddv.exec:\vvddv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vjvp.exec:\7vjvp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxlll.exec:\fxfxlll.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntttn.exec:\bntttn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppd.exec:\pjppd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrxxxl.exec:\frrxxxl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ntnnn.exec:\7ntnnn.exe23⤵
- Executes dropped EXE
-
\??\c:\jpvdv.exec:\jpvdv.exe24⤵
- Executes dropped EXE
-
\??\c:\vpjdj.exec:\vpjdj.exe25⤵
- Executes dropped EXE
-
\??\c:\ttnhbt.exec:\ttnhbt.exe26⤵
- Executes dropped EXE
-
\??\c:\vdppj.exec:\vdppj.exe27⤵
- Executes dropped EXE
-
\??\c:\1lllrxf.exec:\1lllrxf.exe28⤵
- Executes dropped EXE
-
\??\c:\nnnhbt.exec:\nnnhbt.exe29⤵
- Executes dropped EXE
-
\??\c:\5bhbbn.exec:\5bhbbn.exe30⤵
- Executes dropped EXE
-
\??\c:\vvpjj.exec:\vvpjj.exe31⤵
- Executes dropped EXE
-
\??\c:\lxrfffr.exec:\lxrfffr.exe32⤵
- Executes dropped EXE
-
\??\c:\btbbtt.exec:\btbbtt.exe33⤵
- Executes dropped EXE
-
\??\c:\ppppj.exec:\ppppj.exe34⤵
- Executes dropped EXE
-
\??\c:\tthtnt.exec:\tthtnt.exe35⤵
- Executes dropped EXE
-
\??\c:\nnbtnn.exec:\nnbtnn.exe36⤵
- Executes dropped EXE
-
\??\c:\jdppj.exec:\jdppj.exe37⤵
- Executes dropped EXE
-
\??\c:\3rfxlll.exec:\3rfxlll.exe38⤵
- Executes dropped EXE
-
\??\c:\bbnnbb.exec:\bbnnbb.exe39⤵
- Executes dropped EXE
-
\??\c:\9jpjj.exec:\9jpjj.exe40⤵
- Executes dropped EXE
-
\??\c:\1lxrlll.exec:\1lxrlll.exe41⤵
- Executes dropped EXE
-
\??\c:\1frllff.exec:\1frllff.exe42⤵
- Executes dropped EXE
-
\??\c:\dvpjp.exec:\dvpjp.exe43⤵
- Executes dropped EXE
-
\??\c:\rrlfxrl.exec:\rrlfxrl.exe44⤵
- Executes dropped EXE
-
\??\c:\bbhhhh.exec:\bbhhhh.exe45⤵
- Executes dropped EXE
-
\??\c:\pppjj.exec:\pppjj.exe46⤵
- Executes dropped EXE
-
\??\c:\hbbthh.exec:\hbbthh.exe47⤵
- Executes dropped EXE
-
\??\c:\vvpdj.exec:\vvpdj.exe48⤵
- Executes dropped EXE
-
\??\c:\vdpvp.exec:\vdpvp.exe49⤵
- Executes dropped EXE
-
\??\c:\ffllffx.exec:\ffllffx.exe50⤵
- Executes dropped EXE
-
\??\c:\vppvv.exec:\vppvv.exe51⤵
- Executes dropped EXE
-
\??\c:\7vdvp.exec:\7vdvp.exe52⤵
- Executes dropped EXE
-
\??\c:\ffxxlxr.exec:\ffxxlxr.exe53⤵
- Executes dropped EXE
-
\??\c:\bbbbtn.exec:\bbbbtn.exe54⤵
- Executes dropped EXE
-
\??\c:\jdddp.exec:\jdddp.exe55⤵
- Executes dropped EXE
-
\??\c:\vvjdj.exec:\vvjdj.exe56⤵
- Executes dropped EXE
-
\??\c:\lxxxrrr.exec:\lxxxrrr.exe57⤵
- Executes dropped EXE
-
\??\c:\bbbbtt.exec:\bbbbtt.exe58⤵
- Executes dropped EXE
-
\??\c:\vvpjd.exec:\vvpjd.exe59⤵
- Executes dropped EXE
-
\??\c:\llrfllr.exec:\llrfllr.exe60⤵
- Executes dropped EXE
-
\??\c:\tnhntb.exec:\tnhntb.exe61⤵
- Executes dropped EXE
-
\??\c:\ththhh.exec:\ththhh.exe62⤵
- Executes dropped EXE
-
\??\c:\jpvpj.exec:\jpvpj.exe63⤵
- Executes dropped EXE
-
\??\c:\9rrrxxx.exec:\9rrrxxx.exe64⤵
- Executes dropped EXE
-
\??\c:\tnnnbn.exec:\tnnnbn.exe65⤵
- Executes dropped EXE
-
\??\c:\hbhbtt.exec:\hbhbtt.exe66⤵
-
\??\c:\vpddp.exec:\vpddp.exe67⤵
-
\??\c:\frffrxr.exec:\frffrxr.exe68⤵
-
\??\c:\frfllll.exec:\frfllll.exe69⤵
-
\??\c:\nhntnh.exec:\nhntnh.exe70⤵
-
\??\c:\ddjjv.exec:\ddjjv.exe71⤵
-
\??\c:\7pvpp.exec:\7pvpp.exe72⤵
-
\??\c:\xrxxxrl.exec:\xrxxxrl.exe73⤵
-
\??\c:\tbnntb.exec:\tbnntb.exe74⤵
-
\??\c:\hhtnhb.exec:\hhtnhb.exe75⤵
-
\??\c:\dddjj.exec:\dddjj.exe76⤵
-
\??\c:\tbbhhb.exec:\tbbhhb.exe77⤵
-
\??\c:\bbttnn.exec:\bbttnn.exe78⤵
-
\??\c:\ddvvv.exec:\ddvvv.exe79⤵
-
\??\c:\fxrrrrx.exec:\fxrrrrx.exe80⤵
-
\??\c:\htbnht.exec:\htbnht.exe81⤵
-
\??\c:\1vppj.exec:\1vppj.exe82⤵
-
\??\c:\rffxxxx.exec:\rffxxxx.exe83⤵
-
\??\c:\7tbbhb.exec:\7tbbhb.exe84⤵
-
\??\c:\9pvjd.exec:\9pvjd.exe85⤵
-
\??\c:\9lxrrff.exec:\9lxrrff.exe86⤵
-
\??\c:\bhnnbb.exec:\bhnnbb.exe87⤵
-
\??\c:\3djdd.exec:\3djdd.exe88⤵
-
\??\c:\rfxlfrl.exec:\rfxlfrl.exe89⤵
-
\??\c:\3tbhhn.exec:\3tbhhn.exe90⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe91⤵
-
\??\c:\xfrrlxr.exec:\xfrrlxr.exe92⤵
-
\??\c:\rfrllll.exec:\rfrllll.exe93⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe94⤵
-
\??\c:\ddpdj.exec:\ddpdj.exe95⤵
-
\??\c:\xxffxxf.exec:\xxffxxf.exe96⤵
-
\??\c:\bhttnn.exec:\bhttnn.exe97⤵
-
\??\c:\vvvvv.exec:\vvvvv.exe98⤵
-
\??\c:\pvjdp.exec:\pvjdp.exe99⤵
-
\??\c:\xxxrrrr.exec:\xxxrrrr.exe100⤵
-
\??\c:\3nbtnn.exec:\3nbtnn.exe101⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe102⤵
-
\??\c:\pvddv.exec:\pvddv.exe103⤵
-
\??\c:\7xrrrxx.exec:\7xrrrxx.exe104⤵
-
\??\c:\htbnnh.exec:\htbnnh.exe105⤵
-
\??\c:\vvdvd.exec:\vvdvd.exe106⤵
-
\??\c:\fxxxfff.exec:\fxxxfff.exe107⤵
-
\??\c:\xxffxxr.exec:\xxffxxr.exe108⤵
-
\??\c:\nhnhhh.exec:\nhnhhh.exe109⤵
-
\??\c:\pjppj.exec:\pjppj.exe110⤵
-
\??\c:\jvddv.exec:\jvddv.exe111⤵
-
\??\c:\xrlfxlf.exec:\xrlfxlf.exe112⤵
-
\??\c:\rrflxxf.exec:\rrflxxf.exe113⤵
-
\??\c:\3tbhnt.exec:\3tbhnt.exe114⤵
-
\??\c:\jjpjj.exec:\jjpjj.exe115⤵
-
\??\c:\1xffffx.exec:\1xffffx.exe116⤵
-
\??\c:\htnhhh.exec:\htnhhh.exe117⤵
-
\??\c:\pdjpj.exec:\pdjpj.exe118⤵
-
\??\c:\7jjdv.exec:\7jjdv.exe119⤵
-
\??\c:\1xrrfxr.exec:\1xrrfxr.exe120⤵
-
\??\c:\5ttntt.exec:\5ttntt.exe121⤵
-
\??\c:\jjvpd.exec:\jjvpd.exe122⤵
-
\??\c:\rrxrrxr.exec:\rrxrrxr.exe123⤵
-
\??\c:\btttnn.exec:\btttnn.exe124⤵
-
\??\c:\hbnhhh.exec:\hbnhhh.exe125⤵
-
\??\c:\rlxxrrr.exec:\rlxxrrr.exe126⤵
-
\??\c:\7lrlflf.exec:\7lrlflf.exe127⤵
-
\??\c:\1nhbbb.exec:\1nhbbb.exe128⤵
-
\??\c:\jvddj.exec:\jvddj.exe129⤵
-
\??\c:\5llfrrr.exec:\5llfrrr.exe130⤵
-
\??\c:\bnnttn.exec:\bnnttn.exe131⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe132⤵
-
\??\c:\vjdvp.exec:\vjdvp.exe133⤵
-
\??\c:\3lfrxff.exec:\3lfrxff.exe134⤵
-
\??\c:\bhnhbb.exec:\bhnhbb.exe135⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe136⤵
-
\??\c:\7xlfffl.exec:\7xlfffl.exe137⤵
-
\??\c:\hhhhbb.exec:\hhhhbb.exe138⤵
-
\??\c:\jvpdd.exec:\jvpdd.exe139⤵
-
\??\c:\flrllrx.exec:\flrllrx.exe140⤵
-
\??\c:\nhbttt.exec:\nhbttt.exe141⤵
-
\??\c:\dpdvv.exec:\dpdvv.exe142⤵
-
\??\c:\lxflfff.exec:\lxflfff.exe143⤵
-
\??\c:\nhhttt.exec:\nhhttt.exe144⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe145⤵
-
\??\c:\ppvdd.exec:\ppvdd.exe146⤵
-
\??\c:\hbnnhh.exec:\hbnnhh.exe147⤵
-
\??\c:\hhhtnt.exec:\hhhtnt.exe148⤵
-
\??\c:\vvddd.exec:\vvddd.exe149⤵
-
\??\c:\fxxffll.exec:\fxxffll.exe150⤵
-
\??\c:\bbtbth.exec:\bbtbth.exe151⤵
-
\??\c:\vjppj.exec:\vjppj.exe152⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe153⤵
-
\??\c:\xrfxfff.exec:\xrfxfff.exe154⤵
-
\??\c:\nnnhbb.exec:\nnnhbb.exe155⤵
-
\??\c:\1ntttt.exec:\1ntttt.exe156⤵
-
\??\c:\pjjpj.exec:\pjjpj.exe157⤵
-
\??\c:\xrfxrrr.exec:\xrfxrrr.exe158⤵
-
\??\c:\rfllrrl.exec:\rfllrrl.exe159⤵
-
\??\c:\tttttn.exec:\tttttn.exe160⤵
-
\??\c:\1djdd.exec:\1djdd.exe161⤵
-
\??\c:\rxlfllr.exec:\rxlfllr.exe162⤵
-
\??\c:\rrfxffr.exec:\rrfxffr.exe163⤵
-
\??\c:\hthbtt.exec:\hthbtt.exe164⤵
-
\??\c:\vjddd.exec:\vjddd.exe165⤵
-
\??\c:\jpdvv.exec:\jpdvv.exe166⤵
-
\??\c:\fxlllxr.exec:\fxlllxr.exe167⤵
-
\??\c:\ntbbtt.exec:\ntbbtt.exe168⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe169⤵
-
\??\c:\1frllll.exec:\1frllll.exe170⤵
-
\??\c:\7lxxrrr.exec:\7lxxrrr.exe171⤵
-
\??\c:\5ttnhb.exec:\5ttnhb.exe172⤵
-
\??\c:\vvdpp.exec:\vvdpp.exe173⤵
-
\??\c:\frlfxrl.exec:\frlfxrl.exe174⤵
-
\??\c:\btnnnt.exec:\btnnnt.exe175⤵
-
\??\c:\tntbbt.exec:\tntbbt.exe176⤵
-
\??\c:\jddjp.exec:\jddjp.exe177⤵
-
\??\c:\5xlrrxr.exec:\5xlrrxr.exe178⤵
-
\??\c:\tnhttt.exec:\tnhttt.exe179⤵
-
\??\c:\bbtttt.exec:\bbtttt.exe180⤵
-
\??\c:\jvdpv.exec:\jvdpv.exe181⤵
-
\??\c:\xxllfff.exec:\xxllfff.exe182⤵
-
\??\c:\hhhnhh.exec:\hhhnhh.exe183⤵
-
\??\c:\vdddv.exec:\vdddv.exe184⤵
-
\??\c:\7pvvp.exec:\7pvvp.exe185⤵
-
\??\c:\rlxxrrr.exec:\rlxxrrr.exe186⤵
-
\??\c:\tbnntt.exec:\tbnntt.exe187⤵
-
\??\c:\5nnnnt.exec:\5nnnnt.exe188⤵
-
\??\c:\dpdvd.exec:\dpdvd.exe189⤵
-
\??\c:\ffxxrrr.exec:\ffxxrrr.exe190⤵
-
\??\c:\tnhbtt.exec:\tnhbtt.exe191⤵
-
\??\c:\hnthtn.exec:\hnthtn.exe192⤵
-
\??\c:\pdpvj.exec:\pdpvj.exe193⤵
-
\??\c:\rfrxxfx.exec:\rfrxxfx.exe194⤵
-
\??\c:\ttnthb.exec:\ttnthb.exe195⤵
-
\??\c:\pdppj.exec:\pdppj.exe196⤵
-
\??\c:\lfxxrrr.exec:\lfxxrrr.exe197⤵
-
\??\c:\rlffrxr.exec:\rlffrxr.exe198⤵
-
\??\c:\nbnnnn.exec:\nbnnnn.exe199⤵
-
\??\c:\ppvvv.exec:\ppvvv.exe200⤵
-
\??\c:\5dvvp.exec:\5dvvp.exe201⤵
-
\??\c:\xfrxffl.exec:\xfrxffl.exe202⤵
-
\??\c:\htbbtb.exec:\htbbtb.exe203⤵
-
\??\c:\jjdjp.exec:\jjdjp.exe204⤵
-
\??\c:\lxfrffx.exec:\lxfrffx.exe205⤵
-
\??\c:\htnbnb.exec:\htnbnb.exe206⤵
-
\??\c:\pvdvv.exec:\pvdvv.exe207⤵
-
\??\c:\7pjjv.exec:\7pjjv.exe208⤵
-
\??\c:\ffxllrf.exec:\ffxllrf.exe209⤵
-
\??\c:\bhtnhb.exec:\bhtnhb.exe210⤵
-
\??\c:\7dddd.exec:\7dddd.exe211⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe212⤵
-
\??\c:\fxrlllf.exec:\fxrlllf.exe213⤵
-
\??\c:\bbhhnn.exec:\bbhhnn.exe214⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe215⤵
-
\??\c:\rxlxxlx.exec:\rxlxxlx.exe216⤵
-
\??\c:\nhtttb.exec:\nhtttb.exe217⤵
-
\??\c:\jpppj.exec:\jpppj.exe218⤵
-
\??\c:\lfrrrlf.exec:\lfrrrlf.exe219⤵
-
\??\c:\5nttnn.exec:\5nttnn.exe220⤵
-
\??\c:\thbbbh.exec:\thbbbh.exe221⤵
-
\??\c:\vdvvp.exec:\vdvvp.exe222⤵
-
\??\c:\rfllflf.exec:\rfllflf.exe223⤵
-
\??\c:\nhtbtb.exec:\nhtbtb.exe224⤵
-
\??\c:\vpdpv.exec:\vpdpv.exe225⤵
-
\??\c:\rfrrrff.exec:\rfrrrff.exe226⤵
-
\??\c:\rflfffr.exec:\rflfffr.exe227⤵
-
\??\c:\5tthbn.exec:\5tthbn.exe228⤵
-
\??\c:\1vvdv.exec:\1vvdv.exe229⤵
-
\??\c:\xrlxlfr.exec:\xrlxlfr.exe230⤵
-
\??\c:\ntbhhh.exec:\ntbhhh.exe231⤵
-
\??\c:\vdpjp.exec:\vdpjp.exe232⤵
-
\??\c:\frrlfxf.exec:\frrlfxf.exe233⤵
-
\??\c:\nbhbbt.exec:\nbhbbt.exe234⤵
-
\??\c:\3vdpj.exec:\3vdpj.exe235⤵
-
\??\c:\fffxxxx.exec:\fffxxxx.exe236⤵
-
\??\c:\rrxrrrl.exec:\rrxrrrl.exe237⤵
-
\??\c:\5pjvp.exec:\5pjvp.exe238⤵
-
\??\c:\xllxfxr.exec:\xllxfxr.exe239⤵
-
\??\c:\5rllflf.exec:\5rllflf.exe240⤵
-
\??\c:\tntnnn.exec:\tntnnn.exe241⤵