Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
20-05-2024 03:52
General
-
Target
e3c2408226b42557641f58b5b13798dd41aace3a4d9e9b64cd3554da0931fb38.exe
-
Size
63KB
-
MD5
ae610220bf3e55e861668d718ea60f7f
-
SHA1
aa3a18aaa60a5f1ed6d4505dc76fe51f74fe478b
-
SHA256
e3c2408226b42557641f58b5b13798dd41aace3a4d9e9b64cd3554da0931fb38
-
SHA512
ff92e7e2f45c98fd357fda166d5ed3ff1bb5d2174b9d547e715607c7b20239f1c7381d26e01cbe9c6ede82c64da65f4d28365d837bef13cbf4dbef7a5bcf5bc7
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFdJULh127:ymb3NkkiQ3mdBjFIFdJmA
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
UPX dump on OEP (original entry point) 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e3c2408226b42557641f58b5b13798dd41aace3a4d9e9b64cd3554da0931fb38.exe"C:\Users\Admin\AppData\Local\Temp\e3c2408226b42557641f58b5b13798dd41aace3a4d9e9b64cd3554da0931fb38.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrxxf.exec:\ffrrxxf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxfllf.exec:\lrxfllf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdj.exec:\pjvdj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvdp.exec:\ddvdp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlffxxl.exec:\rlffxxl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntbhb.exec:\bntbhb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbthh.exec:\hhbthh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjd.exec:\vppjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xffxfl.exec:\9xffxfl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fxlrxl.exec:\1fxlrxl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7btbtt.exec:\7btbtt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtbhb.exec:\hhtbhb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjv.exec:\pjdjv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdjd.exec:\vvdjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lrrrxf.exec:\5lrrrxf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lflrxx.exec:\9lflrxx.exe17⤵
- Executes dropped EXE
-
\??\c:\rrrxrlx.exec:\rrrxrlx.exe18⤵
- Executes dropped EXE
-
\??\c:\bthbbh.exec:\bthbbh.exe19⤵
- Executes dropped EXE
-
\??\c:\tnnnnn.exec:\tnnnnn.exe20⤵
- Executes dropped EXE
-
\??\c:\pvvdd.exec:\pvvdd.exe21⤵
- Executes dropped EXE
-
\??\c:\frflrfr.exec:\frflrfr.exe22⤵
- Executes dropped EXE
-
\??\c:\fxrfrfr.exec:\fxrfrfr.exe23⤵
- Executes dropped EXE
-
\??\c:\ttnhtt.exec:\ttnhtt.exe24⤵
- Executes dropped EXE
-
\??\c:\bbhttt.exec:\bbhttt.exe25⤵
- Executes dropped EXE
-
\??\c:\pdppp.exec:\pdppp.exe26⤵
- Executes dropped EXE
-
\??\c:\3vvpj.exec:\3vvpj.exe27⤵
- Executes dropped EXE
-
\??\c:\llfxxlx.exec:\llfxxlx.exe28⤵
- Executes dropped EXE
-
\??\c:\bbtbhb.exec:\bbtbhb.exe29⤵
- Executes dropped EXE
-
\??\c:\htthhb.exec:\htthhb.exe30⤵
- Executes dropped EXE
-
\??\c:\9jvpd.exec:\9jvpd.exe31⤵
- Executes dropped EXE
-
\??\c:\3jdvd.exec:\3jdvd.exe32⤵
- Executes dropped EXE
-
\??\c:\dvpdp.exec:\dvpdp.exe33⤵
- Executes dropped EXE
-
\??\c:\3flrxfr.exec:\3flrxfr.exe34⤵
- Executes dropped EXE
-
\??\c:\lrflrxr.exec:\lrflrxr.exe35⤵
- Executes dropped EXE
-
\??\c:\tnnhhb.exec:\tnnhhb.exe36⤵
- Executes dropped EXE
-
\??\c:\vdvdp.exec:\vdvdp.exe37⤵
- Executes dropped EXE
-
\??\c:\xfrlrlr.exec:\xfrlrlr.exe38⤵
- Executes dropped EXE
-
\??\c:\3vdjp.exec:\3vdjp.exe39⤵
- Executes dropped EXE
-
\??\c:\lxffxrf.exec:\lxffxrf.exe40⤵
- Executes dropped EXE
-
\??\c:\jpvdv.exec:\jpvdv.exe41⤵
- Executes dropped EXE
-
\??\c:\vpddv.exec:\vpddv.exe42⤵
- Executes dropped EXE
-
\??\c:\rlxrrrx.exec:\rlxrrrx.exe43⤵
- Executes dropped EXE
-
\??\c:\httbbb.exec:\httbbb.exe44⤵
- Executes dropped EXE
-
\??\c:\btbthh.exec:\btbthh.exe45⤵
- Executes dropped EXE
-
\??\c:\vjpjj.exec:\vjpjj.exe46⤵
- Executes dropped EXE
-
\??\c:\dddpv.exec:\dddpv.exe47⤵
- Executes dropped EXE
-
\??\c:\9rfxllx.exec:\9rfxllx.exe48⤵
- Executes dropped EXE
-
\??\c:\hbtbht.exec:\hbtbht.exe49⤵
- Executes dropped EXE
-
\??\c:\nhntbb.exec:\nhntbb.exe50⤵
- Executes dropped EXE
-
\??\c:\jjvjv.exec:\jjvjv.exe51⤵
- Executes dropped EXE
-
\??\c:\9vjpj.exec:\9vjpj.exe52⤵
- Executes dropped EXE
-
\??\c:\1rlllrf.exec:\1rlllrf.exe53⤵
- Executes dropped EXE
-
\??\c:\5rflffr.exec:\5rflffr.exe54⤵
- Executes dropped EXE
-
\??\c:\tthhbn.exec:\tthhbn.exe55⤵
- Executes dropped EXE
-
\??\c:\nnhhbt.exec:\nnhhbt.exe56⤵
- Executes dropped EXE
-
\??\c:\3pdjv.exec:\3pdjv.exe57⤵
- Executes dropped EXE
-
\??\c:\btntht.exec:\btntht.exe58⤵
- Executes dropped EXE
-
\??\c:\tnhnbn.exec:\tnhnbn.exe59⤵
- Executes dropped EXE
-
\??\c:\bhhnbh.exec:\bhhnbh.exe60⤵
- Executes dropped EXE
-
\??\c:\vvvvp.exec:\vvvvp.exe61⤵
- Executes dropped EXE
-
\??\c:\rlxrflx.exec:\rlxrflx.exe62⤵
- Executes dropped EXE
-
\??\c:\rrxlxfx.exec:\rrxlxfx.exe63⤵
- Executes dropped EXE
-
\??\c:\tbhbtn.exec:\tbhbtn.exe64⤵
- Executes dropped EXE
-
\??\c:\bbntbb.exec:\bbntbb.exe65⤵
- Executes dropped EXE
-
\??\c:\ppjvp.exec:\ppjvp.exe66⤵
-
\??\c:\xxflflx.exec:\xxflflx.exe67⤵
-
\??\c:\llflxlf.exec:\llflxlf.exe68⤵
-
\??\c:\tnhhth.exec:\tnhhth.exe69⤵
-
\??\c:\tnnnbn.exec:\tnnnbn.exe70⤵
-
\??\c:\djdvp.exec:\djdvp.exe71⤵
-
\??\c:\ffxxrfr.exec:\ffxxrfr.exe72⤵
-
\??\c:\xxxlxxf.exec:\xxxlxxf.exe73⤵
-
\??\c:\7bnbhn.exec:\7bnbhn.exe74⤵
-
\??\c:\btbbnb.exec:\btbbnb.exe75⤵
-
\??\c:\3pdvd.exec:\3pdvd.exe76⤵
-
\??\c:\3frrxxf.exec:\3frrxxf.exe77⤵
-
\??\c:\1llxlrl.exec:\1llxlrl.exe78⤵
-
\??\c:\bthtnb.exec:\bthtnb.exe79⤵
-
\??\c:\bttntb.exec:\bttntb.exe80⤵
-
\??\c:\vvdpp.exec:\vvdpp.exe81⤵
-
\??\c:\xrffrrx.exec:\xrffrrx.exe82⤵
-
\??\c:\1frfllr.exec:\1frfllr.exe83⤵
-
\??\c:\1tbnbn.exec:\1tbnbn.exe84⤵
-
\??\c:\tnnbtb.exec:\tnnbtb.exe85⤵
-
\??\c:\ttnbhn.exec:\ttnbhn.exe86⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe87⤵
-
\??\c:\dppjp.exec:\dppjp.exe88⤵
-
\??\c:\xxfrfxf.exec:\xxfrfxf.exe89⤵
-
\??\c:\fxxlrfr.exec:\fxxlrfr.exe90⤵
-
\??\c:\nhbnth.exec:\nhbnth.exe91⤵
-
\??\c:\tnbhtb.exec:\tnbhtb.exe92⤵
-
\??\c:\ddpvv.exec:\ddpvv.exe93⤵
-
\??\c:\1djvj.exec:\1djvj.exe94⤵
-
\??\c:\ffrxffx.exec:\ffrxffx.exe95⤵
-
\??\c:\fxrlfrl.exec:\fxrlfrl.exe96⤵
-
\??\c:\hbthth.exec:\hbthth.exe97⤵
-
\??\c:\vdvjd.exec:\vdvjd.exe98⤵
-
\??\c:\pppjp.exec:\pppjp.exe99⤵
-
\??\c:\rrfrfrf.exec:\rrfrfrf.exe100⤵
-
\??\c:\1xxlxlx.exec:\1xxlxlx.exe101⤵
-
\??\c:\lfrxrxl.exec:\lfrxrxl.exe102⤵
-
\??\c:\3hbnhh.exec:\3hbnhh.exe103⤵
-
\??\c:\nnbnnt.exec:\nnbnnt.exe104⤵
-
\??\c:\ddddj.exec:\ddddj.exe105⤵
-
\??\c:\jppdj.exec:\jppdj.exe106⤵
-
\??\c:\fxlfrfr.exec:\fxlfrfr.exe107⤵
-
\??\c:\frflllr.exec:\frflllr.exe108⤵
-
\??\c:\nbthhh.exec:\nbthhh.exe109⤵
-
\??\c:\nnhntb.exec:\nnhntb.exe110⤵
-
\??\c:\ddjpj.exec:\ddjpj.exe111⤵
-
\??\c:\ddvvj.exec:\ddvvj.exe112⤵
-
\??\c:\llrxffr.exec:\llrxffr.exe113⤵
-
\??\c:\ffrxfxf.exec:\ffrxfxf.exe114⤵
-
\??\c:\xxrxrfx.exec:\xxrxrfx.exe115⤵
-
\??\c:\tnttbb.exec:\tnttbb.exe116⤵
-
\??\c:\1nhtht.exec:\1nhtht.exe117⤵
-
\??\c:\nnnbnt.exec:\nnnbnt.exe118⤵
-
\??\c:\9pvdj.exec:\9pvdj.exe119⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe120⤵
-
\??\c:\xfflrxl.exec:\xfflrxl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-