Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
20-05-2024 03:52
General
-
Target
e3c2408226b42557641f58b5b13798dd41aace3a4d9e9b64cd3554da0931fb38.exe
-
Size
63KB
-
MD5
ae610220bf3e55e861668d718ea60f7f
-
SHA1
aa3a18aaa60a5f1ed6d4505dc76fe51f74fe478b
-
SHA256
e3c2408226b42557641f58b5b13798dd41aace3a4d9e9b64cd3554da0931fb38
-
SHA512
ff92e7e2f45c98fd357fda166d5ed3ff1bb5d2174b9d547e715607c7b20239f1c7381d26e01cbe9c6ede82c64da65f4d28365d837bef13cbf4dbef7a5bcf5bc7
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFdJULh127:ymb3NkkiQ3mdBjFIFdJmA
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
UPX dump on OEP (original entry point) 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e3c2408226b42557641f58b5b13798dd41aace3a4d9e9b64cd3554da0931fb38.exe"C:\Users\Admin\AppData\Local\Temp\e3c2408226b42557641f58b5b13798dd41aace3a4d9e9b64cd3554da0931fb38.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrxxf.exec:\ffrrxxf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxfllf.exec:\lrxfllf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdj.exec:\pjvdj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvdp.exec:\ddvdp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlffxxl.exec:\rlffxxl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntbhb.exec:\bntbhb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbthh.exec:\hhbthh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjd.exec:\vppjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xffxfl.exec:\9xffxfl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fxlrxl.exec:\1fxlrxl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7btbtt.exec:\7btbtt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtbhb.exec:\hhtbhb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjv.exec:\pjdjv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdjd.exec:\vvdjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lrrrxf.exec:\5lrrrxf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lflrxx.exec:\9lflrxx.exe17⤵
- Executes dropped EXE
-
\??\c:\rrrxrlx.exec:\rrrxrlx.exe18⤵
- Executes dropped EXE
-
\??\c:\bthbbh.exec:\bthbbh.exe19⤵
- Executes dropped EXE
-
\??\c:\tnnnnn.exec:\tnnnnn.exe20⤵
- Executes dropped EXE
-
\??\c:\pvvdd.exec:\pvvdd.exe21⤵
- Executes dropped EXE
-
\??\c:\frflrfr.exec:\frflrfr.exe22⤵
- Executes dropped EXE
-
\??\c:\fxrfrfr.exec:\fxrfrfr.exe23⤵
- Executes dropped EXE
-
\??\c:\ttnhtt.exec:\ttnhtt.exe24⤵
- Executes dropped EXE
-
\??\c:\bbhttt.exec:\bbhttt.exe25⤵
- Executes dropped EXE
-
\??\c:\pdppp.exec:\pdppp.exe26⤵
- Executes dropped EXE
-
\??\c:\3vvpj.exec:\3vvpj.exe27⤵
- Executes dropped EXE
-
\??\c:\llfxxlx.exec:\llfxxlx.exe28⤵
- Executes dropped EXE
-
\??\c:\bbtbhb.exec:\bbtbhb.exe29⤵
- Executes dropped EXE
-
\??\c:\htthhb.exec:\htthhb.exe30⤵
- Executes dropped EXE
-
\??\c:\9jvpd.exec:\9jvpd.exe31⤵
- Executes dropped EXE
-
\??\c:\3jdvd.exec:\3jdvd.exe32⤵
- Executes dropped EXE
-
\??\c:\dvpdp.exec:\dvpdp.exe33⤵
- Executes dropped EXE
-
\??\c:\3flrxfr.exec:\3flrxfr.exe34⤵
- Executes dropped EXE
-
\??\c:\lrflrxr.exec:\lrflrxr.exe35⤵
- Executes dropped EXE
-
\??\c:\tnnhhb.exec:\tnnhhb.exe36⤵
- Executes dropped EXE
-
\??\c:\vdvdp.exec:\vdvdp.exe37⤵
- Executes dropped EXE
-
\??\c:\xfrlrlr.exec:\xfrlrlr.exe38⤵
- Executes dropped EXE
-
\??\c:\3vdjp.exec:\3vdjp.exe39⤵
- Executes dropped EXE
-
\??\c:\lxffxrf.exec:\lxffxrf.exe40⤵
- Executes dropped EXE
-
\??\c:\jpvdv.exec:\jpvdv.exe41⤵
- Executes dropped EXE
-
\??\c:\vpddv.exec:\vpddv.exe42⤵
- Executes dropped EXE
-
\??\c:\rlxrrrx.exec:\rlxrrrx.exe43⤵
- Executes dropped EXE
-
\??\c:\httbbb.exec:\httbbb.exe44⤵
- Executes dropped EXE
-
\??\c:\btbthh.exec:\btbthh.exe45⤵
- Executes dropped EXE
-
\??\c:\vjpjj.exec:\vjpjj.exe46⤵
- Executes dropped EXE
-
\??\c:\dddpv.exec:\dddpv.exe47⤵
- Executes dropped EXE
-
\??\c:\9rfxllx.exec:\9rfxllx.exe48⤵
- Executes dropped EXE
-
\??\c:\hbtbht.exec:\hbtbht.exe49⤵
- Executes dropped EXE
-
\??\c:\nhntbb.exec:\nhntbb.exe50⤵
- Executes dropped EXE
-
\??\c:\jjvjv.exec:\jjvjv.exe51⤵
- Executes dropped EXE
-
\??\c:\9vjpj.exec:\9vjpj.exe52⤵
- Executes dropped EXE
-
\??\c:\1rlllrf.exec:\1rlllrf.exe53⤵
- Executes dropped EXE
-
\??\c:\5rflffr.exec:\5rflffr.exe54⤵
- Executes dropped EXE
-
\??\c:\tthhbn.exec:\tthhbn.exe55⤵
- Executes dropped EXE
-
\??\c:\nnhhbt.exec:\nnhhbt.exe56⤵
- Executes dropped EXE
-
\??\c:\3pdjv.exec:\3pdjv.exe57⤵
- Executes dropped EXE
-
\??\c:\btntht.exec:\btntht.exe58⤵
- Executes dropped EXE
-
\??\c:\tnhnbn.exec:\tnhnbn.exe59⤵
- Executes dropped EXE
-
\??\c:\bhhnbh.exec:\bhhnbh.exe60⤵
- Executes dropped EXE
-
\??\c:\vvvvp.exec:\vvvvp.exe61⤵
- Executes dropped EXE
-
\??\c:\rlxrflx.exec:\rlxrflx.exe62⤵
- Executes dropped EXE
-
\??\c:\rrxlxfx.exec:\rrxlxfx.exe63⤵
- Executes dropped EXE
-
\??\c:\tbhbtn.exec:\tbhbtn.exe64⤵
- Executes dropped EXE
-
\??\c:\bbntbb.exec:\bbntbb.exe65⤵
- Executes dropped EXE
-
\??\c:\ppjvp.exec:\ppjvp.exe66⤵
-
\??\c:\xxflflx.exec:\xxflflx.exe67⤵
-
\??\c:\llflxlf.exec:\llflxlf.exe68⤵
-
\??\c:\tnhhth.exec:\tnhhth.exe69⤵
-
\??\c:\tnnnbn.exec:\tnnnbn.exe70⤵
-
\??\c:\djdvp.exec:\djdvp.exe71⤵
-
\??\c:\ffxxrfr.exec:\ffxxrfr.exe72⤵
-
\??\c:\xxxlxxf.exec:\xxxlxxf.exe73⤵
-
\??\c:\7bnbhn.exec:\7bnbhn.exe74⤵
-
\??\c:\btbbnb.exec:\btbbnb.exe75⤵
-
\??\c:\3pdvd.exec:\3pdvd.exe76⤵
-
\??\c:\3frrxxf.exec:\3frrxxf.exe77⤵
-
\??\c:\1llxlrl.exec:\1llxlrl.exe78⤵
-
\??\c:\bthtnb.exec:\bthtnb.exe79⤵
-
\??\c:\bttntb.exec:\bttntb.exe80⤵
-
\??\c:\vvdpp.exec:\vvdpp.exe81⤵
-
\??\c:\xrffrrx.exec:\xrffrrx.exe82⤵
-
\??\c:\1frfllr.exec:\1frfllr.exe83⤵
-
\??\c:\1tbnbn.exec:\1tbnbn.exe84⤵
-
\??\c:\tnnbtb.exec:\tnnbtb.exe85⤵
-
\??\c:\ttnbhn.exec:\ttnbhn.exe86⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe87⤵
-
\??\c:\dppjp.exec:\dppjp.exe88⤵
-
\??\c:\xxfrfxf.exec:\xxfrfxf.exe89⤵
-
\??\c:\fxxlrfr.exec:\fxxlrfr.exe90⤵
-
\??\c:\nhbnth.exec:\nhbnth.exe91⤵
-
\??\c:\tnbhtb.exec:\tnbhtb.exe92⤵
-
\??\c:\ddpvv.exec:\ddpvv.exe93⤵
-
\??\c:\1djvj.exec:\1djvj.exe94⤵
-
\??\c:\ffrxffx.exec:\ffrxffx.exe95⤵
-
\??\c:\fxrlfrl.exec:\fxrlfrl.exe96⤵
-
\??\c:\hbthth.exec:\hbthth.exe97⤵
-
\??\c:\vdvjd.exec:\vdvjd.exe98⤵
-
\??\c:\pppjp.exec:\pppjp.exe99⤵
-
\??\c:\rrfrfrf.exec:\rrfrfrf.exe100⤵
-
\??\c:\1xxlxlx.exec:\1xxlxlx.exe101⤵
-
\??\c:\lfrxrxl.exec:\lfrxrxl.exe102⤵
-
\??\c:\3hbnhh.exec:\3hbnhh.exe103⤵
-
\??\c:\nnbnnt.exec:\nnbnnt.exe104⤵
-
\??\c:\ddddj.exec:\ddddj.exe105⤵
-
\??\c:\jppdj.exec:\jppdj.exe106⤵
-
\??\c:\fxlfrfr.exec:\fxlfrfr.exe107⤵
-
\??\c:\frflllr.exec:\frflllr.exe108⤵
-
\??\c:\nbthhh.exec:\nbthhh.exe109⤵
-
\??\c:\nnhntb.exec:\nnhntb.exe110⤵
-
\??\c:\ddjpj.exec:\ddjpj.exe111⤵
-
\??\c:\ddvvj.exec:\ddvvj.exe112⤵
-
\??\c:\llrxffr.exec:\llrxffr.exe113⤵
-
\??\c:\ffrxfxf.exec:\ffrxfxf.exe114⤵
-
\??\c:\xxrxrfx.exec:\xxrxrfx.exe115⤵
-
\??\c:\tnttbb.exec:\tnttbb.exe116⤵
-
\??\c:\1nhtht.exec:\1nhtht.exe117⤵
-
\??\c:\nnnbnt.exec:\nnnbnt.exe118⤵
-
\??\c:\9pvdj.exec:\9pvdj.exe119⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe120⤵
-
\??\c:\xfflrxl.exec:\xfflrxl.exe121⤵
-
\??\c:\lfrxffl.exec:\lfrxffl.exe122⤵
-
\??\c:\1hbbtt.exec:\1hbbtt.exe123⤵
-
\??\c:\1nhhtb.exec:\1nhhtb.exe124⤵
-
\??\c:\9bbhbh.exec:\9bbhbh.exe125⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe126⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe127⤵
-
\??\c:\3xxfxfr.exec:\3xxfxfr.exe128⤵
-
\??\c:\xrxfxxl.exec:\xrxfxxl.exe129⤵
-
\??\c:\nhbbnt.exec:\nhbbnt.exe130⤵
-
\??\c:\hhhnnb.exec:\hhhnnb.exe131⤵
-
\??\c:\jjddd.exec:\jjddd.exe132⤵
-
\??\c:\5pjpv.exec:\5pjpv.exe133⤵
-
\??\c:\flxxfrx.exec:\flxxfrx.exe134⤵
-
\??\c:\llxllxl.exec:\llxllxl.exe135⤵
-
\??\c:\7xrxffr.exec:\7xrxffr.exe136⤵
-
\??\c:\bthnhh.exec:\bthnhh.exe137⤵
-
\??\c:\nnbhnt.exec:\nnbhnt.exe138⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe139⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe140⤵
-
\??\c:\fflrfrx.exec:\fflrfrx.exe141⤵
-
\??\c:\frlrrrf.exec:\frlrrrf.exe142⤵
-
\??\c:\9lxfrrf.exec:\9lxfrrf.exe143⤵
-
\??\c:\nhnbht.exec:\nhnbht.exe144⤵
-
\??\c:\bbnnhn.exec:\bbnnhn.exe145⤵
-
\??\c:\jpppp.exec:\jpppp.exe146⤵
-
\??\c:\jjvdv.exec:\jjvdv.exe147⤵
-
\??\c:\xfrflrx.exec:\xfrflrx.exe148⤵
-
\??\c:\ffrxrfr.exec:\ffrxrfr.exe149⤵
-
\??\c:\bbnbnt.exec:\bbnbnt.exe150⤵
-
\??\c:\nnhhht.exec:\nnhhht.exe151⤵
-
\??\c:\1dvdj.exec:\1dvdj.exe152⤵
-
\??\c:\7vppv.exec:\7vppv.exe153⤵
-
\??\c:\vpjjd.exec:\vpjjd.exe154⤵
-
\??\c:\fffflxx.exec:\fffflxx.exe155⤵
-
\??\c:\frflfrf.exec:\frflfrf.exe156⤵
-
\??\c:\bbbbhh.exec:\bbbbhh.exe157⤵
-
\??\c:\bbhbht.exec:\bbhbht.exe158⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe159⤵
-
\??\c:\3vjjd.exec:\3vjjd.exe160⤵
-
\??\c:\xrfrfrl.exec:\xrfrfrl.exe161⤵
-
\??\c:\xrlrffr.exec:\xrlrffr.exe162⤵
-
\??\c:\5frxfrf.exec:\5frxfrf.exe163⤵
-
\??\c:\nhbhtt.exec:\nhbhtt.exe164⤵
-
\??\c:\nnbhnt.exec:\nnbhnt.exe165⤵
-
\??\c:\9jvdj.exec:\9jvdj.exe166⤵
-
\??\c:\pvvdj.exec:\pvvdj.exe167⤵
-
\??\c:\rfxfffl.exec:\rfxfffl.exe168⤵
-
\??\c:\rlrlxxf.exec:\rlrlxxf.exe169⤵
-
\??\c:\hhtbnt.exec:\hhtbnt.exe170⤵
-
\??\c:\nnbnth.exec:\nnbnth.exe171⤵
-
\??\c:\3pjdj.exec:\3pjdj.exe172⤵
-
\??\c:\3vjdp.exec:\3vjdp.exe173⤵
-
\??\c:\dpjjp.exec:\dpjjp.exe174⤵
-
\??\c:\llxxrrf.exec:\llxxrrf.exe175⤵
-
\??\c:\bbthht.exec:\bbthht.exe176⤵
-
\??\c:\hbnbht.exec:\hbnbht.exe177⤵
-
\??\c:\pvpjv.exec:\pvpjv.exe178⤵
-
\??\c:\dddjv.exec:\dddjv.exe179⤵
-
\??\c:\5rflxff.exec:\5rflxff.exe180⤵
-
\??\c:\xlxffll.exec:\xlxffll.exe181⤵
-
\??\c:\nnbtht.exec:\nnbtht.exe182⤵
-
\??\c:\nhbhnn.exec:\nhbhnn.exe183⤵
-
\??\c:\jvvvv.exec:\jvvvv.exe184⤵
-
\??\c:\1jvjp.exec:\1jvjp.exe185⤵
-
\??\c:\fxllrxx.exec:\fxllrxx.exe186⤵
-
\??\c:\rfrfxxl.exec:\rfrfxxl.exe187⤵
-
\??\c:\ffxlxrf.exec:\ffxlxrf.exe188⤵
-
\??\c:\1thhtt.exec:\1thhtt.exe189⤵
-
\??\c:\7jdpd.exec:\7jdpd.exe190⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe191⤵
-
\??\c:\fxrffrr.exec:\fxrffrr.exe192⤵
-
\??\c:\9frfxrl.exec:\9frfxrl.exe193⤵
-
\??\c:\nhthhn.exec:\nhthhn.exe194⤵
-
\??\c:\1tnttn.exec:\1tnttn.exe195⤵
-
\??\c:\htntbb.exec:\htntbb.exe196⤵
-
\??\c:\9pvpd.exec:\9pvpd.exe197⤵
-
\??\c:\rfxxllx.exec:\rfxxllx.exe198⤵
-
\??\c:\7llxfrf.exec:\7llxfrf.exe199⤵
-
\??\c:\frllffx.exec:\frllffx.exe200⤵
-
\??\c:\tbhbnt.exec:\tbhbnt.exe201⤵
-
\??\c:\nbntnb.exec:\nbntnb.exe202⤵
-
\??\c:\vdvpj.exec:\vdvpj.exe203⤵
-
\??\c:\jjjvd.exec:\jjjvd.exe204⤵
-
\??\c:\rxfxlfl.exec:\rxfxlfl.exe205⤵
-
\??\c:\tttttb.exec:\tttttb.exe206⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe207⤵
-
\??\c:\7rllllr.exec:\7rllllr.exe208⤵
-
\??\c:\fffrlrx.exec:\fffrlrx.exe209⤵
-
\??\c:\tththb.exec:\tththb.exe210⤵
-
\??\c:\htnbnb.exec:\htnbnb.exe211⤵
-
\??\c:\thnhnh.exec:\thnhnh.exe212⤵
-
\??\c:\jpjvp.exec:\jpjvp.exe213⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe214⤵
-
\??\c:\xxlllrl.exec:\xxlllrl.exe215⤵
-
\??\c:\lfxlrxf.exec:\lfxlrxf.exe216⤵
-
\??\c:\nthbnh.exec:\nthbnh.exe217⤵
-
\??\c:\htbtnn.exec:\htbtnn.exe218⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe219⤵
-
\??\c:\vjpdj.exec:\vjpdj.exe220⤵
-
\??\c:\lxrxllx.exec:\lxrxllx.exe221⤵
-
\??\c:\3fxfrfx.exec:\3fxfrfx.exe222⤵
-
\??\c:\bnhnbt.exec:\bnhnbt.exe223⤵
-
\??\c:\bbhtnb.exec:\bbhtnb.exe224⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe225⤵
-
\??\c:\vvvvp.exec:\vvvvp.exe226⤵
-
\??\c:\ffllxlx.exec:\ffllxlx.exe227⤵
-
\??\c:\7xrlxxx.exec:\7xrlxxx.exe228⤵
-
\??\c:\tnbhnh.exec:\tnbhnh.exe229⤵
-
\??\c:\jdvdd.exec:\jdvdd.exe230⤵
-
\??\c:\vdjpv.exec:\vdjpv.exe231⤵
-
\??\c:\pddvv.exec:\pddvv.exe232⤵
-
\??\c:\frflrxl.exec:\frflrxl.exe233⤵
-
\??\c:\xlrxfff.exec:\xlrxfff.exe234⤵
-
\??\c:\3nnntt.exec:\3nnntt.exe235⤵
-
\??\c:\hbbnbh.exec:\hbbnbh.exe236⤵
-
\??\c:\pppdv.exec:\pppdv.exe237⤵
-
\??\c:\5pjpj.exec:\5pjpj.exe238⤵
-
\??\c:\rllrffl.exec:\rllrffl.exe239⤵
-
\??\c:\rlxlxfl.exec:\rlxlxfl.exe240⤵
-
\??\c:\3bthnt.exec:\3bthnt.exe241⤵