Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
20-05-2024 04:08
General
-
Target
a8a98c20f1e25f16f2be197063fd689de49ea950efccfa24a51b7c9065571135.exe
-
Size
128KB
-
MD5
d85f88f4b1bb117749b203a50f5661a0
-
SHA1
be9aec9d7eb327a4c94f25ca55e2c57b9bc9e0cc
-
SHA256
a8a98c20f1e25f16f2be197063fd689de49ea950efccfa24a51b7c9065571135
-
SHA512
86b70645ac614be816fceb5b9a95b4ba453082c6cf88b309587bfb4702421bda5c8d8940d36267d185007c125baa37e7262805c4d5c9ca65dff98cbb9c39181b
-
SSDEEP
3072:ymb3NkkiQ3mdBjFWXkj7afoHvmQ+EZMYX/x6gtn:n3C9BRW0j/uVEZFJvZ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a8a98c20f1e25f16f2be197063fd689de49ea950efccfa24a51b7c9065571135.exe"C:\Users\Admin\AppData\Local\Temp\a8a98c20f1e25f16f2be197063fd689de49ea950efccfa24a51b7c9065571135.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jvddv.exec:\jvddv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xxrlll.exec:\9xxrlll.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tbttt.exec:\9tbttt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlffff.exec:\fxlffff.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttntn.exec:\nttntn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdvv.exec:\ppdvv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllffrr.exec:\fllffrr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthnhb.exec:\bthnhb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvvv.exec:\jvvvv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjj.exec:\pjdjj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnttn.exec:\thnttn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjjv.exec:\jvjjv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjd.exec:\vjpjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnbtt.exec:\hbnbtt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhhbh.exec:\bbhhbh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjpp.exec:\jjjpp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfllf.exec:\rllfllf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnttnt.exec:\bnttnt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbtn.exec:\nhhbtn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvp.exec:\jvdvp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhnbt.exec:\hhhnbt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vjdv.exec:\3vjdv.exe23⤵
- Executes dropped EXE
-
\??\c:\jdpjd.exec:\jdpjd.exe24⤵
- Executes dropped EXE
-
\??\c:\hbhhnn.exec:\hbhhnn.exe25⤵
- Executes dropped EXE
-
\??\c:\nbbbbb.exec:\nbbbbb.exe26⤵
- Executes dropped EXE
-
\??\c:\vppvp.exec:\vppvp.exe27⤵
- Executes dropped EXE
-
\??\c:\lxfxrrl.exec:\lxfxrrl.exe28⤵
- Executes dropped EXE
-
\??\c:\xrxrxxx.exec:\xrxrxxx.exe29⤵
- Executes dropped EXE
-
\??\c:\nbnbth.exec:\nbnbth.exe30⤵
- Executes dropped EXE
-
\??\c:\ddpjd.exec:\ddpjd.exe31⤵
- Executes dropped EXE
-
\??\c:\nbnhhh.exec:\nbnhhh.exe32⤵
- Executes dropped EXE
-
\??\c:\5dpjp.exec:\5dpjp.exe33⤵
- Executes dropped EXE
-
\??\c:\vpvvd.exec:\vpvvd.exe34⤵
- Executes dropped EXE
-
\??\c:\1btttt.exec:\1btttt.exe35⤵
- Executes dropped EXE
-
\??\c:\9jjdd.exec:\9jjdd.exe36⤵
- Executes dropped EXE
-
\??\c:\pjvvv.exec:\pjvvv.exe37⤵
- Executes dropped EXE
-
\??\c:\flrlfxr.exec:\flrlfxr.exe38⤵
- Executes dropped EXE
-
\??\c:\5tttnn.exec:\5tttnn.exe39⤵
- Executes dropped EXE
-
\??\c:\pvdjd.exec:\pvdjd.exe40⤵
- Executes dropped EXE
-
\??\c:\rlfrlxl.exec:\rlfrlxl.exe41⤵
- Executes dropped EXE
-
\??\c:\lfffxff.exec:\lfffxff.exe42⤵
- Executes dropped EXE
-
\??\c:\7thbhh.exec:\7thbhh.exe43⤵
- Executes dropped EXE
-
\??\c:\hbbttn.exec:\hbbttn.exe44⤵
- Executes dropped EXE
-
\??\c:\vpjjp.exec:\vpjjp.exe45⤵
- Executes dropped EXE
-
\??\c:\3llxrxr.exec:\3llxrxr.exe46⤵
- Executes dropped EXE
-
\??\c:\hbbbbb.exec:\hbbbbb.exe47⤵
- Executes dropped EXE
-
\??\c:\nnhtnn.exec:\nnhtnn.exe48⤵
- Executes dropped EXE
-
\??\c:\jjjjj.exec:\jjjjj.exe49⤵
- Executes dropped EXE
-
\??\c:\vpvpp.exec:\vpvpp.exe50⤵
- Executes dropped EXE
-
\??\c:\rlfxxrl.exec:\rlfxxrl.exe51⤵
- Executes dropped EXE
-
\??\c:\5bhhhh.exec:\5bhhhh.exe52⤵
- Executes dropped EXE
-
\??\c:\nbbttt.exec:\nbbttt.exe53⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe54⤵
- Executes dropped EXE
-
\??\c:\djvvd.exec:\djvvd.exe55⤵
- Executes dropped EXE
-
\??\c:\xrrlfrr.exec:\xrrlfrr.exe56⤵
- Executes dropped EXE
-
\??\c:\5llfxfx.exec:\5llfxfx.exe57⤵
- Executes dropped EXE
-
\??\c:\1bnhtt.exec:\1bnhtt.exe58⤵
- Executes dropped EXE
-
\??\c:\jjjjv.exec:\jjjjv.exe59⤵
- Executes dropped EXE
-
\??\c:\3djdd.exec:\3djdd.exe60⤵
- Executes dropped EXE
-
\??\c:\lffxrrl.exec:\lffxrrl.exe61⤵
- Executes dropped EXE
-
\??\c:\xlrlffx.exec:\xlrlffx.exe62⤵
- Executes dropped EXE
-
\??\c:\bhhbnb.exec:\bhhbnb.exe63⤵
- Executes dropped EXE
-
\??\c:\htnhnb.exec:\htnhnb.exe64⤵
- Executes dropped EXE
-
\??\c:\9pvpj.exec:\9pvpj.exe65⤵
- Executes dropped EXE
-
\??\c:\xrxxlrl.exec:\xrxxlrl.exe66⤵
-
\??\c:\rrxxffr.exec:\rrxxffr.exe67⤵
-
\??\c:\nthbtt.exec:\nthbtt.exe68⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe69⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe70⤵
-
\??\c:\llrrrrr.exec:\llrrrrr.exe71⤵
-
\??\c:\9llrlrl.exec:\9llrlrl.exe72⤵
-
\??\c:\btnhhh.exec:\btnhhh.exe73⤵
-
\??\c:\tnhbbb.exec:\tnhbbb.exe74⤵
-
\??\c:\vppjj.exec:\vppjj.exe75⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe76⤵
-
\??\c:\rrlrrxr.exec:\rrlrrxr.exe77⤵
-
\??\c:\lrxrlll.exec:\lrxrlll.exe78⤵
-
\??\c:\httttt.exec:\httttt.exe79⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe80⤵
-
\??\c:\xxrxlrf.exec:\xxrxlrf.exe81⤵
-
\??\c:\xllfxxr.exec:\xllfxxr.exe82⤵
-
\??\c:\tthnht.exec:\tthnht.exe83⤵
-
\??\c:\dpdvv.exec:\dpdvv.exe84⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe85⤵
-
\??\c:\5rlxxll.exec:\5rlxxll.exe86⤵
-
\??\c:\frxrlfx.exec:\frxrlfx.exe87⤵
-
\??\c:\hhhhtt.exec:\hhhhtt.exe88⤵
-
\??\c:\3nttth.exec:\3nttth.exe89⤵
-
\??\c:\jpjpv.exec:\jpjpv.exe90⤵
-
\??\c:\fxllfll.exec:\fxllfll.exe91⤵
-
\??\c:\fxfllrr.exec:\fxfllrr.exe92⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe93⤵
-
\??\c:\tntnnt.exec:\tntnnt.exe94⤵
-
\??\c:\vvvjd.exec:\vvvjd.exe95⤵
-
\??\c:\rlxrllx.exec:\rlxrllx.exe96⤵
-
\??\c:\lxlfxxx.exec:\lxlfxxx.exe97⤵
-
\??\c:\nnnhnn.exec:\nnnhnn.exe98⤵
-
\??\c:\tnnnbn.exec:\tnnnbn.exe99⤵
-
\??\c:\djjjj.exec:\djjjj.exe100⤵
-
\??\c:\frlflxl.exec:\frlflxl.exe101⤵
-
\??\c:\7nntnt.exec:\7nntnt.exe102⤵
-
\??\c:\jdpvv.exec:\jdpvv.exe103⤵
-
\??\c:\ppdvp.exec:\ppdvp.exe104⤵
-
\??\c:\frxrllf.exec:\frxrllf.exe105⤵
-
\??\c:\tnbbth.exec:\tnbbth.exe106⤵
-
\??\c:\3vvpj.exec:\3vvpj.exe107⤵
-
\??\c:\rrrllrf.exec:\rrrllrf.exe108⤵
-
\??\c:\rlrrlxf.exec:\rlrrlxf.exe109⤵
-
\??\c:\7hhhhn.exec:\7hhhhn.exe110⤵
-
\??\c:\rffxrlf.exec:\rffxrlf.exe111⤵
-
\??\c:\xffxrlr.exec:\xffxrlr.exe112⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe113⤵
-
\??\c:\fffrxrr.exec:\fffrxrr.exe114⤵
-
\??\c:\lxfxrll.exec:\lxfxrll.exe115⤵
-
\??\c:\bthbbb.exec:\bthbbb.exe116⤵
-
\??\c:\vddpj.exec:\vddpj.exe117⤵
-
\??\c:\1btttt.exec:\1btttt.exe118⤵
-
\??\c:\7tbbbb.exec:\7tbbbb.exe119⤵
-
\??\c:\ddppj.exec:\ddppj.exe120⤵
-
\??\c:\lflfxxr.exec:\lflfxxr.exe121⤵
-
\??\c:\nhbttt.exec:\nhbttt.exe122⤵
-
\??\c:\9ntnht.exec:\9ntnht.exe123⤵
-
\??\c:\vjvjp.exec:\vjvjp.exe124⤵
-
\??\c:\jjdvj.exec:\jjdvj.exe125⤵
-
\??\c:\xrfxxlf.exec:\xrfxxlf.exe126⤵
-
\??\c:\bbntth.exec:\bbntth.exe127⤵
-
\??\c:\9vvpp.exec:\9vvpp.exe128⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe129⤵
-
\??\c:\rlfxxrl.exec:\rlfxxrl.exe130⤵
-
\??\c:\3hhttt.exec:\3hhttt.exe131⤵
-
\??\c:\9tnhbn.exec:\9tnhbn.exe132⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe133⤵
-
\??\c:\fxrrllf.exec:\fxrrllf.exe134⤵
-
\??\c:\xfxlxrl.exec:\xfxlxrl.exe135⤵
-
\??\c:\hhthtt.exec:\hhthtt.exe136⤵
-
\??\c:\tnhbtn.exec:\tnhbtn.exe137⤵
-
\??\c:\nbhbnn.exec:\nbhbnn.exe138⤵
-
\??\c:\vpjjd.exec:\vpjjd.exe139⤵
-
\??\c:\lfrlxlr.exec:\lfrlxlr.exe140⤵
-
\??\c:\9tttnn.exec:\9tttnn.exe141⤵
-
\??\c:\5httbb.exec:\5httbb.exe142⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe143⤵
-
\??\c:\tnnnnt.exec:\tnnnnt.exe144⤵
-
\??\c:\xxlfllr.exec:\xxlfllr.exe145⤵
-
\??\c:\thttbt.exec:\thttbt.exe146⤵
-
\??\c:\tnnhbt.exec:\tnnhbt.exe147⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe148⤵
-
\??\c:\bbnntb.exec:\bbnntb.exe149⤵
-
\??\c:\pjvpd.exec:\pjvpd.exe150⤵
-
\??\c:\rrxrrll.exec:\rrxrrll.exe151⤵
-
\??\c:\9btthh.exec:\9btthh.exe152⤵
-
\??\c:\7hnntt.exec:\7hnntt.exe153⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe154⤵
-
\??\c:\rrfrlxr.exec:\rrfrlxr.exe155⤵
-
\??\c:\lxfxxxx.exec:\lxfxxxx.exe156⤵
-
\??\c:\ntbbtn.exec:\ntbbtn.exe157⤵
-
\??\c:\bnbtnn.exec:\bnbtnn.exe158⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe159⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe160⤵
-
\??\c:\llrlflf.exec:\llrlflf.exe161⤵
-
\??\c:\fffrrrr.exec:\fffrrrr.exe162⤵
-
\??\c:\tnbtnn.exec:\tnbtnn.exe163⤵
-
\??\c:\1bnhtt.exec:\1bnhtt.exe164⤵
-
\??\c:\nntnhh.exec:\nntnhh.exe165⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe166⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe167⤵
-
\??\c:\ffllfxx.exec:\ffllfxx.exe168⤵
-
\??\c:\llrllfx.exec:\llrllfx.exe169⤵
-
\??\c:\tnnhhh.exec:\tnnhhh.exe170⤵
-
\??\c:\jddvp.exec:\jddvp.exe171⤵
-
\??\c:\dpjjp.exec:\dpjjp.exe172⤵
-
\??\c:\9lrllll.exec:\9lrllll.exe173⤵
-
\??\c:\lllffxx.exec:\lllffxx.exe174⤵
-
\??\c:\bbhhtb.exec:\bbhhtb.exe175⤵
-
\??\c:\tbbbnt.exec:\tbbbnt.exe176⤵
-
\??\c:\pjjvv.exec:\pjjvv.exe177⤵
-
\??\c:\vppjj.exec:\vppjj.exe178⤵
-
\??\c:\ffrlrrl.exec:\ffrlrrl.exe179⤵
-
\??\c:\xrrlflx.exec:\xrrlflx.exe180⤵
-
\??\c:\tnhhbb.exec:\tnhhbb.exe181⤵
-
\??\c:\tbtnbt.exec:\tbtnbt.exe182⤵
-
\??\c:\7vppp.exec:\7vppp.exe183⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe184⤵
-
\??\c:\lxlfffx.exec:\lxlfffx.exe185⤵
-
\??\c:\lllxxxf.exec:\lllxxxf.exe186⤵
-
\??\c:\9fffxxx.exec:\9fffxxx.exe187⤵
-
\??\c:\hbhnnn.exec:\hbhnnn.exe188⤵
-
\??\c:\tnnnbn.exec:\tnnnbn.exe189⤵
-
\??\c:\1vdvj.exec:\1vdvj.exe190⤵
-
\??\c:\pjppj.exec:\pjppj.exe191⤵
-
\??\c:\rxxrllf.exec:\rxxrllf.exe192⤵
-
\??\c:\xxxllrr.exec:\xxxllrr.exe193⤵
-
\??\c:\tbbbhh.exec:\tbbbhh.exe194⤵
-
\??\c:\nbbbtt.exec:\nbbbtt.exe195⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe196⤵
-
\??\c:\3vjdd.exec:\3vjdd.exe197⤵
-
\??\c:\fffxfff.exec:\fffxfff.exe198⤵
-
\??\c:\hbbbtt.exec:\hbbbtt.exe199⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe200⤵
-
\??\c:\3lffllx.exec:\3lffllx.exe201⤵
-
\??\c:\3ffxrrl.exec:\3ffxrrl.exe202⤵
-
\??\c:\hbtnhh.exec:\hbtnhh.exe203⤵
-
\??\c:\thbhnh.exec:\thbhnh.exe204⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe205⤵
-
\??\c:\tnnnnt.exec:\tnnnnt.exe206⤵
-
\??\c:\1llfrrl.exec:\1llfrrl.exe207⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe208⤵
-
\??\c:\dvddv.exec:\dvddv.exe209⤵
-
\??\c:\7ffllxr.exec:\7ffllxr.exe210⤵
-
\??\c:\lxlllll.exec:\lxlllll.exe211⤵
-
\??\c:\tntbhn.exec:\tntbhn.exe212⤵
-
\??\c:\5ttnnn.exec:\5ttnnn.exe213⤵
-
\??\c:\1vdvv.exec:\1vdvv.exe214⤵
-
\??\c:\pvvvd.exec:\pvvvd.exe215⤵
-
\??\c:\xlxrflf.exec:\xlxrflf.exe216⤵
-
\??\c:\bnhbhh.exec:\bnhbhh.exe217⤵
-
\??\c:\9pppp.exec:\9pppp.exe218⤵
-
\??\c:\3ppjj.exec:\3ppjj.exe219⤵
-
\??\c:\frxlffx.exec:\frxlffx.exe220⤵
-
\??\c:\tbbtnn.exec:\tbbtnn.exe221⤵
-
\??\c:\ntbttn.exec:\ntbttn.exe222⤵
-
\??\c:\pvdvv.exec:\pvdvv.exe223⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe224⤵
-
\??\c:\rlxrxfl.exec:\rlxrxfl.exe225⤵
-
\??\c:\xllfxfx.exec:\xllfxfx.exe226⤵
-
\??\c:\thnhbh.exec:\thnhbh.exe227⤵
-
\??\c:\bbnhbb.exec:\bbnhbb.exe228⤵
-
\??\c:\dvvjd.exec:\dvvjd.exe229⤵
-
\??\c:\5vdvj.exec:\5vdvj.exe230⤵
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe231⤵
-
\??\c:\lrxllrl.exec:\lrxllrl.exe232⤵
-
\??\c:\3bbbbb.exec:\3bbbbb.exe233⤵
-
\??\c:\hbtnnn.exec:\hbtnnn.exe234⤵
-
\??\c:\pvjvv.exec:\pvjvv.exe235⤵
-
\??\c:\jdppd.exec:\jdppd.exe236⤵
-
\??\c:\5xrxxlf.exec:\5xrxxlf.exe237⤵
-
\??\c:\xrffflr.exec:\xrffflr.exe238⤵
-
\??\c:\9bbhhh.exec:\9bbhhh.exe239⤵
-
\??\c:\tbhhtt.exec:\tbhhtt.exe240⤵
-
\??\c:\5vjjj.exec:\5vjjj.exe241⤵