Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
20-05-2024 04:15
General
-
Target
ece5522eea437a25131c6ea5a32d93ea8f781774de84450c58e8feb825558664.exe
-
Size
67KB
-
MD5
8a647756830292e7a51fa467f421b4d7
-
SHA1
f560ee34358c63c452bfe269f51ddf72fc90ecc9
-
SHA256
ece5522eea437a25131c6ea5a32d93ea8f781774de84450c58e8feb825558664
-
SHA512
dee252298b915398b9cd54aa18e20bebe43744e574c23cea45dc1926e2ef4585bbd0b03bcc647c3a9366a375db75fbda7d4031a808992a0484b391a880a4760a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzk358nLrU:ymb3NkkiQ3mdBjFIvl358nLrU
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
UPX dump on OEP (original entry point) 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ece5522eea437a25131c6ea5a32d93ea8f781774de84450c58e8feb825558664.exe"C:\Users\Admin\AppData\Local\Temp\ece5522eea437a25131c6ea5a32d93ea8f781774de84450c58e8feb825558664.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfrfxl.exec:\fxfrfxl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5thntt.exec:\5thntt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjj.exec:\vjpjj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxllfxx.exec:\fxllfxx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlrfxf.exec:\lxlrfxf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tbhhb.exec:\7tbhhb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jddj.exec:\9jddj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjvd.exec:\vpjvd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrfrx.exec:\xrxrfrx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxfrrx.exec:\rrxfrrx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bttbh.exec:\7bttbh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdppp.exec:\pdppp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjdj.exec:\jvjdj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fflxfr.exec:\1fflxfr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxxxr.exec:\rlxxxxr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnnhh.exec:\nhnnhh.exe17⤵
- Executes dropped EXE
-
\??\c:\hbhbbb.exec:\hbhbbb.exe18⤵
- Executes dropped EXE
-
\??\c:\nhhtbh.exec:\nhhtbh.exe19⤵
- Executes dropped EXE
-
\??\c:\jjjdd.exec:\jjjdd.exe20⤵
- Executes dropped EXE
-
\??\c:\vjdpv.exec:\vjdpv.exe21⤵
- Executes dropped EXE
-
\??\c:\5ppjp.exec:\5ppjp.exe22⤵
- Executes dropped EXE
-
\??\c:\rlrrrlx.exec:\rlrrrlx.exe23⤵
- Executes dropped EXE
-
\??\c:\xrllxrr.exec:\xrllxrr.exe24⤵
- Executes dropped EXE
-
\??\c:\htnthh.exec:\htnthh.exe25⤵
- Executes dropped EXE
-
\??\c:\btbbhh.exec:\btbbhh.exe26⤵
- Executes dropped EXE
-
\??\c:\1httnb.exec:\1httnb.exe27⤵
- Executes dropped EXE
-
\??\c:\dpdpv.exec:\dpdpv.exe28⤵
- Executes dropped EXE
-
\??\c:\xlxxfff.exec:\xlxxfff.exe29⤵
- Executes dropped EXE
-
\??\c:\xrxxfxf.exec:\xrxxfxf.exe30⤵
- Executes dropped EXE
-
\??\c:\1llxlrr.exec:\1llxlrr.exe31⤵
- Executes dropped EXE
-
\??\c:\tnbnhh.exec:\tnbnhh.exe32⤵
- Executes dropped EXE
-
\??\c:\1hnhhn.exec:\1hnhhn.exe33⤵
- Executes dropped EXE
-
\??\c:\jdvjp.exec:\jdvjp.exe34⤵
- Executes dropped EXE
-
\??\c:\pddvp.exec:\pddvp.exe35⤵
- Executes dropped EXE
-
\??\c:\rlllrrx.exec:\rlllrrx.exe36⤵
- Executes dropped EXE
-
\??\c:\xfrfffl.exec:\xfrfffl.exe37⤵
- Executes dropped EXE
-
\??\c:\bthhnh.exec:\bthhnh.exe38⤵
- Executes dropped EXE
-
\??\c:\hbnntt.exec:\hbnntt.exe39⤵
- Executes dropped EXE
-
\??\c:\thntbb.exec:\thntbb.exe40⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe41⤵
- Executes dropped EXE
-
\??\c:\dvdjp.exec:\dvdjp.exe42⤵
- Executes dropped EXE
-
\??\c:\vjpjv.exec:\vjpjv.exe43⤵
- Executes dropped EXE
-
\??\c:\lfrrxxf.exec:\lfrrxxf.exe44⤵
- Executes dropped EXE
-
\??\c:\3rrrxrx.exec:\3rrrxrx.exe45⤵
- Executes dropped EXE
-
\??\c:\3ttbhb.exec:\3ttbhb.exe46⤵
- Executes dropped EXE
-
\??\c:\9hbhtt.exec:\9hbhtt.exe47⤵
- Executes dropped EXE
-
\??\c:\hbhhtt.exec:\hbhhtt.exe48⤵
- Executes dropped EXE
-
\??\c:\7pvdv.exec:\7pvdv.exe49⤵
- Executes dropped EXE
-
\??\c:\1jdpj.exec:\1jdpj.exe50⤵
- Executes dropped EXE
-
\??\c:\rrfrllr.exec:\rrfrllr.exe51⤵
- Executes dropped EXE
-
\??\c:\1rfxxrx.exec:\1rfxxrx.exe52⤵
- Executes dropped EXE
-
\??\c:\9xflrlr.exec:\9xflrlr.exe53⤵
- Executes dropped EXE
-
\??\c:\5nbhnt.exec:\5nbhnt.exe54⤵
- Executes dropped EXE
-
\??\c:\hbnnhh.exec:\hbnnhh.exe55⤵
- Executes dropped EXE
-
\??\c:\dpdvv.exec:\dpdvv.exe56⤵
- Executes dropped EXE
-
\??\c:\pdjdd.exec:\pdjdd.exe57⤵
- Executes dropped EXE
-
\??\c:\1fflflx.exec:\1fflflx.exe58⤵
- Executes dropped EXE
-
\??\c:\1flxxxx.exec:\1flxxxx.exe59⤵
- Executes dropped EXE
-
\??\c:\pvpvp.exec:\pvpvp.exe60⤵
- Executes dropped EXE
-
\??\c:\vpjpp.exec:\vpjpp.exe61⤵
- Executes dropped EXE
-
\??\c:\fxxrrfr.exec:\fxxrrfr.exe62⤵
- Executes dropped EXE
-
\??\c:\fxlrxxx.exec:\fxlrxxx.exe63⤵
- Executes dropped EXE
-
\??\c:\hnbthh.exec:\hnbthh.exe64⤵
- Executes dropped EXE
-
\??\c:\bnbhtt.exec:\bnbhtt.exe65⤵
- Executes dropped EXE
-
\??\c:\bnbnht.exec:\bnbnht.exe66⤵
-
\??\c:\ddvjj.exec:\ddvjj.exe67⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe68⤵
-
\??\c:\ddpvp.exec:\ddpvp.exe69⤵
-
\??\c:\xllxrfx.exec:\xllxrfx.exe70⤵
-
\??\c:\lflxrfx.exec:\lflxrfx.exe71⤵
-
\??\c:\9frflff.exec:\9frflff.exe72⤵
-
\??\c:\hnnnnn.exec:\hnnnnn.exe73⤵
-
\??\c:\3nbbbt.exec:\3nbbbt.exe74⤵
-
\??\c:\vppdv.exec:\vppdv.exe75⤵
-
\??\c:\5vjvv.exec:\5vjvv.exe76⤵
-
\??\c:\5pjvj.exec:\5pjvj.exe77⤵
-
\??\c:\rfxxxxx.exec:\rfxxxxx.exe78⤵
-
\??\c:\fllxrxr.exec:\fllxrxr.exe79⤵
-
\??\c:\5nnbbb.exec:\5nnbbb.exe80⤵
-
\??\c:\thhhtt.exec:\thhhtt.exe81⤵
-
\??\c:\jjdpp.exec:\jjdpp.exe82⤵
-
\??\c:\vppvp.exec:\vppvp.exe83⤵
-
\??\c:\9ddjv.exec:\9ddjv.exe84⤵
-
\??\c:\rlxrxxf.exec:\rlxrxxf.exe85⤵
-
\??\c:\xlrlrrx.exec:\xlrlrrx.exe86⤵
-
\??\c:\tbnnbh.exec:\tbnnbh.exe87⤵
-
\??\c:\tnhtnb.exec:\tnhtnb.exe88⤵
-
\??\c:\1hhhnn.exec:\1hhhnn.exe89⤵
-
\??\c:\vvvdv.exec:\vvvdv.exe90⤵
-
\??\c:\vjppd.exec:\vjppd.exe91⤵
-
\??\c:\fxlfffl.exec:\fxlfffl.exe92⤵
-
\??\c:\lfxlfff.exec:\lfxlfff.exe93⤵
-
\??\c:\rrlxrfx.exec:\rrlxrfx.exe94⤵
-
\??\c:\rfxfflr.exec:\rfxfflr.exe95⤵
-
\??\c:\thnttb.exec:\thnttb.exe96⤵
-
\??\c:\hbhthn.exec:\hbhthn.exe97⤵
-
\??\c:\thtnbb.exec:\thtnbb.exe98⤵
-
\??\c:\dddpp.exec:\dddpp.exe99⤵
-
\??\c:\pjdjd.exec:\pjdjd.exe100⤵
-
\??\c:\lrxfrll.exec:\lrxfrll.exe101⤵
-
\??\c:\xrfrxrx.exec:\xrfrxrx.exe102⤵
-
\??\c:\xrlxxff.exec:\xrlxxff.exe103⤵
-
\??\c:\nnhbbt.exec:\nnhbbt.exe104⤵
-
\??\c:\bnhbbt.exec:\bnhbbt.exe105⤵
-
\??\c:\btbhnb.exec:\btbhnb.exe106⤵
-
\??\c:\nbhnbb.exec:\nbhnbb.exe107⤵
-
\??\c:\pppjv.exec:\pppjv.exe108⤵
-
\??\c:\jvppd.exec:\jvppd.exe109⤵
-
\??\c:\xlrxxll.exec:\xlrxxll.exe110⤵
-
\??\c:\rlxflff.exec:\rlxflff.exe111⤵
-
\??\c:\7xlrrrx.exec:\7xlrrrx.exe112⤵
-
\??\c:\tnhbbh.exec:\tnhbbh.exe113⤵
-
\??\c:\5thntt.exec:\5thntt.exe114⤵
-
\??\c:\5btttb.exec:\5btttb.exe115⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe116⤵
-
\??\c:\9vjjj.exec:\9vjjj.exe117⤵
-
\??\c:\7vjdj.exec:\7vjdj.exe118⤵
-
\??\c:\lfxflrf.exec:\lfxflrf.exe119⤵
-
\??\c:\rlffrlr.exec:\rlffrlr.exe120⤵
-
\??\c:\5rflxfr.exec:\5rflxfr.exe121⤵
-
\??\c:\9rllffx.exec:\9rllffx.exe122⤵
-
\??\c:\bnhhth.exec:\bnhhth.exe123⤵
-
\??\c:\3thhnb.exec:\3thhnb.exe124⤵
-
\??\c:\tnhbht.exec:\tnhbht.exe125⤵
-
\??\c:\dddvv.exec:\dddvv.exe126⤵
-
\??\c:\dvpdj.exec:\dvpdj.exe127⤵
-
\??\c:\jvdpp.exec:\jvdpp.exe128⤵
-
\??\c:\rrrxxxl.exec:\rrrxxxl.exe129⤵
-
\??\c:\1rxlllx.exec:\1rxlllx.exe130⤵
-
\??\c:\xlrrxff.exec:\xlrrxff.exe131⤵
-
\??\c:\hthhnn.exec:\hthhnn.exe132⤵
-
\??\c:\tthhnb.exec:\tthhnb.exe133⤵
-
\??\c:\htttbb.exec:\htttbb.exe134⤵
-
\??\c:\jjpvp.exec:\jjpvp.exe135⤵
-
\??\c:\dpdpp.exec:\dpdpp.exe136⤵
-
\??\c:\jddjp.exec:\jddjp.exe137⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe138⤵
-
\??\c:\frxxrxx.exec:\frxxrxx.exe139⤵
-
\??\c:\3lrxrxx.exec:\3lrxrxx.exe140⤵
-
\??\c:\bttnht.exec:\bttnht.exe141⤵
-
\??\c:\tnhhhh.exec:\tnhhhh.exe142⤵
-
\??\c:\hbnnbh.exec:\hbnnbh.exe143⤵
-
\??\c:\vppvd.exec:\vppvd.exe144⤵
-
\??\c:\djjdp.exec:\djjdp.exe145⤵
-
\??\c:\pvpdj.exec:\pvpdj.exe146⤵
-
\??\c:\pvdvj.exec:\pvdvj.exe147⤵
-
\??\c:\flflrrr.exec:\flflrrr.exe148⤵
-
\??\c:\xrfrxll.exec:\xrfrxll.exe149⤵
-
\??\c:\xlxflrx.exec:\xlxflrx.exe150⤵
-
\??\c:\hhntth.exec:\hhntth.exe151⤵
-
\??\c:\htbhnn.exec:\htbhnn.exe152⤵
-
\??\c:\7tnnhn.exec:\7tnnhn.exe153⤵
-
\??\c:\7vpjj.exec:\7vpjj.exe154⤵
-
\??\c:\pddvv.exec:\pddvv.exe155⤵
-
\??\c:\pdpvv.exec:\pdpvv.exe156⤵
-
\??\c:\9vjpj.exec:\9vjpj.exe157⤵
-
\??\c:\lrfflfl.exec:\lrfflfl.exe158⤵
-
\??\c:\xlfflll.exec:\xlfflll.exe159⤵
-
\??\c:\lxxffll.exec:\lxxffll.exe160⤵
-
\??\c:\9nnnbh.exec:\9nnnbh.exe161⤵
-
\??\c:\btbhnt.exec:\btbhnt.exe162⤵
-
\??\c:\hnnbth.exec:\hnnbth.exe163⤵
-
\??\c:\5vjjj.exec:\5vjjj.exe164⤵
-
\??\c:\dpddd.exec:\dpddd.exe165⤵
-
\??\c:\vdjvj.exec:\vdjvj.exe166⤵
-
\??\c:\5xlfrrx.exec:\5xlfrrx.exe167⤵
-
\??\c:\xxfffxf.exec:\xxfffxf.exe168⤵
-
\??\c:\fflflfr.exec:\fflflfr.exe169⤵
-
\??\c:\nnhnbh.exec:\nnhnbh.exe170⤵
-
\??\c:\htttbb.exec:\htttbb.exe171⤵
-
\??\c:\nnbhhh.exec:\nnbhhh.exe172⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe173⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe174⤵
-
\??\c:\3llxlrx.exec:\3llxlrx.exe175⤵
-
\??\c:\lfllflx.exec:\lfllflx.exe176⤵
-
\??\c:\rrrxfff.exec:\rrrxfff.exe177⤵
-
\??\c:\htbnbt.exec:\htbnbt.exe178⤵
-
\??\c:\hnnbnb.exec:\hnnbnb.exe179⤵
-
\??\c:\nbhhnn.exec:\nbhhnn.exe180⤵
-
\??\c:\jvpjp.exec:\jvpjp.exe181⤵
-
\??\c:\vjvdv.exec:\vjvdv.exe182⤵
-
\??\c:\pddpv.exec:\pddpv.exe183⤵
-
\??\c:\9xffrxx.exec:\9xffrxx.exe184⤵
-
\??\c:\rfllrxl.exec:\rfllrxl.exe185⤵
-
\??\c:\xrlfxxl.exec:\xrlfxxl.exe186⤵
-
\??\c:\nhhtbh.exec:\nhhtbh.exe187⤵
-
\??\c:\bnbbnn.exec:\bnbbnn.exe188⤵
-
\??\c:\5bhbbb.exec:\5bhbbb.exe189⤵
-
\??\c:\dpddj.exec:\dpddj.exe190⤵
-
\??\c:\5pvpp.exec:\5pvpp.exe191⤵
-
\??\c:\vdppp.exec:\vdppp.exe192⤵
-
\??\c:\1djjj.exec:\1djjj.exe193⤵
-
\??\c:\1lffrrf.exec:\1lffrrf.exe194⤵
-
\??\c:\xfrxlff.exec:\xfrxlff.exe195⤵
-
\??\c:\llrrffl.exec:\llrrffl.exe196⤵
-
\??\c:\btnbnt.exec:\btnbnt.exe197⤵
-
\??\c:\httbnh.exec:\httbnh.exe198⤵
-
\??\c:\jjjvd.exec:\jjjvd.exe199⤵
-
\??\c:\jjdpj.exec:\jjdpj.exe200⤵
-
\??\c:\ddpjv.exec:\ddpjv.exe201⤵
-
\??\c:\fxrrlfr.exec:\fxrrlfr.exe202⤵
-
\??\c:\fxfxfrf.exec:\fxfxfrf.exe203⤵
-
\??\c:\frrrlfr.exec:\frrrlfr.exe204⤵
-
\??\c:\9tntbh.exec:\9tntbh.exe205⤵
-
\??\c:\tthtnn.exec:\tthtnn.exe206⤵
-
\??\c:\tttbnb.exec:\tttbnb.exe207⤵
-
\??\c:\ppjvd.exec:\ppjvd.exe208⤵
-
\??\c:\pvvdd.exec:\pvvdd.exe209⤵
-
\??\c:\vjpjv.exec:\vjpjv.exe210⤵
-
\??\c:\5rxlllx.exec:\5rxlllx.exe211⤵
-
\??\c:\5fflxlx.exec:\5fflxlx.exe212⤵
-
\??\c:\rflxxxf.exec:\rflxxxf.exe213⤵
-
\??\c:\fffxlfl.exec:\fffxlfl.exe214⤵
-
\??\c:\ttbtht.exec:\ttbtht.exe215⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe216⤵
-
\??\c:\jdvjp.exec:\jdvjp.exe217⤵
-
\??\c:\vdpdj.exec:\vdpdj.exe218⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe219⤵
-
\??\c:\jjvvd.exec:\jjvvd.exe220⤵
-
\??\c:\rrrxllx.exec:\rrrxllx.exe221⤵
-
\??\c:\xlrrffr.exec:\xlrrffr.exe222⤵
-
\??\c:\rlxlxlx.exec:\rlxlxlx.exe223⤵
-
\??\c:\nnhntt.exec:\nnhntt.exe224⤵
-
\??\c:\btbbtt.exec:\btbbtt.exe225⤵
-
\??\c:\1bnbht.exec:\1bnbht.exe226⤵
-
\??\c:\1dpdd.exec:\1dpdd.exe227⤵
-
\??\c:\jpvpp.exec:\jpvpp.exe228⤵
-
\??\c:\pvjdj.exec:\pvjdj.exe229⤵
-
\??\c:\lrfxlfr.exec:\lrfxlfr.exe230⤵
-
\??\c:\3flrflr.exec:\3flrflr.exe231⤵
-
\??\c:\xrfrxfl.exec:\xrfrxfl.exe232⤵
-
\??\c:\bbbttb.exec:\bbbttb.exe233⤵
-
\??\c:\btthhn.exec:\btthhn.exe234⤵
-
\??\c:\3vppj.exec:\3vppj.exe235⤵
-
\??\c:\3pppj.exec:\3pppj.exe236⤵
-
\??\c:\3vpvj.exec:\3vpvj.exe237⤵
-
\??\c:\rlfllrx.exec:\rlfllrx.exe238⤵
-
\??\c:\rlxfrrx.exec:\rlxfrrx.exe239⤵
-
\??\c:\lxlxxfl.exec:\lxlxxfl.exe240⤵
-
\??\c:\bbtthb.exec:\bbtthb.exe241⤵