Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
20-05-2024 04:15
General
-
Target
ece5522eea437a25131c6ea5a32d93ea8f781774de84450c58e8feb825558664.exe
-
Size
67KB
-
MD5
8a647756830292e7a51fa467f421b4d7
-
SHA1
f560ee34358c63c452bfe269f51ddf72fc90ecc9
-
SHA256
ece5522eea437a25131c6ea5a32d93ea8f781774de84450c58e8feb825558664
-
SHA512
dee252298b915398b9cd54aa18e20bebe43744e574c23cea45dc1926e2ef4585bbd0b03bcc647c3a9366a375db75fbda7d4031a808992a0484b391a880a4760a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzk358nLrU:ymb3NkkiQ3mdBjFIvl358nLrU
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
UPX dump on OEP (original entry point) 32 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ece5522eea437a25131c6ea5a32d93ea8f781774de84450c58e8feb825558664.exe"C:\Users\Admin\AppData\Local\Temp\ece5522eea437a25131c6ea5a32d93ea8f781774de84450c58e8feb825558664.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7nhbnn.exec:\7nhbnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpvp.exec:\dvpvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xffrxlx.exec:\xffrxlx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxfxxr.exec:\lrxfxxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhtht.exec:\thhtht.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxrrlf.exec:\lrxrrlf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxrfxr.exec:\frxrfxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrlfxx.exec:\xxrlfxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bhtnt.exec:\9bhtnt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xxlfxr.exec:\3xxlfxr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbhht.exec:\nnbhht.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjvj.exec:\pvjvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xllrxl.exec:\3xllrxl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xlflll.exec:\7xlflll.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhbt.exec:\tnnhbt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdd.exec:\vpjdd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xrrrxx.exec:\5xrrrxx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrrlfx.exec:\flrrlfx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtbht.exec:\hbtbht.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjdv.exec:\dvjdv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxfxrr.exec:\fxxfxrr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxxrff.exec:\rfxxrff.exe23⤵
- Executes dropped EXE
-
\??\c:\1htnhh.exec:\1htnhh.exe24⤵
- Executes dropped EXE
-
\??\c:\jppjv.exec:\jppjv.exe25⤵
- Executes dropped EXE
-
\??\c:\vjddp.exec:\vjddp.exe26⤵
- Executes dropped EXE
-
\??\c:\lffrllf.exec:\lffrllf.exe27⤵
- Executes dropped EXE
-
\??\c:\3xfxrxx.exec:\3xfxrxx.exe28⤵
- Executes dropped EXE
-
\??\c:\tnbbhb.exec:\tnbbhb.exe29⤵
- Executes dropped EXE
-
\??\c:\ttttnn.exec:\ttttnn.exe30⤵
- Executes dropped EXE
-
\??\c:\5pvjj.exec:\5pvjj.exe31⤵
- Executes dropped EXE
-
\??\c:\7vvpj.exec:\7vvpj.exe32⤵
- Executes dropped EXE
-
\??\c:\3ffrrlf.exec:\3ffrrlf.exe33⤵
- Executes dropped EXE
-
\??\c:\bbbtnn.exec:\bbbtnn.exe34⤵
- Executes dropped EXE
-
\??\c:\tntttt.exec:\tntttt.exe35⤵
- Executes dropped EXE
-
\??\c:\5dpjv.exec:\5dpjv.exe36⤵
- Executes dropped EXE
-
\??\c:\9xfflll.exec:\9xfflll.exe37⤵
- Executes dropped EXE
-
\??\c:\5hbbtn.exec:\5hbbtn.exe38⤵
- Executes dropped EXE
-
\??\c:\tbnnbb.exec:\tbnnbb.exe39⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe40⤵
- Executes dropped EXE
-
\??\c:\lxlxlfx.exec:\lxlxlfx.exe41⤵
- Executes dropped EXE
-
\??\c:\xfxlxxr.exec:\xfxlxxr.exe42⤵
- Executes dropped EXE
-
\??\c:\hbtttt.exec:\hbtttt.exe43⤵
- Executes dropped EXE
-
\??\c:\ppvdd.exec:\ppvdd.exe44⤵
- Executes dropped EXE
-
\??\c:\ddjjj.exec:\ddjjj.exe45⤵
- Executes dropped EXE
-
\??\c:\1rflrxl.exec:\1rflrxl.exe46⤵
- Executes dropped EXE
-
\??\c:\lfxxrlf.exec:\lfxxrlf.exe47⤵
- Executes dropped EXE
-
\??\c:\nbbbbb.exec:\nbbbbb.exe48⤵
- Executes dropped EXE
-
\??\c:\tbttnn.exec:\tbttnn.exe49⤵
- Executes dropped EXE
-
\??\c:\dddvp.exec:\dddvp.exe50⤵
- Executes dropped EXE
-
\??\c:\1pvpp.exec:\1pvpp.exe51⤵
- Executes dropped EXE
-
\??\c:\frrflff.exec:\frrflff.exe52⤵
- Executes dropped EXE
-
\??\c:\ttnhhb.exec:\ttnhhb.exe53⤵
- Executes dropped EXE
-
\??\c:\bhntth.exec:\bhntth.exe54⤵
- Executes dropped EXE
-
\??\c:\jdjdv.exec:\jdjdv.exe55⤵
- Executes dropped EXE
-
\??\c:\frrrffr.exec:\frrrffr.exe56⤵
- Executes dropped EXE
-
\??\c:\ffrxlrf.exec:\ffrxlrf.exe57⤵
- Executes dropped EXE
-
\??\c:\hhnnnt.exec:\hhnnnt.exe58⤵
- Executes dropped EXE
-
\??\c:\nhhhtt.exec:\nhhhtt.exe59⤵
- Executes dropped EXE
-
\??\c:\ppvdp.exec:\ppvdp.exe60⤵
- Executes dropped EXE
-
\??\c:\vdvvp.exec:\vdvvp.exe61⤵
- Executes dropped EXE
-
\??\c:\fffrrfl.exec:\fffrrfl.exe62⤵
- Executes dropped EXE
-
\??\c:\ffrlxxl.exec:\ffrlxxl.exe63⤵
- Executes dropped EXE
-
\??\c:\ffflfrr.exec:\ffflfrr.exe64⤵
- Executes dropped EXE
-
\??\c:\hhhntb.exec:\hhhntb.exe65⤵
- Executes dropped EXE
-
\??\c:\tnbttn.exec:\tnbttn.exe66⤵
-
\??\c:\ppvdd.exec:\ppvdd.exe67⤵
-
\??\c:\5pvjj.exec:\5pvjj.exe68⤵
-
\??\c:\7rflffx.exec:\7rflffx.exe69⤵
-
\??\c:\xxfxxfx.exec:\xxfxxfx.exe70⤵
-
\??\c:\nhbnbh.exec:\nhbnbh.exe71⤵
-
\??\c:\tnttnn.exec:\tnttnn.exe72⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe73⤵
-
\??\c:\vvvvv.exec:\vvvvv.exe74⤵
-
\??\c:\lrxrlrr.exec:\lrxrlrr.exe75⤵
-
\??\c:\rllrrrr.exec:\rllrrrr.exe76⤵
-
\??\c:\nntbbh.exec:\nntbbh.exe77⤵
-
\??\c:\bhhbtn.exec:\bhhbtn.exe78⤵
-
\??\c:\9jjdv.exec:\9jjdv.exe79⤵
-
\??\c:\jpvpp.exec:\jpvpp.exe80⤵
-
\??\c:\llrllxx.exec:\llrllxx.exe81⤵
-
\??\c:\bbntnt.exec:\bbntnt.exe82⤵
-
\??\c:\tnbbbn.exec:\tnbbbn.exe83⤵
-
\??\c:\vjvpv.exec:\vjvpv.exe84⤵
-
\??\c:\xfrrxlx.exec:\xfrrxlx.exe85⤵
-
\??\c:\xlrllll.exec:\xlrllll.exe86⤵
-
\??\c:\3ttttt.exec:\3ttttt.exe87⤵
-
\??\c:\vvvdv.exec:\vvvdv.exe88⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe89⤵
-
\??\c:\lrffxrr.exec:\lrffxrr.exe90⤵
-
\??\c:\lrrllrr.exec:\lrrllrr.exe91⤵
-
\??\c:\1tnnnt.exec:\1tnnnt.exe92⤵
-
\??\c:\hhnhbb.exec:\hhnhbb.exe93⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe94⤵
-
\??\c:\9vjpd.exec:\9vjpd.exe95⤵
-
\??\c:\lflfflf.exec:\lflfflf.exe96⤵
-
\??\c:\1bbbbh.exec:\1bbbbh.exe97⤵
-
\??\c:\3pvdv.exec:\3pvdv.exe98⤵
-
\??\c:\vvdvp.exec:\vvdvp.exe99⤵
-
\??\c:\xfrlfff.exec:\xfrlfff.exe100⤵
-
\??\c:\9rxxrxx.exec:\9rxxrxx.exe101⤵
-
\??\c:\hnbbbn.exec:\hnbbbn.exe102⤵
-
\??\c:\1vjjd.exec:\1vjjd.exe103⤵
-
\??\c:\vpjjd.exec:\vpjjd.exe104⤵
-
\??\c:\xxlrrrx.exec:\xxlrrrx.exe105⤵
-
\??\c:\5xlfffx.exec:\5xlfffx.exe106⤵
-
\??\c:\9bhnth.exec:\9bhnth.exe107⤵
-
\??\c:\hntbtb.exec:\hntbtb.exe108⤵
-
\??\c:\3pdvv.exec:\3pdvv.exe109⤵
-
\??\c:\rxlfrfl.exec:\rxlfrfl.exe110⤵
-
\??\c:\nttttb.exec:\nttttb.exe111⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe112⤵
-
\??\c:\jjdvd.exec:\jjdvd.exe113⤵
-
\??\c:\xxxxrxx.exec:\xxxxrxx.exe114⤵
-
\??\c:\bbhhnt.exec:\bbhhnt.exe115⤵
-
\??\c:\7tbhbn.exec:\7tbhbn.exe116⤵
-
\??\c:\5pppp.exec:\5pppp.exe117⤵
-
\??\c:\flffrrl.exec:\flffrrl.exe118⤵
-
\??\c:\9xfllxx.exec:\9xfllxx.exe119⤵
-
\??\c:\bnttbh.exec:\bnttbh.exe120⤵
-
\??\c:\nhnnhh.exec:\nhnnhh.exe121⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe122⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe123⤵
-
\??\c:\ffrlxrl.exec:\ffrlxrl.exe124⤵
-
\??\c:\xxffxll.exec:\xxffxll.exe125⤵
-
\??\c:\bhnnnn.exec:\bhnnnn.exe126⤵
-
\??\c:\nbnnnn.exec:\nbnnnn.exe127⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe128⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe129⤵
-
\??\c:\rrxrlff.exec:\rrxrlff.exe130⤵
-
\??\c:\flffrrx.exec:\flffrrx.exe131⤵
-
\??\c:\bbhhnn.exec:\bbhhnn.exe132⤵
-
\??\c:\hbhnhn.exec:\hbhnhn.exe133⤵
-
\??\c:\vjppp.exec:\vjppp.exe134⤵
-
\??\c:\3dddv.exec:\3dddv.exe135⤵
-
\??\c:\xlxxffl.exec:\xlxxffl.exe136⤵
-
\??\c:\ffxfrfl.exec:\ffxfrfl.exe137⤵
-
\??\c:\hbbttt.exec:\hbbttt.exe138⤵
-
\??\c:\5hbtbb.exec:\5hbtbb.exe139⤵
-
\??\c:\jpjpj.exec:\jpjpj.exe140⤵
-
\??\c:\jdjpv.exec:\jdjpv.exe141⤵
-
\??\c:\flrlllr.exec:\flrlllr.exe142⤵
-
\??\c:\9flffll.exec:\9flffll.exe143⤵
-
\??\c:\bhhbtn.exec:\bhhbtn.exe144⤵
-
\??\c:\hhntht.exec:\hhntht.exe145⤵
-
\??\c:\jppdv.exec:\jppdv.exe146⤵
-
\??\c:\1dvvp.exec:\1dvvp.exe147⤵
-
\??\c:\llffflr.exec:\llffflr.exe148⤵
-
\??\c:\rfxxrrr.exec:\rfxxrrr.exe149⤵
-
\??\c:\7bhhtt.exec:\7bhhtt.exe150⤵
-
\??\c:\xrfxrrx.exec:\xrfxrrx.exe151⤵
-
\??\c:\hbtnnh.exec:\hbtnnh.exe152⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe153⤵
-
\??\c:\vvvdv.exec:\vvvdv.exe154⤵
-
\??\c:\jdjvj.exec:\jdjvj.exe155⤵
-
\??\c:\rfrrffl.exec:\rfrrffl.exe156⤵
-
\??\c:\flrfrll.exec:\flrfrll.exe157⤵
-
\??\c:\nhnnnn.exec:\nhnnnn.exe158⤵
-
\??\c:\pdppj.exec:\pdppj.exe159⤵
-
\??\c:\ppvdd.exec:\ppvdd.exe160⤵
-
\??\c:\rlrfrlf.exec:\rlrfrlf.exe161⤵
-
\??\c:\lffffff.exec:\lffffff.exe162⤵
-
\??\c:\nbbttt.exec:\nbbttt.exe163⤵
-
\??\c:\bbtnhh.exec:\bbtnhh.exe164⤵
-
\??\c:\dpjdd.exec:\dpjdd.exe165⤵
-
\??\c:\lrxrflf.exec:\lrxrflf.exe166⤵
-
\??\c:\3xrlfff.exec:\3xrlfff.exe167⤵
-
\??\c:\hhtbtb.exec:\hhtbtb.exe168⤵
-
\??\c:\9tnnhb.exec:\9tnnhb.exe169⤵
-
\??\c:\ppvvv.exec:\ppvvv.exe170⤵
-
\??\c:\pvdpj.exec:\pvdpj.exe171⤵
-
\??\c:\rfllffx.exec:\rfllffx.exe172⤵
-
\??\c:\tntnbt.exec:\tntnbt.exe173⤵
-
\??\c:\9hhthb.exec:\9hhthb.exe174⤵
-
\??\c:\jpdjp.exec:\jpdjp.exe175⤵
-
\??\c:\llxlffx.exec:\llxlffx.exe176⤵
-
\??\c:\hbhbbt.exec:\hbhbbt.exe177⤵
-
\??\c:\vdpjd.exec:\vdpjd.exe178⤵
-
\??\c:\vjjvj.exec:\vjjvj.exe179⤵
-
\??\c:\flrllll.exec:\flrllll.exe180⤵
-
\??\c:\thnnhh.exec:\thnnhh.exe181⤵
-
\??\c:\bttnht.exec:\bttnht.exe182⤵
-
\??\c:\vvjvd.exec:\vvjvd.exe183⤵
-
\??\c:\hnthbb.exec:\hnthbb.exe184⤵
-
\??\c:\djjjj.exec:\djjjj.exe185⤵
-
\??\c:\pppjj.exec:\pppjj.exe186⤵
-
\??\c:\9lflfxr.exec:\9lflfxr.exe187⤵
-
\??\c:\llffxrl.exec:\llffxrl.exe188⤵
-
\??\c:\jddjd.exec:\jddjd.exe189⤵
-
\??\c:\tbtnhn.exec:\tbtnhn.exe190⤵
-
\??\c:\nthhnh.exec:\nthhnh.exe191⤵
-
\??\c:\vddvp.exec:\vddvp.exe192⤵
-
\??\c:\7flfllr.exec:\7flfllr.exe193⤵
-
\??\c:\fxllfff.exec:\fxllfff.exe194⤵
-
\??\c:\nhtntt.exec:\nhtntt.exe195⤵
-
\??\c:\nbnhtb.exec:\nbnhtb.exe196⤵
-
\??\c:\jvddv.exec:\jvddv.exe197⤵
-
\??\c:\vpvpv.exec:\vpvpv.exe198⤵
-
\??\c:\llrlffx.exec:\llrlffx.exe199⤵
-
\??\c:\5lfrllf.exec:\5lfrllf.exe200⤵
-
\??\c:\7hnnbh.exec:\7hnnbh.exe201⤵
-
\??\c:\5tnhtn.exec:\5tnhtn.exe202⤵
-
\??\c:\jddvp.exec:\jddvp.exe203⤵
-
\??\c:\vvjdj.exec:\vvjdj.exe204⤵
-
\??\c:\xlrrlff.exec:\xlrrlff.exe205⤵
-
\??\c:\frrllfx.exec:\frrllfx.exe206⤵
-
\??\c:\htnhbt.exec:\htnhbt.exe207⤵
-
\??\c:\5ntthn.exec:\5ntthn.exe208⤵
-
\??\c:\vvpjd.exec:\vvpjd.exe209⤵
-
\??\c:\vvdpj.exec:\vvdpj.exe210⤵
-
\??\c:\1frrxxl.exec:\1frrxxl.exe211⤵
-
\??\c:\7nnhbt.exec:\7nnhbt.exe212⤵
-
\??\c:\tbhbtn.exec:\tbhbtn.exe213⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe214⤵
-
\??\c:\vvdjv.exec:\vvdjv.exe215⤵
-
\??\c:\rfllrlf.exec:\rfllrlf.exe216⤵
-
\??\c:\rlfxrlf.exec:\rlfxrlf.exe217⤵
-
\??\c:\3rxrrll.exec:\3rxrrll.exe218⤵
-
\??\c:\tnthhh.exec:\tnthhh.exe219⤵
-
\??\c:\1nhbnn.exec:\1nhbnn.exe220⤵
-
\??\c:\ddpjd.exec:\ddpjd.exe221⤵
-
\??\c:\9vvpj.exec:\9vvpj.exe222⤵
-
\??\c:\lxxxxff.exec:\lxxxxff.exe223⤵
-
\??\c:\fflrrrx.exec:\fflrrrx.exe224⤵
-
\??\c:\5ntttt.exec:\5ntttt.exe225⤵
-
\??\c:\tbhbbb.exec:\tbhbbb.exe226⤵
-
\??\c:\bbnhnh.exec:\bbnhnh.exe227⤵
-
\??\c:\dpdpp.exec:\dpdpp.exe228⤵
-
\??\c:\djpjd.exec:\djpjd.exe229⤵
-
\??\c:\lxflxlx.exec:\lxflxlx.exe230⤵
-
\??\c:\rlllffx.exec:\rlllffx.exe231⤵
-
\??\c:\1hbtnh.exec:\1hbtnh.exe232⤵
-
\??\c:\btnhnh.exec:\btnhnh.exe233⤵
-
\??\c:\nntnbb.exec:\nntnbb.exe234⤵
-
\??\c:\pddvp.exec:\pddvp.exe235⤵
-
\??\c:\dpjdp.exec:\dpjdp.exe236⤵
-
\??\c:\flfxrxr.exec:\flfxrxr.exe237⤵
-
\??\c:\llrlffr.exec:\llrlffr.exe238⤵
-
\??\c:\tnttbt.exec:\tnttbt.exe239⤵
-
\??\c:\tnnhtt.exec:\tnnhtt.exe240⤵
-
\??\c:\jvppd.exec:\jvppd.exe241⤵