Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
20-05-2024 04:17
General
-
Target
aa6e2f78ea70d985bd782a5b23130137f01e5ee9f5f60dc3d99d4f842053304b.exe
-
Size
122KB
-
MD5
d4fc4182c3eb642461b64c107ecc3200
-
SHA1
3fefe16296f825cf7c9e8ef9a485f99ef6aa8967
-
SHA256
aa6e2f78ea70d985bd782a5b23130137f01e5ee9f5f60dc3d99d4f842053304b
-
SHA512
6faf5009c7d489ae52c932f09c13c74ae9a324bce146a3bac1454729914f5aa020d288a3c8c306ce8283961ca09439ecc4630323d6d7b0709ecd272e9fbaca12
-
SSDEEP
3072:ymb3NkkiQ3mdBjFWXkj7afoHvmQ+EZMYX90Ifcr:n3C9BRW0j/uVEZFmIkr
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\aa6e2f78ea70d985bd782a5b23130137f01e5ee9f5f60dc3d99d4f842053304b.exe"C:\Users\Admin\AppData\Local\Temp\aa6e2f78ea70d985bd782a5b23130137f01e5ee9f5f60dc3d99d4f842053304b.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tbtbnb.exec:\tbtbnb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pppv.exec:\9pppv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlrxxf.exec:\lxlrxxf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhtb.exec:\bthhtb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpvj.exec:\pjpvj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rrrffr.exec:\7rrrffr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrxlx.exec:\xrlrxlx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hnhnt.exec:\9hnhnt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjvd.exec:\vpjvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxxffr.exec:\llxxffr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rrxflx.exec:\1rrxflx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5thntb.exec:\5thntb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjd.exec:\vpjjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpdp.exec:\ddpdp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llflflx.exec:\llflflx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bnnnt.exec:\3bnnnt.exe17⤵
- Executes dropped EXE
-
\??\c:\bbhbhh.exec:\bbhbhh.exe18⤵
- Executes dropped EXE
-
\??\c:\jjddj.exec:\jjddj.exe19⤵
- Executes dropped EXE
-
\??\c:\rrlrxfr.exec:\rrlrxfr.exe20⤵
- Executes dropped EXE
-
\??\c:\bbtbnt.exec:\bbtbnt.exe21⤵
- Executes dropped EXE
-
\??\c:\vpddp.exec:\vpddp.exe22⤵
- Executes dropped EXE
-
\??\c:\dvjjv.exec:\dvjjv.exe23⤵
- Executes dropped EXE
-
\??\c:\lfllxff.exec:\lfllxff.exe24⤵
- Executes dropped EXE
-
\??\c:\xlxxfxx.exec:\xlxxfxx.exe25⤵
- Executes dropped EXE
-
\??\c:\3dpdp.exec:\3dpdp.exe26⤵
- Executes dropped EXE
-
\??\c:\pjppv.exec:\pjppv.exe27⤵
- Executes dropped EXE
-
\??\c:\rrflxfr.exec:\rrflxfr.exe28⤵
- Executes dropped EXE
-
\??\c:\lrrlrrx.exec:\lrrlrrx.exe29⤵
- Executes dropped EXE
-
\??\c:\vpjpj.exec:\vpjpj.exe30⤵
- Executes dropped EXE
-
\??\c:\lflrllr.exec:\lflrllr.exe31⤵
- Executes dropped EXE
-
\??\c:\rlxrrrx.exec:\rlxrrrx.exe32⤵
- Executes dropped EXE
-
\??\c:\hnhbth.exec:\hnhbth.exe33⤵
- Executes dropped EXE
-
\??\c:\vpjjp.exec:\vpjjp.exe34⤵
- Executes dropped EXE
-
\??\c:\9pdjv.exec:\9pdjv.exe35⤵
- Executes dropped EXE
-
\??\c:\xxffxfl.exec:\xxffxfl.exe36⤵
- Executes dropped EXE
-
\??\c:\llrflrf.exec:\llrflrf.exe37⤵
- Executes dropped EXE
-
\??\c:\fxrxffl.exec:\fxrxffl.exe38⤵
- Executes dropped EXE
-
\??\c:\btbbnn.exec:\btbbnn.exe39⤵
- Executes dropped EXE
-
\??\c:\hhhbbb.exec:\hhhbbb.exe40⤵
- Executes dropped EXE
-
\??\c:\7pjdd.exec:\7pjdd.exe41⤵
- Executes dropped EXE
-
\??\c:\fxffrrf.exec:\fxffrrf.exe42⤵
- Executes dropped EXE
-
\??\c:\rflffxx.exec:\rflffxx.exe43⤵
- Executes dropped EXE
-
\??\c:\tnbbth.exec:\tnbbth.exe44⤵
- Executes dropped EXE
-
\??\c:\btbhth.exec:\btbhth.exe45⤵
- Executes dropped EXE
-
\??\c:\jvjpp.exec:\jvjpp.exe46⤵
- Executes dropped EXE
-
\??\c:\5vjjj.exec:\5vjjj.exe47⤵
- Executes dropped EXE
-
\??\c:\xrfllrx.exec:\xrfllrx.exe48⤵
- Executes dropped EXE
-
\??\c:\lfxrxlx.exec:\lfxrxlx.exe49⤵
- Executes dropped EXE
-
\??\c:\nhnthh.exec:\nhnthh.exe50⤵
- Executes dropped EXE
-
\??\c:\7dppj.exec:\7dppj.exe51⤵
- Executes dropped EXE
-
\??\c:\5ppdp.exec:\5ppdp.exe52⤵
- Executes dropped EXE
-
\??\c:\xrflrrx.exec:\xrflrrx.exe53⤵
- Executes dropped EXE
-
\??\c:\flxxfxf.exec:\flxxfxf.exe54⤵
- Executes dropped EXE
-
\??\c:\5tttnt.exec:\5tttnt.exe55⤵
- Executes dropped EXE
-
\??\c:\9bntbb.exec:\9bntbb.exe56⤵
- Executes dropped EXE
-
\??\c:\rrxrrll.exec:\rrxrrll.exe57⤵
- Executes dropped EXE
-
\??\c:\xrrxfff.exec:\xrrxfff.exe58⤵
- Executes dropped EXE
-
\??\c:\9nnttb.exec:\9nnttb.exe59⤵
- Executes dropped EXE
-
\??\c:\1nnhbn.exec:\1nnhbn.exe60⤵
- Executes dropped EXE
-
\??\c:\1jdjp.exec:\1jdjp.exe61⤵
- Executes dropped EXE
-
\??\c:\3vjpv.exec:\3vjpv.exe62⤵
- Executes dropped EXE
-
\??\c:\3rxflrf.exec:\3rxflrf.exe63⤵
- Executes dropped EXE
-
\??\c:\xrlrffx.exec:\xrlrffx.exe64⤵
- Executes dropped EXE
-
\??\c:\hbbbtn.exec:\hbbbtn.exe65⤵
- Executes dropped EXE
-
\??\c:\hbnthn.exec:\hbnthn.exe66⤵
-
\??\c:\ddpvp.exec:\ddpvp.exe67⤵
-
\??\c:\vpdpv.exec:\vpdpv.exe68⤵
-
\??\c:\fxfrrrx.exec:\fxfrrrx.exe69⤵
-
\??\c:\fxrrffr.exec:\fxrrffr.exe70⤵
-
\??\c:\btbbnn.exec:\btbbnn.exe71⤵
-
\??\c:\bhtthn.exec:\bhtthn.exe72⤵
-
\??\c:\vvpjd.exec:\vvpjd.exe73⤵
-
\??\c:\vjdjj.exec:\vjdjj.exe74⤵
-
\??\c:\lfrxfff.exec:\lfrxfff.exe75⤵
-
\??\c:\xlrxlrx.exec:\xlrxlrx.exe76⤵
-
\??\c:\bthhnt.exec:\bthhnt.exe77⤵
-
\??\c:\hhntbb.exec:\hhntbb.exe78⤵
-
\??\c:\9dppj.exec:\9dppj.exe79⤵
-
\??\c:\dpddj.exec:\dpddj.exe80⤵
-
\??\c:\9rrrflx.exec:\9rrrflx.exe81⤵
-
\??\c:\fxflrxf.exec:\fxflrxf.exe82⤵
-
\??\c:\9tnthn.exec:\9tnthn.exe83⤵
-
\??\c:\9nnnhn.exec:\9nnnhn.exe84⤵
-
\??\c:\7dvdv.exec:\7dvdv.exe85⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe86⤵
-
\??\c:\vvdpd.exec:\vvdpd.exe87⤵
-
\??\c:\xlxfllr.exec:\xlxfllr.exe88⤵
-
\??\c:\xlrxffr.exec:\xlrxffr.exe89⤵
-
\??\c:\btntbb.exec:\btntbb.exe90⤵
-
\??\c:\nnbbht.exec:\nnbbht.exe91⤵
-
\??\c:\vjjpv.exec:\vjjpv.exe92⤵
-
\??\c:\xlxffll.exec:\xlxffll.exe93⤵
-
\??\c:\xlrrflx.exec:\xlrrflx.exe94⤵
-
\??\c:\rflrrrl.exec:\rflrrrl.exe95⤵
-
\??\c:\tntbtt.exec:\tntbtt.exe96⤵
-
\??\c:\btbbht.exec:\btbbht.exe97⤵
-
\??\c:\pjdjj.exec:\pjdjj.exe98⤵
-
\??\c:\jdpdd.exec:\jdpdd.exe99⤵
-
\??\c:\xlfxffl.exec:\xlfxffl.exe100⤵
-
\??\c:\fxflxxl.exec:\fxflxxl.exe101⤵
-
\??\c:\1hbnbb.exec:\1hbnbb.exe102⤵
-
\??\c:\httntt.exec:\httntt.exe103⤵
-
\??\c:\5htnnt.exec:\5htnnt.exe104⤵
-
\??\c:\9vvjj.exec:\9vvjj.exe105⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe106⤵
-
\??\c:\frrxflr.exec:\frrxflr.exe107⤵
-
\??\c:\xxlflrx.exec:\xxlflrx.exe108⤵
-
\??\c:\nbnntb.exec:\nbnntb.exe109⤵
-
\??\c:\hbhntb.exec:\hbhntb.exe110⤵
-
\??\c:\nhbnbh.exec:\nhbnbh.exe111⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe112⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe113⤵
-
\??\c:\3xlrxxl.exec:\3xlrxxl.exe114⤵
-
\??\c:\xrxfffl.exec:\xrxfffl.exe115⤵
-
\??\c:\hbbbhh.exec:\hbbbhh.exe116⤵
-
\??\c:\nhthbn.exec:\nhthbn.exe117⤵
-
\??\c:\jjjvp.exec:\jjjvp.exe118⤵
-
\??\c:\dvpdj.exec:\dvpdj.exe119⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe120⤵
-
\??\c:\lxlflxx.exec:\lxlflxx.exe121⤵
-
\??\c:\7hhthh.exec:\7hhthh.exe122⤵
-
\??\c:\btnttt.exec:\btnttt.exe123⤵
-
\??\c:\bbnthh.exec:\bbnthh.exe124⤵
-
\??\c:\pjvjj.exec:\pjvjj.exe125⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe126⤵
-
\??\c:\1frrrxx.exec:\1frrrxx.exe127⤵
-
\??\c:\rrxxllf.exec:\rrxxllf.exe128⤵
-
\??\c:\hhbtbh.exec:\hhbtbh.exe129⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe130⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe131⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe132⤵
-
\??\c:\xrlrlrx.exec:\xrlrlrx.exe133⤵
-
\??\c:\bttthh.exec:\bttthh.exe134⤵
-
\??\c:\nbhhhh.exec:\nbhhhh.exe135⤵
-
\??\c:\dvddp.exec:\dvddp.exe136⤵
-
\??\c:\jddjv.exec:\jddjv.exe137⤵
-
\??\c:\rxxflff.exec:\rxxflff.exe138⤵
-
\??\c:\hbtbht.exec:\hbtbht.exe139⤵
-
\??\c:\7ttbtb.exec:\7ttbtb.exe140⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe141⤵
-
\??\c:\3vppv.exec:\3vppv.exe142⤵
-
\??\c:\1fflrlx.exec:\1fflrlx.exe143⤵
-
\??\c:\xxlrflr.exec:\xxlrflr.exe144⤵
-
\??\c:\tttbbh.exec:\tttbbh.exe145⤵
-
\??\c:\nhnntb.exec:\nhnntb.exe146⤵
-
\??\c:\pjppd.exec:\pjppd.exe147⤵
-
\??\c:\lxrrlrr.exec:\lxrrlrr.exe148⤵
-
\??\c:\1xflxxl.exec:\1xflxxl.exe149⤵
-
\??\c:\1tntbb.exec:\1tntbb.exe150⤵
-
\??\c:\3hnttn.exec:\3hnttn.exe151⤵
-
\??\c:\jjvvd.exec:\jjvvd.exe152⤵
-
\??\c:\dpddp.exec:\dpddp.exe153⤵
-
\??\c:\xrfxllr.exec:\xrfxllr.exe154⤵
-
\??\c:\httthn.exec:\httthn.exe155⤵
-
\??\c:\bthbbb.exec:\bthbbb.exe156⤵
-
\??\c:\5jvpd.exec:\5jvpd.exe157⤵
-
\??\c:\dvddp.exec:\dvddp.exe158⤵
-
\??\c:\frxrxxf.exec:\frxrxxf.exe159⤵
-
\??\c:\9llrflx.exec:\9llrflx.exe160⤵
-
\??\c:\ttbbht.exec:\ttbbht.exe161⤵
-
\??\c:\bthnbh.exec:\bthnbh.exe162⤵
-
\??\c:\9jjdj.exec:\9jjdj.exe163⤵
-
\??\c:\pdddp.exec:\pdddp.exe164⤵
-
\??\c:\5lxxxxl.exec:\5lxxxxl.exe165⤵
-
\??\c:\tnhnbb.exec:\tnhnbb.exe166⤵
-
\??\c:\nbtnbn.exec:\nbtnbn.exe167⤵
-
\??\c:\dvjvd.exec:\dvjvd.exe168⤵
-
\??\c:\jdppd.exec:\jdppd.exe169⤵
-
\??\c:\xllllrr.exec:\xllllrr.exe170⤵
-
\??\c:\9rllxrx.exec:\9rllxrx.exe171⤵
-
\??\c:\tnthhb.exec:\tnthhb.exe172⤵
-
\??\c:\bthbtt.exec:\bthbtt.exe173⤵
-
\??\c:\vvddd.exec:\vvddd.exe174⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe175⤵
-
\??\c:\lxlrfxf.exec:\lxlrfxf.exe176⤵
-
\??\c:\9xllxrx.exec:\9xllxrx.exe177⤵
-
\??\c:\bthbnt.exec:\bthbnt.exe178⤵
-
\??\c:\btnnhb.exec:\btnnhb.exe179⤵
-
\??\c:\ppdjd.exec:\ppdjd.exe180⤵
-
\??\c:\lfrxxxr.exec:\lfrxxxr.exe181⤵
-
\??\c:\lfxlxfl.exec:\lfxlxfl.exe182⤵
-
\??\c:\nhnhtt.exec:\nhnhtt.exe183⤵
-
\??\c:\bthhtt.exec:\bthhtt.exe184⤵
-
\??\c:\vvpdd.exec:\vvpdd.exe185⤵
-
\??\c:\1pvvv.exec:\1pvvv.exe186⤵
-
\??\c:\rlllrxf.exec:\rlllrxf.exe187⤵
-
\??\c:\rffrllx.exec:\rffrllx.exe188⤵
-
\??\c:\nbhhbb.exec:\nbhhbb.exe189⤵
-
\??\c:\bnbbnn.exec:\bnbbnn.exe190⤵
-
\??\c:\ppppp.exec:\ppppp.exe191⤵
-
\??\c:\dpvjv.exec:\dpvjv.exe192⤵
-
\??\c:\rflfllr.exec:\rflfllr.exe193⤵
-
\??\c:\9xxrllr.exec:\9xxrllr.exe194⤵
-
\??\c:\xfrxfxx.exec:\xfrxfxx.exe195⤵
-
\??\c:\tthtbt.exec:\tthtbt.exe196⤵
-
\??\c:\ththtb.exec:\ththtb.exe197⤵
-
\??\c:\ppdvv.exec:\ppdvv.exe198⤵
-
\??\c:\dddpv.exec:\dddpv.exe199⤵
-
\??\c:\9rrxlrf.exec:\9rrxlrf.exe200⤵
-
\??\c:\lflxlrf.exec:\lflxlrf.exe201⤵
-
\??\c:\hbtbnt.exec:\hbtbnt.exe202⤵
-
\??\c:\7nnhnt.exec:\7nnhnt.exe203⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe204⤵
-
\??\c:\xrfxrrx.exec:\xrfxrrx.exe205⤵
-
\??\c:\3lxfrfr.exec:\3lxfrfr.exe206⤵
-
\??\c:\nnhtbt.exec:\nnhtbt.exe207⤵
-
\??\c:\hhhbht.exec:\hhhbht.exe208⤵
-
\??\c:\7ddpd.exec:\7ddpd.exe209⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe210⤵
-
\??\c:\lfrxrrf.exec:\lfrxrrf.exe211⤵
-
\??\c:\lrxflfl.exec:\lrxflfl.exe212⤵
-
\??\c:\tnbbnh.exec:\tnbbnh.exe213⤵
-
\??\c:\nnhnbb.exec:\nnhnbb.exe214⤵
-
\??\c:\pjjdj.exec:\pjjdj.exe215⤵
-
\??\c:\vpppv.exec:\vpppv.exe216⤵
-
\??\c:\rlrrfff.exec:\rlrrfff.exe217⤵
-
\??\c:\fxllrrl.exec:\fxllrrl.exe218⤵
-
\??\c:\7hnbtb.exec:\7hnbtb.exe219⤵
-
\??\c:\hthhtt.exec:\hthhtt.exe220⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe221⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe222⤵
-
\??\c:\lfrxlrx.exec:\lfrxlrx.exe223⤵
-
\??\c:\fflxflr.exec:\fflxflr.exe224⤵
-
\??\c:\btttbb.exec:\btttbb.exe225⤵
-
\??\c:\1pjdj.exec:\1pjdj.exe226⤵
-
\??\c:\1vpvj.exec:\1vpvj.exe227⤵
-
\??\c:\9xrxffl.exec:\9xrxffl.exe228⤵
-
\??\c:\xlfxrrr.exec:\xlfxrrr.exe229⤵
-
\??\c:\tnhnbb.exec:\tnhnbb.exe230⤵
-
\??\c:\hbttbb.exec:\hbttbb.exe231⤵
-
\??\c:\9jdjv.exec:\9jdjv.exe232⤵
-
\??\c:\1vpvd.exec:\1vpvd.exe233⤵
-
\??\c:\7fxlrxf.exec:\7fxlrxf.exe234⤵
-
\??\c:\lxlrxfl.exec:\lxlrxfl.exe235⤵
-
\??\c:\5ntthn.exec:\5ntthn.exe236⤵
-
\??\c:\pddvv.exec:\pddvv.exe237⤵
-
\??\c:\pdjpd.exec:\pdjpd.exe238⤵
-
\??\c:\rlffxxr.exec:\rlffxxr.exe239⤵
-
\??\c:\lfrrfxf.exec:\lfrrfxf.exe240⤵
-
\??\c:\hbbttt.exec:\hbbttt.exe241⤵