Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
20-05-2024 04:48
General
-
Target
fa87a83fda00f092e04ed9dcfcf2ea1581cf5531ed1cc1b91a604929d842c367.exe
-
Size
83KB
-
MD5
b4ddb46d8100bdd11086cf319575e052
-
SHA1
2e2efa2b35941ef212d7a320b60c92fe7fa414bd
-
SHA256
fa87a83fda00f092e04ed9dcfcf2ea1581cf5531ed1cc1b91a604929d842c367
-
SHA512
65bb03a75d317aac20bfc1ac0d919289dc145659fc697967e5c2871d03bf71b83064e63cc3342ce9f0f96a567e05d4179a832ff7dd9eada5585b3823102eb0fa
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIJSLCBCO+HlMO7s0yLP:ymb3NkkiQ3mdBjFIwLMoHW8yLP
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
UPX dump on OEP (original entry point) 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fa87a83fda00f092e04ed9dcfcf2ea1581cf5531ed1cc1b91a604929d842c367.exe"C:\Users\Admin\AppData\Local\Temp\fa87a83fda00f092e04ed9dcfcf2ea1581cf5531ed1cc1b91a604929d842c367.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxrfxf.exec:\xfxrfxf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbbbh.exec:\htbbbh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfflrr.exec:\rlfflrr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nbhbh.exec:\5nbhbh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vvvj.exec:\1vvvj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlxlxl.exec:\xrlxlxl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbnt.exec:\nhtbnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbhtn.exec:\thbhtn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdpd.exec:\ppdpd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrflxfx.exec:\rrflxfx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthnbh.exec:\bthnbh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jjpd.exec:\9jjpd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjv.exec:\dvjjv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ffxffr.exec:\9ffxffr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tbhnt.exec:\7tbhnt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jvdp.exec:\1jvdp.exe17⤵
- Executes dropped EXE
-
\??\c:\5vpvj.exec:\5vpvj.exe18⤵
- Executes dropped EXE
-
\??\c:\7xxfrlr.exec:\7xxfrlr.exe19⤵
- Executes dropped EXE
-
\??\c:\bttnnn.exec:\bttnnn.exe20⤵
- Executes dropped EXE
-
\??\c:\jppjj.exec:\jppjj.exe21⤵
- Executes dropped EXE
-
\??\c:\ppdjv.exec:\ppdjv.exe22⤵
- Executes dropped EXE
-
\??\c:\xrllxxl.exec:\xrllxxl.exe23⤵
- Executes dropped EXE
-
\??\c:\nhnbnt.exec:\nhnbnt.exe24⤵
- Executes dropped EXE
-
\??\c:\jpppd.exec:\jpppd.exe25⤵
- Executes dropped EXE
-
\??\c:\7lxfllx.exec:\7lxfllx.exe26⤵
- Executes dropped EXE
-
\??\c:\xlrfrrx.exec:\xlrfrrx.exe27⤵
- Executes dropped EXE
-
\??\c:\hhbbhh.exec:\hhbbhh.exe28⤵
- Executes dropped EXE
-
\??\c:\hhbhtt.exec:\hhbhtt.exe29⤵
- Executes dropped EXE
-
\??\c:\ppvpj.exec:\ppvpj.exe30⤵
- Executes dropped EXE
-
\??\c:\7rrxlrr.exec:\7rrxlrr.exe31⤵
- Executes dropped EXE
-
\??\c:\bhthth.exec:\bhthth.exe32⤵
- Executes dropped EXE
-
\??\c:\pjpvj.exec:\pjpvj.exe33⤵
- Executes dropped EXE
-
\??\c:\lrfrlfx.exec:\lrfrlfx.exe34⤵
- Executes dropped EXE
-
\??\c:\llfxlrx.exec:\llfxlrx.exe35⤵
- Executes dropped EXE
-
\??\c:\btnbnn.exec:\btnbnn.exe36⤵
- Executes dropped EXE
-
\??\c:\jddvj.exec:\jddvj.exe37⤵
- Executes dropped EXE
-
\??\c:\dvjpd.exec:\dvjpd.exe38⤵
- Executes dropped EXE
-
\??\c:\xfxxlfl.exec:\xfxxlfl.exe39⤵
- Executes dropped EXE
-
\??\c:\fxrrflx.exec:\fxrrflx.exe40⤵
- Executes dropped EXE
-
\??\c:\hbthnt.exec:\hbthnt.exe41⤵
- Executes dropped EXE
-
\??\c:\9nbhtn.exec:\9nbhtn.exe42⤵
- Executes dropped EXE
-
\??\c:\pppjp.exec:\pppjp.exe43⤵
- Executes dropped EXE
-
\??\c:\fxxflxf.exec:\fxxflxf.exe44⤵
- Executes dropped EXE
-
\??\c:\fxflxff.exec:\fxflxff.exe45⤵
- Executes dropped EXE
-
\??\c:\tnbbhh.exec:\tnbbhh.exe46⤵
- Executes dropped EXE
-
\??\c:\3bnnhn.exec:\3bnnhn.exe47⤵
- Executes dropped EXE
-
\??\c:\9dvdj.exec:\9dvdj.exe48⤵
- Executes dropped EXE
-
\??\c:\1fffxxl.exec:\1fffxxl.exe49⤵
- Executes dropped EXE
-
\??\c:\xrlrflf.exec:\xrlrflf.exe50⤵
- Executes dropped EXE
-
\??\c:\lffrxlx.exec:\lffrxlx.exe51⤵
- Executes dropped EXE
-
\??\c:\tnbtnt.exec:\tnbtnt.exe52⤵
- Executes dropped EXE
-
\??\c:\1jpvp.exec:\1jpvp.exe53⤵
- Executes dropped EXE
-
\??\c:\9llffll.exec:\9llffll.exe54⤵
- Executes dropped EXE
-
\??\c:\hhbhbt.exec:\hhbhbt.exe55⤵
- Executes dropped EXE
-
\??\c:\nhthnt.exec:\nhthnt.exe56⤵
- Executes dropped EXE
-
\??\c:\vvvjj.exec:\vvvjj.exe57⤵
- Executes dropped EXE
-
\??\c:\vvppd.exec:\vvppd.exe58⤵
- Executes dropped EXE
-
\??\c:\1lxrfrl.exec:\1lxrfrl.exe59⤵
- Executes dropped EXE
-
\??\c:\fffxlxx.exec:\fffxlxx.exe60⤵
- Executes dropped EXE
-
\??\c:\7nbhth.exec:\7nbhth.exe61⤵
- Executes dropped EXE
-
\??\c:\5dvdp.exec:\5dvdp.exe62⤵
- Executes dropped EXE
-
\??\c:\3ffxrxr.exec:\3ffxrxr.exe63⤵
- Executes dropped EXE
-
\??\c:\7xlxlxl.exec:\7xlxlxl.exe64⤵
- Executes dropped EXE
-
\??\c:\hhhnhh.exec:\hhhnhh.exe65⤵
- Executes dropped EXE
-
\??\c:\dpvvv.exec:\dpvvv.exe66⤵
-
\??\c:\jjvdp.exec:\jjvdp.exe67⤵
-
\??\c:\xxxlxlf.exec:\xxxlxlf.exe68⤵
-
\??\c:\rrxlxxr.exec:\rrxlxxr.exe69⤵
-
\??\c:\tbhhnh.exec:\tbhhnh.exe70⤵
-
\??\c:\ppddj.exec:\ppddj.exe71⤵
-
\??\c:\vdpjd.exec:\vdpjd.exe72⤵
-
\??\c:\rfrllrx.exec:\rfrllrx.exe73⤵
-
\??\c:\frxrrfr.exec:\frxrrfr.exe74⤵
-
\??\c:\tntbtn.exec:\tntbtn.exe75⤵
-
\??\c:\1nnbtn.exec:\1nnbtn.exe76⤵
-
\??\c:\jjvdp.exec:\jjvdp.exe77⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe78⤵
-
\??\c:\fxrxlrr.exec:\fxrxlrr.exe79⤵
-
\??\c:\flrfxlf.exec:\flrfxlf.exe80⤵
-
\??\c:\5bthnb.exec:\5bthnb.exe81⤵
-
\??\c:\bbtbhn.exec:\bbtbhn.exe82⤵
-
\??\c:\7dvvj.exec:\7dvvj.exe83⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe84⤵
-
\??\c:\1ffrxfl.exec:\1ffrxfl.exe85⤵
-
\??\c:\3xrffrl.exec:\3xrffrl.exe86⤵
-
\??\c:\3ntbhn.exec:\3ntbhn.exe87⤵
-
\??\c:\jpppp.exec:\jpppp.exe88⤵
-
\??\c:\3jdjp.exec:\3jdjp.exe89⤵
-
\??\c:\rlfrrfr.exec:\rlfrrfr.exe90⤵
-
\??\c:\xrlxrrl.exec:\xrlxrrl.exe91⤵
-
\??\c:\1btbhn.exec:\1btbhn.exe92⤵
-
\??\c:\nnnhbh.exec:\nnnhbh.exe93⤵
-
\??\c:\vpvdd.exec:\vpvdd.exe94⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe95⤵
-
\??\c:\lfffxlf.exec:\lfffxlf.exe96⤵
-
\??\c:\hhtnnb.exec:\hhtnnb.exe97⤵
-
\??\c:\5tnbtn.exec:\5tnbtn.exe98⤵
-
\??\c:\vvpvj.exec:\vvpvj.exe99⤵
-
\??\c:\dvjvd.exec:\dvjvd.exe100⤵
-
\??\c:\fxllffl.exec:\fxllffl.exe101⤵
-
\??\c:\3rfflxx.exec:\3rfflxx.exe102⤵
-
\??\c:\thtbnh.exec:\thtbnh.exe103⤵
-
\??\c:\ttthtb.exec:\ttthtb.exe104⤵
-
\??\c:\9jjjp.exec:\9jjjp.exe105⤵
-
\??\c:\rlxxfxl.exec:\rlxxfxl.exe106⤵
-
\??\c:\1rrrfff.exec:\1rrrfff.exe107⤵
-
\??\c:\9hhnth.exec:\9hhnth.exe108⤵
-
\??\c:\bbhthn.exec:\bbhthn.exe109⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe110⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe111⤵
-
\??\c:\ffrlrxf.exec:\ffrlrxf.exe112⤵
-
\??\c:\3rxfrxl.exec:\3rxfrxl.exe113⤵
-
\??\c:\thnttt.exec:\thnttt.exe114⤵
-
\??\c:\vvvvj.exec:\vvvvj.exe115⤵
-
\??\c:\jjddj.exec:\jjddj.exe116⤵
-
\??\c:\9rlllxl.exec:\9rlllxl.exe117⤵
-
\??\c:\rlxlxxf.exec:\rlxlxxf.exe118⤵
-
\??\c:\3tbhtt.exec:\3tbhtt.exe119⤵
-
\??\c:\3jdjd.exec:\3jdjd.exe120⤵
-
\??\c:\vpjvv.exec:\vpjvv.exe121⤵
-
\??\c:\lffxflr.exec:\lffxflr.exe122⤵
-
\??\c:\xrflrrl.exec:\xrflrrl.exe123⤵
-
\??\c:\9thntb.exec:\9thntb.exe124⤵
-
\??\c:\nhnhnb.exec:\nhnhnb.exe125⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe126⤵
-
\??\c:\3jdpv.exec:\3jdpv.exe127⤵
-
\??\c:\llxxffr.exec:\llxxffr.exe128⤵
-
\??\c:\7rflrxf.exec:\7rflrxf.exe129⤵
-
\??\c:\hhtbnt.exec:\hhtbnt.exe130⤵
-
\??\c:\vdvvv.exec:\vdvvv.exe131⤵
-
\??\c:\vpddp.exec:\vpddp.exe132⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe133⤵
-
\??\c:\xrlrxfl.exec:\xrlrxfl.exe134⤵
-
\??\c:\hbhntb.exec:\hbhntb.exe135⤵
-
\??\c:\1hbnbt.exec:\1hbnbt.exe136⤵
-
\??\c:\jpvjv.exec:\jpvjv.exe137⤵
-
\??\c:\xrfxffr.exec:\xrfxffr.exe138⤵
-
\??\c:\9xlfrfl.exec:\9xlfrfl.exe139⤵
-
\??\c:\nnnthn.exec:\nnnthn.exe140⤵
-
\??\c:\btntbh.exec:\btntbh.exe141⤵
-
\??\c:\jjdpd.exec:\jjdpd.exe142⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe143⤵
-
\??\c:\xxllxfl.exec:\xxllxfl.exe144⤵
-
\??\c:\frfxllf.exec:\frfxllf.exe145⤵
-
\??\c:\tnbhbn.exec:\tnbhbn.exe146⤵
-
\??\c:\5thnnb.exec:\5thnnb.exe147⤵
-
\??\c:\dvjvj.exec:\dvjvj.exe148⤵
-
\??\c:\lffrlxf.exec:\lffrlxf.exe149⤵
-
\??\c:\llxlrxf.exec:\llxlrxf.exe150⤵
-
\??\c:\btbntb.exec:\btbntb.exe151⤵
-
\??\c:\tthnnh.exec:\tthnnh.exe152⤵
-
\??\c:\vdjpd.exec:\vdjpd.exe153⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe154⤵
-
\??\c:\fxflflr.exec:\fxflflr.exe155⤵
-
\??\c:\hbntht.exec:\hbntht.exe156⤵
-
\??\c:\bthnht.exec:\bthnht.exe157⤵
-
\??\c:\dvdjv.exec:\dvdjv.exe158⤵
-
\??\c:\7vpvd.exec:\7vpvd.exe159⤵
-
\??\c:\lfxfflr.exec:\lfxfflr.exe160⤵
-
\??\c:\rlxxffr.exec:\rlxxffr.exe161⤵
-
\??\c:\btnbnt.exec:\btnbnt.exe162⤵
-
\??\c:\ttnntt.exec:\ttnntt.exe163⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe164⤵
-
\??\c:\ffllrrr.exec:\ffllrrr.exe165⤵
-
\??\c:\3lfrllx.exec:\3lfrllx.exe166⤵
-
\??\c:\bhbnht.exec:\bhbnht.exe167⤵
-
\??\c:\jjdjp.exec:\jjdjp.exe168⤵
-
\??\c:\vpdvd.exec:\vpdvd.exe169⤵
-
\??\c:\fxfrlxr.exec:\fxfrlxr.exe170⤵
-
\??\c:\lrlxfrf.exec:\lrlxfrf.exe171⤵
-
\??\c:\ttbbhb.exec:\ttbbhb.exe172⤵
-
\??\c:\1tnbhh.exec:\1tnbhh.exe173⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe174⤵
-
\??\c:\xxxfxfr.exec:\xxxfxfr.exe175⤵
-
\??\c:\bbbntt.exec:\bbbntt.exe176⤵
-
\??\c:\3dvjd.exec:\3dvjd.exe177⤵
-
\??\c:\jpvvv.exec:\jpvvv.exe178⤵
-
\??\c:\lfxxfrx.exec:\lfxxfrx.exe179⤵
-
\??\c:\9nhhhn.exec:\9nhhhn.exe180⤵
-
\??\c:\tnhtbh.exec:\tnhtbh.exe181⤵
-
\??\c:\jpdpd.exec:\jpdpd.exe182⤵
-
\??\c:\vdvjd.exec:\vdvjd.exe183⤵
-
\??\c:\xxrrxfx.exec:\xxrrxfx.exe184⤵
-
\??\c:\xxflrxl.exec:\xxflrxl.exe185⤵
-
\??\c:\hhtbnh.exec:\hhtbnh.exe186⤵
-
\??\c:\5hhnbb.exec:\5hhnbb.exe187⤵
-
\??\c:\vvpvj.exec:\vvpvj.exe188⤵
-
\??\c:\lfllrxf.exec:\lfllrxf.exe189⤵
-
\??\c:\lfxlffx.exec:\lfxlffx.exe190⤵
-
\??\c:\nbhtnn.exec:\nbhtnn.exe191⤵
-
\??\c:\hbbbnt.exec:\hbbbnt.exe192⤵
-
\??\c:\jjjpj.exec:\jjjpj.exe193⤵
-
\??\c:\rrrffrl.exec:\rrrffrl.exe194⤵
-
\??\c:\rrrrfff.exec:\rrrrfff.exe195⤵
-
\??\c:\btbtbb.exec:\btbtbb.exe196⤵
-
\??\c:\3hthtt.exec:\3hthtt.exe197⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe198⤵
-
\??\c:\pjjpv.exec:\pjjpv.exe199⤵
-
\??\c:\3lxxxxf.exec:\3lxxxxf.exe200⤵
-
\??\c:\xrxxllx.exec:\xrxxllx.exe201⤵
-
\??\c:\nbnhnt.exec:\nbnhnt.exe202⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe203⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe204⤵
-
\??\c:\3xfrlrl.exec:\3xfrlrl.exe205⤵
-
\??\c:\xxllxfl.exec:\xxllxfl.exe206⤵
-
\??\c:\btbbbn.exec:\btbbbn.exe207⤵
-
\??\c:\tbbtnb.exec:\tbbtnb.exe208⤵
-
\??\c:\vdvpj.exec:\vdvpj.exe209⤵
-
\??\c:\9vvvv.exec:\9vvvv.exe210⤵
-
\??\c:\ffxxllx.exec:\ffxxllx.exe211⤵
-
\??\c:\bhnntn.exec:\bhnntn.exe212⤵
-
\??\c:\nttbth.exec:\nttbth.exe213⤵
-
\??\c:\3vpvd.exec:\3vpvd.exe214⤵
-
\??\c:\5xfllxx.exec:\5xfllxx.exe215⤵
-
\??\c:\xxlxffr.exec:\xxlxffr.exe216⤵
-
\??\c:\bhbthb.exec:\bhbthb.exe217⤵
-
\??\c:\hnbtbh.exec:\hnbtbh.exe218⤵
-
\??\c:\djjvd.exec:\djjvd.exe219⤵
-
\??\c:\3dddj.exec:\3dddj.exe220⤵
-
\??\c:\fxxlxlx.exec:\fxxlxlx.exe221⤵
-
\??\c:\lflrrrx.exec:\lflrrrx.exe222⤵
-
\??\c:\7ttbtt.exec:\7ttbtt.exe223⤵
-
\??\c:\btntbh.exec:\btntbh.exe224⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe225⤵
-
\??\c:\pvddj.exec:\pvddj.exe226⤵
-
\??\c:\rlffxrl.exec:\rlffxrl.exe227⤵
-
\??\c:\bthtbh.exec:\bthtbh.exe228⤵
-
\??\c:\nntbhn.exec:\nntbhn.exe229⤵
-
\??\c:\3dpvv.exec:\3dpvv.exe230⤵
-
\??\c:\jdpdj.exec:\jdpdj.exe231⤵
-
\??\c:\jjdpv.exec:\jjdpv.exe232⤵
-
\??\c:\xrflxlx.exec:\xrflxlx.exe233⤵
-
\??\c:\5hbhnn.exec:\5hbhnn.exe234⤵
-
\??\c:\hbnntn.exec:\hbnntn.exe235⤵
-
\??\c:\7pjpv.exec:\7pjpv.exe236⤵
-
\??\c:\pjjvj.exec:\pjjvj.exe237⤵
-
\??\c:\lfxxflx.exec:\lfxxflx.exe238⤵
-
\??\c:\rrrxllf.exec:\rrrxllf.exe239⤵
-
\??\c:\tntthn.exec:\tntthn.exe240⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe241⤵