Analysis
-
max time kernel
150s -
max time network
117s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
20-05-2024 04:50
General
-
Target
b17e72e67a6201fd131948e6b476f875cf0d4dac290a4fe200c678028e372a23.exe
-
Size
313KB
-
MD5
b29b25c124e190c51b445349706db6b0
-
SHA1
e9bc4ac4fd11b6db17eeef00a053816bf71a09ae
-
SHA256
b17e72e67a6201fd131948e6b476f875cf0d4dac290a4fe200c678028e372a23
-
SHA512
9036d6a2410e4ffede4dfd41076c3a04a8980b04ffe8275d193b895c0d51f1b8109e0a465f2fa695ea24d66dc25c1853cf0ef2a942d61ce3e1cc2e6b861b7c48
-
SSDEEP
6144:n3C9BRo/AIX2h97aUzpbBj3+b2ziJC39QS8hDJd+Q7ZLbjwmI:n3C9uDC97aUFbZ42ziM39QS8hDJd+Q7s
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b17e72e67a6201fd131948e6b476f875cf0d4dac290a4fe200c678028e372a23.exe"C:\Users\Admin\AppData\Local\Temp\b17e72e67a6201fd131948e6b476f875cf0d4dac290a4fe200c678028e372a23.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjjj.exec:\jpjjj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbtbh.exec:\nnbtbh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vjjj.exec:\3vjjj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnbhh.exec:\thnbhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjjd.exec:\vjjjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrlfrl.exec:\llrlfrl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbnnt.exec:\hbbnnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjj.exec:\vppjj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vjjj.exec:\3vjjj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflffxx.exec:\fflffxx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxrxx.exec:\xrxxrxx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthbbh.exec:\bthbbh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvpp.exec:\vvvpp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nhhhn.exec:\7nhhhn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hhhbh.exec:\3hhhbh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjj.exec:\jdjjj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpjv.exec:\pvpjv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvdd.exec:\jpvdd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflllll.exec:\rflllll.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nttnn.exec:\1nttnn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdvp.exec:\vvdvp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrffll.exec:\frrffll.exe23⤵
- Executes dropped EXE
-
\??\c:\btbtbn.exec:\btbtbn.exe24⤵
- Executes dropped EXE
-
\??\c:\3djvp.exec:\3djvp.exe25⤵
- Executes dropped EXE
-
\??\c:\xrrrllx.exec:\xrrrllx.exe26⤵
- Executes dropped EXE
-
\??\c:\hhhntb.exec:\hhhntb.exe27⤵
- Executes dropped EXE
-
\??\c:\pjvvv.exec:\pjvvv.exe28⤵
- Executes dropped EXE
-
\??\c:\9rfffrr.exec:\9rfffrr.exe29⤵
- Executes dropped EXE
-
\??\c:\9lxrffl.exec:\9lxrffl.exe30⤵
- Executes dropped EXE
-
\??\c:\nbbttn.exec:\nbbttn.exe31⤵
- Executes dropped EXE
-
\??\c:\vpdvd.exec:\vpdvd.exe32⤵
- Executes dropped EXE
-
\??\c:\btbhhn.exec:\btbhhn.exe33⤵
- Executes dropped EXE
-
\??\c:\7nhnbh.exec:\7nhnbh.exe34⤵
- Executes dropped EXE
-
\??\c:\jpjjj.exec:\jpjjj.exe35⤵
- Executes dropped EXE
-
\??\c:\xxlxxxl.exec:\xxlxxxl.exe36⤵
- Executes dropped EXE
-
\??\c:\bntttb.exec:\bntttb.exe37⤵
- Executes dropped EXE
-
\??\c:\hbttbh.exec:\hbttbh.exe38⤵
- Executes dropped EXE
-
\??\c:\ddjdd.exec:\ddjdd.exe39⤵
- Executes dropped EXE
-
\??\c:\lfffxfr.exec:\lfffxfr.exe40⤵
- Executes dropped EXE
-
\??\c:\nhnhht.exec:\nhnhht.exe41⤵
- Executes dropped EXE
-
\??\c:\jvddv.exec:\jvddv.exe42⤵
- Executes dropped EXE
-
\??\c:\jdjvp.exec:\jdjvp.exe43⤵
- Executes dropped EXE
-
\??\c:\rlffffl.exec:\rlffffl.exe44⤵
- Executes dropped EXE
-
\??\c:\hhtnht.exec:\hhtnht.exe45⤵
- Executes dropped EXE
-
\??\c:\bbtnbb.exec:\bbtnbb.exe46⤵
- Executes dropped EXE
-
\??\c:\dddvj.exec:\dddvj.exe47⤵
- Executes dropped EXE
-
\??\c:\fflfffx.exec:\fflfffx.exe48⤵
- Executes dropped EXE
-
\??\c:\7thnnn.exec:\7thnnn.exe49⤵
- Executes dropped EXE
-
\??\c:\1pdvd.exec:\1pdvd.exe50⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe51⤵
- Executes dropped EXE
-
\??\c:\flxllfx.exec:\flxllfx.exe52⤵
- Executes dropped EXE
-
\??\c:\htnttt.exec:\htnttt.exe53⤵
- Executes dropped EXE
-
\??\c:\hhthtn.exec:\hhthtn.exe54⤵
- Executes dropped EXE
-
\??\c:\ddjpp.exec:\ddjpp.exe55⤵
- Executes dropped EXE
-
\??\c:\5lrrrxr.exec:\5lrrrxr.exe56⤵
- Executes dropped EXE
-
\??\c:\fxllfll.exec:\fxllfll.exe57⤵
- Executes dropped EXE
-
\??\c:\tthhnt.exec:\tthhnt.exe58⤵
- Executes dropped EXE
-
\??\c:\9vdvv.exec:\9vdvv.exe59⤵
- Executes dropped EXE
-
\??\c:\ffrlxlr.exec:\ffrlxlr.exe60⤵
- Executes dropped EXE
-
\??\c:\rllxxxx.exec:\rllxxxx.exe61⤵
- Executes dropped EXE
-
\??\c:\bbtttb.exec:\bbtttb.exe62⤵
- Executes dropped EXE
-
\??\c:\vpvpj.exec:\vpvpj.exe63⤵
- Executes dropped EXE
-
\??\c:\vjvpp.exec:\vjvpp.exe64⤵
- Executes dropped EXE
-
\??\c:\xlrlflf.exec:\xlrlflf.exe65⤵
- Executes dropped EXE
-
\??\c:\fxllfrr.exec:\fxllfrr.exe66⤵
-
\??\c:\tnhhtn.exec:\tnhhtn.exe67⤵
-
\??\c:\3jdjj.exec:\3jdjj.exe68⤵
-
\??\c:\frffrrl.exec:\frffrrl.exe69⤵
-
\??\c:\tnbhth.exec:\tnbhth.exe70⤵
-
\??\c:\bbbbtt.exec:\bbbbtt.exe71⤵
-
\??\c:\5pjjd.exec:\5pjjd.exe72⤵
-
\??\c:\rlrrrrx.exec:\rlrrrrx.exe73⤵
-
\??\c:\5llrxxx.exec:\5llrxxx.exe74⤵
-
\??\c:\bhnnbt.exec:\bhnnbt.exe75⤵
-
\??\c:\pvvdp.exec:\pvvdp.exe76⤵
-
\??\c:\fflllrr.exec:\fflllrr.exe77⤵
-
\??\c:\lxllllr.exec:\lxllllr.exe78⤵
-
\??\c:\ntbttt.exec:\ntbttt.exe79⤵
-
\??\c:\dpjvp.exec:\dpjvp.exe80⤵
-
\??\c:\vvddj.exec:\vvddj.exe81⤵
-
\??\c:\xlfrrff.exec:\xlfrrff.exe82⤵
-
\??\c:\lxlfrxr.exec:\lxlfrxr.exe83⤵
-
\??\c:\nthhbb.exec:\nthhbb.exe84⤵
-
\??\c:\bttnbb.exec:\bttnbb.exe85⤵
-
\??\c:\dddjv.exec:\dddjv.exe86⤵
-
\??\c:\9xlfrxx.exec:\9xlfrxx.exe87⤵
-
\??\c:\ffxxrxx.exec:\ffxxrxx.exe88⤵
-
\??\c:\hhhnnb.exec:\hhhnnb.exe89⤵
-
\??\c:\vdvdv.exec:\vdvdv.exe90⤵
-
\??\c:\fxfxlfx.exec:\fxfxlfx.exe91⤵
-
\??\c:\fllllfl.exec:\fllllfl.exe92⤵
-
\??\c:\nhthbh.exec:\nhthbh.exe93⤵
-
\??\c:\vpjjj.exec:\vpjjj.exe94⤵
-
\??\c:\ffrrrfl.exec:\ffrrrfl.exe95⤵
-
\??\c:\tnnhht.exec:\tnnhht.exe96⤵
-
\??\c:\jjjjj.exec:\jjjjj.exe97⤵
-
\??\c:\djjjv.exec:\djjjv.exe98⤵
-
\??\c:\fffxfxx.exec:\fffxfxx.exe99⤵
-
\??\c:\ffxrxxl.exec:\ffxrxxl.exe100⤵
-
\??\c:\1dpjp.exec:\1dpjp.exe101⤵
-
\??\c:\vjppp.exec:\vjppp.exe102⤵
-
\??\c:\rrrrllf.exec:\rrrrllf.exe103⤵
-
\??\c:\9lxffxf.exec:\9lxffxf.exe104⤵
-
\??\c:\bntttt.exec:\bntttt.exe105⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe106⤵
-
\??\c:\pppjd.exec:\pppjd.exe107⤵
-
\??\c:\lflxrll.exec:\lflxrll.exe108⤵
-
\??\c:\ntntbb.exec:\ntntbb.exe109⤵
-
\??\c:\ppdvv.exec:\ppdvv.exe110⤵
-
\??\c:\9vdvv.exec:\9vdvv.exe111⤵
-
\??\c:\1fffxxx.exec:\1fffxxx.exe112⤵
-
\??\c:\btttbb.exec:\btttbb.exe113⤵
-
\??\c:\hnthbb.exec:\hnthbb.exe114⤵
-
\??\c:\ppjdd.exec:\ppjdd.exe115⤵
-
\??\c:\ppjdv.exec:\ppjdv.exe116⤵
-
\??\c:\rfllfxl.exec:\rfllfxl.exe117⤵
-
\??\c:\hnbbtt.exec:\hnbbtt.exe118⤵
-
\??\c:\bhtttt.exec:\bhtttt.exe119⤵
-
\??\c:\jppdj.exec:\jppdj.exe120⤵
-
\??\c:\jvpjv.exec:\jvpjv.exe121⤵
-
\??\c:\rxlxflr.exec:\rxlxflr.exe122⤵
-
\??\c:\ntthbt.exec:\ntthbt.exe123⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe124⤵
-
\??\c:\jvpjd.exec:\jvpjd.exe125⤵
-
\??\c:\lrlflrr.exec:\lrlflrr.exe126⤵
-
\??\c:\thhhth.exec:\thhhth.exe127⤵
-
\??\c:\hnbbhh.exec:\hnbbhh.exe128⤵
-
\??\c:\ppjjj.exec:\ppjjj.exe129⤵
-
\??\c:\rfxrrxr.exec:\rfxrrxr.exe130⤵
-
\??\c:\5ffllxf.exec:\5ffllxf.exe131⤵
-
\??\c:\nthnth.exec:\nthnth.exe132⤵
-
\??\c:\bhhbbh.exec:\bhhbbh.exe133⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe134⤵
-
\??\c:\1rfflrf.exec:\1rfflrf.exe135⤵
-
\??\c:\lxrrxfx.exec:\lxrrxfx.exe136⤵
-
\??\c:\bbnnnh.exec:\bbnnnh.exe137⤵
-
\??\c:\vjdjp.exec:\vjdjp.exe138⤵
-
\??\c:\pjpvv.exec:\pjpvv.exe139⤵
-
\??\c:\rxlxrlx.exec:\rxlxrlx.exe140⤵
-
\??\c:\rrflrxf.exec:\rrflrxf.exe141⤵
-
\??\c:\nttnbt.exec:\nttnbt.exe142⤵
-
\??\c:\1vvpj.exec:\1vvpj.exe143⤵
-
\??\c:\9ppdv.exec:\9ppdv.exe144⤵
-
\??\c:\7frxrlf.exec:\7frxrlf.exe145⤵
-
\??\c:\ffrrxxx.exec:\ffrrxxx.exe146⤵
-
\??\c:\nnnttt.exec:\nnnttt.exe147⤵
-
\??\c:\5jdvp.exec:\5jdvp.exe148⤵
-
\??\c:\xrfxffx.exec:\xrfxffx.exe149⤵
-
\??\c:\ffffxrl.exec:\ffffxrl.exe150⤵
-
\??\c:\7nbhht.exec:\7nbhht.exe151⤵
-
\??\c:\bttnhb.exec:\bttnhb.exe152⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe153⤵
-
\??\c:\rrxfflr.exec:\rrxfflr.exe154⤵
-
\??\c:\btbtnh.exec:\btbtnh.exe155⤵
-
\??\c:\ddvpd.exec:\ddvpd.exe156⤵
-
\??\c:\rlrfrfr.exec:\rlrfrfr.exe157⤵
-
\??\c:\bnbnhb.exec:\bnbnhb.exe158⤵
-
\??\c:\ppvpd.exec:\ppvpd.exe159⤵
-
\??\c:\flfxlxf.exec:\flfxlxf.exe160⤵
-
\??\c:\hnbtbh.exec:\hnbtbh.exe161⤵
-
\??\c:\vdppv.exec:\vdppv.exe162⤵
-
\??\c:\vpjvv.exec:\vpjvv.exe163⤵
-
\??\c:\frfrrfl.exec:\frfrrfl.exe164⤵
-
\??\c:\hnhbbn.exec:\hnhbbn.exe165⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe166⤵
-
\??\c:\rrxlxxx.exec:\rrxlxxx.exe167⤵
-
\??\c:\lfxxrrl.exec:\lfxxrrl.exe168⤵
-
\??\c:\bntbbn.exec:\bntbbn.exe169⤵
-
\??\c:\9vdjp.exec:\9vdjp.exe170⤵
-
\??\c:\rrrfrfx.exec:\rrrfrfx.exe171⤵
-
\??\c:\rflxrfx.exec:\rflxrfx.exe172⤵
-
\??\c:\1bbhhb.exec:\1bbhhb.exe173⤵
-
\??\c:\pvpdv.exec:\pvpdv.exe174⤵
-
\??\c:\xxxxxrf.exec:\xxxxxrf.exe175⤵
-
\??\c:\1rfrlfx.exec:\1rfrlfx.exe176⤵
-
\??\c:\hnnthh.exec:\hnnthh.exe177⤵
-
\??\c:\1vvvp.exec:\1vvvp.exe178⤵
-
\??\c:\lxrrxxl.exec:\lxrrxxl.exe179⤵
-
\??\c:\rrlxxlx.exec:\rrlxxlx.exe180⤵
-
\??\c:\tbhhhh.exec:\tbhhhh.exe181⤵
-
\??\c:\5pjvp.exec:\5pjvp.exe182⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe183⤵
-
\??\c:\xrfxxrf.exec:\xrfxxrf.exe184⤵
-
\??\c:\nhbttt.exec:\nhbttt.exe185⤵
-
\??\c:\hbntbt.exec:\hbntbt.exe186⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe187⤵
-
\??\c:\frfrxxf.exec:\frfrxxf.exe188⤵
-
\??\c:\bbntth.exec:\bbntth.exe189⤵
-
\??\c:\tbtnnb.exec:\tbtnnb.exe190⤵
-
\??\c:\7vpdd.exec:\7vpdd.exe191⤵
-
\??\c:\lxxxflf.exec:\lxxxflf.exe192⤵
-
\??\c:\rrrfxxr.exec:\rrrfxxr.exe193⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe194⤵
-
\??\c:\ppjjv.exec:\ppjjv.exe195⤵
-
\??\c:\jjpjv.exec:\jjpjv.exe196⤵
-
\??\c:\3xffrlf.exec:\3xffrlf.exe197⤵
-
\??\c:\bthbnn.exec:\bthbnn.exe198⤵
-
\??\c:\bhnhhh.exec:\bhnhhh.exe199⤵
-
\??\c:\ddjdv.exec:\ddjdv.exe200⤵
-
\??\c:\rlrxrfl.exec:\rlrxrfl.exe201⤵
-
\??\c:\5ntnbt.exec:\5ntnbt.exe202⤵
-
\??\c:\ddjdv.exec:\ddjdv.exe203⤵
-
\??\c:\frfllrr.exec:\frfllrr.exe204⤵
-
\??\c:\rfrlllr.exec:\rfrlllr.exe205⤵
-
\??\c:\hthhhb.exec:\hthhhb.exe206⤵
-
\??\c:\jpjdv.exec:\jpjdv.exe207⤵
-
\??\c:\fffrfxf.exec:\fffrfxf.exe208⤵
-
\??\c:\hnnhnh.exec:\hnnhnh.exe209⤵
-
\??\c:\3thhbh.exec:\3thhbh.exe210⤵
-
\??\c:\9djjj.exec:\9djjj.exe211⤵
-
\??\c:\xxxxxfx.exec:\xxxxxfx.exe212⤵
-
\??\c:\flllrxr.exec:\flllrxr.exe213⤵
-
\??\c:\hhnnnt.exec:\hhnnnt.exe214⤵
-
\??\c:\pdjjj.exec:\pdjjj.exe215⤵
-
\??\c:\nbbthb.exec:\nbbthb.exe216⤵
-
\??\c:\vdvjd.exec:\vdvjd.exe217⤵
-
\??\c:\1thhhn.exec:\1thhhn.exe218⤵
-
\??\c:\lfflxrl.exec:\lfflxrl.exe219⤵
-
\??\c:\llxffrf.exec:\llxffrf.exe220⤵
-
\??\c:\nhbbhh.exec:\nhbbhh.exe221⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe222⤵
-
\??\c:\9tbttt.exec:\9tbttt.exe223⤵
-
\??\c:\7jjdd.exec:\7jjdd.exe224⤵
-
\??\c:\jddvp.exec:\jddvp.exe225⤵
-
\??\c:\9btnhh.exec:\9btnhh.exe226⤵
-
\??\c:\hhhhbt.exec:\hhhhbt.exe227⤵
-
\??\c:\jpjpv.exec:\jpjpv.exe228⤵
-
\??\c:\xlxrxrf.exec:\xlxrxrf.exe229⤵
-
\??\c:\9hhbnt.exec:\9hhbnt.exe230⤵
-
\??\c:\nbbnbb.exec:\nbbnbb.exe231⤵
-
\??\c:\ddpvd.exec:\ddpvd.exe232⤵
-
\??\c:\1bthbb.exec:\1bthbb.exe233⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe234⤵
-
\??\c:\1nnbbt.exec:\1nnbbt.exe235⤵
-
\??\c:\9thbtt.exec:\9thbtt.exe236⤵
-
\??\c:\nbhbtt.exec:\nbhbtt.exe237⤵
-
\??\c:\nthhtb.exec:\nthhtb.exe238⤵
-
\??\c:\hbbhth.exec:\hbbhth.exe239⤵
-
\??\c:\fxlxxlf.exec:\fxlxxlf.exe240⤵
-
\??\c:\tntnbt.exec:\tntnbt.exe241⤵