Analysis
-
max time kernel
150s -
max time network
116s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
20-05-2024 04:54
General
-
Target
b2432b844c7a40263894904a48b2675c207c57bb23f5239fbb405b1628075c9b.exe
-
Size
65KB
-
MD5
135fc4914e879247fd8951963012db10
-
SHA1
066e34c413d54a9b4988b58957e64799c8f4d1ac
-
SHA256
b2432b844c7a40263894904a48b2675c207c57bb23f5239fbb405b1628075c9b
-
SHA512
2b0a039a3472fc82e10daf84ac6b2764557ab80e720d0a6c5a8163efd2eaf0d74fa2ab3c3ed41491e880acf4b9f31b947ff6d66383a1615433c993a871eab9a5
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfQ:ymb3NkkiQ3mdBjFI4Vc
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 31 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b2432b844c7a40263894904a48b2675c207c57bb23f5239fbb405b1628075c9b.exe"C:\Users\Admin\AppData\Local\Temp\b2432b844c7a40263894904a48b2675c207c57bb23f5239fbb405b1628075c9b.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxxrr.exec:\lffxxrr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ttbbb.exec:\1ttbbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvv.exec:\pjdvv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xflxxr.exec:\1xflxxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfxrrl.exec:\frfxrrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7btnhb.exec:\7btnhb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jppj.exec:\3jppj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxrllf.exec:\frxrllf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllrllf.exec:\rllrllf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthnhh.exec:\nthnhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vpdp.exec:\5vpdp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrrffl.exec:\lfrrffl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fllrxr.exec:\1fllrxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhnnn.exec:\thhnnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjjj.exec:\vdjjj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvvp.exec:\vvvvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxxrff.exec:\rxxxrff.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rxfxxl.exec:\9rxfxxl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnntt.exec:\nhnntt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpv.exec:\dvvpv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1djdv.exec:\1djdv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrlrll.exec:\flrlrll.exe23⤵
- Executes dropped EXE
-
\??\c:\rrxfxff.exec:\rrxfxff.exe24⤵
- Executes dropped EXE
-
\??\c:\bttttb.exec:\bttttb.exe25⤵
- Executes dropped EXE
-
\??\c:\jvdvp.exec:\jvdvp.exe26⤵
- Executes dropped EXE
-
\??\c:\rrfxrrl.exec:\rrfxrrl.exe27⤵
- Executes dropped EXE
-
\??\c:\hbhhnn.exec:\hbhhnn.exe28⤵
- Executes dropped EXE
-
\??\c:\tbttbh.exec:\tbttbh.exe29⤵
- Executes dropped EXE
-
\??\c:\vpppd.exec:\vpppd.exe30⤵
- Executes dropped EXE
-
\??\c:\rrxxllf.exec:\rrxxllf.exe31⤵
- Executes dropped EXE
-
\??\c:\bnnhbb.exec:\bnnhbb.exe32⤵
- Executes dropped EXE
-
\??\c:\bnhbbb.exec:\bnhbbb.exe33⤵
- Executes dropped EXE
-
\??\c:\djjjp.exec:\djjjp.exe34⤵
- Executes dropped EXE
-
\??\c:\jddvd.exec:\jddvd.exe35⤵
- Executes dropped EXE
-
\??\c:\xxlfrff.exec:\xxlfrff.exe36⤵
- Executes dropped EXE
-
\??\c:\tntttt.exec:\tntttt.exe37⤵
- Executes dropped EXE
-
\??\c:\bttnnn.exec:\bttnnn.exe38⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe39⤵
- Executes dropped EXE
-
\??\c:\7dppd.exec:\7dppd.exe40⤵
- Executes dropped EXE
-
\??\c:\vvvdd.exec:\vvvdd.exe41⤵
- Executes dropped EXE
-
\??\c:\rrxxxxx.exec:\rrxxxxx.exe42⤵
- Executes dropped EXE
-
\??\c:\tntnhn.exec:\tntnhn.exe43⤵
- Executes dropped EXE
-
\??\c:\tthbth.exec:\tthbth.exe44⤵
- Executes dropped EXE
-
\??\c:\dvdpj.exec:\dvdpj.exe45⤵
- Executes dropped EXE
-
\??\c:\xrffxxx.exec:\xrffxxx.exe46⤵
- Executes dropped EXE
-
\??\c:\rrrrlll.exec:\rrrrlll.exe47⤵
- Executes dropped EXE
-
\??\c:\tnbhnt.exec:\tnbhnt.exe48⤵
- Executes dropped EXE
-
\??\c:\jdppj.exec:\jdppj.exe49⤵
- Executes dropped EXE
-
\??\c:\jvjdv.exec:\jvjdv.exe50⤵
- Executes dropped EXE
-
\??\c:\rlllfll.exec:\rlllfll.exe51⤵
- Executes dropped EXE
-
\??\c:\bbhhbn.exec:\bbhhbn.exe52⤵
- Executes dropped EXE
-
\??\c:\jjjjd.exec:\jjjjd.exe53⤵
- Executes dropped EXE
-
\??\c:\vjppj.exec:\vjppj.exe54⤵
- Executes dropped EXE
-
\??\c:\rfrlfxx.exec:\rfrlfxx.exe55⤵
- Executes dropped EXE
-
\??\c:\7bbtbb.exec:\7bbtbb.exe56⤵
- Executes dropped EXE
-
\??\c:\7tnnnn.exec:\7tnnnn.exe57⤵
- Executes dropped EXE
-
\??\c:\dpppj.exec:\dpppj.exe58⤵
- Executes dropped EXE
-
\??\c:\pjppv.exec:\pjppv.exe59⤵
- Executes dropped EXE
-
\??\c:\lfxrrrl.exec:\lfxrrrl.exe60⤵
- Executes dropped EXE
-
\??\c:\fxxrrrl.exec:\fxxrrrl.exe61⤵
- Executes dropped EXE
-
\??\c:\hhhhhh.exec:\hhhhhh.exe62⤵
- Executes dropped EXE
-
\??\c:\hbbtnh.exec:\hbbtnh.exe63⤵
- Executes dropped EXE
-
\??\c:\jdjpd.exec:\jdjpd.exe64⤵
- Executes dropped EXE
-
\??\c:\jddvj.exec:\jddvj.exe65⤵
- Executes dropped EXE
-
\??\c:\1lxrrrx.exec:\1lxrrrx.exe66⤵
-
\??\c:\xrlfffx.exec:\xrlfffx.exe67⤵
-
\??\c:\rxfflff.exec:\rxfflff.exe68⤵
-
\??\c:\nbnnhh.exec:\nbnnhh.exe69⤵
-
\??\c:\jvddv.exec:\jvddv.exe70⤵
-
\??\c:\jpdjj.exec:\jpdjj.exe71⤵
-
\??\c:\ddjjd.exec:\ddjjd.exe72⤵
-
\??\c:\ffrrxxx.exec:\ffrrxxx.exe73⤵
-
\??\c:\rfllrrr.exec:\rfllrrr.exe74⤵
-
\??\c:\nnbbtt.exec:\nnbbtt.exe75⤵
-
\??\c:\djddv.exec:\djddv.exe76⤵
-
\??\c:\vdpvd.exec:\vdpvd.exe77⤵
-
\??\c:\fxxfffr.exec:\fxxfffr.exe78⤵
-
\??\c:\3xxfxxr.exec:\3xxfxxr.exe79⤵
-
\??\c:\frrlfrl.exec:\frrlfrl.exe80⤵
-
\??\c:\hnbtbh.exec:\hnbtbh.exe81⤵
-
\??\c:\9nttnn.exec:\9nttnn.exe82⤵
-
\??\c:\vppjp.exec:\vppjp.exe83⤵
-
\??\c:\jppjj.exec:\jppjj.exe84⤵
-
\??\c:\xrxrrll.exec:\xrxrrll.exe85⤵
-
\??\c:\nbbbhh.exec:\nbbbhh.exe86⤵
-
\??\c:\vvddv.exec:\vvddv.exe87⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe88⤵
-
\??\c:\xfrrllf.exec:\xfrrllf.exe89⤵
-
\??\c:\7djjd.exec:\7djjd.exe90⤵
-
\??\c:\fxrrlrr.exec:\fxrrlrr.exe91⤵
-
\??\c:\btbbth.exec:\btbbth.exe92⤵
-
\??\c:\5jjdd.exec:\5jjdd.exe93⤵
-
\??\c:\jddvv.exec:\jddvv.exe94⤵
-
\??\c:\1ffxxfr.exec:\1ffxxfr.exe95⤵
-
\??\c:\lxxxfll.exec:\lxxxfll.exe96⤵
-
\??\c:\7bnhhh.exec:\7bnhhh.exe97⤵
-
\??\c:\ntbbbh.exec:\ntbbbh.exe98⤵
-
\??\c:\jpvdv.exec:\jpvdv.exe99⤵
-
\??\c:\fxrrlxx.exec:\fxrrlxx.exe100⤵
-
\??\c:\htttnt.exec:\htttnt.exe101⤵
-
\??\c:\nntthn.exec:\nntthn.exe102⤵
-
\??\c:\bnbbbh.exec:\bnbbbh.exe103⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe104⤵
-
\??\c:\xrllfrr.exec:\xrllfrr.exe105⤵
-
\??\c:\xfffflf.exec:\xfffflf.exe106⤵
-
\??\c:\bthhbb.exec:\bthhbb.exe107⤵
-
\??\c:\nhtttt.exec:\nhtttt.exe108⤵
-
\??\c:\pjppp.exec:\pjppp.exe109⤵
-
\??\c:\lxfllxr.exec:\lxfllxr.exe110⤵
-
\??\c:\9fllrlr.exec:\9fllrlr.exe111⤵
-
\??\c:\9hnnhh.exec:\9hnnhh.exe112⤵
-
\??\c:\vvvvv.exec:\vvvvv.exe113⤵
-
\??\c:\lxxrllf.exec:\lxxrllf.exe114⤵
-
\??\c:\ffrrxxf.exec:\ffrrxxf.exe115⤵
-
\??\c:\bbhbtn.exec:\bbhbtn.exe116⤵
-
\??\c:\5nnhhh.exec:\5nnhhh.exe117⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe118⤵
-
\??\c:\ppppp.exec:\ppppp.exe119⤵
-
\??\c:\rfrxlxx.exec:\rfrxlxx.exe120⤵
-
\??\c:\ttbhhh.exec:\ttbhhh.exe121⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe122⤵
-
\??\c:\3vvpp.exec:\3vvpp.exe123⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe124⤵
-
\??\c:\lrxxrrf.exec:\lrxxrrf.exe125⤵
-
\??\c:\rfrxrrf.exec:\rfrxrrf.exe126⤵
-
\??\c:\1ntnhh.exec:\1ntnhh.exe127⤵
-
\??\c:\pdvvv.exec:\pdvvv.exe128⤵
-
\??\c:\rrrlxrf.exec:\rrrlxrf.exe129⤵
-
\??\c:\1bbhbt.exec:\1bbhbt.exe130⤵
-
\??\c:\thhbtt.exec:\thhbtt.exe131⤵
-
\??\c:\vppvp.exec:\vppvp.exe132⤵
-
\??\c:\fxxrflf.exec:\fxxrflf.exe133⤵
-
\??\c:\rlrxxfx.exec:\rlrxxfx.exe134⤵
-
\??\c:\htnnnt.exec:\htnnnt.exe135⤵
-
\??\c:\nhnbtt.exec:\nhnbtt.exe136⤵
-
\??\c:\lffxxxx.exec:\lffxxxx.exe137⤵
-
\??\c:\5lrlrrx.exec:\5lrlrrx.exe138⤵
-
\??\c:\3nbhhh.exec:\3nbhhh.exe139⤵
-
\??\c:\httntn.exec:\httntn.exe140⤵
-
\??\c:\dpddd.exec:\dpddd.exe141⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe142⤵
-
\??\c:\5llflrl.exec:\5llflrl.exe143⤵
-
\??\c:\1fxxxxx.exec:\1fxxxxx.exe144⤵
-
\??\c:\rrrrlll.exec:\rrrrlll.exe145⤵
-
\??\c:\nnbbbn.exec:\nnbbbn.exe146⤵
-
\??\c:\hhhbnn.exec:\hhhbnn.exe147⤵
-
\??\c:\7jvdp.exec:\7jvdp.exe148⤵
-
\??\c:\pvddv.exec:\pvddv.exe149⤵
-
\??\c:\dppjv.exec:\dppjv.exe150⤵
-
\??\c:\3xxrflf.exec:\3xxrflf.exe151⤵
-
\??\c:\7xrrrrr.exec:\7xrrrrr.exe152⤵
-
\??\c:\ttttnt.exec:\ttttnt.exe153⤵
-
\??\c:\tbhtnn.exec:\tbhtnn.exe154⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe155⤵
-
\??\c:\vpjvp.exec:\vpjvp.exe156⤵
-
\??\c:\rffrlff.exec:\rffrlff.exe157⤵
-
\??\c:\rlrrxxl.exec:\rlrrxxl.exe158⤵
-
\??\c:\nbbbtn.exec:\nbbbtn.exe159⤵
-
\??\c:\hhnntt.exec:\hhnntt.exe160⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe161⤵
-
\??\c:\pddvj.exec:\pddvj.exe162⤵
-
\??\c:\7rxxxxr.exec:\7rxxxxr.exe163⤵
-
\??\c:\hnnnhh.exec:\hnnnhh.exe164⤵
-
\??\c:\tntnbt.exec:\tntnbt.exe165⤵
-
\??\c:\tnhtnh.exec:\tnhtnh.exe166⤵
-
\??\c:\vvdpd.exec:\vvdpd.exe167⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe168⤵
-
\??\c:\9frlrrx.exec:\9frlrrx.exe169⤵
-
\??\c:\rlflfrl.exec:\rlflfrl.exe170⤵
-
\??\c:\bnbtnh.exec:\bnbtnh.exe171⤵
-
\??\c:\bhnhhh.exec:\bhnhhh.exe172⤵
-
\??\c:\7hnhhh.exec:\7hnhhh.exe173⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe174⤵
-
\??\c:\3djjd.exec:\3djjd.exe175⤵
-
\??\c:\lffxrrl.exec:\lffxrrl.exe176⤵
-
\??\c:\rlxrrxr.exec:\rlxrrxr.exe177⤵
-
\??\c:\9hbbtn.exec:\9hbbtn.exe178⤵
-
\??\c:\hbhhhn.exec:\hbhhhn.exe179⤵
-
\??\c:\vjjvv.exec:\vjjvv.exe180⤵
-
\??\c:\vdjvd.exec:\vdjvd.exe181⤵
-
\??\c:\pddvj.exec:\pddvj.exe182⤵
-
\??\c:\3fxrxxf.exec:\3fxrxxf.exe183⤵
-
\??\c:\xxlfllr.exec:\xxlfllr.exe184⤵
-
\??\c:\9rrllll.exec:\9rrllll.exe185⤵
-
\??\c:\nhhhbb.exec:\nhhhbb.exe186⤵
-
\??\c:\7pvpp.exec:\7pvpp.exe187⤵
-
\??\c:\vppjj.exec:\vppjj.exe188⤵
-
\??\c:\xrlffxx.exec:\xrlffxx.exe189⤵
-
\??\c:\thnnhb.exec:\thnnhb.exe190⤵
-
\??\c:\xlllfrl.exec:\xlllfrl.exe191⤵
-
\??\c:\5rfxflr.exec:\5rfxflr.exe192⤵
-
\??\c:\nthbbb.exec:\nthbbb.exe193⤵
-
\??\c:\vddjj.exec:\vddjj.exe194⤵
-
\??\c:\9rlfxlf.exec:\9rlfxlf.exe195⤵
-
\??\c:\bhhhnh.exec:\bhhhnh.exe196⤵
-
\??\c:\xfflflf.exec:\xfflflf.exe197⤵
-
\??\c:\hhttnn.exec:\hhttnn.exe198⤵
-
\??\c:\djppp.exec:\djppp.exe199⤵
-
\??\c:\tnthbh.exec:\tnthbh.exe200⤵
-
\??\c:\hbbtnb.exec:\hbbtnb.exe201⤵
-
\??\c:\9vddv.exec:\9vddv.exe202⤵
-
\??\c:\bnbtnb.exec:\bnbtnb.exe203⤵
-
\??\c:\1vpvp.exec:\1vpvp.exe204⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe205⤵
-
\??\c:\1fllfrl.exec:\1fllfrl.exe206⤵
-
\??\c:\rllxrlx.exec:\rllxrlx.exe207⤵
-
\??\c:\bbhhhh.exec:\bbhhhh.exe208⤵
-
\??\c:\tnbnhh.exec:\tnbnhh.exe209⤵
-
\??\c:\dpppv.exec:\dpppv.exe210⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe211⤵
-
\??\c:\frxrrlr.exec:\frxrrlr.exe212⤵
-
\??\c:\xlfxllf.exec:\xlfxllf.exe213⤵
-
\??\c:\fxxlffr.exec:\fxxlffr.exe214⤵
-
\??\c:\httthh.exec:\httthh.exe215⤵
-
\??\c:\bnnnhh.exec:\bnnnhh.exe216⤵
-
\??\c:\pjjjp.exec:\pjjjp.exe217⤵
-
\??\c:\jddvp.exec:\jddvp.exe218⤵
-
\??\c:\7jddd.exec:\7jddd.exe219⤵
-
\??\c:\xxxrxff.exec:\xxxrxff.exe220⤵
-
\??\c:\lfrrxxf.exec:\lfrrxxf.exe221⤵
-
\??\c:\bnhnnn.exec:\bnhnnn.exe222⤵
-
\??\c:\5hnnhn.exec:\5hnnhn.exe223⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe224⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe225⤵
-
\??\c:\dvdjd.exec:\dvdjd.exe226⤵
-
\??\c:\lflffxl.exec:\lflffxl.exe227⤵
-
\??\c:\lrfffxx.exec:\lrfffxx.exe228⤵
-
\??\c:\xrrrlll.exec:\xrrrlll.exe229⤵
-
\??\c:\nbbtnh.exec:\nbbtnh.exe230⤵
-
\??\c:\btbhbh.exec:\btbhbh.exe231⤵
-
\??\c:\pvpdp.exec:\pvpdp.exe232⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe233⤵
-
\??\c:\lfrflxr.exec:\lfrflxr.exe234⤵
-
\??\c:\rrlflfl.exec:\rrlflfl.exe235⤵
-
\??\c:\tbbnnh.exec:\tbbnnh.exe236⤵
-
\??\c:\bhbbbb.exec:\bhbbbb.exe237⤵
-
\??\c:\vpjpj.exec:\vpjpj.exe238⤵
-
\??\c:\jpvjv.exec:\jpvjv.exe239⤵
-
\??\c:\rlllffx.exec:\rlllffx.exe240⤵
-
\??\c:\rrxflfl.exec:\rrxflfl.exe241⤵