Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
20-05-2024 08:16
General
-
Target
dcb6cada3493d7c18a05e16ebde07b7aef003dd27fa7817759ac3c9c7e1e3806.exe
-
Size
57KB
-
MD5
d5a10b61d149715a486ac88ed95683f0
-
SHA1
d4e9f4b1a4c8a1da55b0ac15dc8deae948ab492f
-
SHA256
dcb6cada3493d7c18a05e16ebde07b7aef003dd27fa7817759ac3c9c7e1e3806
-
SHA512
dd656ee59c3eea62726312be601aae234558540bbc68cd01d4d5d6e72679404c5540090146287ebcb71deb5e8db77c5492111526f4dff5490bcf084f35fc8e34
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuSwFN7:ymb3NkkiQ3mdBjFIvIFN7
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\dcb6cada3493d7c18a05e16ebde07b7aef003dd27fa7817759ac3c9c7e1e3806.exe"C:\Users\Admin\AppData\Local\Temp\dcb6cada3493d7c18a05e16ebde07b7aef003dd27fa7817759ac3c9c7e1e3806.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5bnnnh.exec:\5bnnnh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xffxxx.exec:\1xffxxx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxffxxx.exec:\fxffxxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttntn.exec:\bttntn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvj.exec:\dvdvj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjddd.exec:\vjddd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrrlll.exec:\flrrlll.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthnnn.exec:\nthnnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppjd.exec:\pppjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfllfxr.exec:\lfllfxr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfffx.exec:\rllfffx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbttth.exec:\tbttth.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdppp.exec:\vdppp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrrfff.exec:\xlrrfff.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhnbb.exec:\nbhnbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnnhh.exec:\tnnnhh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddddv.exec:\ddddv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpj.exec:\dvvpj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfflrl.exec:\xlfflrl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbntn.exec:\hbbntn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttttn.exec:\nttttn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pvvd.exec:\9pvvd.exe23⤵
- Executes dropped EXE
-
\??\c:\dvvvj.exec:\dvvvj.exe24⤵
- Executes dropped EXE
-
\??\c:\7xffxxr.exec:\7xffxxr.exe25⤵
- Executes dropped EXE
-
\??\c:\lflffll.exec:\lflffll.exe26⤵
- Executes dropped EXE
-
\??\c:\tnnhnn.exec:\tnnhnn.exe27⤵
- Executes dropped EXE
-
\??\c:\thhhbn.exec:\thhhbn.exe28⤵
- Executes dropped EXE
-
\??\c:\vvvpv.exec:\vvvpv.exe29⤵
- Executes dropped EXE
-
\??\c:\jppvp.exec:\jppvp.exe30⤵
- Executes dropped EXE
-
\??\c:\xrrrrrf.exec:\xrrrrrf.exe31⤵
- Executes dropped EXE
-
\??\c:\nhnnhh.exec:\nhnnhh.exe32⤵
- Executes dropped EXE
-
\??\c:\htbbtt.exec:\htbbtt.exe33⤵
- Executes dropped EXE
-
\??\c:\jvddd.exec:\jvddd.exe34⤵
- Executes dropped EXE
-
\??\c:\pjdvv.exec:\pjdvv.exe35⤵
- Executes dropped EXE
-
\??\c:\xrxxxxr.exec:\xrxxxxr.exe36⤵
- Executes dropped EXE
-
\??\c:\nhbthh.exec:\nhbthh.exe37⤵
- Executes dropped EXE
-
\??\c:\bnnnhn.exec:\bnnnhn.exe38⤵
- Executes dropped EXE
-
\??\c:\ppdvp.exec:\ppdvp.exe39⤵
- Executes dropped EXE
-
\??\c:\xrfxrrl.exec:\xrfxrrl.exe40⤵
- Executes dropped EXE
-
\??\c:\xlrlflf.exec:\xlrlflf.exe41⤵
- Executes dropped EXE
-
\??\c:\nbhbtn.exec:\nbhbtn.exe42⤵
- Executes dropped EXE
-
\??\c:\ttbtnn.exec:\ttbtnn.exe43⤵
- Executes dropped EXE
-
\??\c:\vpvvv.exec:\vpvvv.exe44⤵
- Executes dropped EXE
-
\??\c:\frrrrxx.exec:\frrrrxx.exe45⤵
- Executes dropped EXE
-
\??\c:\1frrlrl.exec:\1frrlrl.exe46⤵
- Executes dropped EXE
-
\??\c:\pjjdd.exec:\pjjdd.exe47⤵
- Executes dropped EXE
-
\??\c:\xllfffx.exec:\xllfffx.exe48⤵
- Executes dropped EXE
-
\??\c:\hbbbtb.exec:\hbbbtb.exe49⤵
- Executes dropped EXE
-
\??\c:\pjpjj.exec:\pjpjj.exe50⤵
- Executes dropped EXE
-
\??\c:\jdjjj.exec:\jdjjj.exe51⤵
- Executes dropped EXE
-
\??\c:\rllrlll.exec:\rllrlll.exe52⤵
- Executes dropped EXE
-
\??\c:\xrllllf.exec:\xrllllf.exe53⤵
- Executes dropped EXE
-
\??\c:\3bhhhh.exec:\3bhhhh.exe54⤵
- Executes dropped EXE
-
\??\c:\pjjvj.exec:\pjjvj.exe55⤵
- Executes dropped EXE
-
\??\c:\pjvpp.exec:\pjvpp.exe56⤵
- Executes dropped EXE
-
\??\c:\7xxrllf.exec:\7xxrllf.exe57⤵
- Executes dropped EXE
-
\??\c:\lffxrrl.exec:\lffxrrl.exe58⤵
- Executes dropped EXE
-
\??\c:\nbbbbh.exec:\nbbbbh.exe59⤵
- Executes dropped EXE
-
\??\c:\htbttt.exec:\htbttt.exe60⤵
- Executes dropped EXE
-
\??\c:\1nbbnn.exec:\1nbbnn.exe61⤵
- Executes dropped EXE
-
\??\c:\vpjvp.exec:\vpjvp.exe62⤵
- Executes dropped EXE
-
\??\c:\jpdvp.exec:\jpdvp.exe63⤵
- Executes dropped EXE
-
\??\c:\3rxrfff.exec:\3rxrfff.exe64⤵
- Executes dropped EXE
-
\??\c:\5bnntt.exec:\5bnntt.exe65⤵
- Executes dropped EXE
-
\??\c:\tnbbhh.exec:\tnbbhh.exe66⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe67⤵
-
\??\c:\lfflflr.exec:\lfflflr.exe68⤵
-
\??\c:\lrxrllr.exec:\lrxrllr.exe69⤵
-
\??\c:\nntttt.exec:\nntttt.exe70⤵
-
\??\c:\tnnnnn.exec:\tnnnnn.exe71⤵
-
\??\c:\dpvdv.exec:\dpvdv.exe72⤵
-
\??\c:\ddddv.exec:\ddddv.exe73⤵
-
\??\c:\flffrxx.exec:\flffrxx.exe74⤵
-
\??\c:\ffrllfx.exec:\ffrllfx.exe75⤵
-
\??\c:\tntbtb.exec:\tntbtb.exe76⤵
-
\??\c:\nbthth.exec:\nbthth.exe77⤵
-
\??\c:\jppjj.exec:\jppjj.exe78⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe79⤵
-
\??\c:\1rxxrrl.exec:\1rxxrrl.exe80⤵
-
\??\c:\xlfxxxr.exec:\xlfxxxr.exe81⤵
-
\??\c:\9bhhbb.exec:\9bhhbb.exe82⤵
-
\??\c:\hhtttt.exec:\hhtttt.exe83⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe84⤵
-
\??\c:\jpppd.exec:\jpppd.exe85⤵
-
\??\c:\rrlrlll.exec:\rrlrlll.exe86⤵
-
\??\c:\rllllll.exec:\rllllll.exe87⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe88⤵
-
\??\c:\btbbbb.exec:\btbbbb.exe89⤵
-
\??\c:\dvppp.exec:\dvppp.exe90⤵
-
\??\c:\vpjjd.exec:\vpjjd.exe91⤵
-
\??\c:\rrrrlll.exec:\rrrrlll.exe92⤵
-
\??\c:\rlfflfx.exec:\rlfflfx.exe93⤵
-
\??\c:\bthnhn.exec:\bthnhn.exe94⤵
-
\??\c:\ddddp.exec:\ddddp.exe95⤵
-
\??\c:\dvjpj.exec:\dvjpj.exe96⤵
-
\??\c:\xlfxxfr.exec:\xlfxxfr.exe97⤵
-
\??\c:\rflffrl.exec:\rflffrl.exe98⤵
-
\??\c:\bttttt.exec:\bttttt.exe99⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe100⤵
-
\??\c:\9pvpd.exec:\9pvpd.exe101⤵
-
\??\c:\rxxrxxr.exec:\rxxrxxr.exe102⤵
-
\??\c:\xlllxxx.exec:\xlllxxx.exe103⤵
-
\??\c:\bnnhhn.exec:\bnnhhn.exe104⤵
-
\??\c:\7bbtnn.exec:\7bbtnn.exe105⤵
-
\??\c:\7vddd.exec:\7vddd.exe106⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe107⤵
-
\??\c:\lrxllrr.exec:\lrxllrr.exe108⤵
-
\??\c:\rlllflr.exec:\rlllflr.exe109⤵
-
\??\c:\bthhhh.exec:\bthhhh.exe110⤵
-
\??\c:\hbnhnn.exec:\hbnhnn.exe111⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe112⤵
-
\??\c:\dvddv.exec:\dvddv.exe113⤵
-
\??\c:\xrflxrl.exec:\xrflxrl.exe114⤵
-
\??\c:\xrrrlll.exec:\xrrrlll.exe115⤵
-
\??\c:\nnbttb.exec:\nnbttb.exe116⤵
-
\??\c:\nbhtnh.exec:\nbhtnh.exe117⤵
-
\??\c:\3jvpp.exec:\3jvpp.exe118⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe119⤵
-
\??\c:\rfrlfff.exec:\rfrlfff.exe120⤵
-
\??\c:\nhnnnn.exec:\nhnnnn.exe121⤵
-
\??\c:\thnhbb.exec:\thnhbb.exe122⤵
-
\??\c:\jvvvp.exec:\jvvvp.exe123⤵
-
\??\c:\pppdj.exec:\pppdj.exe124⤵
-
\??\c:\rxfxxxx.exec:\rxfxxxx.exe125⤵
-
\??\c:\fxrrrxx.exec:\fxrrrxx.exe126⤵
-
\??\c:\bnbbtb.exec:\bnbbtb.exe127⤵
-
\??\c:\hhtnhb.exec:\hhtnhb.exe128⤵
-
\??\c:\5pjjd.exec:\5pjjd.exe129⤵
-
\??\c:\5jppd.exec:\5jppd.exe130⤵
-
\??\c:\xrxrfll.exec:\xrxrfll.exe131⤵
-
\??\c:\rllfrrr.exec:\rllfrrr.exe132⤵
-
\??\c:\9vvvv.exec:\9vvvv.exe133⤵
-
\??\c:\lfrlllr.exec:\lfrlllr.exe134⤵
-
\??\c:\hbhnhh.exec:\hbhnhh.exe135⤵
-
\??\c:\nhbtnt.exec:\nhbtnt.exe136⤵
-
\??\c:\vvvvp.exec:\vvvvp.exe137⤵
-
\??\c:\xllfxxf.exec:\xllfxxf.exe138⤵
-
\??\c:\rxfxlxl.exec:\rxfxlxl.exe139⤵
-
\??\c:\1hbbtb.exec:\1hbbtb.exe140⤵
-
\??\c:\nhbtbb.exec:\nhbtbb.exe141⤵
-
\??\c:\jdddv.exec:\jdddv.exe142⤵
-
\??\c:\lfxrrxx.exec:\lfxrrxx.exe143⤵
-
\??\c:\1fxrlrl.exec:\1fxrlrl.exe144⤵
-
\??\c:\7tttnh.exec:\7tttnh.exe145⤵
-
\??\c:\1hhbnn.exec:\1hhbnn.exe146⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe147⤵
-
\??\c:\rflfxxr.exec:\rflfxxr.exe148⤵
-
\??\c:\fxxrllf.exec:\fxxrllf.exe149⤵
-
\??\c:\5bhhbh.exec:\5bhhbh.exe150⤵
-
\??\c:\7jjdv.exec:\7jjdv.exe151⤵
-
\??\c:\3xxxxxf.exec:\3xxxxxf.exe152⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe153⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe154⤵
-
\??\c:\bbbttt.exec:\bbbttt.exe155⤵
-
\??\c:\jpdvp.exec:\jpdvp.exe156⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe157⤵
-
\??\c:\ttnhtt.exec:\ttnhtt.exe158⤵
-
\??\c:\frlfffx.exec:\frlfffx.exe159⤵
-
\??\c:\7rrrrrl.exec:\7rrrrrl.exe160⤵
-
\??\c:\hhhhbh.exec:\hhhhbh.exe161⤵
-
\??\c:\tbhhhh.exec:\tbhhhh.exe162⤵
-
\??\c:\jjjjj.exec:\jjjjj.exe163⤵
-
\??\c:\vdjjj.exec:\vdjjj.exe164⤵
-
\??\c:\xfllllr.exec:\xfllllr.exe165⤵
-
\??\c:\bbbttt.exec:\bbbttt.exe166⤵
-
\??\c:\tntbtb.exec:\tntbtb.exe167⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe168⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe169⤵
-
\??\c:\lfffffx.exec:\lfffffx.exe170⤵
-
\??\c:\nbntnn.exec:\nbntnn.exe171⤵
-
\??\c:\thhbbb.exec:\thhbbb.exe172⤵
-
\??\c:\jdjdj.exec:\jdjdj.exe173⤵
-
\??\c:\1jppj.exec:\1jppj.exe174⤵
-
\??\c:\5rfllrr.exec:\5rfllrr.exe175⤵
-
\??\c:\lxfffff.exec:\lxfffff.exe176⤵
-
\??\c:\5nbthh.exec:\5nbthh.exe177⤵
-
\??\c:\nhthhh.exec:\nhthhh.exe178⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe179⤵
-
\??\c:\dddpd.exec:\dddpd.exe180⤵
-
\??\c:\flrlrrl.exec:\flrlrrl.exe181⤵
-
\??\c:\9llflrl.exec:\9llflrl.exe182⤵
-
\??\c:\llfxxxr.exec:\llfxxxr.exe183⤵
-
\??\c:\nhbbtt.exec:\nhbbtt.exe184⤵
-
\??\c:\htnnhb.exec:\htnnhb.exe185⤵
-
\??\c:\djjjd.exec:\djjjd.exe186⤵
-
\??\c:\jjdpj.exec:\jjdpj.exe187⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe188⤵
-
\??\c:\9xfxrrr.exec:\9xfxrrr.exe189⤵
-
\??\c:\tnnthb.exec:\tnnthb.exe190⤵
-
\??\c:\7jpvp.exec:\7jpvp.exe191⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe192⤵
-
\??\c:\rxlfrxr.exec:\rxlfrxr.exe193⤵
-
\??\c:\hbtnbh.exec:\hbtnbh.exe194⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe195⤵
-
\??\c:\lrxrlxr.exec:\lrxrlxr.exe196⤵
-
\??\c:\thnthn.exec:\thnthn.exe197⤵
-
\??\c:\5tnhhh.exec:\5tnhhh.exe198⤵
-
\??\c:\ddddj.exec:\ddddj.exe199⤵
-
\??\c:\9xflfxl.exec:\9xflfxl.exe200⤵
-
\??\c:\ntbbtt.exec:\ntbbtt.exe201⤵
-
\??\c:\vpddj.exec:\vpddj.exe202⤵
-
\??\c:\rrffrxf.exec:\rrffrxf.exe203⤵
-
\??\c:\vpvpv.exec:\vpvpv.exe204⤵
-
\??\c:\xrllxxf.exec:\xrllxxf.exe205⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe206⤵
-
\??\c:\dvvjd.exec:\dvvjd.exe207⤵
-
\??\c:\3xlfrrl.exec:\3xlfrrl.exe208⤵
-
\??\c:\xrrrrrr.exec:\xrrrrrr.exe209⤵
-
\??\c:\tthhnn.exec:\tthhnn.exe210⤵
-
\??\c:\btnhbt.exec:\btnhbt.exe211⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe212⤵
-
\??\c:\pvdpv.exec:\pvdpv.exe213⤵
-
\??\c:\rllfllr.exec:\rllfllr.exe214⤵
-
\??\c:\xrxllrr.exec:\xrxllrr.exe215⤵
-
\??\c:\hhnttb.exec:\hhnttb.exe216⤵
-
\??\c:\jvpjv.exec:\jvpjv.exe217⤵
-
\??\c:\5dvvp.exec:\5dvvp.exe218⤵
-
\??\c:\pjddd.exec:\pjddd.exe219⤵
-
\??\c:\xlxxffx.exec:\xlxxffx.exe220⤵
-
\??\c:\9frrxfl.exec:\9frrxfl.exe221⤵
-
\??\c:\htbbbb.exec:\htbbbb.exe222⤵
-
\??\c:\1bhbtt.exec:\1bhbtt.exe223⤵
-
\??\c:\jvvvd.exec:\jvvvd.exe224⤵
-
\??\c:\1dpjj.exec:\1dpjj.exe225⤵
-
\??\c:\frflrrf.exec:\frflrrf.exe226⤵
-
\??\c:\hbbtnh.exec:\hbbtnh.exe227⤵
-
\??\c:\7nbttt.exec:\7nbttt.exe228⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe229⤵
-
\??\c:\lrrlffx.exec:\lrrlffx.exe230⤵
-
\??\c:\lxxxlll.exec:\lxxxlll.exe231⤵
-
\??\c:\btbntb.exec:\btbntb.exe232⤵
-
\??\c:\ttbtnn.exec:\ttbtnn.exe233⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe234⤵
-
\??\c:\ppjjp.exec:\ppjjp.exe235⤵
-
\??\c:\llxxlff.exec:\llxxlff.exe236⤵
-
\??\c:\9rfxffl.exec:\9rfxffl.exe237⤵
-
\??\c:\thbbbb.exec:\thbbbb.exe238⤵
-
\??\c:\hnhbtt.exec:\hnhbtt.exe239⤵
-
\??\c:\dppjd.exec:\dppjd.exe240⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe241⤵