Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
20-05-2024 18:05
General
-
Target
00178ee63339cf9336f5f8647bfefb615643da9aae91e980ec4bc6c96c7f2f77.exe
-
Size
144KB
-
MD5
6f353a8cbfde5548f64b6c967a069c52
-
SHA1
7a88dad4952a1a999053b993c3b5ca9cc9e0152f
-
SHA256
00178ee63339cf9336f5f8647bfefb615643da9aae91e980ec4bc6c96c7f2f77
-
SHA512
7ff5bacf8710b546a83731a4c8c3a424fab29f365c767875a9a59678150cbced7cbec02e0bc467f7fa19d4153a3b2f4dddb978296fffe77788500e7fec7e1369
-
SSDEEP
3072:ymb3NkkiQ3mdBjFosxXGPXbXQMFHLgDWSmklgQA:n3C9BRosxW8MFHLMW7QA
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
UPX dump on OEP (original entry point) 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\00178ee63339cf9336f5f8647bfefb615643da9aae91e980ec4bc6c96c7f2f77.exe"C:\Users\Admin\AppData\Local\Temp\00178ee63339cf9336f5f8647bfefb615643da9aae91e980ec4bc6c96c7f2f77.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhnbb.exec:\bnhnbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjj.exec:\ppjjj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxfllx.exec:\lfxfllx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtbnn.exec:\nbtbnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpdj.exec:\pjpdj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvdp.exec:\dvvdp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxllx.exec:\rlfxllx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbbnt.exec:\bhbbnt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnbnh.exec:\bbnbnh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdjp.exec:\djdjp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvdp.exec:\jdvdp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfrlxl.exec:\llfrlxl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bhhtt.exec:\3bhhtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntbtb.exec:\tntbtb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjvp.exec:\vpjvp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvddd.exec:\pvddd.exe17⤵
- Executes dropped EXE
-
\??\c:\1rllffr.exec:\1rllffr.exe18⤵
- Executes dropped EXE
-
\??\c:\bbbntt.exec:\bbbntt.exe19⤵
- Executes dropped EXE
-
\??\c:\dvdvp.exec:\dvdvp.exe20⤵
- Executes dropped EXE
-
\??\c:\vdjvd.exec:\vdjvd.exe21⤵
- Executes dropped EXE
-
\??\c:\1fllfxl.exec:\1fllfxl.exe22⤵
- Executes dropped EXE
-
\??\c:\ffxrxfx.exec:\ffxrxfx.exe23⤵
- Executes dropped EXE
-
\??\c:\7bnbnt.exec:\7bnbnt.exe24⤵
- Executes dropped EXE
-
\??\c:\dpvdv.exec:\dpvdv.exe25⤵
- Executes dropped EXE
-
\??\c:\pddvj.exec:\pddvj.exe26⤵
- Executes dropped EXE
-
\??\c:\5rffxrx.exec:\5rffxrx.exe27⤵
- Executes dropped EXE
-
\??\c:\3nbbbh.exec:\3nbbbh.exe28⤵
- Executes dropped EXE
-
\??\c:\thtthh.exec:\thtthh.exe29⤵
- Executes dropped EXE
-
\??\c:\vvvvp.exec:\vvvvp.exe30⤵
- Executes dropped EXE
-
\??\c:\lfflfrr.exec:\lfflfrr.exe31⤵
- Executes dropped EXE
-
\??\c:\nhtnnn.exec:\nhtnnn.exe32⤵
- Executes dropped EXE
-
\??\c:\ththhb.exec:\ththhb.exe33⤵
- Executes dropped EXE
-
\??\c:\ddjpj.exec:\ddjpj.exe34⤵
- Executes dropped EXE
-
\??\c:\pjvvd.exec:\pjvvd.exe35⤵
- Executes dropped EXE
-
\??\c:\rlflfrx.exec:\rlflfrx.exe36⤵
- Executes dropped EXE
-
\??\c:\7lrrxrr.exec:\7lrrxrr.exe37⤵
- Executes dropped EXE
-
\??\c:\nnbhtn.exec:\nnbhtn.exe38⤵
- Executes dropped EXE
-
\??\c:\hbnhnh.exec:\hbnhnh.exe39⤵
- Executes dropped EXE
-
\??\c:\ppdjv.exec:\ppdjv.exe40⤵
- Executes dropped EXE
-
\??\c:\jvjjv.exec:\jvjjv.exe41⤵
- Executes dropped EXE
-
\??\c:\llfrflx.exec:\llfrflx.exe42⤵
- Executes dropped EXE
-
\??\c:\1xlrxxx.exec:\1xlrxxx.exe43⤵
- Executes dropped EXE
-
\??\c:\hbbhnt.exec:\hbbhnt.exe44⤵
- Executes dropped EXE
-
\??\c:\5bhbnh.exec:\5bhbnh.exe45⤵
- Executes dropped EXE
-
\??\c:\vpddp.exec:\vpddp.exe46⤵
- Executes dropped EXE
-
\??\c:\vpjvd.exec:\vpjvd.exe47⤵
- Executes dropped EXE
-
\??\c:\9xrfxxl.exec:\9xrfxxl.exe48⤵
- Executes dropped EXE
-
\??\c:\xxflffr.exec:\xxflffr.exe49⤵
- Executes dropped EXE
-
\??\c:\9fxrffr.exec:\9fxrffr.exe50⤵
- Executes dropped EXE
-
\??\c:\1bnthh.exec:\1bnthh.exe51⤵
- Executes dropped EXE
-
\??\c:\pjddd.exec:\pjddd.exe52⤵
- Executes dropped EXE
-
\??\c:\pvvdj.exec:\pvvdj.exe53⤵
- Executes dropped EXE
-
\??\c:\1dvvj.exec:\1dvvj.exe54⤵
- Executes dropped EXE
-
\??\c:\5xfxlxx.exec:\5xfxlxx.exe55⤵
- Executes dropped EXE
-
\??\c:\rlrxfrf.exec:\rlrxfrf.exe56⤵
- Executes dropped EXE
-
\??\c:\tnhnbb.exec:\tnhnbb.exe57⤵
- Executes dropped EXE
-
\??\c:\ppjpj.exec:\ppjpj.exe58⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe59⤵
- Executes dropped EXE
-
\??\c:\3fxflxf.exec:\3fxflxf.exe60⤵
- Executes dropped EXE
-
\??\c:\ffrfrrf.exec:\ffrfrrf.exe61⤵
- Executes dropped EXE
-
\??\c:\1tbbnt.exec:\1tbbnt.exe62⤵
- Executes dropped EXE
-
\??\c:\hhhnbb.exec:\hhhnbb.exe63⤵
- Executes dropped EXE
-
\??\c:\vvdjv.exec:\vvdjv.exe64⤵
- Executes dropped EXE
-
\??\c:\3jpdj.exec:\3jpdj.exe65⤵
- Executes dropped EXE
-
\??\c:\llffxxf.exec:\llffxxf.exe66⤵
-
\??\c:\1tbtbt.exec:\1tbtbt.exe67⤵
-
\??\c:\nhnthb.exec:\nhnthb.exe68⤵
-
\??\c:\5pddj.exec:\5pddj.exe69⤵
-
\??\c:\1vjdp.exec:\1vjdp.exe70⤵
-
\??\c:\7rlrfrl.exec:\7rlrfrl.exe71⤵
-
\??\c:\xrxfrxl.exec:\xrxfrxl.exe72⤵
-
\??\c:\nhbhnt.exec:\nhbhnt.exe73⤵
-
\??\c:\ppvpv.exec:\ppvpv.exe74⤵
-
\??\c:\5djvj.exec:\5djvj.exe75⤵
-
\??\c:\xlffrlf.exec:\xlffrlf.exe76⤵
-
\??\c:\xrfrfxx.exec:\xrfrfxx.exe77⤵
-
\??\c:\bthhnn.exec:\bthhnn.exe78⤵
-
\??\c:\9vjpp.exec:\9vjpp.exe79⤵
-
\??\c:\jpvpv.exec:\jpvpv.exe80⤵
-
\??\c:\9fxfxxl.exec:\9fxfxxl.exe81⤵
-
\??\c:\5xlfllr.exec:\5xlfllr.exe82⤵
-
\??\c:\lfllxxf.exec:\lfllxxf.exe83⤵
-
\??\c:\hbnbtb.exec:\hbnbtb.exe84⤵
-
\??\c:\thbbhh.exec:\thbbhh.exe85⤵
-
\??\c:\vvjdp.exec:\vvjdp.exe86⤵
-
\??\c:\7rlrxfr.exec:\7rlrxfr.exe87⤵
-
\??\c:\1flllrx.exec:\1flllrx.exe88⤵
-
\??\c:\7bnnhh.exec:\7bnnhh.exe89⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe90⤵
-
\??\c:\7ppvj.exec:\7ppvj.exe91⤵
-
\??\c:\frxrrlf.exec:\frxrrlf.exe92⤵
-
\??\c:\nhthnb.exec:\nhthnb.exe93⤵
-
\??\c:\9tthnb.exec:\9tthnb.exe94⤵
-
\??\c:\9pjjp.exec:\9pjjp.exe95⤵
-
\??\c:\7jvvv.exec:\7jvvv.exe96⤵
-
\??\c:\rrflrlx.exec:\rrflrlx.exe97⤵
-
\??\c:\bbhhnt.exec:\bbhhnt.exe98⤵
-
\??\c:\7bnnth.exec:\7bnnth.exe99⤵
-
\??\c:\dvppd.exec:\dvppd.exe100⤵
-
\??\c:\pvdjv.exec:\pvdjv.exe101⤵
-
\??\c:\9rfxffl.exec:\9rfxffl.exe102⤵
-
\??\c:\frffllx.exec:\frffllx.exe103⤵
-
\??\c:\ntttbt.exec:\ntttbt.exe104⤵
-
\??\c:\5hhtnt.exec:\5hhtnt.exe105⤵
-
\??\c:\1dvvj.exec:\1dvvj.exe106⤵
-
\??\c:\jjdpp.exec:\jjdpp.exe107⤵
-
\??\c:\pjjdj.exec:\pjjdj.exe108⤵
-
\??\c:\fxlxlxf.exec:\fxlxlxf.exe109⤵
-
\??\c:\lfxlrxf.exec:\lfxlrxf.exe110⤵
-
\??\c:\hhnhtt.exec:\hhnhtt.exe111⤵
-
\??\c:\3dpvp.exec:\3dpvp.exe112⤵
-
\??\c:\ppdvd.exec:\ppdvd.exe113⤵
-
\??\c:\xrxrfxl.exec:\xrxrfxl.exe114⤵
-
\??\c:\rlrrlfr.exec:\rlrrlfr.exe115⤵
-
\??\c:\7ntthh.exec:\7ntthh.exe116⤵
-
\??\c:\ppjjp.exec:\ppjjp.exe117⤵
-
\??\c:\dvpdv.exec:\dvpdv.exe118⤵
-
\??\c:\lxrrxfr.exec:\lxrrxfr.exe119⤵
-
\??\c:\lfflrrr.exec:\lfflrrr.exe120⤵
-
\??\c:\bntbhb.exec:\bntbhb.exe121⤵
-
\??\c:\nhtnhn.exec:\nhtnhn.exe122⤵
-
\??\c:\pvppv.exec:\pvppv.exe123⤵
-
\??\c:\vjdvj.exec:\vjdvj.exe124⤵
-
\??\c:\rrxfrrf.exec:\rrxfrrf.exe125⤵
-
\??\c:\btttbb.exec:\btttbb.exe126⤵
-
\??\c:\1pjvv.exec:\1pjvv.exe127⤵
-
\??\c:\vjddv.exec:\vjddv.exe128⤵
-
\??\c:\5ffrrrx.exec:\5ffrrrx.exe129⤵
-
\??\c:\fxrfrfl.exec:\fxrfrfl.exe130⤵
-
\??\c:\9hhntt.exec:\9hhntt.exe131⤵
-
\??\c:\3bthht.exec:\3bthht.exe132⤵
-
\??\c:\ddpdp.exec:\ddpdp.exe133⤵
-
\??\c:\1jdjj.exec:\1jdjj.exe134⤵
-
\??\c:\fxllrxf.exec:\fxllrxf.exe135⤵
-
\??\c:\llxxflf.exec:\llxxflf.exe136⤵
-
\??\c:\7nhnhn.exec:\7nhnhn.exe137⤵
-
\??\c:\htbtbh.exec:\htbtbh.exe138⤵
-
\??\c:\jdjpd.exec:\jdjpd.exe139⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe140⤵
-
\??\c:\xrfxffl.exec:\xrfxffl.exe141⤵
-
\??\c:\hbthbb.exec:\hbthbb.exe142⤵
-
\??\c:\ttthtt.exec:\ttthtt.exe143⤵
-
\??\c:\ddpdp.exec:\ddpdp.exe144⤵
-
\??\c:\1dppv.exec:\1dppv.exe145⤵
-
\??\c:\9xrrrlf.exec:\9xrrrlf.exe146⤵
-
\??\c:\frlfrlr.exec:\frlfrlr.exe147⤵
-
\??\c:\hbntbh.exec:\hbntbh.exe148⤵
-
\??\c:\nnbnhn.exec:\nnbnhn.exe149⤵
-
\??\c:\3jppd.exec:\3jppd.exe150⤵
-
\??\c:\pjvjd.exec:\pjvjd.exe151⤵
-
\??\c:\xrlxflx.exec:\xrlxflx.exe152⤵
-
\??\c:\1tnbtb.exec:\1tnbtb.exe153⤵
-
\??\c:\5tbbnb.exec:\5tbbnb.exe154⤵
-
\??\c:\pjvjd.exec:\pjvjd.exe155⤵
-
\??\c:\vvdpj.exec:\vvdpj.exe156⤵
-
\??\c:\frfxfxx.exec:\frfxfxx.exe157⤵
-
\??\c:\rrlxrlf.exec:\rrlxrlf.exe158⤵
-
\??\c:\bbbttn.exec:\bbbttn.exe159⤵
-
\??\c:\hbhntb.exec:\hbhntb.exe160⤵
-
\??\c:\pppdv.exec:\pppdv.exe161⤵
-
\??\c:\lxflxll.exec:\lxflxll.exe162⤵
-
\??\c:\rffllff.exec:\rffllff.exe163⤵
-
\??\c:\thtnnh.exec:\thtnnh.exe164⤵
-
\??\c:\bnhhhh.exec:\bnhhhh.exe165⤵
-
\??\c:\5pdpd.exec:\5pdpd.exe166⤵
-
\??\c:\frxxlfr.exec:\frxxlfr.exe167⤵
-
\??\c:\lflrxrf.exec:\lflrxrf.exe168⤵
-
\??\c:\3ntnbb.exec:\3ntnbb.exe169⤵
-
\??\c:\thhbbb.exec:\thhbbb.exe170⤵
-
\??\c:\vpddd.exec:\vpddd.exe171⤵
-
\??\c:\7djvv.exec:\7djvv.exe172⤵
-
\??\c:\9rllllr.exec:\9rllllr.exe173⤵
-
\??\c:\rrxlxlf.exec:\rrxlxlf.exe174⤵
-
\??\c:\bnbbtt.exec:\bnbbtt.exe175⤵
-
\??\c:\nnhhbh.exec:\nnhhbh.exe176⤵
-
\??\c:\jppvj.exec:\jppvj.exe177⤵
-
\??\c:\1rrrrrr.exec:\1rrrrrr.exe178⤵
-
\??\c:\xlrxlll.exec:\xlrxlll.exe179⤵
-
\??\c:\1hthnb.exec:\1hthnb.exe180⤵
-
\??\c:\9btbtt.exec:\9btbtt.exe181⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe182⤵
-
\??\c:\1dpjd.exec:\1dpjd.exe183⤵
-
\??\c:\1xrflrx.exec:\1xrflrx.exe184⤵
-
\??\c:\3lxlrxf.exec:\3lxlrxf.exe185⤵
-
\??\c:\thtthh.exec:\thtthh.exe186⤵
-
\??\c:\htbbnn.exec:\htbbnn.exe187⤵
-
\??\c:\pdjpd.exec:\pdjpd.exe188⤵
-
\??\c:\vjjjp.exec:\vjjjp.exe189⤵
-
\??\c:\flxrrlr.exec:\flxrrlr.exe190⤵
-
\??\c:\xlflfxx.exec:\xlflfxx.exe191⤵
-
\??\c:\htnhhb.exec:\htnhhb.exe192⤵
-
\??\c:\jvdjv.exec:\jvdjv.exe193⤵
-
\??\c:\xrlxfrl.exec:\xrlxfrl.exe194⤵
-
\??\c:\llffffl.exec:\llffffl.exe195⤵
-
\??\c:\nhbhhh.exec:\nhbhhh.exe196⤵
-
\??\c:\btbbbb.exec:\btbbbb.exe197⤵
-
\??\c:\jdppv.exec:\jdppv.exe198⤵
-
\??\c:\vpddj.exec:\vpddj.exe199⤵
-
\??\c:\rflfxxf.exec:\rflfxxf.exe200⤵
-
\??\c:\fxxxlff.exec:\fxxxlff.exe201⤵
-
\??\c:\thnhbb.exec:\thnhbb.exe202⤵
-
\??\c:\3nbhhn.exec:\3nbhhn.exe203⤵
-
\??\c:\vdjjd.exec:\vdjjd.exe204⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe205⤵
-
\??\c:\fxfxxrr.exec:\fxfxxrr.exe206⤵
-
\??\c:\rrfrfrx.exec:\rrfrfrx.exe207⤵
-
\??\c:\hbhbhn.exec:\hbhbhn.exe208⤵
-
\??\c:\bntttt.exec:\bntttt.exe209⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe210⤵
-
\??\c:\xlxxrlr.exec:\xlxxrlr.exe211⤵
-
\??\c:\lrrrlrr.exec:\lrrrlrr.exe212⤵
-
\??\c:\nnnbht.exec:\nnnbht.exe213⤵
-
\??\c:\tnhhtt.exec:\tnhhtt.exe214⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe215⤵
-
\??\c:\7jdjp.exec:\7jdjp.exe216⤵
-
\??\c:\fffxlfr.exec:\fffxlfr.exe217⤵
-
\??\c:\5frlrlr.exec:\5frlrlr.exe218⤵
-
\??\c:\1tbhtn.exec:\1tbhtn.exe219⤵
-
\??\c:\5bttnn.exec:\5bttnn.exe220⤵
-
\??\c:\vppjp.exec:\vppjp.exe221⤵
-
\??\c:\llxlxfl.exec:\llxlxfl.exe222⤵
-
\??\c:\rfffffx.exec:\rfffffx.exe223⤵
-
\??\c:\3thhhh.exec:\3thhhh.exe224⤵
-
\??\c:\tttnnt.exec:\tttnnt.exe225⤵
-
\??\c:\dvpvp.exec:\dvpvp.exe226⤵
-
\??\c:\9pdjj.exec:\9pdjj.exe227⤵
-
\??\c:\9rxflrf.exec:\9rxflrf.exe228⤵
-
\??\c:\nbnnnn.exec:\nbnnnn.exe229⤵
-
\??\c:\nnnbth.exec:\nnnbth.exe230⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe231⤵
-
\??\c:\pjppv.exec:\pjppv.exe232⤵
-
\??\c:\xlxflrl.exec:\xlxflrl.exe233⤵
-
\??\c:\1rffflr.exec:\1rffflr.exe234⤵
-
\??\c:\tnbbhb.exec:\tnbbhb.exe235⤵
-
\??\c:\5ntbtt.exec:\5ntbtt.exe236⤵
-
\??\c:\pdjjp.exec:\pdjjp.exe237⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe238⤵
-
\??\c:\1vjjj.exec:\1vjjj.exe239⤵
-
\??\c:\3xfllfl.exec:\3xfllfl.exe240⤵
-
\??\c:\fxrllxl.exec:\fxrllxl.exe241⤵