Analysis
-
max time kernel
149s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
20-05-2024 19:37
General
-
Target
1697a06eee6d9d0373e55aa34b5cbf9a92337d44dd1af975a29172c4fd80a9d4.exe
-
Size
64KB
-
MD5
ffab8fc6e6365ac7fd3dea66452595e7
-
SHA1
8732058eaafb1c4617f8b4dd01f0bdfb9de3312c
-
SHA256
1697a06eee6d9d0373e55aa34b5cbf9a92337d44dd1af975a29172c4fd80a9d4
-
SHA512
d3cfe9897b7dec2f3fd2ce743f1abc0233ff589ce9bec06db59971215a4f772e2fd45dc38f484e8973a923746f0f4bc2eb75872ea3e456949b98a60534b3b666
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfs:ymb3NkkiQ3mdBjFI4VY
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
UPX dump on OEP (original entry point) 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1697a06eee6d9d0373e55aa34b5cbf9a92337d44dd1af975a29172c4fd80a9d4.exe"C:\Users\Admin\AppData\Local\Temp\1697a06eee6d9d0373e55aa34b5cbf9a92337d44dd1af975a29172c4fd80a9d4.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jpppp.exec:\jpppp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rfffff.exec:\7rfffff.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbbnt.exec:\nnbbnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbbb.exec:\hthbbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjpp.exec:\pjjpp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxrxxf.exec:\rrxrxxf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lxffll.exec:\1lxffll.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttthbn.exec:\ttthbn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdvp.exec:\ppdvp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxffl.exec:\xrxxffl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbbbb.exec:\bbbbbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpjd.exec:\ddpjd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrrxxr.exec:\rfrrxxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnthn.exec:\btnthn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpj.exec:\jvvpj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrrxrx.exec:\rfrrxrx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhtbh.exec:\hnhtbh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnbbb.exec:\nnnbbb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxxlxx.exec:\xxxxlxx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbtb.exec:\nhbbtb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnnht.exec:\tnnnht.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvvp.exec:\vjvvp.exe23⤵
- Executes dropped EXE
-
\??\c:\lffffrf.exec:\lffffrf.exe24⤵
- Executes dropped EXE
-
\??\c:\frxxrrl.exec:\frxxrrl.exe25⤵
- Executes dropped EXE
-
\??\c:\ddpjd.exec:\ddpjd.exe26⤵
- Executes dropped EXE
-
\??\c:\vdjvd.exec:\vdjvd.exe27⤵
- Executes dropped EXE
-
\??\c:\xlrfxrr.exec:\xlrfxrr.exe28⤵
- Executes dropped EXE
-
\??\c:\nbthtb.exec:\nbthtb.exe29⤵
- Executes dropped EXE
-
\??\c:\dpjdj.exec:\dpjdj.exe30⤵
- Executes dropped EXE
-
\??\c:\fxlrllf.exec:\fxlrllf.exe31⤵
- Executes dropped EXE
-
\??\c:\htnhtb.exec:\htnhtb.exe32⤵
- Executes dropped EXE
-
\??\c:\dpjpj.exec:\dpjpj.exe33⤵
- Executes dropped EXE
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe34⤵
- Executes dropped EXE
-
\??\c:\5hhhtt.exec:\5hhhtt.exe35⤵
- Executes dropped EXE
-
\??\c:\rflfxxx.exec:\rflfxxx.exe36⤵
- Executes dropped EXE
-
\??\c:\nhntbh.exec:\nhntbh.exe37⤵
- Executes dropped EXE
-
\??\c:\jvdpp.exec:\jvdpp.exe38⤵
- Executes dropped EXE
-
\??\c:\dpddp.exec:\dpddp.exe39⤵
- Executes dropped EXE
-
\??\c:\lxflxrr.exec:\lxflxrr.exe40⤵
- Executes dropped EXE
-
\??\c:\ttnhbt.exec:\ttnhbt.exe41⤵
- Executes dropped EXE
-
\??\c:\vvvjj.exec:\vvvjj.exe42⤵
- Executes dropped EXE
-
\??\c:\xllfxlf.exec:\xllfxlf.exe43⤵
- Executes dropped EXE
-
\??\c:\tbtnhb.exec:\tbtnhb.exe44⤵
- Executes dropped EXE
-
\??\c:\tnbbbn.exec:\tnbbbn.exe45⤵
- Executes dropped EXE
-
\??\c:\dvvvp.exec:\dvvvp.exe46⤵
- Executes dropped EXE
-
\??\c:\flfllxr.exec:\flfllxr.exe47⤵
- Executes dropped EXE
-
\??\c:\hnhbtb.exec:\hnhbtb.exe48⤵
- Executes dropped EXE
-
\??\c:\tnnnhn.exec:\tnnnhn.exe49⤵
- Executes dropped EXE
-
\??\c:\jjjpj.exec:\jjjpj.exe50⤵
- Executes dropped EXE
-
\??\c:\bbnhnb.exec:\bbnhnb.exe51⤵
- Executes dropped EXE
-
\??\c:\tnhbth.exec:\tnhbth.exe52⤵
- Executes dropped EXE
-
\??\c:\3pvvj.exec:\3pvvj.exe53⤵
- Executes dropped EXE
-
\??\c:\flfflll.exec:\flfflll.exe54⤵
- Executes dropped EXE
-
\??\c:\hntnbt.exec:\hntnbt.exe55⤵
- Executes dropped EXE
-
\??\c:\7vpvv.exec:\7vpvv.exe56⤵
- Executes dropped EXE
-
\??\c:\1jdvp.exec:\1jdvp.exe57⤵
- Executes dropped EXE
-
\??\c:\9fffxfx.exec:\9fffxfx.exe58⤵
- Executes dropped EXE
-
\??\c:\thtnhb.exec:\thtnhb.exe59⤵
- Executes dropped EXE
-
\??\c:\bbbttt.exec:\bbbttt.exe60⤵
- Executes dropped EXE
-
\??\c:\1jppj.exec:\1jppj.exe61⤵
- Executes dropped EXE
-
\??\c:\lxxlffr.exec:\lxxlffr.exe62⤵
- Executes dropped EXE
-
\??\c:\tnnhbt.exec:\tnnhbt.exe63⤵
- Executes dropped EXE
-
\??\c:\jdpdd.exec:\jdpdd.exe64⤵
- Executes dropped EXE
-
\??\c:\1djjv.exec:\1djjv.exe65⤵
- Executes dropped EXE
-
\??\c:\xxrrxxr.exec:\xxrrxxr.exe66⤵
-
\??\c:\nnbhht.exec:\nnbhht.exe67⤵
-
\??\c:\vvdvv.exec:\vvdvv.exe68⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe69⤵
-
\??\c:\rlllfxx.exec:\rlllfxx.exe70⤵
-
\??\c:\9xfrlxr.exec:\9xfrlxr.exe71⤵
-
\??\c:\tnbttn.exec:\tnbttn.exe72⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe73⤵
-
\??\c:\fflfflr.exec:\fflfflr.exe74⤵
-
\??\c:\xxrrlll.exec:\xxrrlll.exe75⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe76⤵
-
\??\c:\pvjpp.exec:\pvjpp.exe77⤵
-
\??\c:\xrlrrxx.exec:\xrlrrxx.exe78⤵
-
\??\c:\3xfxrlx.exec:\3xfxrlx.exe79⤵
-
\??\c:\1ttnnn.exec:\1ttnnn.exe80⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe81⤵
-
\??\c:\dvddj.exec:\dvddj.exe82⤵
-
\??\c:\xrrlxxr.exec:\xrrlxxr.exe83⤵
-
\??\c:\nhntbb.exec:\nhntbb.exe84⤵
-
\??\c:\7bthbb.exec:\7bthbb.exe85⤵
-
\??\c:\jvjdv.exec:\jvjdv.exe86⤵
-
\??\c:\lrflrlf.exec:\lrflrlf.exe87⤵
-
\??\c:\ttnnnn.exec:\ttnnnn.exe88⤵
-
\??\c:\bttttt.exec:\bttttt.exe89⤵
-
\??\c:\jpjpv.exec:\jpjpv.exe90⤵
-
\??\c:\rllfrfr.exec:\rllfrfr.exe91⤵
-
\??\c:\rflrlrr.exec:\rflrlrr.exe92⤵
-
\??\c:\nnthht.exec:\nnthht.exe93⤵
-
\??\c:\btbhhh.exec:\btbhhh.exe94⤵
-
\??\c:\3vpjd.exec:\3vpjd.exe95⤵
-
\??\c:\ppjjj.exec:\ppjjj.exe96⤵
-
\??\c:\rfffxxx.exec:\rfffxxx.exe97⤵
-
\??\c:\llffflf.exec:\llffflf.exe98⤵
-
\??\c:\ttbbhn.exec:\ttbbhn.exe99⤵
-
\??\c:\nhbtbn.exec:\nhbtbn.exe100⤵
-
\??\c:\jdvdv.exec:\jdvdv.exe101⤵
-
\??\c:\llrlfll.exec:\llrlfll.exe102⤵
-
\??\c:\1xfffrr.exec:\1xfffrr.exe103⤵
-
\??\c:\bthhnn.exec:\bthhnn.exe104⤵
-
\??\c:\pdpjv.exec:\pdpjv.exe105⤵
-
\??\c:\jpjdj.exec:\jpjdj.exe106⤵
-
\??\c:\rffffff.exec:\rffffff.exe107⤵
-
\??\c:\flrllfl.exec:\flrllfl.exe108⤵
-
\??\c:\htnttb.exec:\htnttb.exe109⤵
-
\??\c:\tttbbh.exec:\tttbbh.exe110⤵
-
\??\c:\lxxrlfx.exec:\lxxrlfx.exe111⤵
-
\??\c:\hhhbhb.exec:\hhhbhb.exe112⤵
-
\??\c:\7vppp.exec:\7vppp.exe113⤵
-
\??\c:\djjjd.exec:\djjjd.exe114⤵
-
\??\c:\xlrlffl.exec:\xlrlffl.exe115⤵
-
\??\c:\bhbhhn.exec:\bhbhhn.exe116⤵
-
\??\c:\nhbbtt.exec:\nhbbtt.exe117⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe118⤵
-
\??\c:\ppvpv.exec:\ppvpv.exe119⤵
-
\??\c:\fxfxrrr.exec:\fxfxrrr.exe120⤵
-
\??\c:\nhbbbb.exec:\nhbbbb.exe121⤵
-
\??\c:\vpvdv.exec:\vpvdv.exe122⤵
-
\??\c:\pvpjv.exec:\pvpjv.exe123⤵
-
\??\c:\rlfxffx.exec:\rlfxffx.exe124⤵
-
\??\c:\xrrrrxx.exec:\xrrrrxx.exe125⤵
-
\??\c:\9thbtt.exec:\9thbtt.exe126⤵
-
\??\c:\dvppj.exec:\dvppj.exe127⤵
-
\??\c:\vdpjp.exec:\vdpjp.exe128⤵
-
\??\c:\lfrlfxx.exec:\lfrlfxx.exe129⤵
-
\??\c:\hbhhtt.exec:\hbhhtt.exe130⤵
-
\??\c:\7bhnnt.exec:\7bhnnt.exe131⤵
-
\??\c:\dvvdd.exec:\dvvdd.exe132⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe133⤵
-
\??\c:\lfrfxrr.exec:\lfrfxrr.exe134⤵
-
\??\c:\frflfxf.exec:\frflfxf.exe135⤵
-
\??\c:\hnbhnb.exec:\hnbhnb.exe136⤵
-
\??\c:\bbnthh.exec:\bbnthh.exe137⤵
-
\??\c:\ddppj.exec:\ddppj.exe138⤵
-
\??\c:\dvvdp.exec:\dvvdp.exe139⤵
-
\??\c:\rrrlrxx.exec:\rrrlrxx.exe140⤵
-
\??\c:\bhnnbt.exec:\bhnnbt.exe141⤵
-
\??\c:\bhbhtb.exec:\bhbhtb.exe142⤵
-
\??\c:\vpjjd.exec:\vpjjd.exe143⤵
-
\??\c:\xfllfrf.exec:\xfllfrf.exe144⤵
-
\??\c:\hhbhnn.exec:\hhbhnn.exe145⤵
-
\??\c:\httbtb.exec:\httbtb.exe146⤵
-
\??\c:\pvjjj.exec:\pvjjj.exe147⤵
-
\??\c:\vvddj.exec:\vvddj.exe148⤵
-
\??\c:\7rxrlrr.exec:\7rxrlrr.exe149⤵
-
\??\c:\ffxxxfx.exec:\ffxxxfx.exe150⤵
-
\??\c:\bhnbhn.exec:\bhnbhn.exe151⤵
-
\??\c:\hbbbbt.exec:\hbbbbt.exe152⤵
-
\??\c:\fxllrrx.exec:\fxllrrx.exe153⤵
-
\??\c:\nthhnt.exec:\nthhnt.exe154⤵
-
\??\c:\tntthn.exec:\tntthn.exe155⤵
-
\??\c:\pvjjp.exec:\pvjjp.exe156⤵
-
\??\c:\9ffrrlf.exec:\9ffrrlf.exe157⤵
-
\??\c:\hbbttt.exec:\hbbttt.exe158⤵
-
\??\c:\tnnhhh.exec:\tnnhhh.exe159⤵
-
\??\c:\jddvv.exec:\jddvv.exe160⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe161⤵
-
\??\c:\fxxrlff.exec:\fxxrlff.exe162⤵
-
\??\c:\hbhntt.exec:\hbhntt.exe163⤵
-
\??\c:\5thhht.exec:\5thhht.exe164⤵
-
\??\c:\jpvvv.exec:\jpvvv.exe165⤵
-
\??\c:\vvjjd.exec:\vvjjd.exe166⤵
-
\??\c:\rxlllrf.exec:\rxlllrf.exe167⤵
-
\??\c:\xrrrlrx.exec:\xrrrlrx.exe168⤵
-
\??\c:\5tntbb.exec:\5tntbb.exe169⤵
-
\??\c:\llffrlx.exec:\llffrlx.exe170⤵
-
\??\c:\3bnbth.exec:\3bnbth.exe171⤵
-
\??\c:\rfrxxff.exec:\rfrxxff.exe172⤵
-
\??\c:\ddjjv.exec:\ddjjv.exe173⤵
-
\??\c:\jvvvp.exec:\jvvvp.exe174⤵
-
\??\c:\rxlxrff.exec:\rxlxrff.exe175⤵
-
\??\c:\nbhhnb.exec:\nbhhnb.exe176⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe177⤵
-
\??\c:\vpjjj.exec:\vpjjj.exe178⤵
-
\??\c:\3frrlxf.exec:\3frrlxf.exe179⤵
-
\??\c:\xflxfll.exec:\xflxfll.exe180⤵
-
\??\c:\bnhnhn.exec:\bnhnhn.exe181⤵
-
\??\c:\hbtbbt.exec:\hbtbbt.exe182⤵
-
\??\c:\djppd.exec:\djppd.exe183⤵
-
\??\c:\7rlrllf.exec:\7rlrllf.exe184⤵
-
\??\c:\3xxlffx.exec:\3xxlffx.exe185⤵
-
\??\c:\htnnbt.exec:\htnnbt.exe186⤵
-
\??\c:\tbbhht.exec:\tbbhht.exe187⤵
-
\??\c:\pjppp.exec:\pjppp.exe188⤵
-
\??\c:\1xxrrll.exec:\1xxrrll.exe189⤵
-
\??\c:\xrllxfl.exec:\xrllxfl.exe190⤵
-
\??\c:\nntntn.exec:\nntntn.exe191⤵
-
\??\c:\ddjdd.exec:\ddjdd.exe192⤵
-
\??\c:\lflxlrf.exec:\lflxlrf.exe193⤵
-
\??\c:\flfxffr.exec:\flfxffr.exe194⤵
-
\??\c:\tnbhht.exec:\tnbhht.exe195⤵
-
\??\c:\pvdpj.exec:\pvdpj.exe196⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe197⤵
-
\??\c:\rlxrllf.exec:\rlxrllf.exe198⤵
-
\??\c:\xxfflxl.exec:\xxfflxl.exe199⤵
-
\??\c:\hnnttt.exec:\hnnttt.exe200⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe201⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe202⤵
-
\??\c:\xxllffx.exec:\xxllffx.exe203⤵
-
\??\c:\xrlxrll.exec:\xrlxrll.exe204⤵
-
\??\c:\9nbnht.exec:\9nbnht.exe205⤵
-
\??\c:\nbnnth.exec:\nbnnth.exe206⤵
-
\??\c:\jjvpd.exec:\jjvpd.exe207⤵
-
\??\c:\pppjj.exec:\pppjj.exe208⤵
-
\??\c:\rxxlfff.exec:\rxxlfff.exe209⤵
-
\??\c:\7bnnhh.exec:\7bnnhh.exe210⤵
-
\??\c:\httnnn.exec:\httnnn.exe211⤵
-
\??\c:\9vpjj.exec:\9vpjj.exe212⤵
-
\??\c:\5dddv.exec:\5dddv.exe213⤵
-
\??\c:\9flfxxl.exec:\9flfxxl.exe214⤵
-
\??\c:\fxfxxxx.exec:\fxfxxxx.exe215⤵
-
\??\c:\nhhhtt.exec:\nhhhtt.exe216⤵
-
\??\c:\vjjpp.exec:\vjjpp.exe217⤵
-
\??\c:\jjddd.exec:\jjddd.exe218⤵
-
\??\c:\xxlffxr.exec:\xxlffxr.exe219⤵
-
\??\c:\5bbbtb.exec:\5bbbtb.exe220⤵
-
\??\c:\nntnhh.exec:\nntnhh.exe221⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe222⤵
-
\??\c:\xxffxfl.exec:\xxffxfl.exe223⤵
-
\??\c:\xfrrrxl.exec:\xfrrrxl.exe224⤵
-
\??\c:\bthhbh.exec:\bthhbh.exe225⤵
-
\??\c:\pjjpv.exec:\pjjpv.exe226⤵
-
\??\c:\3jjdv.exec:\3jjdv.exe227⤵
-
\??\c:\1rfxxxr.exec:\1rfxxxr.exe228⤵
-
\??\c:\1nbhth.exec:\1nbhth.exe229⤵
-
\??\c:\nbnbht.exec:\nbnbht.exe230⤵
-
\??\c:\jvvvv.exec:\jvvvv.exe231⤵
-
\??\c:\dvddv.exec:\dvddv.exe232⤵
-
\??\c:\xrfxllx.exec:\xrfxllx.exe233⤵
-
\??\c:\1tnbtn.exec:\1tnbtn.exe234⤵
-
\??\c:\pdpdj.exec:\pdpdj.exe235⤵
-
\??\c:\7jjjj.exec:\7jjjj.exe236⤵
-
\??\c:\xlfxxxx.exec:\xlfxxxx.exe237⤵
-
\??\c:\5xxfffl.exec:\5xxfffl.exe238⤵
-
\??\c:\nhnnht.exec:\nhnnht.exe239⤵
-
\??\c:\vdddd.exec:\vdddd.exe240⤵
-
\??\c:\7rlfffx.exec:\7rlfffx.exe241⤵