Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
20-05-2024 20:09
General
-
Target
00d7389dd9b77d3d9e312d2bef23c118bc0a48e96a1021edea4c6b9936aad852.exe
-
Size
81KB
-
MD5
f6cd42cc135918e8e9426d15822fd560
-
SHA1
93296eb05d4846f4ec12747a72e039bd5ea670c4
-
SHA256
00d7389dd9b77d3d9e312d2bef23c118bc0a48e96a1021edea4c6b9936aad852
-
SHA512
c1c8263ffbda854e0b4ac841192fbfca9ff59562cde58cdeb70069aa0c8af681db9300a33b441ae54c9a39bf54844f74e70317f985bca21cc2aa26d72ce22164
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo7xCkTsIwtOa2dYS8nj+:ymb3NkkiQ3mdBjFo7LAIbT6j+
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\00d7389dd9b77d3d9e312d2bef23c118bc0a48e96a1021edea4c6b9936aad852.exe"C:\Users\Admin\AppData\Local\Temp\00d7389dd9b77d3d9e312d2bef23c118bc0a48e96a1021edea4c6b9936aad852.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxfrxl.exec:\lfxfrxl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tntnt.exec:\1tntnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hhhtt.exec:\1hhhtt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ppvd.exec:\1ppvd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lfxfll.exec:\9lfxfll.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhtbh.exec:\nnhtbh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjvd.exec:\dvjvd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddj.exec:\vpddj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjpp.exec:\pjjpp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rrxrlf.exec:\7rrxrlf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrxfl.exec:\xrlrxfl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbhnt.exec:\btbhnt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhhbb.exec:\nnhhbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbntb.exec:\tnbntb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdv.exec:\pjjdv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rfllxl.exec:\9rfllxl.exe17⤵
- Executes dropped EXE
-
\??\c:\fxrxllr.exec:\fxrxllr.exe18⤵
- Executes dropped EXE
-
\??\c:\3tnhtt.exec:\3tnhtt.exe19⤵
- Executes dropped EXE
-
\??\c:\hbtbhb.exec:\hbtbhb.exe20⤵
- Executes dropped EXE
-
\??\c:\ttnhnb.exec:\ttnhnb.exe21⤵
- Executes dropped EXE
-
\??\c:\vpjvd.exec:\vpjvd.exe22⤵
- Executes dropped EXE
-
\??\c:\9pvjv.exec:\9pvjv.exe23⤵
- Executes dropped EXE
-
\??\c:\3pjpv.exec:\3pjpv.exe24⤵
- Executes dropped EXE
-
\??\c:\fxxfrxl.exec:\fxxfrxl.exe25⤵
- Executes dropped EXE
-
\??\c:\fffxllx.exec:\fffxllx.exe26⤵
- Executes dropped EXE
-
\??\c:\hbntht.exec:\hbntht.exe27⤵
- Executes dropped EXE
-
\??\c:\ddvvp.exec:\ddvvp.exe28⤵
- Executes dropped EXE
-
\??\c:\xrlxxlx.exec:\xrlxxlx.exe29⤵
- Executes dropped EXE
-
\??\c:\thhhth.exec:\thhhth.exe30⤵
- Executes dropped EXE
-
\??\c:\3dddp.exec:\3dddp.exe31⤵
- Executes dropped EXE
-
\??\c:\5rrlrfl.exec:\5rrlrfl.exe32⤵
- Executes dropped EXE
-
\??\c:\fxrrxfr.exec:\fxrrxfr.exe33⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe34⤵
- Executes dropped EXE
-
\??\c:\7llrxlr.exec:\7llrxlr.exe35⤵
- Executes dropped EXE
-
\??\c:\fxlxlrx.exec:\fxlxlrx.exe36⤵
- Executes dropped EXE
-
\??\c:\hbhntb.exec:\hbhntb.exe37⤵
- Executes dropped EXE
-
\??\c:\3bbhhh.exec:\3bbhhh.exe38⤵
- Executes dropped EXE
-
\??\c:\dpjdd.exec:\dpjdd.exe39⤵
- Executes dropped EXE
-
\??\c:\7jpvv.exec:\7jpvv.exe40⤵
- Executes dropped EXE
-
\??\c:\5rrrrlr.exec:\5rrrrlr.exe41⤵
- Executes dropped EXE
-
\??\c:\hbbhtt.exec:\hbbhtt.exe42⤵
- Executes dropped EXE
-
\??\c:\dddjj.exec:\dddjj.exe43⤵
- Executes dropped EXE
-
\??\c:\vppdv.exec:\vppdv.exe44⤵
- Executes dropped EXE
-
\??\c:\pvpvd.exec:\pvpvd.exe45⤵
- Executes dropped EXE
-
\??\c:\xlrfxxf.exec:\xlrfxxf.exe46⤵
- Executes dropped EXE
-
\??\c:\ffxxrff.exec:\ffxxrff.exe47⤵
- Executes dropped EXE
-
\??\c:\3bbnbh.exec:\3bbnbh.exe48⤵
- Executes dropped EXE
-
\??\c:\nhhhnt.exec:\nhhhnt.exe49⤵
- Executes dropped EXE
-
\??\c:\jjdjp.exec:\jjdjp.exe50⤵
- Executes dropped EXE
-
\??\c:\pjpvd.exec:\pjpvd.exe51⤵
- Executes dropped EXE
-
\??\c:\rrlxlrx.exec:\rrlxlrx.exe52⤵
- Executes dropped EXE
-
\??\c:\lffrxxl.exec:\lffrxxl.exe53⤵
- Executes dropped EXE
-
\??\c:\1bnthn.exec:\1bnthn.exe54⤵
- Executes dropped EXE
-
\??\c:\nbbhnn.exec:\nbbhnn.exe55⤵
- Executes dropped EXE
-
\??\c:\jdjjp.exec:\jdjjp.exe56⤵
- Executes dropped EXE
-
\??\c:\vvjjp.exec:\vvjjp.exe57⤵
- Executes dropped EXE
-
\??\c:\1lfrflf.exec:\1lfrflf.exe58⤵
- Executes dropped EXE
-
\??\c:\xffxrrr.exec:\xffxrrr.exe59⤵
- Executes dropped EXE
-
\??\c:\9hbbhh.exec:\9hbbhh.exe60⤵
- Executes dropped EXE
-
\??\c:\hbhhtb.exec:\hbhhtb.exe61⤵
- Executes dropped EXE
-
\??\c:\3dpvj.exec:\3dpvj.exe62⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe63⤵
- Executes dropped EXE
-
\??\c:\ffxfrfr.exec:\ffxfrfr.exe64⤵
- Executes dropped EXE
-
\??\c:\xrxxrrf.exec:\xrxxrrf.exe65⤵
- Executes dropped EXE
-
\??\c:\tnhtnn.exec:\tnhtnn.exe66⤵
-
\??\c:\5thttt.exec:\5thttt.exe67⤵
-
\??\c:\ppdpd.exec:\ppdpd.exe68⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe69⤵
-
\??\c:\rrrfrxl.exec:\rrrfrxl.exe70⤵
-
\??\c:\ffxxxlx.exec:\ffxxxlx.exe71⤵
-
\??\c:\frxxrll.exec:\frxxrll.exe72⤵
-
\??\c:\btbbbh.exec:\btbbbh.exe73⤵
-
\??\c:\nhbbbn.exec:\nhbbbn.exe74⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe75⤵
-
\??\c:\vjppj.exec:\vjppj.exe76⤵
-
\??\c:\rlrrrxl.exec:\rlrrrxl.exe77⤵
-
\??\c:\rlxfffr.exec:\rlxfffr.exe78⤵
-
\??\c:\1nhntt.exec:\1nhntt.exe79⤵
-
\??\c:\7nbntb.exec:\7nbntb.exe80⤵
-
\??\c:\jdvdd.exec:\jdvdd.exe81⤵
-
\??\c:\3pppp.exec:\3pppp.exe82⤵
-
\??\c:\7fffflf.exec:\7fffflf.exe83⤵
-
\??\c:\ffxflrx.exec:\ffxflrx.exe84⤵
-
\??\c:\9btbnh.exec:\9btbnh.exe85⤵
-
\??\c:\ntnbhn.exec:\ntnbhn.exe86⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe87⤵
-
\??\c:\dvjvd.exec:\dvjvd.exe88⤵
-
\??\c:\rlxxlrl.exec:\rlxxlrl.exe89⤵
-
\??\c:\5xllrxf.exec:\5xllrxf.exe90⤵
-
\??\c:\tntbhn.exec:\tntbhn.exe91⤵
-
\??\c:\nhthhb.exec:\nhthhb.exe92⤵
-
\??\c:\hththn.exec:\hththn.exe93⤵
-
\??\c:\dvdjj.exec:\dvdjj.exe94⤵
-
\??\c:\9pdjv.exec:\9pdjv.exe95⤵
-
\??\c:\lfxxfff.exec:\lfxxfff.exe96⤵
-
\??\c:\7rrfrxr.exec:\7rrfrxr.exe97⤵
-
\??\c:\nbhnbb.exec:\nbhnbb.exe98⤵
-
\??\c:\htttnb.exec:\htttnb.exe99⤵
-
\??\c:\thtnhb.exec:\thtnhb.exe100⤵
-
\??\c:\3ddjp.exec:\3ddjp.exe101⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe102⤵
-
\??\c:\3fxffrr.exec:\3fxffrr.exe103⤵
-
\??\c:\5fffffr.exec:\5fffffr.exe104⤵
-
\??\c:\tthnhh.exec:\tthnhh.exe105⤵
-
\??\c:\hbbtbt.exec:\hbbtbt.exe106⤵
-
\??\c:\1pjvv.exec:\1pjvv.exe107⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe108⤵
-
\??\c:\7jvpp.exec:\7jvpp.exe109⤵
-
\??\c:\flrflfl.exec:\flrflfl.exe110⤵
-
\??\c:\xrflflf.exec:\xrflflf.exe111⤵
-
\??\c:\hbttbb.exec:\hbttbb.exe112⤵
-
\??\c:\tnhthn.exec:\tnhthn.exe113⤵
-
\??\c:\3vpdd.exec:\3vpdd.exe114⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe115⤵
-
\??\c:\lrflfrl.exec:\lrflfrl.exe116⤵
-
\??\c:\9rlrrlr.exec:\9rlrrlr.exe117⤵
-
\??\c:\5lrxlrf.exec:\5lrxlrf.exe118⤵
-
\??\c:\9btnbt.exec:\9btnbt.exe119⤵
-
\??\c:\hthntb.exec:\hthntb.exe120⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe121⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe122⤵
-
\??\c:\jdjpv.exec:\jdjpv.exe123⤵
-
\??\c:\fxrrllx.exec:\fxrrllx.exe124⤵
-
\??\c:\xrflrxx.exec:\xrflrxx.exe125⤵
-
\??\c:\tnhhtn.exec:\tnhhtn.exe126⤵
-
\??\c:\btntbh.exec:\btntbh.exe127⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe128⤵
-
\??\c:\1jvvd.exec:\1jvvd.exe129⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe130⤵
-
\??\c:\rxlfrxl.exec:\rxlfrxl.exe131⤵
-
\??\c:\3rllllr.exec:\3rllllr.exe132⤵
-
\??\c:\bnbtbt.exec:\bnbtbt.exe133⤵
-
\??\c:\7nnhtt.exec:\7nnhtt.exe134⤵
-
\??\c:\9hthhb.exec:\9hthhb.exe135⤵
-
\??\c:\pjppp.exec:\pjppp.exe136⤵
-
\??\c:\lfrllfl.exec:\lfrllfl.exe137⤵
-
\??\c:\hhbhtn.exec:\hhbhtn.exe138⤵
-
\??\c:\nbhhhh.exec:\nbhhhh.exe139⤵
-
\??\c:\pdjpv.exec:\pdjpv.exe140⤵
-
\??\c:\7vjjp.exec:\7vjjp.exe141⤵
-
\??\c:\lfrlxfl.exec:\lfrlxfl.exe142⤵
-
\??\c:\xllflll.exec:\xllflll.exe143⤵
-
\??\c:\1bntbb.exec:\1bntbb.exe144⤵
-
\??\c:\3thntb.exec:\3thntb.exe145⤵
-
\??\c:\vvjdj.exec:\vvjdj.exe146⤵
-
\??\c:\pdjdj.exec:\pdjdj.exe147⤵
-
\??\c:\flfrfxx.exec:\flfrfxx.exe148⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe149⤵
-
\??\c:\5nnnnn.exec:\5nnnnn.exe150⤵
-
\??\c:\pvjdv.exec:\pvjdv.exe151⤵
-
\??\c:\1dvvd.exec:\1dvvd.exe152⤵
-
\??\c:\rxrrrll.exec:\rxrrrll.exe153⤵
-
\??\c:\1rrlxfr.exec:\1rrlxfr.exe154⤵
-
\??\c:\3xfffxr.exec:\3xfffxr.exe155⤵
-
\??\c:\tnnthh.exec:\tnnthh.exe156⤵
-
\??\c:\9tnttb.exec:\9tnttb.exe157⤵
-
\??\c:\ppdpd.exec:\ppdpd.exe158⤵
-
\??\c:\9fxxlrr.exec:\9fxxlrr.exe159⤵
-
\??\c:\fxrfllx.exec:\fxrfllx.exe160⤵
-
\??\c:\3nbhbb.exec:\3nbhbb.exe161⤵
-
\??\c:\nhttnn.exec:\nhttnn.exe162⤵
-
\??\c:\3vpjp.exec:\3vpjp.exe163⤵
-
\??\c:\vddvv.exec:\vddvv.exe164⤵
-
\??\c:\lfxfllf.exec:\lfxfllf.exe165⤵
-
\??\c:\lflrrlr.exec:\lflrrlr.exe166⤵
-
\??\c:\thnnhh.exec:\thnnhh.exe167⤵
-
\??\c:\bhttbt.exec:\bhttbt.exe168⤵
-
\??\c:\7dvdj.exec:\7dvdj.exe169⤵
-
\??\c:\vjdvp.exec:\vjdvp.exe170⤵
-
\??\c:\frlfflr.exec:\frlfflr.exe171⤵
-
\??\c:\ffxrfff.exec:\ffxrfff.exe172⤵
-
\??\c:\hntbbt.exec:\hntbbt.exe173⤵
-
\??\c:\btntbh.exec:\btntbh.exe174⤵
-
\??\c:\3nbbht.exec:\3nbbht.exe175⤵
-
\??\c:\jvjdj.exec:\jvjdj.exe176⤵
-
\??\c:\vjpjp.exec:\vjpjp.exe177⤵
-
\??\c:\vvddj.exec:\vvddj.exe178⤵
-
\??\c:\xfrrxrr.exec:\xfrrxrr.exe179⤵
-
\??\c:\7ffrxfl.exec:\7ffrxfl.exe180⤵
-
\??\c:\3thttt.exec:\3thttt.exe181⤵
-
\??\c:\btnbnn.exec:\btnbnn.exe182⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe183⤵
-
\??\c:\lrrlfxl.exec:\lrrlfxl.exe184⤵
-
\??\c:\3xxfrrx.exec:\3xxfrrx.exe185⤵
-
\??\c:\frffxrr.exec:\frffxrr.exe186⤵
-
\??\c:\nbnhhb.exec:\nbnhhb.exe187⤵
-
\??\c:\hhbhth.exec:\hhbhth.exe188⤵
-
\??\c:\jddpv.exec:\jddpv.exe189⤵
-
\??\c:\1vjpv.exec:\1vjpv.exe190⤵
-
\??\c:\jvdvd.exec:\jvdvd.exe191⤵
-
\??\c:\rfflrfr.exec:\rfflrfr.exe192⤵
-
\??\c:\3lrlrff.exec:\3lrlrff.exe193⤵
-
\??\c:\thnnhh.exec:\thnnhh.exe194⤵
-
\??\c:\tnttnn.exec:\tnttnn.exe195⤵
-
\??\c:\3pddd.exec:\3pddd.exe196⤵
-
\??\c:\7pvvv.exec:\7pvvv.exe197⤵
-
\??\c:\xxfrxlf.exec:\xxfrxlf.exe198⤵
-
\??\c:\tnhtbb.exec:\tnhtbb.exe199⤵
-
\??\c:\hhhttb.exec:\hhhttb.exe200⤵
-
\??\c:\5jjvd.exec:\5jjvd.exe201⤵
-
\??\c:\5pjjp.exec:\5pjjp.exe202⤵
-
\??\c:\9frrrll.exec:\9frrrll.exe203⤵
-
\??\c:\xfxxflr.exec:\xfxxflr.exe204⤵
-
\??\c:\1bnttt.exec:\1bnttt.exe205⤵
-
\??\c:\3tbbtn.exec:\3tbbtn.exe206⤵
-
\??\c:\9pjvj.exec:\9pjvj.exe207⤵
-
\??\c:\ddjpd.exec:\ddjpd.exe208⤵
-
\??\c:\7lxffff.exec:\7lxffff.exe209⤵
-
\??\c:\xxlrffx.exec:\xxlrffx.exe210⤵
-
\??\c:\rfrrrll.exec:\rfrrrll.exe211⤵
-
\??\c:\5btbbt.exec:\5btbbt.exe212⤵
-
\??\c:\bthbhh.exec:\bthbhh.exe213⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe214⤵
-
\??\c:\djpjd.exec:\djpjd.exe215⤵
-
\??\c:\5xrxrrr.exec:\5xrxrrr.exe216⤵
-
\??\c:\9frlrrf.exec:\9frlrrf.exe217⤵
-
\??\c:\htbttt.exec:\htbttt.exe218⤵
-
\??\c:\hbhhnb.exec:\hbhhnb.exe219⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe220⤵
-
\??\c:\7jdpj.exec:\7jdpj.exe221⤵
-
\??\c:\7rrlrxx.exec:\7rrlrxx.exe222⤵
-
\??\c:\lxflrrl.exec:\lxflrrl.exe223⤵
-
\??\c:\hnnhnb.exec:\hnnhnb.exe224⤵
-
\??\c:\dddpp.exec:\dddpp.exe225⤵
-
\??\c:\jvppp.exec:\jvppp.exe226⤵
-
\??\c:\fllrrrl.exec:\fllrrrl.exe227⤵
-
\??\c:\7lfffxf.exec:\7lfffxf.exe228⤵
-
\??\c:\nhhbbb.exec:\nhhbbb.exe229⤵
-
\??\c:\bbthtt.exec:\bbthtt.exe230⤵
-
\??\c:\tthntt.exec:\tthntt.exe231⤵
-
\??\c:\dddjv.exec:\dddjv.exe232⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe233⤵
-
\??\c:\rlxfrrx.exec:\rlxfrrx.exe234⤵
-
\??\c:\bbbhhb.exec:\bbbhhb.exe235⤵
-
\??\c:\hnthbn.exec:\hnthbn.exe236⤵
-
\??\c:\pjpdj.exec:\pjpdj.exe237⤵
-
\??\c:\pjjjp.exec:\pjjjp.exe238⤵
-
\??\c:\pdjvd.exec:\pdjvd.exe239⤵
-
\??\c:\fxllrxl.exec:\fxllrxl.exe240⤵
-
\??\c:\xlflllr.exec:\xlflllr.exe241⤵