Analysis
-
max time kernel
149s -
max time network
109s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
20-05-2024 20:09
General
-
Target
00d7389dd9b77d3d9e312d2bef23c118bc0a48e96a1021edea4c6b9936aad852.exe
-
Size
81KB
-
MD5
f6cd42cc135918e8e9426d15822fd560
-
SHA1
93296eb05d4846f4ec12747a72e039bd5ea670c4
-
SHA256
00d7389dd9b77d3d9e312d2bef23c118bc0a48e96a1021edea4c6b9936aad852
-
SHA512
c1c8263ffbda854e0b4ac841192fbfca9ff59562cde58cdeb70069aa0c8af681db9300a33b441ae54c9a39bf54844f74e70317f985bca21cc2aa26d72ce22164
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo7xCkTsIwtOa2dYS8nj+:ymb3NkkiQ3mdBjFo7LAIbT6j+
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\00d7389dd9b77d3d9e312d2bef23c118bc0a48e96a1021edea4c6b9936aad852.exe"C:\Users\Admin\AppData\Local\Temp\00d7389dd9b77d3d9e312d2bef23c118bc0a48e96a1021edea4c6b9936aad852.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbnnt.exec:\hbbnnt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpddj.exec:\jpddj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ddvv.exec:\1ddvv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxlffx.exec:\lrxlffx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbbtn.exec:\hnbbtn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhtnbb.exec:\bhtnbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjjd.exec:\vjjjd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dvvp.exec:\1dvvp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflrflf.exec:\rflrflf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbhh.exec:\nhhbhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tnbnh.exec:\5tnbnh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdvj.exec:\jjdvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxrfxx.exec:\lfxrfxx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlfxxr.exec:\xxlfxxr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhnh.exec:\hbhhnh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jpjv.exec:\5jpjv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvjd.exec:\pjvjd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxlxrl.exec:\rfxlxrl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhtt.exec:\bthhtt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjjd.exec:\djjjd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxrlll.exec:\lrxrlll.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxrlf.exec:\rlfxrlf.exe23⤵
- Executes dropped EXE
-
\??\c:\7hhhhh.exec:\7hhhhh.exe24⤵
- Executes dropped EXE
-
\??\c:\vjjjd.exec:\vjjjd.exe25⤵
- Executes dropped EXE
-
\??\c:\jdpjj.exec:\jdpjj.exe26⤵
- Executes dropped EXE
-
\??\c:\3xlfxfx.exec:\3xlfxfx.exe27⤵
- Executes dropped EXE
-
\??\c:\xffxxrl.exec:\xffxxrl.exe28⤵
- Executes dropped EXE
-
\??\c:\ntthhn.exec:\ntthhn.exe29⤵
- Executes dropped EXE
-
\??\c:\bttnbb.exec:\bttnbb.exe30⤵
- Executes dropped EXE
-
\??\c:\jvvjd.exec:\jvvjd.exe31⤵
- Executes dropped EXE
-
\??\c:\xrrfxrl.exec:\xrrfxrl.exe32⤵
- Executes dropped EXE
-
\??\c:\xfffffx.exec:\xfffffx.exe33⤵
- Executes dropped EXE
-
\??\c:\thttbt.exec:\thttbt.exe34⤵
- Executes dropped EXE
-
\??\c:\dddvv.exec:\dddvv.exe35⤵
- Executes dropped EXE
-
\??\c:\jjppv.exec:\jjppv.exe36⤵
- Executes dropped EXE
-
\??\c:\lffrrrl.exec:\lffrrrl.exe37⤵
- Executes dropped EXE
-
\??\c:\rflfllr.exec:\rflfllr.exe38⤵
- Executes dropped EXE
-
\??\c:\bbhhbt.exec:\bbhhbt.exe39⤵
- Executes dropped EXE
-
\??\c:\nbnbhh.exec:\nbnbhh.exe40⤵
- Executes dropped EXE
-
\??\c:\dvpdj.exec:\dvpdj.exe41⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe42⤵
- Executes dropped EXE
-
\??\c:\1xxfrxr.exec:\1xxfrxr.exe43⤵
- Executes dropped EXE
-
\??\c:\1btnbt.exec:\1btnbt.exe44⤵
- Executes dropped EXE
-
\??\c:\bbhnhb.exec:\bbhnhb.exe45⤵
- Executes dropped EXE
-
\??\c:\jdpjp.exec:\jdpjp.exe46⤵
- Executes dropped EXE
-
\??\c:\vjjvj.exec:\vjjvj.exe47⤵
- Executes dropped EXE
-
\??\c:\xflflrl.exec:\xflflrl.exe48⤵
- Executes dropped EXE
-
\??\c:\hnhbnn.exec:\hnhbnn.exe49⤵
- Executes dropped EXE
-
\??\c:\3ddvv.exec:\3ddvv.exe50⤵
- Executes dropped EXE
-
\??\c:\jvpjv.exec:\jvpjv.exe51⤵
- Executes dropped EXE
-
\??\c:\7rxrrll.exec:\7rxrrll.exe52⤵
- Executes dropped EXE
-
\??\c:\lrfxfxl.exec:\lrfxfxl.exe53⤵
- Executes dropped EXE
-
\??\c:\tnntht.exec:\tnntht.exe54⤵
- Executes dropped EXE
-
\??\c:\7hhbnn.exec:\7hhbnn.exe55⤵
- Executes dropped EXE
-
\??\c:\hhnntt.exec:\hhnntt.exe56⤵
- Executes dropped EXE
-
\??\c:\jjddp.exec:\jjddp.exe57⤵
- Executes dropped EXE
-
\??\c:\9ddpd.exec:\9ddpd.exe58⤵
- Executes dropped EXE
-
\??\c:\xxrfrrf.exec:\xxrfrrf.exe59⤵
- Executes dropped EXE
-
\??\c:\tthhtt.exec:\tthhtt.exe60⤵
- Executes dropped EXE
-
\??\c:\thbnhh.exec:\thbnhh.exe61⤵
- Executes dropped EXE
-
\??\c:\jvvdv.exec:\jvvdv.exe62⤵
- Executes dropped EXE
-
\??\c:\fllxrlr.exec:\fllxrlr.exe63⤵
- Executes dropped EXE
-
\??\c:\fffrxrl.exec:\fffrxrl.exe64⤵
- Executes dropped EXE
-
\??\c:\jddpd.exec:\jddpd.exe65⤵
- Executes dropped EXE
-
\??\c:\xllfxxr.exec:\xllfxxr.exe66⤵
-
\??\c:\lrxxrxr.exec:\lrxxrxr.exe67⤵
-
\??\c:\tbbtnh.exec:\tbbtnh.exe68⤵
-
\??\c:\htbbnn.exec:\htbbnn.exe69⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe70⤵
-
\??\c:\dpvpd.exec:\dpvpd.exe71⤵
-
\??\c:\lfrlrrf.exec:\lfrlrrf.exe72⤵
-
\??\c:\lfrffxf.exec:\lfrffxf.exe73⤵
-
\??\c:\tnhhbb.exec:\tnhhbb.exe74⤵
-
\??\c:\ntbthh.exec:\ntbthh.exe75⤵
-
\??\c:\9tnhtt.exec:\9tnhtt.exe76⤵
-
\??\c:\vjvjv.exec:\vjvjv.exe77⤵
-
\??\c:\lxrrlfx.exec:\lxrrlfx.exe78⤵
-
\??\c:\lfrllxf.exec:\lfrllxf.exe79⤵
-
\??\c:\lrfllfx.exec:\lrfllfx.exe80⤵
-
\??\c:\hnntnn.exec:\hnntnn.exe81⤵
-
\??\c:\jpdpd.exec:\jpdpd.exe82⤵
-
\??\c:\vpvjv.exec:\vpvjv.exe83⤵
-
\??\c:\pppdv.exec:\pppdv.exe84⤵
-
\??\c:\xxxrxxf.exec:\xxxrxxf.exe85⤵
-
\??\c:\3nbhbh.exec:\3nbhbh.exe86⤵
-
\??\c:\bbbtnh.exec:\bbbtnh.exe87⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe88⤵
-
\??\c:\rlflfxx.exec:\rlflfxx.exe89⤵
-
\??\c:\tbbbhn.exec:\tbbbhn.exe90⤵
-
\??\c:\7djdv.exec:\7djdv.exe91⤵
-
\??\c:\lxlrllr.exec:\lxlrllr.exe92⤵
-
\??\c:\3ttbth.exec:\3ttbth.exe93⤵
-
\??\c:\tnbtnb.exec:\tnbtnb.exe94⤵
-
\??\c:\vvdpj.exec:\vvdpj.exe95⤵
-
\??\c:\3xfxrrl.exec:\3xfxrrl.exe96⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe97⤵
-
\??\c:\tbbbnn.exec:\tbbbnn.exe98⤵
-
\??\c:\9jvpv.exec:\9jvpv.exe99⤵
-
\??\c:\dpjjd.exec:\dpjjd.exe100⤵
-
\??\c:\rflffff.exec:\rflffff.exe101⤵
-
\??\c:\hnbbth.exec:\hnbbth.exe102⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe103⤵
-
\??\c:\jdvjv.exec:\jdvjv.exe104⤵
-
\??\c:\fxlfxrf.exec:\fxlfxrf.exe105⤵
-
\??\c:\xrlfxrl.exec:\xrlfxrl.exe106⤵
-
\??\c:\3bbttn.exec:\3bbttn.exe107⤵
-
\??\c:\htnhbt.exec:\htnhbt.exe108⤵
-
\??\c:\vpdpp.exec:\vpdpp.exe109⤵
-
\??\c:\xfxffxx.exec:\xfxffxx.exe110⤵
-
\??\c:\llrllrr.exec:\llrllrr.exe111⤵
-
\??\c:\5bbbtt.exec:\5bbbtt.exe112⤵
-
\??\c:\pddpd.exec:\pddpd.exe113⤵
-
\??\c:\7jdvj.exec:\7jdvj.exe114⤵
-
\??\c:\5rxrrxr.exec:\5rxrrxr.exe115⤵
-
\??\c:\rxflfxr.exec:\rxflfxr.exe116⤵
-
\??\c:\bttnnn.exec:\bttnnn.exe117⤵
-
\??\c:\bbthht.exec:\bbthht.exe118⤵
-
\??\c:\ppppp.exec:\ppppp.exe119⤵
-
\??\c:\fflffxf.exec:\fflffxf.exe120⤵
-
\??\c:\3flfrrl.exec:\3flfrrl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-