Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
20-05-2024 20:09
General
-
Target
216afb510e3aad4e9b8b5935534ad628195549cd8a9777d9a888bdc20fa82515.exe
-
Size
70KB
-
MD5
4c2713169fd9688aed5c1c9e80b6ecd2
-
SHA1
a36f1cee992c67f51b1d876fe0af7d763cd4b0df
-
SHA256
216afb510e3aad4e9b8b5935534ad628195549cd8a9777d9a888bdc20fa82515
-
SHA512
efdaadb0564e2dc5ac6e4a62cf46de8b6b4b995df410ccbb38bc72fd5cd2c2c963bbde3d2a851ad9bd48c664515ab57f5b4d5194495455b119eb2405e3cb1c72
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73tgyYrc:ymb3NkkiQ3mdBjFo73thY4
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
UPX dump on OEP (original entry point) 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\216afb510e3aad4e9b8b5935534ad628195549cd8a9777d9a888bdc20fa82515.exe"C:\Users\Admin\AppData\Local\Temp\216afb510e3aad4e9b8b5935534ad628195549cd8a9777d9a888bdc20fa82515.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1frrlrx.exec:\1frrlrx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\04002.exec:\04002.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\20880.exec:\20880.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbnnb.exec:\bhbnnb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8640668.exec:\8640668.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8602468.exec:\8602468.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4806828.exec:\4806828.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbhb.exec:\hbbbhb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\080688.exec:\080688.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6428226.exec:\6428226.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\646244.exec:\646244.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvvd.exec:\dpvvd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrrfx.exec:\rlrrrfx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrxfxf.exec:\frrxfxf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8240662.exec:\8240662.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\46228.exec:\46228.exe17⤵
- Executes dropped EXE
-
\??\c:\42400.exec:\42400.exe18⤵
- Executes dropped EXE
-
\??\c:\dvdvd.exec:\dvdvd.exe19⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe20⤵
- Executes dropped EXE
-
\??\c:\2486024.exec:\2486024.exe21⤵
- Executes dropped EXE
-
\??\c:\rrlllrf.exec:\rrlllrf.exe22⤵
- Executes dropped EXE
-
\??\c:\2062880.exec:\2062880.exe23⤵
- Executes dropped EXE
-
\??\c:\26406.exec:\26406.exe24⤵
- Executes dropped EXE
-
\??\c:\7xxlrrx.exec:\7xxlrrx.exe25⤵
- Executes dropped EXE
-
\??\c:\pddjd.exec:\pddjd.exe26⤵
- Executes dropped EXE
-
\??\c:\ddpvd.exec:\ddpvd.exe27⤵
- Executes dropped EXE
-
\??\c:\868248.exec:\868248.exe28⤵
- Executes dropped EXE
-
\??\c:\vpjpv.exec:\vpjpv.exe29⤵
- Executes dropped EXE
-
\??\c:\nhtthh.exec:\nhtthh.exe30⤵
- Executes dropped EXE
-
\??\c:\nhhhtt.exec:\nhhhtt.exe31⤵
- Executes dropped EXE
-
\??\c:\604022.exec:\604022.exe32⤵
- Executes dropped EXE
-
\??\c:\8684224.exec:\8684224.exe33⤵
- Executes dropped EXE
-
\??\c:\646644.exec:\646644.exe34⤵
- Executes dropped EXE
-
\??\c:\64060.exec:\64060.exe35⤵
- Executes dropped EXE
-
\??\c:\04668.exec:\04668.exe36⤵
- Executes dropped EXE
-
\??\c:\dvdvj.exec:\dvdvj.exe37⤵
- Executes dropped EXE
-
\??\c:\lfffrrx.exec:\lfffrrx.exe38⤵
- Executes dropped EXE
-
\??\c:\5hbntt.exec:\5hbntt.exe39⤵
- Executes dropped EXE
-
\??\c:\86488.exec:\86488.exe40⤵
- Executes dropped EXE
-
\??\c:\5vdjv.exec:\5vdjv.exe41⤵
- Executes dropped EXE
-
\??\c:\btbbnn.exec:\btbbnn.exe42⤵
- Executes dropped EXE
-
\??\c:\bbttht.exec:\bbttht.exe43⤵
- Executes dropped EXE
-
\??\c:\1lfxxxf.exec:\1lfxxxf.exe44⤵
- Executes dropped EXE
-
\??\c:\7vpjp.exec:\7vpjp.exe45⤵
- Executes dropped EXE
-
\??\c:\o066662.exec:\o066662.exe46⤵
- Executes dropped EXE
-
\??\c:\jjjpj.exec:\jjjpj.exe47⤵
- Executes dropped EXE
-
\??\c:\28488.exec:\28488.exe48⤵
- Executes dropped EXE
-
\??\c:\e66848.exec:\e66848.exe49⤵
- Executes dropped EXE
-
\??\c:\u244006.exec:\u244006.exe50⤵
- Executes dropped EXE
-
\??\c:\2060608.exec:\2060608.exe51⤵
- Executes dropped EXE
-
\??\c:\m6284.exec:\m6284.exe52⤵
- Executes dropped EXE
-
\??\c:\9lxfxff.exec:\9lxfxff.exe53⤵
- Executes dropped EXE
-
\??\c:\04062.exec:\04062.exe54⤵
- Executes dropped EXE
-
\??\c:\k20062.exec:\k20062.exe55⤵
- Executes dropped EXE
-
\??\c:\jvddv.exec:\jvddv.exe56⤵
- Executes dropped EXE
-
\??\c:\jvjjp.exec:\jvjjp.exe57⤵
- Executes dropped EXE
-
\??\c:\bthnbh.exec:\bthnbh.exe58⤵
- Executes dropped EXE
-
\??\c:\8622884.exec:\8622884.exe59⤵
- Executes dropped EXE
-
\??\c:\xrfxrxl.exec:\xrfxrxl.exe60⤵
- Executes dropped EXE
-
\??\c:\3jjdp.exec:\3jjdp.exe61⤵
- Executes dropped EXE
-
\??\c:\bhbhnt.exec:\bhbhnt.exe62⤵
- Executes dropped EXE
-
\??\c:\fxllrrx.exec:\fxllrrx.exe63⤵
- Executes dropped EXE
-
\??\c:\7ttbbh.exec:\7ttbbh.exe64⤵
- Executes dropped EXE
-
\??\c:\640666.exec:\640666.exe65⤵
- Executes dropped EXE
-
\??\c:\thnhtn.exec:\thnhtn.exe66⤵
-
\??\c:\ppjvj.exec:\ppjvj.exe67⤵
-
\??\c:\nbnntt.exec:\nbnntt.exe68⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe69⤵
-
\??\c:\k68282.exec:\k68282.exe70⤵
-
\??\c:\fxrxxxf.exec:\fxrxxxf.exe71⤵
-
\??\c:\btntbh.exec:\btntbh.exe72⤵
-
\??\c:\bhbbhn.exec:\bhbbhn.exe73⤵
-
\??\c:\ttbbbh.exec:\ttbbbh.exe74⤵
-
\??\c:\rfrrrlx.exec:\rfrrrlx.exe75⤵
-
\??\c:\204868.exec:\204868.exe76⤵
-
\??\c:\jjddj.exec:\jjddj.exe77⤵
-
\??\c:\tbhnbh.exec:\tbhnbh.exe78⤵
-
\??\c:\rflrrlf.exec:\rflrrlf.exe79⤵
-
\??\c:\080882.exec:\080882.exe80⤵
-
\??\c:\64000.exec:\64000.exe81⤵
-
\??\c:\002624.exec:\002624.exe82⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe83⤵
-
\??\c:\w20088.exec:\w20088.exe84⤵
-
\??\c:\824066.exec:\824066.exe85⤵
-
\??\c:\4866600.exec:\4866600.exe86⤵
-
\??\c:\dpvdp.exec:\dpvdp.exe87⤵
-
\??\c:\xrffffr.exec:\xrffffr.exe88⤵
-
\??\c:\48200.exec:\48200.exe89⤵
-
\??\c:\46440.exec:\46440.exe90⤵
-
\??\c:\q20660.exec:\q20660.exe91⤵
-
\??\c:\lflrxxf.exec:\lflrxxf.exe92⤵
-
\??\c:\s0846.exec:\s0846.exe93⤵
-
\??\c:\hhbnht.exec:\hhbnht.exe94⤵
-
\??\c:\42480.exec:\42480.exe95⤵
-
\??\c:\646662.exec:\646662.exe96⤵
-
\??\c:\lxlrxfl.exec:\lxlrxfl.exe97⤵
-
\??\c:\dvdjj.exec:\dvdjj.exe98⤵
-
\??\c:\hbhhhn.exec:\hbhhhn.exe99⤵
-
\??\c:\640000.exec:\640000.exe100⤵
-
\??\c:\bnhbbh.exec:\bnhbbh.exe101⤵
-
\??\c:\nhntbt.exec:\nhntbt.exe102⤵
-
\??\c:\jvddj.exec:\jvddj.exe103⤵
-
\??\c:\24044.exec:\24044.exe104⤵
-
\??\c:\xlrrfff.exec:\xlrrfff.exe105⤵
-
\??\c:\btbnnn.exec:\btbnnn.exe106⤵
-
\??\c:\q02288.exec:\q02288.exe107⤵
-
\??\c:\i022826.exec:\i022826.exe108⤵
-
\??\c:\m4064.exec:\m4064.exe109⤵
-
\??\c:\xrlrffr.exec:\xrlrffr.exe110⤵
-
\??\c:\8606266.exec:\8606266.exe111⤵
-
\??\c:\206200.exec:\206200.exe112⤵
-
\??\c:\e28804.exec:\e28804.exe113⤵
-
\??\c:\lfrrfxx.exec:\lfrrfxx.exe114⤵
-
\??\c:\jvddv.exec:\jvddv.exe115⤵
-
\??\c:\6460044.exec:\6460044.exe116⤵
-
\??\c:\jvjpv.exec:\jvjpv.exe117⤵
-
\??\c:\jvvvv.exec:\jvvvv.exe118⤵
-
\??\c:\7vddd.exec:\7vddd.exe119⤵
-
\??\c:\7bhthh.exec:\7bhthh.exe120⤵
-
\??\c:\dpdpj.exec:\dpdpj.exe121⤵
-
\??\c:\64606.exec:\64606.exe122⤵
-
\??\c:\080062.exec:\080062.exe123⤵
-
\??\c:\jpjpv.exec:\jpjpv.exe124⤵
-
\??\c:\86804.exec:\86804.exe125⤵
-
\??\c:\hhtbhh.exec:\hhtbhh.exe126⤵
-
\??\c:\hbhhhh.exec:\hbhhhh.exe127⤵
-
\??\c:\xllffxf.exec:\xllffxf.exe128⤵
-
\??\c:\e24844.exec:\e24844.exe129⤵
-
\??\c:\9ffrrxf.exec:\9ffrrxf.exe130⤵
-
\??\c:\2044602.exec:\2044602.exe131⤵
-
\??\c:\7rrlrrr.exec:\7rrlrrr.exe132⤵
-
\??\c:\lxxrrll.exec:\lxxrrll.exe133⤵
-
\??\c:\9xflrxf.exec:\9xflrxf.exe134⤵
-
\??\c:\jdpdd.exec:\jdpdd.exe135⤵
-
\??\c:\m8422.exec:\m8422.exe136⤵
-
\??\c:\086462.exec:\086462.exe137⤵
-
\??\c:\04884.exec:\04884.exe138⤵
-
\??\c:\s8686.exec:\s8686.exe139⤵
-
\??\c:\0844628.exec:\0844628.exe140⤵
-
\??\c:\nntbnh.exec:\nntbnh.exe141⤵
-
\??\c:\8062000.exec:\8062000.exe142⤵
-
\??\c:\7flfrlf.exec:\7flfrlf.exe143⤵
-
\??\c:\bthntb.exec:\bthntb.exe144⤵
-
\??\c:\20002.exec:\20002.exe145⤵
-
\??\c:\640666.exec:\640666.exe146⤵
-
\??\c:\2400662.exec:\2400662.exe147⤵
-
\??\c:\a8628.exec:\a8628.exe148⤵
-
\??\c:\thtbtn.exec:\thtbtn.exe149⤵
-
\??\c:\6488484.exec:\6488484.exe150⤵
-
\??\c:\lxfffxx.exec:\lxfffxx.exe151⤵
-
\??\c:\frfxlrx.exec:\frfxlrx.exe152⤵
-
\??\c:\dvjvd.exec:\dvjvd.exe153⤵
-
\??\c:\k40444.exec:\k40444.exe154⤵
-
\??\c:\60840.exec:\60840.exe155⤵
-
\??\c:\086600.exec:\086600.exe156⤵
-
\??\c:\vjddv.exec:\vjddv.exe157⤵
-
\??\c:\0426228.exec:\0426228.exe158⤵
-
\??\c:\xrflrxf.exec:\xrflrxf.exe159⤵
-
\??\c:\c028422.exec:\c028422.exe160⤵
-
\??\c:\xrrrrrx.exec:\xrrrrrx.exe161⤵
-
\??\c:\ffrrrxl.exec:\ffrrrxl.exe162⤵
-
\??\c:\g4228.exec:\g4228.exe163⤵
-
\??\c:\026000.exec:\026000.exe164⤵
-
\??\c:\608226.exec:\608226.exe165⤵
-
\??\c:\00264.exec:\00264.exe166⤵
-
\??\c:\flfxxrr.exec:\flfxxrr.exe167⤵
-
\??\c:\o688440.exec:\o688440.exe168⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe169⤵
-
\??\c:\thtnnh.exec:\thtnnh.exe170⤵
-
\??\c:\5bnbhb.exec:\5bnbhb.exe171⤵
-
\??\c:\6466424.exec:\6466424.exe172⤵
-
\??\c:\flllfxr.exec:\flllfxr.exe173⤵
-
\??\c:\3jjjj.exec:\3jjjj.exe174⤵
-
\??\c:\frxxrff.exec:\frxxrff.exe175⤵
-
\??\c:\thhttn.exec:\thhttn.exe176⤵
-
\??\c:\20288.exec:\20288.exe177⤵
-
\??\c:\642682.exec:\642682.exe178⤵
-
\??\c:\thnnhn.exec:\thnnhn.exe179⤵
-
\??\c:\3lxxllf.exec:\3lxxllf.exe180⤵
-
\??\c:\u628662.exec:\u628662.exe181⤵
-
\??\c:\0804444.exec:\0804444.exe182⤵
-
\??\c:\bnbtnt.exec:\bnbtnt.exe183⤵
-
\??\c:\4282446.exec:\4282446.exe184⤵
-
\??\c:\pjjpp.exec:\pjjpp.exe185⤵
-
\??\c:\lxllllr.exec:\lxllllr.exe186⤵
-
\??\c:\nbntnn.exec:\nbntnn.exe187⤵
-
\??\c:\dvddj.exec:\dvddj.exe188⤵
-
\??\c:\dpdpp.exec:\dpdpp.exe189⤵
-
\??\c:\bhtttt.exec:\bhtttt.exe190⤵
-
\??\c:\80640.exec:\80640.exe191⤵
-
\??\c:\k60460.exec:\k60460.exe192⤵
-
\??\c:\2684822.exec:\2684822.exe193⤵
-
\??\c:\u400066.exec:\u400066.exe194⤵
-
\??\c:\g2888.exec:\g2888.exe195⤵
-
\??\c:\xlxrxrl.exec:\xlxrxrl.exe196⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe197⤵
-
\??\c:\42406.exec:\42406.exe198⤵
-
\??\c:\1hhbhh.exec:\1hhbhh.exe199⤵
-
\??\c:\0840224.exec:\0840224.exe200⤵
-
\??\c:\2062400.exec:\2062400.exe201⤵
-
\??\c:\9frrrll.exec:\9frrrll.exe202⤵
-
\??\c:\480400.exec:\480400.exe203⤵
-
\??\c:\rfrflfx.exec:\rfrflfx.exe204⤵
-
\??\c:\64284.exec:\64284.exe205⤵
-
\??\c:\688282.exec:\688282.exe206⤵
-
\??\c:\dppjd.exec:\dppjd.exe207⤵
-
\??\c:\0806622.exec:\0806622.exe208⤵
-
\??\c:\6400266.exec:\6400266.exe209⤵
-
\??\c:\206282.exec:\206282.exe210⤵
-
\??\c:\dppjv.exec:\dppjv.exe211⤵
-
\??\c:\dpppj.exec:\dpppj.exe212⤵
-
\??\c:\806664.exec:\806664.exe213⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe214⤵
-
\??\c:\lrxrrlx.exec:\lrxrrlx.exe215⤵
-
\??\c:\8066600.exec:\8066600.exe216⤵
-
\??\c:\64240.exec:\64240.exe217⤵
-
\??\c:\u086266.exec:\u086266.exe218⤵
-
\??\c:\bnbtbb.exec:\bnbtbb.exe219⤵
-
\??\c:\046886.exec:\046886.exe220⤵
-
\??\c:\7rllxlr.exec:\7rllxlr.exe221⤵
-
\??\c:\7vjvj.exec:\7vjvj.exe222⤵
-
\??\c:\btbntt.exec:\btbntt.exe223⤵
-
\??\c:\o466284.exec:\o466284.exe224⤵
-
\??\c:\vjvvj.exec:\vjvvj.exe225⤵
-
\??\c:\btthnh.exec:\btthnh.exe226⤵
-
\??\c:\1nnttn.exec:\1nnttn.exe227⤵
-
\??\c:\q24844.exec:\q24844.exe228⤵
-
\??\c:\7btnbb.exec:\7btnbb.exe229⤵
-
\??\c:\9vjdp.exec:\9vjdp.exe230⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe231⤵
-
\??\c:\5ffrrlr.exec:\5ffrrlr.exe232⤵
-
\??\c:\htbhth.exec:\htbhth.exe233⤵
-
\??\c:\xxxfxfr.exec:\xxxfxfr.exe234⤵
-
\??\c:\4668602.exec:\4668602.exe235⤵
-
\??\c:\hthntt.exec:\hthntt.exe236⤵
-
\??\c:\0406480.exec:\0406480.exe237⤵
-
\??\c:\264684.exec:\264684.exe238⤵
-
\??\c:\26828.exec:\26828.exe239⤵
-
\??\c:\htbhtb.exec:\htbhtb.exe240⤵
-
\??\c:\20668.exec:\20668.exe241⤵