Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
20-05-2024 20:57
General
-
Target
30f587a2a157873fcc69ec770805a9905c0e65e46791b9c4c3b537e7e14c915a.exe
-
Size
72KB
-
MD5
266fb7410c75ec6e80e77104e4dde8fd
-
SHA1
fc81b4dd28ffd0669df07d14dd9634fb119954d6
-
SHA256
30f587a2a157873fcc69ec770805a9905c0e65e46791b9c4c3b537e7e14c915a
-
SHA512
81f399c44883e39f82c7149aab492de7536f9c5ba725c601521d62a644b65d9fd48c95372b8562ee690ddb6b5b2d2df56afaad8205157754e6282d8023f0eef5
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIgUVyiAnaHN:ymb3NkkiQ3mdBjFIgUEg
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\30f587a2a157873fcc69ec770805a9905c0e65e46791b9c4c3b537e7e14c915a.exe"C:\Users\Admin\AppData\Local\Temp\30f587a2a157873fcc69ec770805a9905c0e65e46791b9c4c3b537e7e14c915a.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbnhh.exec:\hbbnhh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbtt.exec:\btbbtt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjv.exec:\dvpjv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpddv.exec:\dpddv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnnnt.exec:\nbnnnt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjd.exec:\dvjjd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrrxfr.exec:\lfrrxfr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rrffff.exec:\7rrffff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrxxx.exec:\ffrrxxx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvddd.exec:\pvddd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvddv.exec:\jvddv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xlrlff.exec:\1xlrlff.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffffff.exec:\lffffff.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthhbh.exec:\nthhbh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddd.exec:\jdddd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjpp.exec:\pdjpp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxffxxx.exec:\xxffxxx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xlrlrr.exec:\9xlrlrr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbbbh.exec:\htbbbh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjjj.exec:\vdjjj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrlrl.exec:\rrrrlrl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllxrxx.exec:\rllxrxx.exe23⤵
- Executes dropped EXE
-
\??\c:\lfxrxxf.exec:\lfxrxxf.exe24⤵
- Executes dropped EXE
-
\??\c:\htbhhn.exec:\htbhhn.exe25⤵
- Executes dropped EXE
-
\??\c:\ddddd.exec:\ddddd.exe26⤵
- Executes dropped EXE
-
\??\c:\lrfffrr.exec:\lrfffrr.exe27⤵
- Executes dropped EXE
-
\??\c:\tbnnhn.exec:\tbnnhn.exe28⤵
- Executes dropped EXE
-
\??\c:\nntbhn.exec:\nntbhn.exe29⤵
- Executes dropped EXE
-
\??\c:\vvdvj.exec:\vvdvj.exe30⤵
- Executes dropped EXE
-
\??\c:\pppjd.exec:\pppjd.exe31⤵
- Executes dropped EXE
-
\??\c:\dvdjd.exec:\dvdjd.exe32⤵
- Executes dropped EXE
-
\??\c:\lflfxfx.exec:\lflfxfx.exe33⤵
- Executes dropped EXE
-
\??\c:\btbhhn.exec:\btbhhn.exe34⤵
- Executes dropped EXE
-
\??\c:\htbttt.exec:\htbttt.exe35⤵
- Executes dropped EXE
-
\??\c:\tbhbtt.exec:\tbhbtt.exe36⤵
- Executes dropped EXE
-
\??\c:\ppdpj.exec:\ppdpj.exe37⤵
- Executes dropped EXE
-
\??\c:\vdddv.exec:\vdddv.exe38⤵
- Executes dropped EXE
-
\??\c:\llfffxx.exec:\llfffxx.exe39⤵
- Executes dropped EXE
-
\??\c:\xrllfrr.exec:\xrllfrr.exe40⤵
- Executes dropped EXE
-
\??\c:\tntttb.exec:\tntttb.exe41⤵
- Executes dropped EXE
-
\??\c:\3frlrxr.exec:\3frlrxr.exe42⤵
- Executes dropped EXE
-
\??\c:\flxrxxf.exec:\flxrxxf.exe43⤵
- Executes dropped EXE
-
\??\c:\hbhnhh.exec:\hbhnhh.exe44⤵
- Executes dropped EXE
-
\??\c:\vdpjj.exec:\vdpjj.exe45⤵
- Executes dropped EXE
-
\??\c:\7jddv.exec:\7jddv.exe46⤵
- Executes dropped EXE
-
\??\c:\9bhbbb.exec:\9bhbbb.exe47⤵
- Executes dropped EXE
-
\??\c:\tntnnn.exec:\tntnnn.exe48⤵
- Executes dropped EXE
-
\??\c:\dddpp.exec:\dddpp.exe49⤵
- Executes dropped EXE
-
\??\c:\pppvv.exec:\pppvv.exe50⤵
- Executes dropped EXE
-
\??\c:\7lxrlrr.exec:\7lxrlrr.exe51⤵
- Executes dropped EXE
-
\??\c:\rlflxxx.exec:\rlflxxx.exe52⤵
- Executes dropped EXE
-
\??\c:\hhhhnn.exec:\hhhhnn.exe53⤵
- Executes dropped EXE
-
\??\c:\bbtttb.exec:\bbtttb.exe54⤵
- Executes dropped EXE
-
\??\c:\3jjjd.exec:\3jjjd.exe55⤵
- Executes dropped EXE
-
\??\c:\pjppp.exec:\pjppp.exe56⤵
- Executes dropped EXE
-
\??\c:\bntbtt.exec:\bntbtt.exe57⤵
- Executes dropped EXE
-
\??\c:\bbhhhb.exec:\bbhhhb.exe58⤵
- Executes dropped EXE
-
\??\c:\vdvvv.exec:\vdvvv.exe59⤵
- Executes dropped EXE
-
\??\c:\5vppj.exec:\5vppj.exe60⤵
- Executes dropped EXE
-
\??\c:\rxffrlr.exec:\rxffrlr.exe61⤵
- Executes dropped EXE
-
\??\c:\flxxrxl.exec:\flxxrxl.exe62⤵
- Executes dropped EXE
-
\??\c:\nnnnbb.exec:\nnnnbb.exe63⤵
- Executes dropped EXE
-
\??\c:\jvjdv.exec:\jvjdv.exe64⤵
- Executes dropped EXE
-
\??\c:\vvjpd.exec:\vvjpd.exe65⤵
- Executes dropped EXE
-
\??\c:\dpvdv.exec:\dpvdv.exe66⤵
-
\??\c:\7frlfff.exec:\7frlfff.exe67⤵
-
\??\c:\lfllflf.exec:\lfllflf.exe68⤵
-
\??\c:\hbhnnt.exec:\hbhnnt.exe69⤵
-
\??\c:\btttnt.exec:\btttnt.exe70⤵
-
\??\c:\vvjdv.exec:\vvjdv.exe71⤵
-
\??\c:\7pjdv.exec:\7pjdv.exe72⤵
-
\??\c:\5xxxxff.exec:\5xxxxff.exe73⤵
-
\??\c:\flxxxff.exec:\flxxxff.exe74⤵
-
\??\c:\hhnttt.exec:\hhnttt.exe75⤵
-
\??\c:\hbttnt.exec:\hbttnt.exe76⤵
-
\??\c:\vpppj.exec:\vpppj.exe77⤵
-
\??\c:\ppppj.exec:\ppppj.exe78⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe79⤵
-
\??\c:\lxlfxxx.exec:\lxlfxxx.exe80⤵
-
\??\c:\hhtbtt.exec:\hhtbtt.exe81⤵
-
\??\c:\bhbbtt.exec:\bhbbtt.exe82⤵
-
\??\c:\djjdp.exec:\djjdp.exe83⤵
-
\??\c:\rrrlffx.exec:\rrrlffx.exe84⤵
-
\??\c:\xxxxxxx.exec:\xxxxxxx.exe85⤵
-
\??\c:\htbbbh.exec:\htbbbh.exe86⤵
-
\??\c:\hntnhh.exec:\hntnhh.exe87⤵
-
\??\c:\jjddv.exec:\jjddv.exe88⤵
-
\??\c:\xfrrlll.exec:\xfrrlll.exe89⤵
-
\??\c:\9thhbb.exec:\9thhbb.exe90⤵
-
\??\c:\hnttbb.exec:\hnttbb.exe91⤵
-
\??\c:\jdpdv.exec:\jdpdv.exe92⤵
-
\??\c:\xxfxrxf.exec:\xxfxrxf.exe93⤵
-
\??\c:\nnntnt.exec:\nnntnt.exe94⤵
-
\??\c:\nnnnhn.exec:\nnnnhn.exe95⤵
-
\??\c:\pvjdv.exec:\pvjdv.exe96⤵
-
\??\c:\jjppj.exec:\jjppj.exe97⤵
-
\??\c:\lfxxrrx.exec:\lfxxrrx.exe98⤵
-
\??\c:\bthbtb.exec:\bthbtb.exe99⤵
-
\??\c:\hbbbbh.exec:\hbbbbh.exe100⤵
-
\??\c:\dvddd.exec:\dvddd.exe101⤵
-
\??\c:\pppjj.exec:\pppjj.exe102⤵
-
\??\c:\flffxff.exec:\flffxff.exe103⤵
-
\??\c:\3hbhnt.exec:\3hbhnt.exe104⤵
-
\??\c:\hbntnn.exec:\hbntnn.exe105⤵
-
\??\c:\vvddv.exec:\vvddv.exe106⤵
-
\??\c:\9rfxrrl.exec:\9rfxrrl.exe107⤵
-
\??\c:\nbnnnn.exec:\nbnnnn.exe108⤵
-
\??\c:\3pjjj.exec:\3pjjj.exe109⤵
-
\??\c:\jdddd.exec:\jdddd.exe110⤵
-
\??\c:\fffxrrr.exec:\fffxrrr.exe111⤵
-
\??\c:\fxfxxxr.exec:\fxfxxxr.exe112⤵
-
\??\c:\5hnntt.exec:\5hnntt.exe113⤵
-
\??\c:\nntnnn.exec:\nntnnn.exe114⤵
-
\??\c:\1jppj.exec:\1jppj.exe115⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe116⤵
-
\??\c:\rrllrrr.exec:\rrllrrr.exe117⤵
-
\??\c:\frxxxff.exec:\frxxxff.exe118⤵
-
\??\c:\bhnttb.exec:\bhnttb.exe119⤵
-
\??\c:\hnhnhh.exec:\hnhnhh.exe120⤵
-
\??\c:\3btthn.exec:\3btthn.exe121⤵
-
\??\c:\ppppv.exec:\ppppv.exe122⤵
-
\??\c:\vpppj.exec:\vpppj.exe123⤵
-
\??\c:\xrflfff.exec:\xrflfff.exe124⤵
-
\??\c:\lfrrrrr.exec:\lfrrrrr.exe125⤵
-
\??\c:\hbhhhn.exec:\hbhhhn.exe126⤵
-
\??\c:\hbntbb.exec:\hbntbb.exe127⤵
-
\??\c:\9pvpj.exec:\9pvpj.exe128⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe129⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe130⤵
-
\??\c:\fffxxff.exec:\fffxxff.exe131⤵
-
\??\c:\hhhhhn.exec:\hhhhhn.exe132⤵
-
\??\c:\tbnnnn.exec:\tbnnnn.exe133⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe134⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe135⤵
-
\??\c:\xlrrrrx.exec:\xlrrrrx.exe136⤵
-
\??\c:\fflllxl.exec:\fflllxl.exe137⤵
-
\??\c:\lxxffff.exec:\lxxffff.exe138⤵
-
\??\c:\tthhtb.exec:\tthhtb.exe139⤵
-
\??\c:\3tbbbb.exec:\3tbbbb.exe140⤵
-
\??\c:\pdppp.exec:\pdppp.exe141⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe142⤵
-
\??\c:\3xxxxlr.exec:\3xxxxlr.exe143⤵
-
\??\c:\rrllfff.exec:\rrllfff.exe144⤵
-
\??\c:\bbhhbh.exec:\bbhhbh.exe145⤵
-
\??\c:\nthbtb.exec:\nthbtb.exe146⤵
-
\??\c:\9pppj.exec:\9pppj.exe147⤵
-
\??\c:\1llllrl.exec:\1llllrl.exe148⤵
-
\??\c:\hbhhhn.exec:\hbhhhn.exe149⤵
-
\??\c:\9btbhn.exec:\9btbhn.exe150⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe151⤵
-
\??\c:\vpddd.exec:\vpddd.exe152⤵
-
\??\c:\frxflrr.exec:\frxflrr.exe153⤵
-
\??\c:\3rxxxxx.exec:\3rxxxxx.exe154⤵
-
\??\c:\hbnbbb.exec:\hbnbbb.exe155⤵
-
\??\c:\nhbhhn.exec:\nhbhhn.exe156⤵
-
\??\c:\vpvjd.exec:\vpvjd.exe157⤵
-
\??\c:\vpddv.exec:\vpddv.exe158⤵
-
\??\c:\lflrlrl.exec:\lflrlrl.exe159⤵
-
\??\c:\tthnbb.exec:\tthnbb.exe160⤵
-
\??\c:\9djdd.exec:\9djdd.exe161⤵
-
\??\c:\jppdv.exec:\jppdv.exe162⤵
-
\??\c:\xxxxfll.exec:\xxxxfll.exe163⤵
-
\??\c:\bthhhn.exec:\bthhhn.exe164⤵
-
\??\c:\bthhbb.exec:\bthhbb.exe165⤵
-
\??\c:\1pvvp.exec:\1pvvp.exe166⤵
-
\??\c:\rrxxffl.exec:\rrxxffl.exe167⤵
-
\??\c:\rrrxrxx.exec:\rrrxrxx.exe168⤵
-
\??\c:\tnhhhh.exec:\tnhhhh.exe169⤵
-
\??\c:\bnhntt.exec:\bnhntt.exe170⤵
-
\??\c:\jjjpj.exec:\jjjpj.exe171⤵
-
\??\c:\7jjpj.exec:\7jjpj.exe172⤵
-
\??\c:\9lfffll.exec:\9lfffll.exe173⤵
-
\??\c:\llrxxfx.exec:\llrxxfx.exe174⤵
-
\??\c:\9bhhnn.exec:\9bhhnn.exe175⤵
-
\??\c:\btbbbh.exec:\btbbbh.exe176⤵
-
\??\c:\vvjjj.exec:\vvjjj.exe177⤵
-
\??\c:\1dddd.exec:\1dddd.exe178⤵
-
\??\c:\pvddv.exec:\pvddv.exe179⤵
-
\??\c:\1flllll.exec:\1flllll.exe180⤵
-
\??\c:\bhhhbb.exec:\bhhhbb.exe181⤵
-
\??\c:\tttnnb.exec:\tttnnb.exe182⤵
-
\??\c:\ppvjj.exec:\ppvjj.exe183⤵
-
\??\c:\frrlfff.exec:\frrlfff.exe184⤵
-
\??\c:\bthhhn.exec:\bthhhn.exe185⤵
-
\??\c:\rxllrxf.exec:\rxllrxf.exe186⤵
-
\??\c:\flfffff.exec:\flfffff.exe187⤵
-
\??\c:\nnbbnn.exec:\nnbbnn.exe188⤵
-
\??\c:\3vddj.exec:\3vddj.exe189⤵
-
\??\c:\rlfxlfr.exec:\rlfxlfr.exe190⤵
-
\??\c:\bnnnhn.exec:\bnnnhn.exe191⤵
-
\??\c:\1htbtb.exec:\1htbtb.exe192⤵
-
\??\c:\jpppj.exec:\jpppj.exe193⤵
-
\??\c:\pvjpp.exec:\pvjpp.exe194⤵
-
\??\c:\xlrrrxx.exec:\xlrrrxx.exe195⤵
-
\??\c:\xxrfrrf.exec:\xxrfrrf.exe196⤵
-
\??\c:\3rxffff.exec:\3rxffff.exe197⤵
-
\??\c:\ttbbbh.exec:\ttbbbh.exe198⤵
-
\??\c:\7bbbtt.exec:\7bbbtt.exe199⤵
-
\??\c:\3pppj.exec:\3pppj.exe200⤵
-
\??\c:\vpppp.exec:\vpppp.exe201⤵
-
\??\c:\ddppp.exec:\ddppp.exe202⤵
-
\??\c:\fflflrf.exec:\fflflrf.exe203⤵
-
\??\c:\5rfflrf.exec:\5rfflrf.exe204⤵
-
\??\c:\ntttnn.exec:\ntttnn.exe205⤵
-
\??\c:\thnntt.exec:\thnntt.exe206⤵
-
\??\c:\vppdd.exec:\vppdd.exe207⤵
-
\??\c:\vvvvv.exec:\vvvvv.exe208⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe209⤵
-
\??\c:\xxfxrff.exec:\xxfxrff.exe210⤵
-
\??\c:\rfllrrr.exec:\rfllrrr.exe211⤵
-
\??\c:\hhhhhn.exec:\hhhhhn.exe212⤵
-
\??\c:\3ttttt.exec:\3ttttt.exe213⤵
-
\??\c:\vpddp.exec:\vpddp.exe214⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe215⤵
-
\??\c:\ppvpj.exec:\ppvpj.exe216⤵
-
\??\c:\xxxxlrl.exec:\xxxxlrl.exe217⤵
-
\??\c:\xlxfffl.exec:\xlxfffl.exe218⤵
-
\??\c:\hntbth.exec:\hntbth.exe219⤵
-
\??\c:\bhttnn.exec:\bhttnn.exe220⤵
-
\??\c:\hbnnhh.exec:\hbnnhh.exe221⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe222⤵
-
\??\c:\pvjpj.exec:\pvjpj.exe223⤵
-
\??\c:\jjvvp.exec:\jjvvp.exe224⤵
-
\??\c:\ffrlfff.exec:\ffrlfff.exe225⤵
-
\??\c:\ffxxffx.exec:\ffxxffx.exe226⤵
-
\??\c:\tbbhhh.exec:\tbbhhh.exe227⤵
-
\??\c:\htbbnt.exec:\htbbnt.exe228⤵
-
\??\c:\1jjdv.exec:\1jjdv.exe229⤵
-
\??\c:\1xxrlrr.exec:\1xxrlrr.exe230⤵
-
\??\c:\bbnhhb.exec:\bbnhhb.exe231⤵
-
\??\c:\tnbhhn.exec:\tnbhhn.exe232⤵
-
\??\c:\5bttnn.exec:\5bttnn.exe233⤵
-
\??\c:\xlrrrxx.exec:\xlrrrxx.exe234⤵
-
\??\c:\xllrrxx.exec:\xllrrxx.exe235⤵
-
\??\c:\bnbbtt.exec:\bnbbtt.exe236⤵
-
\??\c:\tbttbb.exec:\tbttbb.exe237⤵
-
\??\c:\5pjjd.exec:\5pjjd.exe238⤵
-
\??\c:\dddvv.exec:\dddvv.exe239⤵
-
\??\c:\vpppp.exec:\vpppp.exe240⤵
-
\??\c:\xxxxrxr.exec:\xxxxrxr.exe241⤵