Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
21-05-2024 23:00
General
-
Target
563bf4fabddf173087396852f07d133c3a19b586cb2530eaac6460c4893761be.exe
-
Size
115KB
-
MD5
3ecc7dc5ff88908bbc613b601cb1dc1a
-
SHA1
f1aebeea9bd36e342383f969953e88b396ff18e4
-
SHA256
563bf4fabddf173087396852f07d133c3a19b586cb2530eaac6460c4893761be
-
SHA512
abcd26c58826a9bc49bdae5df1661c627234f73a31552c98deaaf60ffa90222717573b2bcccff51daef62c7e3029d9e37774b8e8150793ceb0b38e4828165438
-
SSDEEP
3072:ymb3NkkiQ3mdBjFosxXGPXbXQMFHLgDWSmjlkFL:n3C9BRosxW8MFHLMWvlU
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 18 IoCs
-
UPX dump on OEP (original entry point) 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\563bf4fabddf173087396852f07d133c3a19b586cb2530eaac6460c4893761be.exe"C:\Users\Admin\AppData\Local\Temp\563bf4fabddf173087396852f07d133c3a19b586cb2530eaac6460c4893761be.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhntt.exec:\hbhntt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvppd.exec:\jvppd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxxlrx.exec:\ffxxlrx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nhthh.exec:\5nhthh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhttbt.exec:\nhttbt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdp.exec:\pjvdp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ttbtb.exec:\1ttbtb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bthnh.exec:\9bthnh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddjv.exec:\jddjv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxfrrl.exec:\xlxfrrl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bntnt.exec:\7bntnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdpj.exec:\vvdpj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflrfrx.exec:\fflrfrx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xlxllf.exec:\7xlxllf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbht.exec:\bbtbht.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dppd.exec:\3dppd.exe17⤵
- Executes dropped EXE
-
\??\c:\5lrrxfr.exec:\5lrrxfr.exe18⤵
- Executes dropped EXE
-
\??\c:\3lflffr.exec:\3lflffr.exe19⤵
- Executes dropped EXE
-
\??\c:\tthhth.exec:\tthhth.exe20⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe21⤵
- Executes dropped EXE
-
\??\c:\xxxxlrx.exec:\xxxxlrx.exe22⤵
- Executes dropped EXE
-
\??\c:\lfrflxl.exec:\lfrflxl.exe23⤵
- Executes dropped EXE
-
\??\c:\3bbhtb.exec:\3bbhtb.exe24⤵
- Executes dropped EXE
-
\??\c:\ppvjd.exec:\ppvjd.exe25⤵
- Executes dropped EXE
-
\??\c:\ffxlxlf.exec:\ffxlxlf.exe26⤵
- Executes dropped EXE
-
\??\c:\hnbttb.exec:\hnbttb.exe27⤵
- Executes dropped EXE
-
\??\c:\vvppd.exec:\vvppd.exe28⤵
- Executes dropped EXE
-
\??\c:\llrflfr.exec:\llrflfr.exe29⤵
- Executes dropped EXE
-
\??\c:\hbtbhb.exec:\hbtbhb.exe30⤵
- Executes dropped EXE
-
\??\c:\3bbbnt.exec:\3bbbnt.exe31⤵
- Executes dropped EXE
-
\??\c:\jpjvj.exec:\jpjvj.exe32⤵
- Executes dropped EXE
-
\??\c:\llxlxlf.exec:\llxlxlf.exe33⤵
- Executes dropped EXE
-
\??\c:\ntnntt.exec:\ntnntt.exe34⤵
- Executes dropped EXE
-
\??\c:\vpjdd.exec:\vpjdd.exe35⤵
- Executes dropped EXE
-
\??\c:\jvvdp.exec:\jvvdp.exe36⤵
- Executes dropped EXE
-
\??\c:\frfxlll.exec:\frfxlll.exe37⤵
- Executes dropped EXE
-
\??\c:\xlrlfxf.exec:\xlrlfxf.exe38⤵
- Executes dropped EXE
-
\??\c:\tthhhn.exec:\tthhhn.exe39⤵
- Executes dropped EXE
-
\??\c:\thtbht.exec:\thtbht.exe40⤵
- Executes dropped EXE
-
\??\c:\vpjvp.exec:\vpjvp.exe41⤵
- Executes dropped EXE
-
\??\c:\dvpvd.exec:\dvpvd.exe42⤵
- Executes dropped EXE
-
\??\c:\9ffxlxx.exec:\9ffxlxx.exe43⤵
- Executes dropped EXE
-
\??\c:\1lxrxll.exec:\1lxrxll.exe44⤵
- Executes dropped EXE
-
\??\c:\hbbnht.exec:\hbbnht.exe45⤵
- Executes dropped EXE
-
\??\c:\btbbht.exec:\btbbht.exe46⤵
- Executes dropped EXE
-
\??\c:\3btbbn.exec:\3btbbn.exe47⤵
- Executes dropped EXE
-
\??\c:\vjjjp.exec:\vjjjp.exe48⤵
- Executes dropped EXE
-
\??\c:\1dvvj.exec:\1dvvj.exe49⤵
- Executes dropped EXE
-
\??\c:\xxxlxlx.exec:\xxxlxlx.exe50⤵
- Executes dropped EXE
-
\??\c:\3ffxrxl.exec:\3ffxrxl.exe51⤵
- Executes dropped EXE
-
\??\c:\5nnbhn.exec:\5nnbhn.exe52⤵
- Executes dropped EXE
-
\??\c:\5nhnnb.exec:\5nhnnb.exe53⤵
- Executes dropped EXE
-
\??\c:\jddjv.exec:\jddjv.exe54⤵
- Executes dropped EXE
-
\??\c:\pppjp.exec:\pppjp.exe55⤵
- Executes dropped EXE
-
\??\c:\3xrfllx.exec:\3xrfllx.exe56⤵
- Executes dropped EXE
-
\??\c:\rlflxfl.exec:\rlflxfl.exe57⤵
- Executes dropped EXE
-
\??\c:\hbtnbh.exec:\hbtnbh.exe58⤵
- Executes dropped EXE
-
\??\c:\9btbht.exec:\9btbht.exe59⤵
- Executes dropped EXE
-
\??\c:\1dpdp.exec:\1dpdp.exe60⤵
- Executes dropped EXE
-
\??\c:\3rlxrlx.exec:\3rlxrlx.exe61⤵
- Executes dropped EXE
-
\??\c:\fffrxfl.exec:\fffrxfl.exe62⤵
- Executes dropped EXE
-
\??\c:\bbhntn.exec:\bbhntn.exe63⤵
- Executes dropped EXE
-
\??\c:\tnthnh.exec:\tnthnh.exe64⤵
- Executes dropped EXE
-
\??\c:\pdvdp.exec:\pdvdp.exe65⤵
- Executes dropped EXE
-
\??\c:\ddpdv.exec:\ddpdv.exe66⤵
-
\??\c:\fxrlfxl.exec:\fxrlfxl.exe67⤵
-
\??\c:\xrrxflx.exec:\xrrxflx.exe68⤵
-
\??\c:\tbtnhh.exec:\tbtnhh.exe69⤵
-
\??\c:\nhnhtb.exec:\nhnhtb.exe70⤵
-
\??\c:\vpjvd.exec:\vpjvd.exe71⤵
-
\??\c:\5xxlxff.exec:\5xxlxff.exe72⤵
-
\??\c:\xrlrllx.exec:\xrlrllx.exe73⤵
-
\??\c:\tnhthn.exec:\tnhthn.exe74⤵
-
\??\c:\hhbnbb.exec:\hhbnbb.exe75⤵
-
\??\c:\1vpdp.exec:\1vpdp.exe76⤵
-
\??\c:\1ddvv.exec:\1ddvv.exe77⤵
-
\??\c:\xrlrrxr.exec:\xrlrrxr.exe78⤵
-
\??\c:\lrrxlrf.exec:\lrrxlrf.exe79⤵
-
\??\c:\hhbntb.exec:\hhbntb.exe80⤵
-
\??\c:\9hnhth.exec:\9hnhth.exe81⤵
-
\??\c:\dvvjp.exec:\dvvjp.exe82⤵
-
\??\c:\dvvdd.exec:\dvvdd.exe83⤵
-
\??\c:\7rllrrr.exec:\7rllrrr.exe84⤵
-
\??\c:\fxlfrfr.exec:\fxlfrfr.exe85⤵
-
\??\c:\nnhbth.exec:\nnhbth.exe86⤵
-
\??\c:\bbhnbh.exec:\bbhnbh.exe87⤵
-
\??\c:\1dvjv.exec:\1dvjv.exe88⤵
-
\??\c:\pjjpp.exec:\pjjpp.exe89⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe90⤵
-
\??\c:\rlrxlrf.exec:\rlrxlrf.exe91⤵
-
\??\c:\1rrfxfx.exec:\1rrfxfx.exe92⤵
-
\??\c:\nnhtht.exec:\nnhtht.exe93⤵
-
\??\c:\nnthth.exec:\nnthth.exe94⤵
-
\??\c:\jjvdd.exec:\jjvdd.exe95⤵
-
\??\c:\pjjpd.exec:\pjjpd.exe96⤵
-
\??\c:\rlflxxf.exec:\rlflxxf.exe97⤵
-
\??\c:\lxfrflx.exec:\lxfrflx.exe98⤵
-
\??\c:\tnhhbh.exec:\tnhhbh.exe99⤵
-
\??\c:\1thhtb.exec:\1thhtb.exe100⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe101⤵
-
\??\c:\vvdvp.exec:\vvdvp.exe102⤵
-
\??\c:\lxlrxxx.exec:\lxlrxxx.exe103⤵
-
\??\c:\rflxxlr.exec:\rflxxlr.exe104⤵
-
\??\c:\nhnbth.exec:\nhnbth.exe105⤵
-
\??\c:\tttbth.exec:\tttbth.exe106⤵
-
\??\c:\pvpvj.exec:\pvpvj.exe107⤵
-
\??\c:\pjddp.exec:\pjddp.exe108⤵
-
\??\c:\xxxlffx.exec:\xxxlffx.exe109⤵
-
\??\c:\llxrxfx.exec:\llxrxfx.exe110⤵
-
\??\c:\tnnhtt.exec:\tnnhtt.exe111⤵
-
\??\c:\bbbnbt.exec:\bbbnbt.exe112⤵
-
\??\c:\3dpvj.exec:\3dpvj.exe113⤵
-
\??\c:\9dddj.exec:\9dddj.exe114⤵
-
\??\c:\rrlrrxr.exec:\rrlrrxr.exe115⤵
-
\??\c:\xxrfrrf.exec:\xxrfrrf.exe116⤵
-
\??\c:\hbhntb.exec:\hbhntb.exe117⤵
-
\??\c:\hhbnbh.exec:\hhbnbh.exe118⤵
-
\??\c:\1ppdj.exec:\1ppdj.exe119⤵
-
\??\c:\vvdpj.exec:\vvdpj.exe120⤵
-
\??\c:\rlxrflx.exec:\rlxrflx.exe121⤵
-
\??\c:\rlfxflf.exec:\rlfxflf.exe122⤵
-
\??\c:\nhnbhn.exec:\nhnbhn.exe123⤵
-
\??\c:\nnhbhn.exec:\nnhbhn.exe124⤵
-
\??\c:\vvvpv.exec:\vvvpv.exe125⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe126⤵
-
\??\c:\rxxllxr.exec:\rxxllxr.exe127⤵
-
\??\c:\7bhhnt.exec:\7bhhnt.exe128⤵
-
\??\c:\nnnbbh.exec:\nnnbbh.exe129⤵
-
\??\c:\ppvjv.exec:\ppvjv.exe130⤵
-
\??\c:\pjdjj.exec:\pjdjj.exe131⤵
-
\??\c:\xrrfxxl.exec:\xrrfxxl.exe132⤵
-
\??\c:\llfxxlr.exec:\llfxxlr.exe133⤵
-
\??\c:\bthnbn.exec:\bthnbn.exe134⤵
-
\??\c:\vvjdp.exec:\vvjdp.exe135⤵
-
\??\c:\7pjpj.exec:\7pjpj.exe136⤵
-
\??\c:\rlxxlrf.exec:\rlxxlrf.exe137⤵
-
\??\c:\xlfxxfl.exec:\xlfxxfl.exe138⤵
-
\??\c:\nnbthh.exec:\nnbthh.exe139⤵
-
\??\c:\btbhtb.exec:\btbhtb.exe140⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe141⤵
-
\??\c:\ddvpv.exec:\ddvpv.exe142⤵
-
\??\c:\9fxffxl.exec:\9fxffxl.exe143⤵
-
\??\c:\7lrfrfl.exec:\7lrfrfl.exe144⤵
-
\??\c:\tntbhh.exec:\tntbhh.exe145⤵
-
\??\c:\dpvvj.exec:\dpvvj.exe146⤵
-
\??\c:\djdvp.exec:\djdvp.exe147⤵
-
\??\c:\rrxlffx.exec:\rrxlffx.exe148⤵
-
\??\c:\bthnhn.exec:\bthnhn.exe149⤵
-
\??\c:\ttbnth.exec:\ttbnth.exe150⤵
-
\??\c:\5vvjj.exec:\5vvjj.exe151⤵
-
\??\c:\vvjjv.exec:\vvjjv.exe152⤵
-
\??\c:\lxrrlfl.exec:\lxrrlfl.exe153⤵
-
\??\c:\hthtth.exec:\hthtth.exe154⤵
-
\??\c:\hbtbnb.exec:\hbtbnb.exe155⤵
-
\??\c:\ppjvp.exec:\ppjvp.exe156⤵
-
\??\c:\vdppv.exec:\vdppv.exe157⤵
-
\??\c:\lffxlll.exec:\lffxlll.exe158⤵
-
\??\c:\xxllxfr.exec:\xxllxfr.exe159⤵
-
\??\c:\btbhtb.exec:\btbhtb.exe160⤵
-
\??\c:\3jvpp.exec:\3jvpp.exe161⤵
-
\??\c:\9dvvd.exec:\9dvvd.exe162⤵
-
\??\c:\xfllrxf.exec:\xfllrxf.exe163⤵
-
\??\c:\lflrfrf.exec:\lflrfrf.exe164⤵
-
\??\c:\tththt.exec:\tththt.exe165⤵
-
\??\c:\ddpjv.exec:\ddpjv.exe166⤵
-
\??\c:\jjjvp.exec:\jjjvp.exe167⤵
-
\??\c:\xlrxlrx.exec:\xlrxlrx.exe168⤵
-
\??\c:\xxlrfll.exec:\xxlrfll.exe169⤵
-
\??\c:\7nttbh.exec:\7nttbh.exe170⤵
-
\??\c:\tnbhth.exec:\tnbhth.exe171⤵
-
\??\c:\vjvjd.exec:\vjvjd.exe172⤵
-
\??\c:\xxflrfr.exec:\xxflrfr.exe173⤵
-
\??\c:\flfrlrf.exec:\flfrlrf.exe174⤵
-
\??\c:\nhttth.exec:\nhttth.exe175⤵
-
\??\c:\1hhbtb.exec:\1hhbtb.exe176⤵
-
\??\c:\5vddd.exec:\5vddd.exe177⤵
-
\??\c:\dpjvv.exec:\dpjvv.exe178⤵
-
\??\c:\fllfxlf.exec:\fllfxlf.exe179⤵
-
\??\c:\xxrrxfr.exec:\xxrrxfr.exe180⤵
-
\??\c:\hhbtht.exec:\hhbtht.exe181⤵
-
\??\c:\tnbhbh.exec:\tnbhbh.exe182⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe183⤵
-
\??\c:\7llrlrl.exec:\7llrlrl.exe184⤵
-
\??\c:\3rlrflr.exec:\3rlrflr.exe185⤵
-
\??\c:\9jjvp.exec:\9jjvp.exe186⤵
-
\??\c:\llxfxxf.exec:\llxfxxf.exe187⤵
-
\??\c:\nnnttt.exec:\nnnttt.exe188⤵
-
\??\c:\nnntnn.exec:\nnntnn.exe189⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe190⤵
-
\??\c:\lflrflf.exec:\lflrflf.exe191⤵
-
\??\c:\bthtbb.exec:\bthtbb.exe192⤵
-
\??\c:\7vpdv.exec:\7vpdv.exe193⤵
-
\??\c:\vpdpv.exec:\vpdpv.exe194⤵
-
\??\c:\rxrfrfr.exec:\rxrfrfr.exe195⤵
-
\??\c:\lfrlxfl.exec:\lfrlxfl.exe196⤵
-
\??\c:\hbhntb.exec:\hbhntb.exe197⤵
-
\??\c:\jjdpp.exec:\jjdpp.exe198⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe199⤵
-
\??\c:\rlxfxrf.exec:\rlxfxrf.exe200⤵
-
\??\c:\xrlrllx.exec:\xrlrllx.exe201⤵
-
\??\c:\bbnnbn.exec:\bbnnbn.exe202⤵
-
\??\c:\3tnhtb.exec:\3tnhtb.exe203⤵
-
\??\c:\jjvvd.exec:\jjvvd.exe204⤵
-
\??\c:\ppjvd.exec:\ppjvd.exe205⤵
-
\??\c:\rlflxxl.exec:\rlflxxl.exe206⤵
-
\??\c:\hnnthn.exec:\hnnthn.exe207⤵
-
\??\c:\nhnttt.exec:\nhnttt.exe208⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe209⤵
-
\??\c:\3lflxxl.exec:\3lflxxl.exe210⤵
-
\??\c:\lfrxfxf.exec:\lfrxfxf.exe211⤵
-
\??\c:\hbbnnt.exec:\hbbnnt.exe212⤵
-
\??\c:\1tnbhn.exec:\1tnbhn.exe213⤵
-
\??\c:\ppvjv.exec:\ppvjv.exe214⤵
-
\??\c:\lflrfll.exec:\lflrfll.exe215⤵
-
\??\c:\rlrxrxl.exec:\rlrxrxl.exe216⤵
-
\??\c:\7hbbtt.exec:\7hbbtt.exe217⤵
-
\??\c:\tnhnbb.exec:\tnhnbb.exe218⤵
-
\??\c:\7djvp.exec:\7djvp.exe219⤵
-
\??\c:\pjjpj.exec:\pjjpj.exe220⤵
-
\??\c:\fflxfrf.exec:\fflxfrf.exe221⤵
-
\??\c:\fxlrlrf.exec:\fxlrlrf.exe222⤵
-
\??\c:\nnbbnn.exec:\nnbbnn.exe223⤵
-
\??\c:\hbnbbh.exec:\hbnbbh.exe224⤵
-
\??\c:\vvppj.exec:\vvppj.exe225⤵
-
\??\c:\frfflfx.exec:\frfflfx.exe226⤵
-
\??\c:\fxrllxf.exec:\fxrllxf.exe227⤵
-
\??\c:\hhtbnn.exec:\hhtbnn.exe228⤵
-
\??\c:\tnnthn.exec:\tnnthn.exe229⤵
-
\??\c:\7dpvd.exec:\7dpvd.exe230⤵
-
\??\c:\dvvjj.exec:\dvvjj.exe231⤵
-
\??\c:\1flflrx.exec:\1flflrx.exe232⤵
-
\??\c:\ttbhbn.exec:\ttbhbn.exe233⤵
-
\??\c:\bbtbhh.exec:\bbtbhh.exe234⤵
-
\??\c:\9ppjv.exec:\9ppjv.exe235⤵
-
\??\c:\rflrflr.exec:\rflrflr.exe236⤵
-
\??\c:\xrrfrff.exec:\xrrfrff.exe237⤵
-
\??\c:\nhhhtt.exec:\nhhhtt.exe238⤵
-
\??\c:\hbtnbn.exec:\hbtnbn.exe239⤵
-
\??\c:\vpddp.exec:\vpddp.exe240⤵