Analysis
-
max time kernel
150s -
max time network
116s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
21-05-2024 00:18
General
-
Target
7d5121c246dd1400ba13a14f750047dc9276a3767cbf98d43764a830ee9384a7.exe
-
Size
119KB
-
MD5
58cc3f15b96eea6f808a114df71e86c9
-
SHA1
2afa08f8af9fd96602cc1130da8ad3211109dc5c
-
SHA256
7d5121c246dd1400ba13a14f750047dc9276a3767cbf98d43764a830ee9384a7
-
SHA512
f7738699168dc1facddd4db9a02ccc8fadf6bc8eb59ed9e84df108587b0a10e0764d00ba0bd6ed01aab658674a1ffe72ca65ba95cdea2fd9a7876a5ed06be28c
-
SSDEEP
3072:ymb3NkkiQ3mdBjFomR7UsyJC+n0Gsgcdu:n3C9BRomRph+0Gsgcdu
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
UPX dump on OEP (original entry point) 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7d5121c246dd1400ba13a14f750047dc9276a3767cbf98d43764a830ee9384a7.exe"C:\Users\Admin\AppData\Local\Temp\7d5121c246dd1400ba13a14f750047dc9276a3767cbf98d43764a830ee9384a7.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jppjv.exec:\jppjv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllflrl.exec:\xllflrl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbtnh.exec:\ntbtnh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1djvj.exec:\1djvj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllrfxl.exec:\xllrfxl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lrlllf.exec:\1lrlllf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnbtn.exec:\ntnbtn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjdj.exec:\jvjdj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lfrxrl.exec:\7lfrxrl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rrfxxr.exec:\1rrfxxr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdddv.exec:\vdddv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrllff.exec:\fxrllff.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbttn.exec:\hhbttn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpjj.exec:\vvpjj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lfflrl.exec:\1lfflrl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnnth.exec:\bbnnth.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdjd.exec:\djdjd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllrxxx.exec:\lllrxxx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbtnh.exec:\thbtnh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpdp.exec:\pjpdp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfffx.exec:\lflfffx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbtn.exec:\nhhbtn.exe23⤵
- Executes dropped EXE
-
\??\c:\vdpdp.exec:\vdpdp.exe24⤵
- Executes dropped EXE
-
\??\c:\xxxllxx.exec:\xxxllxx.exe25⤵
- Executes dropped EXE
-
\??\c:\lfxxlfr.exec:\lfxxlfr.exe26⤵
- Executes dropped EXE
-
\??\c:\bnttnn.exec:\bnttnn.exe27⤵
- Executes dropped EXE
-
\??\c:\vvvvd.exec:\vvvvd.exe28⤵
- Executes dropped EXE
-
\??\c:\fxxrrlf.exec:\fxxrrlf.exe29⤵
- Executes dropped EXE
-
\??\c:\tnhbtt.exec:\tnhbtt.exe30⤵
- Executes dropped EXE
-
\??\c:\httnbb.exec:\httnbb.exe31⤵
- Executes dropped EXE
-
\??\c:\pjpjd.exec:\pjpjd.exe32⤵
- Executes dropped EXE
-
\??\c:\flxrffl.exec:\flxrffl.exe33⤵
- Executes dropped EXE
-
\??\c:\flfxllf.exec:\flfxllf.exe34⤵
- Executes dropped EXE
-
\??\c:\hbbhhn.exec:\hbbhhn.exe35⤵
- Executes dropped EXE
-
\??\c:\vdppj.exec:\vdppj.exe36⤵
- Executes dropped EXE
-
\??\c:\rxrxxrf.exec:\rxrxxrf.exe37⤵
- Executes dropped EXE
-
\??\c:\bhhhbb.exec:\bhhhbb.exe38⤵
- Executes dropped EXE
-
\??\c:\7nnhtt.exec:\7nnhtt.exe39⤵
-
\??\c:\pvpjd.exec:\pvpjd.exe40⤵
- Executes dropped EXE
-
\??\c:\lfffffl.exec:\lfffffl.exe41⤵
- Executes dropped EXE
-
\??\c:\lflflfl.exec:\lflflfl.exe42⤵
- Executes dropped EXE
-
\??\c:\hhbtnh.exec:\hhbtnh.exe43⤵
- Executes dropped EXE
-
\??\c:\1tttbt.exec:\1tttbt.exe44⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe45⤵
- Executes dropped EXE
-
\??\c:\jvvpd.exec:\jvvpd.exe46⤵
- Executes dropped EXE
-
\??\c:\lfxrffx.exec:\lfxrffx.exe47⤵
- Executes dropped EXE
-
\??\c:\7lfrllf.exec:\7lfrllf.exe48⤵
- Executes dropped EXE
-
\??\c:\ttnnnn.exec:\ttnnnn.exe49⤵
- Executes dropped EXE
-
\??\c:\vdpjv.exec:\vdpjv.exe50⤵
- Executes dropped EXE
-
\??\c:\pvvvj.exec:\pvvvj.exe51⤵
- Executes dropped EXE
-
\??\c:\frlxlfr.exec:\frlxlfr.exe52⤵
- Executes dropped EXE
-
\??\c:\3lrrfxr.exec:\3lrrfxr.exe53⤵
- Executes dropped EXE
-
\??\c:\nbhbnn.exec:\nbhbnn.exe54⤵
- Executes dropped EXE
-
\??\c:\tnhntb.exec:\tnhntb.exe55⤵
- Executes dropped EXE
-
\??\c:\pjpdv.exec:\pjpdv.exe56⤵
- Executes dropped EXE
-
\??\c:\lfllxrr.exec:\lfllxrr.exe57⤵
- Executes dropped EXE
-
\??\c:\fxxxllf.exec:\fxxxllf.exe58⤵
- Executes dropped EXE
-
\??\c:\bhhbtn.exec:\bhhbtn.exe59⤵
- Executes dropped EXE
-
\??\c:\nbbtnn.exec:\nbbtnn.exe60⤵
- Executes dropped EXE
-
\??\c:\5jpdp.exec:\5jpdp.exe61⤵
- Executes dropped EXE
-
\??\c:\dvpdp.exec:\dvpdp.exe62⤵
- Executes dropped EXE
-
\??\c:\fffxlfx.exec:\fffxlfx.exe63⤵
- Executes dropped EXE
-
\??\c:\lxfxxrx.exec:\lxfxxrx.exe64⤵
- Executes dropped EXE
-
\??\c:\hbnbtt.exec:\hbnbtt.exe65⤵
- Executes dropped EXE
-
\??\c:\7dpjp.exec:\7dpjp.exe66⤵
- Executes dropped EXE
-
\??\c:\5ppjv.exec:\5ppjv.exe67⤵
-
\??\c:\fxlfxxr.exec:\fxlfxxr.exe68⤵
-
\??\c:\rlffllr.exec:\rlffllr.exe69⤵
-
\??\c:\7tnhnn.exec:\7tnhnn.exe70⤵
-
\??\c:\9ppdp.exec:\9ppdp.exe71⤵
-
\??\c:\9lrllrl.exec:\9lrllrl.exe72⤵
-
\??\c:\rfrlxlx.exec:\rfrlxlx.exe73⤵
-
\??\c:\nnnhbb.exec:\nnnhbb.exe74⤵
-
\??\c:\5vvdd.exec:\5vvdd.exe75⤵
-
\??\c:\djvvd.exec:\djvvd.exe76⤵
-
\??\c:\3lxrrrl.exec:\3lxrrrl.exe77⤵
-
\??\c:\tthhbb.exec:\tthhbb.exe78⤵
-
\??\c:\ttntht.exec:\ttntht.exe79⤵
-
\??\c:\ddjdd.exec:\ddjdd.exe80⤵
-
\??\c:\rfffrrr.exec:\rfffrrr.exe81⤵
-
\??\c:\thbthh.exec:\thbthh.exe82⤵
-
\??\c:\bhhbtn.exec:\bhhbtn.exe83⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe84⤵
-
\??\c:\llllrff.exec:\llllrff.exe85⤵
-
\??\c:\hntnnn.exec:\hntnnn.exe86⤵
-
\??\c:\hnntnh.exec:\hnntnh.exe87⤵
-
\??\c:\flffxxx.exec:\flffxxx.exe88⤵
-
\??\c:\nbbttt.exec:\nbbttt.exe89⤵
-
\??\c:\5vjvj.exec:\5vjvj.exe90⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe91⤵
-
\??\c:\xffrffr.exec:\xffrffr.exe92⤵
-
\??\c:\btntnh.exec:\btntnh.exe93⤵
-
\??\c:\djjdv.exec:\djjdv.exe94⤵
-
\??\c:\lllxrlf.exec:\lllxrlf.exe95⤵
-
\??\c:\xlfxxrr.exec:\xlfxxrr.exe96⤵
-
\??\c:\pjddj.exec:\pjddj.exe97⤵
-
\??\c:\9rllfxx.exec:\9rllfxx.exe98⤵
-
\??\c:\ntnnhh.exec:\ntnnhh.exe99⤵
-
\??\c:\tnbbtt.exec:\tnbbtt.exe100⤵
-
\??\c:\pvvjv.exec:\pvvjv.exe101⤵
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe102⤵
-
\??\c:\lxlfxrr.exec:\lxlfxrr.exe103⤵
-
\??\c:\tnttbh.exec:\tnttbh.exe104⤵
-
\??\c:\vppjj.exec:\vppjj.exe105⤵
-
\??\c:\xlxrffx.exec:\xlxrffx.exe106⤵
-
\??\c:\nhntnh.exec:\nhntnh.exe107⤵
-
\??\c:\7tbhbb.exec:\7tbhbb.exe108⤵
-
\??\c:\9vjdj.exec:\9vjdj.exe109⤵
-
\??\c:\vdjjp.exec:\vdjjp.exe110⤵
-
\??\c:\xrxxxxr.exec:\xrxxxxr.exe111⤵
-
\??\c:\fxffxxr.exec:\fxffxxr.exe112⤵
-
\??\c:\bnbthb.exec:\bnbthb.exe113⤵
-
\??\c:\1hhhtt.exec:\1hhhtt.exe114⤵
-
\??\c:\xxffffr.exec:\xxffffr.exe115⤵
-
\??\c:\bhnhbb.exec:\bhnhbb.exe116⤵
-
\??\c:\jjvdv.exec:\jjvdv.exe117⤵
-
\??\c:\flxrlrr.exec:\flxrlrr.exe118⤵
-
\??\c:\ffxlxxr.exec:\ffxlxxr.exe119⤵
-
\??\c:\thnnnn.exec:\thnnnn.exe120⤵
-
\??\c:\3hhbtn.exec:\3hhbtn.exe121⤵
-
\??\c:\3jjdp.exec:\3jjdp.exe122⤵
-
\??\c:\vppvj.exec:\vppvj.exe123⤵
-
\??\c:\fflfffx.exec:\fflfffx.exe124⤵
-
\??\c:\btnnhn.exec:\btnnhn.exe125⤵
-
\??\c:\3hbtnn.exec:\3hbtnn.exe126⤵
-
\??\c:\jpvjp.exec:\jpvjp.exe127⤵
-
\??\c:\dpdjd.exec:\dpdjd.exe128⤵
-
\??\c:\tbnhtt.exec:\tbnhtt.exe129⤵
-
\??\c:\nhnhnn.exec:\nhnhnn.exe130⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe131⤵
-
\??\c:\llxrffx.exec:\llxrffx.exe132⤵
-
\??\c:\rrrllxx.exec:\rrrllxx.exe133⤵
-
\??\c:\hnbhht.exec:\hnbhht.exe134⤵
-
\??\c:\ddpjp.exec:\ddpjp.exe135⤵
-
\??\c:\jjdpp.exec:\jjdpp.exe136⤵
-
\??\c:\rflllll.exec:\rflllll.exe137⤵
-
\??\c:\nnhbbb.exec:\nnhbbb.exe138⤵
-
\??\c:\jpppd.exec:\jpppd.exe139⤵
-
\??\c:\vjjvj.exec:\vjjvj.exe140⤵
-
\??\c:\5xflxrr.exec:\5xflxrr.exe141⤵
-
\??\c:\xllfxxr.exec:\xllfxxr.exe142⤵
-
\??\c:\7tnnhh.exec:\7tnnhh.exe143⤵
-
\??\c:\tnnhtb.exec:\tnnhtb.exe144⤵
-
\??\c:\jjjvd.exec:\jjjvd.exe145⤵
-
\??\c:\xrxlxrx.exec:\xrxlxrx.exe146⤵
-
\??\c:\bbhbhn.exec:\bbhbhn.exe147⤵
-
\??\c:\1xrlfxf.exec:\1xrlfxf.exe148⤵
-
\??\c:\rfllllr.exec:\rfllllr.exe149⤵
-
\??\c:\nhtnbb.exec:\nhtnbb.exe150⤵
-
\??\c:\rffxxfx.exec:\rffxxfx.exe151⤵
-
\??\c:\lrxxrrl.exec:\lrxxrrl.exe152⤵
-
\??\c:\nhtnhn.exec:\nhtnhn.exe153⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe154⤵
-
\??\c:\vppjd.exec:\vppjd.exe155⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe156⤵
-
\??\c:\xfrlllf.exec:\xfrlllf.exe157⤵
-
\??\c:\xlrlfxx.exec:\xlrlfxx.exe158⤵
-
\??\c:\bbnnnn.exec:\bbnnnn.exe159⤵
-
\??\c:\bnntnn.exec:\bnntnn.exe160⤵
-
\??\c:\vjppp.exec:\vjppp.exe161⤵
-
\??\c:\ddjdj.exec:\ddjdj.exe162⤵
-
\??\c:\rlfxxfx.exec:\rlfxxfx.exe163⤵
-
\??\c:\llrlllf.exec:\llrlllf.exe164⤵
-
\??\c:\thbbhb.exec:\thbbhb.exe165⤵
-
\??\c:\nhtbbh.exec:\nhtbbh.exe166⤵
-
\??\c:\djpdv.exec:\djpdv.exe167⤵
-
\??\c:\fffxrrl.exec:\fffxrrl.exe168⤵
-
\??\c:\fxxfrfx.exec:\fxxfrfx.exe169⤵
-
\??\c:\bhnttt.exec:\bhnttt.exe170⤵
-
\??\c:\bhhhhh.exec:\bhhhhh.exe171⤵
-
\??\c:\vjpdj.exec:\vjpdj.exe172⤵
-
\??\c:\dvvpv.exec:\dvvpv.exe173⤵
-
\??\c:\jpvvv.exec:\jpvvv.exe174⤵
-
\??\c:\fxllfxx.exec:\fxllfxx.exe175⤵
-
\??\c:\frxrllf.exec:\frxrllf.exe176⤵
-
\??\c:\bbhbnn.exec:\bbhbnn.exe177⤵
-
\??\c:\hhttbb.exec:\hhttbb.exe178⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe179⤵
-
\??\c:\7vpjv.exec:\7vpjv.exe180⤵
-
\??\c:\rflfxrx.exec:\rflfxrx.exe181⤵
-
\??\c:\7rxxffl.exec:\7rxxffl.exe182⤵
-
\??\c:\bnhbtb.exec:\bnhbtb.exe183⤵
-
\??\c:\9ntnnn.exec:\9ntnnn.exe184⤵
-
\??\c:\5dppj.exec:\5dppj.exe185⤵
-
\??\c:\vvdpj.exec:\vvdpj.exe186⤵
-
\??\c:\flllfll.exec:\flllfll.exe187⤵
-
\??\c:\rxxrffr.exec:\rxxrffr.exe188⤵
-
\??\c:\xrlffff.exec:\xrlffff.exe189⤵
-
\??\c:\nttnbt.exec:\nttnbt.exe190⤵
-
\??\c:\nhtttt.exec:\nhtttt.exe191⤵
-
\??\c:\jddpj.exec:\jddpj.exe192⤵
-
\??\c:\lrxxrrr.exec:\lrxxrrr.exe193⤵
-
\??\c:\rlfxlff.exec:\rlfxlff.exe194⤵
-
\??\c:\tntnnt.exec:\tntnnt.exe195⤵
-
\??\c:\pdppj.exec:\pdppj.exe196⤵
-
\??\c:\1jvpv.exec:\1jvpv.exe197⤵
-
\??\c:\lxrxrff.exec:\lxrxrff.exe198⤵
-
\??\c:\tthhtt.exec:\tthhtt.exe199⤵
-
\??\c:\hhtnhh.exec:\hhtnhh.exe200⤵
-
\??\c:\ddddv.exec:\ddddv.exe201⤵
-
\??\c:\pjppv.exec:\pjppv.exe202⤵
-
\??\c:\xlfxrrr.exec:\xlfxrrr.exe203⤵
-
\??\c:\9thttt.exec:\9thttt.exe204⤵
-
\??\c:\nthhnt.exec:\nthhnt.exe205⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe206⤵
-
\??\c:\9xxxlll.exec:\9xxxlll.exe207⤵
-
\??\c:\llrrlll.exec:\llrrlll.exe208⤵
-
\??\c:\thnnhh.exec:\thnnhh.exe209⤵
-
\??\c:\bnhhbb.exec:\bnhhbb.exe210⤵
-
\??\c:\5pvvp.exec:\5pvvp.exe211⤵
-
\??\c:\9jdvj.exec:\9jdvj.exe212⤵
-
\??\c:\bbhhnn.exec:\bbhhnn.exe213⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe214⤵
-
\??\c:\vppjd.exec:\vppjd.exe215⤵
-
\??\c:\llrrflf.exec:\llrrflf.exe216⤵
-
\??\c:\9bnnhh.exec:\9bnnhh.exe217⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe218⤵
-
\??\c:\vpjjd.exec:\vpjjd.exe219⤵
-
\??\c:\lrrlxll.exec:\lrrlxll.exe220⤵
-
\??\c:\9vdvp.exec:\9vdvp.exe221⤵
-
\??\c:\lflfrrl.exec:\lflfrrl.exe222⤵
-
\??\c:\5fffxfl.exec:\5fffxfl.exe223⤵
-
\??\c:\7bnbbb.exec:\7bnbbb.exe224⤵
-
\??\c:\pdddv.exec:\pdddv.exe225⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe226⤵
-
\??\c:\rxfxrxr.exec:\rxfxrxr.exe227⤵
-
\??\c:\rflfxxx.exec:\rflfxxx.exe228⤵
-
\??\c:\ttnnhh.exec:\ttnnhh.exe229⤵
-
\??\c:\bhnntt.exec:\bhnntt.exe230⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe231⤵
-
\??\c:\jddpp.exec:\jddpp.exe232⤵
-
\??\c:\fxxxlrx.exec:\fxxxlrx.exe233⤵
-
\??\c:\xxrrlll.exec:\xxrrlll.exe234⤵
-
\??\c:\bnbtnt.exec:\bnbtnt.exe235⤵
-
\??\c:\tttntt.exec:\tttntt.exe236⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe237⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe238⤵
-
\??\c:\rlrlfxf.exec:\rlrlfxf.exe239⤵
-
\??\c:\llrrrxx.exec:\llrrrxx.exe240⤵
-
\??\c:\hbbbtt.exec:\hbbbtt.exe241⤵