Analysis
-
max time kernel
150s -
max time network
108s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
21-05-2024 02:43
General
-
Target
ae0d97c952da5d6abc7904ab31bb712d49e6eec0e869072c5e5d3f23d4232db4.exe
-
Size
378KB
-
MD5
3ff6f62f24093efda0b9081cfb1bb1db
-
SHA1
0c618cc669b3879a768123770ebfad6085d9f1a5
-
SHA256
ae0d97c952da5d6abc7904ab31bb712d49e6eec0e869072c5e5d3f23d4232db4
-
SHA512
08e684ece7148f8ff4a5fe3e60e95a61d4ef104168c58600e7af14fc985c6cb610ac4096a2530ccab0800d52a538fb3ad0ca17fdb2a894280ae9349dfd411763
-
SSDEEP
6144:9cm4FmowdHoS4WEkMawdHoSbdwqGw+tw+ttidCyu:/4wFHoS4WEkMTHoSbG++tw+tYYyu
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
UPX dump on OEP (original entry point) 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ae0d97c952da5d6abc7904ab31bb712d49e6eec0e869072c5e5d3f23d4232db4.exe"C:\Users\Admin\AppData\Local\Temp\ae0d97c952da5d6abc7904ab31bb712d49e6eec0e869072c5e5d3f23d4232db4.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\httnbb.exec:\httnbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttthbt.exec:\ttthbt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxlfx.exec:\xrfxlfx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhbt.exec:\bnnhbt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dddv.exec:\3dddv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxxrlf.exec:\fxxxrlf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbhb.exec:\hthbhb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnnhh.exec:\thnnhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpjv.exec:\jvpjv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrfrll.exec:\flrfrll.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbttt.exec:\bbbttt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvp.exec:\jddvp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbbb.exec:\hhhbbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdvv.exec:\dpdvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhhh.exec:\tnnhhh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvp.exec:\pjdvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtntt.exec:\thtntt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthhbb.exec:\nthhbb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntnbb.exec:\tntnbb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjdv.exec:\vdjdv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntnbt.exec:\tntnbt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pjvv.exec:\5pjvv.exe23⤵
- Executes dropped EXE
-
\??\c:\xfxfrrf.exec:\xfxfrrf.exe24⤵
- Executes dropped EXE
-
\??\c:\3hhbnn.exec:\3hhbnn.exe25⤵
- Executes dropped EXE
-
\??\c:\5ttntt.exec:\5ttntt.exe26⤵
- Executes dropped EXE
-
\??\c:\pjjjp.exec:\pjjjp.exe27⤵
- Executes dropped EXE
-
\??\c:\bhnbtn.exec:\bhnbtn.exe28⤵
- Executes dropped EXE
-
\??\c:\jjdpd.exec:\jjdpd.exe29⤵
- Executes dropped EXE
-
\??\c:\fxfxfxx.exec:\fxfxfxx.exe30⤵
- Executes dropped EXE
-
\??\c:\nbbtnh.exec:\nbbtnh.exe31⤵
- Executes dropped EXE
-
\??\c:\5jddv.exec:\5jddv.exe32⤵
- Executes dropped EXE
-
\??\c:\rllrrxx.exec:\rllrrxx.exe33⤵
- Executes dropped EXE
-
\??\c:\7lrfxrl.exec:\7lrfxrl.exe34⤵
- Executes dropped EXE
-
\??\c:\ttthbb.exec:\ttthbb.exe35⤵
- Executes dropped EXE
-
\??\c:\jvdjj.exec:\jvdjj.exe36⤵
- Executes dropped EXE
-
\??\c:\3xxrlll.exec:\3xxrlll.exe37⤵
- Executes dropped EXE
-
\??\c:\hhbthh.exec:\hhbthh.exe38⤵
- Executes dropped EXE
-
\??\c:\nnbbtb.exec:\nnbbtb.exe39⤵
- Executes dropped EXE
-
\??\c:\ddjjd.exec:\ddjjd.exe40⤵
- Executes dropped EXE
-
\??\c:\5lrrrxx.exec:\5lrrrxx.exe41⤵
- Executes dropped EXE
-
\??\c:\nnbhhn.exec:\nnbhhn.exe42⤵
- Executes dropped EXE
-
\??\c:\pdjpj.exec:\pdjpj.exe43⤵
- Executes dropped EXE
-
\??\c:\vvjjv.exec:\vvjjv.exe44⤵
- Executes dropped EXE
-
\??\c:\fllllrr.exec:\fllllrr.exe45⤵
- Executes dropped EXE
-
\??\c:\bbnttt.exec:\bbnttt.exe46⤵
- Executes dropped EXE
-
\??\c:\jdpjj.exec:\jdpjj.exe47⤵
- Executes dropped EXE
-
\??\c:\pjppd.exec:\pjppd.exe48⤵
- Executes dropped EXE
-
\??\c:\rlrrfff.exec:\rlrrfff.exe49⤵
- Executes dropped EXE
-
\??\c:\nhhhtn.exec:\nhhhtn.exe50⤵
- Executes dropped EXE
-
\??\c:\5nttnb.exec:\5nttnb.exe51⤵
- Executes dropped EXE
-
\??\c:\jjpjj.exec:\jjpjj.exe52⤵
- Executes dropped EXE
-
\??\c:\lllflrr.exec:\lllflrr.exe53⤵
- Executes dropped EXE
-
\??\c:\5bnntt.exec:\5bnntt.exe54⤵
- Executes dropped EXE
-
\??\c:\hhnnhn.exec:\hhnnhn.exe55⤵
- Executes dropped EXE
-
\??\c:\rrxxrll.exec:\rrxxrll.exe56⤵
- Executes dropped EXE
-
\??\c:\rlrrrxx.exec:\rlrrrxx.exe57⤵
- Executes dropped EXE
-
\??\c:\nthnnn.exec:\nthnnn.exe58⤵
- Executes dropped EXE
-
\??\c:\vdjjp.exec:\vdjjp.exe59⤵
- Executes dropped EXE
-
\??\c:\frrrxff.exec:\frrrxff.exe60⤵
- Executes dropped EXE
-
\??\c:\nhnnnn.exec:\nhnnnn.exe61⤵
- Executes dropped EXE
-
\??\c:\vdpvd.exec:\vdpvd.exe62⤵
- Executes dropped EXE
-
\??\c:\7vvvv.exec:\7vvvv.exe63⤵
- Executes dropped EXE
-
\??\c:\rlffllx.exec:\rlffllx.exe64⤵
- Executes dropped EXE
-
\??\c:\7bbhnt.exec:\7bbhnt.exe65⤵
- Executes dropped EXE
-
\??\c:\5bbbbh.exec:\5bbbbh.exe66⤵
-
\??\c:\7jjjj.exec:\7jjjj.exe67⤵
-
\??\c:\9rrllll.exec:\9rrllll.exe68⤵
-
\??\c:\9ttnnn.exec:\9ttnnn.exe69⤵
-
\??\c:\3hnnnn.exec:\3hnnnn.exe70⤵
-
\??\c:\pvjjd.exec:\pvjjd.exe71⤵
-
\??\c:\flxxfff.exec:\flxxfff.exe72⤵
-
\??\c:\rrxffff.exec:\rrxffff.exe73⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe74⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe75⤵
-
\??\c:\xlxxxff.exec:\xlxxxff.exe76⤵
-
\??\c:\rlfllrr.exec:\rlfllrr.exe77⤵
-
\??\c:\3bnhtt.exec:\3bnhtt.exe78⤵
-
\??\c:\1vjjp.exec:\1vjjp.exe79⤵
-
\??\c:\rrlrrxf.exec:\rrlrrxf.exe80⤵
-
\??\c:\nbhnnt.exec:\nbhnnt.exe81⤵
-
\??\c:\vvvvv.exec:\vvvvv.exe82⤵
-
\??\c:\lrfxrrf.exec:\lrfxrrf.exe83⤵
-
\??\c:\fffffll.exec:\fffffll.exe84⤵
-
\??\c:\bnnnth.exec:\bnnnth.exe85⤵
-
\??\c:\jjppj.exec:\jjppj.exe86⤵
-
\??\c:\fflllll.exec:\fflllll.exe87⤵
-
\??\c:\lllllrr.exec:\lllllrr.exe88⤵
-
\??\c:\bttnnn.exec:\bttnnn.exe89⤵
-
\??\c:\djpjp.exec:\djpjp.exe90⤵
-
\??\c:\dpjpj.exec:\dpjpj.exe91⤵
-
\??\c:\rlxxllx.exec:\rlxxllx.exe92⤵
-
\??\c:\hbtbhh.exec:\hbtbhh.exe93⤵
-
\??\c:\thhtnh.exec:\thhtnh.exe94⤵
-
\??\c:\vvdjd.exec:\vvdjd.exe95⤵
-
\??\c:\7rlffff.exec:\7rlffff.exe96⤵
-
\??\c:\bthnnn.exec:\bthnnn.exe97⤵
-
\??\c:\bbtnnh.exec:\bbtnnh.exe98⤵
-
\??\c:\5dddd.exec:\5dddd.exe99⤵
-
\??\c:\xrlffll.exec:\xrlffll.exe100⤵
-
\??\c:\xlflxfr.exec:\xlflxfr.exe101⤵
-
\??\c:\3bbhbh.exec:\3bbhbh.exe102⤵
-
\??\c:\ddjdd.exec:\ddjdd.exe103⤵
-
\??\c:\jpjjd.exec:\jpjjd.exe104⤵
-
\??\c:\5xrlffr.exec:\5xrlffr.exe105⤵
-
\??\c:\bbbttn.exec:\bbbttn.exe106⤵
-
\??\c:\3nbtbb.exec:\3nbtbb.exe107⤵
-
\??\c:\ppddj.exec:\ppddj.exe108⤵
-
\??\c:\5jvpj.exec:\5jvpj.exe109⤵
-
\??\c:\rxxxxxf.exec:\rxxxxxf.exe110⤵
-
\??\c:\htbttt.exec:\htbttt.exe111⤵
-
\??\c:\thttnn.exec:\thttnn.exe112⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe113⤵
-
\??\c:\rfrrflr.exec:\rfrrflr.exe114⤵
-
\??\c:\bbbttt.exec:\bbbttt.exe115⤵
-
\??\c:\hnbbth.exec:\hnbbth.exe116⤵
-
\??\c:\pjjjj.exec:\pjjjj.exe117⤵
-
\??\c:\lxffxxr.exec:\lxffxxr.exe118⤵
-
\??\c:\nttttb.exec:\nttttb.exe119⤵
-
\??\c:\hnnttt.exec:\hnnttt.exe120⤵
-
\??\c:\ddddp.exec:\ddddp.exe121⤵
-
\??\c:\vddjd.exec:\vddjd.exe122⤵
-
\??\c:\rrxxflr.exec:\rrxxflr.exe123⤵
-
\??\c:\nhnnnn.exec:\nhnnnn.exe124⤵
-
\??\c:\9bhhhh.exec:\9bhhhh.exe125⤵
-
\??\c:\9vddd.exec:\9vddd.exe126⤵
-
\??\c:\vppjj.exec:\vppjj.exe127⤵
-
\??\c:\lllxxrx.exec:\lllxxrx.exe128⤵
-
\??\c:\nnnntb.exec:\nnnntb.exe129⤵
-
\??\c:\btbbbh.exec:\btbbbh.exe130⤵
-
\??\c:\vjppp.exec:\vjppp.exe131⤵
-
\??\c:\jvjjd.exec:\jvjjd.exe132⤵
-
\??\c:\lxlllff.exec:\lxlllff.exe133⤵
-
\??\c:\hbnnnn.exec:\hbnnnn.exe134⤵
-
\??\c:\pvjjp.exec:\pvjjp.exe135⤵
-
\??\c:\llrllrr.exec:\llrllrr.exe136⤵
-
\??\c:\thtbhn.exec:\thtbhn.exe137⤵
-
\??\c:\xllxrxx.exec:\xllxrxx.exe138⤵
-
\??\c:\lrfrfff.exec:\lrfrfff.exe139⤵
-
\??\c:\bhbbnt.exec:\bhbbnt.exe140⤵
-
\??\c:\vjdjp.exec:\vjdjp.exe141⤵
-
\??\c:\jjjjj.exec:\jjjjj.exe142⤵
-
\??\c:\bhbhhn.exec:\bhbhhn.exe143⤵
-
\??\c:\rlrlfff.exec:\rlrlfff.exe144⤵
-
\??\c:\thnnbh.exec:\thnnbh.exe145⤵
-
\??\c:\9flrrxx.exec:\9flrrxx.exe146⤵
-
\??\c:\tnbbtb.exec:\tnbbtb.exe147⤵
-
\??\c:\vpvdd.exec:\vpvdd.exe148⤵
-
\??\c:\dpvvd.exec:\dpvvd.exe149⤵
-
\??\c:\xxrrlll.exec:\xxrrlll.exe150⤵
-
\??\c:\thtbtb.exec:\thtbtb.exe151⤵
-
\??\c:\vvjjp.exec:\vvjjp.exe152⤵
-
\??\c:\dppvp.exec:\dppvp.exe153⤵
-
\??\c:\llrrrrx.exec:\llrrrrx.exe154⤵
-
\??\c:\nbnnnn.exec:\nbnnnn.exe155⤵
-
\??\c:\jjppp.exec:\jjppp.exe156⤵
-
\??\c:\rxlllxx.exec:\rxlllxx.exe157⤵
-
\??\c:\frxxrrr.exec:\frxxrrr.exe158⤵
-
\??\c:\nhnnnt.exec:\nhnnnt.exe159⤵
-
\??\c:\vddjd.exec:\vddjd.exe160⤵
-
\??\c:\djdjv.exec:\djdjv.exe161⤵
-
\??\c:\rfxrrrl.exec:\rfxrrrl.exe162⤵
-
\??\c:\tnntth.exec:\tnntth.exe163⤵
-
\??\c:\jjppp.exec:\jjppp.exe164⤵
-
\??\c:\vvpjd.exec:\vvpjd.exe165⤵
-
\??\c:\7llllrr.exec:\7llllrr.exe166⤵
-
\??\c:\hhnnnt.exec:\hhnnnt.exe167⤵
-
\??\c:\ppdvv.exec:\ppdvv.exe168⤵
-
\??\c:\jjjjp.exec:\jjjjp.exe169⤵
-
\??\c:\llxrflx.exec:\llxrflx.exe170⤵
-
\??\c:\hhbhnn.exec:\hhbhnn.exe171⤵
-
\??\c:\5bhhbh.exec:\5bhhbh.exe172⤵
-
\??\c:\pdppp.exec:\pdppp.exe173⤵
-
\??\c:\rxxllff.exec:\rxxllff.exe174⤵
-
\??\c:\hnhhhh.exec:\hnhhhh.exe175⤵
-
\??\c:\bhhhbb.exec:\bhhhbb.exe176⤵
-
\??\c:\jjjpd.exec:\jjjpd.exe177⤵
-
\??\c:\xxrrllf.exec:\xxrrllf.exe178⤵
-
\??\c:\thbbnt.exec:\thbbnt.exe179⤵
-
\??\c:\ttnnnn.exec:\ttnnnn.exe180⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe181⤵
-
\??\c:\rlrllll.exec:\rlrllll.exe182⤵
-
\??\c:\5xxrrlx.exec:\5xxrrlx.exe183⤵
-
\??\c:\hhnnnn.exec:\hhnnnn.exe184⤵
-
\??\c:\htbbhn.exec:\htbbhn.exe185⤵
-
\??\c:\vdvvd.exec:\vdvvd.exe186⤵
-
\??\c:\jjddd.exec:\jjddd.exe187⤵
-
\??\c:\rlfffll.exec:\rlfffll.exe188⤵
-
\??\c:\7bnnhn.exec:\7bnnhn.exe189⤵
-
\??\c:\nnbtbh.exec:\nnbtbh.exe190⤵
-
\??\c:\1vjjv.exec:\1vjjv.exe191⤵
-
\??\c:\vvppd.exec:\vvppd.exe192⤵
-
\??\c:\rxrlrxx.exec:\rxrlrxx.exe193⤵
-
\??\c:\fflllrr.exec:\fflllrr.exe194⤵
-
\??\c:\hthhhn.exec:\hthhhn.exe195⤵
-
\??\c:\nnbbhn.exec:\nnbbhn.exe196⤵
-
\??\c:\vvddv.exec:\vvddv.exe197⤵
-
\??\c:\ffffxff.exec:\ffffxff.exe198⤵
-
\??\c:\5fllflf.exec:\5fllflf.exe199⤵
-
\??\c:\tntbbh.exec:\tntbbh.exe200⤵
-
\??\c:\nbbttn.exec:\nbbttn.exe201⤵
-
\??\c:\jpjvv.exec:\jpjvv.exe202⤵
-
\??\c:\5lllxfl.exec:\5lllxfl.exe203⤵
-
\??\c:\lxrxxxx.exec:\lxrxxxx.exe204⤵
-
\??\c:\hnnhhh.exec:\hnnhhh.exe205⤵
-
\??\c:\ddjdd.exec:\ddjdd.exe206⤵
-
\??\c:\xllllrx.exec:\xllllrx.exe207⤵
-
\??\c:\nhnttb.exec:\nhnttb.exe208⤵
-
\??\c:\nntbbb.exec:\nntbbb.exe209⤵
-
\??\c:\llrxflx.exec:\llrxflx.exe210⤵
-
\??\c:\nhtnnt.exec:\nhtnnt.exe211⤵
-
\??\c:\ddpvd.exec:\ddpvd.exe212⤵
-
\??\c:\jvvjp.exec:\jvvjp.exe213⤵
-
\??\c:\xxxxxxx.exec:\xxxxxxx.exe214⤵
-
\??\c:\bnhhhh.exec:\bnhhhh.exe215⤵
-
\??\c:\ddvvp.exec:\ddvvp.exe216⤵
-
\??\c:\lrrxxfl.exec:\lrrxxfl.exe217⤵
-
\??\c:\5lxflfr.exec:\5lxflfr.exe218⤵
-
\??\c:\hhtnnt.exec:\hhtnnt.exe219⤵
-
\??\c:\pdjjj.exec:\pdjjj.exe220⤵
-
\??\c:\xflllrr.exec:\xflllrr.exe221⤵
-
\??\c:\rflllff.exec:\rflllff.exe222⤵
-
\??\c:\bnttbb.exec:\bnttbb.exe223⤵
-
\??\c:\jpvvv.exec:\jpvvv.exe224⤵
-
\??\c:\xrlrxrf.exec:\xrlrxrf.exe225⤵
-
\??\c:\9xffxff.exec:\9xffxff.exe226⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe227⤵
-
\??\c:\dvddd.exec:\dvddd.exe228⤵
-
\??\c:\xrlllll.exec:\xrlllll.exe229⤵
-
\??\c:\lxrlxxx.exec:\lxrlxxx.exe230⤵
-
\??\c:\tbbbnt.exec:\tbbbnt.exe231⤵
-
\??\c:\ppddj.exec:\ppddj.exe232⤵
-
\??\c:\7xfxrrl.exec:\7xfxrrl.exe233⤵
-
\??\c:\lfrrrrr.exec:\lfrrrrr.exe234⤵
-
\??\c:\bnnbnn.exec:\bnnbnn.exe235⤵
-
\??\c:\djjdd.exec:\djjdd.exe236⤵
-
\??\c:\xrffxxx.exec:\xrffxxx.exe237⤵
-
\??\c:\xrfffff.exec:\xrfffff.exe238⤵
-
\??\c:\tttbtn.exec:\tttbtn.exe239⤵
-
\??\c:\7pjjd.exec:\7pjjd.exe240⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe241⤵