Analysis
-
max time kernel
151s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
21-05-2024 01:59
General
-
Target
a112eaf533ada08d6f150ea9ebd3b5eff06b3e29b7f0ff0024f7e363d939a780.exe
-
Size
82KB
-
MD5
a59e440a652bd60fb08a177338859ee3
-
SHA1
b49d722c7be12381e0650f47ccb853e8d9dc723d
-
SHA256
a112eaf533ada08d6f150ea9ebd3b5eff06b3e29b7f0ff0024f7e363d939a780
-
SHA512
19718c3c5ec485aad6fc2cb01a3483c2e7b2b0c1c08defa400e97229be7634721c1efc53b483f3a6a04221f58e17f2c85c406a4be2dfb08ac704ff460ba98217
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDInWeNCYGyA2R7JkZPsvO:ymb3NkkiQ3mdBjFIWeFGyA9Pj
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
UPX dump on OEP (original entry point) 35 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 35 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a112eaf533ada08d6f150ea9ebd3b5eff06b3e29b7f0ff0024f7e363d939a780.exe"C:\Users\Admin\AppData\Local\Temp\a112eaf533ada08d6f150ea9ebd3b5eff06b3e29b7f0ff0024f7e363d939a780.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\d7376.exec:\d7376.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bqbhu6.exec:\bqbhu6.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\x439s2.exec:\x439s2.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\96g620.exec:\96g620.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bg5o6p3.exec:\bg5o6p3.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\wq19h8.exec:\wq19h8.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\op6m7i.exec:\op6m7i.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\38irj8.exec:\38irj8.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w80j710.exec:\w80j710.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w06s0e8.exec:\w06s0e8.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\88qw1.exec:\88qw1.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hs0oqk9.exec:\hs0oqk9.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qt347.exec:\qt347.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\of660.exec:\of660.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\o6wt8.exec:\o6wt8.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ov0e5.exec:\ov0e5.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ge3c5.exec:\ge3c5.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\eow41.exec:\eow41.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2mj35vw.exec:\2mj35vw.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\gqtoi.exec:\gqtoi.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9a45c6.exec:\9a45c6.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4sd324.exec:\4sd324.exe23⤵
- Executes dropped EXE
-
\??\c:\oq3k91.exec:\oq3k91.exe24⤵
- Executes dropped EXE
-
\??\c:\sk9l1m7.exec:\sk9l1m7.exe25⤵
- Executes dropped EXE
-
\??\c:\434g73.exec:\434g73.exe26⤵
- Executes dropped EXE
-
\??\c:\45dhv.exec:\45dhv.exe27⤵
- Executes dropped EXE
-
\??\c:\q8c63fu.exec:\q8c63fu.exe28⤵
- Executes dropped EXE
-
\??\c:\n22w1uu.exec:\n22w1uu.exe29⤵
- Executes dropped EXE
-
\??\c:\x3459.exec:\x3459.exe30⤵
- Executes dropped EXE
-
\??\c:\02ou6.exec:\02ou6.exe31⤵
- Executes dropped EXE
-
\??\c:\868684.exec:\868684.exe32⤵
- Executes dropped EXE
-
\??\c:\3c9nu6.exec:\3c9nu6.exe33⤵
- Executes dropped EXE
-
\??\c:\62217u.exec:\62217u.exe34⤵
- Executes dropped EXE
-
\??\c:\xpc46.exec:\xpc46.exe35⤵
- Executes dropped EXE
-
\??\c:\0386j.exec:\0386j.exe36⤵
- Executes dropped EXE
-
\??\c:\66e7u.exec:\66e7u.exe37⤵
- Executes dropped EXE
-
\??\c:\759ask.exec:\759ask.exe38⤵
- Executes dropped EXE
-
\??\c:\93c6kke.exec:\93c6kke.exe39⤵
- Executes dropped EXE
-
\??\c:\mlm0ex4.exec:\mlm0ex4.exe40⤵
- Executes dropped EXE
-
\??\c:\tx94697.exec:\tx94697.exe41⤵
- Executes dropped EXE
-
\??\c:\71ddqj.exec:\71ddqj.exe42⤵
- Executes dropped EXE
-
\??\c:\c66233.exec:\c66233.exe43⤵
- Executes dropped EXE
-
\??\c:\1iri57e.exec:\1iri57e.exe44⤵
- Executes dropped EXE
-
\??\c:\25oc7a4.exec:\25oc7a4.exe45⤵
- Executes dropped EXE
-
\??\c:\q9k42.exec:\q9k42.exe46⤵
- Executes dropped EXE
-
\??\c:\8vve4.exec:\8vve4.exe47⤵
- Executes dropped EXE
-
\??\c:\15o2v0.exec:\15o2v0.exe48⤵
- Executes dropped EXE
-
\??\c:\boa7dq.exec:\boa7dq.exe49⤵
- Executes dropped EXE
-
\??\c:\3x97b.exec:\3x97b.exe50⤵
- Executes dropped EXE
-
\??\c:\j51bv.exec:\j51bv.exe51⤵
- Executes dropped EXE
-
\??\c:\6ishvx.exec:\6ishvx.exe52⤵
- Executes dropped EXE
-
\??\c:\0076x9.exec:\0076x9.exe53⤵
- Executes dropped EXE
-
\??\c:\rda82.exec:\rda82.exe54⤵
- Executes dropped EXE
-
\??\c:\08u86w7.exec:\08u86w7.exe55⤵
- Executes dropped EXE
-
\??\c:\i9e22h7.exec:\i9e22h7.exe56⤵
- Executes dropped EXE
-
\??\c:\rm554.exec:\rm554.exe57⤵
- Executes dropped EXE
-
\??\c:\ej16304.exec:\ej16304.exe58⤵
- Executes dropped EXE
-
\??\c:\4j41sh.exec:\4j41sh.exe59⤵
- Executes dropped EXE
-
\??\c:\231e0ft.exec:\231e0ft.exe60⤵
- Executes dropped EXE
-
\??\c:\k8aa894.exec:\k8aa894.exe61⤵
- Executes dropped EXE
-
\??\c:\6s250h5.exec:\6s250h5.exe62⤵
- Executes dropped EXE
-
\??\c:\4413bw3.exec:\4413bw3.exe63⤵
- Executes dropped EXE
-
\??\c:\p7j3ek.exec:\p7j3ek.exe64⤵
- Executes dropped EXE
-
\??\c:\54g9d4.exec:\54g9d4.exe65⤵
- Executes dropped EXE
-
\??\c:\90a662m.exec:\90a662m.exe66⤵
-
\??\c:\t2780.exec:\t2780.exe67⤵
-
\??\c:\4317m0k.exec:\4317m0k.exe68⤵
-
\??\c:\35cgl.exec:\35cgl.exe69⤵
-
\??\c:\84113.exec:\84113.exe70⤵
-
\??\c:\empra41.exec:\empra41.exe71⤵
-
\??\c:\e0192.exec:\e0192.exe72⤵
-
\??\c:\2c97h0.exec:\2c97h0.exe73⤵
-
\??\c:\02266.exec:\02266.exe74⤵
-
\??\c:\p498u51.exec:\p498u51.exe75⤵
-
\??\c:\b0e7io5.exec:\b0e7io5.exe76⤵
-
\??\c:\i97jpn.exec:\i97jpn.exe77⤵
-
\??\c:\3b59j63.exec:\3b59j63.exe78⤵
-
\??\c:\bw52io.exec:\bw52io.exe79⤵
-
\??\c:\dej89.exec:\dej89.exe80⤵
-
\??\c:\257m4.exec:\257m4.exe81⤵
-
\??\c:\37smw.exec:\37smw.exe82⤵
-
\??\c:\ex239a.exec:\ex239a.exe83⤵
-
\??\c:\gs831g.exec:\gs831g.exe84⤵
-
\??\c:\7482qh0.exec:\7482qh0.exe85⤵
-
\??\c:\766v4m.exec:\766v4m.exe86⤵
-
\??\c:\0psq5.exec:\0psq5.exe87⤵
-
\??\c:\58d1w1.exec:\58d1w1.exe88⤵
-
\??\c:\hbq67.exec:\hbq67.exe89⤵
-
\??\c:\8xa4c4.exec:\8xa4c4.exe90⤵
-
\??\c:\o2c2q7.exec:\o2c2q7.exe91⤵
-
\??\c:\oc332.exec:\oc332.exe92⤵
-
\??\c:\1p097j.exec:\1p097j.exe93⤵
-
\??\c:\ik1q010.exec:\ik1q010.exe94⤵
-
\??\c:\701el.exec:\701el.exe95⤵
-
\??\c:\w31579.exec:\w31579.exe96⤵
-
\??\c:\m7p7m.exec:\m7p7m.exe97⤵
-
\??\c:\jeo38.exec:\jeo38.exe98⤵
-
\??\c:\8r0k2.exec:\8r0k2.exe99⤵
-
\??\c:\3w6vw.exec:\3w6vw.exe100⤵
-
\??\c:\636t0i.exec:\636t0i.exe101⤵
-
\??\c:\7maqb.exec:\7maqb.exe102⤵
-
\??\c:\b4f3qx3.exec:\b4f3qx3.exe103⤵
-
\??\c:\ca00x78.exec:\ca00x78.exe104⤵
-
\??\c:\43mvn76.exec:\43mvn76.exe105⤵
-
\??\c:\d2rf0b.exec:\d2rf0b.exe106⤵
-
\??\c:\l21ek77.exec:\l21ek77.exe107⤵
-
\??\c:\9ldq8.exec:\9ldq8.exe108⤵
-
\??\c:\2e6ko.exec:\2e6ko.exe109⤵
-
\??\c:\099ii3.exec:\099ii3.exe110⤵
-
\??\c:\f79ix9s.exec:\f79ix9s.exe111⤵
-
\??\c:\1g0gbn.exec:\1g0gbn.exe112⤵
-
\??\c:\b2e91.exec:\b2e91.exe113⤵
-
\??\c:\3c396.exec:\3c396.exe114⤵
-
\??\c:\8x1p99.exec:\8x1p99.exe115⤵
-
\??\c:\pm9sj.exec:\pm9sj.exe116⤵
-
\??\c:\2vjh9t.exec:\2vjh9t.exe117⤵
-
\??\c:\s5142.exec:\s5142.exe118⤵
-
\??\c:\59x0dm.exec:\59x0dm.exe119⤵
-
\??\c:\u8hu5.exec:\u8hu5.exe120⤵
-
\??\c:\561g6.exec:\561g6.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-