Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
21-05-2024 03:28
General
-
Target
bc768a507224491bba7347f3ecd32e6df53e5b80bf8f6d7fd59164f7d2ae5efd.exe
-
Size
78KB
-
MD5
7b9ff171437fcb1939528f8d5b6b430e
-
SHA1
3c314afc76abf5fd0dee0456113f0f91cb32019a
-
SHA256
bc768a507224491bba7347f3ecd32e6df53e5b80bf8f6d7fd59164f7d2ae5efd
-
SHA512
a09c00eb17e4b5730b4b68778b975433a13ed3521817247f11098903aba2a7ef66f422f9c8f8769860253f4368d63a5f0db9c9e5488c3f33f6aa4e06e46dc3d8
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoAX8YieVIJclPvPJtcdcw:ymb3NkkiQ3mdBjFo68YBVIJc9Jtxw
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
UPX dump on OEP (original entry point) 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\bc768a507224491bba7347f3ecd32e6df53e5b80bf8f6d7fd59164f7d2ae5efd.exe"C:\Users\Admin\AppData\Local\Temp\bc768a507224491bba7347f3ecd32e6df53e5b80bf8f6d7fd59164f7d2ae5efd.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrrxl.exec:\xrlrrxl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pvdd.exec:\3pvdd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7fxrflf.exec:\7fxrflf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxllrrx.exec:\fxllrrx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttntbn.exec:\ttntbn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbthbh.exec:\tbthbh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjv.exec:\vpdjv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rfllxf.exec:\3rfllxf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrrrff.exec:\xxrrrff.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfrflr.exec:\llfrflr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnntb.exec:\htnntb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjv.exec:\dvjjv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5fllllr.exec:\5fllllr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffflrfr.exec:\ffflrfr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnbhn.exec:\tbnbhn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bbnbh.exec:\5bbnbh.exe17⤵
- Executes dropped EXE
-
\??\c:\jdpvj.exec:\jdpvj.exe18⤵
- Executes dropped EXE
-
\??\c:\lfrxffl.exec:\lfrxffl.exe19⤵
- Executes dropped EXE
-
\??\c:\7xflflx.exec:\7xflflx.exe20⤵
- Executes dropped EXE
-
\??\c:\hbtthh.exec:\hbtthh.exe21⤵
- Executes dropped EXE
-
\??\c:\ttntnb.exec:\ttntnb.exe22⤵
- Executes dropped EXE
-
\??\c:\7vddv.exec:\7vddv.exe23⤵
- Executes dropped EXE
-
\??\c:\jvpdp.exec:\jvpdp.exe24⤵
- Executes dropped EXE
-
\??\c:\llxxrrx.exec:\llxxrrx.exe25⤵
- Executes dropped EXE
-
\??\c:\3xlrllr.exec:\3xlrllr.exe26⤵
- Executes dropped EXE
-
\??\c:\bhntbn.exec:\bhntbn.exe27⤵
- Executes dropped EXE
-
\??\c:\nhbbhb.exec:\nhbbhb.exe28⤵
- Executes dropped EXE
-
\??\c:\jjdjp.exec:\jjdjp.exe29⤵
- Executes dropped EXE
-
\??\c:\1lllxff.exec:\1lllxff.exe30⤵
- Executes dropped EXE
-
\??\c:\nntbtt.exec:\nntbtt.exe31⤵
- Executes dropped EXE
-
\??\c:\htnnth.exec:\htnnth.exe32⤵
- Executes dropped EXE
-
\??\c:\jvdjd.exec:\jvdjd.exe33⤵
- Executes dropped EXE
-
\??\c:\xrxxrrr.exec:\xrxxrrr.exe34⤵
-
\??\c:\5rlxlll.exec:\5rlxlll.exe35⤵
- Executes dropped EXE
-
\??\c:\btntbb.exec:\btntbb.exe36⤵
- Executes dropped EXE
-
\??\c:\pjjvd.exec:\pjjvd.exe37⤵
- Executes dropped EXE
-
\??\c:\dvpvd.exec:\dvpvd.exe38⤵
- Executes dropped EXE
-
\??\c:\xxllllr.exec:\xxllllr.exe39⤵
- Executes dropped EXE
-
\??\c:\1frxflr.exec:\1frxflr.exe40⤵
- Executes dropped EXE
-
\??\c:\1hbnnb.exec:\1hbnnb.exe41⤵
- Executes dropped EXE
-
\??\c:\jvjpd.exec:\jvjpd.exe42⤵
- Executes dropped EXE
-
\??\c:\3jdjp.exec:\3jdjp.exe43⤵
- Executes dropped EXE
-
\??\c:\xfxxrrf.exec:\xfxxrrf.exe44⤵
- Executes dropped EXE
-
\??\c:\frrxllx.exec:\frrxllx.exe45⤵
- Executes dropped EXE
-
\??\c:\5btbbh.exec:\5btbbh.exe46⤵
- Executes dropped EXE
-
\??\c:\nhthht.exec:\nhthht.exe47⤵
- Executes dropped EXE
-
\??\c:\ddpdj.exec:\ddpdj.exe48⤵
- Executes dropped EXE
-
\??\c:\7vvdp.exec:\7vvdp.exe49⤵
- Executes dropped EXE
-
\??\c:\xrffllr.exec:\xrffllr.exe50⤵
- Executes dropped EXE
-
\??\c:\rfrlrrx.exec:\rfrlrrx.exe51⤵
- Executes dropped EXE
-
\??\c:\hbhhnb.exec:\hbhhnb.exe52⤵
- Executes dropped EXE
-
\??\c:\pjdjj.exec:\pjdjj.exe53⤵
- Executes dropped EXE
-
\??\c:\pjdjv.exec:\pjdjv.exe54⤵
- Executes dropped EXE
-
\??\c:\jvjvj.exec:\jvjvj.exe55⤵
- Executes dropped EXE
-
\??\c:\rrrflrx.exec:\rrrflrx.exe56⤵
- Executes dropped EXE
-
\??\c:\httbbb.exec:\httbbb.exe57⤵
- Executes dropped EXE
-
\??\c:\tthtbb.exec:\tthtbb.exe58⤵
- Executes dropped EXE
-
\??\c:\tnnntb.exec:\tnnntb.exe59⤵
- Executes dropped EXE
-
\??\c:\vvpvv.exec:\vvpvv.exe60⤵
- Executes dropped EXE
-
\??\c:\ppjjv.exec:\ppjjv.exe61⤵
- Executes dropped EXE
-
\??\c:\xrlfrxl.exec:\xrlfrxl.exe62⤵
- Executes dropped EXE
-
\??\c:\rfxxxxl.exec:\rfxxxxl.exe63⤵
- Executes dropped EXE
-
\??\c:\hbhnbb.exec:\hbhnbb.exe64⤵
- Executes dropped EXE
-
\??\c:\vjddd.exec:\vjddd.exe65⤵
- Executes dropped EXE
-
\??\c:\ppjdp.exec:\ppjdp.exe66⤵
- Executes dropped EXE
-
\??\c:\xxrxflx.exec:\xxrxflx.exe67⤵
-
\??\c:\xlllrrx.exec:\xlllrrx.exe68⤵
-
\??\c:\hbtnbh.exec:\hbtnbh.exe69⤵
-
\??\c:\nbtnnh.exec:\nbtnnh.exe70⤵
-
\??\c:\7pvdv.exec:\7pvdv.exe71⤵
-
\??\c:\3vpdj.exec:\3vpdj.exe72⤵
-
\??\c:\3fxlfxl.exec:\3fxlfxl.exe73⤵
-
\??\c:\llxrflr.exec:\llxrflr.exe74⤵
-
\??\c:\nnbntt.exec:\nnbntt.exe75⤵
-
\??\c:\bbthth.exec:\bbthth.exe76⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe77⤵
-
\??\c:\frfflrf.exec:\frfflrf.exe78⤵
-
\??\c:\lfxrxfl.exec:\lfxrxfl.exe79⤵
-
\??\c:\nbthhn.exec:\nbthhn.exe80⤵
-
\??\c:\hbnntb.exec:\hbnntb.exe81⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe82⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe83⤵
-
\??\c:\ffxxxfx.exec:\ffxxxfx.exe84⤵
-
\??\c:\xrrrxfl.exec:\xrrrxfl.exe85⤵
-
\??\c:\bhthbb.exec:\bhthbb.exe86⤵
-
\??\c:\thnbhh.exec:\thnbhh.exe87⤵
-
\??\c:\jddjp.exec:\jddjp.exe88⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe89⤵
-
\??\c:\llflxfr.exec:\llflxfr.exe90⤵
-
\??\c:\hnnntn.exec:\hnnntn.exe91⤵
-
\??\c:\hhntbh.exec:\hhntbh.exe92⤵
-
\??\c:\tntbnn.exec:\tntbnn.exe93⤵
-
\??\c:\ddvjd.exec:\ddvjd.exe94⤵
-
\??\c:\lxfxflr.exec:\lxfxflr.exe95⤵
-
\??\c:\rxrfrxf.exec:\rxrfrxf.exe96⤵
-
\??\c:\nhhbhh.exec:\nhhbhh.exe97⤵
-
\??\c:\tbnhbn.exec:\tbnhbn.exe98⤵
-
\??\c:\7vvdd.exec:\7vvdd.exe99⤵
-
\??\c:\1dddj.exec:\1dddj.exe100⤵
-
\??\c:\9dvvj.exec:\9dvvj.exe101⤵
-
\??\c:\lfrflxf.exec:\lfrflxf.exe102⤵
-
\??\c:\rlrxlrx.exec:\rlrxlrx.exe103⤵
-
\??\c:\nhbhhb.exec:\nhbhhb.exe104⤵
-
\??\c:\vddpd.exec:\vddpd.exe105⤵
-
\??\c:\3jpvv.exec:\3jpvv.exe106⤵
-
\??\c:\llxlxxl.exec:\llxlxxl.exe107⤵
-
\??\c:\5lxrxxf.exec:\5lxrxxf.exe108⤵
-
\??\c:\bnbntt.exec:\bnbntt.exe109⤵
-
\??\c:\hbbbnt.exec:\hbbbnt.exe110⤵
-
\??\c:\jdvdd.exec:\jdvdd.exe111⤵
-
\??\c:\ffxllxr.exec:\ffxllxr.exe112⤵
-
\??\c:\9rfrfff.exec:\9rfrfff.exe113⤵
-
\??\c:\hhbntb.exec:\hhbntb.exe114⤵
-
\??\c:\tnttbb.exec:\tnttbb.exe115⤵
-
\??\c:\vvpvd.exec:\vvpvd.exe116⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe117⤵
-
\??\c:\5xfrxxx.exec:\5xfrxxx.exe118⤵
-
\??\c:\hbntbh.exec:\hbntbh.exe119⤵
-
\??\c:\vpvjj.exec:\vpvjj.exe120⤵
-
\??\c:\fxrrfrf.exec:\fxrrfrf.exe121⤵
-
\??\c:\fffxrfr.exec:\fffxrfr.exe122⤵
-
\??\c:\bbhbht.exec:\bbhbht.exe123⤵
-
\??\c:\ttthbb.exec:\ttthbb.exe124⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe125⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe126⤵
-
\??\c:\lrxllxx.exec:\lrxllxx.exe127⤵
-
\??\c:\lrrflxx.exec:\lrrflxx.exe128⤵
-
\??\c:\rllrxfl.exec:\rllrxfl.exe129⤵
-
\??\c:\3bntbb.exec:\3bntbb.exe130⤵
-
\??\c:\hbbnbh.exec:\hbbnbh.exe131⤵
-
\??\c:\ppvdj.exec:\ppvdj.exe132⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe133⤵
-
\??\c:\7rlxxxl.exec:\7rlxxxl.exe134⤵
-
\??\c:\3xxxxxx.exec:\3xxxxxx.exe135⤵
-
\??\c:\htbnnb.exec:\htbnnb.exe136⤵
-
\??\c:\3nbntb.exec:\3nbntb.exe137⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe138⤵
-
\??\c:\pdvdj.exec:\pdvdj.exe139⤵
-
\??\c:\7fxfxxf.exec:\7fxfxxf.exe140⤵
-
\??\c:\3rflrrf.exec:\3rflrrf.exe141⤵
-
\??\c:\bbtbht.exec:\bbtbht.exe142⤵
-
\??\c:\hbhbhh.exec:\hbhbhh.exe143⤵
-
\??\c:\9vpvv.exec:\9vpvv.exe144⤵
-
\??\c:\5dvjv.exec:\5dvjv.exe145⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe146⤵
-
\??\c:\xxlrxxf.exec:\xxlrxxf.exe147⤵
-
\??\c:\rrxlrxf.exec:\rrxlrxf.exe148⤵
-
\??\c:\htbhnt.exec:\htbhnt.exe149⤵
-
\??\c:\tnbntb.exec:\tnbntb.exe150⤵
-
\??\c:\pjddj.exec:\pjddj.exe151⤵
-
\??\c:\vvppj.exec:\vvppj.exe152⤵
-
\??\c:\xrfxflx.exec:\xrfxflx.exe153⤵
-
\??\c:\1flffrl.exec:\1flffrl.exe154⤵
-
\??\c:\tthbbb.exec:\tthbbb.exe155⤵
-
\??\c:\nhbhtb.exec:\nhbhtb.exe156⤵
-
\??\c:\ppdpd.exec:\ppdpd.exe157⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe158⤵
-
\??\c:\9xrxxlr.exec:\9xrxxlr.exe159⤵
-
\??\c:\flfrxxf.exec:\flfrxxf.exe160⤵
-
\??\c:\tbtntb.exec:\tbtntb.exe161⤵
-
\??\c:\3bttbn.exec:\3bttbn.exe162⤵
-
\??\c:\nbbhnb.exec:\nbbhnb.exe163⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe164⤵
-
\??\c:\ppjjj.exec:\ppjjj.exe165⤵
-
\??\c:\fxrrffr.exec:\fxrrffr.exe166⤵
-
\??\c:\rllrlxl.exec:\rllrlxl.exe167⤵
-
\??\c:\hbntbh.exec:\hbntbh.exe168⤵
-
\??\c:\9hhnbh.exec:\9hhnbh.exe169⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe170⤵
-
\??\c:\9pjdj.exec:\9pjdj.exe171⤵
-
\??\c:\xrxrxfl.exec:\xrxrxfl.exe172⤵
-
\??\c:\rrxfffl.exec:\rrxfffl.exe173⤵
-
\??\c:\nbnnth.exec:\nbnnth.exe174⤵
-
\??\c:\nnhhbh.exec:\nnhhbh.exe175⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe176⤵
-
\??\c:\pjppj.exec:\pjppj.exe177⤵
-
\??\c:\dpppd.exec:\dpppd.exe178⤵
-
\??\c:\3ffxrrf.exec:\3ffxrrf.exe179⤵
-
\??\c:\9frlfff.exec:\9frlfff.exe180⤵
-
\??\c:\hbnnht.exec:\hbnnht.exe181⤵
-
\??\c:\hbbhnn.exec:\hbbhnn.exe182⤵
-
\??\c:\djddj.exec:\djddj.exe183⤵
-
\??\c:\jdddj.exec:\jdddj.exe184⤵
-
\??\c:\lxllllf.exec:\lxllllf.exe185⤵
-
\??\c:\rxfllff.exec:\rxfllff.exe186⤵
-
\??\c:\9nhntt.exec:\9nhntt.exe187⤵
-
\??\c:\hbbhnh.exec:\hbbhnh.exe188⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe189⤵
-
\??\c:\ppvpv.exec:\ppvpv.exe190⤵
-
\??\c:\3xxrrxf.exec:\3xxrrxf.exe191⤵
-
\??\c:\flxxxff.exec:\flxxxff.exe192⤵
-
\??\c:\bbbthh.exec:\bbbthh.exe193⤵
-
\??\c:\tbntnb.exec:\tbntnb.exe194⤵
-
\??\c:\1vjdd.exec:\1vjdd.exe195⤵
-
\??\c:\pdvdj.exec:\pdvdj.exe196⤵
-
\??\c:\1xfxrrf.exec:\1xfxrrf.exe197⤵
-
\??\c:\fxxflfr.exec:\fxxflfr.exe198⤵
-
\??\c:\bbhnth.exec:\bbhnth.exe199⤵
-
\??\c:\nhhhnt.exec:\nhhhnt.exe200⤵
-
\??\c:\7jdpp.exec:\7jdpp.exe201⤵
-
\??\c:\rxllflr.exec:\rxllflr.exe202⤵
-
\??\c:\frllfxr.exec:\frllfxr.exe203⤵
-
\??\c:\bnbhhn.exec:\bnbhhn.exe204⤵
-
\??\c:\thhbtt.exec:\thhbtt.exe205⤵
-
\??\c:\1xrxxxf.exec:\1xrxxxf.exe206⤵
-
\??\c:\thhnnn.exec:\thhnnn.exe207⤵
-
\??\c:\thnttn.exec:\thnttn.exe208⤵
-
\??\c:\pdjjj.exec:\pdjjj.exe209⤵
-
\??\c:\pdppp.exec:\pdppp.exe210⤵
-
\??\c:\lllrrll.exec:\lllrrll.exe211⤵
-
\??\c:\xfrrrlr.exec:\xfrrrlr.exe212⤵
-
\??\c:\5hhbhb.exec:\5hhbhb.exe213⤵
-
\??\c:\bthhth.exec:\bthhth.exe214⤵
-
\??\c:\1pdvp.exec:\1pdvp.exe215⤵
-
\??\c:\jvjdp.exec:\jvjdp.exe216⤵
-
\??\c:\rfrrrxf.exec:\rfrrrxf.exe217⤵
-
\??\c:\9rfffff.exec:\9rfffff.exe218⤵
-
\??\c:\hbhhnt.exec:\hbhhnt.exe219⤵
-
\??\c:\9tnhnn.exec:\9tnhnn.exe220⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe221⤵
-
\??\c:\7djdd.exec:\7djdd.exe222⤵
-
\??\c:\rfxrllr.exec:\rfxrllr.exe223⤵
-
\??\c:\rlfflrr.exec:\rlfflrr.exe224⤵
-
\??\c:\3httbh.exec:\3httbh.exe225⤵
-
\??\c:\nhtttn.exec:\nhtttn.exe226⤵
-
\??\c:\nhtttb.exec:\nhtttb.exe227⤵
-
\??\c:\ppvdv.exec:\ppvdv.exe228⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe229⤵
-
\??\c:\7rfxrxl.exec:\7rfxrxl.exe230⤵
-
\??\c:\rllflxr.exec:\rllflxr.exe231⤵
-
\??\c:\nbbbbb.exec:\nbbbbb.exe232⤵
-
\??\c:\3tbhnb.exec:\3tbhnb.exe233⤵
-
\??\c:\vpddj.exec:\vpddj.exe234⤵
-
\??\c:\vppvd.exec:\vppvd.exe235⤵
-
\??\c:\lxfxxlr.exec:\lxfxxlr.exe236⤵
-
\??\c:\lfrlrlx.exec:\lfrlrlx.exe237⤵
-
\??\c:\nnbbhh.exec:\nnbbhh.exe238⤵
-
\??\c:\9bhntt.exec:\9bhntt.exe239⤵
-
\??\c:\ppdpj.exec:\ppdpj.exe240⤵
-
\??\c:\7lxfrrf.exec:\7lxfrrf.exe241⤵