Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
21-05-2024 03:30
General
-
Target
bcff5a231861628aee1cf2831855a81492fe55f3d60d07a968a55bd3813a3273.exe
-
Size
127KB
-
MD5
4cfc9aa515fdc1353fc2c7f6e29c1d16
-
SHA1
016c7853109cddf49fa4ecf027bbd35805546723
-
SHA256
bcff5a231861628aee1cf2831855a81492fe55f3d60d07a968a55bd3813a3273
-
SHA512
01a4b230a3818441b29fd7c38462f4a6a1373ae20be41ccdd3dfc6bd4d8a51ddd4507f290637dbbf898085aa921ce9e7ec1245c0dd62d27fc7fe0a967d08752a
-
SSDEEP
3072:ymb3NkkiQ3mdBjFWXkj7afodnmm9Ao98h3dktX4/Jl:n3C9BRW0j/tmm9nwytIL
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
UPX dump on OEP (original entry point) 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\bcff5a231861628aee1cf2831855a81492fe55f3d60d07a968a55bd3813a3273.exe"C:\Users\Admin\AppData\Local\Temp\bcff5a231861628aee1cf2831855a81492fe55f3d60d07a968a55bd3813a3273.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxflf.exec:\rrxxflf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbhn.exec:\btbbhn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjvj.exec:\pjjvj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffrxlf.exec:\fffrxlf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtbhn.exec:\hbtbhn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjv.exec:\dvjjv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lffrrf.exec:\1lffrrf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrrxfl.exec:\fxrrxfl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bnnbb.exec:\3bnnbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vddj.exec:\7vddj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lflxfr.exec:\7lflxfr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxflrf.exec:\llxflrf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbnn.exec:\nhbbnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbnb.exec:\nhtbnb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjp.exec:\pjdjp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrxflx.exec:\rxrxflx.exe17⤵
- Executes dropped EXE
-
\??\c:\5btbhh.exec:\5btbhh.exe18⤵
- Executes dropped EXE
-
\??\c:\3nhhtt.exec:\3nhhtt.exe19⤵
- Executes dropped EXE
-
\??\c:\7djpv.exec:\7djpv.exe20⤵
- Executes dropped EXE
-
\??\c:\lfxfxrx.exec:\lfxfxrx.exe21⤵
- Executes dropped EXE
-
\??\c:\3hthhn.exec:\3hthhn.exe22⤵
- Executes dropped EXE
-
\??\c:\bbnnhh.exec:\bbnnhh.exe23⤵
- Executes dropped EXE
-
\??\c:\jjdpd.exec:\jjdpd.exe24⤵
- Executes dropped EXE
-
\??\c:\vpjjd.exec:\vpjjd.exe25⤵
- Executes dropped EXE
-
\??\c:\llrxflr.exec:\llrxflr.exe26⤵
- Executes dropped EXE
-
\??\c:\bttbnt.exec:\bttbnt.exe27⤵
- Executes dropped EXE
-
\??\c:\tnhnbh.exec:\tnhnbh.exe28⤵
- Executes dropped EXE
-
\??\c:\vpppv.exec:\vpppv.exe29⤵
- Executes dropped EXE
-
\??\c:\7llxffr.exec:\7llxffr.exe30⤵
- Executes dropped EXE
-
\??\c:\5hntbn.exec:\5hntbn.exe31⤵
- Executes dropped EXE
-
\??\c:\thtthh.exec:\thtthh.exe32⤵
- Executes dropped EXE
-
\??\c:\3vppv.exec:\3vppv.exe33⤵
- Executes dropped EXE
-
\??\c:\lxxfrrl.exec:\lxxfrrl.exe34⤵
- Executes dropped EXE
-
\??\c:\fxlrlrx.exec:\fxlrlrx.exe35⤵
- Executes dropped EXE
-
\??\c:\bnhnbh.exec:\bnhnbh.exe36⤵
- Executes dropped EXE
-
\??\c:\3tntbb.exec:\3tntbb.exe37⤵
- Executes dropped EXE
-
\??\c:\btbbhh.exec:\btbbhh.exe38⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe39⤵
- Executes dropped EXE
-
\??\c:\jvddj.exec:\jvddj.exe40⤵
- Executes dropped EXE
-
\??\c:\fxllflx.exec:\fxllflx.exe41⤵
- Executes dropped EXE
-
\??\c:\hbnnnt.exec:\hbnnnt.exe42⤵
- Executes dropped EXE
-
\??\c:\1nhbtt.exec:\1nhbtt.exe43⤵
- Executes dropped EXE
-
\??\c:\jdvpj.exec:\jdvpj.exe44⤵
- Executes dropped EXE
-
\??\c:\dvjvd.exec:\dvjvd.exe45⤵
- Executes dropped EXE
-
\??\c:\xrlfxrx.exec:\xrlfxrx.exe46⤵
- Executes dropped EXE
-
\??\c:\fxllrrx.exec:\fxllrrx.exe47⤵
- Executes dropped EXE
-
\??\c:\5nbhhh.exec:\5nbhhh.exe48⤵
- Executes dropped EXE
-
\??\c:\nhnntt.exec:\nhnntt.exe49⤵
- Executes dropped EXE
-
\??\c:\dpddj.exec:\dpddj.exe50⤵
- Executes dropped EXE
-
\??\c:\pjddj.exec:\pjddj.exe51⤵
- Executes dropped EXE
-
\??\c:\fxllfxx.exec:\fxllfxx.exe52⤵
- Executes dropped EXE
-
\??\c:\3flllxf.exec:\3flllxf.exe53⤵
- Executes dropped EXE
-
\??\c:\5nnntn.exec:\5nnntn.exe54⤵
- Executes dropped EXE
-
\??\c:\thtttb.exec:\thtttb.exe55⤵
- Executes dropped EXE
-
\??\c:\5pvvp.exec:\5pvvp.exe56⤵
- Executes dropped EXE
-
\??\c:\lfxxxxx.exec:\lfxxxxx.exe57⤵
- Executes dropped EXE
-
\??\c:\lfrxflr.exec:\lfrxflr.exe58⤵
- Executes dropped EXE
-
\??\c:\7nnntb.exec:\7nnntb.exe59⤵
- Executes dropped EXE
-
\??\c:\nnhntt.exec:\nnhntt.exe60⤵
- Executes dropped EXE
-
\??\c:\9vvdd.exec:\9vvdd.exe61⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe62⤵
- Executes dropped EXE
-
\??\c:\lxllxrr.exec:\lxllxrr.exe63⤵
- Executes dropped EXE
-
\??\c:\xrflrxl.exec:\xrflrxl.exe64⤵
- Executes dropped EXE
-
\??\c:\hhnbnb.exec:\hhnbnb.exe65⤵
- Executes dropped EXE
-
\??\c:\bnbhtb.exec:\bnbhtb.exe66⤵
-
\??\c:\jvjpd.exec:\jvjpd.exe67⤵
-
\??\c:\7dvdp.exec:\7dvdp.exe68⤵
-
\??\c:\5xrlrfr.exec:\5xrlrfr.exe69⤵
-
\??\c:\fxllrxf.exec:\fxllrxf.exe70⤵
-
\??\c:\5nntbh.exec:\5nntbh.exe71⤵
-
\??\c:\nbbhhn.exec:\nbbhhn.exe72⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe73⤵
-
\??\c:\vvpvd.exec:\vvpvd.exe74⤵
-
\??\c:\xrflrxx.exec:\xrflrxx.exe75⤵
-
\??\c:\9fffllx.exec:\9fffllx.exe76⤵
-
\??\c:\hbntbh.exec:\hbntbh.exe77⤵
-
\??\c:\3tnthh.exec:\3tnthh.exe78⤵
-
\??\c:\ppvvd.exec:\ppvvd.exe79⤵
-
\??\c:\dpppj.exec:\dpppj.exe80⤵
-
\??\c:\fxllxfr.exec:\fxllxfr.exe81⤵
-
\??\c:\fxrflrx.exec:\fxrflrx.exe82⤵
-
\??\c:\nntnnn.exec:\nntnnn.exe83⤵
-
\??\c:\nnhttb.exec:\nnhttb.exe84⤵
-
\??\c:\vjvdp.exec:\vjvdp.exe85⤵
-
\??\c:\pdpvd.exec:\pdpvd.exe86⤵
-
\??\c:\dpdvv.exec:\dpdvv.exe87⤵
-
\??\c:\xrllffl.exec:\xrllffl.exe88⤵
-
\??\c:\bbhhhn.exec:\bbhhhn.exe89⤵
-
\??\c:\5hbhhn.exec:\5hbhhn.exe90⤵
-
\??\c:\1dvdp.exec:\1dvdp.exe91⤵
-
\??\c:\jdddp.exec:\jdddp.exe92⤵
-
\??\c:\fxrlrxf.exec:\fxrlrxf.exe93⤵
-
\??\c:\1lrrxrf.exec:\1lrrxrf.exe94⤵
-
\??\c:\tnbbnt.exec:\tnbbnt.exe95⤵
-
\??\c:\nnbbhn.exec:\nnbbhn.exe96⤵
-
\??\c:\pjpdv.exec:\pjpdv.exe97⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe98⤵
-
\??\c:\xlllrrf.exec:\xlllrrf.exe99⤵
-
\??\c:\xrlxfff.exec:\xrlxfff.exe100⤵
-
\??\c:\httbhn.exec:\httbhn.exe101⤵
-
\??\c:\3nthtn.exec:\3nthtn.exe102⤵
-
\??\c:\dvvdd.exec:\dvvdd.exe103⤵
-
\??\c:\9vppd.exec:\9vppd.exe104⤵
-
\??\c:\llrrxfl.exec:\llrrxfl.exe105⤵
-
\??\c:\thbbnt.exec:\thbbnt.exe106⤵
-
\??\c:\bhbnnh.exec:\bhbnnh.exe107⤵
-
\??\c:\dpdjv.exec:\dpdjv.exe108⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe109⤵
-
\??\c:\xrrxflr.exec:\xrrxflr.exe110⤵
-
\??\c:\lxfrxlr.exec:\lxfrxlr.exe111⤵
-
\??\c:\tnttbb.exec:\tnttbb.exe112⤵
-
\??\c:\3jvpp.exec:\3jvpp.exe113⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe114⤵
-
\??\c:\3xxlxlx.exec:\3xxlxlx.exe115⤵
-
\??\c:\fxxflrx.exec:\fxxflrx.exe116⤵
-
\??\c:\btnhtt.exec:\btnhtt.exe117⤵
-
\??\c:\dpvvd.exec:\dpvvd.exe118⤵
-
\??\c:\5pjjj.exec:\5pjjj.exe119⤵
-
\??\c:\lfrrffr.exec:\lfrrffr.exe120⤵
-
\??\c:\rrlrffr.exec:\rrlrffr.exe121⤵
-
\??\c:\nnbnbh.exec:\nnbnbh.exe122⤵
-
\??\c:\5pjvd.exec:\5pjvd.exe123⤵
-
\??\c:\dvddp.exec:\dvddp.exe124⤵
-
\??\c:\3rrrrrf.exec:\3rrrrrf.exe125⤵
-
\??\c:\lrxxlrf.exec:\lrxxlrf.exe126⤵
-
\??\c:\htbhhh.exec:\htbhhh.exe127⤵
-
\??\c:\hhthnn.exec:\hhthnn.exe128⤵
-
\??\c:\pdjpd.exec:\pdjpd.exe129⤵
-
\??\c:\lflfllx.exec:\lflfllx.exe130⤵
-
\??\c:\lfxxxfl.exec:\lfxxxfl.exe131⤵
-
\??\c:\tthhnn.exec:\tthhnn.exe132⤵
-
\??\c:\nbhhhn.exec:\nbhhhn.exe133⤵
-
\??\c:\pdjjv.exec:\pdjjv.exe134⤵
-
\??\c:\7fxxxrx.exec:\7fxxxrx.exe135⤵
-
\??\c:\llxxrrf.exec:\llxxrrf.exe136⤵
-
\??\c:\nhnbhh.exec:\nhnbhh.exe137⤵
-
\??\c:\7jddp.exec:\7jddp.exe138⤵
-
\??\c:\lfrrrrf.exec:\lfrrrrf.exe139⤵
-
\??\c:\1lxrrxf.exec:\1lxrrxf.exe140⤵
-
\??\c:\nbnhhb.exec:\nbnhhb.exe141⤵
-
\??\c:\1pvvd.exec:\1pvvd.exe142⤵
-
\??\c:\7pjpp.exec:\7pjpp.exe143⤵
-
\??\c:\xrllxrf.exec:\xrllxrf.exe144⤵
-
\??\c:\xrlxfxf.exec:\xrlxfxf.exe145⤵
-
\??\c:\nhbhbb.exec:\nhbhbb.exe146⤵
-
\??\c:\5pjjv.exec:\5pjjv.exe147⤵
-
\??\c:\5jddv.exec:\5jddv.exe148⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe149⤵
-
\??\c:\ffxxllr.exec:\ffxxllr.exe150⤵
-
\??\c:\bththh.exec:\bththh.exe151⤵
-
\??\c:\hbhnbh.exec:\hbhnbh.exe152⤵
-
\??\c:\jddvd.exec:\jddvd.exe153⤵
-
\??\c:\pjddp.exec:\pjddp.exe154⤵
-
\??\c:\xxxlfxr.exec:\xxxlfxr.exe155⤵
-
\??\c:\bnbhnt.exec:\bnbhnt.exe156⤵
-
\??\c:\btbbnn.exec:\btbbnn.exe157⤵
-
\??\c:\nhtbtt.exec:\nhtbtt.exe158⤵
-
\??\c:\jddpd.exec:\jddpd.exe159⤵
-
\??\c:\lxffrrl.exec:\lxffrrl.exe160⤵
-
\??\c:\fxlrxfr.exec:\fxlrxfr.exe161⤵
-
\??\c:\tnbbbh.exec:\tnbbbh.exe162⤵
-
\??\c:\3nbbbb.exec:\3nbbbb.exe163⤵
-
\??\c:\5nhhnh.exec:\5nhhnh.exe164⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe165⤵
-
\??\c:\vvddj.exec:\vvddj.exe166⤵
-
\??\c:\xrllrrf.exec:\xrllrrf.exe167⤵
-
\??\c:\nnhbnt.exec:\nnhbnt.exe168⤵
-
\??\c:\bnhbhb.exec:\bnhbhb.exe169⤵
-
\??\c:\jvppv.exec:\jvppv.exe170⤵
-
\??\c:\7ddpd.exec:\7ddpd.exe171⤵
-
\??\c:\llfflrx.exec:\llfflrx.exe172⤵
-
\??\c:\7xxxlfl.exec:\7xxxlfl.exe173⤵
-
\??\c:\btbbnn.exec:\btbbnn.exe174⤵
-
\??\c:\tthhnt.exec:\tthhnt.exe175⤵
-
\??\c:\vpddp.exec:\vpddp.exe176⤵
-
\??\c:\dvppp.exec:\dvppp.exe177⤵
-
\??\c:\9llrrxr.exec:\9llrrxr.exe178⤵
-
\??\c:\tnhhtb.exec:\tnhhtb.exe179⤵
-
\??\c:\tthtbb.exec:\tthtbb.exe180⤵
-
\??\c:\ppdpv.exec:\ppdpv.exe181⤵
-
\??\c:\pjvpd.exec:\pjvpd.exe182⤵
-
\??\c:\lfxxrrf.exec:\lfxxrrf.exe183⤵
-
\??\c:\fxrrllf.exec:\fxrrllf.exe184⤵
-
\??\c:\nhbbbh.exec:\nhbbbh.exe185⤵
-
\??\c:\bbnthn.exec:\bbnthn.exe186⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe187⤵
-
\??\c:\ddvvj.exec:\ddvvj.exe188⤵
-
\??\c:\xrlrxfl.exec:\xrlrxfl.exe189⤵
-
\??\c:\7rrrxxf.exec:\7rrrxxf.exe190⤵
-
\??\c:\hbhhnt.exec:\hbhhnt.exe191⤵
-
\??\c:\thtbbh.exec:\thtbbh.exe192⤵
-
\??\c:\jjpvd.exec:\jjpvd.exe193⤵
-
\??\c:\rrflrlx.exec:\rrflrlx.exe194⤵
-
\??\c:\frffllx.exec:\frffllx.exe195⤵
-
\??\c:\tnnbnn.exec:\tnnbnn.exe196⤵
-
\??\c:\9pppd.exec:\9pppd.exe197⤵
-
\??\c:\ppjpj.exec:\ppjpj.exe198⤵
-
\??\c:\rfrlflx.exec:\rfrlflx.exe199⤵
-
\??\c:\lxllxfl.exec:\lxllxfl.exe200⤵
-
\??\c:\1nnbtb.exec:\1nnbtb.exe201⤵
-
\??\c:\tnhntb.exec:\tnhntb.exe202⤵
-
\??\c:\dvjvd.exec:\dvjvd.exe203⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe204⤵
-
\??\c:\7xllrxr.exec:\7xllrxr.exe205⤵
-
\??\c:\lxrrrrr.exec:\lxrrrrr.exe206⤵
-
\??\c:\tnbhnn.exec:\tnbhnn.exe207⤵
-
\??\c:\hbbhnb.exec:\hbbhnb.exe208⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe209⤵
-
\??\c:\vjpvp.exec:\vjpvp.exe210⤵
-
\??\c:\frfxlrf.exec:\frfxlrf.exe211⤵
-
\??\c:\rlxxffr.exec:\rlxxffr.exe212⤵
-
\??\c:\tnhhtt.exec:\tnhhtt.exe213⤵
-
\??\c:\hhttbh.exec:\hhttbh.exe214⤵
-
\??\c:\1pjdp.exec:\1pjdp.exe215⤵
-
\??\c:\vdjvv.exec:\vdjvv.exe216⤵
-
\??\c:\ffrxffx.exec:\ffrxffx.exe217⤵
-
\??\c:\rlxxfrf.exec:\rlxxfrf.exe218⤵
-
\??\c:\hbhbnb.exec:\hbhbnb.exe219⤵
-
\??\c:\7bhhnb.exec:\7bhhnb.exe220⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe221⤵
-
\??\c:\pppdd.exec:\pppdd.exe222⤵
-
\??\c:\7lrrfll.exec:\7lrrfll.exe223⤵
-
\??\c:\9fxxfrf.exec:\9fxxfrf.exe224⤵
-
\??\c:\ttnthb.exec:\ttnthb.exe225⤵
-
\??\c:\bthnbb.exec:\bthnbb.exe226⤵
-
\??\c:\9vdpd.exec:\9vdpd.exe227⤵
-
\??\c:\vpddj.exec:\vpddj.exe228⤵
-
\??\c:\rlxxfff.exec:\rlxxfff.exe229⤵
-
\??\c:\1lxfllr.exec:\1lxfllr.exe230⤵
-
\??\c:\nnhthh.exec:\nnhthh.exe231⤵
-
\??\c:\hhbbtt.exec:\hhbbtt.exe232⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe233⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe234⤵
-
\??\c:\3lxflrf.exec:\3lxflrf.exe235⤵
-
\??\c:\rlflrlx.exec:\rlflrlx.exe236⤵
-
\??\c:\tnhnhn.exec:\tnhnhn.exe237⤵
-
\??\c:\thbhth.exec:\thbhth.exe238⤵
-
\??\c:\dvpjp.exec:\dvpjp.exe239⤵
-
\??\c:\jjdvj.exec:\jjdvj.exe240⤵
-
\??\c:\rrffffr.exec:\rrffffr.exe241⤵