Analysis
-
max time kernel
150s -
max time network
108s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
21-05-2024 03:13
General
-
Target
b722eddc7cdfa67211dae57410169d75dbd873d8a61d7478f7c89764368f8b4a.exe
-
Size
382KB
-
MD5
7fb793cdf3e86a01901b65a0843ccfe0
-
SHA1
cb7de5555af0c2d72f500535acbabae9be46075f
-
SHA256
b722eddc7cdfa67211dae57410169d75dbd873d8a61d7478f7c89764368f8b4a
-
SHA512
635308fdd6642b1739c927a5775337c68c8df9a9c3299c2e376513a005f694f97fb6801e656bc9426449a2298881e81669e21bc86b2d8e0df59e65204c15932c
-
SSDEEP
6144:n3C9BRIG0asYFm71mPfkVB8dKwaO5CVwD:n3C9uYA7okVqdKwaO5CV4
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
UPX dump on OEP (original entry point) 31 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b722eddc7cdfa67211dae57410169d75dbd873d8a61d7478f7c89764368f8b4a.exe"C:\Users\Admin\AppData\Local\Temp\b722eddc7cdfa67211dae57410169d75dbd873d8a61d7478f7c89764368f8b4a.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvp.exec:\jvdvp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrxlf.exec:\fxxrxlf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnhh.exec:\hbtnhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpdv.exec:\pjpdv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfffxrr.exec:\lfffxrr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nnbhb.exec:\9nnbhb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdvj.exec:\vvdvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxrrl.exec:\fxfxrrl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlxxr.exec:\fxrlxxr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdv.exec:\pdjdv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvp.exec:\pjdvp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xxxxrr.exec:\1xxxxrr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjdd.exec:\ddjdd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrlllr.exec:\lfrlllr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrllfll.exec:\rrllfll.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbttb.exec:\nhbttb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppj.exec:\jdppj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrlflf.exec:\rfrlflf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfxfxx.exec:\rrfxfxx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbbtt.exec:\nbbbtt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjpp.exec:\ddjpp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdpd.exec:\jvdpd.exe23⤵
- Executes dropped EXE
-
\??\c:\lffrlrr.exec:\lffrlrr.exe24⤵
- Executes dropped EXE
-
\??\c:\1nnnhn.exec:\1nnnhn.exe25⤵
- Executes dropped EXE
-
\??\c:\3ddvp.exec:\3ddvp.exe26⤵
- Executes dropped EXE
-
\??\c:\rflfxxr.exec:\rflfxxr.exe27⤵
- Executes dropped EXE
-
\??\c:\hntnhn.exec:\hntnhn.exe28⤵
- Executes dropped EXE
-
\??\c:\nbhtnn.exec:\nbhtnn.exe29⤵
- Executes dropped EXE
-
\??\c:\rlxlfxl.exec:\rlxlfxl.exe30⤵
- Executes dropped EXE
-
\??\c:\bbhbth.exec:\bbhbth.exe31⤵
- Executes dropped EXE
-
\??\c:\vvjjv.exec:\vvjjv.exe32⤵
- Executes dropped EXE
-
\??\c:\rffxlll.exec:\rffxlll.exe33⤵
- Executes dropped EXE
-
\??\c:\hbnbnh.exec:\hbnbnh.exe34⤵
- Executes dropped EXE
-
\??\c:\nhbnhb.exec:\nhbnhb.exe35⤵
- Executes dropped EXE
-
\??\c:\xrrlxrx.exec:\xrrlxrx.exe36⤵
- Executes dropped EXE
-
\??\c:\xflffxf.exec:\xflffxf.exe37⤵
- Executes dropped EXE
-
\??\c:\htthbb.exec:\htthbb.exe38⤵
- Executes dropped EXE
-
\??\c:\vdpjv.exec:\vdpjv.exe39⤵
- Executes dropped EXE
-
\??\c:\dddvd.exec:\dddvd.exe40⤵
- Executes dropped EXE
-
\??\c:\xrfxlfx.exec:\xrfxlfx.exe41⤵
- Executes dropped EXE
-
\??\c:\hbtnhh.exec:\hbtnhh.exe42⤵
- Executes dropped EXE
-
\??\c:\7jdvp.exec:\7jdvp.exe43⤵
- Executes dropped EXE
-
\??\c:\7fxrxxr.exec:\7fxrxxr.exe44⤵
- Executes dropped EXE
-
\??\c:\5rlxlll.exec:\5rlxlll.exe45⤵
- Executes dropped EXE
-
\??\c:\hbbttt.exec:\hbbttt.exe46⤵
- Executes dropped EXE
-
\??\c:\jddvj.exec:\jddvj.exe47⤵
- Executes dropped EXE
-
\??\c:\vpdvp.exec:\vpdvp.exe48⤵
- Executes dropped EXE
-
\??\c:\ffllllr.exec:\ffllllr.exe49⤵
- Executes dropped EXE
-
\??\c:\bhhbhh.exec:\bhhbhh.exe50⤵
- Executes dropped EXE
-
\??\c:\djdvd.exec:\djdvd.exe51⤵
- Executes dropped EXE
-
\??\c:\pjpjv.exec:\pjpjv.exe52⤵
- Executes dropped EXE
-
\??\c:\rlfrrrl.exec:\rlfrrrl.exe53⤵
- Executes dropped EXE
-
\??\c:\nhhbbt.exec:\nhhbbt.exe54⤵
- Executes dropped EXE
-
\??\c:\5dvvj.exec:\5dvvj.exe55⤵
- Executes dropped EXE
-
\??\c:\vvvjd.exec:\vvvjd.exe56⤵
- Executes dropped EXE
-
\??\c:\flxlrll.exec:\flxlrll.exe57⤵
- Executes dropped EXE
-
\??\c:\bhtttb.exec:\bhtttb.exe58⤵
- Executes dropped EXE
-
\??\c:\nbbthb.exec:\nbbthb.exe59⤵
- Executes dropped EXE
-
\??\c:\pjvjd.exec:\pjvjd.exe60⤵
- Executes dropped EXE
-
\??\c:\jddpd.exec:\jddpd.exe61⤵
- Executes dropped EXE
-
\??\c:\rlrrrxf.exec:\rlrrrxf.exe62⤵
- Executes dropped EXE
-
\??\c:\thhbtn.exec:\thhbtn.exe63⤵
- Executes dropped EXE
-
\??\c:\hnbttt.exec:\hnbttt.exe64⤵
- Executes dropped EXE
-
\??\c:\3vdvp.exec:\3vdvp.exe65⤵
- Executes dropped EXE
-
\??\c:\jdvjd.exec:\jdvjd.exe66⤵
-
\??\c:\llffxxr.exec:\llffxxr.exe67⤵
-
\??\c:\fflfxxr.exec:\fflfxxr.exe68⤵
-
\??\c:\bnhhhb.exec:\bnhhhb.exe69⤵
-
\??\c:\jjpdj.exec:\jjpdj.exe70⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe71⤵
-
\??\c:\7lrrlll.exec:\7lrrlll.exe72⤵
-
\??\c:\xrrlfll.exec:\xrrlfll.exe73⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe74⤵
-
\??\c:\jdvjd.exec:\jdvjd.exe75⤵
-
\??\c:\3xlfffx.exec:\3xlfffx.exe76⤵
-
\??\c:\lrllfxx.exec:\lrllfxx.exe77⤵
-
\??\c:\btttnn.exec:\btttnn.exe78⤵
-
\??\c:\nnnhht.exec:\nnnhht.exe79⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe80⤵
-
\??\c:\3jpjj.exec:\3jpjj.exe81⤵
-
\??\c:\xrrrllf.exec:\xrrrllf.exe82⤵
-
\??\c:\lffxrlf.exec:\lffxrlf.exe83⤵
-
\??\c:\thhhhh.exec:\thhhhh.exe84⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe85⤵
-
\??\c:\vvdpd.exec:\vvdpd.exe86⤵
-
\??\c:\fxxrllf.exec:\fxxrllf.exe87⤵
-
\??\c:\xxllfff.exec:\xxllfff.exe88⤵
-
\??\c:\hnbthn.exec:\hnbthn.exe89⤵
-
\??\c:\tnhbtn.exec:\tnhbtn.exe90⤵
-
\??\c:\pppjv.exec:\pppjv.exe91⤵
-
\??\c:\5xfxrlf.exec:\5xfxrlf.exe92⤵
-
\??\c:\lfrllrr.exec:\lfrllrr.exe93⤵
-
\??\c:\tntnhh.exec:\tntnhh.exe94⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe95⤵
-
\??\c:\5fxrlll.exec:\5fxrlll.exe96⤵
-
\??\c:\lfxrllx.exec:\lfxrllx.exe97⤵
-
\??\c:\hbtttt.exec:\hbtttt.exe98⤵
-
\??\c:\dddvj.exec:\dddvj.exe99⤵
-
\??\c:\xllfxrl.exec:\xllfxrl.exe100⤵
-
\??\c:\tbbntn.exec:\tbbntn.exe101⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe102⤵
-
\??\c:\ntbnbt.exec:\ntbnbt.exe103⤵
-
\??\c:\ddpdj.exec:\ddpdj.exe104⤵
-
\??\c:\jvpdp.exec:\jvpdp.exe105⤵
-
\??\c:\bhntth.exec:\bhntth.exe106⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe107⤵
-
\??\c:\ffrxrxr.exec:\ffrxrxr.exe108⤵
-
\??\c:\9tthbh.exec:\9tthbh.exe109⤵
-
\??\c:\nbtnht.exec:\nbtnht.exe110⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe111⤵
-
\??\c:\xxflxff.exec:\xxflxff.exe112⤵
-
\??\c:\hbtnhb.exec:\hbtnhb.exe113⤵
-
\??\c:\xfrrfff.exec:\xfrrfff.exe114⤵
-
\??\c:\hhhbtn.exec:\hhhbtn.exe115⤵
-
\??\c:\ttttbh.exec:\ttttbh.exe116⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe117⤵
-
\??\c:\lrxrlfx.exec:\lrxrlfx.exe118⤵
-
\??\c:\rrrfllr.exec:\rrrfllr.exe119⤵
-
\??\c:\bbbhbb.exec:\bbbhbb.exe120⤵
-
\??\c:\bthbtt.exec:\bthbtt.exe121⤵
-
\??\c:\jjppj.exec:\jjppj.exe122⤵
-
\??\c:\xrrxrxx.exec:\xrrxrxx.exe123⤵
-
\??\c:\rrrlffx.exec:\rrrlffx.exe124⤵
-
\??\c:\hbnhnn.exec:\hbnhnn.exe125⤵
-
\??\c:\bhbtnt.exec:\bhbtnt.exe126⤵
-
\??\c:\pdddv.exec:\pdddv.exe127⤵
-
\??\c:\rllfffx.exec:\rllfffx.exe128⤵
-
\??\c:\3lxxrrl.exec:\3lxxrrl.exe129⤵
-
\??\c:\3tnhbt.exec:\3tnhbt.exe130⤵
-
\??\c:\5jvdv.exec:\5jvdv.exe131⤵
-
\??\c:\vpdvd.exec:\vpdvd.exe132⤵
-
\??\c:\xrxrffx.exec:\xrxrffx.exe133⤵
-
\??\c:\htnhbb.exec:\htnhbb.exe134⤵
-
\??\c:\tntthh.exec:\tntthh.exe135⤵
-
\??\c:\pppdp.exec:\pppdp.exe136⤵
-
\??\c:\rlrllll.exec:\rlrllll.exe137⤵
-
\??\c:\rlfrlff.exec:\rlfrlff.exe138⤵
-
\??\c:\tttnnn.exec:\tttnnn.exe139⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe140⤵
-
\??\c:\xlrlxxr.exec:\xlrlxxr.exe141⤵
-
\??\c:\rxfxxrl.exec:\rxfxxrl.exe142⤵
-
\??\c:\nbbthh.exec:\nbbthh.exe143⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe144⤵
-
\??\c:\vvpjd.exec:\vvpjd.exe145⤵
-
\??\c:\rxllffx.exec:\rxllffx.exe146⤵
-
\??\c:\thbtnh.exec:\thbtnh.exe147⤵
-
\??\c:\bbhbtn.exec:\bbhbtn.exe148⤵
-
\??\c:\9pvpj.exec:\9pvpj.exe149⤵
-
\??\c:\xxxrffx.exec:\xxxrffx.exe150⤵
-
\??\c:\lrxrlfx.exec:\lrxrlfx.exe151⤵
-
\??\c:\hhtnnn.exec:\hhtnnn.exe152⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe153⤵
-
\??\c:\lfflllf.exec:\lfflllf.exe154⤵
-
\??\c:\llllfll.exec:\llllfll.exe155⤵
-
\??\c:\tnhtnt.exec:\tnhtnt.exe156⤵
-
\??\c:\jjppd.exec:\jjppd.exe157⤵
-
\??\c:\7llfrrx.exec:\7llfrrx.exe158⤵
-
\??\c:\bnnnbb.exec:\bnnnbb.exe159⤵
-
\??\c:\btnhtt.exec:\btnhtt.exe160⤵
-
\??\c:\vvdvj.exec:\vvdvj.exe161⤵
-
\??\c:\rrrrlll.exec:\rrrrlll.exe162⤵
-
\??\c:\thhhbb.exec:\thhhbb.exe163⤵
-
\??\c:\ppppv.exec:\ppppv.exe164⤵
-
\??\c:\flrrfxr.exec:\flrrfxr.exe165⤵
-
\??\c:\lxlrxxx.exec:\lxlrxxx.exe166⤵
-
\??\c:\hbbtnh.exec:\hbbtnh.exe167⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe168⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe169⤵
-
\??\c:\frrlxrl.exec:\frrlxrl.exe170⤵
-
\??\c:\nbhbbb.exec:\nbhbbb.exe171⤵
-
\??\c:\vvdvd.exec:\vvdvd.exe172⤵
-
\??\c:\fxxllll.exec:\fxxllll.exe173⤵
-
\??\c:\fxllffx.exec:\fxllffx.exe174⤵
-
\??\c:\htbhht.exec:\htbhht.exe175⤵
-
\??\c:\xlrllrl.exec:\xlrllrl.exe176⤵
-
\??\c:\bttnbb.exec:\bttnbb.exe177⤵
-
\??\c:\xrfxrlf.exec:\xrfxrlf.exe178⤵
-
\??\c:\tttbtt.exec:\tttbtt.exe179⤵
-
\??\c:\nbbthb.exec:\nbbthb.exe180⤵
-
\??\c:\xrrrfxr.exec:\xrrrfxr.exe181⤵
-
\??\c:\bhbnbt.exec:\bhbnbt.exe182⤵
-
\??\c:\bhtnhb.exec:\bhtnhb.exe183⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe184⤵
-
\??\c:\xxfffll.exec:\xxfffll.exe185⤵
-
\??\c:\flrxrrl.exec:\flrxrrl.exe186⤵
-
\??\c:\nhnnhh.exec:\nhnnhh.exe187⤵
-
\??\c:\thtnnh.exec:\thtnnh.exe188⤵
-
\??\c:\jdddj.exec:\jdddj.exe189⤵
-
\??\c:\3rrlxrl.exec:\3rrlxrl.exe190⤵
-
\??\c:\bbhbbb.exec:\bbhbbb.exe191⤵
-
\??\c:\ttbbbb.exec:\ttbbbb.exe192⤵
-
\??\c:\vdvpj.exec:\vdvpj.exe193⤵
-
\??\c:\rxrfxxr.exec:\rxrfxxr.exe194⤵
-
\??\c:\xfxrllf.exec:\xfxrllf.exe195⤵
-
\??\c:\nhtnht.exec:\nhtnht.exe196⤵
-
\??\c:\bbbnnn.exec:\bbbnnn.exe197⤵
-
\??\c:\ppvjd.exec:\ppvjd.exe198⤵
-
\??\c:\lxlrxrf.exec:\lxlrxrf.exe199⤵
-
\??\c:\rrrrffl.exec:\rrrrffl.exe200⤵
-
\??\c:\1bbbtt.exec:\1bbbtt.exe201⤵
-
\??\c:\dpvvj.exec:\dpvvj.exe202⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe203⤵
-
\??\c:\xxrfxfl.exec:\xxrfxfl.exe204⤵
-
\??\c:\fflxxxr.exec:\fflxxxr.exe205⤵
-
\??\c:\bttnhb.exec:\bttnhb.exe206⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe207⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe208⤵
-
\??\c:\5xfrllf.exec:\5xfrllf.exe209⤵
-
\??\c:\llrlrlr.exec:\llrlrlr.exe210⤵
-
\??\c:\nntttt.exec:\nntttt.exe211⤵
-
\??\c:\pjdjj.exec:\pjdjj.exe212⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe213⤵
-
\??\c:\xlrrfff.exec:\xlrrfff.exe214⤵
-
\??\c:\xxxlffr.exec:\xxxlffr.exe215⤵
-
\??\c:\3ttnnn.exec:\3ttnnn.exe216⤵
-
\??\c:\tbhtnh.exec:\tbhtnh.exe217⤵
-
\??\c:\vdjdp.exec:\vdjdp.exe218⤵
-
\??\c:\3rxlffx.exec:\3rxlffx.exe219⤵
-
\??\c:\rxffxxr.exec:\rxffxxr.exe220⤵
-
\??\c:\nhhhbb.exec:\nhhhbb.exe221⤵
-
\??\c:\tbbbnn.exec:\tbbbnn.exe222⤵
-
\??\c:\ppjjd.exec:\ppjjd.exe223⤵
-
\??\c:\xrxrfff.exec:\xrxrfff.exe224⤵
-
\??\c:\lfffxrr.exec:\lfffxrr.exe225⤵
-
\??\c:\nhhbtn.exec:\nhhbtn.exe226⤵
-
\??\c:\ddddd.exec:\ddddd.exe227⤵
-
\??\c:\djpjv.exec:\djpjv.exe228⤵
-
\??\c:\xlrfxxr.exec:\xlrfxxr.exe229⤵
-
\??\c:\fxrrrrl.exec:\fxrrrrl.exe230⤵
-
\??\c:\hbtnnn.exec:\hbtnnn.exe231⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe232⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe233⤵
-
\??\c:\xrrlflf.exec:\xrrlflf.exe234⤵
-
\??\c:\lrfxrxx.exec:\lrfxrxx.exe235⤵
-
\??\c:\5hnhhh.exec:\5hnhhh.exe236⤵
-
\??\c:\bbhbtt.exec:\bbhbtt.exe237⤵
-
\??\c:\jvdvj.exec:\jvdvj.exe238⤵
-
\??\c:\xlrlxxl.exec:\xlrlxxl.exe239⤵
-
\??\c:\xlxrrrx.exec:\xlxrrrx.exe240⤵
-
\??\c:\nbbbbt.exec:\nbbbbt.exe241⤵