Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
21-05-2024 04:11
General
-
Target
cbb17759463c6e0146752a71f4ee9360e314a9b25d1f2c8f838c6dd085d0ed7d.exe
-
Size
116KB
-
MD5
47a0cfee6b758edf8c1ae963ebbafb06
-
SHA1
c64baf40ee40d21c09aa8dc10d3086f845255b89
-
SHA256
cbb17759463c6e0146752a71f4ee9360e314a9b25d1f2c8f838c6dd085d0ed7d
-
SHA512
8779713a232e1c298480d1b6c8acca9a881f53b035f6fcef8d195dd751432bf8aab6b3a55189d4b9ad5c2a6c2b02cff05fd61af853fd710872b5d6cfc30cf4d7
-
SSDEEP
3072:ymb3NkkiQ3mdBjFosxXGPXbXQMFHLgDWSmjlkFu:n3C9BRosxW8MFHLMWvl3
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
UPX dump on OEP (original entry point) 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cbb17759463c6e0146752a71f4ee9360e314a9b25d1f2c8f838c6dd085d0ed7d.exe"C:\Users\Admin\AppData\Local\Temp\cbb17759463c6e0146752a71f4ee9360e314a9b25d1f2c8f838c6dd085d0ed7d.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5dppj.exec:\5dppj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xllllr.exec:\3xllllr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhnnt.exec:\bbhnnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvd.exec:\jdpvd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtbnt.exec:\nbtbnt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnnhn.exec:\nnnnhn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvd.exec:\jdpvd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfflrx.exec:\fxfflrx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3thttb.exec:\3thttb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbbtb.exec:\bnbbtb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvj.exec:\pjdvj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dpvd.exec:\3dpvd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fllrrx.exec:\9fllrrx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bnnbb.exec:\1bnnbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdpp.exec:\vpdpp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jdpv.exec:\7jdpv.exe17⤵
- Executes dropped EXE
-
\??\c:\rfxxllr.exec:\rfxxllr.exe18⤵
- Executes dropped EXE
-
\??\c:\bnbhnt.exec:\bnbhnt.exe19⤵
- Executes dropped EXE
-
\??\c:\3hbhnt.exec:\3hbhnt.exe20⤵
- Executes dropped EXE
-
\??\c:\vpdjd.exec:\vpdjd.exe21⤵
- Executes dropped EXE
-
\??\c:\lfxxrrf.exec:\lfxxrrf.exe22⤵
- Executes dropped EXE
-
\??\c:\rrrxxfx.exec:\rrrxxfx.exe23⤵
- Executes dropped EXE
-
\??\c:\nbnnbh.exec:\nbnnbh.exe24⤵
- Executes dropped EXE
-
\??\c:\1ddjp.exec:\1ddjp.exe25⤵
- Executes dropped EXE
-
\??\c:\xxrrrxf.exec:\xxrrrxf.exe26⤵
- Executes dropped EXE
-
\??\c:\lrlffrf.exec:\lrlffrf.exe27⤵
- Executes dropped EXE
-
\??\c:\tbhtht.exec:\tbhtht.exe28⤵
- Executes dropped EXE
-
\??\c:\9pppj.exec:\9pppj.exe29⤵
- Executes dropped EXE
-
\??\c:\fxfrrrf.exec:\fxfrrrf.exe30⤵
- Executes dropped EXE
-
\??\c:\hbbhtt.exec:\hbbhtt.exe31⤵
- Executes dropped EXE
-
\??\c:\5thhnn.exec:\5thhnn.exe32⤵
- Executes dropped EXE
-
\??\c:\jdjpv.exec:\jdjpv.exe33⤵
- Executes dropped EXE
-
\??\c:\5rfflxx.exec:\5rfflxx.exe34⤵
- Executes dropped EXE
-
\??\c:\frlrrrr.exec:\frlrrrr.exe35⤵
- Executes dropped EXE
-
\??\c:\nhhhhh.exec:\nhhhhh.exe36⤵
- Executes dropped EXE
-
\??\c:\3nhnnn.exec:\3nhnnn.exe37⤵
- Executes dropped EXE
-
\??\c:\jdvdv.exec:\jdvdv.exe38⤵
- Executes dropped EXE
-
\??\c:\jvdjp.exec:\jvdjp.exe39⤵
- Executes dropped EXE
-
\??\c:\rlxxfxf.exec:\rlxxfxf.exe40⤵
- Executes dropped EXE
-
\??\c:\7xfrlrf.exec:\7xfrlrf.exe41⤵
- Executes dropped EXE
-
\??\c:\5thntt.exec:\5thntt.exe42⤵
- Executes dropped EXE
-
\??\c:\hbntbb.exec:\hbntbb.exe43⤵
- Executes dropped EXE
-
\??\c:\jdpvd.exec:\jdpvd.exe44⤵
- Executes dropped EXE
-
\??\c:\pjvpp.exec:\pjvpp.exe45⤵
- Executes dropped EXE
-
\??\c:\flrxfxf.exec:\flrxfxf.exe46⤵
- Executes dropped EXE
-
\??\c:\xrxxllx.exec:\xrxxllx.exe47⤵
- Executes dropped EXE
-
\??\c:\thnhnh.exec:\thnhnh.exe48⤵
- Executes dropped EXE
-
\??\c:\httttb.exec:\httttb.exe49⤵
- Executes dropped EXE
-
\??\c:\9bhtbn.exec:\9bhtbn.exe50⤵
- Executes dropped EXE
-
\??\c:\pdpvd.exec:\pdpvd.exe51⤵
- Executes dropped EXE
-
\??\c:\jpjjp.exec:\jpjjp.exe52⤵
- Executes dropped EXE
-
\??\c:\fxlrrxf.exec:\fxlrrxf.exe53⤵
- Executes dropped EXE
-
\??\c:\xxrxllr.exec:\xxrxllr.exe54⤵
- Executes dropped EXE
-
\??\c:\hbnttt.exec:\hbnttt.exe55⤵
- Executes dropped EXE
-
\??\c:\7jjpv.exec:\7jjpv.exe56⤵
- Executes dropped EXE
-
\??\c:\jvjvv.exec:\jvjvv.exe57⤵
- Executes dropped EXE
-
\??\c:\dpvdd.exec:\dpvdd.exe58⤵
- Executes dropped EXE
-
\??\c:\3fllrll.exec:\3fllrll.exe59⤵
- Executes dropped EXE
-
\??\c:\fxrrxff.exec:\fxrrxff.exe60⤵
- Executes dropped EXE
-
\??\c:\9tntbb.exec:\9tntbb.exe61⤵
- Executes dropped EXE
-
\??\c:\hhttnn.exec:\hhttnn.exe62⤵
- Executes dropped EXE
-
\??\c:\pjvpv.exec:\pjvpv.exe63⤵
- Executes dropped EXE
-
\??\c:\7jvvp.exec:\7jvvp.exe64⤵
- Executes dropped EXE
-
\??\c:\xrxxrrx.exec:\xrxxrrx.exe65⤵
- Executes dropped EXE
-
\??\c:\rfxxffl.exec:\rfxxffl.exe66⤵
-
\??\c:\fxrfxxl.exec:\fxrfxxl.exe67⤵
-
\??\c:\hbhnth.exec:\hbhnth.exe68⤵
-
\??\c:\hbtbhh.exec:\hbtbhh.exe69⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe70⤵
-
\??\c:\5dpjj.exec:\5dpjj.exe71⤵
-
\??\c:\lfrxxrf.exec:\lfrxxrf.exe72⤵
-
\??\c:\9fflxll.exec:\9fflxll.exe73⤵
-
\??\c:\3htntt.exec:\3htntt.exe74⤵
-
\??\c:\btnttb.exec:\btnttb.exe75⤵
-
\??\c:\dvpvv.exec:\dvpvv.exe76⤵
-
\??\c:\5pddj.exec:\5pddj.exe77⤵
-
\??\c:\rlrrxxf.exec:\rlrrxxf.exe78⤵
-
\??\c:\1fxxffl.exec:\1fxxffl.exe79⤵
-
\??\c:\5llrxfl.exec:\5llrxfl.exe80⤵
-
\??\c:\nhhntn.exec:\nhhntn.exe81⤵
-
\??\c:\7jdjv.exec:\7jdjv.exe82⤵
-
\??\c:\ddjvv.exec:\ddjvv.exe83⤵
-
\??\c:\xxxlflx.exec:\xxxlflx.exe84⤵
-
\??\c:\frffrrr.exec:\frffrrr.exe85⤵
-
\??\c:\7btttn.exec:\7btttn.exe86⤵
-
\??\c:\nhnhtb.exec:\nhnhtb.exe87⤵
-
\??\c:\jdppv.exec:\jdppv.exe88⤵
-
\??\c:\5djdp.exec:\5djdp.exe89⤵
-
\??\c:\9xrfrlx.exec:\9xrfrlx.exe90⤵
-
\??\c:\3rlllrr.exec:\3rlllrr.exe91⤵
-
\??\c:\9hbntb.exec:\9hbntb.exe92⤵
-
\??\c:\9htbhn.exec:\9htbhn.exe93⤵
-
\??\c:\vdjpp.exec:\vdjpp.exe94⤵
-
\??\c:\1lffflr.exec:\1lffflr.exe95⤵
-
\??\c:\xxxffrx.exec:\xxxffrx.exe96⤵
-
\??\c:\nhthtt.exec:\nhthtt.exe97⤵
-
\??\c:\htbbnn.exec:\htbbnn.exe98⤵
-
\??\c:\9jdjp.exec:\9jdjp.exe99⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe100⤵
-
\??\c:\llrlrrf.exec:\llrlrrf.exe101⤵
-
\??\c:\rlllrrf.exec:\rlllrrf.exe102⤵
-
\??\c:\3ntbnt.exec:\3ntbnt.exe103⤵
-
\??\c:\tnhhnt.exec:\tnhhnt.exe104⤵
-
\??\c:\ddddv.exec:\ddddv.exe105⤵
-
\??\c:\jvpjv.exec:\jvpjv.exe106⤵
-
\??\c:\5rrfrxf.exec:\5rrfrxf.exe107⤵
-
\??\c:\xlfrrlr.exec:\xlfrrlr.exe108⤵
-
\??\c:\tthbnb.exec:\tthbnb.exe109⤵
-
\??\c:\dvdpv.exec:\dvdpv.exe110⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe111⤵
-
\??\c:\xrllxfr.exec:\xrllxfr.exe112⤵
-
\??\c:\rfllffx.exec:\rfllffx.exe113⤵
-
\??\c:\9ththt.exec:\9ththt.exe114⤵
-
\??\c:\3bbnbn.exec:\3bbnbn.exe115⤵
-
\??\c:\vvvvd.exec:\vvvvd.exe116⤵
-
\??\c:\1vjvd.exec:\1vjvd.exe117⤵
-
\??\c:\frllrxr.exec:\frllrxr.exe118⤵
-
\??\c:\fxrfflf.exec:\fxrfflf.exe119⤵
-
\??\c:\thbthb.exec:\thbthb.exe120⤵
-
\??\c:\tnhhtt.exec:\tnhhtt.exe121⤵
-
\??\c:\9dddj.exec:\9dddj.exe122⤵
-
\??\c:\ppvjd.exec:\ppvjd.exe123⤵
-
\??\c:\llfflrx.exec:\llfflrx.exe124⤵
-
\??\c:\rrlrfrf.exec:\rrlrfrf.exe125⤵
-
\??\c:\bttbht.exec:\bttbht.exe126⤵
-
\??\c:\btbnbh.exec:\btbnbh.exe127⤵
-
\??\c:\pppvj.exec:\pppvj.exe128⤵
-
\??\c:\5pddj.exec:\5pddj.exe129⤵
-
\??\c:\xxrxxfl.exec:\xxrxxfl.exe130⤵
-
\??\c:\3tttbh.exec:\3tttbh.exe131⤵
-
\??\c:\bbtbtb.exec:\bbtbtb.exe132⤵
-
\??\c:\dvvvd.exec:\dvvvd.exe133⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe134⤵
-
\??\c:\3jjpj.exec:\3jjpj.exe135⤵
-
\??\c:\ffrlxxf.exec:\ffrlxxf.exe136⤵
-
\??\c:\hhhtbb.exec:\hhhtbb.exe137⤵
-
\??\c:\hhnhht.exec:\hhnhht.exe138⤵
-
\??\c:\jddjp.exec:\jddjp.exe139⤵
-
\??\c:\vpdpv.exec:\vpdpv.exe140⤵
-
\??\c:\ffxxlrx.exec:\ffxxlrx.exe141⤵
-
\??\c:\rlrlxfl.exec:\rlrlxfl.exe142⤵
-
\??\c:\btbhbt.exec:\btbhbt.exe143⤵
-
\??\c:\nhntnt.exec:\nhntnt.exe144⤵
-
\??\c:\3ppvj.exec:\3ppvj.exe145⤵
-
\??\c:\pdjpd.exec:\pdjpd.exe146⤵
-
\??\c:\lfxxflr.exec:\lfxxflr.exe147⤵
-
\??\c:\nhnnth.exec:\nhnnth.exe148⤵
-
\??\c:\bbnhtt.exec:\bbnhtt.exe149⤵
-
\??\c:\pjppp.exec:\pjppp.exe150⤵
-
\??\c:\7jjpv.exec:\7jjpv.exe151⤵
-
\??\c:\lfxlrxf.exec:\lfxlrxf.exe152⤵
-
\??\c:\1rrrxrf.exec:\1rrrxrf.exe153⤵
-
\??\c:\nhbhtb.exec:\nhbhtb.exe154⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe155⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe156⤵
-
\??\c:\pvddd.exec:\pvddd.exe157⤵
-
\??\c:\xxrrflr.exec:\xxrrflr.exe158⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe159⤵
-
\??\c:\1lrxfll.exec:\1lrxfll.exe160⤵
-
\??\c:\ffxfxxf.exec:\ffxfxxf.exe161⤵
-
\??\c:\hthtnh.exec:\hthtnh.exe162⤵
-
\??\c:\nhtbnt.exec:\nhtbnt.exe163⤵
-
\??\c:\vvdjp.exec:\vvdjp.exe164⤵
-
\??\c:\dvppd.exec:\dvppd.exe165⤵
-
\??\c:\1dvdj.exec:\1dvdj.exe166⤵
-
\??\c:\rrfllrx.exec:\rrfllrx.exe167⤵
-
\??\c:\ttntht.exec:\ttntht.exe168⤵
-
\??\c:\9nhthh.exec:\9nhthh.exe169⤵
-
\??\c:\jdppd.exec:\jdppd.exe170⤵
-
\??\c:\ddpvv.exec:\ddpvv.exe171⤵
-
\??\c:\lffflrf.exec:\lffflrf.exe172⤵
-
\??\c:\xlxxfxf.exec:\xlxxfxf.exe173⤵
-
\??\c:\hhtbnn.exec:\hhtbnn.exe174⤵
-
\??\c:\hhthtn.exec:\hhthtn.exe175⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe176⤵
-
\??\c:\vvjpd.exec:\vvjpd.exe177⤵
-
\??\c:\3fllxfl.exec:\3fllxfl.exe178⤵
-
\??\c:\lxlrflr.exec:\lxlrflr.exe179⤵
-
\??\c:\nnhnhh.exec:\nnhnhh.exe180⤵
-
\??\c:\hbhhtt.exec:\hbhhtt.exe181⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe182⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe183⤵
-
\??\c:\fxxflrx.exec:\fxxflrx.exe184⤵
-
\??\c:\rlxfflr.exec:\rlxfflr.exe185⤵
-
\??\c:\tnhntt.exec:\tnhntt.exe186⤵
-
\??\c:\tnhttb.exec:\tnhttb.exe187⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe188⤵
-
\??\c:\1pjvj.exec:\1pjvj.exe189⤵
-
\??\c:\lrrlrxl.exec:\lrrlrxl.exe190⤵
-
\??\c:\rfllxfr.exec:\rfllxfr.exe191⤵
-
\??\c:\hbhbnt.exec:\hbhbnt.exe192⤵
-
\??\c:\hbbnhh.exec:\hbbnhh.exe193⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe194⤵
-
\??\c:\rllfrxr.exec:\rllfrxr.exe195⤵
-
\??\c:\ttbbhn.exec:\ttbbhn.exe196⤵
-
\??\c:\btbhnn.exec:\btbhnn.exe197⤵
-
\??\c:\5pdjd.exec:\5pdjd.exe198⤵
-
\??\c:\pjjpj.exec:\pjjpj.exe199⤵
-
\??\c:\xrflrrx.exec:\xrflrrx.exe200⤵
-
\??\c:\hhttbb.exec:\hhttbb.exe201⤵
-
\??\c:\3bbnth.exec:\3bbnth.exe202⤵
-
\??\c:\jjdpj.exec:\jjdpj.exe203⤵
-
\??\c:\djjpp.exec:\djjpp.exe204⤵
-
\??\c:\jdvjj.exec:\jdvjj.exe205⤵
-
\??\c:\rrxxxxl.exec:\rrxxxxl.exe206⤵
-
\??\c:\tnhntt.exec:\tnhntt.exe207⤵
-
\??\c:\9nnnhh.exec:\9nnnhh.exe208⤵
-
\??\c:\ddjvd.exec:\ddjvd.exe209⤵
-
\??\c:\jdppv.exec:\jdppv.exe210⤵
-
\??\c:\fxlrxlx.exec:\fxlrxlx.exe211⤵
-
\??\c:\fxlrrxf.exec:\fxlrrxf.exe212⤵
-
\??\c:\bhhbhn.exec:\bhhbhn.exe213⤵
-
\??\c:\nhnttn.exec:\nhnttn.exe214⤵
-
\??\c:\jjdjd.exec:\jjdjd.exe215⤵
-
\??\c:\pppvd.exec:\pppvd.exe216⤵
-
\??\c:\xxllrxl.exec:\xxllrxl.exe217⤵
-
\??\c:\htntht.exec:\htntht.exe218⤵
-
\??\c:\3nhhtt.exec:\3nhhtt.exe219⤵
-
\??\c:\btntbn.exec:\btntbn.exe220⤵
-
\??\c:\dpddd.exec:\dpddd.exe221⤵
-
\??\c:\5xxxffr.exec:\5xxxffr.exe222⤵
-
\??\c:\lflfxfl.exec:\lflfxfl.exe223⤵
-
\??\c:\xrllrrx.exec:\xrllrrx.exe224⤵
-
\??\c:\nhbhtb.exec:\nhbhtb.exe225⤵
-
\??\c:\ttnhnt.exec:\ttnhnt.exe226⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe227⤵
-
\??\c:\jdppv.exec:\jdppv.exe228⤵
-
\??\c:\xrxxxxf.exec:\xrxxxxf.exe229⤵
-
\??\c:\fxflrxx.exec:\fxflrxx.exe230⤵
-
\??\c:\nhbnbb.exec:\nhbnbb.exe231⤵
-
\??\c:\bttbbh.exec:\bttbbh.exe232⤵
-
\??\c:\1vjdd.exec:\1vjdd.exe233⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe234⤵
-
\??\c:\xrffxrf.exec:\xrffxrf.exe235⤵
-
\??\c:\7xxfflx.exec:\7xxfflx.exe236⤵
-
\??\c:\btbtbh.exec:\btbtbh.exe237⤵
-
\??\c:\7tnbth.exec:\7tnbth.exe238⤵
-
\??\c:\5vjpv.exec:\5vjpv.exe239⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe240⤵
-
\??\c:\rlfrffl.exec:\rlfrffl.exe241⤵