Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
21-05-2024 05:00
General
-
Target
df2236dc39110b6794fbd84c7a00b05e37e0f151809718b085dd32f0218fe08c.exe
-
Size
80KB
-
MD5
e64dd6430ef406da889a8c246c7f6046
-
SHA1
44a6a5c00a67ec44df455cb5fb091d2c9e1abde1
-
SHA256
df2236dc39110b6794fbd84c7a00b05e37e0f151809718b085dd32f0218fe08c
-
SHA512
00494ac3bc0f327391e5269c05087b407fa4f03201283053dc8e4d01a495fcaa701b81ad76135995fa062a95fc887dcc7bbd915b78ef8d2de5bc327b98f74bef
-
SSDEEP
1536:zvQBeOGtrYS3srx93UBWfwC6Ggnouy8iT4+C2HVM1p6T7Qr:zhOmTsF93UYfwC6GIoutiTU2HVS63Qr
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 41 IoCs
-
UPX dump on OEP (original entry point) 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\df2236dc39110b6794fbd84c7a00b05e37e0f151809718b085dd32f0218fe08c.exe"C:\Users\Admin\AppData\Local\Temp\df2236dc39110b6794fbd84c7a00b05e37e0f151809718b085dd32f0218fe08c.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtnbh.exec:\bbtnbh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdppv.exec:\pdppv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xxrllr.exec:\1xxrllr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthtbt.exec:\hthtbt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5httbh.exec:\5httbh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pvdj.exec:\9pvdj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfxrr.exec:\lflfxrr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfxlxl.exec:\llfxlxl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tththn.exec:\tththn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdpj.exec:\vpdpj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdd.exec:\vjjdd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rxffll.exec:\9rxffll.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9thtnn.exec:\9thtnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hnbtn.exec:\3hnbtn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpdd.exec:\pjpdd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvv.exec:\jvdvv.exe17⤵
- Executes dropped EXE
-
\??\c:\rrrxxxr.exec:\rrrxxxr.exe18⤵
- Executes dropped EXE
-
\??\c:\hnhbht.exec:\hnhbht.exe19⤵
- Executes dropped EXE
-
\??\c:\bthtbn.exec:\bthtbn.exe20⤵
- Executes dropped EXE
-
\??\c:\ddpvp.exec:\ddpvp.exe21⤵
- Executes dropped EXE
-
\??\c:\5xrxxxl.exec:\5xrxxxl.exe22⤵
- Executes dropped EXE
-
\??\c:\fxrfrlr.exec:\fxrfrlr.exe23⤵
- Executes dropped EXE
-
\??\c:\hbbbtb.exec:\hbbbtb.exe24⤵
- Executes dropped EXE
-
\??\c:\vpdpj.exec:\vpdpj.exe25⤵
- Executes dropped EXE
-
\??\c:\jjdjj.exec:\jjdjj.exe26⤵
- Executes dropped EXE
-
\??\c:\lxfffff.exec:\lxfffff.exe27⤵
- Executes dropped EXE
-
\??\c:\xrfrxxl.exec:\xrfrxxl.exe28⤵
- Executes dropped EXE
-
\??\c:\nhnnnt.exec:\nhnnnt.exe29⤵
- Executes dropped EXE
-
\??\c:\dppjp.exec:\dppjp.exe30⤵
- Executes dropped EXE
-
\??\c:\frllllr.exec:\frllllr.exe31⤵
- Executes dropped EXE
-
\??\c:\hnbntb.exec:\hnbntb.exe32⤵
- Executes dropped EXE
-
\??\c:\nbnhhb.exec:\nbnhhb.exe33⤵
- Executes dropped EXE
-
\??\c:\7ppvv.exec:\7ppvv.exe34⤵
- Executes dropped EXE
-
\??\c:\frxfffr.exec:\frxfffr.exe35⤵
- Executes dropped EXE
-
\??\c:\xxlxrxf.exec:\xxlxrxf.exe36⤵
- Executes dropped EXE
-
\??\c:\hbhbhh.exec:\hbhbhh.exe37⤵
- Executes dropped EXE
-
\??\c:\nhttbb.exec:\nhttbb.exe38⤵
- Executes dropped EXE
-
\??\c:\jpdpd.exec:\jpdpd.exe39⤵
- Executes dropped EXE
-
\??\c:\vjjjp.exec:\vjjjp.exe40⤵
- Executes dropped EXE
-
\??\c:\9rrfflr.exec:\9rrfflr.exe41⤵
- Executes dropped EXE
-
\??\c:\rlfflrx.exec:\rlfflrx.exe42⤵
- Executes dropped EXE
-
\??\c:\tnbbhn.exec:\tnbbhn.exe43⤵
- Executes dropped EXE
-
\??\c:\nnthht.exec:\nnthht.exe44⤵
- Executes dropped EXE
-
\??\c:\7pddj.exec:\7pddj.exe45⤵
- Executes dropped EXE
-
\??\c:\rrflrxf.exec:\rrflrxf.exe46⤵
- Executes dropped EXE
-
\??\c:\lllfrxl.exec:\lllfrxl.exe47⤵
- Executes dropped EXE
-
\??\c:\nnbbht.exec:\nnbbht.exe48⤵
- Executes dropped EXE
-
\??\c:\hhbnbb.exec:\hhbnbb.exe49⤵
- Executes dropped EXE
-
\??\c:\vpjjj.exec:\vpjjj.exe50⤵
- Executes dropped EXE
-
\??\c:\1djjv.exec:\1djjv.exe51⤵
- Executes dropped EXE
-
\??\c:\rxrxlxr.exec:\rxrxlxr.exe52⤵
- Executes dropped EXE
-
\??\c:\llrxfrx.exec:\llrxfrx.exe53⤵
- Executes dropped EXE
-
\??\c:\nttbhn.exec:\nttbhn.exe54⤵
- Executes dropped EXE
-
\??\c:\tnthtb.exec:\tnthtb.exe55⤵
- Executes dropped EXE
-
\??\c:\pjjpv.exec:\pjjpv.exe56⤵
- Executes dropped EXE
-
\??\c:\ffrllfl.exec:\ffrllfl.exe57⤵
- Executes dropped EXE
-
\??\c:\lrlfxfx.exec:\lrlfxfx.exe58⤵
- Executes dropped EXE
-
\??\c:\nnhhnt.exec:\nnhhnt.exe59⤵
- Executes dropped EXE
-
\??\c:\bbntnt.exec:\bbntnt.exe60⤵
- Executes dropped EXE
-
\??\c:\jjjvd.exec:\jjjvd.exe61⤵
- Executes dropped EXE
-
\??\c:\5dvjp.exec:\5dvjp.exe62⤵
- Executes dropped EXE
-
\??\c:\fxxflrl.exec:\fxxflrl.exe63⤵
- Executes dropped EXE
-
\??\c:\3hbhbh.exec:\3hbhbh.exe64⤵
- Executes dropped EXE
-
\??\c:\bthnbh.exec:\bthnbh.exe65⤵
- Executes dropped EXE
-
\??\c:\vvpjv.exec:\vvpjv.exe66⤵
-
\??\c:\vjpdj.exec:\vjpdj.exe67⤵
-
\??\c:\lxlxflr.exec:\lxlxflr.exe68⤵
-
\??\c:\lfxxxff.exec:\lfxxxff.exe69⤵
-
\??\c:\5bnnth.exec:\5bnnth.exe70⤵
-
\??\c:\hthbbt.exec:\hthbbt.exe71⤵
-
\??\c:\pdvvp.exec:\pdvvp.exe72⤵
-
\??\c:\jvjdv.exec:\jvjdv.exe73⤵
-
\??\c:\xfrrrxx.exec:\xfrrrxx.exe74⤵
-
\??\c:\frxlrrf.exec:\frxlrrf.exe75⤵
-
\??\c:\hbhhnb.exec:\hbhhnb.exe76⤵
-
\??\c:\7bnnnn.exec:\7bnnnn.exe77⤵
-
\??\c:\1jvjp.exec:\1jvjp.exe78⤵
-
\??\c:\pvddp.exec:\pvddp.exe79⤵
-
\??\c:\fxrrxrr.exec:\fxrrxrr.exe80⤵
-
\??\c:\rlxlfff.exec:\rlxlfff.exe81⤵
-
\??\c:\tthhbt.exec:\tthhbt.exe82⤵
-
\??\c:\nbnbbn.exec:\nbnbbn.exe83⤵
-
\??\c:\pdpjv.exec:\pdpjv.exe84⤵
-
\??\c:\pjvdv.exec:\pjvdv.exe85⤵
-
\??\c:\frxrrrl.exec:\frxrrrl.exe86⤵
-
\??\c:\lrxrxff.exec:\lrxrxff.exe87⤵
-
\??\c:\nbnnhb.exec:\nbnnhb.exe88⤵
-
\??\c:\nhbbtt.exec:\nhbbtt.exe89⤵
-
\??\c:\dpjjv.exec:\dpjjv.exe90⤵
-
\??\c:\dvddd.exec:\dvddd.exe91⤵
-
\??\c:\7xrxfrr.exec:\7xrxfrr.exe92⤵
-
\??\c:\fxrrxfl.exec:\fxrrxfl.exe93⤵
-
\??\c:\5htttn.exec:\5htttn.exe94⤵
-
\??\c:\5thbbh.exec:\5thbbh.exe95⤵
-
\??\c:\ntbtbt.exec:\ntbtbt.exe96⤵
-
\??\c:\1pdvd.exec:\1pdvd.exe97⤵
-
\??\c:\vjvdv.exec:\vjvdv.exe98⤵
-
\??\c:\pdjjv.exec:\pdjjv.exe99⤵
-
\??\c:\rlrllll.exec:\rlrllll.exe100⤵
-
\??\c:\fxfflrr.exec:\fxfflrr.exe101⤵
-
\??\c:\hbnhhb.exec:\hbnhhb.exe102⤵
-
\??\c:\thttnn.exec:\thttnn.exe103⤵
-
\??\c:\nbttnn.exec:\nbttnn.exe104⤵
-
\??\c:\7pjjj.exec:\7pjjj.exe105⤵
-
\??\c:\dpppj.exec:\dpppj.exe106⤵
-
\??\c:\xllffxx.exec:\xllffxx.exe107⤵
-
\??\c:\lxxxlfl.exec:\lxxxlfl.exe108⤵
-
\??\c:\1lfxxrr.exec:\1lfxxrr.exe109⤵
-
\??\c:\bnbbhh.exec:\bnbbhh.exe110⤵
-
\??\c:\1htnnn.exec:\1htnnn.exe111⤵
-
\??\c:\7dvdj.exec:\7dvdj.exe112⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe113⤵
-
\??\c:\vdpjj.exec:\vdpjj.exe114⤵
-
\??\c:\xlxxrrr.exec:\xlxxrrr.exe115⤵
-
\??\c:\lxlrlfl.exec:\lxlrlfl.exe116⤵
-
\??\c:\frrlllr.exec:\frrlllr.exe117⤵
-
\??\c:\thnhhh.exec:\thnhhh.exe118⤵
-
\??\c:\1bbttt.exec:\1bbttt.exe119⤵
-
\??\c:\9htnhb.exec:\9htnhb.exe120⤵
-
\??\c:\3jdjj.exec:\3jdjj.exe121⤵
-
\??\c:\pvjdv.exec:\pvjdv.exe122⤵
-
\??\c:\lllxrfr.exec:\lllxrfr.exe123⤵
-
\??\c:\lrllfff.exec:\lrllfff.exe124⤵
-
\??\c:\hhhthh.exec:\hhhthh.exe125⤵
-
\??\c:\nhnnnt.exec:\nhnnnt.exe126⤵
-
\??\c:\dvvpv.exec:\dvvpv.exe127⤵
-
\??\c:\vjvpv.exec:\vjvpv.exe128⤵
-
\??\c:\lxflflr.exec:\lxflflr.exe129⤵
-
\??\c:\rlxxfxf.exec:\rlxxfxf.exe130⤵
-
\??\c:\nbbhnt.exec:\nbbhnt.exe131⤵
-
\??\c:\nhtntt.exec:\nhtntt.exe132⤵
-
\??\c:\7vddd.exec:\7vddd.exe133⤵
-
\??\c:\vjvvp.exec:\vjvvp.exe134⤵
-
\??\c:\dpvvd.exec:\dpvvd.exe135⤵
-
\??\c:\lffrrrx.exec:\lffrrrx.exe136⤵
-
\??\c:\9fxllrx.exec:\9fxllrx.exe137⤵
-
\??\c:\5tntth.exec:\5tntth.exe138⤵
-
\??\c:\hbhbnn.exec:\hbhbnn.exe139⤵
-
\??\c:\dddpj.exec:\dddpj.exe140⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe141⤵
-
\??\c:\llxlxrr.exec:\llxlxrr.exe142⤵
-
\??\c:\nhhhtn.exec:\nhhhtn.exe143⤵
-
\??\c:\nbnnhn.exec:\nbnnhn.exe144⤵
-
\??\c:\1pdpd.exec:\1pdpd.exe145⤵
-
\??\c:\fxfllfl.exec:\fxfllfl.exe146⤵
-
\??\c:\1xlxrlr.exec:\1xlxrlr.exe147⤵
-
\??\c:\hthhnb.exec:\hthhnb.exe148⤵
-
\??\c:\7thhhb.exec:\7thhhb.exe149⤵
-
\??\c:\dpjpj.exec:\dpjpj.exe150⤵
-
\??\c:\1vdjd.exec:\1vdjd.exe151⤵
-
\??\c:\3lllrrx.exec:\3lllrrx.exe152⤵
-
\??\c:\1xfxrrx.exec:\1xfxrrx.exe153⤵
-
\??\c:\bttbbt.exec:\bttbbt.exe154⤵
-
\??\c:\hthnhh.exec:\hthnhh.exe155⤵
-
\??\c:\dpvpv.exec:\dpvpv.exe156⤵
-
\??\c:\jvjdj.exec:\jvjdj.exe157⤵
-
\??\c:\5lrllll.exec:\5lrllll.exe158⤵
-
\??\c:\frrrrxx.exec:\frrrrxx.exe159⤵
-
\??\c:\hbbhbb.exec:\hbbhbb.exe160⤵
-
\??\c:\3hnhnh.exec:\3hnhnh.exe161⤵
-
\??\c:\5vvpp.exec:\5vvpp.exe162⤵
-
\??\c:\dvjpj.exec:\dvjpj.exe163⤵
-
\??\c:\lrflfxx.exec:\lrflfxx.exe164⤵
-
\??\c:\7lrxrll.exec:\7lrxrll.exe165⤵
-
\??\c:\tnhnhb.exec:\tnhnhb.exe166⤵
-
\??\c:\thhbhb.exec:\thhbhb.exe167⤵
-
\??\c:\9hhhth.exec:\9hhhth.exe168⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe169⤵
-
\??\c:\9dpdj.exec:\9dpdj.exe170⤵
-
\??\c:\rlxxflf.exec:\rlxxflf.exe171⤵
-
\??\c:\frflllf.exec:\frflllf.exe172⤵
-
\??\c:\rxflflr.exec:\rxflflr.exe173⤵
-
\??\c:\bhtttn.exec:\bhtttn.exe174⤵
-
\??\c:\7ntnhh.exec:\7ntnhh.exe175⤵
-
\??\c:\pvjdv.exec:\pvjdv.exe176⤵
-
\??\c:\pdvvp.exec:\pdvvp.exe177⤵
-
\??\c:\lfxfxff.exec:\lfxfxff.exe178⤵
-
\??\c:\xlxfxlx.exec:\xlxfxlx.exe179⤵
-
\??\c:\nhnttb.exec:\nhnttb.exe180⤵
-
\??\c:\nhnntt.exec:\nhnntt.exe181⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe182⤵
-
\??\c:\vjppp.exec:\vjppp.exe183⤵
-
\??\c:\xlxxrrx.exec:\xlxxrrx.exe184⤵
-
\??\c:\lfrxxxl.exec:\lfrxxxl.exe185⤵
-
\??\c:\9tbtbn.exec:\9tbtbn.exe186⤵
-
\??\c:\nbhbtt.exec:\nbhbtt.exe187⤵
-
\??\c:\hthnnt.exec:\hthnnt.exe188⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe189⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe190⤵
-
\??\c:\rfrrrrx.exec:\rfrrrrx.exe191⤵
-
\??\c:\lfllxfr.exec:\lfllxfr.exe192⤵
-
\??\c:\bthtbt.exec:\bthtbt.exe193⤵
-
\??\c:\tnnbnb.exec:\tnnbnb.exe194⤵
-
\??\c:\jvpvv.exec:\jvpvv.exe195⤵
-
\??\c:\3vdvp.exec:\3vdvp.exe196⤵
-
\??\c:\7xlxxff.exec:\7xlxxff.exe197⤵
-
\??\c:\lrlrllr.exec:\lrlrllr.exe198⤵
-
\??\c:\hnbbtn.exec:\hnbbtn.exe199⤵
-
\??\c:\9bnbhb.exec:\9bnbhb.exe200⤵
-
\??\c:\nthttb.exec:\nthttb.exe201⤵
-
\??\c:\vdddd.exec:\vdddd.exe202⤵
-
\??\c:\vpjjj.exec:\vpjjj.exe203⤵
-
\??\c:\3rlrlll.exec:\3rlrlll.exe204⤵
-
\??\c:\flrfffl.exec:\flrfffl.exe205⤵
-
\??\c:\1fxrffl.exec:\1fxrffl.exe206⤵
-
\??\c:\ntnhhh.exec:\ntnhhh.exe207⤵
-
\??\c:\httnnh.exec:\httnnh.exe208⤵
-
\??\c:\1djpj.exec:\1djpj.exe209⤵
-
\??\c:\dppjp.exec:\dppjp.exe210⤵
-
\??\c:\9lfxxxx.exec:\9lfxxxx.exe211⤵
-
\??\c:\frfrrrr.exec:\frfrrrr.exe212⤵
-
\??\c:\ntnthb.exec:\ntnthb.exe213⤵
-
\??\c:\nhtbhh.exec:\nhtbhh.exe214⤵
-
\??\c:\3tbnnn.exec:\3tbnnn.exe215⤵
-
\??\c:\vjvpd.exec:\vjvpd.exe216⤵
-
\??\c:\9rlrxrx.exec:\9rlrxrx.exe217⤵
-
\??\c:\nhnhnh.exec:\nhnhnh.exe218⤵
-
\??\c:\tnhhhh.exec:\tnhhhh.exe219⤵
-
\??\c:\vdjjj.exec:\vdjjj.exe220⤵
-
\??\c:\7dvdv.exec:\7dvdv.exe221⤵
-
\??\c:\llffxxx.exec:\llffxxx.exe222⤵
-
\??\c:\rlfrrrx.exec:\rlfrrrx.exe223⤵
-
\??\c:\3rffxxf.exec:\3rffxxf.exe224⤵
-
\??\c:\bhtthn.exec:\bhtthn.exe225⤵
-
\??\c:\tbhhhh.exec:\tbhhhh.exe226⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe227⤵
-
\??\c:\pjppp.exec:\pjppp.exe228⤵
-
\??\c:\5fxxxxx.exec:\5fxxxxx.exe229⤵
-
\??\c:\ffllflx.exec:\ffllflx.exe230⤵
-
\??\c:\lxfflrx.exec:\lxfflrx.exe231⤵
-
\??\c:\btbbbb.exec:\btbbbb.exe232⤵
-
\??\c:\nhtntn.exec:\nhtntn.exe233⤵
-
\??\c:\vjddj.exec:\vjddj.exe234⤵
-
\??\c:\5jjdv.exec:\5jjdv.exe235⤵
-
\??\c:\frrfrxf.exec:\frrfrxf.exe236⤵
-
\??\c:\ffxfxxl.exec:\ffxfxxl.exe237⤵
-
\??\c:\bthnbn.exec:\bthnbn.exe238⤵
-
\??\c:\bthnbt.exec:\bthnbt.exe239⤵
-
\??\c:\hbhbhb.exec:\hbhbhb.exe240⤵
-
\??\c:\dvjvj.exec:\dvjvj.exe241⤵