Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
21-05-2024 05:10
General
-
Target
e2dd3dc2978a6422e078c635a12221079e9543103e100181dc0a02e462106f60.exe
-
Size
95KB
-
MD5
a0d5ea24940313c9e42274e5acbeb6e9
-
SHA1
d324e9ca040d9f42ff3d10adea00d5583c9e65a5
-
SHA256
e2dd3dc2978a6422e078c635a12221079e9543103e100181dc0a02e462106f60
-
SHA512
d9e2fe67d4a0fb36dd76c3350bb6fe1796f4ebbfbfe64e3304f8c6d9bea66acdb33a3cc4e4032f5ce41085163132703b1acf158f9a64aaa83e85d4e5c062ba70
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxS1rj/2CH:ymb3NkkiQ3mdBjFo73PYP1lri3K8GwyG
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
UPX dump on OEP (original entry point) 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e2dd3dc2978a6422e078c635a12221079e9543103e100181dc0a02e462106f60.exe"C:\Users\Admin\AppData\Local\Temp\e2dd3dc2978a6422e078c635a12221079e9543103e100181dc0a02e462106f60.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjpj.exec:\vvjpj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrxrxl.exec:\xxrxrxl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbnn.exec:\tnbbnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvjd.exec:\pjvjd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxfrrl.exec:\rlxfrrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtttt.exec:\hbtttt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtthh.exec:\hhtthh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpjp.exec:\vvpjp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxrflf.exec:\llxrflf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrfrr.exec:\fxlrfrr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ththnt.exec:\ththnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppppj.exec:\ppppj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxfflx.exec:\lxxfflx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xxlxxf.exec:\5xxlxxf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tnthh.exec:\1tnthh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jjjv.exec:\7jjjv.exe17⤵
- Executes dropped EXE
-
\??\c:\rlflxxl.exec:\rlflxxl.exe18⤵
- Executes dropped EXE
-
\??\c:\llxlrrf.exec:\llxlrrf.exe19⤵
- Executes dropped EXE
-
\??\c:\7hthnn.exec:\7hthnn.exe20⤵
- Executes dropped EXE
-
\??\c:\bhbnbt.exec:\bhbnbt.exe21⤵
- Executes dropped EXE
-
\??\c:\5vppv.exec:\5vppv.exe22⤵
- Executes dropped EXE
-
\??\c:\xrxxlrx.exec:\xrxxlrx.exe23⤵
- Executes dropped EXE
-
\??\c:\llflffr.exec:\llflffr.exe24⤵
- Executes dropped EXE
-
\??\c:\7tntht.exec:\7tntht.exe25⤵
- Executes dropped EXE
-
\??\c:\pvvvd.exec:\pvvvd.exe26⤵
- Executes dropped EXE
-
\??\c:\vvdvv.exec:\vvdvv.exe27⤵
- Executes dropped EXE
-
\??\c:\lfrrxxl.exec:\lfrrxxl.exe28⤵
- Executes dropped EXE
-
\??\c:\ttnbht.exec:\ttnbht.exe29⤵
- Executes dropped EXE
-
\??\c:\jjjvj.exec:\jjjvj.exe30⤵
- Executes dropped EXE
-
\??\c:\vpjpp.exec:\vpjpp.exe31⤵
- Executes dropped EXE
-
\??\c:\ffxlffx.exec:\ffxlffx.exe32⤵
- Executes dropped EXE
-
\??\c:\bttthh.exec:\bttthh.exe33⤵
- Executes dropped EXE
-
\??\c:\pppvp.exec:\pppvp.exe34⤵
- Executes dropped EXE
-
\??\c:\lfrxxfl.exec:\lfrxxfl.exe35⤵
- Executes dropped EXE
-
\??\c:\7hbhnt.exec:\7hbhnt.exe36⤵
- Executes dropped EXE
-
\??\c:\3btttb.exec:\3btttb.exe37⤵
- Executes dropped EXE
-
\??\c:\dvjvv.exec:\dvjvv.exe38⤵
- Executes dropped EXE
-
\??\c:\vjvvd.exec:\vjvvd.exe39⤵
- Executes dropped EXE
-
\??\c:\rrffrrl.exec:\rrffrrl.exe40⤵
- Executes dropped EXE
-
\??\c:\llrfflf.exec:\llrfflf.exe41⤵
- Executes dropped EXE
-
\??\c:\3nbbhh.exec:\3nbbhh.exe42⤵
- Executes dropped EXE
-
\??\c:\jjjvd.exec:\jjjvd.exe43⤵
- Executes dropped EXE
-
\??\c:\ddpjp.exec:\ddpjp.exe44⤵
- Executes dropped EXE
-
\??\c:\llffrxr.exec:\llffrxr.exe45⤵
- Executes dropped EXE
-
\??\c:\rlflffl.exec:\rlflffl.exe46⤵
- Executes dropped EXE
-
\??\c:\thttbh.exec:\thttbh.exe47⤵
- Executes dropped EXE
-
\??\c:\bbhntt.exec:\bbhntt.exe48⤵
- Executes dropped EXE
-
\??\c:\nhnhnn.exec:\nhnhnn.exe49⤵
- Executes dropped EXE
-
\??\c:\7jjdj.exec:\7jjdj.exe50⤵
- Executes dropped EXE
-
\??\c:\pjddj.exec:\pjddj.exe51⤵
- Executes dropped EXE
-
\??\c:\rlrfrfl.exec:\rlrfrfl.exe52⤵
- Executes dropped EXE
-
\??\c:\7hnntt.exec:\7hnntt.exe53⤵
- Executes dropped EXE
-
\??\c:\3bthbh.exec:\3bthbh.exe54⤵
- Executes dropped EXE
-
\??\c:\7pddj.exec:\7pddj.exe55⤵
- Executes dropped EXE
-
\??\c:\jppjj.exec:\jppjj.exe56⤵
- Executes dropped EXE
-
\??\c:\3lflxxf.exec:\3lflxxf.exe57⤵
- Executes dropped EXE
-
\??\c:\llxlrfr.exec:\llxlrfr.exe58⤵
- Executes dropped EXE
-
\??\c:\hhbhnn.exec:\hhbhnn.exe59⤵
- Executes dropped EXE
-
\??\c:\ttntbh.exec:\ttntbh.exe60⤵
- Executes dropped EXE
-
\??\c:\vvpdd.exec:\vvpdd.exe61⤵
- Executes dropped EXE
-
\??\c:\pjpjd.exec:\pjpjd.exe62⤵
- Executes dropped EXE
-
\??\c:\lxrrxfl.exec:\lxrrxfl.exe63⤵
- Executes dropped EXE
-
\??\c:\lfflrrx.exec:\lfflrrx.exe64⤵
- Executes dropped EXE
-
\??\c:\btbhhn.exec:\btbhhn.exe65⤵
- Executes dropped EXE
-
\??\c:\hbnbbh.exec:\hbnbbh.exe66⤵
-
\??\c:\5jvjp.exec:\5jvjp.exe67⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe68⤵
-
\??\c:\vppvv.exec:\vppvv.exe69⤵
-
\??\c:\llrxflr.exec:\llrxflr.exe70⤵
-
\??\c:\rrfrlxl.exec:\rrfrlxl.exe71⤵
-
\??\c:\3nhnbh.exec:\3nhnbh.exe72⤵
-
\??\c:\ttnhbn.exec:\ttnhbn.exe73⤵
-
\??\c:\dddjj.exec:\dddjj.exe74⤵
-
\??\c:\3dvdj.exec:\3dvdj.exe75⤵
-
\??\c:\lfrrffr.exec:\lfrrffr.exe76⤵
-
\??\c:\xxlrlrx.exec:\xxlrlrx.exe77⤵
-
\??\c:\3hnbbh.exec:\3hnbbh.exe78⤵
-
\??\c:\nnbhhn.exec:\nnbhhn.exe79⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe80⤵
-
\??\c:\5pvvd.exec:\5pvvd.exe81⤵
-
\??\c:\ppjdd.exec:\ppjdd.exe82⤵
-
\??\c:\ffxxrrl.exec:\ffxxrrl.exe83⤵
-
\??\c:\lfrxflx.exec:\lfrxflx.exe84⤵
-
\??\c:\nhnhnn.exec:\nhnhnn.exe85⤵
-
\??\c:\bbbhbh.exec:\bbbhbh.exe86⤵
-
\??\c:\vvpvj.exec:\vvpvj.exe87⤵
-
\??\c:\djjjv.exec:\djjjv.exe88⤵
-
\??\c:\1xlxffl.exec:\1xlxffl.exe89⤵
-
\??\c:\rrlxrxl.exec:\rrlxrxl.exe90⤵
-
\??\c:\lflxlrf.exec:\lflxlrf.exe91⤵
-
\??\c:\nhntht.exec:\nhntht.exe92⤵
-
\??\c:\hbhntb.exec:\hbhntb.exe93⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe94⤵
-
\??\c:\9pjvp.exec:\9pjvp.exe95⤵
-
\??\c:\llrfxxf.exec:\llrfxxf.exe96⤵
-
\??\c:\lxrxffl.exec:\lxrxffl.exe97⤵
-
\??\c:\nnnnnt.exec:\nnnnnt.exe98⤵
-
\??\c:\3tnbtt.exec:\3tnbtt.exe99⤵
-
\??\c:\ppvdv.exec:\ppvdv.exe100⤵
-
\??\c:\djdjj.exec:\djdjj.exe101⤵
-
\??\c:\jjdpd.exec:\jjdpd.exe102⤵
-
\??\c:\3xrfrrf.exec:\3xrfrrf.exe103⤵
-
\??\c:\ffrlrfr.exec:\ffrlrfr.exe104⤵
-
\??\c:\nbbbht.exec:\nbbbht.exe105⤵
-
\??\c:\ttthnt.exec:\ttthnt.exe106⤵
-
\??\c:\jjpdv.exec:\jjpdv.exe107⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe108⤵
-
\??\c:\rlxxllx.exec:\rlxxllx.exe109⤵
-
\??\c:\5xlrflx.exec:\5xlrflx.exe110⤵
-
\??\c:\9hnbtt.exec:\9hnbtt.exe111⤵
-
\??\c:\hnhnnn.exec:\hnhnnn.exe112⤵
-
\??\c:\tnbhbn.exec:\tnbhbn.exe113⤵
-
\??\c:\pjvjv.exec:\pjvjv.exe114⤵
-
\??\c:\xrxrflr.exec:\xrxrflr.exe115⤵
-
\??\c:\rlrrxfl.exec:\rlrrxfl.exe116⤵
-
\??\c:\1thnhh.exec:\1thnhh.exe117⤵
-
\??\c:\bthnhn.exec:\bthnhn.exe118⤵
-
\??\c:\5ddvd.exec:\5ddvd.exe119⤵
-
\??\c:\frlxrrr.exec:\frlxrrr.exe120⤵
-
\??\c:\xrxlxxl.exec:\xrxlxxl.exe121⤵
-
\??\c:\nhhtnt.exec:\nhhtnt.exe122⤵
-
\??\c:\jvvdd.exec:\jvvdd.exe123⤵
-
\??\c:\3pvpd.exec:\3pvpd.exe124⤵
-
\??\c:\9rxflrx.exec:\9rxflrx.exe125⤵
-
\??\c:\fxllrfl.exec:\fxllrfl.exe126⤵
-
\??\c:\nnhtbh.exec:\nnhtbh.exe127⤵
-
\??\c:\hbbthn.exec:\hbbthn.exe128⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe129⤵
-
\??\c:\jdpdv.exec:\jdpdv.exe130⤵
-
\??\c:\9fxrffr.exec:\9fxrffr.exe131⤵
-
\??\c:\btnthn.exec:\btnthn.exe132⤵
-
\??\c:\ntttbn.exec:\ntttbn.exe133⤵
-
\??\c:\pjvpd.exec:\pjvpd.exe134⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe135⤵
-
\??\c:\rrlxlxl.exec:\rrlxlxl.exe136⤵
-
\??\c:\xrxflrr.exec:\xrxflrr.exe137⤵
-
\??\c:\bnbbnn.exec:\bnbbnn.exe138⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe139⤵
-
\??\c:\vppjp.exec:\vppjp.exe140⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe141⤵
-
\??\c:\fxrxfff.exec:\fxrxfff.exe142⤵
-
\??\c:\9tbnht.exec:\9tbnht.exe143⤵
-
\??\c:\3bnhnb.exec:\3bnhnb.exe144⤵
-
\??\c:\jjvvp.exec:\jjvvp.exe145⤵
-
\??\c:\jdppp.exec:\jdppp.exe146⤵
-
\??\c:\ffxlrfr.exec:\ffxlrfr.exe147⤵
-
\??\c:\1rlrxff.exec:\1rlrxff.exe148⤵
-
\??\c:\ttthbh.exec:\ttthbh.exe149⤵
-
\??\c:\thhntb.exec:\thhntb.exe150⤵
-
\??\c:\dpvpv.exec:\dpvpv.exe151⤵
-
\??\c:\vvdpp.exec:\vvdpp.exe152⤵
-
\??\c:\5ffrffl.exec:\5ffrffl.exe153⤵
-
\??\c:\rfllrrf.exec:\rfllrrf.exe154⤵
-
\??\c:\1ttbhn.exec:\1ttbhn.exe155⤵
-
\??\c:\1hbhbb.exec:\1hbhbb.exe156⤵
-
\??\c:\1jdpj.exec:\1jdpj.exe157⤵
-
\??\c:\xfllffl.exec:\xfllffl.exe158⤵
-
\??\c:\7lfrxfl.exec:\7lfrxfl.exe159⤵
-
\??\c:\nhthnt.exec:\nhthnt.exe160⤵
-
\??\c:\7bbthh.exec:\7bbthh.exe161⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe162⤵
-
\??\c:\ddjdj.exec:\ddjdj.exe163⤵
-
\??\c:\xrlrlrf.exec:\xrlrlrf.exe164⤵
-
\??\c:\lfrxffr.exec:\lfrxffr.exe165⤵
-
\??\c:\7nhtbn.exec:\7nhtbn.exe166⤵
-
\??\c:\hbhnnn.exec:\hbhnnn.exe167⤵
-
\??\c:\ppdpj.exec:\ppdpj.exe168⤵
-
\??\c:\pjddj.exec:\pjddj.exe169⤵
-
\??\c:\rlxxllx.exec:\rlxxllx.exe170⤵
-
\??\c:\rlfrflr.exec:\rlfrflr.exe171⤵
-
\??\c:\nnbbnn.exec:\nnbbnn.exe172⤵
-
\??\c:\hbtbhn.exec:\hbtbhn.exe173⤵
-
\??\c:\ppdjp.exec:\ppdjp.exe174⤵
-
\??\c:\ppdjp.exec:\ppdjp.exe175⤵
-
\??\c:\5llrlxl.exec:\5llrlxl.exe176⤵
-
\??\c:\ffxlfll.exec:\ffxlfll.exe177⤵
-
\??\c:\5bhhnb.exec:\5bhhnb.exe178⤵
-
\??\c:\3bntnn.exec:\3bntnn.exe179⤵
-
\??\c:\jpvvv.exec:\jpvvv.exe180⤵
-
\??\c:\9jjpd.exec:\9jjpd.exe181⤵
-
\??\c:\rrlrflx.exec:\rrlrflx.exe182⤵
-
\??\c:\fxlrxfr.exec:\fxlrxfr.exe183⤵
-
\??\c:\bttbht.exec:\bttbht.exe184⤵
-
\??\c:\hbbttb.exec:\hbbttb.exe185⤵
-
\??\c:\dvdpj.exec:\dvdpj.exe186⤵
-
\??\c:\ddvdj.exec:\ddvdj.exe187⤵
-
\??\c:\fxlrxxl.exec:\fxlrxxl.exe188⤵
-
\??\c:\rlrlffr.exec:\rlrlffr.exe189⤵
-
\??\c:\3bbhtb.exec:\3bbhtb.exe190⤵
-
\??\c:\ttbhnn.exec:\ttbhnn.exe191⤵
-
\??\c:\ppjvv.exec:\ppjvv.exe192⤵
-
\??\c:\ddvjd.exec:\ddvjd.exe193⤵
-
\??\c:\llrrflx.exec:\llrrflx.exe194⤵
-
\??\c:\lfffflx.exec:\lfffflx.exe195⤵
-
\??\c:\fxflxxl.exec:\fxflxxl.exe196⤵
-
\??\c:\ttnhth.exec:\ttnhth.exe197⤵
-
\??\c:\nhbnhh.exec:\nhbnhh.exe198⤵
-
\??\c:\vpjvd.exec:\vpjvd.exe199⤵
-
\??\c:\lfxxffl.exec:\lfxxffl.exe200⤵
-
\??\c:\nnnbtb.exec:\nnnbtb.exe201⤵
-
\??\c:\pvppv.exec:\pvppv.exe202⤵
-
\??\c:\jjjdj.exec:\jjjdj.exe203⤵
-
\??\c:\9rffrxf.exec:\9rffrxf.exe204⤵
-
\??\c:\nhnbnn.exec:\nhnbnn.exe205⤵
-
\??\c:\9jddd.exec:\9jddd.exe206⤵
-
\??\c:\frffrfr.exec:\frffrfr.exe207⤵
-
\??\c:\frlfrrf.exec:\frlfrrf.exe208⤵
-
\??\c:\nnhtbh.exec:\nnhtbh.exe209⤵
-
\??\c:\hbhnbh.exec:\hbhnbh.exe210⤵
-
\??\c:\vpdvd.exec:\vpdvd.exe211⤵
-
\??\c:\ppddp.exec:\ppddp.exe212⤵
-
\??\c:\1fflrxf.exec:\1fflrxf.exe213⤵
-
\??\c:\ffrlrfr.exec:\ffrlrfr.exe214⤵
-
\??\c:\bbtbnt.exec:\bbtbnt.exe215⤵
-
\??\c:\nttnnh.exec:\nttnnh.exe216⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe217⤵
-
\??\c:\9vpvd.exec:\9vpvd.exe218⤵
-
\??\c:\rlllfxf.exec:\rlllfxf.exe219⤵
-
\??\c:\rrfxlrf.exec:\rrfxlrf.exe220⤵
-
\??\c:\nnnhnt.exec:\nnnhnt.exe221⤵
-
\??\c:\nhnbth.exec:\nhnbth.exe222⤵
-
\??\c:\dvppd.exec:\dvppd.exe223⤵
-
\??\c:\5xllffl.exec:\5xllffl.exe224⤵
-
\??\c:\rlxxrrx.exec:\rlxxrrx.exe225⤵
-
\??\c:\hhtnht.exec:\hhtnht.exe226⤵
-
\??\c:\tnbhnh.exec:\tnbhnh.exe227⤵
-
\??\c:\5pjjv.exec:\5pjjv.exe228⤵
-
\??\c:\1jjpd.exec:\1jjpd.exe229⤵
-
\??\c:\rlrxrxf.exec:\rlrxrxf.exe230⤵
-
\??\c:\xfrrlrx.exec:\xfrrlrx.exe231⤵
-
\??\c:\3nthnt.exec:\3nthnt.exe232⤵
-
\??\c:\5thttt.exec:\5thttt.exe233⤵
-
\??\c:\3jvdp.exec:\3jvdp.exe234⤵
-
\??\c:\5jvdj.exec:\5jvdj.exe235⤵
-
\??\c:\xlxxllr.exec:\xlxxllr.exe236⤵
-
\??\c:\lxrxxxx.exec:\lxrxxxx.exe237⤵
-
\??\c:\nhbnnn.exec:\nhbnnn.exe238⤵
-
\??\c:\hbnttn.exec:\hbnttn.exe239⤵
-
\??\c:\jjvvp.exec:\jjvvp.exe240⤵
-
\??\c:\ppddj.exec:\ppddj.exe241⤵