Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
21-05-2024 05:41
General
-
Target
ee761e574744a22240cc400b366d7d24a2a5e8ad9efbeddaf7b0ce9dd5cf4d8c.exe
-
Size
212KB
-
MD5
c7ca343e49da047bf9d753005c0cd327
-
SHA1
52c2f0f24f9a44e2c7d96637581b7f4c6291d3a1
-
SHA256
ee761e574744a22240cc400b366d7d24a2a5e8ad9efbeddaf7b0ce9dd5cf4d8c
-
SHA512
5b14f1b1c0f7878f540f4dd66c27a57e7d07c6fbb9d6f43e473e3951e46f4bbe0cdcd3e248086a84a5ceaadf15b2061266161ef4866dd525b00866ddce2b9b46
-
SSDEEP
3072:ymb3NkkiQ3mdBjFIi/0RU6QeYQsm71vPmc51+GqekBJCvr6zJBUmABd1:n3C9BRIG0asYFm71m8+GdkB9EBd1
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
UPX dump on OEP (original entry point) 31 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ee761e574744a22240cc400b366d7d24a2a5e8ad9efbeddaf7b0ce9dd5cf4d8c.exe"C:\Users\Admin\AppData\Local\Temp\ee761e574744a22240cc400b366d7d24a2a5e8ad9efbeddaf7b0ce9dd5cf4d8c.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbhbh.exec:\bbbhbh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xxrllf.exec:\1xxrllf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllxfxr.exec:\lllxfxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbhb.exec:\btbbhb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpdp.exec:\vvpdp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfxxxx.exec:\rxfxxxx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfxllr.exec:\xxfxllr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhtnt.exec:\nhhtnt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddv.exec:\dvddv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfrfrf.exec:\rrfrfrf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxlrlx.exec:\xlxlrlx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbtnh.exec:\hbbtnh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdp.exec:\vjjdp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntntnb.exec:\ntntnb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjpj.exec:\dpjpj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntbbt.exec:\tntbbt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppdv.exec:\dppdv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xrrrrr.exec:\3xrrrrr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhhh.exec:\bnnhhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pjdv.exec:\7pjdv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxfffl.exec:\xxxfffl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbtn.exec:\nhhbtn.exe23⤵
- Executes dropped EXE
-
\??\c:\7pjdp.exec:\7pjdp.exe24⤵
- Executes dropped EXE
-
\??\c:\lfxrrrl.exec:\lfxrrrl.exe25⤵
- Executes dropped EXE
-
\??\c:\tnnhbb.exec:\tnnhbb.exe26⤵
- Executes dropped EXE
-
\??\c:\jdppj.exec:\jdppj.exe27⤵
- Executes dropped EXE
-
\??\c:\1bthnt.exec:\1bthnt.exe28⤵
- Executes dropped EXE
-
\??\c:\vvddd.exec:\vvddd.exe29⤵
- Executes dropped EXE
-
\??\c:\5frlrrf.exec:\5frlrrf.exe30⤵
- Executes dropped EXE
-
\??\c:\hhnttt.exec:\hhnttt.exe31⤵
- Executes dropped EXE
-
\??\c:\7lrrrrl.exec:\7lrrrrl.exe32⤵
- Executes dropped EXE
-
\??\c:\nntnbt.exec:\nntnbt.exe33⤵
- Executes dropped EXE
-
\??\c:\vjdjv.exec:\vjdjv.exe34⤵
- Executes dropped EXE
-
\??\c:\nhnhhh.exec:\nhnhhh.exe35⤵
- Executes dropped EXE
-
\??\c:\vjddv.exec:\vjddv.exe36⤵
- Executes dropped EXE
-
\??\c:\rlxlllf.exec:\rlxlllf.exe37⤵
- Executes dropped EXE
-
\??\c:\nnhhnt.exec:\nnhhnt.exe38⤵
- Executes dropped EXE
-
\??\c:\ddvvv.exec:\ddvvv.exe39⤵
- Executes dropped EXE
-
\??\c:\ddjdd.exec:\ddjdd.exe40⤵
- Executes dropped EXE
-
\??\c:\xlxrrxx.exec:\xlxrrxx.exe41⤵
- Executes dropped EXE
-
\??\c:\btbtth.exec:\btbtth.exe42⤵
- Executes dropped EXE
-
\??\c:\pvvvp.exec:\pvvvp.exe43⤵
- Executes dropped EXE
-
\??\c:\vjjvp.exec:\vjjvp.exe44⤵
- Executes dropped EXE
-
\??\c:\xrrlfxr.exec:\xrrlfxr.exe45⤵
- Executes dropped EXE
-
\??\c:\bhtntt.exec:\bhtntt.exe46⤵
- Executes dropped EXE
-
\??\c:\3dvjv.exec:\3dvjv.exe47⤵
- Executes dropped EXE
-
\??\c:\lffrrfl.exec:\lffrrfl.exe48⤵
- Executes dropped EXE
-
\??\c:\9xxrlff.exec:\9xxrlff.exe49⤵
- Executes dropped EXE
-
\??\c:\nbnhhn.exec:\nbnhhn.exe50⤵
- Executes dropped EXE
-
\??\c:\djjpv.exec:\djjpv.exe51⤵
- Executes dropped EXE
-
\??\c:\rxxxxxr.exec:\rxxxxxr.exe52⤵
- Executes dropped EXE
-
\??\c:\fffffrr.exec:\fffffrr.exe53⤵
- Executes dropped EXE
-
\??\c:\nthnnn.exec:\nthnnn.exe54⤵
- Executes dropped EXE
-
\??\c:\pjdpp.exec:\pjdpp.exe55⤵
- Executes dropped EXE
-
\??\c:\xrfxrff.exec:\xrfxrff.exe56⤵
- Executes dropped EXE
-
\??\c:\llrrflr.exec:\llrrflr.exe57⤵
- Executes dropped EXE
-
\??\c:\9vjdp.exec:\9vjdp.exe58⤵
- Executes dropped EXE
-
\??\c:\7pvvv.exec:\7pvvv.exe59⤵
- Executes dropped EXE
-
\??\c:\rlrlffr.exec:\rlrlffr.exe60⤵
- Executes dropped EXE
-
\??\c:\nnbbnn.exec:\nnbbnn.exe61⤵
- Executes dropped EXE
-
\??\c:\vdjjp.exec:\vdjjp.exe62⤵
- Executes dropped EXE
-
\??\c:\pvpvd.exec:\pvpvd.exe63⤵
- Executes dropped EXE
-
\??\c:\xfrrfxl.exec:\xfrrfxl.exe64⤵
- Executes dropped EXE
-
\??\c:\tnttnn.exec:\tnttnn.exe65⤵
- Executes dropped EXE
-
\??\c:\vvvpp.exec:\vvvpp.exe66⤵
-
\??\c:\djppp.exec:\djppp.exe67⤵
-
\??\c:\xlrfrfx.exec:\xlrfrfx.exe68⤵
-
\??\c:\hnbhnt.exec:\hnbhnt.exe69⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe70⤵
-
\??\c:\jdddp.exec:\jdddp.exe71⤵
-
\??\c:\lxlfxxl.exec:\lxlfxxl.exe72⤵
-
\??\c:\bnbbhh.exec:\bnbbhh.exe73⤵
-
\??\c:\ppdpv.exec:\ppdpv.exe74⤵
-
\??\c:\pvjjp.exec:\pvjjp.exe75⤵
-
\??\c:\xlrllll.exec:\xlrllll.exe76⤵
-
\??\c:\1tbbbn.exec:\1tbbbn.exe77⤵
-
\??\c:\5thbtt.exec:\5thbtt.exe78⤵
-
\??\c:\frfxrlf.exec:\frfxrlf.exe79⤵
-
\??\c:\nthhbb.exec:\nthhbb.exe80⤵
-
\??\c:\1pppp.exec:\1pppp.exe81⤵
-
\??\c:\9rrrrrr.exec:\9rrrrrr.exe82⤵
-
\??\c:\bbbhhn.exec:\bbbhhn.exe83⤵
-
\??\c:\pvjjj.exec:\pvjjj.exe84⤵
-
\??\c:\lflfffx.exec:\lflfffx.exe85⤵
-
\??\c:\btnnbh.exec:\btnnbh.exe86⤵
-
\??\c:\hhbthn.exec:\hhbthn.exe87⤵
-
\??\c:\9vvvv.exec:\9vvvv.exe88⤵
-
\??\c:\xrlllll.exec:\xrlllll.exe89⤵
-
\??\c:\tthbbb.exec:\tthbbb.exe90⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe91⤵
-
\??\c:\rrfffrr.exec:\rrfffrr.exe92⤵
-
\??\c:\bnnnhn.exec:\bnnnhn.exe93⤵
-
\??\c:\frxxffl.exec:\frxxffl.exe94⤵
-
\??\c:\9xlrrrr.exec:\9xlrrrr.exe95⤵
-
\??\c:\tnhhbh.exec:\tnhhbh.exe96⤵
-
\??\c:\pvpdj.exec:\pvpdj.exe97⤵
-
\??\c:\llxxflr.exec:\llxxflr.exe98⤵
-
\??\c:\9xxrllf.exec:\9xxrllf.exe99⤵
-
\??\c:\pvjjp.exec:\pvjjp.exe100⤵
-
\??\c:\ppdvj.exec:\ppdvj.exe101⤵
-
\??\c:\frxrrlf.exec:\frxrrlf.exe102⤵
-
\??\c:\hbtnhb.exec:\hbtnhb.exe103⤵
-
\??\c:\nntbbn.exec:\nntbbn.exe104⤵
-
\??\c:\jpvdd.exec:\jpvdd.exe105⤵
-
\??\c:\rrlrrxx.exec:\rrlrrxx.exe106⤵
-
\??\c:\ttbthb.exec:\ttbthb.exe107⤵
-
\??\c:\pvdjp.exec:\pvdjp.exe108⤵
-
\??\c:\1xfflrf.exec:\1xfflrf.exe109⤵
-
\??\c:\frxlxrf.exec:\frxlxrf.exe110⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe111⤵
-
\??\c:\vpvpv.exec:\vpvpv.exe112⤵
-
\??\c:\hhhhbh.exec:\hhhhbh.exe113⤵
-
\??\c:\vdddd.exec:\vdddd.exe114⤵
-
\??\c:\vdddj.exec:\vdddj.exe115⤵
-
\??\c:\xlxxxff.exec:\xlxxxff.exe116⤵
-
\??\c:\frlllll.exec:\frlllll.exe117⤵
-
\??\c:\dpdpp.exec:\dpdpp.exe118⤵
-
\??\c:\rlrxfll.exec:\rlrxfll.exe119⤵
-
\??\c:\rlrlxrx.exec:\rlrlxrx.exe120⤵
-
\??\c:\btbbtb.exec:\btbbtb.exe121⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe122⤵
-
\??\c:\xfrrrxx.exec:\xfrrrxx.exe123⤵
-
\??\c:\llrfllr.exec:\llrfllr.exe124⤵
-
\??\c:\ttnnbh.exec:\ttnnbh.exe125⤵
-
\??\c:\vdvvp.exec:\vdvvp.exe126⤵
-
\??\c:\pppjp.exec:\pppjp.exe127⤵
-
\??\c:\xxxxxlf.exec:\xxxxxlf.exe128⤵
-
\??\c:\hhbtnn.exec:\hhbtnn.exe129⤵
-
\??\c:\htbhht.exec:\htbhht.exe130⤵
-
\??\c:\dvvjd.exec:\dvvjd.exe131⤵
-
\??\c:\xllfxxr.exec:\xllfxxr.exe132⤵
-
\??\c:\rrlxxxf.exec:\rrlxxxf.exe133⤵
-
\??\c:\bnnnnn.exec:\bnnnnn.exe134⤵
-
\??\c:\3vddv.exec:\3vddv.exe135⤵
-
\??\c:\9vjpv.exec:\9vjpv.exe136⤵
-
\??\c:\rlfxrlf.exec:\rlfxrlf.exe137⤵
-
\??\c:\thbnbt.exec:\thbnbt.exe138⤵
-
\??\c:\nhnbnb.exec:\nhnbnb.exe139⤵
-
\??\c:\pjddv.exec:\pjddv.exe140⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe141⤵
-
\??\c:\frrfxxr.exec:\frrfxxr.exe142⤵
-
\??\c:\httthh.exec:\httthh.exe143⤵
-
\??\c:\nnnbbn.exec:\nnnbbn.exe144⤵
-
\??\c:\fllfxxr.exec:\fllfxxr.exe145⤵
-
\??\c:\tbthnn.exec:\tbthnn.exe146⤵
-
\??\c:\3vvvv.exec:\3vvvv.exe147⤵
-
\??\c:\xlfrlfr.exec:\xlfrlfr.exe148⤵
-
\??\c:\bntttt.exec:\bntttt.exe149⤵
-
\??\c:\dvppj.exec:\dvppj.exe150⤵
-
\??\c:\flfxrxr.exec:\flfxrxr.exe151⤵
-
\??\c:\llllfll.exec:\llllfll.exe152⤵
-
\??\c:\tnbbnn.exec:\tnbbnn.exe153⤵
-
\??\c:\pjpvv.exec:\pjpvv.exe154⤵
-
\??\c:\1xffffl.exec:\1xffffl.exe155⤵
-
\??\c:\thtntt.exec:\thtntt.exe156⤵
-
\??\c:\bnthht.exec:\bnthht.exe157⤵
-
\??\c:\7ppjj.exec:\7ppjj.exe158⤵
-
\??\c:\ffrxfrx.exec:\ffrxfrx.exe159⤵
-
\??\c:\ttntth.exec:\ttntth.exe160⤵
-
\??\c:\ththnh.exec:\ththnh.exe161⤵
-
\??\c:\ddvpv.exec:\ddvpv.exe162⤵
-
\??\c:\xxflrfl.exec:\xxflrfl.exe163⤵
-
\??\c:\7fxrlfx.exec:\7fxrlfx.exe164⤵
-
\??\c:\hthhnt.exec:\hthhnt.exe165⤵
-
\??\c:\vddvp.exec:\vddvp.exe166⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe167⤵
-
\??\c:\rrxrxlf.exec:\rrxrxlf.exe168⤵
-
\??\c:\bnnbbh.exec:\bnnbbh.exe169⤵
-
\??\c:\9bhhbb.exec:\9bhhbb.exe170⤵
-
\??\c:\5pjdv.exec:\5pjdv.exe171⤵
-
\??\c:\frlfrfr.exec:\frlfrfr.exe172⤵
-
\??\c:\3rxrrrr.exec:\3rxrrrr.exe173⤵
-
\??\c:\tbhbtn.exec:\tbhbtn.exe174⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe175⤵
-
\??\c:\dddvv.exec:\dddvv.exe176⤵
-
\??\c:\rxffxff.exec:\rxffxff.exe177⤵
-
\??\c:\ttnnhh.exec:\ttnnhh.exe178⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe179⤵
-
\??\c:\ppjpj.exec:\ppjpj.exe180⤵
-
\??\c:\fxrrrxx.exec:\fxrrrxx.exe181⤵
-
\??\c:\xxllrxx.exec:\xxllrxx.exe182⤵
-
\??\c:\9ttttn.exec:\9ttttn.exe183⤵
-
\??\c:\vvjpv.exec:\vvjpv.exe184⤵
-
\??\c:\1xffxll.exec:\1xffxll.exe185⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe186⤵
-
\??\c:\5ttnhh.exec:\5ttnhh.exe187⤵
-
\??\c:\vvvpv.exec:\vvvpv.exe188⤵
-
\??\c:\frxrllf.exec:\frxrllf.exe189⤵
-
\??\c:\9fffxrr.exec:\9fffxrr.exe190⤵
-
\??\c:\nhnntb.exec:\nhnntb.exe191⤵
-
\??\c:\vvpjd.exec:\vvpjd.exe192⤵
-
\??\c:\xlrrxfx.exec:\xlrrxfx.exe193⤵
-
\??\c:\3rrllll.exec:\3rrllll.exe194⤵
-
\??\c:\hbhnth.exec:\hbhnth.exe195⤵
-
\??\c:\jvdjv.exec:\jvdjv.exe196⤵
-
\??\c:\lxlfxxf.exec:\lxlfxxf.exe197⤵
-
\??\c:\xflfffx.exec:\xflfffx.exe198⤵
-
\??\c:\thnnnt.exec:\thnnnt.exe199⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe200⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe201⤵
-
\??\c:\rlffffx.exec:\rlffffx.exe202⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe203⤵
-
\??\c:\vvdvj.exec:\vvdvj.exe204⤵
-
\??\c:\vppvv.exec:\vppvv.exe205⤵
-
\??\c:\ffrlffr.exec:\ffrlffr.exe206⤵
-
\??\c:\hhhbbb.exec:\hhhbbb.exe207⤵
-
\??\c:\9bnnnt.exec:\9bnnnt.exe208⤵
-
\??\c:\9jppj.exec:\9jppj.exe209⤵
-
\??\c:\5jdvj.exec:\5jdvj.exe210⤵
-
\??\c:\rlrllff.exec:\rlrllff.exe211⤵
-
\??\c:\bnntnn.exec:\bnntnn.exe212⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe213⤵
-
\??\c:\jvjdd.exec:\jvjdd.exe214⤵
-
\??\c:\rrrlfxx.exec:\rrrlfxx.exe215⤵
-
\??\c:\lfllllf.exec:\lfllllf.exe216⤵
-
\??\c:\nhnhbb.exec:\nhnhbb.exe217⤵
-
\??\c:\7pvpd.exec:\7pvpd.exe218⤵
-
\??\c:\1djdp.exec:\1djdp.exe219⤵
-
\??\c:\frxrffx.exec:\frxrffx.exe220⤵
-
\??\c:\9tbttt.exec:\9tbttt.exe221⤵
-
\??\c:\hthbbt.exec:\hthbbt.exe222⤵
-
\??\c:\jvdjd.exec:\jvdjd.exe223⤵
-
\??\c:\5rfxrxx.exec:\5rfxrxx.exe224⤵
-
\??\c:\rrlxrff.exec:\rrlxrff.exe225⤵
-
\??\c:\bbbthh.exec:\bbbthh.exe226⤵
-
\??\c:\thtnhh.exec:\thtnhh.exe227⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe228⤵
-
\??\c:\flxrlxx.exec:\flxrlxx.exe229⤵
-
\??\c:\rllrlrl.exec:\rllrlrl.exe230⤵
-
\??\c:\nhhhbb.exec:\nhhhbb.exe231⤵
-
\??\c:\vdjpd.exec:\vdjpd.exe232⤵
-
\??\c:\flrlfff.exec:\flrlfff.exe233⤵
-
\??\c:\lfllrff.exec:\lfllrff.exe234⤵
-
\??\c:\tnbbnb.exec:\tnbbnb.exe235⤵
-
\??\c:\dppvd.exec:\dppvd.exe236⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe237⤵
-
\??\c:\rrfxrlx.exec:\rrfxrlx.exe238⤵
-
\??\c:\bhhhbt.exec:\bhhhbt.exe239⤵
-
\??\c:\hbbthh.exec:\hbbthh.exe240⤵
-
\??\c:\jjppv.exec:\jjppv.exe241⤵