Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
21-05-2024 05:49
General
-
Target
f15b7a54359bb613e4f27fa6632dba4968a8522d876b8f0b5ab84711b9aa6ad8.exe
-
Size
81KB
-
MD5
b147399446e2715118189b3ef30c3df7
-
SHA1
7e929a592a52c084baa185c838827ce2ef251f98
-
SHA256
f15b7a54359bb613e4f27fa6632dba4968a8522d876b8f0b5ab84711b9aa6ad8
-
SHA512
f8c6ed2c7898e8d19428dbbeba86240f2be949613785640d6086d0132675d4465b11f0cc13480fd3203d44b676bbff4430a82a2fc9ca8abb8b334f1f20c86439
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo7xCkTsIwtOa2dYS8nj8:ymb3NkkiQ3mdBjFo7LAIbT6j8
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
UPX dump on OEP (original entry point) 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f15b7a54359bb613e4f27fa6632dba4968a8522d876b8f0b5ab84711b9aa6ad8.exe"C:\Users\Admin\AppData\Local\Temp\f15b7a54359bb613e4f27fa6632dba4968a8522d876b8f0b5ab84711b9aa6ad8.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1rfxrlr.exec:\1rfxrlr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhnht.exec:\nnhnht.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhtbh.exec:\hhhtbh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhhn.exec:\bthhhn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpvj.exec:\jjpvj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjv.exec:\dppjv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllrllf.exec:\lllrllf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tththb.exec:\tththb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9thtnh.exec:\9thtnh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjdj.exec:\djjdj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppv.exec:\jdppv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrxxlr.exec:\lfrxxlr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxlrxl.exec:\fxxlrxl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbntbn.exec:\bbntbn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nbhnn.exec:\7nbhnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jdjp.exec:\1jdjp.exe17⤵
- Executes dropped EXE
-
\??\c:\jjdvv.exec:\jjdvv.exe18⤵
- Executes dropped EXE
-
\??\c:\7rlxxxf.exec:\7rlxxxf.exe19⤵
- Executes dropped EXE
-
\??\c:\xffxrfx.exec:\xffxrfx.exe20⤵
- Executes dropped EXE
-
\??\c:\nhthtb.exec:\nhthtb.exe21⤵
- Executes dropped EXE
-
\??\c:\hhbbtb.exec:\hhbbtb.exe22⤵
- Executes dropped EXE
-
\??\c:\jjvjd.exec:\jjvjd.exe23⤵
- Executes dropped EXE
-
\??\c:\jjjpj.exec:\jjjpj.exe24⤵
- Executes dropped EXE
-
\??\c:\rrrrlxr.exec:\rrrrlxr.exe25⤵
- Executes dropped EXE
-
\??\c:\xxfflrf.exec:\xxfflrf.exe26⤵
- Executes dropped EXE
-
\??\c:\btbbnt.exec:\btbbnt.exe27⤵
- Executes dropped EXE
-
\??\c:\1nthnt.exec:\1nthnt.exe28⤵
- Executes dropped EXE
-
\??\c:\3ppjp.exec:\3ppjp.exe29⤵
- Executes dropped EXE
-
\??\c:\7pdjv.exec:\7pdjv.exe30⤵
- Executes dropped EXE
-
\??\c:\1pvpd.exec:\1pvpd.exe31⤵
- Executes dropped EXE
-
\??\c:\rrrfrfr.exec:\rrrfrfr.exe32⤵
- Executes dropped EXE
-
\??\c:\5ttttb.exec:\5ttttb.exe33⤵
- Executes dropped EXE
-
\??\c:\bbnbnt.exec:\bbnbnt.exe34⤵
- Executes dropped EXE
-
\??\c:\djpvv.exec:\djpvv.exe35⤵
- Executes dropped EXE
-
\??\c:\pjvdv.exec:\pjvdv.exe36⤵
- Executes dropped EXE
-
\??\c:\ffrrxrl.exec:\ffrrxrl.exe37⤵
- Executes dropped EXE
-
\??\c:\1xrrrff.exec:\1xrrrff.exe38⤵
- Executes dropped EXE
-
\??\c:\lfrxlrx.exec:\lfrxlrx.exe39⤵
- Executes dropped EXE
-
\??\c:\hbnbhh.exec:\hbnbhh.exe40⤵
- Executes dropped EXE
-
\??\c:\nnhtbb.exec:\nnhtbb.exe41⤵
- Executes dropped EXE
-
\??\c:\nnhhhh.exec:\nnhhhh.exe42⤵
- Executes dropped EXE
-
\??\c:\jdpdp.exec:\jdpdp.exe43⤵
- Executes dropped EXE
-
\??\c:\vvdvd.exec:\vvdvd.exe44⤵
- Executes dropped EXE
-
\??\c:\ffflxff.exec:\ffflxff.exe45⤵
- Executes dropped EXE
-
\??\c:\frxlrxf.exec:\frxlrxf.exe46⤵
- Executes dropped EXE
-
\??\c:\5hhnth.exec:\5hhnth.exe47⤵
- Executes dropped EXE
-
\??\c:\ppppd.exec:\ppppd.exe48⤵
- Executes dropped EXE
-
\??\c:\9ddjv.exec:\9ddjv.exe49⤵
- Executes dropped EXE
-
\??\c:\5lxlfxr.exec:\5lxlfxr.exe50⤵
- Executes dropped EXE
-
\??\c:\rxxxxrl.exec:\rxxxxrl.exe51⤵
- Executes dropped EXE
-
\??\c:\hhtbtb.exec:\hhtbtb.exe52⤵
- Executes dropped EXE
-
\??\c:\bhhtth.exec:\bhhtth.exe53⤵
- Executes dropped EXE
-
\??\c:\tnntbb.exec:\tnntbb.exe54⤵
- Executes dropped EXE
-
\??\c:\vpdpp.exec:\vpdpp.exe55⤵
- Executes dropped EXE
-
\??\c:\ppvpd.exec:\ppvpd.exe56⤵
- Executes dropped EXE
-
\??\c:\1xrxflx.exec:\1xrxflx.exe57⤵
- Executes dropped EXE
-
\??\c:\5rrxfrx.exec:\5rrxfrx.exe58⤵
- Executes dropped EXE
-
\??\c:\nnnbtb.exec:\nnnbtb.exe59⤵
- Executes dropped EXE
-
\??\c:\9hhtht.exec:\9hhtht.exe60⤵
- Executes dropped EXE
-
\??\c:\3vddv.exec:\3vddv.exe61⤵
- Executes dropped EXE
-
\??\c:\5dpvj.exec:\5dpvj.exe62⤵
- Executes dropped EXE
-
\??\c:\llrxxll.exec:\llrxxll.exe63⤵
- Executes dropped EXE
-
\??\c:\rrxfllf.exec:\rrxfllf.exe64⤵
- Executes dropped EXE
-
\??\c:\tttbnh.exec:\tttbnh.exe65⤵
- Executes dropped EXE
-
\??\c:\dpdvd.exec:\dpdvd.exe66⤵
-
\??\c:\pdvdj.exec:\pdvdj.exe67⤵
-
\??\c:\vdpvj.exec:\vdpvj.exe68⤵
-
\??\c:\xfxxrxx.exec:\xfxxrxx.exe69⤵
-
\??\c:\frffxfr.exec:\frffxfr.exe70⤵
-
\??\c:\rlffrrf.exec:\rlffrrf.exe71⤵
-
\??\c:\hbbtbn.exec:\hbbtbn.exe72⤵
-
\??\c:\bhhbth.exec:\bhhbth.exe73⤵
-
\??\c:\dddjp.exec:\dddjp.exe74⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe75⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe76⤵
-
\??\c:\xfrlrll.exec:\xfrlrll.exe77⤵
-
\??\c:\lfflfrf.exec:\lfflfrf.exe78⤵
-
\??\c:\nnhhbb.exec:\nnhhbb.exe79⤵
-
\??\c:\tttbnt.exec:\tttbnt.exe80⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe81⤵
-
\??\c:\5vvvj.exec:\5vvvj.exe82⤵
-
\??\c:\jddvd.exec:\jddvd.exe83⤵
-
\??\c:\flfrflx.exec:\flfrflx.exe84⤵
-
\??\c:\3fflflx.exec:\3fflflx.exe85⤵
-
\??\c:\lfflrrf.exec:\lfflrrf.exe86⤵
-
\??\c:\tntnbb.exec:\tntnbb.exe87⤵
-
\??\c:\hbtnnt.exec:\hbtnnt.exe88⤵
-
\??\c:\bbntht.exec:\bbntht.exe89⤵
-
\??\c:\ddpjp.exec:\ddpjp.exe90⤵
-
\??\c:\jppjp.exec:\jppjp.exe91⤵
-
\??\c:\5vdvp.exec:\5vdvp.exe92⤵
-
\??\c:\fxrxxlf.exec:\fxrxxlf.exe93⤵
-
\??\c:\ffrffll.exec:\ffrffll.exe94⤵
-
\??\c:\9tttbb.exec:\9tttbb.exe95⤵
-
\??\c:\1hbhbn.exec:\1hbhbn.exe96⤵
-
\??\c:\tbbbnt.exec:\tbbbnt.exe97⤵
-
\??\c:\vjjjj.exec:\vjjjj.exe98⤵
-
\??\c:\dpdjj.exec:\dpdjj.exe99⤵
-
\??\c:\ffxlflx.exec:\ffxlflx.exe100⤵
-
\??\c:\ffrxllx.exec:\ffrxllx.exe101⤵
-
\??\c:\lflrflx.exec:\lflrflx.exe102⤵
-
\??\c:\thbbhn.exec:\thbbhn.exe103⤵
-
\??\c:\9hbhnh.exec:\9hbhnh.exe104⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe105⤵
-
\??\c:\jvdjp.exec:\jvdjp.exe106⤵
-
\??\c:\9vvpj.exec:\9vvpj.exe107⤵
-
\??\c:\xxlrxlx.exec:\xxlrxlx.exe108⤵
-
\??\c:\llxfxlf.exec:\llxfxlf.exe109⤵
-
\??\c:\rlxflrf.exec:\rlxflrf.exe110⤵
-
\??\c:\1bbntb.exec:\1bbntb.exe111⤵
-
\??\c:\9btbnt.exec:\9btbnt.exe112⤵
-
\??\c:\bbtbnn.exec:\bbtbnn.exe113⤵
-
\??\c:\3pjdp.exec:\3pjdp.exe114⤵
-
\??\c:\7jppv.exec:\7jppv.exe115⤵
-
\??\c:\flxrxrr.exec:\flxrxrr.exe116⤵
-
\??\c:\rlflrxx.exec:\rlflrxx.exe117⤵
-
\??\c:\bbbnbn.exec:\bbbnbn.exe118⤵
-
\??\c:\tbthbh.exec:\tbthbh.exe119⤵
-
\??\c:\tthtbh.exec:\tthtbh.exe120⤵
-
\??\c:\5ddjj.exec:\5ddjj.exe121⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe122⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe123⤵
-
\??\c:\xxxxlrr.exec:\xxxxlrr.exe124⤵
-
\??\c:\llrfxlx.exec:\llrfxlx.exe125⤵
-
\??\c:\1fxrflr.exec:\1fxrflr.exe126⤵
-
\??\c:\nthnht.exec:\nthnht.exe127⤵
-
\??\c:\nntthn.exec:\nntthn.exe128⤵
-
\??\c:\nnbhnn.exec:\nnbhnn.exe129⤵
-
\??\c:\9dvvv.exec:\9dvvv.exe130⤵
-
\??\c:\vdjjv.exec:\vdjjv.exe131⤵
-
\??\c:\fffrlrf.exec:\fffrlrf.exe132⤵
-
\??\c:\9llfrxl.exec:\9llfrxl.exe133⤵
-
\??\c:\bhbtnn.exec:\bhbtnn.exe134⤵
-
\??\c:\3tnntn.exec:\3tnntn.exe135⤵
-
\??\c:\jvddd.exec:\jvddd.exe136⤵
-
\??\c:\djdjd.exec:\djdjd.exe137⤵
-
\??\c:\1fffxll.exec:\1fffxll.exe138⤵
-
\??\c:\xllllrr.exec:\xllllrr.exe139⤵
-
\??\c:\tntbbh.exec:\tntbbh.exe140⤵
-
\??\c:\9nbhnt.exec:\9nbhnt.exe141⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe142⤵
-
\??\c:\vvvpd.exec:\vvvpd.exe143⤵
-
\??\c:\lfxflfl.exec:\lfxflfl.exe144⤵
-
\??\c:\lfxxrrl.exec:\lfxxrrl.exe145⤵
-
\??\c:\9tntbh.exec:\9tntbh.exe146⤵
-
\??\c:\bhnbbt.exec:\bhnbbt.exe147⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe148⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe149⤵
-
\??\c:\rxxlfrl.exec:\rxxlfrl.exe150⤵
-
\??\c:\lfrllrl.exec:\lfrllrl.exe151⤵
-
\??\c:\xrxxffl.exec:\xrxxffl.exe152⤵
-
\??\c:\ntnbtb.exec:\ntnbtb.exe153⤵
-
\??\c:\btttth.exec:\btttth.exe154⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe155⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe156⤵
-
\??\c:\1pjjp.exec:\1pjjp.exe157⤵
-
\??\c:\7lxrrlr.exec:\7lxrrlr.exe158⤵
-
\??\c:\3rfrfll.exec:\3rfrfll.exe159⤵
-
\??\c:\xfflfrf.exec:\xfflfrf.exe160⤵
-
\??\c:\hbnbbn.exec:\hbnbbn.exe161⤵
-
\??\c:\btbttt.exec:\btbttt.exe162⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe163⤵
-
\??\c:\ppjdd.exec:\ppjdd.exe164⤵
-
\??\c:\7rlflxl.exec:\7rlflxl.exe165⤵
-
\??\c:\rrlflxx.exec:\rrlflxx.exe166⤵
-
\??\c:\thttbb.exec:\thttbb.exe167⤵
-
\??\c:\tthtbt.exec:\tthtbt.exe168⤵
-
\??\c:\bnnthn.exec:\bnnthn.exe169⤵
-
\??\c:\ppjpp.exec:\ppjpp.exe170⤵
-
\??\c:\rrrlllf.exec:\rrrlllf.exe171⤵
-
\??\c:\fflrxfx.exec:\fflrxfx.exe172⤵
-
\??\c:\hhhnnb.exec:\hhhnnb.exe173⤵
-
\??\c:\1nnttb.exec:\1nnttb.exe174⤵
-
\??\c:\bbhhhh.exec:\bbhhhh.exe175⤵
-
\??\c:\3dvdj.exec:\3dvdj.exe176⤵
-
\??\c:\3jjpd.exec:\3jjpd.exe177⤵
-
\??\c:\7pdpd.exec:\7pdpd.exe178⤵
-
\??\c:\llflflx.exec:\llflflx.exe179⤵
-
\??\c:\ffxlxfl.exec:\ffxlxfl.exe180⤵
-
\??\c:\tnhbhn.exec:\tnhbhn.exe181⤵
-
\??\c:\bbtbtn.exec:\bbtbtn.exe182⤵
-
\??\c:\jvddj.exec:\jvddj.exe183⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe184⤵
-
\??\c:\vppdp.exec:\vppdp.exe185⤵
-
\??\c:\fffxflf.exec:\fffxflf.exe186⤵
-
\??\c:\hhbbnt.exec:\hhbbnt.exe187⤵
-
\??\c:\tnhnbh.exec:\tnhnbh.exe188⤵
-
\??\c:\bbhntt.exec:\bbhntt.exe189⤵
-
\??\c:\pdpvv.exec:\pdpvv.exe190⤵
-
\??\c:\1dvvd.exec:\1dvvd.exe191⤵
-
\??\c:\pvjdj.exec:\pvjdj.exe192⤵
-
\??\c:\3fxflrx.exec:\3fxflrx.exe193⤵
-
\??\c:\xlllrxr.exec:\xlllrxr.exe194⤵
-
\??\c:\9nnhnb.exec:\9nnhnb.exe195⤵
-
\??\c:\ntbnth.exec:\ntbnth.exe196⤵
-
\??\c:\nthbth.exec:\nthbth.exe197⤵
-
\??\c:\pjdjd.exec:\pjdjd.exe198⤵
-
\??\c:\vjdjd.exec:\vjdjd.exe199⤵
-
\??\c:\9jjpj.exec:\9jjpj.exe200⤵
-
\??\c:\lfffrxl.exec:\lfffrxl.exe201⤵
-
\??\c:\llffrfr.exec:\llffrfr.exe202⤵
-
\??\c:\lfllfrr.exec:\lfllfrr.exe203⤵
-
\??\c:\nnthnn.exec:\nnthnn.exe204⤵
-
\??\c:\bnhtnh.exec:\bnhtnh.exe205⤵
-
\??\c:\pdpvj.exec:\pdpvj.exe206⤵
-
\??\c:\ppppv.exec:\ppppv.exe207⤵
-
\??\c:\ddvjv.exec:\ddvjv.exe208⤵
-
\??\c:\9xxflrf.exec:\9xxflrf.exe209⤵
-
\??\c:\rfxrrrl.exec:\rfxrrrl.exe210⤵
-
\??\c:\rrlrxfl.exec:\rrlrxfl.exe211⤵
-
\??\c:\bhbnth.exec:\bhbnth.exe212⤵
-
\??\c:\hhtbtt.exec:\hhtbtt.exe213⤵
-
\??\c:\dpdjp.exec:\dpdjp.exe214⤵
-
\??\c:\ddvvj.exec:\ddvvj.exe215⤵
-
\??\c:\vpddp.exec:\vpddp.exe216⤵
-
\??\c:\rflflrl.exec:\rflflrl.exe217⤵
-
\??\c:\llflrfr.exec:\llflrfr.exe218⤵
-
\??\c:\rxrxllx.exec:\rxrxllx.exe219⤵
-
\??\c:\nnhtnb.exec:\nnhtnb.exe220⤵
-
\??\c:\7tnhtb.exec:\7tnhtb.exe221⤵
-
\??\c:\9nhttb.exec:\9nhttb.exe222⤵
-
\??\c:\9pjpd.exec:\9pjpd.exe223⤵
-
\??\c:\jpvdj.exec:\jpvdj.exe224⤵
-
\??\c:\fxlxllx.exec:\fxlxllx.exe225⤵
-
\??\c:\3rrfrff.exec:\3rrfrff.exe226⤵
-
\??\c:\rxxfrrf.exec:\rxxfrrf.exe227⤵
-
\??\c:\nbnttt.exec:\nbnttt.exe228⤵
-
\??\c:\7nnbhn.exec:\7nnbhn.exe229⤵
-
\??\c:\jpvdp.exec:\jpvdp.exe230⤵
-
\??\c:\djpdd.exec:\djpdd.exe231⤵
-
\??\c:\xfrrrff.exec:\xfrrrff.exe232⤵
-
\??\c:\rxfxxlf.exec:\rxfxxlf.exe233⤵
-
\??\c:\lffflfl.exec:\lffflfl.exe234⤵
-
\??\c:\7tbthb.exec:\7tbthb.exe235⤵
-
\??\c:\hbnbht.exec:\hbnbht.exe236⤵
-
\??\c:\bhthbn.exec:\bhthbn.exe237⤵
-
\??\c:\5dvjp.exec:\5dvjp.exe238⤵
-
\??\c:\pvvjd.exec:\pvvjd.exe239⤵
-
\??\c:\xxlrffr.exec:\xxlrffr.exe240⤵
-
\??\c:\xrxxlrf.exec:\xrxxlrf.exe241⤵