Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
21-05-2024 05:52
General
-
Target
f2791231e18d7b8a6f14e37f84809fa6a1551faacf13aa69be1df33b6e77d7cc.exe
-
Size
274KB
-
MD5
014195da2861f1a230f9c43190481bec
-
SHA1
4fa31ccda65766cc95fa62fd625c764df7e33838
-
SHA256
f2791231e18d7b8a6f14e37f84809fa6a1551faacf13aa69be1df33b6e77d7cc
-
SHA512
dbab4603bd842c9046575aeec529d5af6631d0c537b1bdcaaf63a89ad7279ccb8794f6c9f00312e3fd8a54d4efa03ff44d8f05f279e84711025987160c0afd83
-
SSDEEP
3072:8hOm2sI93UufdC67cimD5t251UrRE9TTFl:8cm7ImGddXmNt251UriZFl
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 38 IoCs
-
UPX dump on OEP (original entry point) 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f2791231e18d7b8a6f14e37f84809fa6a1551faacf13aa69be1df33b6e77d7cc.exe"C:\Users\Admin\AppData\Local\Temp\f2791231e18d7b8a6f14e37f84809fa6a1551faacf13aa69be1df33b6e77d7cc.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjjp.exec:\jvjjp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlxflr.exec:\xxlxflr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hbbbb.exec:\1hbbbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhnbn.exec:\nnhnbn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjpv.exec:\ppjpv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxffl.exec:\lfxxffl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhnnn.exec:\nhhnnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvjp.exec:\ddvjp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrrxfr.exec:\fxrrxfr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhtbh.exec:\bbhtbh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjv.exec:\dvjjv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vvvp.exec:\9vvvp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfffxf.exec:\fxfffxf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxxlrf.exec:\ffxxlrf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjddj.exec:\pjddj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvpp.exec:\pdvpp.exe17⤵
- Executes dropped EXE
-
\??\c:\7frrrxf.exec:\7frrrxf.exe18⤵
- Executes dropped EXE
-
\??\c:\rfxxlxf.exec:\rfxxlxf.exe19⤵
- Executes dropped EXE
-
\??\c:\3hhnnn.exec:\3hhnnn.exe20⤵
- Executes dropped EXE
-
\??\c:\vjjpd.exec:\vjjpd.exe21⤵
- Executes dropped EXE
-
\??\c:\lfxlxrl.exec:\lfxlxrl.exe22⤵
- Executes dropped EXE
-
\??\c:\btbtbb.exec:\btbtbb.exe23⤵
- Executes dropped EXE
-
\??\c:\3pdjj.exec:\3pdjj.exe24⤵
- Executes dropped EXE
-
\??\c:\1fxfrxl.exec:\1fxfrxl.exe25⤵
- Executes dropped EXE
-
\??\c:\xrfrxfl.exec:\xrfrxfl.exe26⤵
- Executes dropped EXE
-
\??\c:\nbtbth.exec:\nbtbth.exe27⤵
- Executes dropped EXE
-
\??\c:\dpdpd.exec:\dpdpd.exe28⤵
- Executes dropped EXE
-
\??\c:\vpddv.exec:\vpddv.exe29⤵
- Executes dropped EXE
-
\??\c:\fxllxxf.exec:\fxllxxf.exe30⤵
- Executes dropped EXE
-
\??\c:\nhhhnn.exec:\nhhhnn.exe31⤵
- Executes dropped EXE
-
\??\c:\pjdjv.exec:\pjdjv.exe32⤵
- Executes dropped EXE
-
\??\c:\rlxxxff.exec:\rlxxxff.exe33⤵
- Executes dropped EXE
-
\??\c:\bnhhtt.exec:\bnhhtt.exe34⤵
- Executes dropped EXE
-
\??\c:\jddvd.exec:\jddvd.exe35⤵
- Executes dropped EXE
-
\??\c:\3ppjj.exec:\3ppjj.exe36⤵
- Executes dropped EXE
-
\??\c:\xlrrxrr.exec:\xlrrxrr.exe37⤵
- Executes dropped EXE
-
\??\c:\tntnnh.exec:\tntnnh.exe38⤵
- Executes dropped EXE
-
\??\c:\hbthnt.exec:\hbthnt.exe39⤵
- Executes dropped EXE
-
\??\c:\pjjjj.exec:\pjjjj.exe40⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe41⤵
- Executes dropped EXE
-
\??\c:\lxrffff.exec:\lxrffff.exe42⤵
- Executes dropped EXE
-
\??\c:\7nbbbh.exec:\7nbbbh.exe43⤵
- Executes dropped EXE
-
\??\c:\5djvv.exec:\5djvv.exe44⤵
- Executes dropped EXE
-
\??\c:\9frxffl.exec:\9frxffl.exe45⤵
- Executes dropped EXE
-
\??\c:\tnhbbh.exec:\tnhbbh.exe46⤵
- Executes dropped EXE
-
\??\c:\1dppv.exec:\1dppv.exe47⤵
- Executes dropped EXE
-
\??\c:\rrfxflx.exec:\rrfxflx.exe48⤵
- Executes dropped EXE
-
\??\c:\tnhthn.exec:\tnhthn.exe49⤵
- Executes dropped EXE
-
\??\c:\7frxxxr.exec:\7frxxxr.exe50⤵
- Executes dropped EXE
-
\??\c:\fxlxrxr.exec:\fxlxrxr.exe51⤵
- Executes dropped EXE
-
\??\c:\nhtthh.exec:\nhtthh.exe52⤵
- Executes dropped EXE
-
\??\c:\1pjjd.exec:\1pjjd.exe53⤵
- Executes dropped EXE
-
\??\c:\5llrfrf.exec:\5llrfrf.exe54⤵
- Executes dropped EXE
-
\??\c:\nbhhnn.exec:\nbhhnn.exe55⤵
- Executes dropped EXE
-
\??\c:\ffxfrfr.exec:\ffxfrfr.exe56⤵
- Executes dropped EXE
-
\??\c:\1frrfxf.exec:\1frrfxf.exe57⤵
- Executes dropped EXE
-
\??\c:\tnbbnh.exec:\tnbbnh.exe58⤵
- Executes dropped EXE
-
\??\c:\5jdpp.exec:\5jdpp.exe59⤵
- Executes dropped EXE
-
\??\c:\dvjpp.exec:\dvjpp.exe60⤵
- Executes dropped EXE
-
\??\c:\fxxfffl.exec:\fxxfffl.exe61⤵
- Executes dropped EXE
-
\??\c:\nhbhnn.exec:\nhbhnn.exe62⤵
- Executes dropped EXE
-
\??\c:\btnbnn.exec:\btnbnn.exe63⤵
- Executes dropped EXE
-
\??\c:\vpjpp.exec:\vpjpp.exe64⤵
- Executes dropped EXE
-
\??\c:\rrlrrrl.exec:\rrlrrrl.exe65⤵
- Executes dropped EXE
-
\??\c:\rrlllrr.exec:\rrlllrr.exe66⤵
-
\??\c:\bthnnn.exec:\bthnnn.exe67⤵
-
\??\c:\dvddd.exec:\dvddd.exe68⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe69⤵
-
\??\c:\ffflfll.exec:\ffflfll.exe70⤵
-
\??\c:\nhbhhn.exec:\nhbhhn.exe71⤵
-
\??\c:\bnbnbh.exec:\bnbnbh.exe72⤵
-
\??\c:\pjddj.exec:\pjddj.exe73⤵
-
\??\c:\lxrfflf.exec:\lxrfflf.exe74⤵
-
\??\c:\ttntnb.exec:\ttntnb.exe75⤵
-
\??\c:\hbntbn.exec:\hbntbn.exe76⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe77⤵
-
\??\c:\jdpdv.exec:\jdpdv.exe78⤵
-
\??\c:\lffxxxx.exec:\lffxxxx.exe79⤵
-
\??\c:\hhbnbb.exec:\hhbnbb.exe80⤵
-
\??\c:\pdjdj.exec:\pdjdj.exe81⤵
-
\??\c:\9vjjv.exec:\9vjjv.exe82⤵
-
\??\c:\rfffffl.exec:\rfffffl.exe83⤵
-
\??\c:\tnnnnn.exec:\tnnnnn.exe84⤵
-
\??\c:\7hntbh.exec:\7hntbh.exe85⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe86⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe87⤵
-
\??\c:\flflxlr.exec:\flflxlr.exe88⤵
-
\??\c:\5nnbhn.exec:\5nnbhn.exe89⤵
-
\??\c:\btbnbh.exec:\btbnbh.exe90⤵
-
\??\c:\5pjpv.exec:\5pjpv.exe91⤵
-
\??\c:\xxlxlrf.exec:\xxlxlrf.exe92⤵
-
\??\c:\bthnbb.exec:\bthnbb.exe93⤵
-
\??\c:\nnntht.exec:\nnntht.exe94⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe95⤵
-
\??\c:\ppjjd.exec:\ppjjd.exe96⤵
-
\??\c:\fxlrffr.exec:\fxlrffr.exe97⤵
-
\??\c:\7rfflrx.exec:\7rfflrx.exe98⤵
-
\??\c:\bthntt.exec:\bthntt.exe99⤵
-
\??\c:\5jdpp.exec:\5jdpp.exe100⤵
-
\??\c:\jpddp.exec:\jpddp.exe101⤵
-
\??\c:\llfrxlx.exec:\llfrxlx.exe102⤵
-
\??\c:\xxxrxfl.exec:\xxxrxfl.exe103⤵
-
\??\c:\nhnnbn.exec:\nhnnbn.exe104⤵
-
\??\c:\7vddj.exec:\7vddj.exe105⤵
-
\??\c:\ddjvd.exec:\ddjvd.exe106⤵
-
\??\c:\jpjjv.exec:\jpjjv.exe107⤵
-
\??\c:\lfrxlxl.exec:\lfrxlxl.exe108⤵
-
\??\c:\btbntt.exec:\btbntt.exe109⤵
-
\??\c:\nnbnbh.exec:\nnbnbh.exe110⤵
-
\??\c:\ddjpp.exec:\ddjpp.exe111⤵
-
\??\c:\5vjjp.exec:\5vjjp.exe112⤵
-
\??\c:\fffrrff.exec:\fffrrff.exe113⤵
-
\??\c:\3nbbhn.exec:\3nbbhn.exe114⤵
-
\??\c:\nhthnt.exec:\nhthnt.exe115⤵
-
\??\c:\5jjjd.exec:\5jjjd.exe116⤵
-
\??\c:\ppvpd.exec:\ppvpd.exe117⤵
-
\??\c:\rrlflll.exec:\rrlflll.exe118⤵
-
\??\c:\rrffxlx.exec:\rrffxlx.exe119⤵
-
\??\c:\nnbntt.exec:\nnbntt.exe120⤵
-
\??\c:\dddjd.exec:\dddjd.exe121⤵
-
\??\c:\pdppp.exec:\pdppp.exe122⤵
-
\??\c:\5lfxfxf.exec:\5lfxfxf.exe123⤵
-
\??\c:\nhbhtt.exec:\nhbhtt.exe124⤵
-
\??\c:\bbbhnt.exec:\bbbhnt.exe125⤵
-
\??\c:\9dvdd.exec:\9dvdd.exe126⤵
-
\??\c:\ffxxxxf.exec:\ffxxxxf.exe127⤵
-
\??\c:\rlxlrrf.exec:\rlxlrrf.exe128⤵
-
\??\c:\bhnbht.exec:\bhnbht.exe129⤵
-
\??\c:\djpjj.exec:\djpjj.exe130⤵
-
\??\c:\1jvvd.exec:\1jvvd.exe131⤵
-
\??\c:\xfrrflr.exec:\xfrrflr.exe132⤵
-
\??\c:\9htntt.exec:\9htntt.exe133⤵
-
\??\c:\ntbbtn.exec:\ntbbtn.exe134⤵
-
\??\c:\9vpdv.exec:\9vpdv.exe135⤵
-
\??\c:\9pjpd.exec:\9pjpd.exe136⤵
-
\??\c:\rflllll.exec:\rflllll.exe137⤵
-
\??\c:\nhthnn.exec:\nhthnn.exe138⤵
-
\??\c:\jpjpd.exec:\jpjpd.exe139⤵
-
\??\c:\9rfrlrx.exec:\9rfrlrx.exe140⤵
-
\??\c:\xlxrxll.exec:\xlxrxll.exe141⤵
-
\??\c:\nhhbbh.exec:\nhhbbh.exe142⤵
-
\??\c:\tbtbbb.exec:\tbtbbb.exe143⤵
-
\??\c:\rlfrxxl.exec:\rlfrxxl.exe144⤵
-
\??\c:\bbbbnt.exec:\bbbbnt.exe145⤵
-
\??\c:\tntbhh.exec:\tntbhh.exe146⤵
-
\??\c:\dvppj.exec:\dvppj.exe147⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe148⤵
-
\??\c:\5fllrll.exec:\5fllrll.exe149⤵
-
\??\c:\nhnhnn.exec:\nhnhnn.exe150⤵
-
\??\c:\vpddj.exec:\vpddj.exe151⤵
-
\??\c:\7djjj.exec:\7djjj.exe152⤵
-
\??\c:\tnhnnt.exec:\tnhnnt.exe153⤵
-
\??\c:\7djjj.exec:\7djjj.exe154⤵
-
\??\c:\lfflxxl.exec:\lfflxxl.exe155⤵
-
\??\c:\xrlrxfl.exec:\xrlrxfl.exe156⤵
-
\??\c:\tbnhbn.exec:\tbnhbn.exe157⤵
-
\??\c:\jddpd.exec:\jddpd.exe158⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe159⤵
-
\??\c:\lxxrrxl.exec:\lxxrrxl.exe160⤵
-
\??\c:\7lxfxrx.exec:\7lxfxrx.exe161⤵
-
\??\c:\3nntnh.exec:\3nntnh.exe162⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe163⤵
-
\??\c:\djdvv.exec:\djdvv.exe164⤵
-
\??\c:\lllxxfl.exec:\lllxxfl.exe165⤵
-
\??\c:\1lfxlrx.exec:\1lfxlrx.exe166⤵
-
\??\c:\thnnbb.exec:\thnnbb.exe167⤵
-
\??\c:\pjddd.exec:\pjddd.exe168⤵
-
\??\c:\jjvdv.exec:\jjvdv.exe169⤵
-
\??\c:\xflffll.exec:\xflffll.exe170⤵
-
\??\c:\ffxrxxf.exec:\ffxrxxf.exe171⤵
-
\??\c:\nhbhtb.exec:\nhbhtb.exe172⤵
-
\??\c:\9dppv.exec:\9dppv.exe173⤵
-
\??\c:\vpdpp.exec:\vpdpp.exe174⤵
-
\??\c:\lrrrfxf.exec:\lrrrfxf.exe175⤵
-
\??\c:\xxrrxfl.exec:\xxrrxfl.exe176⤵
-
\??\c:\3btbtt.exec:\3btbtt.exe177⤵
-
\??\c:\btbhnn.exec:\btbhnn.exe178⤵
-
\??\c:\3jddv.exec:\3jddv.exe179⤵
-
\??\c:\jddjp.exec:\jddjp.exe180⤵
-
\??\c:\llxlxxl.exec:\llxlxxl.exe181⤵
-
\??\c:\nhtnhh.exec:\nhtnhh.exe182⤵
-
\??\c:\tnhthb.exec:\tnhthb.exe183⤵
-
\??\c:\vvdjv.exec:\vvdjv.exe184⤵
-
\??\c:\9ddjv.exec:\9ddjv.exe185⤵
-
\??\c:\xxrrxfl.exec:\xxrrxfl.exe186⤵
-
\??\c:\7fxxlxf.exec:\7fxxlxf.exe187⤵
-
\??\c:\nhtthh.exec:\nhtthh.exe188⤵
-
\??\c:\vvvdp.exec:\vvvdp.exe189⤵
-
\??\c:\7vpjp.exec:\7vpjp.exe190⤵
-
\??\c:\xllrxxf.exec:\xllrxxf.exe191⤵
-
\??\c:\7rrrlrr.exec:\7rrrlrr.exe192⤵
-
\??\c:\hbtbhh.exec:\hbtbhh.exe193⤵
-
\??\c:\nhnnnh.exec:\nhnnnh.exe194⤵
-
\??\c:\1jvjp.exec:\1jvjp.exe195⤵
-
\??\c:\5dvpp.exec:\5dvpp.exe196⤵
-
\??\c:\flfllrf.exec:\flfllrf.exe197⤵
-
\??\c:\rxffrlr.exec:\rxffrlr.exe198⤵
-
\??\c:\nntnnn.exec:\nntnnn.exe199⤵
-
\??\c:\htnnbh.exec:\htnnbh.exe200⤵
-
\??\c:\vjddj.exec:\vjddj.exe201⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe202⤵
-
\??\c:\fxffrlx.exec:\fxffrlx.exe203⤵
-
\??\c:\nbttbn.exec:\nbttbn.exe204⤵
-
\??\c:\hhttnn.exec:\hhttnn.exe205⤵
-
\??\c:\pvjvj.exec:\pvjvj.exe206⤵
-
\??\c:\dvpvp.exec:\dvpvp.exe207⤵
-
\??\c:\xrlrllf.exec:\xrlrllf.exe208⤵
-
\??\c:\5nhntb.exec:\5nhntb.exe209⤵
-
\??\c:\tnhhnb.exec:\tnhhnb.exe210⤵
-
\??\c:\vjjjp.exec:\vjjjp.exe211⤵
-
\??\c:\xrxrflr.exec:\xrxrflr.exe212⤵
-
\??\c:\ffxxxxl.exec:\ffxxxxl.exe213⤵
-
\??\c:\thttbt.exec:\thttbt.exe214⤵
-
\??\c:\hbnntb.exec:\hbnntb.exe215⤵
-
\??\c:\3jjjd.exec:\3jjjd.exe216⤵
-
\??\c:\djppd.exec:\djppd.exe217⤵
-
\??\c:\lfrxffr.exec:\lfrxffr.exe218⤵
-
\??\c:\lrflxfl.exec:\lrflxfl.exe219⤵
-
\??\c:\bbttnb.exec:\bbttnb.exe220⤵
-
\??\c:\9jvvv.exec:\9jvvv.exe221⤵
-
\??\c:\1vppd.exec:\1vppd.exe222⤵
-
\??\c:\xlrfrrl.exec:\xlrfrrl.exe223⤵
-
\??\c:\1rrxffl.exec:\1rrxffl.exe224⤵
-
\??\c:\hbbhnn.exec:\hbbhnn.exe225⤵
-
\??\c:\1nntbh.exec:\1nntbh.exe226⤵
-
\??\c:\5pvvd.exec:\5pvvd.exe227⤵
-
\??\c:\xxflxlf.exec:\xxflxlf.exe228⤵
-
\??\c:\5rfrxxf.exec:\5rfrxxf.exe229⤵
-
\??\c:\nbntbh.exec:\nbntbh.exe230⤵
-
\??\c:\1tbhhn.exec:\1tbhhn.exe231⤵
-
\??\c:\vppdj.exec:\vppdj.exe232⤵
-
\??\c:\ddjvd.exec:\ddjvd.exe233⤵
-
\??\c:\rlxflrx.exec:\rlxflrx.exe234⤵
-
\??\c:\3rxfflr.exec:\3rxfflr.exe235⤵
-
\??\c:\bthntb.exec:\bthntb.exe236⤵
-
\??\c:\9dppd.exec:\9dppd.exe237⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe238⤵
-
\??\c:\rfrrrrx.exec:\rfrrrrx.exe239⤵
-
\??\c:\7flflll.exec:\7flflll.exe240⤵
-
\??\c:\thttbn.exec:\thttbn.exe241⤵