Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
21-05-2024 19:20
General
-
Target
1b27a48000c8c3ad06fac132bbb7bde0bf4a3122febd02c06ca6294a4242de09.exe
-
Size
87KB
-
MD5
4f029c375c57297aec881602e90f9b1e
-
SHA1
7981340658d76d823ad1ff126605018ce44c6ce4
-
SHA256
1b27a48000c8c3ad06fac132bbb7bde0bf4a3122febd02c06ca6294a4242de09
-
SHA512
bf94778da6f7606e0e371cb142e2ddbfdb2205e0d3f3682d9918902ed708c4c72d48fdae2a0ead3f88338c822ea6b30aeaaab0eab72cf9720c39ea397dfd1db8
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND+3T4+C2wV3jaCJ5jH3eS:ymb3NkkiQ3mdBjF+3TU2K3bJZXJ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
UPX dump on OEP (original entry point) 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1b27a48000c8c3ad06fac132bbb7bde0bf4a3122febd02c06ca6294a4242de09.exe"C:\Users\Admin\AppData\Local\Temp\1b27a48000c8c3ad06fac132bbb7bde0bf4a3122febd02c06ca6294a4242de09.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxfrff.exec:\fxxfrff.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbnbh.exec:\nnbnbh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvjp.exec:\jdvjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfflxr.exec:\llfflxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxlxfl.exec:\fxxlxfl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhnbh.exec:\tnhnbh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpdd.exec:\pvpdd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntbth.exec:\nntbth.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvjj.exec:\vjvjj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xlfrlr.exec:\5xlfrlr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdppj.exec:\vdppj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrxfxl.exec:\xxrxfxl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hhbth.exec:\9hhbth.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthbnt.exec:\tthbnt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vpvp.exec:\1vpvp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjv.exec:\pjdjv.exe17⤵
- Executes dropped EXE
-
\??\c:\xxxrlrr.exec:\xxxrlrr.exe18⤵
- Executes dropped EXE
-
\??\c:\ttthtb.exec:\ttthtb.exe19⤵
- Executes dropped EXE
-
\??\c:\jpdvv.exec:\jpdvv.exe20⤵
- Executes dropped EXE
-
\??\c:\rrxflxx.exec:\rrxflxx.exe21⤵
- Executes dropped EXE
-
\??\c:\hhbtht.exec:\hhbtht.exe22⤵
- Executes dropped EXE
-
\??\c:\tthttn.exec:\tthttn.exe23⤵
- Executes dropped EXE
-
\??\c:\djvjj.exec:\djvjj.exe24⤵
- Executes dropped EXE
-
\??\c:\xlxxrfl.exec:\xlxxrfl.exe25⤵
- Executes dropped EXE
-
\??\c:\nnbnth.exec:\nnbnth.exe26⤵
- Executes dropped EXE
-
\??\c:\ppvvp.exec:\ppvvp.exe27⤵
- Executes dropped EXE
-
\??\c:\xrflrrx.exec:\xrflrrx.exe28⤵
- Executes dropped EXE
-
\??\c:\hhbtht.exec:\hhbtht.exe29⤵
- Executes dropped EXE
-
\??\c:\jpppj.exec:\jpppj.exe30⤵
- Executes dropped EXE
-
\??\c:\ddjvv.exec:\ddjvv.exe31⤵
- Executes dropped EXE
-
\??\c:\rllfrfx.exec:\rllfrfx.exe32⤵
- Executes dropped EXE
-
\??\c:\nhnbth.exec:\nhnbth.exe33⤵
- Executes dropped EXE
-
\??\c:\5ppjp.exec:\5ppjp.exe34⤵
- Executes dropped EXE
-
\??\c:\vvjvj.exec:\vvjvj.exe35⤵
- Executes dropped EXE
-
\??\c:\9xrfrlr.exec:\9xrfrlr.exe36⤵
- Executes dropped EXE
-
\??\c:\rfxffxr.exec:\rfxffxr.exe37⤵
- Executes dropped EXE
-
\??\c:\thbnht.exec:\thbnht.exe38⤵
- Executes dropped EXE
-
\??\c:\vvdvp.exec:\vvdvp.exe39⤵
- Executes dropped EXE
-
\??\c:\ppddp.exec:\ppddp.exe40⤵
- Executes dropped EXE
-
\??\c:\fxfxlxf.exec:\fxfxlxf.exe41⤵
- Executes dropped EXE
-
\??\c:\nhntth.exec:\nhntth.exe42⤵
- Executes dropped EXE
-
\??\c:\nnhnth.exec:\nnhnth.exe43⤵
- Executes dropped EXE
-
\??\c:\ppdjp.exec:\ppdjp.exe44⤵
- Executes dropped EXE
-
\??\c:\xllrlrr.exec:\xllrlrr.exe45⤵
- Executes dropped EXE
-
\??\c:\rffffrr.exec:\rffffrr.exe46⤵
- Executes dropped EXE
-
\??\c:\ttntnb.exec:\ttntnb.exe47⤵
- Executes dropped EXE
-
\??\c:\dddvv.exec:\dddvv.exe48⤵
- Executes dropped EXE
-
\??\c:\ddvdp.exec:\ddvdp.exe49⤵
- Executes dropped EXE
-
\??\c:\xlrrllx.exec:\xlrrllx.exe50⤵
- Executes dropped EXE
-
\??\c:\rlrxfxl.exec:\rlrxfxl.exe51⤵
- Executes dropped EXE
-
\??\c:\9ntbnt.exec:\9ntbnt.exe52⤵
- Executes dropped EXE
-
\??\c:\djjpp.exec:\djjpp.exe53⤵
- Executes dropped EXE
-
\??\c:\5jjdp.exec:\5jjdp.exe54⤵
- Executes dropped EXE
-
\??\c:\frlxllr.exec:\frlxllr.exe55⤵
- Executes dropped EXE
-
\??\c:\rxlxfxx.exec:\rxlxfxx.exe56⤵
- Executes dropped EXE
-
\??\c:\btntbb.exec:\btntbb.exe57⤵
- Executes dropped EXE
-
\??\c:\3hnnth.exec:\3hnnth.exe58⤵
- Executes dropped EXE
-
\??\c:\pvvpp.exec:\pvvpp.exe59⤵
- Executes dropped EXE
-
\??\c:\rlxfllx.exec:\rlxfllx.exe60⤵
- Executes dropped EXE
-
\??\c:\fflfxlr.exec:\fflfxlr.exe61⤵
- Executes dropped EXE
-
\??\c:\1bhnbn.exec:\1bhnbn.exe62⤵
- Executes dropped EXE
-
\??\c:\hnnhbb.exec:\hnnhbb.exe63⤵
- Executes dropped EXE
-
\??\c:\pjjvd.exec:\pjjvd.exe64⤵
- Executes dropped EXE
-
\??\c:\ffxxlxf.exec:\ffxxlxf.exe65⤵
- Executes dropped EXE
-
\??\c:\rrrxfrf.exec:\rrrxfrf.exe66⤵
-
\??\c:\tnhnhh.exec:\tnhnhh.exe67⤵
-
\??\c:\nhnnbb.exec:\nhnnbb.exe68⤵
-
\??\c:\ppdpj.exec:\ppdpj.exe69⤵
-
\??\c:\vvpjv.exec:\vvpjv.exe70⤵
-
\??\c:\3fffrxl.exec:\3fffrxl.exe71⤵
-
\??\c:\hhhhbh.exec:\hhhhbh.exe72⤵
-
\??\c:\bthnbb.exec:\bthnbb.exe73⤵
-
\??\c:\hntnnh.exec:\hntnnh.exe74⤵
-
\??\c:\5djvj.exec:\5djvj.exe75⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe76⤵
-
\??\c:\rfffllx.exec:\rfffllx.exe77⤵
-
\??\c:\fxrrxxr.exec:\fxrrxxr.exe78⤵
-
\??\c:\tnhtnb.exec:\tnhtnb.exe79⤵
-
\??\c:\5ttbhn.exec:\5ttbhn.exe80⤵
-
\??\c:\9jdjv.exec:\9jdjv.exe81⤵
-
\??\c:\xrrxxfr.exec:\xrrxxfr.exe82⤵
-
\??\c:\rlrlfrf.exec:\rlrlfrf.exe83⤵
-
\??\c:\hhhhtb.exec:\hhhhtb.exe84⤵
-
\??\c:\nhbhtn.exec:\nhbhtn.exe85⤵
-
\??\c:\jpddd.exec:\jpddd.exe86⤵
-
\??\c:\9jvjv.exec:\9jvjv.exe87⤵
-
\??\c:\lrxfrxf.exec:\lrxfrxf.exe88⤵
-
\??\c:\tbtttn.exec:\tbtttn.exe89⤵
-
\??\c:\hhthbh.exec:\hhthbh.exe90⤵
-
\??\c:\ppdpd.exec:\ppdpd.exe91⤵
-
\??\c:\5pjvj.exec:\5pjvj.exe92⤵
-
\??\c:\lrfxfxr.exec:\lrfxfxr.exe93⤵
-
\??\c:\9lfrxfl.exec:\9lfrxfl.exe94⤵
-
\??\c:\nnntnt.exec:\nnntnt.exe95⤵
-
\??\c:\jvddj.exec:\jvddj.exe96⤵
-
\??\c:\vjvvp.exec:\vjvvp.exe97⤵
-
\??\c:\xrrrrll.exec:\xrrrrll.exe98⤵
-
\??\c:\3bhhnt.exec:\3bhhnt.exe99⤵
-
\??\c:\pddvj.exec:\pddvj.exe100⤵
-
\??\c:\jvdpj.exec:\jvdpj.exe101⤵
-
\??\c:\lllxrfr.exec:\lllxrfr.exe102⤵
-
\??\c:\3nnbnn.exec:\3nnbnn.exe103⤵
-
\??\c:\hntthb.exec:\hntthb.exe104⤵
-
\??\c:\jdjpd.exec:\jdjpd.exe105⤵
-
\??\c:\frffxrx.exec:\frffxrx.exe106⤵
-
\??\c:\fxflfrx.exec:\fxflfrx.exe107⤵
-
\??\c:\1nnbnt.exec:\1nnbnt.exe108⤵
-
\??\c:\djppj.exec:\djppj.exe109⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe110⤵
-
\??\c:\1xxlflf.exec:\1xxlflf.exe111⤵
-
\??\c:\lrxxxrx.exec:\lrxxxrx.exe112⤵
-
\??\c:\hnnnhb.exec:\hnnnhb.exe113⤵
-
\??\c:\ddpdp.exec:\ddpdp.exe114⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe115⤵
-
\??\c:\fxxlxlx.exec:\fxxlxlx.exe116⤵
-
\??\c:\xrlfrfr.exec:\xrlfrfr.exe117⤵
-
\??\c:\1nbhbt.exec:\1nbhbt.exe118⤵
-
\??\c:\nhbhbb.exec:\nhbhbb.exe119⤵
-
\??\c:\7jvdp.exec:\7jvdp.exe120⤵
-
\??\c:\jjpjj.exec:\jjpjj.exe121⤵
-
\??\c:\7rrrllx.exec:\7rrrllx.exe122⤵
-
\??\c:\xlxxlll.exec:\xlxxlll.exe123⤵
-
\??\c:\tthbnt.exec:\tthbnt.exe124⤵
-
\??\c:\hhnnbb.exec:\hhnnbb.exe125⤵
-
\??\c:\vpdvd.exec:\vpdvd.exe126⤵
-
\??\c:\jdppj.exec:\jdppj.exe127⤵
-
\??\c:\lfxlxfl.exec:\lfxlxfl.exe128⤵
-
\??\c:\bbthhb.exec:\bbthhb.exe129⤵
-
\??\c:\5hnbnb.exec:\5hnbnb.exe130⤵
-
\??\c:\vvvpd.exec:\vvvpd.exe131⤵
-
\??\c:\ppjvj.exec:\ppjvj.exe132⤵
-
\??\c:\fxffrrx.exec:\fxffrrx.exe133⤵
-
\??\c:\fxxlflf.exec:\fxxlflf.exe134⤵
-
\??\c:\bthntt.exec:\bthntt.exe135⤵
-
\??\c:\1jvvd.exec:\1jvvd.exe136⤵
-
\??\c:\9jjpv.exec:\9jjpv.exe137⤵
-
\??\c:\xffxxfx.exec:\xffxxfx.exe138⤵
-
\??\c:\flrlllx.exec:\flrlllx.exe139⤵
-
\??\c:\bbtnth.exec:\bbtnth.exe140⤵
-
\??\c:\djdpd.exec:\djdpd.exe141⤵
-
\??\c:\vdpdj.exec:\vdpdj.exe142⤵
-
\??\c:\xrlrxlr.exec:\xrlrxlr.exe143⤵
-
\??\c:\rllrxfr.exec:\rllrxfr.exe144⤵
-
\??\c:\hbhbth.exec:\hbhbth.exe145⤵
-
\??\c:\ddpvv.exec:\ddpvv.exe146⤵
-
\??\c:\pvdvv.exec:\pvdvv.exe147⤵
-
\??\c:\5pdjp.exec:\5pdjp.exe148⤵
-
\??\c:\rffrflx.exec:\rffrflx.exe149⤵
-
\??\c:\bhtnnh.exec:\bhtnnh.exe150⤵
-
\??\c:\btbtnt.exec:\btbtnt.exe151⤵
-
\??\c:\1ppvj.exec:\1ppvj.exe152⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe153⤵
-
\??\c:\rfrrrrl.exec:\rfrrrrl.exe154⤵
-
\??\c:\hbnbtb.exec:\hbnbtb.exe155⤵
-
\??\c:\9tntht.exec:\9tntht.exe156⤵
-
\??\c:\dvvvd.exec:\dvvvd.exe157⤵
-
\??\c:\djjpj.exec:\djjpj.exe158⤵
-
\??\c:\ffrrfxr.exec:\ffrrfxr.exe159⤵
-
\??\c:\tnhtht.exec:\tnhtht.exe160⤵
-
\??\c:\nttttn.exec:\nttttn.exe161⤵
-
\??\c:\5dvjp.exec:\5dvjp.exe162⤵
-
\??\c:\llxrrfr.exec:\llxrrfr.exe163⤵
-
\??\c:\1fxrxrl.exec:\1fxrxrl.exe164⤵
-
\??\c:\bhhbth.exec:\bhhbth.exe165⤵
-
\??\c:\ddvpp.exec:\ddvpp.exe166⤵
-
\??\c:\vjpvv.exec:\vjpvv.exe167⤵
-
\??\c:\lfrffrl.exec:\lfrffrl.exe168⤵
-
\??\c:\hbtnhn.exec:\hbtnhn.exe169⤵
-
\??\c:\vjddj.exec:\vjddj.exe170⤵
-
\??\c:\3jjpv.exec:\3jjpv.exe171⤵
-
\??\c:\fffrxfx.exec:\fffrxfx.exe172⤵
-
\??\c:\nhbntn.exec:\nhbntn.exe173⤵
-
\??\c:\vdpjv.exec:\vdpjv.exe174⤵
-
\??\c:\fxlxflr.exec:\fxlxflr.exe175⤵
-
\??\c:\hhnhbh.exec:\hhnhbh.exe176⤵
-
\??\c:\bhtttt.exec:\bhtttt.exe177⤵
-
\??\c:\djdpv.exec:\djdpv.exe178⤵
-
\??\c:\pvpvp.exec:\pvpvp.exe179⤵
-
\??\c:\fflflxl.exec:\fflflxl.exe180⤵
-
\??\c:\hnhhnt.exec:\hnhhnt.exe181⤵
-
\??\c:\nttbnn.exec:\nttbnn.exe182⤵
-
\??\c:\dvpdv.exec:\dvpdv.exe183⤵
-
\??\c:\7rrrxxr.exec:\7rrrxxr.exe184⤵
-
\??\c:\xxlffxf.exec:\xxlffxf.exe185⤵
-
\??\c:\htttnn.exec:\htttnn.exe186⤵
-
\??\c:\htnthh.exec:\htnthh.exe187⤵
-
\??\c:\7vvvp.exec:\7vvvp.exe188⤵
-
\??\c:\llxlxfx.exec:\llxlxfx.exe189⤵
-
\??\c:\5xxrxll.exec:\5xxrxll.exe190⤵
-
\??\c:\3hbhbh.exec:\3hbhbh.exe191⤵
-
\??\c:\bbnnhb.exec:\bbnnhb.exe192⤵
-
\??\c:\vddjv.exec:\vddjv.exe193⤵
-
\??\c:\rrllfrl.exec:\rrllfrl.exe194⤵
-
\??\c:\xrlxfrf.exec:\xrlxfrf.exe195⤵
-
\??\c:\bnbbnh.exec:\bnbbnh.exe196⤵
-
\??\c:\nnhttb.exec:\nnhttb.exe197⤵
-
\??\c:\ddvdv.exec:\ddvdv.exe198⤵
-
\??\c:\1pjpj.exec:\1pjpj.exe199⤵
-
\??\c:\7ffxlrl.exec:\7ffxlrl.exe200⤵
-
\??\c:\hhhbtb.exec:\hhhbtb.exe201⤵
-
\??\c:\dvdpv.exec:\dvdpv.exe202⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe203⤵
-
\??\c:\7fffrxl.exec:\7fffrxl.exe204⤵
-
\??\c:\1nbttt.exec:\1nbttt.exe205⤵
-
\??\c:\3hbbbh.exec:\3hbbbh.exe206⤵
-
\??\c:\djpvj.exec:\djpvj.exe207⤵
-
\??\c:\1flffxx.exec:\1flffxx.exe208⤵
-
\??\c:\btnnbb.exec:\btnnbb.exe209⤵
-
\??\c:\fxfrrxx.exec:\fxfrrxx.exe210⤵
-
\??\c:\ntbbbt.exec:\ntbbbt.exe211⤵
-
\??\c:\pjjvp.exec:\pjjvp.exe212⤵
-
\??\c:\dpdvd.exec:\dpdvd.exe213⤵
-
\??\c:\xxflrrr.exec:\xxflrrr.exe214⤵
-
\??\c:\btnhbb.exec:\btnhbb.exe215⤵
-
\??\c:\tbhhhn.exec:\tbhhhn.exe216⤵
-
\??\c:\dvdjj.exec:\dvdjj.exe217⤵
-
\??\c:\7xlrxll.exec:\7xlrxll.exe218⤵
-
\??\c:\nbnhtb.exec:\nbnhtb.exe219⤵
-
\??\c:\hbbtht.exec:\hbbtht.exe220⤵
-
\??\c:\dvjvv.exec:\dvjvv.exe221⤵
-
\??\c:\lrffrfl.exec:\lrffrfl.exe222⤵
-
\??\c:\ffrrxlf.exec:\ffrrxlf.exe223⤵
-
\??\c:\tnhtbh.exec:\tnhtbh.exe224⤵
-
\??\c:\vvvdd.exec:\vvvdd.exe225⤵
-
\??\c:\jjvvp.exec:\jjvvp.exe226⤵
-
\??\c:\xrlrllx.exec:\xrlrllx.exe227⤵
-
\??\c:\hhtbbn.exec:\hhtbbn.exe228⤵
-
\??\c:\bntthh.exec:\bntthh.exe229⤵
-
\??\c:\3dvjv.exec:\3dvjv.exe230⤵
-
\??\c:\llffllr.exec:\llffllr.exe231⤵
-
\??\c:\bnbnnh.exec:\bnbnnh.exe232⤵
-
\??\c:\1vvvd.exec:\1vvvd.exe233⤵
-
\??\c:\ppjvd.exec:\ppjvd.exe234⤵
-
\??\c:\rfrflxf.exec:\rfrflxf.exe235⤵
-
\??\c:\9xxlrxl.exec:\9xxlrxl.exe236⤵
-
\??\c:\hbbbhh.exec:\hbbbhh.exe237⤵
-
\??\c:\bthbtt.exec:\bthbtt.exe238⤵
-
\??\c:\jvppj.exec:\jvppj.exe239⤵
-
\??\c:\fxxxxfx.exec:\fxxxxfx.exe240⤵