Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
21-05-2024 19:01
General
-
Target
009ca363c0905fc9c567c1f327805d4988a69063b3770efad233e1539d0c4faa.exe
-
Size
840KB
-
MD5
0b3d6a376b87373f2afb5ac413977c10
-
SHA1
948230a7fa431c31c1052811cb6c2c154aff88ad
-
SHA256
009ca363c0905fc9c567c1f327805d4988a69063b3770efad233e1539d0c4faa
-
SHA512
382331618d2e9e1e74f004789d95ffaf652e1fa40c289445d564c7883c397264bee979508f90ed6fde3104951a8f2cd8b33b5e82ed90c42b7b61df6808f02b40
-
SSDEEP
24576:Sgdn8whSenedn8whhdn76gdn8whSfgdn8whSzm:TFyVPfz
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\009ca363c0905fc9c567c1f327805d4988a69063b3770efad233e1539d0c4faa.exe"C:\Users\Admin\AppData\Local\Temp\009ca363c0905fc9c567c1f327805d4988a69063b3770efad233e1539d0c4faa.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tttthb.exec:\tttthb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ffrxxl.exec:\9ffrxxl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttthnh.exec:\ttthnh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjp.exec:\pjdjp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvdp.exec:\ddvdp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfrxfr.exec:\rlfrxfr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrxrfx.exec:\xrrxrfx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbhn.exec:\bbtbhn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpdj.exec:\vvpdj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbttn.exec:\htbttn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbhhn.exec:\bbbhhn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvjd.exec:\jdvjd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrfrxr.exec:\xrrfrxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttnhb.exec:\tttnhb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrlxxf.exec:\xxrlxxf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjpv.exec:\jjjpv.exe17⤵
- Executes dropped EXE
-
\??\c:\ppvjv.exec:\ppvjv.exe18⤵
- Executes dropped EXE
-
\??\c:\lfxfrlx.exec:\lfxfrlx.exe19⤵
- Executes dropped EXE
-
\??\c:\5fxxrxx.exec:\5fxxrxx.exe20⤵
- Executes dropped EXE
-
\??\c:\tthhnt.exec:\tthhnt.exe21⤵
- Executes dropped EXE
-
\??\c:\nhthth.exec:\nhthth.exe22⤵
- Executes dropped EXE
-
\??\c:\5xrrrrx.exec:\5xrrrrx.exe23⤵
- Executes dropped EXE
-
\??\c:\vppvp.exec:\vppvp.exe24⤵
- Executes dropped EXE
-
\??\c:\lrffxrf.exec:\lrffxrf.exe25⤵
- Executes dropped EXE
-
\??\c:\lfxxlrl.exec:\lfxxlrl.exe26⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe27⤵
- Executes dropped EXE
-
\??\c:\btntbn.exec:\btntbn.exe28⤵
- Executes dropped EXE
-
\??\c:\vpjpd.exec:\vpjpd.exe29⤵
- Executes dropped EXE
-
\??\c:\vpjvd.exec:\vpjvd.exe30⤵
- Executes dropped EXE
-
\??\c:\xrrfxxr.exec:\xrrfxxr.exe31⤵
- Executes dropped EXE
-
\??\c:\fxrlrlx.exec:\fxrlrlx.exe32⤵
- Executes dropped EXE
-
\??\c:\9btntt.exec:\9btntt.exe33⤵
- Executes dropped EXE
-
\??\c:\hhntbn.exec:\hhntbn.exe34⤵
- Executes dropped EXE
-
\??\c:\vpjpd.exec:\vpjpd.exe35⤵
- Executes dropped EXE
-
\??\c:\rrllxfx.exec:\rrllxfx.exe36⤵
-
\??\c:\rlxlxlx.exec:\rlxlxlx.exe37⤵
- Executes dropped EXE
-
\??\c:\1nbnbn.exec:\1nbnbn.exe38⤵
- Executes dropped EXE
-
\??\c:\dvvdp.exec:\dvvdp.exe39⤵
- Executes dropped EXE
-
\??\c:\rrfrfrl.exec:\rrfrfrl.exe40⤵
- Executes dropped EXE
-
\??\c:\nhbbtb.exec:\nhbbtb.exe41⤵
- Executes dropped EXE
-
\??\c:\dvpjv.exec:\dvpjv.exe42⤵
- Executes dropped EXE
-
\??\c:\xrlxlfx.exec:\xrlxlfx.exe43⤵
- Executes dropped EXE
-
\??\c:\tnnhnh.exec:\tnnhnh.exe44⤵
- Executes dropped EXE
-
\??\c:\htnbbb.exec:\htnbbb.exe45⤵
- Executes dropped EXE
-
\??\c:\jvpvd.exec:\jvpvd.exe46⤵
- Executes dropped EXE
-
\??\c:\lllrflr.exec:\lllrflr.exe47⤵
- Executes dropped EXE
-
\??\c:\3tbthn.exec:\3tbthn.exe48⤵
- Executes dropped EXE
-
\??\c:\3dvvp.exec:\3dvvp.exe49⤵
- Executes dropped EXE
-
\??\c:\frrllxx.exec:\frrllxx.exe50⤵
- Executes dropped EXE
-
\??\c:\bnthhb.exec:\bnthhb.exe51⤵
- Executes dropped EXE
-
\??\c:\pjjpj.exec:\pjjpj.exe52⤵
- Executes dropped EXE
-
\??\c:\7xrxxll.exec:\7xrxxll.exe53⤵
- Executes dropped EXE
-
\??\c:\nhbnbh.exec:\nhbnbh.exe54⤵
- Executes dropped EXE
-
\??\c:\jjdjv.exec:\jjdjv.exe55⤵
- Executes dropped EXE
-
\??\c:\rrrfxrf.exec:\rrrfxrf.exe56⤵
- Executes dropped EXE
-
\??\c:\bbbnbn.exec:\bbbnbn.exe57⤵
- Executes dropped EXE
-
\??\c:\hbhhnt.exec:\hbhhnt.exe58⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe59⤵
- Executes dropped EXE
-
\??\c:\7xrxfrx.exec:\7xrxfrx.exe60⤵
- Executes dropped EXE
-
\??\c:\tnnbnb.exec:\tnnbnb.exe61⤵
- Executes dropped EXE
-
\??\c:\dvvdv.exec:\dvvdv.exe62⤵
- Executes dropped EXE
-
\??\c:\fllrfrf.exec:\fllrfrf.exe63⤵
- Executes dropped EXE
-
\??\c:\thbthb.exec:\thbthb.exe64⤵
- Executes dropped EXE
-
\??\c:\7vvdj.exec:\7vvdj.exe65⤵
- Executes dropped EXE
-
\??\c:\dddvp.exec:\dddvp.exe66⤵
- Executes dropped EXE
-
\??\c:\5rlrfrx.exec:\5rlrfrx.exe67⤵
-
\??\c:\ddpvp.exec:\ddpvp.exe68⤵
-
\??\c:\dddpv.exec:\dddpv.exe69⤵
-
\??\c:\xxrfrfl.exec:\xxrfrfl.exe70⤵
-
\??\c:\nnhtbt.exec:\nnhtbt.exe71⤵
-
\??\c:\jdpdj.exec:\jdpdj.exe72⤵
-
\??\c:\rlxflxl.exec:\rlxflxl.exe73⤵
-
\??\c:\nhbnbn.exec:\nhbnbn.exe74⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe75⤵
-
\??\c:\fffxrxf.exec:\fffxrxf.exe76⤵
-
\??\c:\hbtntb.exec:\hbtntb.exe77⤵
-
\??\c:\1jvdd.exec:\1jvdd.exe78⤵
-
\??\c:\xxrxlrf.exec:\xxrxlrf.exe79⤵
-
\??\c:\5hbhnh.exec:\5hbhnh.exe80⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe81⤵
-
\??\c:\lffrllx.exec:\lffrllx.exe82⤵
-
\??\c:\nnbthh.exec:\nnbthh.exe83⤵
-
\??\c:\hnntbh.exec:\hnntbh.exe84⤵
-
\??\c:\7vppp.exec:\7vppp.exe85⤵
-
\??\c:\xrllrfr.exec:\xrllrfr.exe86⤵
-
\??\c:\bbbhth.exec:\bbbhth.exe87⤵
-
\??\c:\ddvdv.exec:\ddvdv.exe88⤵
-
\??\c:\rrrfrxl.exec:\rrrfrxl.exe89⤵
-
\??\c:\bnnntt.exec:\bnnntt.exe90⤵
-
\??\c:\tbbnnh.exec:\tbbnnh.exe91⤵
-
\??\c:\dvpdd.exec:\dvpdd.exe92⤵
-
\??\c:\rlfrxlr.exec:\rlfrxlr.exe93⤵
-
\??\c:\bhttnt.exec:\bhttnt.exe94⤵
-
\??\c:\dpdpj.exec:\dpdpj.exe95⤵
-
\??\c:\xfrffxr.exec:\xfrffxr.exe96⤵
-
\??\c:\nnbhnn.exec:\nnbhnn.exe97⤵
-
\??\c:\jdjpp.exec:\jdjpp.exe98⤵
-
\??\c:\xfrlrlr.exec:\xfrlrlr.exe99⤵
-
\??\c:\hnthht.exec:\hnthht.exe100⤵
-
\??\c:\hbnbbt.exec:\hbnbbt.exe101⤵
-
\??\c:\ffrfrxl.exec:\ffrfrxl.exe102⤵
-
\??\c:\lfrflxl.exec:\lfrflxl.exe103⤵
-
\??\c:\1thntb.exec:\1thntb.exe104⤵
-
\??\c:\9dvpd.exec:\9dvpd.exe105⤵
-
\??\c:\rlxxfxr.exec:\rlxxfxr.exe106⤵
-
\??\c:\bbhtbb.exec:\bbhtbb.exe107⤵
-
\??\c:\vjpdd.exec:\vjpdd.exe108⤵
-
\??\c:\xrlrlxl.exec:\xrlrlxl.exe109⤵
-
\??\c:\nnttnn.exec:\nnttnn.exe110⤵
-
\??\c:\nhthbh.exec:\nhthbh.exe111⤵
-
\??\c:\jdppd.exec:\jdppd.exe112⤵
-
\??\c:\xxlfxfx.exec:\xxlfxfx.exe113⤵
-
\??\c:\bhbhbb.exec:\bhbhbb.exe114⤵
-
\??\c:\vvjpv.exec:\vvjpv.exe115⤵
-
\??\c:\rrlrfrx.exec:\rrlrfrx.exe116⤵
-
\??\c:\bhhbbt.exec:\bhhbbt.exe117⤵
-
\??\c:\vppdj.exec:\vppdj.exe118⤵
-
\??\c:\xflffxr.exec:\xflffxr.exe119⤵
-
\??\c:\bththt.exec:\bththt.exe120⤵
-
\??\c:\ppdjp.exec:\ppdjp.exe121⤵
-
\??\c:\lfrrllf.exec:\lfrrllf.exe122⤵
-
\??\c:\llfrlxl.exec:\llfrlxl.exe123⤵
-
\??\c:\7nbntn.exec:\7nbntn.exe124⤵
-
\??\c:\dpvjj.exec:\dpvjj.exe125⤵
-
\??\c:\xxrxlxl.exec:\xxrxlxl.exe126⤵
-
\??\c:\btntbh.exec:\btntbh.exe127⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe128⤵
-
\??\c:\lxrxllx.exec:\lxrxllx.exe129⤵
-
\??\c:\tbnhbn.exec:\tbnhbn.exe130⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe131⤵
-
\??\c:\lllxlrf.exec:\lllxlrf.exe132⤵
-
\??\c:\fxfxfxf.exec:\fxfxfxf.exe133⤵
-
\??\c:\bnbnth.exec:\bnbnth.exe134⤵
-
\??\c:\jdvjd.exec:\jdvjd.exe135⤵
-
\??\c:\llxlxlx.exec:\llxlxlx.exe136⤵
-
\??\c:\hbhtbn.exec:\hbhtbn.exe137⤵
-
\??\c:\ppvpp.exec:\ppvpp.exe138⤵
-
\??\c:\3lflxrr.exec:\3lflxrr.exe139⤵
-
\??\c:\ffrflxl.exec:\ffrflxl.exe140⤵
-
\??\c:\bnnbnb.exec:\bnnbnb.exe141⤵
-
\??\c:\jjvdp.exec:\jjvdp.exe142⤵
-
\??\c:\lxfrlfx.exec:\lxfrlfx.exe143⤵
-
\??\c:\hhthbn.exec:\hhthbn.exe144⤵
-
\??\c:\ppdjp.exec:\ppdjp.exe145⤵
-
\??\c:\xflffxx.exec:\xflffxx.exe146⤵
-
\??\c:\hbtthh.exec:\hbtthh.exe147⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe148⤵
-
\??\c:\rlfrxlx.exec:\rlfrxlx.exe149⤵
-
\??\c:\5xxffrf.exec:\5xxffrf.exe150⤵
-
\??\c:\7hhbhn.exec:\7hhbhn.exe151⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe152⤵
-
\??\c:\xxxfrfr.exec:\xxxfrfr.exe153⤵
-
\??\c:\1tnbnt.exec:\1tnbnt.exe154⤵
-
\??\c:\djvdp.exec:\djvdp.exe155⤵
-
\??\c:\lrfrlff.exec:\lrfrlff.exe156⤵
-
\??\c:\hthtnn.exec:\hthtnn.exe157⤵
-
\??\c:\dpjjv.exec:\dpjjv.exe158⤵
-
\??\c:\3frxxfl.exec:\3frxxfl.exe159⤵
-
\??\c:\nhtnnh.exec:\nhtnnh.exe160⤵
-
\??\c:\ppvdv.exec:\ppvdv.exe161⤵
-
\??\c:\rxrrrfl.exec:\rxrrrfl.exe162⤵
-
\??\c:\nnhtnb.exec:\nnhtnb.exe163⤵
-
\??\c:\vjddp.exec:\vjddp.exe164⤵
-
\??\c:\rfrrxll.exec:\rfrrxll.exe165⤵
-
\??\c:\hbbnbb.exec:\hbbnbb.exe166⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe167⤵
-
\??\c:\rrrlxlx.exec:\rrrlxlx.exe168⤵
-
\??\c:\hhhbhn.exec:\hhhbhn.exe169⤵
-
\??\c:\pjdvd.exec:\pjdvd.exe170⤵
-
\??\c:\llflfrx.exec:\llflfrx.exe171⤵
-
\??\c:\nnthnb.exec:\nnthnb.exe172⤵
-
\??\c:\3dppv.exec:\3dppv.exe173⤵
-
\??\c:\xfrfrlf.exec:\xfrfrlf.exe174⤵
-
\??\c:\hbttbb.exec:\hbttbb.exe175⤵
-
\??\c:\ppdpv.exec:\ppdpv.exe176⤵
-
\??\c:\lfxllrx.exec:\lfxllrx.exe177⤵
-
\??\c:\btnttt.exec:\btnttt.exe178⤵
-
\??\c:\vvvvv.exec:\vvvvv.exe179⤵
-
\??\c:\frrflll.exec:\frrflll.exe180⤵
-
\??\c:\bttbhn.exec:\bttbhn.exe181⤵
-
\??\c:\jjpvj.exec:\jjpvj.exe182⤵
-
\??\c:\fxflfrr.exec:\fxflfrr.exe183⤵
-
\??\c:\btntbt.exec:\btntbt.exe184⤵
-
\??\c:\tnhbnh.exec:\tnhbnh.exe185⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe186⤵
-
\??\c:\hhbnbn.exec:\hhbnbn.exe187⤵
-
\??\c:\1btbhh.exec:\1btbhh.exe188⤵
-
\??\c:\pjdjj.exec:\pjdjj.exe189⤵
-
\??\c:\ffxlxrf.exec:\ffxlxrf.exe190⤵
-
\??\c:\bnhhtt.exec:\bnhhtt.exe191⤵
-
\??\c:\djjjp.exec:\djjjp.exe192⤵
-
\??\c:\rrxfllx.exec:\rrxfllx.exe193⤵
-
\??\c:\9htbhb.exec:\9htbhb.exe194⤵
-
\??\c:\pvdpj.exec:\pvdpj.exe195⤵
-
\??\c:\xxxfrlx.exec:\xxxfrlx.exe196⤵
-
\??\c:\hbhbht.exec:\hbhbht.exe197⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe198⤵
-
\??\c:\9fxlxfx.exec:\9fxlxfx.exe199⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe200⤵
-
\??\c:\flfrfxl.exec:\flfrfxl.exe201⤵
-
\??\c:\hthtth.exec:\hthtth.exe202⤵
-
\??\c:\dvjvv.exec:\dvjvv.exe203⤵
-
\??\c:\rrlrlxl.exec:\rrlrlxl.exe204⤵
-
\??\c:\lxfxrlr.exec:\lxfxrlr.exe205⤵
-
\??\c:\ttbhth.exec:\ttbhth.exe206⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe207⤵
-
\??\c:\rxlxfrl.exec:\rxlxfrl.exe208⤵
-
\??\c:\nhtnbb.exec:\nhtnbb.exe209⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe210⤵
-
\??\c:\ppjvj.exec:\ppjvj.exe211⤵
-
\??\c:\fxrflrf.exec:\fxrflrf.exe212⤵
-
\??\c:\1bntbh.exec:\1bntbh.exe213⤵
-
\??\c:\vdpvd.exec:\vdpvd.exe214⤵
-
\??\c:\xrlrflr.exec:\xrlrflr.exe215⤵
-
\??\c:\ttttnh.exec:\ttttnh.exe216⤵
-
\??\c:\dvjvd.exec:\dvjvd.exe217⤵
-
\??\c:\fxfxxll.exec:\fxfxxll.exe218⤵
-
\??\c:\nbtnnh.exec:\nbtnnh.exe219⤵
-
\??\c:\vdjjp.exec:\vdjjp.exe220⤵
-
\??\c:\frxxflr.exec:\frxxflr.exe221⤵
-
\??\c:\btbhtt.exec:\btbhtt.exe222⤵
-
\??\c:\djpjj.exec:\djpjj.exe223⤵
-
\??\c:\ffxxffr.exec:\ffxxffr.exe224⤵
-
\??\c:\9fxlrlr.exec:\9fxlrlr.exe225⤵
-
\??\c:\jjjpv.exec:\jjjpv.exe226⤵
-
\??\c:\jjdpd.exec:\jjdpd.exe227⤵
-
\??\c:\ffflflx.exec:\ffflflx.exe228⤵
-
\??\c:\bbbtnh.exec:\bbbtnh.exe229⤵
-
\??\c:\dddpd.exec:\dddpd.exe230⤵
-
\??\c:\xxrfrlf.exec:\xxrfrlf.exe231⤵
-
\??\c:\1thntn.exec:\1thntn.exe232⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe233⤵
-
\??\c:\xrfxfxr.exec:\xrfxfxr.exe234⤵
-
\??\c:\bbtbhb.exec:\bbtbhb.exe235⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe236⤵
-
\??\c:\dvvdj.exec:\dvvdj.exe237⤵
-
\??\c:\1rfllxx.exec:\1rfllxx.exe238⤵
-
\??\c:\hhntbn.exec:\hhntbn.exe239⤵
-
\??\c:\pjvpj.exec:\pjvpj.exe240⤵