Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
21-05-2024 19:16
General
-
Target
047665fb6bd95566a89ad675188d0e074456feed05ff46c6c7f527bd6b3edac9.exe
-
Size
497KB
-
MD5
203c7d849bcedf90f3a80f7042ec0650
-
SHA1
844e7da681f46ef55df70154f31bfd8a1c1d46c1
-
SHA256
047665fb6bd95566a89ad675188d0e074456feed05ff46c6c7f527bd6b3edac9
-
SHA512
6b64c75e7aef5b6fa751cc4a824a6da5dcdef37700d81a20a2c170155cb5d40fe3b398c0ec562ae039af1e5bbaca68f4c19acdca471968c91ef811e90d8c43d2
-
SSDEEP
12288:S4wFHoSyoS3ebeFmFVvlrmwcT4wpteFmFTxj:0KFmFVtrRcFEFmF5
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\047665fb6bd95566a89ad675188d0e074456feed05ff46c6c7f527bd6b3edac9.exe"C:\Users\Admin\AppData\Local\Temp\047665fb6bd95566a89ad675188d0e074456feed05ff46c6c7f527bd6b3edac9.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdd.exec:\pjvdd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ffrflr.exec:\5ffrflr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthhnt.exec:\tthhnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbhh.exec:\bbtbhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flfrlxr.exec:\flfrlxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nhthn.exec:\5nhthn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvjv.exec:\vpvjv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllrxfr.exec:\rllrxfr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvjp.exec:\pjvjp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxfrxl.exec:\rxxfrxl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdpp.exec:\djdpp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7frfrxl.exec:\7frfrxl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjp.exec:\pjdjp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbthn.exec:\bbbthn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvjp.exec:\jjvjp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxllxfl.exec:\xxllxfl.exe17⤵
- Executes dropped EXE
-
\??\c:\3jdjp.exec:\3jdjp.exe18⤵
- Executes dropped EXE
-
\??\c:\rrrflrl.exec:\rrrflrl.exe19⤵
- Executes dropped EXE
-
\??\c:\3ttbtb.exec:\3ttbtb.exe20⤵
- Executes dropped EXE
-
\??\c:\9jjpv.exec:\9jjpv.exe21⤵
- Executes dropped EXE
-
\??\c:\3hhbbt.exec:\3hhbbt.exe22⤵
- Executes dropped EXE
-
\??\c:\htnnnn.exec:\htnnnn.exe23⤵
- Executes dropped EXE
-
\??\c:\bthttb.exec:\bthttb.exe24⤵
- Executes dropped EXE
-
\??\c:\vpjjp.exec:\vpjjp.exe25⤵
- Executes dropped EXE
-
\??\c:\rfrxfll.exec:\rfrxfll.exe26⤵
- Executes dropped EXE
-
\??\c:\3vjdv.exec:\3vjdv.exe27⤵
- Executes dropped EXE
-
\??\c:\1hthht.exec:\1hthht.exe28⤵
- Executes dropped EXE
-
\??\c:\tnhhhn.exec:\tnhhhn.exe29⤵
- Executes dropped EXE
-
\??\c:\xfrlrxf.exec:\xfrlrxf.exe30⤵
- Executes dropped EXE
-
\??\c:\bhtbbh.exec:\bhtbbh.exe31⤵
- Executes dropped EXE
-
\??\c:\tnbtbb.exec:\tnbtbb.exe32⤵
- Executes dropped EXE
-
\??\c:\pjdjp.exec:\pjdjp.exe33⤵
- Executes dropped EXE
-
\??\c:\rfffrxr.exec:\rfffrxr.exe34⤵
- Executes dropped EXE
-
\??\c:\bbtthn.exec:\bbtthn.exe35⤵
- Executes dropped EXE
-
\??\c:\7vppv.exec:\7vppv.exe36⤵
- Executes dropped EXE
-
\??\c:\rrlrfll.exec:\rrlrfll.exe37⤵
- Executes dropped EXE
-
\??\c:\ttnnbh.exec:\ttnnbh.exe38⤵
- Executes dropped EXE
-
\??\c:\ddpvp.exec:\ddpvp.exe39⤵
- Executes dropped EXE
-
\??\c:\rrxflfr.exec:\rrxflfr.exe40⤵
- Executes dropped EXE
-
\??\c:\bbbnhb.exec:\bbbnhb.exe41⤵
- Executes dropped EXE
-
\??\c:\jvdpv.exec:\jvdpv.exe42⤵
- Executes dropped EXE
-
\??\c:\rllfxlx.exec:\rllfxlx.exe43⤵
- Executes dropped EXE
-
\??\c:\vppjv.exec:\vppjv.exe44⤵
- Executes dropped EXE
-
\??\c:\ffrlrlx.exec:\ffrlrlx.exe45⤵
- Executes dropped EXE
-
\??\c:\1hhthn.exec:\1hhthn.exe46⤵
- Executes dropped EXE
-
\??\c:\ttnhbt.exec:\ttnhbt.exe47⤵
- Executes dropped EXE
-
\??\c:\djjvj.exec:\djjvj.exe48⤵
- Executes dropped EXE
-
\??\c:\9rxxrlf.exec:\9rxxrlf.exe49⤵
- Executes dropped EXE
-
\??\c:\nnthbn.exec:\nnthbn.exe50⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe51⤵
- Executes dropped EXE
-
\??\c:\lxxrlrf.exec:\lxxrlrf.exe52⤵
- Executes dropped EXE
-
\??\c:\bnnnhb.exec:\bnnnhb.exe53⤵
- Executes dropped EXE
-
\??\c:\pjdjd.exec:\pjdjd.exe54⤵
- Executes dropped EXE
-
\??\c:\lfxrxfr.exec:\lfxrxfr.exe55⤵
- Executes dropped EXE
-
\??\c:\hnnthn.exec:\hnnthn.exe56⤵
- Executes dropped EXE
-
\??\c:\pvppv.exec:\pvppv.exe57⤵
- Executes dropped EXE
-
\??\c:\xxrlxlr.exec:\xxrlxlr.exe58⤵
- Executes dropped EXE
-
\??\c:\vdjvp.exec:\vdjvp.exe59⤵
- Executes dropped EXE
-
\??\c:\9xlrxxf.exec:\9xlrxxf.exe60⤵
- Executes dropped EXE
-
\??\c:\ttbbht.exec:\ttbbht.exe61⤵
- Executes dropped EXE
-
\??\c:\dppdd.exec:\dppdd.exe62⤵
- Executes dropped EXE
-
\??\c:\ffxlxlx.exec:\ffxlxlx.exe63⤵
- Executes dropped EXE
-
\??\c:\nhntbb.exec:\nhntbb.exe64⤵
- Executes dropped EXE
-
\??\c:\jdvjd.exec:\jdvjd.exe65⤵
- Executes dropped EXE
-
\??\c:\xxxfxfx.exec:\xxxfxfx.exe66⤵
-
\??\c:\ttnbnt.exec:\ttnbnt.exe67⤵
-
\??\c:\bthhtb.exec:\bthhtb.exe68⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe69⤵
-
\??\c:\xffxxxl.exec:\xffxxxl.exe70⤵
-
\??\c:\bbbtbn.exec:\bbbtbn.exe71⤵
-
\??\c:\jvpjj.exec:\jvpjj.exe72⤵
-
\??\c:\1vpjj.exec:\1vpjj.exe73⤵
-
\??\c:\9lxlxrx.exec:\9lxlxrx.exe74⤵
-
\??\c:\thhnth.exec:\thhnth.exe75⤵
-
\??\c:\5hbnbh.exec:\5hbnbh.exe76⤵
-
\??\c:\pdjpd.exec:\pdjpd.exe77⤵
-
\??\c:\1frfrlx.exec:\1frfrlx.exe78⤵
-
\??\c:\fllrlrf.exec:\fllrlrf.exe79⤵
-
\??\c:\hnnbnt.exec:\hnnbnt.exe80⤵
-
\??\c:\bhnthn.exec:\bhnthn.exe81⤵
-
\??\c:\vpppd.exec:\vpppd.exe82⤵
-
\??\c:\htbhhb.exec:\htbhhb.exe83⤵
-
\??\c:\tttnnb.exec:\tttnnb.exe84⤵
-
\??\c:\dvpdp.exec:\dvpdp.exe85⤵
-
\??\c:\frlffrf.exec:\frlffrf.exe86⤵
-
\??\c:\tbthtb.exec:\tbthtb.exe87⤵
-
\??\c:\hnthnn.exec:\hnthnn.exe88⤵
-
\??\c:\jpdpj.exec:\jpdpj.exe89⤵
-
\??\c:\xrxllfl.exec:\xrxllfl.exe90⤵
-
\??\c:\7hbntb.exec:\7hbntb.exe91⤵
-
\??\c:\7pdvd.exec:\7pdvd.exe92⤵
-
\??\c:\jdvjv.exec:\jdvjv.exe93⤵
-
\??\c:\flrfrfl.exec:\flrfrfl.exe94⤵
-
\??\c:\1hntbh.exec:\1hntbh.exe95⤵
-
\??\c:\7bnbhn.exec:\7bnbhn.exe96⤵
-
\??\c:\jvjjv.exec:\jvjjv.exe97⤵
-
\??\c:\rxllfrl.exec:\rxllfrl.exe98⤵
-
\??\c:\htbnnb.exec:\htbnnb.exe99⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe100⤵
-
\??\c:\dvdjp.exec:\dvdjp.exe101⤵
-
\??\c:\rfxrlrf.exec:\rfxrlrf.exe102⤵
-
\??\c:\1bttbh.exec:\1bttbh.exe103⤵
-
\??\c:\jddvd.exec:\jddvd.exe104⤵
-
\??\c:\fffxfrf.exec:\fffxfrf.exe105⤵
-
\??\c:\5rrrxfl.exec:\5rrrxfl.exe106⤵
-
\??\c:\3hhtnt.exec:\3hhtnt.exe107⤵
-
\??\c:\vvdvj.exec:\vvdvj.exe108⤵
-
\??\c:\lllxfrr.exec:\lllxfrr.exe109⤵
-
\??\c:\fxxlrxr.exec:\fxxlrxr.exe110⤵
-
\??\c:\bhhtnn.exec:\bhhtnn.exe111⤵
-
\??\c:\pppjd.exec:\pppjd.exe112⤵
-
\??\c:\rlllrfr.exec:\rlllrfr.exe113⤵
-
\??\c:\nhbhtn.exec:\nhbhtn.exe114⤵
-
\??\c:\hhthhh.exec:\hhthhh.exe115⤵
-
\??\c:\vvvpd.exec:\vvvpd.exe116⤵
-
\??\c:\lxfflll.exec:\lxfflll.exe117⤵
-
\??\c:\nhhbhn.exec:\nhhbhn.exe118⤵
-
\??\c:\5pdjv.exec:\5pdjv.exe119⤵
-
\??\c:\lfxrlxr.exec:\lfxrlxr.exe120⤵
-
\??\c:\bhhntt.exec:\bhhntt.exe121⤵
-
\??\c:\hbbnbh.exec:\hbbnbh.exe122⤵
-
\??\c:\5jjjv.exec:\5jjjv.exe123⤵
-
\??\c:\fffrxfx.exec:\fffrxfx.exe124⤵
-
\??\c:\hbtbhn.exec:\hbtbhn.exe125⤵
-
\??\c:\nbtntt.exec:\nbtntt.exe126⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe127⤵
-
\??\c:\5xfllll.exec:\5xfllll.exe128⤵
-
\??\c:\frrrfrf.exec:\frrrfrf.exe129⤵
-
\??\c:\nhhbnn.exec:\nhhbnn.exe130⤵
-
\??\c:\9jppd.exec:\9jppd.exe131⤵
-
\??\c:\ddjdp.exec:\ddjdp.exe132⤵
-
\??\c:\xrxrflf.exec:\xrxrflf.exe133⤵
-
\??\c:\bththn.exec:\bththn.exe134⤵
-
\??\c:\pjjpd.exec:\pjjpd.exe135⤵
-
\??\c:\ppdjp.exec:\ppdjp.exe136⤵
-
\??\c:\7lrlllr.exec:\7lrlllr.exe137⤵
-
\??\c:\hbtbnb.exec:\hbtbnb.exe138⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe139⤵
-
\??\c:\vdjvd.exec:\vdjvd.exe140⤵
-
\??\c:\3xflllx.exec:\3xflllx.exe141⤵
-
\??\c:\tthntn.exec:\tthntn.exe142⤵
-
\??\c:\1ddpv.exec:\1ddpv.exe143⤵
-
\??\c:\rrfflrf.exec:\rrfflrf.exe144⤵
-
\??\c:\1lfxffl.exec:\1lfxffl.exe145⤵
-
\??\c:\hbbbtn.exec:\hbbbtn.exe146⤵
-
\??\c:\3jvdd.exec:\3jvdd.exe147⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe148⤵
-
\??\c:\3xrxxxf.exec:\3xrxxxf.exe149⤵
-
\??\c:\nhtbhh.exec:\nhtbhh.exe150⤵
-
\??\c:\nnhhtb.exec:\nnhhtb.exe151⤵
-
\??\c:\jdpdj.exec:\jdpdj.exe152⤵
-
\??\c:\frrxflf.exec:\frrxflf.exe153⤵
-
\??\c:\1rllrxr.exec:\1rllrxr.exe154⤵
-
\??\c:\btntbb.exec:\btntbb.exe155⤵
-
\??\c:\1vpvp.exec:\1vpvp.exe156⤵
-
\??\c:\flfrflx.exec:\flfrflx.exe157⤵
-
\??\c:\rlffrrr.exec:\rlffrrr.exe158⤵
-
\??\c:\bbbttt.exec:\bbbttt.exe159⤵
-
\??\c:\ppjdp.exec:\ppjdp.exe160⤵
-
\??\c:\rflfllr.exec:\rflfllr.exe161⤵
-
\??\c:\7xrxlxx.exec:\7xrxlxx.exe162⤵
-
\??\c:\ttnhth.exec:\ttnhth.exe163⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe164⤵
-
\??\c:\ppjvd.exec:\ppjvd.exe165⤵
-
\??\c:\llfrxfr.exec:\llfrxfr.exe166⤵
-
\??\c:\hhhtbh.exec:\hhhtbh.exe167⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe168⤵
-
\??\c:\jjpvd.exec:\jjpvd.exe169⤵
-
\??\c:\xlrfrfx.exec:\xlrfrfx.exe170⤵
-
\??\c:\1thhbh.exec:\1thhbh.exe171⤵
-
\??\c:\vvpvj.exec:\vvpvj.exe172⤵
-
\??\c:\3djpp.exec:\3djpp.exe173⤵
-
\??\c:\rfrrxxx.exec:\rfrrxxx.exe174⤵
-
\??\c:\nbnntn.exec:\nbnntn.exe175⤵
-
\??\c:\5nhhnt.exec:\5nhhnt.exe176⤵
-
\??\c:\vppjv.exec:\vppjv.exe177⤵
-
\??\c:\frrffrx.exec:\frrffrx.exe178⤵
-
\??\c:\nhhnbh.exec:\nhhnbh.exe179⤵
-
\??\c:\9dvdj.exec:\9dvdj.exe180⤵
-
\??\c:\1vddj.exec:\1vddj.exe181⤵
-
\??\c:\rrrffxf.exec:\rrrffxf.exe182⤵
-
\??\c:\nhttnt.exec:\nhttnt.exe183⤵
-
\??\c:\1jjvj.exec:\1jjvj.exe184⤵
-
\??\c:\1vvdv.exec:\1vvdv.exe185⤵
-
\??\c:\flffxfr.exec:\flffxfr.exe186⤵
-
\??\c:\thhnbt.exec:\thhnbt.exe187⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe188⤵
-
\??\c:\1jvjj.exec:\1jvjj.exe189⤵
-
\??\c:\rrllflx.exec:\rrllflx.exe190⤵
-
\??\c:\ntntbb.exec:\ntntbb.exe191⤵
-
\??\c:\bbtbnt.exec:\bbtbnt.exe192⤵
-
\??\c:\jjvvv.exec:\jjvvv.exe193⤵
-
\??\c:\1rrxrrx.exec:\1rrxrrx.exe194⤵
-
\??\c:\thhhhh.exec:\thhhhh.exe195⤵
-
\??\c:\bbbnhb.exec:\bbbnhb.exe196⤵
-
\??\c:\pdjpd.exec:\pdjpd.exe197⤵
-
\??\c:\xlflflr.exec:\xlflflr.exe198⤵
-
\??\c:\nttnnb.exec:\nttnnb.exe199⤵
-
\??\c:\tbnhnh.exec:\tbnhnh.exe200⤵
-
\??\c:\vvjdj.exec:\vvjdj.exe201⤵
-
\??\c:\1xlrxfr.exec:\1xlrxfr.exe202⤵
-
\??\c:\rrfrfrr.exec:\rrfrfrr.exe203⤵
-
\??\c:\hhbhtt.exec:\hhbhtt.exe204⤵
-
\??\c:\btnthh.exec:\btnthh.exe205⤵
-
\??\c:\9vddp.exec:\9vddp.exe206⤵
-
\??\c:\fffllxx.exec:\fffllxx.exe207⤵
-
\??\c:\5nhthh.exec:\5nhthh.exe208⤵
-
\??\c:\tnhhtb.exec:\tnhhtb.exe209⤵
-
\??\c:\pjddj.exec:\pjddj.exe210⤵
-
\??\c:\9djpp.exec:\9djpp.exe211⤵
-
\??\c:\3rrlrfx.exec:\3rrlrfx.exe212⤵
-
\??\c:\nhbbnt.exec:\nhbbnt.exe213⤵
-
\??\c:\nnhhnt.exec:\nnhhnt.exe214⤵
-
\??\c:\3jjvj.exec:\3jjvj.exe215⤵
-
\??\c:\3lflfrx.exec:\3lflfrx.exe216⤵
-
\??\c:\5htbht.exec:\5htbht.exe217⤵
-
\??\c:\tthnbb.exec:\tthnbb.exe218⤵
-
\??\c:\jjdpd.exec:\jjdpd.exe219⤵
-
\??\c:\frxrrrl.exec:\frxrrrl.exe220⤵
-
\??\c:\flfxrfr.exec:\flfxrfr.exe221⤵
-
\??\c:\9nhnhh.exec:\9nhnhh.exe222⤵
-
\??\c:\dvppd.exec:\dvppd.exe223⤵
-
\??\c:\djjpv.exec:\djjpv.exe224⤵
-
\??\c:\xrlrfll.exec:\xrlrfll.exe225⤵
-
\??\c:\9hhnnt.exec:\9hhnnt.exe226⤵
-
\??\c:\3jdjp.exec:\3jdjp.exe227⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe228⤵
-
\??\c:\llxxffr.exec:\llxxffr.exe229⤵
-
\??\c:\nnhnhh.exec:\nnhnhh.exe230⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe231⤵
-
\??\c:\jvjvj.exec:\jvjvj.exe232⤵
-
\??\c:\xrlrfrx.exec:\xrlrfrx.exe233⤵
-
\??\c:\hbbnht.exec:\hbbnht.exe234⤵
-
\??\c:\nhhbnb.exec:\nhhbnb.exe235⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe236⤵
-
\??\c:\vjppv.exec:\vjppv.exe237⤵
-
\??\c:\lfxflxr.exec:\lfxflxr.exe238⤵
-
\??\c:\ntnbnt.exec:\ntnbnt.exe239⤵
-
\??\c:\9thbnb.exec:\9thbnb.exe240⤵