Analysis
-
max time kernel
149s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
22-05-2024 02:52
General
-
Target
8cc6ba60710c0f0c9fa897e43038b33186574eadb58ab28070e8eef84fb60670.exe
-
Size
83KB
-
MD5
46c33984021b0e0ed53e9b5038355106
-
SHA1
c69ce2c924128b5751cef0bf1e1f02ed8b2db717
-
SHA256
8cc6ba60710c0f0c9fa897e43038b33186574eadb58ab28070e8eef84fb60670
-
SHA512
01bac8720053b0c699feb86e19518c304ce386ff682de21c72724066dacbb1bb64e5a38bc167a60bbe797b0b71034b09645dbf3a1440f7de9b3e6f18c344f8c2
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73yqKH/KjvHo+WdNP:ymb3NkkiQ3mdBjFo73yX+vI+qx
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
UPX dump on OEP (original entry point) 34 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8cc6ba60710c0f0c9fa897e43038b33186574eadb58ab28070e8eef84fb60670.exe"C:\Users\Admin\AppData\Local\Temp\8cc6ba60710c0f0c9fa897e43038b33186574eadb58ab28070e8eef84fb60670.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\frlxxrl.exec:\frlxxrl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnnbb.exec:\thnnbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxfrx.exec:\xrfxfrx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntntn.exec:\tntntn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjv.exec:\pjdjv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dvpj.exec:\5dvpj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrxrrf.exec:\xrrxrrf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnnbb.exec:\hbnnbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jdjp.exec:\3jdjp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffrxfl.exec:\lffrxfl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhtt.exec:\nhbhtt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bhhnn.exec:\3bhhnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvv.exec:\pjvvv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppvv.exec:\vppvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlxlf.exec:\xrrlxlf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfrxfl.exec:\rlfrxfl.exe17⤵
- Executes dropped EXE
-
\??\c:\bthhnt.exec:\bthhnt.exe18⤵
- Executes dropped EXE
-
\??\c:\dvjpp.exec:\dvjpp.exe19⤵
- Executes dropped EXE
-
\??\c:\fxffllr.exec:\fxffllr.exe20⤵
- Executes dropped EXE
-
\??\c:\5rfxxfl.exec:\5rfxxfl.exe21⤵
- Executes dropped EXE
-
\??\c:\tththn.exec:\tththn.exe22⤵
- Executes dropped EXE
-
\??\c:\pdvdj.exec:\pdvdj.exe23⤵
- Executes dropped EXE
-
\??\c:\dpjpd.exec:\dpjpd.exe24⤵
- Executes dropped EXE
-
\??\c:\frffxrx.exec:\frffxrx.exe25⤵
- Executes dropped EXE
-
\??\c:\hhbbnb.exec:\hhbbnb.exe26⤵
- Executes dropped EXE
-
\??\c:\nbhbnh.exec:\nbhbnh.exe27⤵
- Executes dropped EXE
-
\??\c:\dvjjv.exec:\dvjjv.exe28⤵
- Executes dropped EXE
-
\??\c:\lfrxffr.exec:\lfrxffr.exe29⤵
- Executes dropped EXE
-
\??\c:\bthhhn.exec:\bthhhn.exe30⤵
- Executes dropped EXE
-
\??\c:\3ntnnt.exec:\3ntnnt.exe31⤵
- Executes dropped EXE
-
\??\c:\vpjdj.exec:\vpjdj.exe32⤵
- Executes dropped EXE
-
\??\c:\xlxxlll.exec:\xlxxlll.exe33⤵
- Executes dropped EXE
-
\??\c:\rlrxffl.exec:\rlrxffl.exe34⤵
- Executes dropped EXE
-
\??\c:\tnbbhh.exec:\tnbbhh.exe35⤵
- Executes dropped EXE
-
\??\c:\9ppdv.exec:\9ppdv.exe36⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe37⤵
- Executes dropped EXE
-
\??\c:\7fffllr.exec:\7fffllr.exe38⤵
- Executes dropped EXE
-
\??\c:\lxllrrl.exec:\lxllrrl.exe39⤵
- Executes dropped EXE
-
\??\c:\9btbnn.exec:\9btbnn.exe40⤵
- Executes dropped EXE
-
\??\c:\3hhnbh.exec:\3hhnbh.exe41⤵
- Executes dropped EXE
-
\??\c:\9dppj.exec:\9dppj.exe42⤵
- Executes dropped EXE
-
\??\c:\7dvdd.exec:\7dvdd.exe43⤵
- Executes dropped EXE
-
\??\c:\5pdjv.exec:\5pdjv.exe44⤵
- Executes dropped EXE
-
\??\c:\xrxfllr.exec:\xrxfllr.exe45⤵
- Executes dropped EXE
-
\??\c:\fxrfrlf.exec:\fxrfrlf.exe46⤵
- Executes dropped EXE
-
\??\c:\1thhbb.exec:\1thhbb.exe47⤵
- Executes dropped EXE
-
\??\c:\hthtbb.exec:\hthtbb.exe48⤵
- Executes dropped EXE
-
\??\c:\ppvvd.exec:\ppvvd.exe49⤵
- Executes dropped EXE
-
\??\c:\5pvpp.exec:\5pvpp.exe50⤵
- Executes dropped EXE
-
\??\c:\rrxxfff.exec:\rrxxfff.exe51⤵
- Executes dropped EXE
-
\??\c:\thtthn.exec:\thtthn.exe52⤵
- Executes dropped EXE
-
\??\c:\hbhhhh.exec:\hbhhhh.exe53⤵
- Executes dropped EXE
-
\??\c:\vpjvp.exec:\vpjvp.exe54⤵
- Executes dropped EXE
-
\??\c:\vvvdj.exec:\vvvdj.exe55⤵
- Executes dropped EXE
-
\??\c:\vpdpv.exec:\vpdpv.exe56⤵
- Executes dropped EXE
-
\??\c:\3fxxflx.exec:\3fxxflx.exe57⤵
- Executes dropped EXE
-
\??\c:\bthntt.exec:\bthntt.exe58⤵
- Executes dropped EXE
-
\??\c:\thtthh.exec:\thtthh.exe59⤵
- Executes dropped EXE
-
\??\c:\pdppv.exec:\pdppv.exe60⤵
- Executes dropped EXE
-
\??\c:\ppjjp.exec:\ppjjp.exe61⤵
- Executes dropped EXE
-
\??\c:\fxllrxx.exec:\fxllrxx.exe62⤵
- Executes dropped EXE
-
\??\c:\rlrffrx.exec:\rlrffrx.exe63⤵
- Executes dropped EXE
-
\??\c:\9tbnbh.exec:\9tbnbh.exe64⤵
- Executes dropped EXE
-
\??\c:\tnthnn.exec:\tnthnn.exe65⤵
- Executes dropped EXE
-
\??\c:\vjddj.exec:\vjddj.exe66⤵
-
\??\c:\9vvdp.exec:\9vvdp.exe67⤵
-
\??\c:\1lrlrlr.exec:\1lrlrlr.exe68⤵
-
\??\c:\llllrxx.exec:\llllrxx.exe69⤵
-
\??\c:\3hbhnn.exec:\3hbhnn.exe70⤵
-
\??\c:\nhntbh.exec:\nhntbh.exe71⤵
-
\??\c:\9ddvd.exec:\9ddvd.exe72⤵
-
\??\c:\9dppp.exec:\9dppp.exe73⤵
-
\??\c:\vpjvv.exec:\vpjvv.exe74⤵
-
\??\c:\rlffllx.exec:\rlffllx.exe75⤵
-
\??\c:\frrlxrr.exec:\frrlxrr.exe76⤵
-
\??\c:\hhhnbh.exec:\hhhnbh.exe77⤵
-
\??\c:\1nbbhb.exec:\1nbbhb.exe78⤵
-
\??\c:\9dddj.exec:\9dddj.exe79⤵
-
\??\c:\1vdjj.exec:\1vdjj.exe80⤵
-
\??\c:\1lflrrx.exec:\1lflrrx.exe81⤵
-
\??\c:\7rrlfrl.exec:\7rrlfrl.exe82⤵
-
\??\c:\nbhhnh.exec:\nbhhnh.exe83⤵
-
\??\c:\btnbtb.exec:\btnbtb.exe84⤵
-
\??\c:\jjpjp.exec:\jjpjp.exe85⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe86⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe87⤵
-
\??\c:\llxffrx.exec:\llxffrx.exe88⤵
-
\??\c:\1fxxxxl.exec:\1fxxxxl.exe89⤵
-
\??\c:\5bntbt.exec:\5bntbt.exe90⤵
-
\??\c:\thnhtt.exec:\thnhtt.exe91⤵
-
\??\c:\5dvdj.exec:\5dvdj.exe92⤵
-
\??\c:\jddvj.exec:\jddvj.exe93⤵
-
\??\c:\xrlfrlr.exec:\xrlfrlr.exe94⤵
-
\??\c:\3fxfllr.exec:\3fxfllr.exe95⤵
-
\??\c:\tnthnt.exec:\tnthnt.exe96⤵
-
\??\c:\9thtbb.exec:\9thtbb.exe97⤵
-
\??\c:\vjppv.exec:\vjppv.exe98⤵
-
\??\c:\dpddd.exec:\dpddd.exe99⤵
-
\??\c:\llffllx.exec:\llffllx.exe100⤵
-
\??\c:\rlxxlrr.exec:\rlxxlrr.exe101⤵
-
\??\c:\5nbhnn.exec:\5nbhnn.exe102⤵
-
\??\c:\nbbbhh.exec:\nbbbhh.exe103⤵
-
\??\c:\btnntn.exec:\btnntn.exe104⤵
-
\??\c:\5vvdj.exec:\5vvdj.exe105⤵
-
\??\c:\dpddd.exec:\dpddd.exe106⤵
-
\??\c:\rrrxflx.exec:\rrrxflx.exe107⤵
-
\??\c:\rlxxffl.exec:\rlxxffl.exe108⤵
-
\??\c:\hthhtn.exec:\hthhtn.exe109⤵
-
\??\c:\bthhtt.exec:\bthhtt.exe110⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe111⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe112⤵
-
\??\c:\lrflxxf.exec:\lrflxxf.exe113⤵
-
\??\c:\thtnnn.exec:\thtnnn.exe114⤵
-
\??\c:\7htnbb.exec:\7htnbb.exe115⤵
-
\??\c:\dpvdd.exec:\dpvdd.exe116⤵
-
\??\c:\pjppv.exec:\pjppv.exe117⤵
-
\??\c:\1xxrfll.exec:\1xxrfll.exe118⤵
-
\??\c:\5rxfrrf.exec:\5rxfrrf.exe119⤵
-
\??\c:\9bhhnn.exec:\9bhhnn.exe120⤵
-
\??\c:\bthntt.exec:\bthntt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-