Analysis
-
max time kernel
149s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
22-05-2024 02:52
General
-
Target
8cc6ba60710c0f0c9fa897e43038b33186574eadb58ab28070e8eef84fb60670.exe
-
Size
83KB
-
MD5
46c33984021b0e0ed53e9b5038355106
-
SHA1
c69ce2c924128b5751cef0bf1e1f02ed8b2db717
-
SHA256
8cc6ba60710c0f0c9fa897e43038b33186574eadb58ab28070e8eef84fb60670
-
SHA512
01bac8720053b0c699feb86e19518c304ce386ff682de21c72724066dacbb1bb64e5a38bc167a60bbe797b0b71034b09645dbf3a1440f7de9b3e6f18c344f8c2
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73yqKH/KjvHo+WdNP:ymb3NkkiQ3mdBjFo73yX+vI+qx
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
UPX dump on OEP (original entry point) 34 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8cc6ba60710c0f0c9fa897e43038b33186574eadb58ab28070e8eef84fb60670.exe"C:\Users\Admin\AppData\Local\Temp\8cc6ba60710c0f0c9fa897e43038b33186574eadb58ab28070e8eef84fb60670.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\frlxxrl.exec:\frlxxrl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnnbb.exec:\thnnbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxfrx.exec:\xrfxfrx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntntn.exec:\tntntn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjv.exec:\pjdjv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dvpj.exec:\5dvpj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrxrrf.exec:\xrrxrrf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnnbb.exec:\hbnnbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jdjp.exec:\3jdjp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffrxfl.exec:\lffrxfl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhtt.exec:\nhbhtt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bhhnn.exec:\3bhhnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvv.exec:\pjvvv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppvv.exec:\vppvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlxlf.exec:\xrrlxlf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfrxfl.exec:\rlfrxfl.exe17⤵
- Executes dropped EXE
-
\??\c:\bthhnt.exec:\bthhnt.exe18⤵
- Executes dropped EXE
-
\??\c:\dvjpp.exec:\dvjpp.exe19⤵
- Executes dropped EXE
-
\??\c:\fxffllr.exec:\fxffllr.exe20⤵
- Executes dropped EXE
-
\??\c:\5rfxxfl.exec:\5rfxxfl.exe21⤵
- Executes dropped EXE
-
\??\c:\tththn.exec:\tththn.exe22⤵
- Executes dropped EXE
-
\??\c:\pdvdj.exec:\pdvdj.exe23⤵
- Executes dropped EXE
-
\??\c:\dpjpd.exec:\dpjpd.exe24⤵
- Executes dropped EXE
-
\??\c:\frffxrx.exec:\frffxrx.exe25⤵
- Executes dropped EXE
-
\??\c:\hhbbnb.exec:\hhbbnb.exe26⤵
- Executes dropped EXE
-
\??\c:\nbhbnh.exec:\nbhbnh.exe27⤵
- Executes dropped EXE
-
\??\c:\dvjjv.exec:\dvjjv.exe28⤵
- Executes dropped EXE
-
\??\c:\lfrxffr.exec:\lfrxffr.exe29⤵
- Executes dropped EXE
-
\??\c:\bthhhn.exec:\bthhhn.exe30⤵
- Executes dropped EXE
-
\??\c:\3ntnnt.exec:\3ntnnt.exe31⤵
- Executes dropped EXE
-
\??\c:\vpjdj.exec:\vpjdj.exe32⤵
- Executes dropped EXE
-
\??\c:\xlxxlll.exec:\xlxxlll.exe33⤵
- Executes dropped EXE
-
\??\c:\rlrxffl.exec:\rlrxffl.exe34⤵
- Executes dropped EXE
-
\??\c:\tnbbhh.exec:\tnbbhh.exe35⤵
- Executes dropped EXE
-
\??\c:\9ppdv.exec:\9ppdv.exe36⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe37⤵
- Executes dropped EXE
-
\??\c:\7fffllr.exec:\7fffllr.exe38⤵
- Executes dropped EXE
-
\??\c:\lxllrrl.exec:\lxllrrl.exe39⤵
- Executes dropped EXE
-
\??\c:\9btbnn.exec:\9btbnn.exe40⤵
- Executes dropped EXE
-
\??\c:\3hhnbh.exec:\3hhnbh.exe41⤵
- Executes dropped EXE
-
\??\c:\9dppj.exec:\9dppj.exe42⤵
- Executes dropped EXE
-
\??\c:\7dvdd.exec:\7dvdd.exe43⤵
- Executes dropped EXE
-
\??\c:\5pdjv.exec:\5pdjv.exe44⤵
- Executes dropped EXE
-
\??\c:\xrxfllr.exec:\xrxfllr.exe45⤵
- Executes dropped EXE
-
\??\c:\fxrfrlf.exec:\fxrfrlf.exe46⤵
- Executes dropped EXE
-
\??\c:\1thhbb.exec:\1thhbb.exe47⤵
- Executes dropped EXE
-
\??\c:\hthtbb.exec:\hthtbb.exe48⤵
- Executes dropped EXE
-
\??\c:\ppvvd.exec:\ppvvd.exe49⤵
- Executes dropped EXE
-
\??\c:\5pvpp.exec:\5pvpp.exe50⤵
- Executes dropped EXE
-
\??\c:\rrxxfff.exec:\rrxxfff.exe51⤵
- Executes dropped EXE
-
\??\c:\thtthn.exec:\thtthn.exe52⤵
- Executes dropped EXE
-
\??\c:\hbhhhh.exec:\hbhhhh.exe53⤵
- Executes dropped EXE
-
\??\c:\vpjvp.exec:\vpjvp.exe54⤵
- Executes dropped EXE
-
\??\c:\vvvdj.exec:\vvvdj.exe55⤵
- Executes dropped EXE
-
\??\c:\vpdpv.exec:\vpdpv.exe56⤵
- Executes dropped EXE
-
\??\c:\3fxxflx.exec:\3fxxflx.exe57⤵
- Executes dropped EXE
-
\??\c:\bthntt.exec:\bthntt.exe58⤵
- Executes dropped EXE
-
\??\c:\thtthh.exec:\thtthh.exe59⤵
- Executes dropped EXE
-
\??\c:\pdppv.exec:\pdppv.exe60⤵
- Executes dropped EXE
-
\??\c:\ppjjp.exec:\ppjjp.exe61⤵
- Executes dropped EXE
-
\??\c:\fxllrxx.exec:\fxllrxx.exe62⤵
- Executes dropped EXE
-
\??\c:\rlrffrx.exec:\rlrffrx.exe63⤵
- Executes dropped EXE
-
\??\c:\9tbnbh.exec:\9tbnbh.exe64⤵
- Executes dropped EXE
-
\??\c:\tnthnn.exec:\tnthnn.exe65⤵
- Executes dropped EXE
-
\??\c:\vjddj.exec:\vjddj.exe66⤵
-
\??\c:\9vvdp.exec:\9vvdp.exe67⤵
-
\??\c:\1lrlrlr.exec:\1lrlrlr.exe68⤵
-
\??\c:\llllrxx.exec:\llllrxx.exe69⤵
-
\??\c:\3hbhnn.exec:\3hbhnn.exe70⤵
-
\??\c:\nhntbh.exec:\nhntbh.exe71⤵
-
\??\c:\9ddvd.exec:\9ddvd.exe72⤵
-
\??\c:\9dppp.exec:\9dppp.exe73⤵
-
\??\c:\vpjvv.exec:\vpjvv.exe74⤵
-
\??\c:\rlffllx.exec:\rlffllx.exe75⤵
-
\??\c:\frrlxrr.exec:\frrlxrr.exe76⤵
-
\??\c:\hhhnbh.exec:\hhhnbh.exe77⤵
-
\??\c:\1nbbhb.exec:\1nbbhb.exe78⤵
-
\??\c:\9dddj.exec:\9dddj.exe79⤵
-
\??\c:\1vdjj.exec:\1vdjj.exe80⤵
-
\??\c:\1lflrrx.exec:\1lflrrx.exe81⤵
-
\??\c:\7rrlfrl.exec:\7rrlfrl.exe82⤵
-
\??\c:\nbhhnh.exec:\nbhhnh.exe83⤵
-
\??\c:\btnbtb.exec:\btnbtb.exe84⤵
-
\??\c:\jjpjp.exec:\jjpjp.exe85⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe86⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe87⤵
-
\??\c:\llxffrx.exec:\llxffrx.exe88⤵
-
\??\c:\1fxxxxl.exec:\1fxxxxl.exe89⤵
-
\??\c:\5bntbt.exec:\5bntbt.exe90⤵
-
\??\c:\thnhtt.exec:\thnhtt.exe91⤵
-
\??\c:\5dvdj.exec:\5dvdj.exe92⤵
-
\??\c:\jddvj.exec:\jddvj.exe93⤵
-
\??\c:\xrlfrlr.exec:\xrlfrlr.exe94⤵
-
\??\c:\3fxfllr.exec:\3fxfllr.exe95⤵
-
\??\c:\tnthnt.exec:\tnthnt.exe96⤵
-
\??\c:\9thtbb.exec:\9thtbb.exe97⤵
-
\??\c:\vjppv.exec:\vjppv.exe98⤵
-
\??\c:\dpddd.exec:\dpddd.exe99⤵
-
\??\c:\llffllx.exec:\llffllx.exe100⤵
-
\??\c:\rlxxlrr.exec:\rlxxlrr.exe101⤵
-
\??\c:\5nbhnn.exec:\5nbhnn.exe102⤵
-
\??\c:\nbbbhh.exec:\nbbbhh.exe103⤵
-
\??\c:\btnntn.exec:\btnntn.exe104⤵
-
\??\c:\5vvdj.exec:\5vvdj.exe105⤵
-
\??\c:\dpddd.exec:\dpddd.exe106⤵
-
\??\c:\rrrxflx.exec:\rrrxflx.exe107⤵
-
\??\c:\rlxxffl.exec:\rlxxffl.exe108⤵
-
\??\c:\hthhtn.exec:\hthhtn.exe109⤵
-
\??\c:\bthhtt.exec:\bthhtt.exe110⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe111⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe112⤵
-
\??\c:\lrflxxf.exec:\lrflxxf.exe113⤵
-
\??\c:\thtnnn.exec:\thtnnn.exe114⤵
-
\??\c:\7htnbb.exec:\7htnbb.exe115⤵
-
\??\c:\dpvdd.exec:\dpvdd.exe116⤵
-
\??\c:\pjppv.exec:\pjppv.exe117⤵
-
\??\c:\1xxrfll.exec:\1xxrfll.exe118⤵
-
\??\c:\5rxfrrf.exec:\5rxfrrf.exe119⤵
-
\??\c:\9bhhnn.exec:\9bhhnn.exe120⤵
-
\??\c:\bthntt.exec:\bthntt.exe121⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe122⤵
-
\??\c:\1vjvj.exec:\1vjvj.exe123⤵
-
\??\c:\lfxxxxr.exec:\lfxxxxr.exe124⤵
-
\??\c:\xlrxrll.exec:\xlrxrll.exe125⤵
-
\??\c:\hthntt.exec:\hthntt.exe126⤵
-
\??\c:\bthnbt.exec:\bthnbt.exe127⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe128⤵
-
\??\c:\jddjj.exec:\jddjj.exe129⤵
-
\??\c:\lffflfl.exec:\lffflfl.exe130⤵
-
\??\c:\rlxfllr.exec:\rlxfllr.exe131⤵
-
\??\c:\btntnn.exec:\btntnn.exe132⤵
-
\??\c:\htttbb.exec:\htttbb.exe133⤵
-
\??\c:\9vdvp.exec:\9vdvp.exe134⤵
-
\??\c:\vjvvj.exec:\vjvvj.exe135⤵
-
\??\c:\lxllllr.exec:\lxllllr.exe136⤵
-
\??\c:\xrxfrxl.exec:\xrxfrxl.exe137⤵
-
\??\c:\hbnttt.exec:\hbnttt.exe138⤵
-
\??\c:\bnbbnn.exec:\bnbbnn.exe139⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe140⤵
-
\??\c:\vvddp.exec:\vvddp.exe141⤵
-
\??\c:\lffflfl.exec:\lffflfl.exe142⤵
-
\??\c:\1lxflxf.exec:\1lxflxf.exe143⤵
-
\??\c:\5hnhbt.exec:\5hnhbt.exe144⤵
-
\??\c:\hbnntb.exec:\hbnntb.exe145⤵
-
\??\c:\vpdvd.exec:\vpdvd.exe146⤵
-
\??\c:\ppjpv.exec:\ppjpv.exe147⤵
-
\??\c:\1rlrffr.exec:\1rlrffr.exe148⤵
-
\??\c:\7rlrrxf.exec:\7rlrrxf.exe149⤵
-
\??\c:\btnhnh.exec:\btnhnh.exe150⤵
-
\??\c:\5tntbb.exec:\5tntbb.exe151⤵
-
\??\c:\5jvpp.exec:\5jvpp.exe152⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe153⤵
-
\??\c:\rrxrxxf.exec:\rrxrxxf.exe154⤵
-
\??\c:\5lflrlx.exec:\5lflrlx.exe155⤵
-
\??\c:\nhnbtn.exec:\nhnbtn.exe156⤵
-
\??\c:\nhbnth.exec:\nhbnth.exe157⤵
-
\??\c:\btnbtb.exec:\btnbtb.exe158⤵
-
\??\c:\vppjp.exec:\vppjp.exe159⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe160⤵
-
\??\c:\9fflxlr.exec:\9fflxlr.exe161⤵
-
\??\c:\hbnntt.exec:\hbnntt.exe162⤵
-
\??\c:\9nhhhn.exec:\9nhhhn.exe163⤵
-
\??\c:\jddvd.exec:\jddvd.exe164⤵
-
\??\c:\djvdp.exec:\djvdp.exe165⤵
-
\??\c:\1xrlrrx.exec:\1xrlrrx.exe166⤵
-
\??\c:\frrxffx.exec:\frrxffx.exe167⤵
-
\??\c:\hbnbbt.exec:\hbnbbt.exe168⤵
-
\??\c:\hbhthh.exec:\hbhthh.exe169⤵
-
\??\c:\9dvvd.exec:\9dvvd.exe170⤵
-
\??\c:\3jdjv.exec:\3jdjv.exe171⤵
-
\??\c:\lxllllr.exec:\lxllllr.exe172⤵
-
\??\c:\fffllxx.exec:\fffllxx.exe173⤵
-
\??\c:\5nbbnh.exec:\5nbbnh.exe174⤵
-
\??\c:\tnbhnt.exec:\tnbhnt.exe175⤵
-
\??\c:\3jjjj.exec:\3jjjj.exe176⤵
-
\??\c:\vvvvv.exec:\vvvvv.exe177⤵
-
\??\c:\ffrxxrx.exec:\ffrxxrx.exe178⤵
-
\??\c:\lxrxxxf.exec:\lxrxxxf.exe179⤵
-
\??\c:\7tntbh.exec:\7tntbh.exe180⤵
-
\??\c:\hthnbb.exec:\hthnbb.exe181⤵
-
\??\c:\1ppvv.exec:\1ppvv.exe182⤵
-
\??\c:\vpppp.exec:\vpppp.exe183⤵
-
\??\c:\ffllxxf.exec:\ffllxxf.exe184⤵
-
\??\c:\rlrfrxl.exec:\rlrfrxl.exe185⤵
-
\??\c:\1btbhh.exec:\1btbhh.exe186⤵
-
\??\c:\tnhttb.exec:\tnhttb.exe187⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe188⤵
-
\??\c:\7jddd.exec:\7jddd.exe189⤵
-
\??\c:\xffxrlx.exec:\xffxrlx.exe190⤵
-
\??\c:\9xflffx.exec:\9xflffx.exe191⤵
-
\??\c:\nbnhhb.exec:\nbnhhb.exe192⤵
-
\??\c:\hhtthn.exec:\hhtthn.exe193⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe194⤵
-
\??\c:\9lxrxxx.exec:\9lxrxxx.exe195⤵
-
\??\c:\xxxfrxr.exec:\xxxfrxr.exe196⤵
-
\??\c:\thtthh.exec:\thtthh.exe197⤵
-
\??\c:\thbbhn.exec:\thbbhn.exe198⤵
-
\??\c:\jjvdj.exec:\jjvdj.exe199⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe200⤵
-
\??\c:\ppdpd.exec:\ppdpd.exe201⤵
-
\??\c:\9fxflrx.exec:\9fxflrx.exe202⤵
-
\??\c:\hbbhnt.exec:\hbbhnt.exe203⤵
-
\??\c:\5tttbb.exec:\5tttbb.exe204⤵
-
\??\c:\9vppd.exec:\9vppd.exe205⤵
-
\??\c:\dpddj.exec:\dpddj.exe206⤵
-
\??\c:\1xrrrrx.exec:\1xrrrrx.exe207⤵
-
\??\c:\5xrlrrx.exec:\5xrlrrx.exe208⤵
-
\??\c:\5bnbhb.exec:\5bnbhb.exe209⤵
-
\??\c:\htnttb.exec:\htnttb.exe210⤵
-
\??\c:\9jjdp.exec:\9jjdp.exe211⤵
-
\??\c:\pjddp.exec:\pjddp.exe212⤵
-
\??\c:\9xrxxxf.exec:\9xrxxxf.exe213⤵
-
\??\c:\lfrrxff.exec:\lfrrxff.exe214⤵
-
\??\c:\tthhhh.exec:\tthhhh.exe215⤵
-
\??\c:\bhhbtn.exec:\bhhbtn.exe216⤵
-
\??\c:\dpvvj.exec:\dpvvj.exe217⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe218⤵
-
\??\c:\rlrrffl.exec:\rlrrffl.exe219⤵
-
\??\c:\5lfrxrf.exec:\5lfrxrf.exe220⤵
-
\??\c:\5thhnn.exec:\5thhnn.exe221⤵
-
\??\c:\7nttbt.exec:\7nttbt.exe222⤵
-
\??\c:\vjdjd.exec:\vjdjd.exe223⤵
-
\??\c:\3ddvp.exec:\3ddvp.exe224⤵
-
\??\c:\xlrxllr.exec:\xlrxllr.exe225⤵
-
\??\c:\frxfrrx.exec:\frxfrrx.exe226⤵
-
\??\c:\thtthb.exec:\thtthb.exe227⤵
-
\??\c:\nhhntb.exec:\nhhntb.exe228⤵
-
\??\c:\5vjdj.exec:\5vjdj.exe229⤵
-
\??\c:\1vvdj.exec:\1vvdj.exe230⤵
-
\??\c:\rlrrxff.exec:\rlrrxff.exe231⤵
-
\??\c:\xrllrrl.exec:\xrllrrl.exe232⤵
-
\??\c:\tnbbnh.exec:\tnbbnh.exe233⤵
-
\??\c:\nhbhbh.exec:\nhbhbh.exe234⤵
-
\??\c:\vjdjp.exec:\vjdjp.exe235⤵
-
\??\c:\5ppvd.exec:\5ppvd.exe236⤵
-
\??\c:\7fflxxf.exec:\7fflxxf.exe237⤵
-
\??\c:\xrfflxf.exec:\xrfflxf.exe238⤵
-
\??\c:\9nttbb.exec:\9nttbb.exe239⤵
-
\??\c:\thnntb.exec:\thnntb.exe240⤵