Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
22-05-2024 02:52
General
-
Target
8cc6ba60710c0f0c9fa897e43038b33186574eadb58ab28070e8eef84fb60670.exe
-
Size
83KB
-
MD5
46c33984021b0e0ed53e9b5038355106
-
SHA1
c69ce2c924128b5751cef0bf1e1f02ed8b2db717
-
SHA256
8cc6ba60710c0f0c9fa897e43038b33186574eadb58ab28070e8eef84fb60670
-
SHA512
01bac8720053b0c699feb86e19518c304ce386ff682de21c72724066dacbb1bb64e5a38bc167a60bbe797b0b71034b09645dbf3a1440f7de9b3e6f18c344f8c2
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73yqKH/KjvHo+WdNP:ymb3NkkiQ3mdBjFo73yX+vI+qx
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 30 IoCs
-
UPX dump on OEP (original entry point) 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8cc6ba60710c0f0c9fa897e43038b33186574eadb58ab28070e8eef84fb60670.exe"C:\Users\Admin\AppData\Local\Temp\8cc6ba60710c0f0c9fa897e43038b33186574eadb58ab28070e8eef84fb60670.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3xlxrrl.exec:\3xlxrrl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhnh.exec:\nhnhnh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddp.exec:\jdddp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dpjp.exec:\3dpjp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdpv.exec:\dpdpv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pjpd.exec:\1pjpd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjvp.exec:\jdjvp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9flxrlx.exec:\9flxrlx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfxxrr.exec:\frfxxrr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbbtt.exec:\nbbbtt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpdj.exec:\vjpdj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxlfrf.exec:\lfxlfrf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tthbt.exec:\7tthbt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhbhb.exec:\nnhbhb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdp.exec:\vjjdp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvdj.exec:\ppvdj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrfxl.exec:\rxxrfxl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bhhbb.exec:\9bhhbb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbbnt.exec:\ttbbnt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvv.exec:\dvdvv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrfff.exec:\fxxrfff.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntnhn.exec:\tntnhn.exe23⤵
- Executes dropped EXE
-
\??\c:\hnnbtn.exec:\hnnbtn.exe24⤵
- Executes dropped EXE
-
\??\c:\vpvpd.exec:\vpvpd.exe25⤵
- Executes dropped EXE
-
\??\c:\fxlxffx.exec:\fxlxffx.exe26⤵
- Executes dropped EXE
-
\??\c:\fxrlxrl.exec:\fxrlxrl.exe27⤵
- Executes dropped EXE
-
\??\c:\bttbbb.exec:\bttbbb.exe28⤵
- Executes dropped EXE
-
\??\c:\lfxrrrl.exec:\lfxrrrl.exe29⤵
- Executes dropped EXE
-
\??\c:\bntntn.exec:\bntntn.exe30⤵
- Executes dropped EXE
-
\??\c:\pjpjv.exec:\pjpjv.exe31⤵
- Executes dropped EXE
-
\??\c:\rflfrlf.exec:\rflfrlf.exe32⤵
- Executes dropped EXE
-
\??\c:\xxrrlrl.exec:\xxrrlrl.exe33⤵
- Executes dropped EXE
-
\??\c:\9bbthn.exec:\9bbthn.exe34⤵
- Executes dropped EXE
-
\??\c:\pppjv.exec:\pppjv.exe35⤵
- Executes dropped EXE
-
\??\c:\9vvpd.exec:\9vvpd.exe36⤵
- Executes dropped EXE
-
\??\c:\rfffxxr.exec:\rfffxxr.exe37⤵
- Executes dropped EXE
-
\??\c:\nhnnnt.exec:\nhnnnt.exe38⤵
- Executes dropped EXE
-
\??\c:\9bhbnh.exec:\9bhbnh.exe39⤵
- Executes dropped EXE
-
\??\c:\5jpdj.exec:\5jpdj.exe40⤵
- Executes dropped EXE
-
\??\c:\1djpj.exec:\1djpj.exe41⤵
- Executes dropped EXE
-
\??\c:\frfxlfl.exec:\frfxlfl.exe42⤵
- Executes dropped EXE
-
\??\c:\rxrlxrl.exec:\rxrlxrl.exe43⤵
- Executes dropped EXE
-
\??\c:\tnhbtn.exec:\tnhbtn.exe44⤵
- Executes dropped EXE
-
\??\c:\tbtnbb.exec:\tbtnbb.exe45⤵
- Executes dropped EXE
-
\??\c:\hbbbtt.exec:\hbbbtt.exe46⤵
- Executes dropped EXE
-
\??\c:\pjpvj.exec:\pjpvj.exe47⤵
- Executes dropped EXE
-
\??\c:\jvdpj.exec:\jvdpj.exe48⤵
- Executes dropped EXE
-
\??\c:\xfrlfxr.exec:\xfrlfxr.exe49⤵
- Executes dropped EXE
-
\??\c:\rfrlfxr.exec:\rfrlfxr.exe50⤵
- Executes dropped EXE
-
\??\c:\btbbht.exec:\btbbht.exe51⤵
- Executes dropped EXE
-
\??\c:\ntbthh.exec:\ntbthh.exe52⤵
- Executes dropped EXE
-
\??\c:\1pvpv.exec:\1pvpv.exe53⤵
- Executes dropped EXE
-
\??\c:\vjjpd.exec:\vjjpd.exe54⤵
- Executes dropped EXE
-
\??\c:\5ddpj.exec:\5ddpj.exe55⤵
- Executes dropped EXE
-
\??\c:\lffrllf.exec:\lffrllf.exe56⤵
- Executes dropped EXE
-
\??\c:\rllllll.exec:\rllllll.exe57⤵
- Executes dropped EXE
-
\??\c:\ntbtnh.exec:\ntbtnh.exe58⤵
- Executes dropped EXE
-
\??\c:\5nnhnt.exec:\5nnhnt.exe59⤵
- Executes dropped EXE
-
\??\c:\dppjd.exec:\dppjd.exe60⤵
- Executes dropped EXE
-
\??\c:\jddvj.exec:\jddvj.exe61⤵
- Executes dropped EXE
-
\??\c:\lxxlxxr.exec:\lxxlxxr.exe62⤵
- Executes dropped EXE
-
\??\c:\3rrlffx.exec:\3rrlffx.exe63⤵
- Executes dropped EXE
-
\??\c:\nbbtnn.exec:\nbbtnn.exe64⤵
- Executes dropped EXE
-
\??\c:\jvvpd.exec:\jvvpd.exe65⤵
- Executes dropped EXE
-
\??\c:\vjjjp.exec:\vjjjp.exe66⤵
-
\??\c:\lllffxx.exec:\lllffxx.exe67⤵
-
\??\c:\nnnnhn.exec:\nnnnhn.exe68⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe69⤵
-
\??\c:\pjvpd.exec:\pjvpd.exe70⤵
-
\??\c:\ffxrlfx.exec:\ffxrlfx.exe71⤵
-
\??\c:\5nthbt.exec:\5nthbt.exe72⤵
-
\??\c:\1bhthh.exec:\1bhthh.exe73⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe74⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe75⤵
-
\??\c:\fxrrfrf.exec:\fxrrfrf.exe76⤵
-
\??\c:\frrlxrl.exec:\frrlxrl.exe77⤵
-
\??\c:\1bhbnn.exec:\1bhbnn.exe78⤵
-
\??\c:\bhnhbt.exec:\bhnhbt.exe79⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe80⤵
-
\??\c:\djppj.exec:\djppj.exe81⤵
-
\??\c:\frxlfxl.exec:\frxlfxl.exe82⤵
-
\??\c:\lxxlflx.exec:\lxxlflx.exe83⤵
-
\??\c:\tthttn.exec:\tthttn.exe84⤵
-
\??\c:\vjjjj.exec:\vjjjj.exe85⤵
-
\??\c:\pjvjv.exec:\pjvjv.exe86⤵
-
\??\c:\3rlrlfx.exec:\3rlrlfx.exe87⤵
-
\??\c:\7llfxrl.exec:\7llfxrl.exe88⤵
-
\??\c:\7thntn.exec:\7thntn.exe89⤵
-
\??\c:\pdvpv.exec:\pdvpv.exe90⤵
-
\??\c:\lrxrflf.exec:\lrxrflf.exe91⤵
-
\??\c:\3tbbtn.exec:\3tbbtn.exe92⤵
-
\??\c:\9hnbnb.exec:\9hnbnb.exe93⤵
-
\??\c:\dppjv.exec:\dppjv.exe94⤵
-
\??\c:\7flxrrr.exec:\7flxrrr.exe95⤵
-
\??\c:\rxrlfxl.exec:\rxrlfxl.exe96⤵
-
\??\c:\htbtnh.exec:\htbtnh.exe97⤵
-
\??\c:\nbbnhb.exec:\nbbnhb.exe98⤵
-
\??\c:\ddjdv.exec:\ddjdv.exe99⤵
-
\??\c:\dppdp.exec:\dppdp.exe100⤵
-
\??\c:\llffxxr.exec:\llffxxr.exe101⤵
-
\??\c:\hhhbtt.exec:\hhhbtt.exe102⤵
-
\??\c:\hbbbnn.exec:\hbbbnn.exe103⤵
-
\??\c:\nbbthh.exec:\nbbthh.exe104⤵
-
\??\c:\7pdvp.exec:\7pdvp.exe105⤵
-
\??\c:\jvjdd.exec:\jvjdd.exe106⤵
-
\??\c:\xllfrrl.exec:\xllfrrl.exe107⤵
-
\??\c:\xllfxxr.exec:\xllfxxr.exe108⤵
-
\??\c:\tttnnh.exec:\tttnnh.exe109⤵
-
\??\c:\nhnhbn.exec:\nhnhbn.exe110⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe111⤵
-
\??\c:\xxxrffx.exec:\xxxrffx.exe112⤵
-
\??\c:\tnhhbb.exec:\tnhhbb.exe113⤵
-
\??\c:\bhhbnn.exec:\bhhbnn.exe114⤵
-
\??\c:\jpdvp.exec:\jpdvp.exe115⤵
-
\??\c:\9vjdp.exec:\9vjdp.exe116⤵
-
\??\c:\jjvpd.exec:\jjvpd.exe117⤵
-
\??\c:\fxxrrll.exec:\fxxrrll.exe118⤵
-
\??\c:\9xfrllx.exec:\9xfrllx.exe119⤵
-
\??\c:\hbhhbt.exec:\hbhhbt.exe120⤵
-
\??\c:\nnnnbt.exec:\nnnnbt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-