Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
22-05-2024 04:36
General
-
Target
a4c7fb57c07d3a6c5b13607391434e69a20a8e2065f5f98ec81c5f11ef316298.exe
-
Size
89KB
-
MD5
5714d433daa99f8f622feb98c0607887
-
SHA1
d8821a5b0747aeea054c77a9d1ee68f787edb08d
-
SHA256
a4c7fb57c07d3a6c5b13607391434e69a20a8e2065f5f98ec81c5f11ef316298
-
SHA512
52e41f09b316aa70e1f4d22f6f3e6c9708814e6a85c93695b95c878d2e9576432f0e367818f066457a78ff605cf0f660b19d94264dd8f8430663fd4cbfb7df8c
-
SSDEEP
1536:cvQBeOGtrYS3srx93UBWfwC6Ggnouy8mVeygryFU2li0gx4EBbhnyLFW+q:chOmTsF93UYfwC6GIoutieyhC2lbgGiH
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 40 IoCs
-
UPX dump on OEP (original entry point) 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a4c7fb57c07d3a6c5b13607391434e69a20a8e2065f5f98ec81c5f11ef316298.exe"C:\Users\Admin\AppData\Local\Temp\a4c7fb57c07d3a6c5b13607391434e69a20a8e2065f5f98ec81c5f11ef316298.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjp.exec:\dvjjp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxfxx.exec:\xrxxfxx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nhnbh.exec:\3nhnbh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvjd.exec:\jdvjd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dvdj.exec:\1dvdj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xxflrx.exec:\3xxflrx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthhbh.exec:\tthhbh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvdj.exec:\jdvdj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrfffl.exec:\ffrfffl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbbht.exec:\hhbbht.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhhhb.exec:\bnhhhb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvvp.exec:\jdvvp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppddj.exec:\ppddj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxxxx.exec:\xrfxxxx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnhtt.exec:\bbnhtt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5djpd.exec:\5djpd.exe17⤵
- Executes dropped EXE
-
\??\c:\pjdjp.exec:\pjdjp.exe18⤵
- Executes dropped EXE
-
\??\c:\xlxxfxf.exec:\xlxxfxf.exe19⤵
- Executes dropped EXE
-
\??\c:\btbbbh.exec:\btbbbh.exe20⤵
- Executes dropped EXE
-
\??\c:\vjvpv.exec:\vjvpv.exe21⤵
- Executes dropped EXE
-
\??\c:\jvjpd.exec:\jvjpd.exe22⤵
- Executes dropped EXE
-
\??\c:\frfxxrx.exec:\frfxxrx.exe23⤵
- Executes dropped EXE
-
\??\c:\bthntb.exec:\bthntb.exe24⤵
- Executes dropped EXE
-
\??\c:\9nhhtt.exec:\9nhhtt.exe25⤵
- Executes dropped EXE
-
\??\c:\jvpdj.exec:\jvpdj.exe26⤵
- Executes dropped EXE
-
\??\c:\9pvpp.exec:\9pvpp.exe27⤵
- Executes dropped EXE
-
\??\c:\xxrrlfx.exec:\xxrrlfx.exe28⤵
- Executes dropped EXE
-
\??\c:\nbnnbb.exec:\nbnnbb.exe29⤵
- Executes dropped EXE
-
\??\c:\jvdvd.exec:\jvdvd.exe30⤵
- Executes dropped EXE
-
\??\c:\dpdjp.exec:\dpdjp.exe31⤵
- Executes dropped EXE
-
\??\c:\lflrrxx.exec:\lflrrxx.exe32⤵
- Executes dropped EXE
-
\??\c:\9hhntb.exec:\9hhntb.exe33⤵
- Executes dropped EXE
-
\??\c:\hbntbt.exec:\hbntbt.exe34⤵
- Executes dropped EXE
-
\??\c:\vpddd.exec:\vpddd.exe35⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe36⤵
- Executes dropped EXE
-
\??\c:\ffrrflr.exec:\ffrrflr.exe37⤵
- Executes dropped EXE
-
\??\c:\xlrxxxf.exec:\xlrxxxf.exe38⤵
- Executes dropped EXE
-
\??\c:\hbnnbt.exec:\hbnnbt.exe39⤵
- Executes dropped EXE
-
\??\c:\3nthnn.exec:\3nthnn.exe40⤵
- Executes dropped EXE
-
\??\c:\dpddd.exec:\dpddd.exe41⤵
- Executes dropped EXE
-
\??\c:\9lfllff.exec:\9lfllff.exe42⤵
- Executes dropped EXE
-
\??\c:\lxxxfxx.exec:\lxxxfxx.exe43⤵
- Executes dropped EXE
-
\??\c:\bthhbb.exec:\bthhbb.exe44⤵
- Executes dropped EXE
-
\??\c:\nhnntt.exec:\nhnntt.exe45⤵
- Executes dropped EXE
-
\??\c:\vpddd.exec:\vpddd.exe46⤵
- Executes dropped EXE
-
\??\c:\jvjjp.exec:\jvjjp.exe47⤵
- Executes dropped EXE
-
\??\c:\5rrxxfr.exec:\5rrxxfr.exe48⤵
- Executes dropped EXE
-
\??\c:\xxlfrrr.exec:\xxlfrrr.exe49⤵
- Executes dropped EXE
-
\??\c:\7rllrll.exec:\7rllrll.exe50⤵
- Executes dropped EXE
-
\??\c:\tnbhtb.exec:\tnbhtb.exe51⤵
- Executes dropped EXE
-
\??\c:\bntnnn.exec:\bntnnn.exe52⤵
- Executes dropped EXE
-
\??\c:\dvdjp.exec:\dvdjp.exe53⤵
- Executes dropped EXE
-
\??\c:\9djpv.exec:\9djpv.exe54⤵
- Executes dropped EXE
-
\??\c:\frlffxx.exec:\frlffxx.exe55⤵
- Executes dropped EXE
-
\??\c:\fxfflrr.exec:\fxfflrr.exe56⤵
- Executes dropped EXE
-
\??\c:\1bthnn.exec:\1bthnn.exe57⤵
- Executes dropped EXE
-
\??\c:\9nhntt.exec:\9nhntt.exe58⤵
- Executes dropped EXE
-
\??\c:\7vjdj.exec:\7vjdj.exe59⤵
- Executes dropped EXE
-
\??\c:\vpjjp.exec:\vpjjp.exe60⤵
- Executes dropped EXE
-
\??\c:\7xfrxxf.exec:\7xfrxxf.exe61⤵
- Executes dropped EXE
-
\??\c:\lfxfflr.exec:\lfxfflr.exe62⤵
- Executes dropped EXE
-
\??\c:\nbtbbt.exec:\nbtbbt.exe63⤵
- Executes dropped EXE
-
\??\c:\rlxxxxx.exec:\rlxxxxx.exe64⤵
- Executes dropped EXE
-
\??\c:\llllxfr.exec:\llllxfr.exe65⤵
- Executes dropped EXE
-
\??\c:\tbbtnb.exec:\tbbtnb.exe66⤵
-
\??\c:\nnhntb.exec:\nnhntb.exe67⤵
-
\??\c:\jvjpv.exec:\jvjpv.exe68⤵
-
\??\c:\jjdpv.exec:\jjdpv.exe69⤵
-
\??\c:\fxllrrl.exec:\fxllrrl.exe70⤵
-
\??\c:\3fxxlrf.exec:\3fxxlrf.exe71⤵
-
\??\c:\ttntbn.exec:\ttntbn.exe72⤵
-
\??\c:\bththh.exec:\bththh.exe73⤵
-
\??\c:\dvjvj.exec:\dvjvj.exe74⤵
-
\??\c:\pjppv.exec:\pjppv.exe75⤵
-
\??\c:\lflrrrr.exec:\lflrrrr.exe76⤵
-
\??\c:\llfllrx.exec:\llfllrx.exe77⤵
-
\??\c:\nnhbhn.exec:\nnhbhn.exe78⤵
-
\??\c:\9hntbn.exec:\9hntbn.exe79⤵
-
\??\c:\vjpvp.exec:\vjpvp.exe80⤵
-
\??\c:\dpddj.exec:\dpddj.exe81⤵
-
\??\c:\xrllllx.exec:\xrllllx.exe82⤵
-
\??\c:\3fxflrx.exec:\3fxflrx.exe83⤵
-
\??\c:\3xrrxfl.exec:\3xrrxfl.exe84⤵
-
\??\c:\nhnhhh.exec:\nhnhhh.exe85⤵
-
\??\c:\hbhttt.exec:\hbhttt.exe86⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe87⤵
-
\??\c:\vjdvv.exec:\vjdvv.exe88⤵
-
\??\c:\1lfrrxx.exec:\1lfrrxx.exe89⤵
-
\??\c:\frxfrxf.exec:\frxfrxf.exe90⤵
-
\??\c:\tnnntn.exec:\tnnntn.exe91⤵
-
\??\c:\9ttbtn.exec:\9ttbtn.exe92⤵
-
\??\c:\jdpdv.exec:\jdpdv.exe93⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe94⤵
-
\??\c:\7jppv.exec:\7jppv.exe95⤵
-
\??\c:\lfxfllx.exec:\lfxfllx.exe96⤵
-
\??\c:\3frxfll.exec:\3frxfll.exe97⤵
-
\??\c:\3flllll.exec:\3flllll.exe98⤵
-
\??\c:\nhtbnt.exec:\nhtbnt.exe99⤵
-
\??\c:\3nhntn.exec:\3nhntn.exe100⤵
-
\??\c:\ppdpd.exec:\ppdpd.exe101⤵
-
\??\c:\vjjjj.exec:\vjjjj.exe102⤵
-
\??\c:\rfffxxf.exec:\rfffxxf.exe103⤵
-
\??\c:\frflllf.exec:\frflllf.exe104⤵
-
\??\c:\tnthnn.exec:\tnthnn.exe105⤵
-
\??\c:\5bbttt.exec:\5bbttt.exe106⤵
-
\??\c:\tnbtnt.exec:\tnbtnt.exe107⤵
-
\??\c:\dpppj.exec:\dpppj.exe108⤵
-
\??\c:\pdppj.exec:\pdppj.exe109⤵
-
\??\c:\5rllrrr.exec:\5rllrrr.exe110⤵
-
\??\c:\rfrxxll.exec:\rfrxxll.exe111⤵
-
\??\c:\tnbbbt.exec:\tnbbbt.exe112⤵
-
\??\c:\7bbntb.exec:\7bbntb.exe113⤵
-
\??\c:\5pvvv.exec:\5pvvv.exe114⤵
-
\??\c:\5jvvp.exec:\5jvvp.exe115⤵
-
\??\c:\lxlffff.exec:\lxlffff.exe116⤵
-
\??\c:\lfxlxxl.exec:\lfxlxxl.exe117⤵
-
\??\c:\bbhnnt.exec:\bbhnnt.exe118⤵
-
\??\c:\9hhbnt.exec:\9hhbnt.exe119⤵
-
\??\c:\nbhbhb.exec:\nbhbhb.exe120⤵
-
\??\c:\vjppp.exec:\vjppp.exe121⤵
-
\??\c:\pdjjj.exec:\pdjjj.exe122⤵
-
\??\c:\xflfxrr.exec:\xflfxrr.exe123⤵
-
\??\c:\5rfxlfl.exec:\5rfxlfl.exe124⤵
-
\??\c:\bhtbnt.exec:\bhtbnt.exe125⤵
-
\??\c:\hbbthn.exec:\hbbthn.exe126⤵
-
\??\c:\vjvpv.exec:\vjvpv.exe127⤵
-
\??\c:\jvvdd.exec:\jvvdd.exe128⤵
-
\??\c:\xlrxffl.exec:\xlrxffl.exe129⤵
-
\??\c:\7rlrxxf.exec:\7rlrxxf.exe130⤵
-
\??\c:\bbtnbh.exec:\bbtnbh.exe131⤵
-
\??\c:\3bnbbt.exec:\3bnbbt.exe132⤵
-
\??\c:\7dvvv.exec:\7dvvv.exe133⤵
-
\??\c:\vpjjj.exec:\vpjjj.exe134⤵
-
\??\c:\lxffxxx.exec:\lxffxxx.exe135⤵
-
\??\c:\frrrxxf.exec:\frrrxxf.exe136⤵
-
\??\c:\5btbnt.exec:\5btbnt.exe137⤵
-
\??\c:\thtthh.exec:\thtthh.exe138⤵
-
\??\c:\tnnhhb.exec:\tnnhhb.exe139⤵
-
\??\c:\jdppv.exec:\jdppv.exe140⤵
-
\??\c:\xlrrrrx.exec:\xlrrrrx.exe141⤵
-
\??\c:\fxrxflr.exec:\fxrxflr.exe142⤵
-
\??\c:\nhbhnn.exec:\nhbhnn.exe143⤵
-
\??\c:\btbhhn.exec:\btbhhn.exe144⤵
-
\??\c:\7vddj.exec:\7vddj.exe145⤵
-
\??\c:\1jpjd.exec:\1jpjd.exe146⤵
-
\??\c:\3rlflff.exec:\3rlflff.exe147⤵
-
\??\c:\rlxxxxx.exec:\rlxxxxx.exe148⤵
-
\??\c:\9hnttn.exec:\9hnttn.exe149⤵
-
\??\c:\5htnnn.exec:\5htnnn.exe150⤵
-
\??\c:\pjddp.exec:\pjddp.exe151⤵
-
\??\c:\7dppv.exec:\7dppv.exe152⤵
-
\??\c:\9frxfll.exec:\9frxfll.exe153⤵
-
\??\c:\3fxllll.exec:\3fxllll.exe154⤵
-
\??\c:\bbhhnn.exec:\bbhhnn.exe155⤵
-
\??\c:\bttbbt.exec:\bttbbt.exe156⤵
-
\??\c:\vjpdp.exec:\vjpdp.exe157⤵
-
\??\c:\dpjjj.exec:\dpjjj.exe158⤵
-
\??\c:\9jdpv.exec:\9jdpv.exe159⤵
-
\??\c:\fxlrrlr.exec:\fxlrrlr.exe160⤵
-
\??\c:\frlxxxf.exec:\frlxxxf.exe161⤵
-
\??\c:\bttbhh.exec:\bttbhh.exe162⤵
-
\??\c:\nbnnbb.exec:\nbnnbb.exe163⤵
-
\??\c:\1jvpp.exec:\1jvpp.exe164⤵
-
\??\c:\jvjdj.exec:\jvjdj.exe165⤵
-
\??\c:\rfrlrrx.exec:\rfrlrrx.exe166⤵
-
\??\c:\1lfxxxx.exec:\1lfxxxx.exe167⤵
-
\??\c:\tnhhtt.exec:\tnhhtt.exe168⤵
-
\??\c:\tnbtbh.exec:\tnbtbh.exe169⤵
-
\??\c:\9jvdd.exec:\9jvdd.exe170⤵
-
\??\c:\vpjdj.exec:\vpjdj.exe171⤵
-
\??\c:\7lfffrr.exec:\7lfffrr.exe172⤵
-
\??\c:\fxffflr.exec:\fxffflr.exe173⤵
-
\??\c:\bntttt.exec:\bntttt.exe174⤵
-
\??\c:\hbttth.exec:\hbttth.exe175⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe176⤵
-
\??\c:\vvjjj.exec:\vvjjj.exe177⤵
-
\??\c:\jdjpp.exec:\jdjpp.exe178⤵
-
\??\c:\lrrrxxf.exec:\lrrrxxf.exe179⤵
-
\??\c:\5xllxxx.exec:\5xllxxx.exe180⤵
-
\??\c:\3tnttt.exec:\3tnttt.exe181⤵
-
\??\c:\9bhhnt.exec:\9bhhnt.exe182⤵
-
\??\c:\jvvvv.exec:\jvvvv.exe183⤵
-
\??\c:\5jdjj.exec:\5jdjj.exe184⤵
-
\??\c:\lflfxxf.exec:\lflfxxf.exe185⤵
-
\??\c:\5flllfl.exec:\5flllfl.exe186⤵
-
\??\c:\7tnthb.exec:\7tnthb.exe187⤵
-
\??\c:\tbttnt.exec:\tbttnt.exe188⤵
-
\??\c:\jvjpp.exec:\jvjpp.exe189⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe190⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe191⤵
-
\??\c:\7fxfllr.exec:\7fxfllr.exe192⤵
-
\??\c:\5lxrxxl.exec:\5lxrxxl.exe193⤵
-
\??\c:\btbbnt.exec:\btbbnt.exe194⤵
-
\??\c:\tnthnn.exec:\tnthnn.exe195⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe196⤵
-
\??\c:\1pjpv.exec:\1pjpv.exe197⤵
-
\??\c:\xrlflfl.exec:\xrlflfl.exe198⤵
-
\??\c:\lfrflxl.exec:\lfrflxl.exe199⤵
-
\??\c:\tthhnt.exec:\tthhnt.exe200⤵
-
\??\c:\1jpvv.exec:\1jpvv.exe201⤵
-
\??\c:\5jjdj.exec:\5jjdj.exe202⤵
-
\??\c:\7rfxlll.exec:\7rfxlll.exe203⤵
-
\??\c:\7xfflrx.exec:\7xfflrx.exe204⤵
-
\??\c:\bthtbt.exec:\bthtbt.exe205⤵
-
\??\c:\9nhhhh.exec:\9nhhhh.exe206⤵
-
\??\c:\jdjdj.exec:\jdjdj.exe207⤵
-
\??\c:\jdppv.exec:\jdppv.exe208⤵
-
\??\c:\dpdvj.exec:\dpdvj.exe209⤵
-
\??\c:\frxfrrf.exec:\frxfrrf.exe210⤵
-
\??\c:\nhnnhh.exec:\nhnnhh.exe211⤵
-
\??\c:\vddpj.exec:\vddpj.exe212⤵
-
\??\c:\jddvj.exec:\jddvj.exe213⤵
-
\??\c:\lfrxrrr.exec:\lfrxrrr.exe214⤵
-
\??\c:\7rrrffr.exec:\7rrrffr.exe215⤵
-
\??\c:\9hthhb.exec:\9hthhb.exe216⤵
-
\??\c:\nbtnnn.exec:\nbtnnn.exe217⤵
-
\??\c:\9vdpv.exec:\9vdpv.exe218⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe219⤵
-
\??\c:\fxfrllx.exec:\fxfrllx.exe220⤵
-
\??\c:\9lxfrrx.exec:\9lxfrrx.exe221⤵
-
\??\c:\9nbntb.exec:\9nbntb.exe222⤵
-
\??\c:\1hhhtb.exec:\1hhhtb.exe223⤵
-
\??\c:\3jpvv.exec:\3jpvv.exe224⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe225⤵
-
\??\c:\xrrrrlr.exec:\xrrrrlr.exe226⤵
-
\??\c:\9nbhnn.exec:\9nbhnn.exe227⤵
-
\??\c:\nbnhtn.exec:\nbnhtn.exe228⤵
-
\??\c:\thtthh.exec:\thtthh.exe229⤵
-
\??\c:\pppvj.exec:\pppvj.exe230⤵
-
\??\c:\5fxxfll.exec:\5fxxfll.exe231⤵
-
\??\c:\rllrrxl.exec:\rllrrxl.exe232⤵
-
\??\c:\ffxlflr.exec:\ffxlflr.exe233⤵
-
\??\c:\hbnhhh.exec:\hbnhhh.exe234⤵
-
\??\c:\tnbbtb.exec:\tnbbtb.exe235⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe236⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe237⤵
-
\??\c:\xllrxfl.exec:\xllrxfl.exe238⤵
-
\??\c:\lfrrxff.exec:\lfrrxff.exe239⤵
-
\??\c:\ntnhht.exec:\ntnhht.exe240⤵