Analysis
-
max time kernel
149s -
max time network
113s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
22-05-2024 04:36
General
-
Target
a4c7fb57c07d3a6c5b13607391434e69a20a8e2065f5f98ec81c5f11ef316298.exe
-
Size
89KB
-
MD5
5714d433daa99f8f622feb98c0607887
-
SHA1
d8821a5b0747aeea054c77a9d1ee68f787edb08d
-
SHA256
a4c7fb57c07d3a6c5b13607391434e69a20a8e2065f5f98ec81c5f11ef316298
-
SHA512
52e41f09b316aa70e1f4d22f6f3e6c9708814e6a85c93695b95c878d2e9576432f0e367818f066457a78ff605cf0f660b19d94264dd8f8430663fd4cbfb7df8c
-
SSDEEP
1536:cvQBeOGtrYS3srx93UBWfwC6Ggnouy8mVeygryFU2li0gx4EBbhnyLFW+q:chOmTsF93UYfwC6GIoutieyhC2lbgGiH
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
UPX dump on OEP (original entry point) 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a4c7fb57c07d3a6c5b13607391434e69a20a8e2065f5f98ec81c5f11ef316298.exe"C:\Users\Admin\AppData\Local\Temp\a4c7fb57c07d3a6c5b13607391434e69a20a8e2065f5f98ec81c5f11ef316298.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xllxxrl.exec:\xllxxrl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnntnh.exec:\tnntnh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbtbn.exec:\ttbtbn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpvp.exec:\djpvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflxrlf.exec:\rflxrlf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhttnh.exec:\bhttnh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvjv.exec:\ddvjv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjjv.exec:\ddjjv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxrlfx.exec:\llxrlfx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrllxxl.exec:\xrllxxl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbtn.exec:\hhhbtn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvj.exec:\dvdvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfxfff.exec:\xxfxfff.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflxfxl.exec:\fflxfxl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvpd.exec:\pjvpd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fllfrl.exec:\1fllfrl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbbbn.exec:\ttbbbn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtnbt.exec:\nbtnbt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjjv.exec:\jpjjv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvv.exec:\vpdvv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflfrlf.exec:\fflfrlf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthnth.exec:\hthnth.exe23⤵
- Executes dropped EXE
-
\??\c:\jjdpd.exec:\jjdpd.exe24⤵
- Executes dropped EXE
-
\??\c:\pjvpj.exec:\pjvpj.exe25⤵
- Executes dropped EXE
-
\??\c:\xrllfrl.exec:\xrllfrl.exe26⤵
- Executes dropped EXE
-
\??\c:\btbthb.exec:\btbthb.exe27⤵
- Executes dropped EXE
-
\??\c:\vpjdp.exec:\vpjdp.exe28⤵
- Executes dropped EXE
-
\??\c:\jppdp.exec:\jppdp.exe29⤵
- Executes dropped EXE
-
\??\c:\fffllfx.exec:\fffllfx.exe30⤵
- Executes dropped EXE
-
\??\c:\5fffxrl.exec:\5fffxrl.exe31⤵
- Executes dropped EXE
-
\??\c:\tttnhh.exec:\tttnhh.exe32⤵
- Executes dropped EXE
-
\??\c:\pdvpd.exec:\pdvpd.exe33⤵
- Executes dropped EXE
-
\??\c:\frlfrll.exec:\frlfrll.exe34⤵
- Executes dropped EXE
-
\??\c:\bhhbnh.exec:\bhhbnh.exe35⤵
- Executes dropped EXE
-
\??\c:\nbhbnn.exec:\nbhbnn.exe36⤵
- Executes dropped EXE
-
\??\c:\vpdpp.exec:\vpdpp.exe37⤵
- Executes dropped EXE
-
\??\c:\ffxlfxr.exec:\ffxlfxr.exe38⤵
- Executes dropped EXE
-
\??\c:\rlfxlfx.exec:\rlfxlfx.exe39⤵
- Executes dropped EXE
-
\??\c:\ttnnhn.exec:\ttnnhn.exe40⤵
- Executes dropped EXE
-
\??\c:\bhhbnh.exec:\bhhbnh.exe41⤵
- Executes dropped EXE
-
\??\c:\vjvjp.exec:\vjvjp.exe42⤵
- Executes dropped EXE
-
\??\c:\frrlrff.exec:\frrlrff.exe43⤵
- Executes dropped EXE
-
\??\c:\rllflff.exec:\rllflff.exe44⤵
- Executes dropped EXE
-
\??\c:\5hbtnn.exec:\5hbtnn.exe45⤵
- Executes dropped EXE
-
\??\c:\nhnhbt.exec:\nhnhbt.exe46⤵
- Executes dropped EXE
-
\??\c:\jjvvp.exec:\jjvvp.exe47⤵
- Executes dropped EXE
-
\??\c:\rxxrrlr.exec:\rxxrrlr.exe48⤵
- Executes dropped EXE
-
\??\c:\lrxxxrr.exec:\lrxxxrr.exe49⤵
- Executes dropped EXE
-
\??\c:\tnttnt.exec:\tnttnt.exe50⤵
- Executes dropped EXE
-
\??\c:\vpjvj.exec:\vpjvj.exe51⤵
- Executes dropped EXE
-
\??\c:\jdvjv.exec:\jdvjv.exe52⤵
- Executes dropped EXE
-
\??\c:\fxllxrx.exec:\fxllxrx.exe53⤵
- Executes dropped EXE
-
\??\c:\9lfrlrl.exec:\9lfrlrl.exe54⤵
- Executes dropped EXE
-
\??\c:\5nnhhb.exec:\5nnhhb.exe55⤵
- Executes dropped EXE
-
\??\c:\thbtnh.exec:\thbtnh.exe56⤵
- Executes dropped EXE
-
\??\c:\pddvj.exec:\pddvj.exe57⤵
- Executes dropped EXE
-
\??\c:\pvdvp.exec:\pvdvp.exe58⤵
- Executes dropped EXE
-
\??\c:\fxrrfxr.exec:\fxrrfxr.exe59⤵
- Executes dropped EXE
-
\??\c:\bbtnhh.exec:\bbtnhh.exe60⤵
- Executes dropped EXE
-
\??\c:\htnhtt.exec:\htnhtt.exe61⤵
- Executes dropped EXE
-
\??\c:\vpvvp.exec:\vpvvp.exe62⤵
- Executes dropped EXE
-
\??\c:\vjdvp.exec:\vjdvp.exe63⤵
- Executes dropped EXE
-
\??\c:\7dvvj.exec:\7dvvj.exe64⤵
- Executes dropped EXE
-
\??\c:\flrrlrx.exec:\flrrlrx.exe65⤵
- Executes dropped EXE
-
\??\c:\vpvvd.exec:\vpvvd.exe66⤵
-
\??\c:\lllfrrl.exec:\lllfrrl.exe67⤵
-
\??\c:\9llfxrl.exec:\9llfxrl.exe68⤵
-
\??\c:\bnhttb.exec:\bnhttb.exe69⤵
-
\??\c:\hbbnbt.exec:\hbbnbt.exe70⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe71⤵
-
\??\c:\pvpjd.exec:\pvpjd.exe72⤵
-
\??\c:\1fllxrl.exec:\1fllxrl.exe73⤵
-
\??\c:\hbbtnt.exec:\hbbtnt.exe74⤵
-
\??\c:\ppvvj.exec:\ppvvj.exe75⤵
-
\??\c:\pdppv.exec:\pdppv.exe76⤵
-
\??\c:\fxrfrll.exec:\fxrfrll.exe77⤵
-
\??\c:\rfrrrlr.exec:\rfrrrlr.exe78⤵
-
\??\c:\1hbthb.exec:\1hbthb.exe79⤵
-
\??\c:\hnnhbb.exec:\hnnhbb.exe80⤵
-
\??\c:\dddvp.exec:\dddvp.exe81⤵
-
\??\c:\rlxrfxx.exec:\rlxrfxx.exe82⤵
-
\??\c:\nbttnh.exec:\nbttnh.exe83⤵
-
\??\c:\btnbnn.exec:\btnbnn.exe84⤵
-
\??\c:\djpvp.exec:\djpvp.exe85⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe86⤵
-
\??\c:\rfxrffr.exec:\rfxrffr.exe87⤵
-
\??\c:\1llfxff.exec:\1llfxff.exe88⤵
-
\??\c:\btbbtn.exec:\btbbtn.exe89⤵
-
\??\c:\9pjdj.exec:\9pjdj.exe90⤵
-
\??\c:\lxlxfff.exec:\lxlxfff.exe91⤵
-
\??\c:\9flxfxl.exec:\9flxfxl.exe92⤵
-
\??\c:\bbhhbb.exec:\bbhhbb.exe93⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe94⤵
-
\??\c:\djppd.exec:\djppd.exe95⤵
-
\??\c:\lxxxrrl.exec:\lxxxrrl.exe96⤵
-
\??\c:\bbnnnn.exec:\bbnnnn.exe97⤵
-
\??\c:\htbbbb.exec:\htbbbb.exe98⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe99⤵
-
\??\c:\dddvv.exec:\dddvv.exe100⤵
-
\??\c:\xrxlfxx.exec:\xrxlfxx.exe101⤵
-
\??\c:\fxffxrl.exec:\fxffxrl.exe102⤵
-
\??\c:\1ntntn.exec:\1ntntn.exe103⤵
-
\??\c:\dppvp.exec:\dppvp.exe104⤵
-
\??\c:\vddvp.exec:\vddvp.exe105⤵
-
\??\c:\1xrlffr.exec:\1xrlffr.exe106⤵
-
\??\c:\7nhbtn.exec:\7nhbtn.exe107⤵
-
\??\c:\vdddv.exec:\vdddv.exe108⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe109⤵
-
\??\c:\lfrrflf.exec:\lfrrflf.exe110⤵
-
\??\c:\lflfxxx.exec:\lflfxxx.exe111⤵
-
\??\c:\ntttnn.exec:\ntttnn.exe112⤵
-
\??\c:\nttbtt.exec:\nttbtt.exe113⤵
-
\??\c:\5jdvp.exec:\5jdvp.exe114⤵
-
\??\c:\rxfxrlx.exec:\rxfxrlx.exe115⤵
-
\??\c:\rlrlfrl.exec:\rlrlfrl.exe116⤵
-
\??\c:\nnnnnn.exec:\nnnnnn.exe117⤵
-
\??\c:\bhhbnh.exec:\bhhbnh.exe118⤵
-
\??\c:\jpvjd.exec:\jpvjd.exe119⤵
-
\??\c:\5jvpp.exec:\5jvpp.exe120⤵
-
\??\c:\3xffxrl.exec:\3xffxrl.exe121⤵
-
\??\c:\rxfllrr.exec:\rxfllrr.exe122⤵
-
\??\c:\9hhnhh.exec:\9hhnhh.exe123⤵
-
\??\c:\5thhbn.exec:\5thhbn.exe124⤵
-
\??\c:\9vvpj.exec:\9vvpj.exe125⤵
-
\??\c:\vpddv.exec:\vpddv.exe126⤵
-
\??\c:\lffrllf.exec:\lffrllf.exe127⤵
-
\??\c:\htnhtn.exec:\htnhtn.exe128⤵
-
\??\c:\tbthbn.exec:\tbthbn.exe129⤵
-
\??\c:\llrflfr.exec:\llrflfr.exe130⤵
-
\??\c:\nbttnn.exec:\nbttnn.exe131⤵
-
\??\c:\hnbthh.exec:\hnbthh.exe132⤵
-
\??\c:\vjpvv.exec:\vjpvv.exe133⤵
-
\??\c:\pjjvj.exec:\pjjvj.exe134⤵
-
\??\c:\lrxlxlr.exec:\lrxlxlr.exe135⤵
-
\??\c:\btnnnn.exec:\btnnnn.exe136⤵
-
\??\c:\tnbtnn.exec:\tnbtnn.exe137⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe138⤵
-
\??\c:\jddvj.exec:\jddvj.exe139⤵
-
\??\c:\xlfxlfx.exec:\xlfxlfx.exe140⤵
-
\??\c:\flrflfx.exec:\flrflfx.exe141⤵
-
\??\c:\nnhhtn.exec:\nnhhtn.exe142⤵
-
\??\c:\5tnnhh.exec:\5tnnhh.exe143⤵
-
\??\c:\jvjdp.exec:\jvjdp.exe144⤵
-
\??\c:\7pppd.exec:\7pppd.exe145⤵
-
\??\c:\flrlfxr.exec:\flrlfxr.exe146⤵
-
\??\c:\xfxrlfx.exec:\xfxrlfx.exe147⤵
-
\??\c:\ttnnhh.exec:\ttnnhh.exe148⤵
-
\??\c:\bnhthb.exec:\bnhthb.exe149⤵
-
\??\c:\3pjvj.exec:\3pjvj.exe150⤵
-
\??\c:\rfxrrrr.exec:\rfxrrrr.exe151⤵
-
\??\c:\rxxxxrr.exec:\rxxxxrr.exe152⤵
-
\??\c:\ntnntt.exec:\ntnntt.exe153⤵
-
\??\c:\vppjd.exec:\vppjd.exe154⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe155⤵
-
\??\c:\pjpjv.exec:\pjpjv.exe156⤵
-
\??\c:\fxflxrr.exec:\fxflxrr.exe157⤵
-
\??\c:\bnthbb.exec:\bnthbb.exe158⤵
-
\??\c:\bhnhtt.exec:\bhnhtt.exe159⤵
-
\??\c:\djdpj.exec:\djdpj.exe160⤵
-
\??\c:\3djvj.exec:\3djvj.exe161⤵
-
\??\c:\9ffxrrf.exec:\9ffxrrf.exe162⤵
-
\??\c:\1nnhhb.exec:\1nnhhb.exe163⤵
-
\??\c:\ppjpj.exec:\ppjpj.exe164⤵
-
\??\c:\rrrllff.exec:\rrrllff.exe165⤵
-
\??\c:\lrfxfxr.exec:\lrfxfxr.exe166⤵
-
\??\c:\bbnhhh.exec:\bbnhhh.exe167⤵
-
\??\c:\jvdpv.exec:\jvdpv.exe168⤵
-
\??\c:\pvdvp.exec:\pvdvp.exe169⤵
-
\??\c:\3htnnn.exec:\3htnnn.exe170⤵
-
\??\c:\thhtnh.exec:\thhtnh.exe171⤵
-
\??\c:\jpdvj.exec:\jpdvj.exe172⤵
-
\??\c:\rlrfrfx.exec:\rlrfrfx.exe173⤵
-
\??\c:\xrlfrlf.exec:\xrlfrlf.exe174⤵
-
\??\c:\lrffxrl.exec:\lrffxrl.exe175⤵
-
\??\c:\thhtnn.exec:\thhtnn.exe176⤵
-
\??\c:\9djpp.exec:\9djpp.exe177⤵
-
\??\c:\pddpp.exec:\pddpp.exe178⤵
-
\??\c:\rffffrx.exec:\rffffrx.exe179⤵
-
\??\c:\fflrlrf.exec:\fflrlrf.exe180⤵
-
\??\c:\1bbhbt.exec:\1bbhbt.exe181⤵
-
\??\c:\hnnnhh.exec:\hnnnhh.exe182⤵
-
\??\c:\vddvj.exec:\vddvj.exe183⤵
-
\??\c:\9jdvj.exec:\9jdvj.exe184⤵
-
\??\c:\xlxrrlr.exec:\xlxrrlr.exe185⤵
-
\??\c:\xffxrrl.exec:\xffxrrl.exe186⤵
-
\??\c:\hnnhbh.exec:\hnnhbh.exe187⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe188⤵
-
\??\c:\jpjjv.exec:\jpjjv.exe189⤵
-
\??\c:\xlxlffr.exec:\xlxlffr.exe190⤵
-
\??\c:\bhnnhh.exec:\bhnnhh.exe191⤵
-
\??\c:\1ddvj.exec:\1ddvj.exe192⤵
-
\??\c:\jvvjj.exec:\jvvjj.exe193⤵
-
\??\c:\lfrlfxr.exec:\lfrlfxr.exe194⤵
-
\??\c:\lxrlfxx.exec:\lxrlfxx.exe195⤵
-
\??\c:\tnbtnh.exec:\tnbtnh.exe196⤵
-
\??\c:\bhhbbt.exec:\bhhbbt.exe197⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe198⤵
-
\??\c:\9pdvp.exec:\9pdvp.exe199⤵
-
\??\c:\xlfrfxr.exec:\xlfrfxr.exe200⤵
-
\??\c:\xlfxrrl.exec:\xlfxrrl.exe201⤵
-
\??\c:\tbttnh.exec:\tbttnh.exe202⤵
-
\??\c:\vdvpd.exec:\vdvpd.exe203⤵
-
\??\c:\jvddj.exec:\jvddj.exe204⤵
-
\??\c:\frlfllx.exec:\frlfllx.exe205⤵
-
\??\c:\frxlrfl.exec:\frxlrfl.exe206⤵
-
\??\c:\nhnhbt.exec:\nhnhbt.exe207⤵
-
\??\c:\ntnhtn.exec:\ntnhtn.exe208⤵
-
\??\c:\tbbnbt.exec:\tbbnbt.exe209⤵
-
\??\c:\vjdvp.exec:\vjdvp.exe210⤵
-
\??\c:\dppjv.exec:\dppjv.exe211⤵
-
\??\c:\frxllxf.exec:\frxllxf.exe212⤵
-
\??\c:\hthtbb.exec:\hthtbb.exe213⤵
-
\??\c:\nnhnhb.exec:\nnhnhb.exe214⤵
-
\??\c:\vjdvj.exec:\vjdvj.exe215⤵
-
\??\c:\djjvv.exec:\djjvv.exe216⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe217⤵
-
\??\c:\xfxrfxx.exec:\xfxrfxx.exe218⤵
-
\??\c:\nhnhbb.exec:\nhnhbb.exe219⤵
-
\??\c:\tnnbnh.exec:\tnnbnh.exe220⤵
-
\??\c:\9ddvv.exec:\9ddvv.exe221⤵
-
\??\c:\dvvjp.exec:\dvvjp.exe222⤵
-
\??\c:\9ffxlrl.exec:\9ffxlrl.exe223⤵
-
\??\c:\rxxxrrl.exec:\rxxxrrl.exe224⤵
-
\??\c:\7nbbnh.exec:\7nbbnh.exe225⤵
-
\??\c:\bnhbnn.exec:\bnhbnn.exe226⤵
-
\??\c:\dppjv.exec:\dppjv.exe227⤵
-
\??\c:\7jjvj.exec:\7jjvj.exe228⤵
-
\??\c:\lffxllf.exec:\lffxllf.exe229⤵
-
\??\c:\xxrxrlf.exec:\xxrxrlf.exe230⤵
-
\??\c:\bnbthh.exec:\bnbthh.exe231⤵
-
\??\c:\tnbttn.exec:\tnbttn.exe232⤵
-
\??\c:\jpjdv.exec:\jpjdv.exe233⤵
-
\??\c:\jddvv.exec:\jddvv.exe234⤵
-
\??\c:\xrrlxxr.exec:\xrrlxxr.exe235⤵
-
\??\c:\rxrlffx.exec:\rxrlffx.exe236⤵
-
\??\c:\fxrlrlf.exec:\fxrlrlf.exe237⤵
-
\??\c:\thbthh.exec:\thbthh.exe238⤵
-
\??\c:\hntnbt.exec:\hntnbt.exe239⤵
-
\??\c:\vvvdv.exec:\vvvdv.exe240⤵