Analysis
-
max time kernel
150s -
max time network
109s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
22-05-2024 04:06
General
-
Target
1a934ff5ae32f61fab0e48d8ac73f0bb7768bb6b8c132a12abb10e181f75497b.exe
-
Size
141KB
-
MD5
0611946976553cf8c225475375971e10
-
SHA1
7724a153c13d01dd1266e54582e5da427cecd85c
-
SHA256
1a934ff5ae32f61fab0e48d8ac73f0bb7768bb6b8c132a12abb10e181f75497b
-
SHA512
51de763733b018564d12fa4d820575426f882d131622c4cae8c9b235f2364eabda063a58b32fc94d0df600c2fca2be7fd5f5db503900ee9aeb7f2ae4645f35b4
-
SSDEEP
3072:ymb3NkkiQ3mdBjFIi/0RU6QeYQsm71vPmm8mzuFli55p15A/:n3C9BRIG0asYFm71mm8fliG/
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1a934ff5ae32f61fab0e48d8ac73f0bb7768bb6b8c132a12abb10e181f75497b.exe"C:\Users\Admin\AppData\Local\Temp\1a934ff5ae32f61fab0e48d8ac73f0bb7768bb6b8c132a12abb10e181f75497b.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5bbthh.exec:\5bbthh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjjv.exec:\djjjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrflxl.exec:\rlrflxl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bbttb.exec:\1bbttb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bhnhh.exec:\3bhnhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjjd.exec:\ddjjd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7djpj.exec:\7djpj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflffff.exec:\rflffff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnttt.exec:\nbnttt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttnbn.exec:\nttnbn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddjv.exec:\pddjv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrxxl.exec:\rrrrxxl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvv.exec:\jddvv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvpj.exec:\jpvpj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfffff.exec:\rxfffff.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbthb.exec:\tbbthb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5djdj.exec:\5djdj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7fxlffx.exec:\7fxlffx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hhhbh.exec:\7hhhbh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvjv.exec:\vvvjv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllfxlx.exec:\lllfxlx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flllfxl.exec:\flllfxl.exe23⤵
- Executes dropped EXE
-
\??\c:\nbhbhb.exec:\nbhbhb.exe24⤵
- Executes dropped EXE
-
\??\c:\ppdpp.exec:\ppdpp.exe25⤵
- Executes dropped EXE
-
\??\c:\1lllxff.exec:\1lllxff.exe26⤵
- Executes dropped EXE
-
\??\c:\nhhhhh.exec:\nhhhhh.exe27⤵
- Executes dropped EXE
-
\??\c:\jpjjj.exec:\jpjjj.exe28⤵
- Executes dropped EXE
-
\??\c:\flfxrrr.exec:\flfxrrr.exe29⤵
- Executes dropped EXE
-
\??\c:\tthhbb.exec:\tthhbb.exe30⤵
- Executes dropped EXE
-
\??\c:\vjjdd.exec:\vjjdd.exe31⤵
- Executes dropped EXE
-
\??\c:\djjjj.exec:\djjjj.exe32⤵
- Executes dropped EXE
-
\??\c:\xfrrlxr.exec:\xfrrlxr.exe33⤵
- Executes dropped EXE
-
\??\c:\hhnhhh.exec:\hhnhhh.exe34⤵
- Executes dropped EXE
-
\??\c:\3tnbnh.exec:\3tnbnh.exe35⤵
- Executes dropped EXE
-
\??\c:\vjvvv.exec:\vjvvv.exe36⤵
- Executes dropped EXE
-
\??\c:\pjjdd.exec:\pjjdd.exe37⤵
- Executes dropped EXE
-
\??\c:\rxllrxx.exec:\rxllrxx.exe38⤵
- Executes dropped EXE
-
\??\c:\5bbnnb.exec:\5bbnnb.exe39⤵
- Executes dropped EXE
-
\??\c:\dvjvp.exec:\dvjvp.exe40⤵
- Executes dropped EXE
-
\??\c:\xxxxxfl.exec:\xxxxxfl.exe41⤵
- Executes dropped EXE
-
\??\c:\tnhbtn.exec:\tnhbtn.exe42⤵
- Executes dropped EXE
-
\??\c:\dpdvp.exec:\dpdvp.exe43⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe44⤵
- Executes dropped EXE
-
\??\c:\flffxrr.exec:\flffxrr.exe45⤵
- Executes dropped EXE
-
\??\c:\nbthth.exec:\nbthth.exe46⤵
- Executes dropped EXE
-
\??\c:\9vpjj.exec:\9vpjj.exe47⤵
- Executes dropped EXE
-
\??\c:\lrllflr.exec:\lrllflr.exe48⤵
- Executes dropped EXE
-
\??\c:\ffxfrfx.exec:\ffxfrfx.exe49⤵
- Executes dropped EXE
-
\??\c:\btbhnb.exec:\btbhnb.exe50⤵
- Executes dropped EXE
-
\??\c:\jdvvj.exec:\jdvvj.exe51⤵
- Executes dropped EXE
-
\??\c:\fxlffxr.exec:\fxlffxr.exe52⤵
- Executes dropped EXE
-
\??\c:\bnnhbt.exec:\bnnhbt.exe53⤵
- Executes dropped EXE
-
\??\c:\nhhhth.exec:\nhhhth.exe54⤵
- Executes dropped EXE
-
\??\c:\dpdjv.exec:\dpdjv.exe55⤵
- Executes dropped EXE
-
\??\c:\frxrxfr.exec:\frxrxfr.exe56⤵
- Executes dropped EXE
-
\??\c:\tnbtnn.exec:\tnbtnn.exe57⤵
- Executes dropped EXE
-
\??\c:\vjppd.exec:\vjppd.exe58⤵
- Executes dropped EXE
-
\??\c:\5jjdv.exec:\5jjdv.exe59⤵
- Executes dropped EXE
-
\??\c:\nhtbth.exec:\nhtbth.exe60⤵
- Executes dropped EXE
-
\??\c:\btnhbt.exec:\btnhbt.exe61⤵
- Executes dropped EXE
-
\??\c:\vvjjp.exec:\vvjjp.exe62⤵
- Executes dropped EXE
-
\??\c:\7rrlxxr.exec:\7rrlxxr.exe63⤵
- Executes dropped EXE
-
\??\c:\ntttnn.exec:\ntttnn.exe64⤵
- Executes dropped EXE
-
\??\c:\hthbnh.exec:\hthbnh.exe65⤵
- Executes dropped EXE
-
\??\c:\vvvpd.exec:\vvvpd.exe66⤵
-
\??\c:\frxrflf.exec:\frxrflf.exe67⤵
-
\??\c:\rfrxlfl.exec:\rfrxlfl.exe68⤵
-
\??\c:\thhhht.exec:\thhhht.exe69⤵
-
\??\c:\djdpp.exec:\djdpp.exe70⤵
-
\??\c:\5rrxxfx.exec:\5rrxxfx.exe71⤵
-
\??\c:\nhttnb.exec:\nhttnb.exe72⤵
-
\??\c:\bnnhbb.exec:\bnnhbb.exe73⤵
-
\??\c:\jpjvj.exec:\jpjvj.exe74⤵
-
\??\c:\fxflrfl.exec:\fxflrfl.exe75⤵
-
\??\c:\bbbtnn.exec:\bbbtnn.exe76⤵
-
\??\c:\jpppj.exec:\jpppj.exe77⤵
-
\??\c:\vjppv.exec:\vjppv.exe78⤵
-
\??\c:\llflrfx.exec:\llflrfx.exe79⤵
-
\??\c:\hhhhnn.exec:\hhhhnn.exe80⤵
-
\??\c:\nbbbtb.exec:\nbbbtb.exe81⤵
-
\??\c:\7jjdv.exec:\7jjdv.exe82⤵
-
\??\c:\jpvjj.exec:\jpvjj.exe83⤵
-
\??\c:\xlrxxrx.exec:\xlrxxrx.exe84⤵
-
\??\c:\bttnbb.exec:\bttnbb.exe85⤵
-
\??\c:\thbnnh.exec:\thbnnh.exe86⤵
-
\??\c:\1ppjd.exec:\1ppjd.exe87⤵
-
\??\c:\frxxrlf.exec:\frxxrlf.exe88⤵
-
\??\c:\hnnhbb.exec:\hnnhbb.exe89⤵
-
\??\c:\7pvpp.exec:\7pvpp.exe90⤵
-
\??\c:\dpvvj.exec:\dpvvj.exe91⤵
-
\??\c:\xlfxffl.exec:\xlfxffl.exe92⤵
-
\??\c:\rfffrrl.exec:\rfffrrl.exe93⤵
-
\??\c:\bbbtht.exec:\bbbtht.exe94⤵
-
\??\c:\jppjv.exec:\jppjv.exe95⤵
-
\??\c:\xrflxll.exec:\xrflxll.exe96⤵
-
\??\c:\5xxrlfx.exec:\5xxrlfx.exe97⤵
-
\??\c:\nbbhtn.exec:\nbbhtn.exe98⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe99⤵
-
\??\c:\jpppd.exec:\jpppd.exe100⤵
-
\??\c:\1rlfrrl.exec:\1rlfrrl.exe101⤵
-
\??\c:\tnhbtn.exec:\tnhbtn.exe102⤵
-
\??\c:\bbbnbb.exec:\bbbnbb.exe103⤵
-
\??\c:\nnhhtt.exec:\nnhhtt.exe104⤵
-
\??\c:\3djjv.exec:\3djjv.exe105⤵
-
\??\c:\ffllxfr.exec:\ffllxfr.exe106⤵
-
\??\c:\ttnnnt.exec:\ttnnnt.exe107⤵
-
\??\c:\1ttnbt.exec:\1ttnbt.exe108⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe109⤵
-
\??\c:\dvvjj.exec:\dvvjj.exe110⤵
-
\??\c:\fxlxlfx.exec:\fxlxlfx.exe111⤵
-
\??\c:\xlfrlfx.exec:\xlfrlfx.exe112⤵
-
\??\c:\7nnhhh.exec:\7nnhhh.exe113⤵
-
\??\c:\5jdpj.exec:\5jdpj.exe114⤵
-
\??\c:\dpddd.exec:\dpddd.exe115⤵
-
\??\c:\7ddpj.exec:\7ddpj.exe116⤵
-
\??\c:\pppdv.exec:\pppdv.exe117⤵
-
\??\c:\rxxrffx.exec:\rxxrffx.exe118⤵
-
\??\c:\nhbthh.exec:\nhbthh.exe119⤵
-
\??\c:\nbbthh.exec:\nbbthh.exe120⤵
-
\??\c:\vvdpd.exec:\vvdpd.exe121⤵
-
\??\c:\pdjvj.exec:\pdjvj.exe122⤵
-
\??\c:\3xfxlff.exec:\3xfxlff.exe123⤵
-
\??\c:\lrxlfxr.exec:\lrxlfxr.exe124⤵
-
\??\c:\tnhbnh.exec:\tnhbnh.exe125⤵
-
\??\c:\hbnbnh.exec:\hbnbnh.exe126⤵
-
\??\c:\vvpjv.exec:\vvpjv.exe127⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe128⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe129⤵
-
\??\c:\1lllxxr.exec:\1lllxxr.exe130⤵
-
\??\c:\rxrfrrl.exec:\rxrfrrl.exe131⤵
-
\??\c:\bntbtb.exec:\bntbtb.exe132⤵
-
\??\c:\jvdjd.exec:\jvdjd.exe133⤵
-
\??\c:\dvppp.exec:\dvppp.exe134⤵
-
\??\c:\xflxlll.exec:\xflxlll.exe135⤵
-
\??\c:\flllffx.exec:\flllffx.exe136⤵
-
\??\c:\3ttnhh.exec:\3ttnhh.exe137⤵
-
\??\c:\hnnhbb.exec:\hnnhbb.exe138⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe139⤵
-
\??\c:\jjpjv.exec:\jjpjv.exe140⤵
-
\??\c:\lxffrlf.exec:\lxffrlf.exe141⤵
-
\??\c:\bnhtnh.exec:\bnhtnh.exe142⤵
-
\??\c:\tnbnbt.exec:\tnbnbt.exe143⤵
-
\??\c:\hbhtbb.exec:\hbhtbb.exe144⤵
-
\??\c:\dppjv.exec:\dppjv.exe145⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe146⤵
-
\??\c:\lxfxrrl.exec:\lxfxrrl.exe147⤵
-
\??\c:\fxxxrrr.exec:\fxxxrrr.exe148⤵
-
\??\c:\7nnhtn.exec:\7nnhtn.exe149⤵
-
\??\c:\9tbhhh.exec:\9tbhhh.exe150⤵
-
\??\c:\jdvjj.exec:\jdvjj.exe151⤵
-
\??\c:\djdjd.exec:\djdjd.exe152⤵
-
\??\c:\5xrfxrl.exec:\5xrfxrl.exe153⤵
-
\??\c:\9rxxxff.exec:\9rxxxff.exe154⤵
-
\??\c:\ntthbt.exec:\ntthbt.exe155⤵
-
\??\c:\dpppj.exec:\dpppj.exe156⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe157⤵
-
\??\c:\vjjjv.exec:\vjjjv.exe158⤵
-
\??\c:\lrrlxrl.exec:\lrrlxrl.exe159⤵
-
\??\c:\thhbbb.exec:\thhbbb.exe160⤵
-
\??\c:\ttnhtn.exec:\ttnhtn.exe161⤵
-
\??\c:\pvdpd.exec:\pvdpd.exe162⤵
-
\??\c:\frxrlff.exec:\frxrlff.exe163⤵
-
\??\c:\bnhthh.exec:\bnhthh.exe164⤵
-
\??\c:\nhbthh.exec:\nhbthh.exe165⤵
-
\??\c:\3pppj.exec:\3pppj.exe166⤵
-
\??\c:\vpvjv.exec:\vpvjv.exe167⤵
-
\??\c:\lrfxllf.exec:\lrfxllf.exe168⤵
-
\??\c:\xrxxxxx.exec:\xrxxxxx.exe169⤵
-
\??\c:\5nhbth.exec:\5nhbth.exe170⤵
-
\??\c:\nttthb.exec:\nttthb.exe171⤵
-
\??\c:\dvpdp.exec:\dvpdp.exe172⤵
-
\??\c:\jppjv.exec:\jppjv.exe173⤵
-
\??\c:\7rxlxrl.exec:\7rxlxrl.exe174⤵
-
\??\c:\xfffxrl.exec:\xfffxrl.exe175⤵
-
\??\c:\3htbnn.exec:\3htbnn.exe176⤵
-
\??\c:\hthhbb.exec:\hthhbb.exe177⤵
-
\??\c:\vvvvj.exec:\vvvvj.exe178⤵
-
\??\c:\9fxrfxr.exec:\9fxrfxr.exe179⤵
-
\??\c:\rlrlffx.exec:\rlrlffx.exe180⤵
-
\??\c:\9bbtnb.exec:\9bbtnb.exe181⤵
-
\??\c:\hbbtht.exec:\hbbtht.exe182⤵
-
\??\c:\7pjpp.exec:\7pjpp.exe183⤵
-
\??\c:\lrxrfxf.exec:\lrxrfxf.exe184⤵
-
\??\c:\rlfffrx.exec:\rlfffrx.exe185⤵
-
\??\c:\hnbbtt.exec:\hnbbtt.exe186⤵
-
\??\c:\nbnbtb.exec:\nbnbtb.exe187⤵
-
\??\c:\dvvvd.exec:\dvvvd.exe188⤵
-
\??\c:\bnbnhb.exec:\bnbnhb.exe189⤵
-
\??\c:\hnhnhh.exec:\hnhnhh.exe190⤵
-
\??\c:\ddvvj.exec:\ddvvj.exe191⤵
-
\??\c:\fxllffr.exec:\fxllffr.exe192⤵
-
\??\c:\frrlfxr.exec:\frrlfxr.exe193⤵
-
\??\c:\hnhntn.exec:\hnhntn.exe194⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe195⤵
-
\??\c:\dvvjd.exec:\dvvjd.exe196⤵
-
\??\c:\lflfrrl.exec:\lflfrrl.exe197⤵
-
\??\c:\xfflfxr.exec:\xfflfxr.exe198⤵
-
\??\c:\nbnbnb.exec:\nbnbnb.exe199⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe200⤵
-
\??\c:\fxxxllf.exec:\fxxxllf.exe201⤵
-
\??\c:\lrrfxll.exec:\lrrfxll.exe202⤵
-
\??\c:\htnhbt.exec:\htnhbt.exe203⤵
-
\??\c:\jppvd.exec:\jppvd.exe204⤵
-
\??\c:\5vjjd.exec:\5vjjd.exe205⤵
-
\??\c:\7rllrxr.exec:\7rllrxr.exe206⤵
-
\??\c:\frfxfxr.exec:\frfxfxr.exe207⤵
-
\??\c:\9nhbtn.exec:\9nhbtn.exe208⤵
-
\??\c:\nbhbtn.exec:\nbhbtn.exe209⤵
-
\??\c:\vvdpj.exec:\vvdpj.exe210⤵
-
\??\c:\xlfxllf.exec:\xlfxllf.exe211⤵
-
\??\c:\3lxrffx.exec:\3lxrffx.exe212⤵
-
\??\c:\frlfxfx.exec:\frlfxfx.exe213⤵
-
\??\c:\nbtnbb.exec:\nbtnbb.exe214⤵
-
\??\c:\5ttnnn.exec:\5ttnnn.exe215⤵
-
\??\c:\pdpjv.exec:\pdpjv.exe216⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe217⤵
-
\??\c:\fllxllf.exec:\fllxllf.exe218⤵
-
\??\c:\lxrlxfx.exec:\lxrlxfx.exe219⤵
-
\??\c:\btnhbt.exec:\btnhbt.exe220⤵
-
\??\c:\bnttnh.exec:\bnttnh.exe221⤵
-
\??\c:\ppjpj.exec:\ppjpj.exe222⤵
-
\??\c:\dpvpd.exec:\dpvpd.exe223⤵
-
\??\c:\fxrrlrx.exec:\fxrrlrx.exe224⤵
-
\??\c:\fxxflrl.exec:\fxxflrl.exe225⤵
-
\??\c:\btbnhb.exec:\btbnhb.exe226⤵
-
\??\c:\bbbbtt.exec:\bbbbtt.exe227⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe228⤵
-
\??\c:\pdvvd.exec:\pdvvd.exe229⤵
-
\??\c:\xxlllrl.exec:\xxlllrl.exe230⤵
-
\??\c:\rffxrlx.exec:\rffxrlx.exe231⤵
-
\??\c:\hhtnnh.exec:\hhtnnh.exe232⤵
-
\??\c:\nhhbth.exec:\nhhbth.exe233⤵
-
\??\c:\djjpd.exec:\djjpd.exe234⤵
-
\??\c:\3ppdp.exec:\3ppdp.exe235⤵
-
\??\c:\llfrfrx.exec:\llfrfrx.exe236⤵
-
\??\c:\bnbttt.exec:\bnbttt.exe237⤵
-
\??\c:\1nbtnn.exec:\1nbtnn.exe238⤵
-
\??\c:\jjjpv.exec:\jjjpv.exe239⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe240⤵