Analysis
-
max time kernel
150s -
max time network
109s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
22-05-2024 04:06
General
-
Target
1a934ff5ae32f61fab0e48d8ac73f0bb7768bb6b8c132a12abb10e181f75497b.exe
-
Size
141KB
-
MD5
0611946976553cf8c225475375971e10
-
SHA1
7724a153c13d01dd1266e54582e5da427cecd85c
-
SHA256
1a934ff5ae32f61fab0e48d8ac73f0bb7768bb6b8c132a12abb10e181f75497b
-
SHA512
51de763733b018564d12fa4d820575426f882d131622c4cae8c9b235f2364eabda063a58b32fc94d0df600c2fca2be7fd5f5db503900ee9aeb7f2ae4645f35b4
-
SSDEEP
3072:ymb3NkkiQ3mdBjFIi/0RU6QeYQsm71vPmm8mzuFli55p15A/:n3C9BRIG0asYFm71mm8fliG/
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1a934ff5ae32f61fab0e48d8ac73f0bb7768bb6b8c132a12abb10e181f75497b.exe"C:\Users\Admin\AppData\Local\Temp\1a934ff5ae32f61fab0e48d8ac73f0bb7768bb6b8c132a12abb10e181f75497b.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5bbthh.exec:\5bbthh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjjv.exec:\djjjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrflxl.exec:\rlrflxl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bbttb.exec:\1bbttb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bhnhh.exec:\3bhnhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjjd.exec:\ddjjd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7djpj.exec:\7djpj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflffff.exec:\rflffff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnttt.exec:\nbnttt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttnbn.exec:\nttnbn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddjv.exec:\pddjv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrxxl.exec:\rrrrxxl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvv.exec:\jddvv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvpj.exec:\jpvpj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfffff.exec:\rxfffff.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbthb.exec:\tbbthb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5djdj.exec:\5djdj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7fxlffx.exec:\7fxlffx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hhhbh.exec:\7hhhbh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvjv.exec:\vvvjv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllfxlx.exec:\lllfxlx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flllfxl.exec:\flllfxl.exe23⤵
- Executes dropped EXE
-
\??\c:\nbhbhb.exec:\nbhbhb.exe24⤵
- Executes dropped EXE
-
\??\c:\ppdpp.exec:\ppdpp.exe25⤵
- Executes dropped EXE
-
\??\c:\1lllxff.exec:\1lllxff.exe26⤵
- Executes dropped EXE
-
\??\c:\nhhhhh.exec:\nhhhhh.exe27⤵
- Executes dropped EXE
-
\??\c:\jpjjj.exec:\jpjjj.exe28⤵
- Executes dropped EXE
-
\??\c:\flfxrrr.exec:\flfxrrr.exe29⤵
- Executes dropped EXE
-
\??\c:\tthhbb.exec:\tthhbb.exe30⤵
- Executes dropped EXE
-
\??\c:\vjjdd.exec:\vjjdd.exe31⤵
- Executes dropped EXE
-
\??\c:\djjjj.exec:\djjjj.exe32⤵
- Executes dropped EXE
-
\??\c:\xfrrlxr.exec:\xfrrlxr.exe33⤵
- Executes dropped EXE
-
\??\c:\hhnhhh.exec:\hhnhhh.exe34⤵
- Executes dropped EXE
-
\??\c:\3tnbnh.exec:\3tnbnh.exe35⤵
- Executes dropped EXE
-
\??\c:\vjvvv.exec:\vjvvv.exe36⤵
- Executes dropped EXE
-
\??\c:\pjjdd.exec:\pjjdd.exe37⤵
- Executes dropped EXE
-
\??\c:\rxllrxx.exec:\rxllrxx.exe38⤵
- Executes dropped EXE
-
\??\c:\5bbnnb.exec:\5bbnnb.exe39⤵
- Executes dropped EXE
-
\??\c:\dvjvp.exec:\dvjvp.exe40⤵
- Executes dropped EXE
-
\??\c:\xxxxxfl.exec:\xxxxxfl.exe41⤵
- Executes dropped EXE
-
\??\c:\tnhbtn.exec:\tnhbtn.exe42⤵
- Executes dropped EXE
-
\??\c:\dpdvp.exec:\dpdvp.exe43⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe44⤵
- Executes dropped EXE
-
\??\c:\flffxrr.exec:\flffxrr.exe45⤵
- Executes dropped EXE
-
\??\c:\nbthth.exec:\nbthth.exe46⤵
- Executes dropped EXE
-
\??\c:\9vpjj.exec:\9vpjj.exe47⤵
- Executes dropped EXE
-
\??\c:\lrllflr.exec:\lrllflr.exe48⤵
- Executes dropped EXE
-
\??\c:\ffxfrfx.exec:\ffxfrfx.exe49⤵
- Executes dropped EXE
-
\??\c:\btbhnb.exec:\btbhnb.exe50⤵
- Executes dropped EXE
-
\??\c:\jdvvj.exec:\jdvvj.exe51⤵
- Executes dropped EXE
-
\??\c:\fxlffxr.exec:\fxlffxr.exe52⤵
- Executes dropped EXE
-
\??\c:\bnnhbt.exec:\bnnhbt.exe53⤵
- Executes dropped EXE
-
\??\c:\nhhhth.exec:\nhhhth.exe54⤵
- Executes dropped EXE
-
\??\c:\dpdjv.exec:\dpdjv.exe55⤵
- Executes dropped EXE
-
\??\c:\frxrxfr.exec:\frxrxfr.exe56⤵
- Executes dropped EXE
-
\??\c:\tnbtnn.exec:\tnbtnn.exe57⤵
- Executes dropped EXE
-
\??\c:\vjppd.exec:\vjppd.exe58⤵
- Executes dropped EXE
-
\??\c:\5jjdv.exec:\5jjdv.exe59⤵
- Executes dropped EXE
-
\??\c:\nhtbth.exec:\nhtbth.exe60⤵
- Executes dropped EXE
-
\??\c:\btnhbt.exec:\btnhbt.exe61⤵
- Executes dropped EXE
-
\??\c:\vvjjp.exec:\vvjjp.exe62⤵
- Executes dropped EXE
-
\??\c:\7rrlxxr.exec:\7rrlxxr.exe63⤵
- Executes dropped EXE
-
\??\c:\ntttnn.exec:\ntttnn.exe64⤵
- Executes dropped EXE
-
\??\c:\hthbnh.exec:\hthbnh.exe65⤵
- Executes dropped EXE
-
\??\c:\vvvpd.exec:\vvvpd.exe66⤵
-
\??\c:\frxrflf.exec:\frxrflf.exe67⤵
-
\??\c:\rfrxlfl.exec:\rfrxlfl.exe68⤵
-
\??\c:\thhhht.exec:\thhhht.exe69⤵
-
\??\c:\djdpp.exec:\djdpp.exe70⤵
-
\??\c:\5rrxxfx.exec:\5rrxxfx.exe71⤵
-
\??\c:\nhttnb.exec:\nhttnb.exe72⤵
-
\??\c:\bnnhbb.exec:\bnnhbb.exe73⤵
-
\??\c:\jpjvj.exec:\jpjvj.exe74⤵
-
\??\c:\fxflrfl.exec:\fxflrfl.exe75⤵
-
\??\c:\bbbtnn.exec:\bbbtnn.exe76⤵
-
\??\c:\jpppj.exec:\jpppj.exe77⤵
-
\??\c:\vjppv.exec:\vjppv.exe78⤵
-
\??\c:\llflrfx.exec:\llflrfx.exe79⤵
-
\??\c:\hhhhnn.exec:\hhhhnn.exe80⤵
-
\??\c:\nbbbtb.exec:\nbbbtb.exe81⤵
-
\??\c:\7jjdv.exec:\7jjdv.exe82⤵
-
\??\c:\jpvjj.exec:\jpvjj.exe83⤵
-
\??\c:\xlrxxrx.exec:\xlrxxrx.exe84⤵
-
\??\c:\bttnbb.exec:\bttnbb.exe85⤵
-
\??\c:\thbnnh.exec:\thbnnh.exe86⤵
-
\??\c:\1ppjd.exec:\1ppjd.exe87⤵
-
\??\c:\frxxrlf.exec:\frxxrlf.exe88⤵
-
\??\c:\hnnhbb.exec:\hnnhbb.exe89⤵
-
\??\c:\7pvpp.exec:\7pvpp.exe90⤵
-
\??\c:\dpvvj.exec:\dpvvj.exe91⤵
-
\??\c:\xlfxffl.exec:\xlfxffl.exe92⤵
-
\??\c:\rfffrrl.exec:\rfffrrl.exe93⤵
-
\??\c:\bbbtht.exec:\bbbtht.exe94⤵
-
\??\c:\jppjv.exec:\jppjv.exe95⤵
-
\??\c:\xrflxll.exec:\xrflxll.exe96⤵
-
\??\c:\5xxrlfx.exec:\5xxrlfx.exe97⤵
-
\??\c:\nbbhtn.exec:\nbbhtn.exe98⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe99⤵
-
\??\c:\jpppd.exec:\jpppd.exe100⤵
-
\??\c:\1rlfrrl.exec:\1rlfrrl.exe101⤵
-
\??\c:\tnhbtn.exec:\tnhbtn.exe102⤵
-
\??\c:\bbbnbb.exec:\bbbnbb.exe103⤵
-
\??\c:\nnhhtt.exec:\nnhhtt.exe104⤵
-
\??\c:\3djjv.exec:\3djjv.exe105⤵
-
\??\c:\ffllxfr.exec:\ffllxfr.exe106⤵
-
\??\c:\ttnnnt.exec:\ttnnnt.exe107⤵
-
\??\c:\1ttnbt.exec:\1ttnbt.exe108⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe109⤵
-
\??\c:\dvvjj.exec:\dvvjj.exe110⤵
-
\??\c:\fxlxlfx.exec:\fxlxlfx.exe111⤵
-
\??\c:\xlfrlfx.exec:\xlfrlfx.exe112⤵
-
\??\c:\7nnhhh.exec:\7nnhhh.exe113⤵
-
\??\c:\5jdpj.exec:\5jdpj.exe114⤵
-
\??\c:\dpddd.exec:\dpddd.exe115⤵
-
\??\c:\7ddpj.exec:\7ddpj.exe116⤵
-
\??\c:\pppdv.exec:\pppdv.exe117⤵
-
\??\c:\rxxrffx.exec:\rxxrffx.exe118⤵
-
\??\c:\nhbthh.exec:\nhbthh.exe119⤵
-
\??\c:\nbbthh.exec:\nbbthh.exe120⤵
-
\??\c:\vvdpd.exec:\vvdpd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-