Analysis
-
max time kernel
150s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
22-05-2024 06:09
General
-
Target
bb3af1059bcfc5cf4212d6510c4651e1fb4942d0d10383a11db45a7e79c31725.exe
-
Size
369KB
-
MD5
41b85936f8793948c64019bd1703cc37
-
SHA1
13a0e1ff602365d139267a9ba9299944a62893f9
-
SHA256
bb3af1059bcfc5cf4212d6510c4651e1fb4942d0d10383a11db45a7e79c31725
-
SHA512
ece86e48a13855dd0407b96ea22c1ababe881baf79158cbcbfd45877ab699e08d0d55b47b13609516f2b94a4fcd8365d5cd3b0b342e293811464a2d90815cf99
-
SSDEEP
6144:kcm4FmowdHoSphraHcpOFltH4tiAlSpgFZAzwdjcIlSpgFZZr3GSM/xCk5:y4wFHoS3eFplAlSpgFZAKjcIlSpgFZZC
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
UPX dump on OEP (original entry point) 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\bb3af1059bcfc5cf4212d6510c4651e1fb4942d0d10383a11db45a7e79c31725.exe"C:\Users\Admin\AppData\Local\Temp\bb3af1059bcfc5cf4212d6510c4651e1fb4942d0d10383a11db45a7e79c31725.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnhbb.exec:\nnnhbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtnnh.exec:\bbtnnh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpjj.exec:\vvpjj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxxrrl.exec:\frxxrrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tnhnh.exec:\9tnhnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxxffr.exec:\frxxffr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbbb.exec:\hhhbbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxrxxr.exec:\xfxrxxr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hbnhn.exec:\1hbnhn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvpp.exec:\jpvpp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlrxxf.exec:\xxlrxxf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbthbb.exec:\hbthbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvpd.exec:\vvvpd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlffrr.exec:\lxlffrr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddvp.exec:\pddvp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxxfff.exec:\frxxfff.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtbbb.exec:\hbtbbb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vddv.exec:\9vddv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nbtbb.exec:\7nbtbb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddvv.exec:\pddvv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflflrr.exec:\xflflrr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdvv.exec:\pvdvv.exe23⤵
- Executes dropped EXE
-
\??\c:\rrrfxxl.exec:\rrrfxxl.exe24⤵
- Executes dropped EXE
-
\??\c:\btbttt.exec:\btbttt.exe25⤵
- Executes dropped EXE
-
\??\c:\vvjjj.exec:\vvjjj.exe26⤵
- Executes dropped EXE
-
\??\c:\fxxlllf.exec:\fxxlllf.exe27⤵
- Executes dropped EXE
-
\??\c:\9bnhnn.exec:\9bnhnn.exe28⤵
- Executes dropped EXE
-
\??\c:\jjvvd.exec:\jjvvd.exe29⤵
- Executes dropped EXE
-
\??\c:\frrxrxr.exec:\frrxrxr.exe30⤵
- Executes dropped EXE
-
\??\c:\tnbttt.exec:\tnbttt.exe31⤵
- Executes dropped EXE
-
\??\c:\rlflfff.exec:\rlflfff.exe32⤵
- Executes dropped EXE
-
\??\c:\htbnht.exec:\htbnht.exe33⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe34⤵
- Executes dropped EXE
-
\??\c:\xfrrlll.exec:\xfrrlll.exe35⤵
- Executes dropped EXE
-
\??\c:\ttttnn.exec:\ttttnn.exe36⤵
- Executes dropped EXE
-
\??\c:\nnnnnn.exec:\nnnnnn.exe37⤵
- Executes dropped EXE
-
\??\c:\pvvpj.exec:\pvvpj.exe38⤵
- Executes dropped EXE
-
\??\c:\rrllllr.exec:\rrllllr.exe39⤵
- Executes dropped EXE
-
\??\c:\3rxxxfl.exec:\3rxxxfl.exe40⤵
- Executes dropped EXE
-
\??\c:\hhbttt.exec:\hhbttt.exe41⤵
- Executes dropped EXE
-
\??\c:\pvdpj.exec:\pvdpj.exe42⤵
- Executes dropped EXE
-
\??\c:\dvjdd.exec:\dvjdd.exe43⤵
- Executes dropped EXE
-
\??\c:\lxffllr.exec:\lxffllr.exe44⤵
- Executes dropped EXE
-
\??\c:\nhbtnb.exec:\nhbtnb.exe45⤵
- Executes dropped EXE
-
\??\c:\vvpvv.exec:\vvpvv.exe46⤵
- Executes dropped EXE
-
\??\c:\jddvj.exec:\jddvj.exe47⤵
- Executes dropped EXE
-
\??\c:\lfffrxx.exec:\lfffrxx.exe48⤵
- Executes dropped EXE
-
\??\c:\5bhhbb.exec:\5bhhbb.exe49⤵
- Executes dropped EXE
-
\??\c:\ttnnnn.exec:\ttnnnn.exe50⤵
- Executes dropped EXE
-
\??\c:\3jjvp.exec:\3jjvp.exe51⤵
- Executes dropped EXE
-
\??\c:\fxrlfxx.exec:\fxrlfxx.exe52⤵
- Executes dropped EXE
-
\??\c:\nhhhbb.exec:\nhhhbb.exe53⤵
- Executes dropped EXE
-
\??\c:\tbbnhn.exec:\tbbnhn.exe54⤵
- Executes dropped EXE
-
\??\c:\jpjdv.exec:\jpjdv.exe55⤵
- Executes dropped EXE
-
\??\c:\lllfrrr.exec:\lllfrrr.exe56⤵
- Executes dropped EXE
-
\??\c:\nhhhbb.exec:\nhhhbb.exe57⤵
- Executes dropped EXE
-
\??\c:\bhbtbh.exec:\bhbtbh.exe58⤵
- Executes dropped EXE
-
\??\c:\9jjjd.exec:\9jjjd.exe59⤵
- Executes dropped EXE
-
\??\c:\5rrllll.exec:\5rrllll.exe60⤵
- Executes dropped EXE
-
\??\c:\7lxxlxr.exec:\7lxxlxr.exe61⤵
- Executes dropped EXE
-
\??\c:\bnntnb.exec:\bnntnb.exe62⤵
- Executes dropped EXE
-
\??\c:\vppdp.exec:\vppdp.exe63⤵
- Executes dropped EXE
-
\??\c:\djjdv.exec:\djjdv.exe64⤵
- Executes dropped EXE
-
\??\c:\rrxlrfl.exec:\rrxlrfl.exe65⤵
- Executes dropped EXE
-
\??\c:\tthtnt.exec:\tthtnt.exe66⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe67⤵
-
\??\c:\dppjp.exec:\dppjp.exe68⤵
-
\??\c:\3frxxrl.exec:\3frxxrl.exe69⤵
-
\??\c:\7rxxfll.exec:\7rxxfll.exe70⤵
-
\??\c:\ththnb.exec:\ththnb.exe71⤵
-
\??\c:\7xxxxxr.exec:\7xxxxxr.exe72⤵
-
\??\c:\rrrlffx.exec:\rrrlffx.exe73⤵
-
\??\c:\hhbtbb.exec:\hhbtbb.exe74⤵
-
\??\c:\5dvdd.exec:\5dvdd.exe75⤵
-
\??\c:\ffllrrl.exec:\ffllrrl.exe76⤵
-
\??\c:\fxllxfr.exec:\fxllxfr.exe77⤵
-
\??\c:\1hbttt.exec:\1hbttt.exe78⤵
-
\??\c:\nhhbbt.exec:\nhhbbt.exe79⤵
-
\??\c:\3vppj.exec:\3vppj.exe80⤵
-
\??\c:\jddjv.exec:\jddjv.exe81⤵
-
\??\c:\rlfxrlf.exec:\rlfxrlf.exe82⤵
-
\??\c:\hbbtnt.exec:\hbbtnt.exe83⤵
-
\??\c:\pjpjv.exec:\pjpjv.exe84⤵
-
\??\c:\lffxllf.exec:\lffxllf.exe85⤵
-
\??\c:\ntnhtb.exec:\ntnhtb.exe86⤵
-
\??\c:\thbhnt.exec:\thbhnt.exe87⤵
-
\??\c:\pdvvp.exec:\pdvvp.exe88⤵
-
\??\c:\xlrfxlf.exec:\xlrfxlf.exe89⤵
-
\??\c:\bbttnt.exec:\bbttnt.exe90⤵
-
\??\c:\dpvvd.exec:\dpvvd.exe91⤵
-
\??\c:\vjppp.exec:\vjppp.exe92⤵
-
\??\c:\xxxrllf.exec:\xxxrllf.exe93⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe94⤵
-
\??\c:\9bnnht.exec:\9bnnht.exe95⤵
-
\??\c:\ddpjd.exec:\ddpjd.exe96⤵
-
\??\c:\9jppp.exec:\9jppp.exe97⤵
-
\??\c:\3rrlffx.exec:\3rrlffx.exe98⤵
-
\??\c:\5rxrxxx.exec:\5rxrxxx.exe99⤵
-
\??\c:\5ntnhh.exec:\5ntnhh.exe100⤵
-
\??\c:\3pjdp.exec:\3pjdp.exe101⤵
-
\??\c:\ddvpp.exec:\ddvpp.exe102⤵
-
\??\c:\rlxxllf.exec:\rlxxllf.exe103⤵
-
\??\c:\fffxrrr.exec:\fffxrrr.exe104⤵
-
\??\c:\bbtnnn.exec:\bbtnnn.exe105⤵
-
\??\c:\jddjj.exec:\jddjj.exe106⤵
-
\??\c:\vjppp.exec:\vjppp.exe107⤵
-
\??\c:\fllrxlr.exec:\fllrxlr.exe108⤵
-
\??\c:\5rllllf.exec:\5rllllf.exe109⤵
-
\??\c:\btttnn.exec:\btttnn.exe110⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe111⤵
-
\??\c:\pjvpd.exec:\pjvpd.exe112⤵
-
\??\c:\xlffxrr.exec:\xlffxrr.exe113⤵
-
\??\c:\1nbnhn.exec:\1nbnhn.exe114⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe115⤵
-
\??\c:\pvpvv.exec:\pvpvv.exe116⤵
-
\??\c:\9vvpj.exec:\9vvpj.exe117⤵
-
\??\c:\frfffxr.exec:\frfffxr.exe118⤵
-
\??\c:\tbhbtn.exec:\tbhbtn.exe119⤵
-
\??\c:\9nnhbb.exec:\9nnhbb.exe120⤵
-
\??\c:\vpppj.exec:\vpppj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-