Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
22-05-2024 09:54
General
-
Target
edee31a45c2e8a8108efd0b8c1989e451dc922766653e3b56802cd8a7d4c2cfa.exe
-
Size
365KB
-
MD5
8dc6421e5a7124835096a61c91146d58
-
SHA1
ad0946b6ad684de7bd4e26e7e2e52a099847a372
-
SHA256
edee31a45c2e8a8108efd0b8c1989e451dc922766653e3b56802cd8a7d4c2cfa
-
SHA512
e8985d3e369008a1c380bd557fb0161ac77edcab135bc18482172e91762ea3efd3b6a952f17696233ad5cb719ebac0bea70ed414682ce14c502b0222ddf27512
-
SSDEEP
6144:Lcm4FmowdHoSHt251UriZFwu1b26X1wjdgyPPB9:R4wFHoSHYHUrAwqzQ7PPj
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
UPX dump on OEP (original entry point) 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\edee31a45c2e8a8108efd0b8c1989e451dc922766653e3b56802cd8a7d4c2cfa.exe"C:\Users\Admin\AppData\Local\Temp\edee31a45c2e8a8108efd0b8c1989e451dc922766653e3b56802cd8a7d4c2cfa.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxfxxl.exec:\lxxfxxl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjjv.exec:\ddjjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdd.exec:\pjjdd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lxxrxl.exec:\5lxxrxl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xffrxlf.exec:\xffrxlf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhnh.exec:\btnhnh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dpjd.exec:\1dpjd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lrlffx.exec:\1lrlffx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxxxll.exec:\ffxxxll.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbtbt.exec:\ttbtbt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnnhh.exec:\nhnnhh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjp.exec:\dvjjp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfxxxl.exec:\xxfxxxl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvddv.exec:\jvddv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbbt.exec:\btbbbt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffxxxx.exec:\fffxxxx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bbttt.exec:\3bbttt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdvp.exec:\vvdvp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tnhnt.exec:\9tnhnt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjvp.exec:\vdjvp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntnnh.exec:\tntnnh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnnhh.exec:\tnnnhh.exe23⤵
- Executes dropped EXE
-
\??\c:\pjppj.exec:\pjppj.exe24⤵
- Executes dropped EXE
-
\??\c:\hbhbbt.exec:\hbhbbt.exe25⤵
- Executes dropped EXE
-
\??\c:\9pvvv.exec:\9pvvv.exe26⤵
- Executes dropped EXE
-
\??\c:\flrlfxr.exec:\flrlfxr.exe27⤵
- Executes dropped EXE
-
\??\c:\xxxlffl.exec:\xxxlffl.exe28⤵
- Executes dropped EXE
-
\??\c:\fxxxrrr.exec:\fxxxrrr.exe29⤵
- Executes dropped EXE
-
\??\c:\nhnnnb.exec:\nhnnnb.exe30⤵
- Executes dropped EXE
-
\??\c:\ppvvd.exec:\ppvvd.exe31⤵
- Executes dropped EXE
-
\??\c:\5lrllll.exec:\5lrllll.exe32⤵
- Executes dropped EXE
-
\??\c:\jjjjp.exec:\jjjjp.exe33⤵
- Executes dropped EXE
-
\??\c:\ffxxlll.exec:\ffxxlll.exe34⤵
- Executes dropped EXE
-
\??\c:\lllllfl.exec:\lllllfl.exe35⤵
- Executes dropped EXE
-
\??\c:\hbthbn.exec:\hbthbn.exe36⤵
- Executes dropped EXE
-
\??\c:\ddddv.exec:\ddddv.exe37⤵
- Executes dropped EXE
-
\??\c:\pjjdd.exec:\pjjdd.exe38⤵
- Executes dropped EXE
-
\??\c:\frllfxx.exec:\frllfxx.exe39⤵
- Executes dropped EXE
-
\??\c:\nnttnb.exec:\nnttnb.exe40⤵
- Executes dropped EXE
-
\??\c:\ppjjj.exec:\ppjjj.exe41⤵
- Executes dropped EXE
-
\??\c:\9rxrrfx.exec:\9rxrrfx.exe42⤵
- Executes dropped EXE
-
\??\c:\tnhbtt.exec:\tnhbtt.exe43⤵
- Executes dropped EXE
-
\??\c:\jdppp.exec:\jdppp.exe44⤵
- Executes dropped EXE
-
\??\c:\flrllxf.exec:\flrllxf.exe45⤵
- Executes dropped EXE
-
\??\c:\xflfxxr.exec:\xflfxxr.exe46⤵
- Executes dropped EXE
-
\??\c:\ntbtnn.exec:\ntbtnn.exe47⤵
- Executes dropped EXE
-
\??\c:\djddp.exec:\djddp.exe48⤵
- Executes dropped EXE
-
\??\c:\5xfxrrl.exec:\5xfxrrl.exe49⤵
- Executes dropped EXE
-
\??\c:\nnttnn.exec:\nnttnn.exe50⤵
- Executes dropped EXE
-
\??\c:\nnttnt.exec:\nnttnt.exe51⤵
- Executes dropped EXE
-
\??\c:\xlrlfff.exec:\xlrlfff.exe52⤵
- Executes dropped EXE
-
\??\c:\xrxxxrl.exec:\xrxxxrl.exe53⤵
- Executes dropped EXE
-
\??\c:\7vddv.exec:\7vddv.exe54⤵
- Executes dropped EXE
-
\??\c:\dvdvp.exec:\dvdvp.exe55⤵
- Executes dropped EXE
-
\??\c:\xrrrrrl.exec:\xrrrrrl.exe56⤵
- Executes dropped EXE
-
\??\c:\hhhhbb.exec:\hhhhbb.exe57⤵
- Executes dropped EXE
-
\??\c:\5htntt.exec:\5htntt.exe58⤵
- Executes dropped EXE
-
\??\c:\jjppp.exec:\jjppp.exe59⤵
- Executes dropped EXE
-
\??\c:\5rxxrrr.exec:\5rxxrrr.exe60⤵
- Executes dropped EXE
-
\??\c:\bntnhn.exec:\bntnhn.exe61⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe62⤵
- Executes dropped EXE
-
\??\c:\dpvvd.exec:\dpvvd.exe63⤵
- Executes dropped EXE
-
\??\c:\fxlfxxr.exec:\fxlfxxr.exe64⤵
- Executes dropped EXE
-
\??\c:\thhhbb.exec:\thhhbb.exe65⤵
- Executes dropped EXE
-
\??\c:\nbbhhh.exec:\nbbhhh.exe66⤵
-
\??\c:\vvvvv.exec:\vvvvv.exe67⤵
-
\??\c:\rxxrlll.exec:\rxxrlll.exe68⤵
-
\??\c:\htnthn.exec:\htnthn.exe69⤵
-
\??\c:\dpppp.exec:\dpppp.exe70⤵
-
\??\c:\frrlffx.exec:\frrlffx.exe71⤵
-
\??\c:\rrrllll.exec:\rrrllll.exe72⤵
-
\??\c:\thbtbt.exec:\thbtbt.exe73⤵
-
\??\c:\djddp.exec:\djddp.exe74⤵
-
\??\c:\rllfrxr.exec:\rllfrxr.exe75⤵
-
\??\c:\tbtnhh.exec:\tbtnhh.exe76⤵
-
\??\c:\5pvjj.exec:\5pvjj.exe77⤵
-
\??\c:\fxffrrr.exec:\fxffrrr.exe78⤵
-
\??\c:\rxfxxxx.exec:\rxfxxxx.exe79⤵
-
\??\c:\tnnhhh.exec:\tnnhhh.exe80⤵
-
\??\c:\9ddvj.exec:\9ddvj.exe81⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe82⤵
-
\??\c:\xrrlfff.exec:\xrrlfff.exe83⤵
-
\??\c:\hbbbbn.exec:\hbbbbn.exe84⤵
-
\??\c:\nbhhtt.exec:\nbhhtt.exe85⤵
-
\??\c:\vvddp.exec:\vvddp.exe86⤵
-
\??\c:\5xlfrrr.exec:\5xlfrrr.exe87⤵
-
\??\c:\lflffxx.exec:\lflffxx.exe88⤵
-
\??\c:\nnhhnn.exec:\nnhhnn.exe89⤵
-
\??\c:\vppvv.exec:\vppvv.exe90⤵
-
\??\c:\rlllfff.exec:\rlllfff.exe91⤵
-
\??\c:\nhhhhh.exec:\nhhhhh.exe92⤵
-
\??\c:\vpddv.exec:\vpddv.exe93⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe94⤵
-
\??\c:\9flxxxr.exec:\9flxxxr.exe95⤵
-
\??\c:\hhbnnn.exec:\hhbnnn.exe96⤵
-
\??\c:\pjjpj.exec:\pjjpj.exe97⤵
-
\??\c:\7rlfrlf.exec:\7rlfrlf.exe98⤵
-
\??\c:\1rrlfrl.exec:\1rrlfrl.exe99⤵
-
\??\c:\nhtnnh.exec:\nhtnnh.exe100⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe101⤵
-
\??\c:\ddjpj.exec:\ddjpj.exe102⤵
-
\??\c:\lxffxfx.exec:\lxffxfx.exe103⤵
-
\??\c:\hnttbb.exec:\hnttbb.exe104⤵
-
\??\c:\btnttb.exec:\btnttb.exe105⤵
-
\??\c:\5jvpd.exec:\5jvpd.exe106⤵
-
\??\c:\rrxxxfl.exec:\rrxxxfl.exe107⤵
-
\??\c:\lxxxrrf.exec:\lxxxrrf.exe108⤵
-
\??\c:\nbtnnn.exec:\nbtnnn.exe109⤵
-
\??\c:\ppvdd.exec:\ppvdd.exe110⤵
-
\??\c:\7vvpp.exec:\7vvpp.exe111⤵
-
\??\c:\fxffrll.exec:\fxffrll.exe112⤵
-
\??\c:\nbnntt.exec:\nbnntt.exe113⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe114⤵
-
\??\c:\jjppp.exec:\jjppp.exe115⤵
-
\??\c:\5xrrrrl.exec:\5xrrrrl.exe116⤵
-
\??\c:\xflrlll.exec:\xflrlll.exe117⤵
-
\??\c:\3ttnnn.exec:\3ttnnn.exe118⤵
-
\??\c:\dpddj.exec:\dpddj.exe119⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe120⤵
-
\??\c:\llxxffl.exec:\llxxffl.exe121⤵
-
\??\c:\lfffxxx.exec:\lfffxxx.exe122⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe123⤵
-
\??\c:\vppjd.exec:\vppjd.exe124⤵
-
\??\c:\1vdvv.exec:\1vdvv.exe125⤵
-
\??\c:\1fxxrxr.exec:\1fxxrxr.exe126⤵
-
\??\c:\xfrlflf.exec:\xfrlflf.exe127⤵
-
\??\c:\tthbhh.exec:\tthbhh.exe128⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe129⤵
-
\??\c:\xlfflll.exec:\xlfflll.exe130⤵
-
\??\c:\9tttnt.exec:\9tttnt.exe131⤵
-
\??\c:\dddpj.exec:\dddpj.exe132⤵
-
\??\c:\frllxrf.exec:\frllxrf.exe133⤵
-
\??\c:\hbttnn.exec:\hbttnn.exe134⤵
-
\??\c:\djppp.exec:\djppp.exe135⤵
-
\??\c:\ddjdj.exec:\ddjdj.exe136⤵
-
\??\c:\bnbbbb.exec:\bnbbbb.exe137⤵
-
\??\c:\nhnhhh.exec:\nhnhhh.exe138⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe139⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe140⤵
-
\??\c:\fflllrr.exec:\fflllrr.exe141⤵
-
\??\c:\nnbbbh.exec:\nnbbbh.exe142⤵
-
\??\c:\7vdvj.exec:\7vdvj.exe143⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe144⤵
-
\??\c:\frfllrl.exec:\frfllrl.exe145⤵
-
\??\c:\9xxrllf.exec:\9xxrllf.exe146⤵
-
\??\c:\htbttn.exec:\htbttn.exe147⤵
-
\??\c:\pdvvp.exec:\pdvvp.exe148⤵
-
\??\c:\fxxxrrx.exec:\fxxxrrx.exe149⤵
-
\??\c:\1xxrlfx.exec:\1xxrlfx.exe150⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe151⤵
-
\??\c:\5jddv.exec:\5jddv.exe152⤵
-
\??\c:\9xllfff.exec:\9xllfff.exe153⤵
-
\??\c:\xrxrxxf.exec:\xrxrxxf.exe154⤵
-
\??\c:\bnnnhh.exec:\bnnnhh.exe155⤵
-
\??\c:\tttnnn.exec:\tttnnn.exe156⤵
-
\??\c:\jpdvp.exec:\jpdvp.exe157⤵
-
\??\c:\lxrxrxx.exec:\lxrxrxx.exe158⤵
-
\??\c:\xrxfxxf.exec:\xrxfxxf.exe159⤵
-
\??\c:\bnhbtt.exec:\bnhbtt.exe160⤵
-
\??\c:\ntttnn.exec:\ntttnn.exe161⤵
-
\??\c:\ddvpv.exec:\ddvpv.exe162⤵
-
\??\c:\rfffxxf.exec:\rfffxxf.exe163⤵
-
\??\c:\3tnnnn.exec:\3tnnnn.exe164⤵
-
\??\c:\5tbbbb.exec:\5tbbbb.exe165⤵
-
\??\c:\ddjpp.exec:\ddjpp.exe166⤵
-
\??\c:\jpppj.exec:\jpppj.exe167⤵
-
\??\c:\fxxrflf.exec:\fxxrflf.exe168⤵
-
\??\c:\nhnnhn.exec:\nhnnhn.exe169⤵
-
\??\c:\7hbbbb.exec:\7hbbbb.exe170⤵
-
\??\c:\vddvp.exec:\vddvp.exe171⤵
-
\??\c:\7jdvj.exec:\7jdvj.exe172⤵
-
\??\c:\7lfxxxr.exec:\7lfxxxr.exe173⤵
-
\??\c:\hhnttb.exec:\hhnttb.exe174⤵
-
\??\c:\nbhnhn.exec:\nbhnhn.exe175⤵
-
\??\c:\dpvvj.exec:\dpvvj.exe176⤵
-
\??\c:\rxfffff.exec:\rxfffff.exe177⤵
-
\??\c:\fffxrrl.exec:\fffxrrl.exe178⤵
-
\??\c:\nttbhn.exec:\nttbhn.exe179⤵
-
\??\c:\vdppp.exec:\vdppp.exe180⤵
-
\??\c:\jdppj.exec:\jdppj.exe181⤵
-
\??\c:\rxffrrr.exec:\rxffrrr.exe182⤵
-
\??\c:\xrrxffl.exec:\xrrxffl.exe183⤵
-
\??\c:\nnbbhh.exec:\nnbbhh.exe184⤵
-
\??\c:\tbnbbh.exec:\tbnbbh.exe185⤵
-
\??\c:\ddjjd.exec:\ddjjd.exe186⤵
-
\??\c:\rrrxlll.exec:\rrrxlll.exe187⤵
-
\??\c:\xflfxlf.exec:\xflfxlf.exe188⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe189⤵
-
\??\c:\dvjvd.exec:\dvjvd.exe190⤵
-
\??\c:\rrrlrrr.exec:\rrrlrrr.exe191⤵
-
\??\c:\lflxrrl.exec:\lflxrrl.exe192⤵
-
\??\c:\tbhnnt.exec:\tbhnnt.exe193⤵
-
\??\c:\nntbtb.exec:\nntbtb.exe194⤵
-
\??\c:\vvvvp.exec:\vvvvp.exe195⤵
-
\??\c:\lrxrrrl.exec:\lrxrrrl.exe196⤵
-
\??\c:\3frlllx.exec:\3frlllx.exe197⤵
-
\??\c:\3nbtnn.exec:\3nbtnn.exe198⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe199⤵
-
\??\c:\lffxrrr.exec:\lffxrrr.exe200⤵
-
\??\c:\nhnntb.exec:\nhnntb.exe201⤵
-
\??\c:\tnntnb.exec:\tnntnb.exe202⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe203⤵
-
\??\c:\pdppv.exec:\pdppv.exe204⤵
-
\??\c:\frrlfxr.exec:\frrlfxr.exe205⤵
-
\??\c:\hhhhbb.exec:\hhhhbb.exe206⤵
-
\??\c:\nhtnnn.exec:\nhtnnn.exe207⤵
-
\??\c:\dpddv.exec:\dpddv.exe208⤵
-
\??\c:\rlfxrxf.exec:\rlfxrxf.exe209⤵
-
\??\c:\5ffxxfx.exec:\5ffxxfx.exe210⤵
-
\??\c:\nbhnnb.exec:\nbhnnb.exe211⤵
-
\??\c:\hhtbhn.exec:\hhtbhn.exe212⤵
-
\??\c:\3jvpj.exec:\3jvpj.exe213⤵
-
\??\c:\vddvv.exec:\vddvv.exe214⤵
-
\??\c:\ffllllf.exec:\ffllllf.exe215⤵
-
\??\c:\tttttt.exec:\tttttt.exe216⤵
-
\??\c:\hbhnht.exec:\hbhnht.exe217⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe218⤵
-
\??\c:\jdddv.exec:\jdddv.exe219⤵
-
\??\c:\fffffxx.exec:\fffffxx.exe220⤵
-
\??\c:\5rfxlrx.exec:\5rfxlrx.exe221⤵
-
\??\c:\3hnnnt.exec:\3hnnnt.exe222⤵
-
\??\c:\djvpd.exec:\djvpd.exe223⤵
-
\??\c:\jjvpv.exec:\jjvpv.exe224⤵
-
\??\c:\rlffrff.exec:\rlffrff.exe225⤵
-
\??\c:\hhnnnn.exec:\hhnnnn.exe226⤵
-
\??\c:\nhttbh.exec:\nhttbh.exe227⤵
-
\??\c:\jjjdp.exec:\jjjdp.exe228⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe229⤵
-
\??\c:\1ffrrrl.exec:\1ffrrrl.exe230⤵
-
\??\c:\nthbtn.exec:\nthbtn.exe231⤵
-
\??\c:\jvjdv.exec:\jvjdv.exe232⤵
-
\??\c:\vppdv.exec:\vppdv.exe233⤵
-
\??\c:\lxffrrr.exec:\lxffrrr.exe234⤵
-
\??\c:\nntbbb.exec:\nntbbb.exe235⤵
-
\??\c:\bthbbb.exec:\bthbbb.exe236⤵
-
\??\c:\vdjjj.exec:\vdjjj.exe237⤵
-
\??\c:\lrfxxxr.exec:\lrfxxxr.exe238⤵
-
\??\c:\tbhhnn.exec:\tbhhnn.exe239⤵
-
\??\c:\3dddd.exec:\3dddd.exe240⤵