Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
22-05-2024 10:20
General
-
Target
f5533b2e98731f515e3d389f23da91cf38c799a83103e351b3439bea93055aba.exe
-
Size
72KB
-
MD5
31aadc5e194f80cb08e2568c3b220fae
-
SHA1
9b737a1b550f81673592e2780f29056613cf1373
-
SHA256
f5533b2e98731f515e3d389f23da91cf38c799a83103e351b3439bea93055aba
-
SHA512
ae91008c330203083a611b74a42c49eacf9f48a561cb642c4870e3cf353b9ffdf45f8d73d400a343c750542be2aa7be5d4b1ba4729ca016a84221a03353226c8
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIfv7+afCD+QsQbKQPh:ymb3NkkiQ3mdBjFIfvTfCD+HlQp
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
UPX dump on OEP (original entry point) 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f5533b2e98731f515e3d389f23da91cf38c799a83103e351b3439bea93055aba.exe"C:\Users\Admin\AppData\Local\Temp\f5533b2e98731f515e3d389f23da91cf38c799a83103e351b3439bea93055aba.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7pdjv.exec:\7pdjv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxllr.exec:\rrxxllr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrxffx.exec:\ffrxffx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnhnh.exec:\ntnhnh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdv.exec:\pjvdv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvvj.exec:\vjvvj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlxfxr.exec:\lxlxfxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbntbh.exec:\hbntbh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jvdj.exec:\3jvdj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vpvd.exec:\7vpvd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrxlrf.exec:\xxrxlrf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrxfxx.exec:\rlrxfxx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nbhhn.exec:\1nbhhn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbttn.exec:\tbbttn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjpv.exec:\ddjpv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjv.exec:\vpjjv.exe17⤵
- Executes dropped EXE
-
\??\c:\9rllllx.exec:\9rllllx.exe18⤵
- Executes dropped EXE
-
\??\c:\lfllllr.exec:\lfllllr.exe19⤵
- Executes dropped EXE
-
\??\c:\5tntbh.exec:\5tntbh.exe20⤵
- Executes dropped EXE
-
\??\c:\bbnbnt.exec:\bbnbnt.exe21⤵
- Executes dropped EXE
-
\??\c:\vpdpv.exec:\vpdpv.exe22⤵
- Executes dropped EXE
-
\??\c:\xrxlxxl.exec:\xrxlxxl.exe23⤵
- Executes dropped EXE
-
\??\c:\9rlllrx.exec:\9rlllrx.exe24⤵
- Executes dropped EXE
-
\??\c:\btnbnt.exec:\btnbnt.exe25⤵
- Executes dropped EXE
-
\??\c:\nthnht.exec:\nthnht.exe26⤵
- Executes dropped EXE
-
\??\c:\pjddp.exec:\pjddp.exe27⤵
- Executes dropped EXE
-
\??\c:\9xrrxfr.exec:\9xrrxfr.exe28⤵
- Executes dropped EXE
-
\??\c:\7fxxxlr.exec:\7fxxxlr.exe29⤵
- Executes dropped EXE
-
\??\c:\7bhbtb.exec:\7bhbtb.exe30⤵
- Executes dropped EXE
-
\??\c:\tttnnb.exec:\tttnnb.exe31⤵
- Executes dropped EXE
-
\??\c:\9jdjj.exec:\9jdjj.exe32⤵
- Executes dropped EXE
-
\??\c:\dvjjd.exec:\dvjjd.exe33⤵
- Executes dropped EXE
-
\??\c:\lfrxflr.exec:\lfrxflr.exe34⤵
- Executes dropped EXE
-
\??\c:\nhntbb.exec:\nhntbb.exe35⤵
- Executes dropped EXE
-
\??\c:\hbbbbb.exec:\hbbbbb.exe36⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe37⤵
- Executes dropped EXE
-
\??\c:\1ppdp.exec:\1ppdp.exe38⤵
- Executes dropped EXE
-
\??\c:\xrffffr.exec:\xrffffr.exe39⤵
- Executes dropped EXE
-
\??\c:\3rrfrrl.exec:\3rrfrrl.exe40⤵
- Executes dropped EXE
-
\??\c:\nhntbt.exec:\nhntbt.exe41⤵
- Executes dropped EXE
-
\??\c:\btbhnh.exec:\btbhnh.exe42⤵
- Executes dropped EXE
-
\??\c:\vpppp.exec:\vpppp.exe43⤵
- Executes dropped EXE
-
\??\c:\7jjpp.exec:\7jjpp.exe44⤵
- Executes dropped EXE
-
\??\c:\xxllflx.exec:\xxllflx.exe45⤵
- Executes dropped EXE
-
\??\c:\5jjvd.exec:\5jjvd.exe46⤵
- Executes dropped EXE
-
\??\c:\vvpvv.exec:\vvpvv.exe47⤵
- Executes dropped EXE
-
\??\c:\rlxxlrx.exec:\rlxxlrx.exe48⤵
- Executes dropped EXE
-
\??\c:\rrxfrxl.exec:\rrxfrxl.exe49⤵
- Executes dropped EXE
-
\??\c:\1rfrrrr.exec:\1rfrrrr.exe50⤵
- Executes dropped EXE
-
\??\c:\bbhbht.exec:\bbhbht.exe51⤵
- Executes dropped EXE
-
\??\c:\nhttnh.exec:\nhttnh.exe52⤵
- Executes dropped EXE
-
\??\c:\pdjjj.exec:\pdjjj.exe53⤵
- Executes dropped EXE
-
\??\c:\1rxrxff.exec:\1rxrxff.exe54⤵
- Executes dropped EXE
-
\??\c:\5lxfxxf.exec:\5lxfxxf.exe55⤵
- Executes dropped EXE
-
\??\c:\tntbhb.exec:\tntbhb.exe56⤵
- Executes dropped EXE
-
\??\c:\5htbbh.exec:\5htbbh.exe57⤵
- Executes dropped EXE
-
\??\c:\5vdvd.exec:\5vdvd.exe58⤵
- Executes dropped EXE
-
\??\c:\9fxrffr.exec:\9fxrffr.exe59⤵
- Executes dropped EXE
-
\??\c:\rlrxfff.exec:\rlrxfff.exe60⤵
- Executes dropped EXE
-
\??\c:\nbhhhn.exec:\nbhhhn.exe61⤵
- Executes dropped EXE
-
\??\c:\hhtthb.exec:\hhtthb.exe62⤵
- Executes dropped EXE
-
\??\c:\jdppd.exec:\jdppd.exe63⤵
- Executes dropped EXE
-
\??\c:\jdjjp.exec:\jdjjp.exe64⤵
- Executes dropped EXE
-
\??\c:\lrxllxr.exec:\lrxllxr.exe65⤵
- Executes dropped EXE
-
\??\c:\bthhbt.exec:\bthhbt.exe66⤵
-
\??\c:\tnttbb.exec:\tnttbb.exe67⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe68⤵
-
\??\c:\jdddj.exec:\jdddj.exe69⤵
-
\??\c:\llxxllx.exec:\llxxllx.exe70⤵
-
\??\c:\llfxlrl.exec:\llfxlrl.exe71⤵
-
\??\c:\nhtbhh.exec:\nhtbhh.exe72⤵
-
\??\c:\nhnthh.exec:\nhnthh.exe73⤵
-
\??\c:\pppvj.exec:\pppvj.exe74⤵
-
\??\c:\9jvpv.exec:\9jvpv.exe75⤵
-
\??\c:\lfrflff.exec:\lfrflff.exe76⤵
-
\??\c:\7xlffff.exec:\7xlffff.exe77⤵
-
\??\c:\5ntntt.exec:\5ntntt.exe78⤵
-
\??\c:\tnhbnh.exec:\tnhbnh.exe79⤵
-
\??\c:\jdddd.exec:\jdddd.exe80⤵
-
\??\c:\1vjjv.exec:\1vjjv.exe81⤵
-
\??\c:\rrrrrfl.exec:\rrrrrfl.exe82⤵
-
\??\c:\nthnhb.exec:\nthnhb.exe83⤵
-
\??\c:\nbnnnt.exec:\nbnnnt.exe84⤵
-
\??\c:\pvjdj.exec:\pvjdj.exe85⤵
-
\??\c:\dpjjj.exec:\dpjjj.exe86⤵
-
\??\c:\9lffllr.exec:\9lffllr.exe87⤵
-
\??\c:\5bhnbb.exec:\5bhnbb.exe88⤵
-
\??\c:\nhhntt.exec:\nhhntt.exe89⤵
-
\??\c:\jvddj.exec:\jvddj.exe90⤵
-
\??\c:\7djvv.exec:\7djvv.exe91⤵
-
\??\c:\ffrxfrr.exec:\ffrxfrr.exe92⤵
-
\??\c:\xlxfflr.exec:\xlxfflr.exe93⤵
-
\??\c:\nbhttt.exec:\nbhttt.exe94⤵
-
\??\c:\hbnnnt.exec:\hbnnnt.exe95⤵
-
\??\c:\7vpjj.exec:\7vpjj.exe96⤵
-
\??\c:\vjvdj.exec:\vjvdj.exe97⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe98⤵
-
\??\c:\3xffxff.exec:\3xffxff.exe99⤵
-
\??\c:\lxlffxf.exec:\lxlffxf.exe100⤵
-
\??\c:\flxxrll.exec:\flxxrll.exe101⤵
-
\??\c:\5bhnnn.exec:\5bhnnn.exe102⤵
-
\??\c:\1jvjp.exec:\1jvjp.exe103⤵
-
\??\c:\frfxffl.exec:\frfxffl.exe104⤵
-
\??\c:\9xrrfxf.exec:\9xrrfxf.exe105⤵
-
\??\c:\tnthhn.exec:\tnthhn.exe106⤵
-
\??\c:\1bhbht.exec:\1bhbht.exe107⤵
-
\??\c:\dpddj.exec:\dpddj.exe108⤵
-
\??\c:\3pdvv.exec:\3pdvv.exe109⤵
-
\??\c:\frfxxxx.exec:\frfxxxx.exe110⤵
-
\??\c:\lxfxxrr.exec:\lxfxxrr.exe111⤵
-
\??\c:\fxflllr.exec:\fxflllr.exe112⤵
-
\??\c:\thhhhb.exec:\thhhhb.exe113⤵
-
\??\c:\bthntb.exec:\bthntb.exe114⤵
-
\??\c:\5djdd.exec:\5djdd.exe115⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe116⤵
-
\??\c:\rfrlxxx.exec:\rfrlxxx.exe117⤵
-
\??\c:\7xxlfff.exec:\7xxlfff.exe118⤵
-
\??\c:\5hnntn.exec:\5hnntn.exe119⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe120⤵
-
\??\c:\dpvdv.exec:\dpvdv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-