Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
22-05-2024 13:23
General
-
Target
321172a1fddcffaf2c8d4c2783567333ace6af0fbae84bb53a6e64eec033d3cc.exe
-
Size
68KB
-
MD5
0d9ca127eb6fe79f5223884a92fc9590
-
SHA1
49d96a768fea752f3bfa0368ea7e464b05875aa0
-
SHA256
321172a1fddcffaf2c8d4c2783567333ace6af0fbae84bb53a6e64eec033d3cc
-
SHA512
c142970881f38b646c5d8161d2658d0e1a1342432b5aea4d26dbb4373f42ccb45592d0fe168625a8996402bcc35606138ba91ee9a0efab91e81547d9e61e329e
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUwcsbY/O:ymb3NkkiQ3mdBjF0yjcsMW
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\321172a1fddcffaf2c8d4c2783567333ace6af0fbae84bb53a6e64eec033d3cc.exe"C:\Users\Admin\AppData\Local\Temp\321172a1fddcffaf2c8d4c2783567333ace6af0fbae84bb53a6e64eec033d3cc.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnnbb.exec:\hbnnbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1thnbb.exec:\1thnbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjp.exec:\jdjjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrffrrx.exec:\xrffrrx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtthh.exec:\hbtthh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhbb.exec:\nhbhbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vddj.exec:\3vddj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrflffr.exec:\xrflffr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhtbh.exec:\bbhtbh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvvj.exec:\vvvvj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlxrxx.exec:\fxlxrxx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rrfffl.exec:\5rrfffl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhbhh.exec:\thhbhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvjv.exec:\jjvjv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxflx.exec:\lfxxflx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rlrxfr.exec:\1rlrxfr.exe17⤵
- Executes dropped EXE
-
\??\c:\tnhnbh.exec:\tnhnbh.exe18⤵
- Executes dropped EXE
-
\??\c:\7nhnbn.exec:\7nhnbn.exe19⤵
- Executes dropped EXE
-
\??\c:\pjvvp.exec:\pjvvp.exe20⤵
- Executes dropped EXE
-
\??\c:\dpdvd.exec:\dpdvd.exe21⤵
- Executes dropped EXE
-
\??\c:\ffxxlrf.exec:\ffxxlrf.exe22⤵
- Executes dropped EXE
-
\??\c:\7fxxlrx.exec:\7fxxlrx.exe23⤵
- Executes dropped EXE
-
\??\c:\hnhhnh.exec:\hnhhnh.exe24⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe25⤵
- Executes dropped EXE
-
\??\c:\jvdpp.exec:\jvdpp.exe26⤵
- Executes dropped EXE
-
\??\c:\rlxxxfl.exec:\rlxxxfl.exe27⤵
- Executes dropped EXE
-
\??\c:\9tthhb.exec:\9tthhb.exe28⤵
- Executes dropped EXE
-
\??\c:\ppjpd.exec:\ppjpd.exe29⤵
- Executes dropped EXE
-
\??\c:\ppjpj.exec:\ppjpj.exe30⤵
- Executes dropped EXE
-
\??\c:\fxlrrrf.exec:\fxlrrrf.exe31⤵
- Executes dropped EXE
-
\??\c:\rrlxflr.exec:\rrlxflr.exe32⤵
- Executes dropped EXE
-
\??\c:\bbbnnn.exec:\bbbnnn.exe33⤵
- Executes dropped EXE
-
\??\c:\ddpdj.exec:\ddpdj.exe34⤵
- Executes dropped EXE
-
\??\c:\pdvdp.exec:\pdvdp.exe35⤵
- Executes dropped EXE
-
\??\c:\xlrffxf.exec:\xlrffxf.exe36⤵
- Executes dropped EXE
-
\??\c:\lfllxfl.exec:\lfllxfl.exe37⤵
- Executes dropped EXE
-
\??\c:\tnhbhn.exec:\tnhbhn.exe38⤵
- Executes dropped EXE
-
\??\c:\tnhtbb.exec:\tnhtbb.exe39⤵
- Executes dropped EXE
-
\??\c:\jdjpd.exec:\jdjpd.exe40⤵
- Executes dropped EXE
-
\??\c:\vpdvd.exec:\vpdvd.exe41⤵
- Executes dropped EXE
-
\??\c:\nhbbhh.exec:\nhbbhh.exe42⤵
- Executes dropped EXE
-
\??\c:\hbbbhh.exec:\hbbbhh.exe43⤵
- Executes dropped EXE
-
\??\c:\vvjdj.exec:\vvjdj.exe44⤵
- Executes dropped EXE
-
\??\c:\pvjpv.exec:\pvjpv.exe45⤵
- Executes dropped EXE
-
\??\c:\3lfrxfl.exec:\3lfrxfl.exe46⤵
- Executes dropped EXE
-
\??\c:\xrffxrl.exec:\xrffxrl.exe47⤵
- Executes dropped EXE
-
\??\c:\nbnthn.exec:\nbnthn.exe48⤵
- Executes dropped EXE
-
\??\c:\hnhtnb.exec:\hnhtnb.exe49⤵
- Executes dropped EXE
-
\??\c:\jvvvv.exec:\jvvvv.exe50⤵
- Executes dropped EXE
-
\??\c:\lfllrrf.exec:\lfllrrf.exe51⤵
- Executes dropped EXE
-
\??\c:\ffrrfrf.exec:\ffrrfrf.exe52⤵
- Executes dropped EXE
-
\??\c:\btntbb.exec:\btntbb.exe53⤵
- Executes dropped EXE
-
\??\c:\tnhbtn.exec:\tnhbtn.exe54⤵
- Executes dropped EXE
-
\??\c:\jvppp.exec:\jvppp.exe55⤵
- Executes dropped EXE
-
\??\c:\jdppp.exec:\jdppp.exe56⤵
- Executes dropped EXE
-
\??\c:\frxxxrx.exec:\frxxxrx.exe57⤵
- Executes dropped EXE
-
\??\c:\1rrrffl.exec:\1rrrffl.exe58⤵
- Executes dropped EXE
-
\??\c:\5btbhh.exec:\5btbhh.exe59⤵
- Executes dropped EXE
-
\??\c:\htbbtt.exec:\htbbtt.exe60⤵
- Executes dropped EXE
-
\??\c:\jpvpp.exec:\jpvpp.exe61⤵
- Executes dropped EXE
-
\??\c:\7vddj.exec:\7vddj.exe62⤵
- Executes dropped EXE
-
\??\c:\xrfxfxx.exec:\xrfxfxx.exe63⤵
- Executes dropped EXE
-
\??\c:\1lxlxfl.exec:\1lxlxfl.exe64⤵
- Executes dropped EXE
-
\??\c:\nhhhnb.exec:\nhhhnb.exe65⤵
- Executes dropped EXE
-
\??\c:\httbhh.exec:\httbhh.exe66⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe67⤵
-
\??\c:\jddpp.exec:\jddpp.exe68⤵
-
\??\c:\lflrxxx.exec:\lflrxxx.exe69⤵
-
\??\c:\rffrxxf.exec:\rffrxxf.exe70⤵
-
\??\c:\bnhhtb.exec:\bnhhtb.exe71⤵
-
\??\c:\9thbhh.exec:\9thbhh.exe72⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe73⤵
-
\??\c:\dpvvd.exec:\dpvvd.exe74⤵
-
\??\c:\9lfrllr.exec:\9lfrllr.exe75⤵
-
\??\c:\rlrxxrf.exec:\rlrxxrf.exe76⤵
-
\??\c:\nbhntn.exec:\nbhntn.exe77⤵
-
\??\c:\ppvjj.exec:\ppvjj.exe78⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe79⤵
-
\??\c:\7xlrrlr.exec:\7xlrrlr.exe80⤵
-
\??\c:\5lxrrrx.exec:\5lxrrrx.exe81⤵
-
\??\c:\hbnthn.exec:\hbnthn.exe82⤵
-
\??\c:\httnnt.exec:\httnnt.exe83⤵
-
\??\c:\jdjpv.exec:\jdjpv.exe84⤵
-
\??\c:\jvppj.exec:\jvppj.exe85⤵
-
\??\c:\rffxxrr.exec:\rffxxrr.exe86⤵
-
\??\c:\llrrxfl.exec:\llrrxfl.exe87⤵
-
\??\c:\7ntbnn.exec:\7ntbnn.exe88⤵
-
\??\c:\1tnhtb.exec:\1tnhtb.exe89⤵
-
\??\c:\dpppj.exec:\dpppj.exe90⤵
-
\??\c:\pjdjd.exec:\pjdjd.exe91⤵
-
\??\c:\xxrlfff.exec:\xxrlfff.exe92⤵
-
\??\c:\rxlffrx.exec:\rxlffrx.exe93⤵
-
\??\c:\nbhntt.exec:\nbhntt.exe94⤵
-
\??\c:\7bnhnh.exec:\7bnhnh.exe95⤵
-
\??\c:\httbbt.exec:\httbbt.exe96⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe97⤵
-
\??\c:\djjdj.exec:\djjdj.exe98⤵
-
\??\c:\5lrlrlr.exec:\5lrlrlr.exe99⤵
-
\??\c:\frflrrl.exec:\frflrrl.exe100⤵
-
\??\c:\htttbn.exec:\htttbn.exe101⤵
-
\??\c:\bthbtt.exec:\bthbtt.exe102⤵
-
\??\c:\9jpdj.exec:\9jpdj.exe103⤵
-
\??\c:\jpdpp.exec:\jpdpp.exe104⤵
-
\??\c:\vjvdv.exec:\vjvdv.exe105⤵
-
\??\c:\1fllrlf.exec:\1fllrlf.exe106⤵
-
\??\c:\1lfrrrl.exec:\1lfrrrl.exe107⤵
-
\??\c:\htbtnh.exec:\htbtnh.exe108⤵
-
\??\c:\thbtbb.exec:\thbtbb.exe109⤵
-
\??\c:\7ntbhb.exec:\7ntbhb.exe110⤵
-
\??\c:\dpdvd.exec:\dpdvd.exe111⤵
-
\??\c:\5pjdj.exec:\5pjdj.exe112⤵
-
\??\c:\frfflrr.exec:\frfflrr.exe113⤵
-
\??\c:\1xlrxff.exec:\1xlrxff.exe114⤵
-
\??\c:\ttntbn.exec:\ttntbn.exe115⤵
-
\??\c:\bntthh.exec:\bntthh.exe116⤵
-
\??\c:\dpddj.exec:\dpddj.exe117⤵
-
\??\c:\5jvpp.exec:\5jvpp.exe118⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe119⤵
-
\??\c:\xrlrrrf.exec:\xrlrrrf.exe120⤵
-
\??\c:\fxxrxxf.exec:\fxxrxxf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-