Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
22-05-2024 17:57
General
-
Target
2c423eb142d12b9db832006028b8a93f78cf308c55352a8b670909b132953b34.exe
-
Size
392KB
-
MD5
1bc060afc435292129dd044081cb0bf0
-
SHA1
a3e1c41de3a2b2d678a5cfa72a137a3596c13fc4
-
SHA256
2c423eb142d12b9db832006028b8a93f78cf308c55352a8b670909b132953b34
-
SHA512
5585562d72bd2e8cb52a96a53469aa40ef3c91b40a080085ace70e929739bc1464d957f04919e0d60a2a16c0d56eef128aa4a9a7af1348e8bdc1ada57af99f9c
-
SSDEEP
6144:n3C9BRIG0asYFm71mPfkVB8dKwaO5CVwOy:n3C9uYA7okVqdKwaO5CVQ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 36 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2c423eb142d12b9db832006028b8a93f78cf308c55352a8b670909b132953b34.exe"C:\Users\Admin\AppData\Local\Temp\2c423eb142d12b9db832006028b8a93f78cf308c55352a8b670909b132953b34.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fflxfrr.exec:\fflxfrr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnhht.exec:\htnhht.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppdd.exec:\vppdd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhtnn.exec:\bnhtnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjvv.exec:\vjjvv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffxrlf.exec:\rffxrlf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhtbn.exec:\nnhtbn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlxlfr.exec:\xrlxlfr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxrffr.exec:\xxxrffr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bhbnh.exec:\1bhbnh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ddpd.exec:\5ddpd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hbtbt.exec:\7hbtbt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jpdp.exec:\3jpdp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllxlxr.exec:\rllxlxr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnnhn.exec:\bnnnhn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjdp.exec:\dvjdp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrfrlx.exec:\fxrfrlx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bbnbt.exec:\9bbnbt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrfrfx.exec:\lrrfrfx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rrrxff.exec:\9rrrxff.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httbbt.exec:\httbbt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppdp.exec:\dppdp.exe23⤵
- Executes dropped EXE
-
\??\c:\bbhthb.exec:\bbhthb.exe24⤵
- Executes dropped EXE
-
\??\c:\1vpdv.exec:\1vpdv.exe25⤵
- Executes dropped EXE
-
\??\c:\lflflfx.exec:\lflflfx.exe26⤵
- Executes dropped EXE
-
\??\c:\5bhbtt.exec:\5bhbtt.exe27⤵
- Executes dropped EXE
-
\??\c:\5pjvp.exec:\5pjvp.exe28⤵
- Executes dropped EXE
-
\??\c:\3hnhbb.exec:\3hnhbb.exe29⤵
- Executes dropped EXE
-
\??\c:\pjdvp.exec:\pjdvp.exe30⤵
- Executes dropped EXE
-
\??\c:\hnhthb.exec:\hnhthb.exe31⤵
- Executes dropped EXE
-
\??\c:\jvddv.exec:\jvddv.exe32⤵
- Executes dropped EXE
-
\??\c:\bhbtnn.exec:\bhbtnn.exe33⤵
- Executes dropped EXE
-
\??\c:\pvpjd.exec:\pvpjd.exe34⤵
- Executes dropped EXE
-
\??\c:\xlrlxfx.exec:\xlrlxfx.exe35⤵
- Executes dropped EXE
-
\??\c:\fxrrfxr.exec:\fxrrfxr.exe36⤵
- Executes dropped EXE
-
\??\c:\bnttbh.exec:\bnttbh.exe37⤵
- Executes dropped EXE
-
\??\c:\jjjdv.exec:\jjjdv.exe38⤵
- Executes dropped EXE
-
\??\c:\jvjdv.exec:\jvjdv.exe39⤵
- Executes dropped EXE
-
\??\c:\lrlflrx.exec:\lrlflrx.exe40⤵
- Executes dropped EXE
-
\??\c:\ntbttt.exec:\ntbttt.exe41⤵
- Executes dropped EXE
-
\??\c:\vpvpv.exec:\vpvpv.exe42⤵
- Executes dropped EXE
-
\??\c:\pjddv.exec:\pjddv.exe43⤵
- Executes dropped EXE
-
\??\c:\rxxrlff.exec:\rxxrlff.exe44⤵
- Executes dropped EXE
-
\??\c:\hbbhhh.exec:\hbbhhh.exe45⤵
- Executes dropped EXE
-
\??\c:\vjjjd.exec:\vjjjd.exe46⤵
- Executes dropped EXE
-
\??\c:\vdjdv.exec:\vdjdv.exe47⤵
- Executes dropped EXE
-
\??\c:\9llfxxr.exec:\9llfxxr.exe48⤵
- Executes dropped EXE
-
\??\c:\9hbhbn.exec:\9hbhbn.exe49⤵
- Executes dropped EXE
-
\??\c:\btttbb.exec:\btttbb.exe50⤵
- Executes dropped EXE
-
\??\c:\vvdpp.exec:\vvdpp.exe51⤵
- Executes dropped EXE
-
\??\c:\lfrlfxl.exec:\lfrlfxl.exe52⤵
- Executes dropped EXE
-
\??\c:\nnnnhh.exec:\nnnnhh.exe53⤵
- Executes dropped EXE
-
\??\c:\tttnht.exec:\tttnht.exe54⤵
- Executes dropped EXE
-
\??\c:\9djdv.exec:\9djdv.exe55⤵
- Executes dropped EXE
-
\??\c:\fxfxxxf.exec:\fxfxxxf.exe56⤵
- Executes dropped EXE
-
\??\c:\ffxrffx.exec:\ffxrffx.exe57⤵
- Executes dropped EXE
-
\??\c:\bntnhh.exec:\bntnhh.exe58⤵
- Executes dropped EXE
-
\??\c:\dpddv.exec:\dpddv.exe59⤵
- Executes dropped EXE
-
\??\c:\xrxlffx.exec:\xrxlffx.exe60⤵
- Executes dropped EXE
-
\??\c:\fxrlfrl.exec:\fxrlfrl.exe61⤵
- Executes dropped EXE
-
\??\c:\5nbttb.exec:\5nbttb.exe62⤵
- Executes dropped EXE
-
\??\c:\3dpjj.exec:\3dpjj.exe63⤵
- Executes dropped EXE
-
\??\c:\ddvpj.exec:\ddvpj.exe64⤵
- Executes dropped EXE
-
\??\c:\xflfxll.exec:\xflfxll.exe65⤵
- Executes dropped EXE
-
\??\c:\xxfxrxl.exec:\xxfxrxl.exe66⤵
-
\??\c:\5hbtnn.exec:\5hbtnn.exe67⤵
-
\??\c:\vvvvv.exec:\vvvvv.exe68⤵
-
\??\c:\7jjdv.exec:\7jjdv.exe69⤵
-
\??\c:\9xxlxlx.exec:\9xxlxlx.exe70⤵
-
\??\c:\flrlllf.exec:\flrlllf.exe71⤵
-
\??\c:\hbnhhh.exec:\hbnhhh.exe72⤵
-
\??\c:\dvppj.exec:\dvppj.exe73⤵
-
\??\c:\djjdj.exec:\djjdj.exe74⤵
-
\??\c:\1llfrrr.exec:\1llfrrr.exe75⤵
-
\??\c:\btnhtt.exec:\btnhtt.exe76⤵
-
\??\c:\7jpjp.exec:\7jpjp.exe77⤵
-
\??\c:\vjjpp.exec:\vjjpp.exe78⤵
-
\??\c:\3rfxllr.exec:\3rfxllr.exe79⤵
-
\??\c:\9btnbb.exec:\9btnbb.exe80⤵
-
\??\c:\nnhhnn.exec:\nnhhnn.exe81⤵
-
\??\c:\1djvp.exec:\1djvp.exe82⤵
-
\??\c:\vpppd.exec:\vpppd.exe83⤵
-
\??\c:\xxxxxxx.exec:\xxxxxxx.exe84⤵
-
\??\c:\tbhbbb.exec:\tbhbbb.exe85⤵
-
\??\c:\bttttt.exec:\bttttt.exe86⤵
-
\??\c:\pppvj.exec:\pppvj.exe87⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe88⤵
-
\??\c:\frlfxxr.exec:\frlfxxr.exe89⤵
-
\??\c:\ntbtnn.exec:\ntbtnn.exe90⤵
-
\??\c:\htbthh.exec:\htbthh.exe91⤵
-
\??\c:\jvvvj.exec:\jvvvj.exe92⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe93⤵
-
\??\c:\5rrlxxx.exec:\5rrlxxx.exe94⤵
-
\??\c:\hbtnbt.exec:\hbtnbt.exe95⤵
-
\??\c:\bttntt.exec:\bttntt.exe96⤵
-
\??\c:\jjvvp.exec:\jjvvp.exe97⤵
-
\??\c:\1rxrrrr.exec:\1rxrrrr.exe98⤵
-
\??\c:\xrxrlfx.exec:\xrxrlfx.exe99⤵
-
\??\c:\bthhnn.exec:\bthhnn.exe100⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe101⤵
-
\??\c:\rxxfxxf.exec:\rxxfxxf.exe102⤵
-
\??\c:\nbhhtt.exec:\nbhhtt.exe103⤵
-
\??\c:\5ntnhh.exec:\5ntnhh.exe104⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe105⤵
-
\??\c:\frffxll.exec:\frffxll.exe106⤵
-
\??\c:\lfflfff.exec:\lfflfff.exe107⤵
-
\??\c:\hthbtb.exec:\hthbtb.exe108⤵
-
\??\c:\jddvv.exec:\jddvv.exe109⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe110⤵
-
\??\c:\lflfxxx.exec:\lflfxxx.exe111⤵
-
\??\c:\xxlllrr.exec:\xxlllrr.exe112⤵
-
\??\c:\bttthh.exec:\bttthh.exe113⤵
-
\??\c:\1nhhtt.exec:\1nhhtt.exe114⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe115⤵
-
\??\c:\rlxrllf.exec:\rlxrllf.exe116⤵
-
\??\c:\frfrfxl.exec:\frfrfxl.exe117⤵
-
\??\c:\9nhhbb.exec:\9nhhbb.exe118⤵
-
\??\c:\tnbthh.exec:\tnbthh.exe119⤵
-
\??\c:\vvvpv.exec:\vvvpv.exe120⤵
-
\??\c:\rrxrlff.exec:\rrxrlff.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-