Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
23-05-2024 21:29
General
-
Target
528671e5449fdf7eabbf505d008038d674a55c77d05c6631f149a2a68f4801f2.exe
-
Size
55KB
-
MD5
240ae36362e7797920b7bfd386f2868a
-
SHA1
43a9fdaec5ff2cc5247ad64229843b4834e1e43f
-
SHA256
528671e5449fdf7eabbf505d008038d674a55c77d05c6631f149a2a68f4801f2
-
SHA512
b95c272fb669ed021a1646891f2042f57a1c9aff88f71aa2ec7497d399fd02efeeeaaa43b69469ebf5fb1436fde09689bb6c792f0e247eb5daa4c84f829f7453
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIfEVA:ymb3NkkiQ3mdBjFIv
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
UPX dump on OEP (original entry point) 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\528671e5449fdf7eabbf505d008038d674a55c77d05c6631f149a2a68f4801f2.exe"C:\Users\Admin\AppData\Local\Temp\528671e5449fdf7eabbf505d008038d674a55c77d05c6631f149a2a68f4801f2.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxflf.exec:\xrfxflf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjj.exec:\ppjjj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthnhb.exec:\bthnhb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhbn.exec:\bthhbn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvdj.exec:\vjvdj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfrfff.exec:\rxfrfff.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbbnt.exec:\bhbbnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pdjv.exec:\3pdjv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrrxx.exec:\rxxrrxx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrflfrf.exec:\lrflfrf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttthbn.exec:\ttthbn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnbtn.exec:\tnnbtn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddjp.exec:\jddjp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxlxrx.exec:\flxlxrx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fxlrfl.exec:\9fxlrfl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhntbb.exec:\nhntbb.exe17⤵
- Executes dropped EXE
-
\??\c:\dppdv.exec:\dppdv.exe18⤵
- Executes dropped EXE
-
\??\c:\lrxfxff.exec:\lrxfxff.exe19⤵
- Executes dropped EXE
-
\??\c:\nbttbb.exec:\nbttbb.exe20⤵
- Executes dropped EXE
-
\??\c:\jpdjd.exec:\jpdjd.exe21⤵
- Executes dropped EXE
-
\??\c:\lxxrxll.exec:\lxxrxll.exe22⤵
- Executes dropped EXE
-
\??\c:\frrxflx.exec:\frrxflx.exe23⤵
- Executes dropped EXE
-
\??\c:\hthtbh.exec:\hthtbh.exe24⤵
- Executes dropped EXE
-
\??\c:\dpddj.exec:\dpddj.exe25⤵
- Executes dropped EXE
-
\??\c:\rlfxflr.exec:\rlfxflr.exe26⤵
- Executes dropped EXE
-
\??\c:\hhbbnn.exec:\hhbbnn.exe27⤵
- Executes dropped EXE
-
\??\c:\9pvvj.exec:\9pvvj.exe28⤵
- Executes dropped EXE
-
\??\c:\9lfxlrx.exec:\9lfxlrx.exe29⤵
- Executes dropped EXE
-
\??\c:\hbtnth.exec:\hbtnth.exe30⤵
- Executes dropped EXE
-
\??\c:\5htntb.exec:\5htntb.exe31⤵
- Executes dropped EXE
-
\??\c:\jdjdv.exec:\jdjdv.exe32⤵
- Executes dropped EXE
-
\??\c:\7rfxlrl.exec:\7rfxlrl.exe33⤵
- Executes dropped EXE
-
\??\c:\5nbhbt.exec:\5nbhbt.exe34⤵
- Executes dropped EXE
-
\??\c:\hhhtnb.exec:\hhhtnb.exe35⤵
- Executes dropped EXE
-
\??\c:\nhtnhh.exec:\nhtnhh.exe36⤵
- Executes dropped EXE
-
\??\c:\vdddj.exec:\vdddj.exe37⤵
- Executes dropped EXE
-
\??\c:\xrffrxr.exec:\xrffrxr.exe38⤵
- Executes dropped EXE
-
\??\c:\rfllrlx.exec:\rfllrlx.exe39⤵
- Executes dropped EXE
-
\??\c:\3hnnhb.exec:\3hnnhb.exe40⤵
- Executes dropped EXE
-
\??\c:\nhbhnt.exec:\nhbhnt.exe41⤵
- Executes dropped EXE
-
\??\c:\jdvpd.exec:\jdvpd.exe42⤵
- Executes dropped EXE
-
\??\c:\fxrxffl.exec:\fxrxffl.exe43⤵
- Executes dropped EXE
-
\??\c:\bbtntn.exec:\bbtntn.exe44⤵
- Executes dropped EXE
-
\??\c:\jvddj.exec:\jvddj.exe45⤵
- Executes dropped EXE
-
\??\c:\pjdvj.exec:\pjdvj.exe46⤵
- Executes dropped EXE
-
\??\c:\lfxxxlx.exec:\lfxxxlx.exe47⤵
- Executes dropped EXE
-
\??\c:\hntbnt.exec:\hntbnt.exe48⤵
- Executes dropped EXE
-
\??\c:\pdjpd.exec:\pdjpd.exe49⤵
- Executes dropped EXE
-
\??\c:\dvvdj.exec:\dvvdj.exe50⤵
- Executes dropped EXE
-
\??\c:\xxxfxff.exec:\xxxfxff.exe51⤵
- Executes dropped EXE
-
\??\c:\bttnbb.exec:\bttnbb.exe52⤵
- Executes dropped EXE
-
\??\c:\ntnhbb.exec:\ntnhbb.exe53⤵
- Executes dropped EXE
-
\??\c:\dpjpd.exec:\dpjpd.exe54⤵
- Executes dropped EXE
-
\??\c:\lrxlfrr.exec:\lrxlfrr.exe55⤵
- Executes dropped EXE
-
\??\c:\lllfrxf.exec:\lllfrxf.exe56⤵
- Executes dropped EXE
-
\??\c:\bnhntb.exec:\bnhntb.exe57⤵
- Executes dropped EXE
-
\??\c:\9jjdd.exec:\9jjdd.exe58⤵
- Executes dropped EXE
-
\??\c:\vpdjv.exec:\vpdjv.exe59⤵
- Executes dropped EXE
-
\??\c:\7fflxxf.exec:\7fflxxf.exe60⤵
- Executes dropped EXE
-
\??\c:\tbbbtb.exec:\tbbbtb.exe61⤵
- Executes dropped EXE
-
\??\c:\nhbbhn.exec:\nhbbhn.exe62⤵
- Executes dropped EXE
-
\??\c:\pvdvj.exec:\pvdvj.exe63⤵
- Executes dropped EXE
-
\??\c:\jdjvd.exec:\jdjvd.exe64⤵
- Executes dropped EXE
-
\??\c:\xxxxrll.exec:\xxxxrll.exe65⤵
- Executes dropped EXE
-
\??\c:\rrffrxf.exec:\rrffrxf.exe66⤵
-
\??\c:\hbhttb.exec:\hbhttb.exe67⤵
-
\??\c:\nnnnbh.exec:\nnnnbh.exe68⤵
-
\??\c:\9lxxrrl.exec:\9lxxrrl.exe69⤵
-
\??\c:\frlfllx.exec:\frlfllx.exe70⤵
-
\??\c:\nhhhhb.exec:\nhhhhb.exe71⤵
-
\??\c:\vddvp.exec:\vddvp.exe72⤵
-
\??\c:\1dvdp.exec:\1dvdp.exe73⤵
-
\??\c:\lrlllxx.exec:\lrlllxx.exe74⤵
-
\??\c:\hhbhnn.exec:\hhbhnn.exe75⤵
-
\??\c:\bnbbnt.exec:\bnbbnt.exe76⤵
-
\??\c:\vvvdj.exec:\vvvdj.exe77⤵
-
\??\c:\3jvjd.exec:\3jvjd.exe78⤵
-
\??\c:\xxxrlxr.exec:\xxxrlxr.exe79⤵
-
\??\c:\nntttb.exec:\nntttb.exe80⤵
-
\??\c:\tnbnht.exec:\tnbnht.exe81⤵
-
\??\c:\pjpvj.exec:\pjpvj.exe82⤵
-
\??\c:\jvvvv.exec:\jvvvv.exe83⤵
-
\??\c:\xxfxlll.exec:\xxfxlll.exe84⤵
-
\??\c:\flrrfrx.exec:\flrrfrx.exe85⤵
-
\??\c:\hbbbnn.exec:\hbbbnn.exe86⤵
-
\??\c:\bbhbth.exec:\bbhbth.exe87⤵
-
\??\c:\ddvpd.exec:\ddvpd.exe88⤵
-
\??\c:\xfffrlf.exec:\xfffrlf.exe89⤵
-
\??\c:\1tbhnn.exec:\1tbhnn.exe90⤵
-
\??\c:\bnnhhb.exec:\bnnhhb.exe91⤵
-
\??\c:\jpdvp.exec:\jpdvp.exe92⤵
-
\??\c:\rfrlffl.exec:\rfrlffl.exe93⤵
-
\??\c:\xlfflxl.exec:\xlfflxl.exe94⤵
-
\??\c:\hbtbhh.exec:\hbtbhh.exe95⤵
-
\??\c:\hhhhnb.exec:\hhhhnb.exe96⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe97⤵
-
\??\c:\dddpv.exec:\dddpv.exe98⤵
-
\??\c:\xrlxxfl.exec:\xrlxxfl.exe99⤵
-
\??\c:\lrrllxf.exec:\lrrllxf.exe100⤵
-
\??\c:\nnbbth.exec:\nnbbth.exe101⤵
-
\??\c:\pvppj.exec:\pvppj.exe102⤵
-
\??\c:\vvjjv.exec:\vvjjv.exe103⤵
-
\??\c:\ffxlrxl.exec:\ffxlrxl.exe104⤵
-
\??\c:\nnbhbn.exec:\nnbhbn.exe105⤵
-
\??\c:\hbtbnt.exec:\hbtbnt.exe106⤵
-
\??\c:\dpjvp.exec:\dpjvp.exe107⤵
-
\??\c:\xffxfff.exec:\xffxfff.exe108⤵
-
\??\c:\ffxfrrf.exec:\ffxfrrf.exe109⤵
-
\??\c:\1nttnb.exec:\1nttnb.exe110⤵
-
\??\c:\3nnbhn.exec:\3nnbhn.exe111⤵
-
\??\c:\vvvjp.exec:\vvvjp.exe112⤵
-
\??\c:\llffrrf.exec:\llffrrf.exe113⤵
-
\??\c:\xlrflxf.exec:\xlrflxf.exe114⤵
-
\??\c:\hbtntn.exec:\hbtntn.exe115⤵
-
\??\c:\ttbnnt.exec:\ttbnnt.exe116⤵
-
\??\c:\vddjd.exec:\vddjd.exe117⤵
-
\??\c:\jpddj.exec:\jpddj.exe118⤵
-
\??\c:\rrxrlrx.exec:\rrxrlrx.exe119⤵
-
\??\c:\xxlrfrr.exec:\xxlrfrr.exe120⤵
-
\??\c:\tnhhhn.exec:\tnhhhn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-