Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
23-05-2024 22:44
General
-
Target
9be7492a556324031faad4141cfe728f54616d18a80a02bae86dee7d5eb4a9f0.exe
-
Size
57KB
-
MD5
0097145e437bfb2816572f03e4034330
-
SHA1
51f24c9c3d87aa6eef1ead662d10aedb68921964
-
SHA256
9be7492a556324031faad4141cfe728f54616d18a80a02bae86dee7d5eb4a9f0
-
SHA512
ea212fca5151c2108c559dd139fd9bb6bb34a777b1e76e9c0e94f37bf83e990aa4192a3e25655666cd5a9d6754fd0d95c01fd5ec07469f287659892cd9e6d07a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuSwFaEQ:ymb3NkkiQ3mdBjFIvIFaEQ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9be7492a556324031faad4141cfe728f54616d18a80a02bae86dee7d5eb4a9f0.exe"C:\Users\Admin\AppData\Local\Temp\9be7492a556324031faad4141cfe728f54616d18a80a02bae86dee7d5eb4a9f0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrxxxx.exec:\rxrxxxx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxxxxx.exec:\xxxxxxx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdppj.exec:\pdppj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrxxr.exec:\rlrrxxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tnnhh.exec:\7tnnhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vddp.exec:\9vddp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpjd.exec:\djpjd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllffff.exec:\lllffff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tnnnn.exec:\5tnnnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jvpp.exec:\1jvpp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfxxxr.exec:\lxfxxxr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbttt.exec:\htbttt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bhbnn.exec:\1bhbnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jvjd.exec:\1jvjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxlffx.exec:\rlxlffx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bhhbb.exec:\3bhhbb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtnnn.exec:\nhtnnn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvppp.exec:\jvppp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvp.exec:\jdpvp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rrlllr.exec:\3rrlllr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttnnh.exec:\tttnnh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvdv.exec:\dpvdv.exe23⤵
- Executes dropped EXE
-
\??\c:\3jvpd.exec:\3jvpd.exe24⤵
- Executes dropped EXE
-
\??\c:\fflfrxr.exec:\fflfrxr.exe25⤵
- Executes dropped EXE
-
\??\c:\hntbbn.exec:\hntbbn.exe26⤵
- Executes dropped EXE
-
\??\c:\pjjjd.exec:\pjjjd.exe27⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe28⤵
- Executes dropped EXE
-
\??\c:\pjddv.exec:\pjddv.exe29⤵
- Executes dropped EXE
-
\??\c:\ffrfrrf.exec:\ffrfrrf.exe30⤵
- Executes dropped EXE
-
\??\c:\hthbtt.exec:\hthbtt.exe31⤵
- Executes dropped EXE
-
\??\c:\3nnnbb.exec:\3nnnbb.exe32⤵
- Executes dropped EXE
-
\??\c:\9vvpd.exec:\9vvpd.exe33⤵
- Executes dropped EXE
-
\??\c:\tnnbtt.exec:\tnnbtt.exe34⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe35⤵
- Executes dropped EXE
-
\??\c:\ppddp.exec:\ppddp.exe36⤵
- Executes dropped EXE
-
\??\c:\llxxrrr.exec:\llxxrrr.exe37⤵
- Executes dropped EXE
-
\??\c:\xrrlrrl.exec:\xrrlrrl.exe38⤵
- Executes dropped EXE
-
\??\c:\vdvvv.exec:\vdvvv.exe39⤵
- Executes dropped EXE
-
\??\c:\dvvpp.exec:\dvvpp.exe40⤵
- Executes dropped EXE
-
\??\c:\xfxxrxr.exec:\xfxxrxr.exe41⤵
- Executes dropped EXE
-
\??\c:\btbhhn.exec:\btbhhn.exe42⤵
- Executes dropped EXE
-
\??\c:\nnttbb.exec:\nnttbb.exe43⤵
- Executes dropped EXE
-
\??\c:\3djdd.exec:\3djdd.exe44⤵
- Executes dropped EXE
-
\??\c:\flffxxr.exec:\flffxxr.exe45⤵
- Executes dropped EXE
-
\??\c:\dvdjd.exec:\dvdjd.exe46⤵
- Executes dropped EXE
-
\??\c:\dvddd.exec:\dvddd.exe47⤵
-
\??\c:\nbhhhh.exec:\nbhhhh.exe48⤵
- Executes dropped EXE
-
\??\c:\nhhbtt.exec:\nhhbtt.exe49⤵
- Executes dropped EXE
-
\??\c:\jjdvd.exec:\jjdvd.exe50⤵
- Executes dropped EXE
-
\??\c:\pvppd.exec:\pvppd.exe51⤵
- Executes dropped EXE
-
\??\c:\3flfllr.exec:\3flfllr.exe52⤵
- Executes dropped EXE
-
\??\c:\rlllfff.exec:\rlllfff.exe53⤵
- Executes dropped EXE
-
\??\c:\btnhhh.exec:\btnhhh.exe54⤵
- Executes dropped EXE
-
\??\c:\3pvpj.exec:\3pvpj.exe55⤵
- Executes dropped EXE
-
\??\c:\dddvd.exec:\dddvd.exe56⤵
- Executes dropped EXE
-
\??\c:\xlrlfff.exec:\xlrlfff.exe57⤵
- Executes dropped EXE
-
\??\c:\fxfxrfx.exec:\fxfxrfx.exe58⤵
- Executes dropped EXE
-
\??\c:\bnnnnn.exec:\bnnnnn.exe59⤵
- Executes dropped EXE
-
\??\c:\pvvvj.exec:\pvvvj.exe60⤵
- Executes dropped EXE
-
\??\c:\jjppj.exec:\jjppj.exe61⤵
- Executes dropped EXE
-
\??\c:\fffrrlx.exec:\fffrrlx.exe62⤵
- Executes dropped EXE
-
\??\c:\rxxxfff.exec:\rxxxfff.exe63⤵
- Executes dropped EXE
-
\??\c:\thbtbn.exec:\thbtbn.exe64⤵
- Executes dropped EXE
-
\??\c:\htbbnn.exec:\htbbnn.exe65⤵
- Executes dropped EXE
-
\??\c:\jvdvj.exec:\jvdvj.exe66⤵
- Executes dropped EXE
-
\??\c:\xfrlffx.exec:\xfrlffx.exe67⤵
-
\??\c:\ffllrlr.exec:\ffllrlr.exe68⤵
-
\??\c:\hnttnn.exec:\hnttnn.exe69⤵
-
\??\c:\nnttnh.exec:\nnttnh.exe70⤵
-
\??\c:\dvvpv.exec:\dvvpv.exe71⤵
-
\??\c:\7ddpp.exec:\7ddpp.exe72⤵
-
\??\c:\5frrlxx.exec:\5frrlxx.exe73⤵
-
\??\c:\hbhbtt.exec:\hbhbtt.exe74⤵
-
\??\c:\tnnnbb.exec:\tnnnbb.exe75⤵
-
\??\c:\pdddv.exec:\pdddv.exe76⤵
-
\??\c:\tntnhn.exec:\tntnhn.exe77⤵
-
\??\c:\tbhnbn.exec:\tbhnbn.exe78⤵
-
\??\c:\9vddv.exec:\9vddv.exe79⤵
-
\??\c:\ppdvd.exec:\ppdvd.exe80⤵
-
\??\c:\lxfxrrr.exec:\lxfxrrr.exe81⤵
-
\??\c:\hnhhbb.exec:\hnhhbb.exe82⤵
-
\??\c:\ppvvj.exec:\ppvvj.exe83⤵
-
\??\c:\xfxlfrf.exec:\xfxlfrf.exe84⤵
-
\??\c:\5lxxffr.exec:\5lxxffr.exe85⤵
-
\??\c:\tthbhb.exec:\tthbhb.exe86⤵
-
\??\c:\tbbbnt.exec:\tbbbnt.exe87⤵
-
\??\c:\ppjpj.exec:\ppjpj.exe88⤵
-
\??\c:\3flfxxr.exec:\3flfxxr.exe89⤵
-
\??\c:\frxlffr.exec:\frxlffr.exe90⤵
-
\??\c:\bnnhhh.exec:\bnnhhh.exe91⤵
-
\??\c:\tnhbtt.exec:\tnhbtt.exe92⤵
-
\??\c:\9vpvj.exec:\9vpvj.exe93⤵
-
\??\c:\rlxxfff.exec:\rlxxfff.exe94⤵
-
\??\c:\fxlfllr.exec:\fxlfllr.exe95⤵
-
\??\c:\nthhbb.exec:\nthhbb.exe96⤵
-
\??\c:\jjvpv.exec:\jjvpv.exe97⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe98⤵
-
\??\c:\lxxrfff.exec:\lxxrfff.exe99⤵
-
\??\c:\rlllffx.exec:\rlllffx.exe100⤵
-
\??\c:\thbhhh.exec:\thbhhh.exe101⤵
-
\??\c:\tnnbtt.exec:\tnnbtt.exe102⤵
-
\??\c:\jpvjd.exec:\jpvjd.exe103⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe104⤵
-
\??\c:\xfxflrx.exec:\xfxflrx.exe105⤵
-
\??\c:\ttbbhh.exec:\ttbbhh.exe106⤵
-
\??\c:\thhhbn.exec:\thhhbn.exe107⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe108⤵
-
\??\c:\llxrfff.exec:\llxrfff.exe109⤵
-
\??\c:\frrrllf.exec:\frrrllf.exe110⤵
-
\??\c:\hhhbnn.exec:\hhhbnn.exe111⤵
-
\??\c:\3ttthh.exec:\3ttthh.exe112⤵
-
\??\c:\ddppp.exec:\ddppp.exe113⤵
-
\??\c:\5pdvj.exec:\5pdvj.exe114⤵
-
\??\c:\xxflfff.exec:\xxflfff.exe115⤵
-
\??\c:\3fllrrl.exec:\3fllrrl.exe116⤵
-
\??\c:\btttnn.exec:\btttnn.exe117⤵
-
\??\c:\vvvpp.exec:\vvvpp.exe118⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe119⤵
-
\??\c:\9vjdp.exec:\9vjdp.exe120⤵
-
\??\c:\lxxrfff.exec:\lxxrfff.exe121⤵
-
\??\c:\1fffxrf.exec:\1fffxrf.exe122⤵
-
\??\c:\1tbbtn.exec:\1tbbtn.exe123⤵
-
\??\c:\tnnhtt.exec:\tnnhtt.exe124⤵
-
\??\c:\xrxrrll.exec:\xrxrrll.exe125⤵
-
\??\c:\tntttt.exec:\tntttt.exe126⤵
-
\??\c:\tnthbb.exec:\tnthbb.exe127⤵
-
\??\c:\ddjjv.exec:\ddjjv.exe128⤵
-
\??\c:\pddvp.exec:\pddvp.exe129⤵
-
\??\c:\jddpp.exec:\jddpp.exe130⤵
-
\??\c:\llrlxxr.exec:\llrlxxr.exe131⤵
-
\??\c:\3ffxxxr.exec:\3ffxxxr.exe132⤵
-
\??\c:\7httnn.exec:\7httnn.exe133⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe134⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe135⤵
-
\??\c:\nbbtnn.exec:\nbbtnn.exe136⤵
-
\??\c:\7nnhtb.exec:\7nnhtb.exe137⤵
-
\??\c:\pjvdv.exec:\pjvdv.exe138⤵
-
\??\c:\7lfxrfx.exec:\7lfxrfx.exe139⤵
-
\??\c:\3frlllf.exec:\3frlllf.exe140⤵
-
\??\c:\1hbtnn.exec:\1hbtnn.exe141⤵
-
\??\c:\vjddp.exec:\vjddp.exe142⤵
-
\??\c:\jddvp.exec:\jddvp.exe143⤵
-
\??\c:\xxllllf.exec:\xxllllf.exe144⤵
-
\??\c:\rllllll.exec:\rllllll.exe145⤵
-
\??\c:\nhnnhh.exec:\nhnnhh.exe146⤵
-
\??\c:\pvvvv.exec:\pvvvv.exe147⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe148⤵
-
\??\c:\rxxxllr.exec:\rxxxllr.exe149⤵
-
\??\c:\hhnnbb.exec:\hhnnbb.exe150⤵
-
\??\c:\hnhthb.exec:\hnhthb.exe151⤵
-
\??\c:\jpppp.exec:\jpppp.exe152⤵
-
\??\c:\flrlffx.exec:\flrlffx.exe153⤵
-
\??\c:\fxfxrrl.exec:\fxfxrrl.exe154⤵
-
\??\c:\xrxrrrr.exec:\xrxrrrr.exe155⤵
-
\??\c:\7nttnn.exec:\7nttnn.exe156⤵
-
\??\c:\nttttt.exec:\nttttt.exe157⤵
-
\??\c:\ppjjp.exec:\ppjjp.exe158⤵
-
\??\c:\lflfxxx.exec:\lflfxxx.exe159⤵
-
\??\c:\rxrrflx.exec:\rxrrflx.exe160⤵
-
\??\c:\btthnh.exec:\btthnh.exe161⤵
-
\??\c:\bttnhb.exec:\bttnhb.exe162⤵
-
\??\c:\jdddv.exec:\jdddv.exe163⤵
-
\??\c:\rlffxxx.exec:\rlffxxx.exe164⤵
-
\??\c:\ffrflxr.exec:\ffrflxr.exe165⤵
-
\??\c:\bthhnn.exec:\bthhnn.exe166⤵
-
\??\c:\bhnntt.exec:\bhnntt.exe167⤵
-
\??\c:\7rrrfxx.exec:\7rrrfxx.exe168⤵
-
\??\c:\lfxfrlx.exec:\lfxfrlx.exe169⤵
-
\??\c:\hntnhh.exec:\hntnhh.exe170⤵
-
\??\c:\ttnnnb.exec:\ttnnnb.exe171⤵
-
\??\c:\jpvvj.exec:\jpvvj.exe172⤵
-
\??\c:\3lfxllf.exec:\3lfxllf.exe173⤵
-
\??\c:\lrxrlll.exec:\lrxrlll.exe174⤵
-
\??\c:\tntnnn.exec:\tntnnn.exe175⤵
-
\??\c:\hhtnhn.exec:\hhtnhn.exe176⤵
-
\??\c:\dvpdv.exec:\dvpdv.exe177⤵
-
\??\c:\xffxxrr.exec:\xffxxrr.exe178⤵
-
\??\c:\fxxxllx.exec:\fxxxllx.exe179⤵
-
\??\c:\nbbbbb.exec:\nbbbbb.exe180⤵
-
\??\c:\bttntt.exec:\bttntt.exe181⤵
-
\??\c:\vpjjj.exec:\vpjjj.exe182⤵
-
\??\c:\rxrrrrx.exec:\rxrrrrx.exe183⤵
-
\??\c:\1flllll.exec:\1flllll.exe184⤵
-
\??\c:\hbbbtt.exec:\hbbbtt.exe185⤵
-
\??\c:\hbbbnn.exec:\hbbbnn.exe186⤵
-
\??\c:\5jjjj.exec:\5jjjj.exe187⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe188⤵
-
\??\c:\rflfxxr.exec:\rflfxxr.exe189⤵
-
\??\c:\bthnhh.exec:\bthnhh.exe190⤵
-
\??\c:\ntbnbb.exec:\ntbnbb.exe191⤵
-
\??\c:\3jjdp.exec:\3jjdp.exe192⤵
-
\??\c:\5pvvv.exec:\5pvvv.exe193⤵
-
\??\c:\7lxrlrr.exec:\7lxrlrr.exe194⤵
-
\??\c:\xrxrlll.exec:\xrxrlll.exe195⤵
-
\??\c:\nhbbbt.exec:\nhbbbt.exe196⤵
-
\??\c:\3vjjp.exec:\3vjjp.exe197⤵
-
\??\c:\pppjd.exec:\pppjd.exe198⤵
-
\??\c:\7ffxrrr.exec:\7ffxrrr.exe199⤵
-
\??\c:\1ffxrrr.exec:\1ffxrrr.exe200⤵
-
\??\c:\bbtntt.exec:\bbtntt.exe201⤵
-
\??\c:\jvddp.exec:\jvddp.exe202⤵
-
\??\c:\7vdvv.exec:\7vdvv.exe203⤵
-
\??\c:\fxrlffr.exec:\fxrlffr.exe204⤵
-
\??\c:\rrlfxxr.exec:\rrlfxxr.exe205⤵
-
\??\c:\bnhbbb.exec:\bnhbbb.exe206⤵
-
\??\c:\hhhhtb.exec:\hhhhtb.exe207⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe208⤵
-
\??\c:\5fxxfff.exec:\5fxxfff.exe209⤵
-
\??\c:\fxffxxx.exec:\fxffxxx.exe210⤵
-
\??\c:\bhthnt.exec:\bhthnt.exe211⤵
-
\??\c:\nnnnbb.exec:\nnnnbb.exe212⤵
-
\??\c:\9pvpj.exec:\9pvpj.exe213⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe214⤵
-
\??\c:\ffllrfl.exec:\ffllrfl.exe215⤵
-
\??\c:\xxrrllf.exec:\xxrrllf.exe216⤵
-
\??\c:\nnbthb.exec:\nnbthb.exe217⤵
-
\??\c:\tbhbtb.exec:\tbhbtb.exe218⤵
-
\??\c:\pddjj.exec:\pddjj.exe219⤵
-
\??\c:\xlrxrll.exec:\xlrxrll.exe220⤵
-
\??\c:\rlrllff.exec:\rlrllff.exe221⤵
-
\??\c:\nbhhhb.exec:\nbhhhb.exe222⤵
-
\??\c:\vvpdv.exec:\vvpdv.exe223⤵
-
\??\c:\dvppp.exec:\dvppp.exe224⤵
-
\??\c:\rflrlxr.exec:\rflrlxr.exe225⤵
-
\??\c:\flllllf.exec:\flllllf.exe226⤵
-
\??\c:\9hhhhh.exec:\9hhhhh.exe227⤵
-
\??\c:\nnnhbb.exec:\nnnhbb.exe228⤵
-
\??\c:\5jdvv.exec:\5jdvv.exe229⤵
-
\??\c:\vdjvj.exec:\vdjvj.exe230⤵
-
\??\c:\3xllxxx.exec:\3xllxxx.exe231⤵
-
\??\c:\fxffxxf.exec:\fxffxxf.exe232⤵
-
\??\c:\btbttt.exec:\btbttt.exe233⤵
-
\??\c:\nhbtnn.exec:\nhbtnn.exe234⤵
-
\??\c:\ddddp.exec:\ddddp.exe235⤵
-
\??\c:\rflflxx.exec:\rflflxx.exe236⤵
-
\??\c:\nbhhbb.exec:\nbhhbb.exe237⤵
-
\??\c:\9ntnhh.exec:\9ntnhh.exe238⤵
-
\??\c:\dpppp.exec:\dpppp.exe239⤵
-
\??\c:\jjddd.exec:\jjddd.exe240⤵
-
\??\c:\5fffxff.exec:\5fffxff.exe241⤵