Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
23-05-2024 23:48
General
-
Target
81885f43131714b327b6e8518bbc19beb7314c90844cd782447aaa974ae6e3a4.exe
-
Size
105KB
-
MD5
110ec4a5ab5233a31cfe8a9ee97fc20f
-
SHA1
a88754458344ffa7921278a12f0f846009d50607
-
SHA256
81885f43131714b327b6e8518bbc19beb7314c90844cd782447aaa974ae6e3a4
-
SHA512
c5ef845afb005e11b38f6a6a287b9c92c4a748b8fe10c57f28ea0f290248aee753fc9bd79e54b542c8deb8914690105d1c85c7d59a903e31041301f3dba5d1dc
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoTNKDeS98hPUdHV7RNzfJNK:ymb3NkkiQ3mdBjFo5KDe88g1fDK
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
UPX dump on OEP (original entry point) 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\81885f43131714b327b6e8518bbc19beb7314c90844cd782447aaa974ae6e3a4.exe"C:\Users\Admin\AppData\Local\Temp\81885f43131714b327b6e8518bbc19beb7314c90844cd782447aaa974ae6e3a4.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfrflr.exec:\xrfrflr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnbth.exec:\htnbth.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdjp.exec:\jvdjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rrxfxf.exec:\3rrxfxf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbtb.exec:\btbbtb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tbbbt.exec:\3tbbbt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppvj.exec:\pppvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrrllr.exec:\lfrrllr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thttbb.exec:\thttbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvjj.exec:\pjvjj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrxllx.exec:\xrrxllx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxfrfr.exec:\xxxfrfr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hhnbn.exec:\7hhnbn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bnthh.exec:\1bnthh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvdp.exec:\jdvdp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxlrrr.exec:\rlxlrrr.exe17⤵
- Executes dropped EXE
-
\??\c:\9rlxfxx.exec:\9rlxfxx.exe18⤵
- Executes dropped EXE
-
\??\c:\7ntttb.exec:\7ntttb.exe19⤵
- Executes dropped EXE
-
\??\c:\1dvdd.exec:\1dvdd.exe20⤵
- Executes dropped EXE
-
\??\c:\jdvjj.exec:\jdvjj.exe21⤵
- Executes dropped EXE
-
\??\c:\5frllll.exec:\5frllll.exe22⤵
- Executes dropped EXE
-
\??\c:\nhhhhh.exec:\nhhhhh.exe23⤵
- Executes dropped EXE
-
\??\c:\1nbhtb.exec:\1nbhtb.exe24⤵
- Executes dropped EXE
-
\??\c:\3vjjv.exec:\3vjjv.exe25⤵
- Executes dropped EXE
-
\??\c:\7vjpp.exec:\7vjpp.exe26⤵
- Executes dropped EXE
-
\??\c:\xlrrflr.exec:\xlrrflr.exe27⤵
- Executes dropped EXE
-
\??\c:\hhbnbn.exec:\hhbnbn.exe28⤵
- Executes dropped EXE
-
\??\c:\3pjpp.exec:\3pjpp.exe29⤵
- Executes dropped EXE
-
\??\c:\rlfxffr.exec:\rlfxffr.exe30⤵
- Executes dropped EXE
-
\??\c:\tnhntb.exec:\tnhntb.exe31⤵
- Executes dropped EXE
-
\??\c:\nhbtbb.exec:\nhbtbb.exe32⤵
- Executes dropped EXE
-
\??\c:\7jjpj.exec:\7jjpj.exe33⤵
- Executes dropped EXE
-
\??\c:\xrlrxfl.exec:\xrlrxfl.exe34⤵
- Executes dropped EXE
-
\??\c:\9xrxxff.exec:\9xrxxff.exe35⤵
- Executes dropped EXE
-
\??\c:\7btbtt.exec:\7btbtt.exe36⤵
- Executes dropped EXE
-
\??\c:\hbthhb.exec:\hbthhb.exe37⤵
- Executes dropped EXE
-
\??\c:\vpddp.exec:\vpddp.exe38⤵
- Executes dropped EXE
-
\??\c:\7dpjv.exec:\7dpjv.exe39⤵
- Executes dropped EXE
-
\??\c:\9frlrrx.exec:\9frlrrx.exe40⤵
- Executes dropped EXE
-
\??\c:\5frfrlx.exec:\5frfrlx.exe41⤵
- Executes dropped EXE
-
\??\c:\tnhtht.exec:\tnhtht.exe42⤵
- Executes dropped EXE
-
\??\c:\9nhhnn.exec:\9nhhnn.exe43⤵
- Executes dropped EXE
-
\??\c:\jddjv.exec:\jddjv.exe44⤵
- Executes dropped EXE
-
\??\c:\frrrrll.exec:\frrrrll.exe45⤵
- Executes dropped EXE
-
\??\c:\lxrxrrf.exec:\lxrxrrf.exe46⤵
- Executes dropped EXE
-
\??\c:\fxrflrx.exec:\fxrflrx.exe47⤵
- Executes dropped EXE
-
\??\c:\htnthh.exec:\htnthh.exe48⤵
- Executes dropped EXE
-
\??\c:\7btbhn.exec:\7btbhn.exe49⤵
- Executes dropped EXE
-
\??\c:\5vpvd.exec:\5vpvd.exe50⤵
- Executes dropped EXE
-
\??\c:\dvdvd.exec:\dvdvd.exe51⤵
- Executes dropped EXE
-
\??\c:\rlrxflx.exec:\rlrxflx.exe52⤵
- Executes dropped EXE
-
\??\c:\llflxxl.exec:\llflxxl.exe53⤵
- Executes dropped EXE
-
\??\c:\5tnbhh.exec:\5tnbhh.exe54⤵
- Executes dropped EXE
-
\??\c:\ddpvd.exec:\ddpvd.exe55⤵
- Executes dropped EXE
-
\??\c:\xrflrlx.exec:\xrflrlx.exe56⤵
- Executes dropped EXE
-
\??\c:\frxfrxr.exec:\frxfrxr.exe57⤵
- Executes dropped EXE
-
\??\c:\tbhtth.exec:\tbhtth.exe58⤵
- Executes dropped EXE
-
\??\c:\ddpvp.exec:\ddpvp.exe59⤵
- Executes dropped EXE
-
\??\c:\dpvpd.exec:\dpvpd.exe60⤵
- Executes dropped EXE
-
\??\c:\7ffflll.exec:\7ffflll.exe61⤵
- Executes dropped EXE
-
\??\c:\rlfrflr.exec:\rlfrflr.exe62⤵
- Executes dropped EXE
-
\??\c:\tnbhtt.exec:\tnbhtt.exe63⤵
- Executes dropped EXE
-
\??\c:\tntthh.exec:\tntthh.exe64⤵
- Executes dropped EXE
-
\??\c:\vjjjp.exec:\vjjjp.exe65⤵
- Executes dropped EXE
-
\??\c:\pdpjv.exec:\pdpjv.exe66⤵
-
\??\c:\9xxfflr.exec:\9xxfflr.exe67⤵
-
\??\c:\rlrfflr.exec:\rlrfflr.exe68⤵
-
\??\c:\xllfxxx.exec:\xllfxxx.exe69⤵
-
\??\c:\1hbhtn.exec:\1hbhtn.exe70⤵
-
\??\c:\ddpjd.exec:\ddpjd.exe71⤵
-
\??\c:\pjpdd.exec:\pjpdd.exe72⤵
-
\??\c:\xrflrrf.exec:\xrflrrf.exe73⤵
-
\??\c:\rrrlrfx.exec:\rrrlrfx.exe74⤵
-
\??\c:\ththhb.exec:\ththhb.exe75⤵
-
\??\c:\thhhbt.exec:\thhhbt.exe76⤵
-
\??\c:\1pvjv.exec:\1pvjv.exe77⤵
-
\??\c:\1ppvj.exec:\1ppvj.exe78⤵
-
\??\c:\dpvdp.exec:\dpvdp.exe79⤵
-
\??\c:\frxxffr.exec:\frxxffr.exe80⤵
-
\??\c:\1rrxllr.exec:\1rrxllr.exe81⤵
-
\??\c:\hbhhtn.exec:\hbhhtn.exe82⤵
-
\??\c:\djvpp.exec:\djvpp.exe83⤵
-
\??\c:\dvvjj.exec:\dvvjj.exe84⤵
-
\??\c:\9ffxflr.exec:\9ffxflr.exe85⤵
-
\??\c:\lxrrflr.exec:\lxrrflr.exe86⤵
-
\??\c:\7xflrfr.exec:\7xflrfr.exe87⤵
-
\??\c:\5tbhtt.exec:\5tbhtt.exe88⤵
-
\??\c:\bbntth.exec:\bbntth.exe89⤵
-
\??\c:\3djjv.exec:\3djjv.exe90⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe91⤵
-
\??\c:\lfxfxlx.exec:\lfxfxlx.exe92⤵
-
\??\c:\xrflxrf.exec:\xrflxrf.exe93⤵
-
\??\c:\hthntt.exec:\hthntt.exe94⤵
-
\??\c:\1bttbt.exec:\1bttbt.exe95⤵
-
\??\c:\btnbnn.exec:\btnbnn.exe96⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe97⤵
-
\??\c:\3vvdp.exec:\3vvdp.exe98⤵
-
\??\c:\7lflrrf.exec:\7lflrrf.exe99⤵
-
\??\c:\llflfxf.exec:\llflfxf.exe100⤵
-
\??\c:\htnnbh.exec:\htnnbh.exe101⤵
-
\??\c:\nhnnhh.exec:\nhnnhh.exe102⤵
-
\??\c:\9vvvd.exec:\9vvvd.exe103⤵
-
\??\c:\pdjjj.exec:\pdjjj.exe104⤵
-
\??\c:\xrxxffl.exec:\xrxxffl.exe105⤵
-
\??\c:\lfrxrxl.exec:\lfrxrxl.exe106⤵
-
\??\c:\3lfrlll.exec:\3lfrlll.exe107⤵
-
\??\c:\bbbhnt.exec:\bbbhnt.exe108⤵
-
\??\c:\3tnhnn.exec:\3tnhnn.exe109⤵
-
\??\c:\9ddpd.exec:\9ddpd.exe110⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe111⤵
-
\??\c:\1lxfxxl.exec:\1lxfxxl.exe112⤵
-
\??\c:\3xrrrlr.exec:\3xrrrlr.exe113⤵
-
\??\c:\rlrxlrx.exec:\rlrxlrx.exe114⤵
-
\??\c:\tnbhnt.exec:\tnbhnt.exe115⤵
-
\??\c:\nhnnbb.exec:\nhnnbb.exe116⤵
-
\??\c:\5vpdj.exec:\5vpdj.exe117⤵
-
\??\c:\1jjpd.exec:\1jjpd.exe118⤵
-
\??\c:\lxllrrx.exec:\lxllrrx.exe119⤵
-
\??\c:\1xflxxx.exec:\1xflxxx.exe120⤵
-
\??\c:\llfrflr.exec:\llfrflr.exe121⤵
-
\??\c:\btnthn.exec:\btnthn.exe122⤵
-
\??\c:\bnbhtt.exec:\bnbhtt.exe123⤵
-
\??\c:\7ddjj.exec:\7ddjj.exe124⤵
-
\??\c:\3pjvj.exec:\3pjvj.exe125⤵
-
\??\c:\3frlxfl.exec:\3frlxfl.exe126⤵
-
\??\c:\3rfrflx.exec:\3rfrflx.exe127⤵
-
\??\c:\frrrflx.exec:\frrrflx.exe128⤵
-
\??\c:\bbnthn.exec:\bbnthn.exe129⤵
-
\??\c:\bhtthh.exec:\bhtthh.exe130⤵
-
\??\c:\1jjvj.exec:\1jjvj.exe131⤵
-
\??\c:\3jppv.exec:\3jppv.exe132⤵
-
\??\c:\9fxflrx.exec:\9fxflrx.exe133⤵
-
\??\c:\1xlrflx.exec:\1xlrflx.exe134⤵
-
\??\c:\7hhtnn.exec:\7hhtnn.exe135⤵
-
\??\c:\5tthbh.exec:\5tthbh.exe136⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe137⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe138⤵
-
\??\c:\9fxfflr.exec:\9fxfflr.exe139⤵
-
\??\c:\lfxrrxf.exec:\lfxrrxf.exe140⤵
-
\??\c:\hbhthh.exec:\hbhthh.exe141⤵
-
\??\c:\5tbhnh.exec:\5tbhnh.exe142⤵
-
\??\c:\1htbhh.exec:\1htbhh.exe143⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe144⤵
-
\??\c:\dpjdd.exec:\dpjdd.exe145⤵
-
\??\c:\lfrrxrx.exec:\lfrrxrx.exe146⤵
-
\??\c:\lfxfflx.exec:\lfxfflx.exe147⤵
-
\??\c:\9bntbb.exec:\9bntbb.exe148⤵
-
\??\c:\jjvjj.exec:\jjvjj.exe149⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe150⤵
-
\??\c:\rlxrxfl.exec:\rlxrxfl.exe151⤵
-
\??\c:\7xlllfl.exec:\7xlllfl.exe152⤵
-
\??\c:\9hbtbh.exec:\9hbtbh.exe153⤵
-
\??\c:\hbnbnn.exec:\hbnbnn.exe154⤵
-
\??\c:\1dvdp.exec:\1dvdp.exe155⤵
-
\??\c:\9vjdj.exec:\9vjdj.exe156⤵
-
\??\c:\xrfxffl.exec:\xrfxffl.exe157⤵
-
\??\c:\xrflxxf.exec:\xrflxxf.exe158⤵
-
\??\c:\3tnntt.exec:\3tnntt.exe159⤵
-
\??\c:\bnbnbn.exec:\bnbnbn.exe160⤵
-
\??\c:\7vpvv.exec:\7vpvv.exe161⤵
-
\??\c:\ddvjj.exec:\ddvjj.exe162⤵
-
\??\c:\llrfrfl.exec:\llrfrfl.exe163⤵
-
\??\c:\xlxfrxl.exec:\xlxfrxl.exe164⤵
-
\??\c:\1hthtn.exec:\1hthtn.exe165⤵
-
\??\c:\tnbbbh.exec:\tnbbbh.exe166⤵
-
\??\c:\jvjdp.exec:\jvjdp.exe167⤵
-
\??\c:\xrflxrf.exec:\xrflxrf.exe168⤵
-
\??\c:\5frfrxf.exec:\5frfrxf.exe169⤵
-
\??\c:\nnhtbh.exec:\nnhtbh.exe170⤵
-
\??\c:\nhtnbb.exec:\nhtnbb.exe171⤵
-
\??\c:\ppvjp.exec:\ppvjp.exe172⤵
-
\??\c:\1dvjj.exec:\1dvjj.exe173⤵
-
\??\c:\frfrffl.exec:\frfrffl.exe174⤵
-
\??\c:\xlrrrrx.exec:\xlrrrrx.exe175⤵
-
\??\c:\btbhth.exec:\btbhth.exe176⤵
-
\??\c:\tnhhnn.exec:\tnhhnn.exe177⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe178⤵
-
\??\c:\1frxffl.exec:\1frxffl.exe179⤵
-
\??\c:\7rxllrf.exec:\7rxllrf.exe180⤵
-
\??\c:\lxflllr.exec:\lxflllr.exe181⤵
-
\??\c:\3tnbbh.exec:\3tnbbh.exe182⤵
-
\??\c:\jvppp.exec:\jvppp.exe183⤵
-
\??\c:\vpjjj.exec:\vpjjj.exe184⤵
-
\??\c:\frffflr.exec:\frffflr.exe185⤵
-
\??\c:\rxrlfrr.exec:\rxrlfrr.exe186⤵
-
\??\c:\3btbnn.exec:\3btbnn.exe187⤵
-
\??\c:\7btbnn.exec:\7btbnn.exe188⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe189⤵
-
\??\c:\9vjpp.exec:\9vjpp.exe190⤵
-
\??\c:\rlfllrx.exec:\rlfllrx.exe191⤵
-
\??\c:\fxxlxfl.exec:\fxxlxfl.exe192⤵
-
\??\c:\tnbntt.exec:\tnbntt.exe193⤵
-
\??\c:\hhbnbh.exec:\hhbnbh.exe194⤵
-
\??\c:\jpddj.exec:\jpddj.exe195⤵
-
\??\c:\1jvjj.exec:\1jvjj.exe196⤵
-
\??\c:\rlffxxf.exec:\rlffxxf.exe197⤵
-
\??\c:\xrfrlrx.exec:\xrfrlrx.exe198⤵
-
\??\c:\hbnnbt.exec:\hbnnbt.exe199⤵
-
\??\c:\ttbhbh.exec:\ttbhbh.exe200⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe201⤵
-
\??\c:\lxlxrrx.exec:\lxlxrrx.exe202⤵
-
\??\c:\fxllxfr.exec:\fxllxfr.exe203⤵
-
\??\c:\nbhbnh.exec:\nbhbnh.exe204⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe205⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe206⤵
-
\??\c:\lxffrxl.exec:\lxffrxl.exe207⤵
-
\??\c:\1lfrxfl.exec:\1lfrxfl.exe208⤵
-
\??\c:\hthhhh.exec:\hthhhh.exe209⤵
-
\??\c:\1htbbn.exec:\1htbbn.exe210⤵
-
\??\c:\vpppd.exec:\vpppd.exe211⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe212⤵
-
\??\c:\xfrxllr.exec:\xfrxllr.exe213⤵
-
\??\c:\bbbhtb.exec:\bbbhtb.exe214⤵
-
\??\c:\7bnntt.exec:\7bnntt.exe215⤵
-
\??\c:\3btbhh.exec:\3btbhh.exe216⤵
-
\??\c:\pjddj.exec:\pjddj.exe217⤵
-
\??\c:\frlfffl.exec:\frlfffl.exe218⤵
-
\??\c:\7rfrxlx.exec:\7rfrxlx.exe219⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe220⤵
-
\??\c:\tnbhtt.exec:\tnbhtt.exe221⤵
-
\??\c:\pjpdj.exec:\pjpdj.exe222⤵
-
\??\c:\1jdjj.exec:\1jdjj.exe223⤵
-
\??\c:\5xrfllx.exec:\5xrfllx.exe224⤵
-
\??\c:\xrlrxrx.exec:\xrlrxrx.exe225⤵
-
\??\c:\thtttt.exec:\thtttt.exe226⤵
-
\??\c:\3bhtbh.exec:\3bhtbh.exe227⤵
-
\??\c:\1vjvj.exec:\1vjvj.exe228⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe229⤵
-
\??\c:\xrflrxf.exec:\xrflrxf.exe230⤵
-
\??\c:\3lxrflr.exec:\3lxrflr.exe231⤵
-
\??\c:\1nhntb.exec:\1nhntb.exe232⤵
-
\??\c:\hthhbb.exec:\hthhbb.exe233⤵
-
\??\c:\pdpvp.exec:\pdpvp.exe234⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe235⤵
-
\??\c:\frllxxr.exec:\frllxxr.exe236⤵
-
\??\c:\xrxlxfl.exec:\xrxlxfl.exe237⤵
-
\??\c:\nhbnnt.exec:\nhbnnt.exe238⤵
-
\??\c:\5tbnbh.exec:\5tbnbh.exe239⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe240⤵