Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
23-05-2024 03:18
General
-
Target
80f9d93aeae87ea8ed2bbda6fd5e5665b603a359630733fc8cfa62fbfaa273ab.exe
-
Size
137KB
-
MD5
262c54cd2badcc45249014bdd794c6b0
-
SHA1
4b60d5a4a2946aa6f167cf742076866f3ad601c8
-
SHA256
80f9d93aeae87ea8ed2bbda6fd5e5665b603a359630733fc8cfa62fbfaa273ab
-
SHA512
8343c5d33653dc5cc136943b2f5bba74ac6c4736760413918294db414b67235ab9e5fbd9e5642f08a1d9f787068ede5ed33a972c80133a1dcdc740f8fb7986bd
-
SSDEEP
3072:khOmTsF93UYfwC6GIoutpYcvrqrE66kropO6BfDKPeGrRX:kcm4FmowdHoSphraHcpOaKHN
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 46 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\80f9d93aeae87ea8ed2bbda6fd5e5665b603a359630733fc8cfa62fbfaa273ab.exe"C:\Users\Admin\AppData\Local\Temp\80f9d93aeae87ea8ed2bbda6fd5e5665b603a359630733fc8cfa62fbfaa273ab.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\llnxhn.exec:\llnxhn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jxhvv.exec:\jxhvv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xbnvxp.exec:\xbnvxp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dlldxhp.exec:\dlldxhp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\prxdnr.exec:\prxdnr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dttprlt.exec:\dttprlt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dhjbxjf.exec:\dhjbxjf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xjpdxd.exec:\xjpdxd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hlntx.exec:\hlntx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnrxttx.exec:\hnrxttx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fjphb.exec:\fjphb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dtbbhrp.exec:\dtbbhrp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rtbth.exec:\rtbth.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxhtj.exec:\lxhtj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dfjvrx.exec:\dfjvrx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pxjpp.exec:\pxjpp.exe17⤵
- Executes dropped EXE
-
\??\c:\rpvxdb.exec:\rpvxdb.exe18⤵
- Executes dropped EXE
-
\??\c:\dbxbxh.exec:\dbxbxh.exe19⤵
- Executes dropped EXE
-
\??\c:\jptpf.exec:\jptpf.exe20⤵
- Executes dropped EXE
-
\??\c:\bdppxf.exec:\bdppxf.exe21⤵
- Executes dropped EXE
-
\??\c:\pftplr.exec:\pftplr.exe22⤵
- Executes dropped EXE
-
\??\c:\tptxjl.exec:\tptxjl.exe23⤵
- Executes dropped EXE
-
\??\c:\htrvj.exec:\htrvj.exe24⤵
- Executes dropped EXE
-
\??\c:\nndxfh.exec:\nndxfh.exe25⤵
- Executes dropped EXE
-
\??\c:\djddhn.exec:\djddhn.exe26⤵
- Executes dropped EXE
-
\??\c:\rjnbh.exec:\rjnbh.exe27⤵
- Executes dropped EXE
-
\??\c:\jhnxtrl.exec:\jhnxtrl.exe28⤵
- Executes dropped EXE
-
\??\c:\nvtxfbx.exec:\nvtxfbx.exe29⤵
- Executes dropped EXE
-
\??\c:\vftvbfx.exec:\vftvbfx.exe30⤵
- Executes dropped EXE
-
\??\c:\vpbnptx.exec:\vpbnptx.exe31⤵
- Executes dropped EXE
-
\??\c:\jdffh.exec:\jdffh.exe32⤵
- Executes dropped EXE
-
\??\c:\rlflthp.exec:\rlflthp.exe33⤵
- Executes dropped EXE
-
\??\c:\jlxptb.exec:\jlxptb.exe34⤵
- Executes dropped EXE
-
\??\c:\dthvxd.exec:\dthvxd.exe35⤵
- Executes dropped EXE
-
\??\c:\ftxbl.exec:\ftxbl.exe36⤵
- Executes dropped EXE
-
\??\c:\xbpxx.exec:\xbpxx.exe37⤵
- Executes dropped EXE
-
\??\c:\jdlpd.exec:\jdlpd.exe38⤵
- Executes dropped EXE
-
\??\c:\tfrbhhb.exec:\tfrbhhb.exe39⤵
- Executes dropped EXE
-
\??\c:\fjvld.exec:\fjvld.exe40⤵
- Executes dropped EXE
-
\??\c:\bpxrpp.exec:\bpxrpp.exe41⤵
- Executes dropped EXE
-
\??\c:\txxnjp.exec:\txxnjp.exe42⤵
- Executes dropped EXE
-
\??\c:\htptdt.exec:\htptdt.exe43⤵
- Executes dropped EXE
-
\??\c:\fdfjb.exec:\fdfjb.exe44⤵
- Executes dropped EXE
-
\??\c:\xthfnlx.exec:\xthfnlx.exe45⤵
- Executes dropped EXE
-
\??\c:\fxxddn.exec:\fxxddn.exe46⤵
- Executes dropped EXE
-
\??\c:\fbjbp.exec:\fbjbp.exe47⤵
- Executes dropped EXE
-
\??\c:\jhxnprh.exec:\jhxnprh.exe48⤵
- Executes dropped EXE
-
\??\c:\pddbpbr.exec:\pddbpbr.exe49⤵
- Executes dropped EXE
-
\??\c:\hvnvhh.exec:\hvnvhh.exe50⤵
- Executes dropped EXE
-
\??\c:\vlfhj.exec:\vlfhj.exe51⤵
- Executes dropped EXE
-
\??\c:\lxvndt.exec:\lxvndt.exe52⤵
- Executes dropped EXE
-
\??\c:\txjxb.exec:\txjxb.exe53⤵
- Executes dropped EXE
-
\??\c:\bjpxn.exec:\bjpxn.exe54⤵
- Executes dropped EXE
-
\??\c:\xrljl.exec:\xrljl.exe55⤵
- Executes dropped EXE
-
\??\c:\pnbjnvx.exec:\pnbjnvx.exe56⤵
- Executes dropped EXE
-
\??\c:\xhvbx.exec:\xhvbx.exe57⤵
- Executes dropped EXE
-
\??\c:\pfvfbpd.exec:\pfvfbpd.exe58⤵
- Executes dropped EXE
-
\??\c:\lrbrv.exec:\lrbrv.exe59⤵
- Executes dropped EXE
-
\??\c:\pdhhx.exec:\pdhhx.exe60⤵
- Executes dropped EXE
-
\??\c:\hhrjrb.exec:\hhrjrb.exe61⤵
- Executes dropped EXE
-
\??\c:\rvxtd.exec:\rvxtd.exe62⤵
- Executes dropped EXE
-
\??\c:\tbhdlt.exec:\tbhdlt.exe63⤵
- Executes dropped EXE
-
\??\c:\xrxrbfx.exec:\xrxrbfx.exe64⤵
- Executes dropped EXE
-
\??\c:\dnxhn.exec:\dnxhn.exe65⤵
- Executes dropped EXE
-
\??\c:\ptrxx.exec:\ptrxx.exe66⤵
-
\??\c:\rntvxf.exec:\rntvxf.exe67⤵
-
\??\c:\jdbpn.exec:\jdbpn.exe68⤵
-
\??\c:\rvxhhbr.exec:\rvxhhbr.exe69⤵
-
\??\c:\xnlhdf.exec:\xnlhdf.exe70⤵
-
\??\c:\jvxlvhh.exec:\jvxlvhh.exe71⤵
-
\??\c:\xxrjx.exec:\xxrjx.exe72⤵
-
\??\c:\xlfpb.exec:\xlfpb.exe73⤵
-
\??\c:\fptpfl.exec:\fptpfl.exe74⤵
-
\??\c:\rrfdnf.exec:\rrfdnf.exe75⤵
-
\??\c:\hvnhhfl.exec:\hvnhhfl.exe76⤵
-
\??\c:\pbfljf.exec:\pbfljf.exe77⤵
-
\??\c:\xxjxh.exec:\xxjxh.exe78⤵
-
\??\c:\hrfjvf.exec:\hrfjvf.exe79⤵
-
\??\c:\ntjtl.exec:\ntjtl.exe80⤵
-
\??\c:\tnrbhrj.exec:\tnrbhrj.exe81⤵
-
\??\c:\bfphrjj.exec:\bfphrjj.exe82⤵
-
\??\c:\xxjxrp.exec:\xxjxrp.exe83⤵
-
\??\c:\xlxtdp.exec:\xlxtdp.exe84⤵
-
\??\c:\nxjljb.exec:\nxjljb.exe85⤵
-
\??\c:\fntvb.exec:\fntvb.exe86⤵
-
\??\c:\lxfrlnj.exec:\lxfrlnj.exe87⤵
-
\??\c:\ljvjnn.exec:\ljvjnn.exe88⤵
-
\??\c:\ppnvvbh.exec:\ppnvvbh.exe89⤵
-
\??\c:\hndnh.exec:\hndnh.exe90⤵
-
\??\c:\rlnfjtf.exec:\rlnfjtf.exe91⤵
-
\??\c:\fhltn.exec:\fhltn.exe92⤵
-
\??\c:\pdhvbh.exec:\pdhvbh.exe93⤵
-
\??\c:\hbndtvn.exec:\hbndtvn.exe94⤵
-
\??\c:\ddjtx.exec:\ddjtx.exe95⤵
-
\??\c:\hxlhf.exec:\hxlhf.exe96⤵
-
\??\c:\fpdfplx.exec:\fpdfplx.exe97⤵
-
\??\c:\fxpdpff.exec:\fxpdpff.exe98⤵
-
\??\c:\xtnrlvl.exec:\xtnrlvl.exe99⤵
-
\??\c:\xfnnx.exec:\xfnnx.exe100⤵
-
\??\c:\hjbjrtv.exec:\hjbjrtv.exe101⤵
-
\??\c:\blvhhhp.exec:\blvhhhp.exe102⤵
-
\??\c:\vhhrp.exec:\vhhrp.exe103⤵
-
\??\c:\bpjtth.exec:\bpjtth.exe104⤵
-
\??\c:\jxhpd.exec:\jxhpd.exe105⤵
-
\??\c:\jbftv.exec:\jbftv.exe106⤵
-
\??\c:\lhhdpl.exec:\lhhdpl.exe107⤵
-
\??\c:\ljjjtrl.exec:\ljjjtrl.exe108⤵
-
\??\c:\xfrhjj.exec:\xfrhjj.exe109⤵
-
\??\c:\dllnjbx.exec:\dllnjbx.exe110⤵
-
\??\c:\rppfdrh.exec:\rppfdrh.exe111⤵
-
\??\c:\dpttln.exec:\dpttln.exe112⤵
-
\??\c:\tffvrft.exec:\tffvrft.exe113⤵
-
\??\c:\nxvvn.exec:\nxvvn.exe114⤵
-
\??\c:\jttrx.exec:\jttrx.exe115⤵
-
\??\c:\xdvlhth.exec:\xdvlhth.exe116⤵
-
\??\c:\vrjblv.exec:\vrjblv.exe117⤵
-
\??\c:\nnbpd.exec:\nnbpd.exe118⤵
-
\??\c:\vnxjdd.exec:\vnxjdd.exe119⤵
-
\??\c:\lhhhv.exec:\lhhhv.exe120⤵
-
\??\c:\dpdpvf.exec:\dpdpvf.exe121⤵
-
\??\c:\dfdxxlt.exec:\dfdxxlt.exe122⤵
-
\??\c:\nhvxf.exec:\nhvxf.exe123⤵
-
\??\c:\htpvjn.exec:\htpvjn.exe124⤵
-
\??\c:\fdhdxp.exec:\fdhdxp.exe125⤵
-
\??\c:\xhxpp.exec:\xhxpp.exe126⤵
-
\??\c:\nlrxrlb.exec:\nlrxrlb.exe127⤵
-
\??\c:\ptdfph.exec:\ptdfph.exe128⤵
-
\??\c:\pvvhfl.exec:\pvvhfl.exe129⤵
-
\??\c:\nrxnxt.exec:\nrxnxt.exe130⤵
-
\??\c:\rfljj.exec:\rfljj.exe131⤵
-
\??\c:\rxrdp.exec:\rxrdp.exe132⤵
-
\??\c:\jxdbj.exec:\jxdbj.exe133⤵
-
\??\c:\vdhvd.exec:\vdhvd.exe134⤵
-
\??\c:\vvxtrtj.exec:\vvxtrtj.exe135⤵
-
\??\c:\jbllx.exec:\jbllx.exe136⤵
-
\??\c:\tdjrlf.exec:\tdjrlf.exe137⤵
-
\??\c:\pxddvl.exec:\pxddvl.exe138⤵
-
\??\c:\tfbtlj.exec:\tfbtlj.exe139⤵
-
\??\c:\tdtfhx.exec:\tdtfhx.exe140⤵
-
\??\c:\hbxftd.exec:\hbxftd.exe141⤵
-
\??\c:\pnldvh.exec:\pnldvh.exe142⤵
-
\??\c:\rpvhpj.exec:\rpvhpj.exe143⤵
-
\??\c:\tlfnh.exec:\tlfnh.exe144⤵
-
\??\c:\tpxfjlr.exec:\tpxfjlr.exe145⤵
-
\??\c:\dvxxxrj.exec:\dvxxxrj.exe146⤵
-
\??\c:\pptfr.exec:\pptfr.exe147⤵
-
\??\c:\dbphxvx.exec:\dbphxvx.exe148⤵
-
\??\c:\rnnpt.exec:\rnnpt.exe149⤵
-
\??\c:\htndb.exec:\htndb.exe150⤵
-
\??\c:\fjrtj.exec:\fjrtj.exe151⤵
-
\??\c:\txlfjt.exec:\txlfjt.exe152⤵
-
\??\c:\fphdl.exec:\fphdl.exe153⤵
-
\??\c:\lvnrvd.exec:\lvnrvd.exe154⤵
-
\??\c:\fjttrv.exec:\fjttrv.exe155⤵
-
\??\c:\vrtbpdn.exec:\vrtbpdn.exe156⤵
-
\??\c:\fpbxrrd.exec:\fpbxrrd.exe157⤵
-
\??\c:\jphbvl.exec:\jphbvl.exe158⤵
-
\??\c:\tpjdblb.exec:\tpjdblb.exe159⤵
-
\??\c:\jxjrhn.exec:\jxjrhn.exe160⤵
-
\??\c:\rxvxhx.exec:\rxvxhx.exe161⤵
-
\??\c:\xbljlpx.exec:\xbljlpx.exe162⤵
-
\??\c:\brxvhdt.exec:\brxvhdt.exe163⤵
-
\??\c:\xldjthv.exec:\xldjthv.exe164⤵
-
\??\c:\jnhxllh.exec:\jnhxllh.exe165⤵
-
\??\c:\vdlxvv.exec:\vdlxvv.exe166⤵
-
\??\c:\nfxlb.exec:\nfxlb.exe167⤵
-
\??\c:\dxvxrpv.exec:\dxvxrpv.exe168⤵
-
\??\c:\vlbtd.exec:\vlbtd.exe169⤵
-
\??\c:\dpfnpn.exec:\dpfnpn.exe170⤵
-
\??\c:\lhtxtxv.exec:\lhtxtxv.exe171⤵
-
\??\c:\xdrnbrh.exec:\xdrnbrh.exe172⤵
-
\??\c:\xtfhdd.exec:\xtfhdd.exe173⤵
-
\??\c:\dfvtrhr.exec:\dfvtrhr.exe174⤵
-
\??\c:\rvfrhx.exec:\rvfrhx.exe175⤵
-
\??\c:\pddphfn.exec:\pddphfn.exe176⤵
-
\??\c:\jjvtvnr.exec:\jjvtvnr.exe177⤵
-
\??\c:\xnhdrhv.exec:\xnhdrhv.exe178⤵
-
\??\c:\xrlph.exec:\xrlph.exe179⤵
-
\??\c:\tpfphpf.exec:\tpfphpf.exe180⤵
-
\??\c:\jtdlhpf.exec:\jtdlhpf.exe181⤵
-
\??\c:\tdjxnfr.exec:\tdjxnfr.exe182⤵
-
\??\c:\lxrjdxp.exec:\lxrjdxp.exe183⤵
-
\??\c:\pjjrrll.exec:\pjjrrll.exe184⤵
-
\??\c:\flpdt.exec:\flpdt.exe185⤵
-
\??\c:\pdxxtph.exec:\pdxxtph.exe186⤵
-
\??\c:\ndxndn.exec:\ndxndn.exe187⤵
-
\??\c:\npvxxtv.exec:\npvxxtv.exe188⤵
-
\??\c:\tpddtrj.exec:\tpddtrj.exe189⤵
-
\??\c:\vftrt.exec:\vftrt.exe190⤵
-
\??\c:\xdfflp.exec:\xdfflp.exe191⤵
-
\??\c:\tdntn.exec:\tdntn.exe192⤵
-
\??\c:\vvvtvf.exec:\vvvtvf.exe193⤵
-
\??\c:\njhpx.exec:\njhpx.exe194⤵
-
\??\c:\xppfr.exec:\xppfr.exe195⤵
-
\??\c:\lbhdpv.exec:\lbhdpv.exe196⤵
-
\??\c:\vxjhhv.exec:\vxjhhv.exe197⤵
-
\??\c:\prbdbt.exec:\prbdbt.exe198⤵
-
\??\c:\jhfdt.exec:\jhfdt.exe199⤵
-
\??\c:\rlvxjrx.exec:\rlvxjrx.exe200⤵
-
\??\c:\fnbtnn.exec:\fnbtnn.exe201⤵
-
\??\c:\lhlxxt.exec:\lhlxxt.exe202⤵
-
\??\c:\blftft.exec:\blftft.exe203⤵
-
\??\c:\frphl.exec:\frphl.exe204⤵
-
\??\c:\bdxndjh.exec:\bdxndjh.exe205⤵
-
\??\c:\fvlfv.exec:\fvlfv.exe206⤵
-
\??\c:\bvtnd.exec:\bvtnd.exe207⤵
-
\??\c:\hblpxh.exec:\hblpxh.exe208⤵
-
\??\c:\prxfbdt.exec:\prxfbdt.exe209⤵
-
\??\c:\tbfpbnv.exec:\tbfpbnv.exe210⤵
-
\??\c:\fthtf.exec:\fthtf.exe211⤵
-
\??\c:\nrjfn.exec:\nrjfn.exe212⤵
-
\??\c:\hdjhhhn.exec:\hdjhhhn.exe213⤵
-
\??\c:\rfnpttl.exec:\rfnpttl.exe214⤵
-
\??\c:\hhthnvh.exec:\hhthnvh.exe215⤵
-
\??\c:\jrlhb.exec:\jrlhb.exe216⤵
-
\??\c:\hbjbxxt.exec:\hbjbxxt.exe217⤵
-
\??\c:\vfrtvjd.exec:\vfrtvjd.exe218⤵
-
\??\c:\bptpxrv.exec:\bptpxrv.exe219⤵
-
\??\c:\hjhnd.exec:\hjhnd.exe220⤵
-
\??\c:\hxxxvdj.exec:\hxxxvdj.exe221⤵
-
\??\c:\nllbddt.exec:\nllbddt.exe222⤵
-
\??\c:\jpvpln.exec:\jpvpln.exe223⤵
-
\??\c:\pxvpvfh.exec:\pxvpvfh.exe224⤵
-
\??\c:\fdbntn.exec:\fdbntn.exe225⤵
-
\??\c:\xblnl.exec:\xblnl.exe226⤵
-
\??\c:\plxtp.exec:\plxtp.exe227⤵
-
\??\c:\tvjtnh.exec:\tvjtnh.exe228⤵
-
\??\c:\dtxpjvd.exec:\dtxpjvd.exe229⤵
-
\??\c:\rfbbpr.exec:\rfbbpr.exe230⤵
-
\??\c:\txvjjrt.exec:\txvjjrt.exe231⤵
-
\??\c:\xjxjh.exec:\xjxjh.exe232⤵
-
\??\c:\rbxfrxd.exec:\rbxfrxd.exe233⤵
-
\??\c:\jlpbhh.exec:\jlpbhh.exe234⤵
-
\??\c:\xbdnhr.exec:\xbdnhr.exe235⤵
-
\??\c:\hnbbj.exec:\hnbbj.exe236⤵
-
\??\c:\rxrhjt.exec:\rxrhjt.exe237⤵
-
\??\c:\pjptndr.exec:\pjptndr.exe238⤵
-
\??\c:\dlfbn.exec:\dlfbn.exe239⤵
-
\??\c:\txlhpdj.exec:\txlhpdj.exe240⤵