Analysis
-
max time kernel
150s -
max time network
112s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
23-05-2024 19:29
General
-
Target
2223e0f69fa4c4be1a8b43f15b308fe811e2f9969859abb1d7ff1870b69aef2c.exe
-
Size
63KB
-
MD5
1cd6beb3db803de72c24bfe505c5e455
-
SHA1
ff373248e2ef7b31891e72ac812af2a6723866bd
-
SHA256
2223e0f69fa4c4be1a8b43f15b308fe811e2f9969859abb1d7ff1870b69aef2c
-
SHA512
776efd4485a167fa84a64028d3ac870ff6fb697c4a6da2c6b9fdedf8dc687f58014c6d1341e7e45680b6186d5255e05a7c76def4f0712fc7618a2149b1f11a88
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDISoFGDAB:ymb3NkkiQ3mdBjFIk8B
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
UPX dump on OEP (original entry point) 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2223e0f69fa4c4be1a8b43f15b308fe811e2f9969859abb1d7ff1870b69aef2c.exe"C:\Users\Admin\AppData\Local\Temp\2223e0f69fa4c4be1a8b43f15b308fe811e2f9969859abb1d7ff1870b69aef2c.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxrffl.exec:\rrxrffl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbbb.exec:\nhbbbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhtbb.exec:\bnhtbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjdp.exec:\ppjdp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrfxll.exec:\xrrfxll.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rrrllf.exec:\3rrrllf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttttnn.exec:\ttttnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdv.exec:\vjjdv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfffl.exec:\lflfffl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbtt.exec:\hthbtt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddddv.exec:\ddddv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llffffx.exec:\llffffx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxrrl.exec:\xrxxrrl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhbbh.exec:\nnhbbh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpjd.exec:\ddpjd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrffx.exec:\fxxrffx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnnbh.exec:\bbnnbh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3btnbb.exec:\3btnbb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddj.exec:\dvddj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rxlxfx.exec:\7rxlxfx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlxlfr.exec:\fxlxlfr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhhnn.exec:\bbhhnn.exe23⤵
- Executes dropped EXE
-
\??\c:\3jdvv.exec:\3jdvv.exe24⤵
- Executes dropped EXE
-
\??\c:\vvvvj.exec:\vvvvj.exe25⤵
- Executes dropped EXE
-
\??\c:\fxxrffl.exec:\fxxrffl.exe26⤵
- Executes dropped EXE
-
\??\c:\7hbthb.exec:\7hbthb.exe27⤵
- Executes dropped EXE
-
\??\c:\dvpjp.exec:\dvpjp.exe28⤵
- Executes dropped EXE
-
\??\c:\fllflff.exec:\fllflff.exe29⤵
- Executes dropped EXE
-
\??\c:\fxrflfx.exec:\fxrflfx.exe30⤵
- Executes dropped EXE
-
\??\c:\nhbtbb.exec:\nhbtbb.exe31⤵
- Executes dropped EXE
-
\??\c:\jvpjv.exec:\jvpjv.exe32⤵
- Executes dropped EXE
-
\??\c:\rffxrll.exec:\rffxrll.exe33⤵
- Executes dropped EXE
-
\??\c:\xrxxxxr.exec:\xrxxxxr.exe34⤵
- Executes dropped EXE
-
\??\c:\nnnnhh.exec:\nnnnhh.exe35⤵
- Executes dropped EXE
-
\??\c:\nttnhh.exec:\nttnhh.exe36⤵
- Executes dropped EXE
-
\??\c:\dvdjj.exec:\dvdjj.exe37⤵
- Executes dropped EXE
-
\??\c:\3xxrffx.exec:\3xxrffx.exe38⤵
- Executes dropped EXE
-
\??\c:\tthhhh.exec:\tthhhh.exe39⤵
- Executes dropped EXE
-
\??\c:\nhbhhh.exec:\nhbhhh.exe40⤵
- Executes dropped EXE
-
\??\c:\7vddv.exec:\7vddv.exe41⤵
- Executes dropped EXE
-
\??\c:\vvvdj.exec:\vvvdj.exe42⤵
- Executes dropped EXE
-
\??\c:\ffrrrxr.exec:\ffrrrxr.exe43⤵
- Executes dropped EXE
-
\??\c:\xxrllrl.exec:\xxrllrl.exe44⤵
- Executes dropped EXE
-
\??\c:\nbhhht.exec:\nbhhht.exe45⤵
- Executes dropped EXE
-
\??\c:\7pvpj.exec:\7pvpj.exe46⤵
- Executes dropped EXE
-
\??\c:\jppjd.exec:\jppjd.exe47⤵
- Executes dropped EXE
-
\??\c:\xlxxxff.exec:\xlxxxff.exe48⤵
- Executes dropped EXE
-
\??\c:\rrrrlll.exec:\rrrrlll.exe49⤵
- Executes dropped EXE
-
\??\c:\ntttbn.exec:\ntttbn.exe50⤵
- Executes dropped EXE
-
\??\c:\jvdvp.exec:\jvdvp.exe51⤵
- Executes dropped EXE
-
\??\c:\pjdvp.exec:\pjdvp.exe52⤵
- Executes dropped EXE
-
\??\c:\xfxrrlr.exec:\xfxrrlr.exe53⤵
- Executes dropped EXE
-
\??\c:\xlxrxxf.exec:\xlxrxxf.exe54⤵
- Executes dropped EXE
-
\??\c:\thhhbh.exec:\thhhbh.exe55⤵
- Executes dropped EXE
-
\??\c:\thnhbb.exec:\thnhbb.exe56⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe57⤵
- Executes dropped EXE
-
\??\c:\jvpjp.exec:\jvpjp.exe58⤵
- Executes dropped EXE
-
\??\c:\fllfxff.exec:\fllfxff.exe59⤵
- Executes dropped EXE
-
\??\c:\9nhbtt.exec:\9nhbtt.exe60⤵
- Executes dropped EXE
-
\??\c:\9bbtnb.exec:\9bbtnb.exe61⤵
- Executes dropped EXE
-
\??\c:\1vdvv.exec:\1vdvv.exe62⤵
- Executes dropped EXE
-
\??\c:\5vpjj.exec:\5vpjj.exe63⤵
- Executes dropped EXE
-
\??\c:\rlrllrl.exec:\rlrllrl.exe64⤵
- Executes dropped EXE
-
\??\c:\xllrllf.exec:\xllrllf.exe65⤵
- Executes dropped EXE
-
\??\c:\htnhbt.exec:\htnhbt.exe66⤵
-
\??\c:\7htntn.exec:\7htntn.exe67⤵
-
\??\c:\7dpdv.exec:\7dpdv.exe68⤵
-
\??\c:\dppjd.exec:\dppjd.exe69⤵
-
\??\c:\9tthnt.exec:\9tthnt.exe70⤵
-
\??\c:\ddjpp.exec:\ddjpp.exe71⤵
-
\??\c:\lxrrxrl.exec:\lxrrxrl.exe72⤵
-
\??\c:\xlrfxlf.exec:\xlrfxlf.exe73⤵
-
\??\c:\hbnthn.exec:\hbnthn.exe74⤵
-
\??\c:\tnhbnh.exec:\tnhbnh.exe75⤵
-
\??\c:\vddvp.exec:\vddvp.exe76⤵
-
\??\c:\dvjvj.exec:\dvjvj.exe77⤵
-
\??\c:\3flrlxl.exec:\3flrlxl.exe78⤵
-
\??\c:\bbnbtn.exec:\bbnbtn.exe79⤵
-
\??\c:\nbthnh.exec:\nbthnh.exe80⤵
-
\??\c:\nnnhbb.exec:\nnnhbb.exe81⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe82⤵
-
\??\c:\ffxlrrf.exec:\ffxlrrf.exe83⤵
-
\??\c:\htbtnh.exec:\htbtnh.exe84⤵
-
\??\c:\jjjvj.exec:\jjjvj.exe85⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe86⤵
-
\??\c:\rlxrfxr.exec:\rlxrfxr.exe87⤵
-
\??\c:\5xlxrlf.exec:\5xlxrlf.exe88⤵
-
\??\c:\tttbtn.exec:\tttbtn.exe89⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe90⤵
-
\??\c:\djvjv.exec:\djvjv.exe91⤵
-
\??\c:\lfxrfxl.exec:\lfxrfxl.exe92⤵
-
\??\c:\xrxllff.exec:\xrxllff.exe93⤵
-
\??\c:\hnbbht.exec:\hnbbht.exe94⤵
-
\??\c:\jddvd.exec:\jddvd.exe95⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe96⤵
-
\??\c:\5ffffxx.exec:\5ffffxx.exe97⤵
-
\??\c:\bnhbnb.exec:\bnhbnb.exe98⤵
-
\??\c:\bhhtnt.exec:\bhhtnt.exe99⤵
-
\??\c:\3jvjv.exec:\3jvjv.exe100⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe101⤵
-
\??\c:\hnhthb.exec:\hnhthb.exe102⤵
-
\??\c:\7dddv.exec:\7dddv.exe103⤵
-
\??\c:\jvvvv.exec:\jvvvv.exe104⤵
-
\??\c:\frflfxr.exec:\frflfxr.exe105⤵
-
\??\c:\lxrllfr.exec:\lxrllfr.exe106⤵
-
\??\c:\bhbthh.exec:\bhbthh.exe107⤵
-
\??\c:\vvpjv.exec:\vvpjv.exe108⤵
-
\??\c:\dddvv.exec:\dddvv.exe109⤵
-
\??\c:\9rrlrlf.exec:\9rrlrlf.exe110⤵
-
\??\c:\1lrffff.exec:\1lrffff.exe111⤵
-
\??\c:\1ntnhn.exec:\1ntnhn.exe112⤵
-
\??\c:\nntnbt.exec:\nntnbt.exe113⤵
-
\??\c:\djddv.exec:\djddv.exe114⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe115⤵
-
\??\c:\lrffxll.exec:\lrffxll.exe116⤵
-
\??\c:\ffxlxfr.exec:\ffxlxfr.exe117⤵
-
\??\c:\tbnbnt.exec:\tbnbnt.exe118⤵
-
\??\c:\dppjv.exec:\dppjv.exe119⤵
-
\??\c:\pdjvj.exec:\pdjvj.exe120⤵
-
\??\c:\xrlfrlf.exec:\xrlfrlf.exe121⤵
-
\??\c:\xfrrffx.exec:\xfrrffx.exe122⤵
-
\??\c:\7rlxrlf.exec:\7rlxrlf.exe123⤵
-
\??\c:\httnhb.exec:\httnhb.exe124⤵
-
\??\c:\1dvjv.exec:\1dvjv.exe125⤵
-
\??\c:\7pjdp.exec:\7pjdp.exe126⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe127⤵
-
\??\c:\fxrfxxr.exec:\fxrfxxr.exe128⤵
-
\??\c:\5ffrlxr.exec:\5ffrlxr.exe129⤵
-
\??\c:\7hnhbh.exec:\7hnhbh.exe130⤵
-
\??\c:\vjpvp.exec:\vjpvp.exe131⤵
-
\??\c:\3ppdp.exec:\3ppdp.exe132⤵
-
\??\c:\fxxxrxx.exec:\fxxxrxx.exe133⤵
-
\??\c:\nbtthh.exec:\nbtthh.exe134⤵
-
\??\c:\tnhtnh.exec:\tnhtnh.exe135⤵
-
\??\c:\vpppj.exec:\vpppj.exe136⤵
-
\??\c:\llxflfr.exec:\llxflfr.exe137⤵
-
\??\c:\xffrlfr.exec:\xffrlfr.exe138⤵
-
\??\c:\tntnht.exec:\tntnht.exe139⤵
-
\??\c:\7hhhtt.exec:\7hhhtt.exe140⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe141⤵
-
\??\c:\jvpdj.exec:\jvpdj.exe142⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe143⤵
-
\??\c:\rlxrlll.exec:\rlxrlll.exe144⤵
-
\??\c:\rfxrfxr.exec:\rfxrfxr.exe145⤵
-
\??\c:\hbtnhn.exec:\hbtnhn.exe146⤵
-
\??\c:\ththtn.exec:\ththtn.exe147⤵
-
\??\c:\jppdv.exec:\jppdv.exe148⤵
-
\??\c:\jdvdv.exec:\jdvdv.exe149⤵
-
\??\c:\9xrlfll.exec:\9xrlfll.exe150⤵
-
\??\c:\xrxrrxl.exec:\xrxrrxl.exe151⤵
-
\??\c:\7bhbnh.exec:\7bhbnh.exe152⤵
-
\??\c:\htnbth.exec:\htnbth.exe153⤵
-
\??\c:\pvvpd.exec:\pvvpd.exe154⤵
-
\??\c:\3pddj.exec:\3pddj.exe155⤵
-
\??\c:\frfrfrl.exec:\frfrfrl.exe156⤵
-
\??\c:\5btthh.exec:\5btthh.exe157⤵
-
\??\c:\7jjpj.exec:\7jjpj.exe158⤵
-
\??\c:\pjjvj.exec:\pjjvj.exe159⤵
-
\??\c:\3fxlxrf.exec:\3fxlxrf.exe160⤵
-
\??\c:\xrlrffr.exec:\xrlrffr.exe161⤵
-
\??\c:\9fxlfxr.exec:\9fxlfxr.exe162⤵
-
\??\c:\thhbnb.exec:\thhbnb.exe163⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe164⤵
-
\??\c:\vjdvp.exec:\vjdvp.exe165⤵
-
\??\c:\fxfrxrl.exec:\fxfrxrl.exe166⤵
-
\??\c:\xlffrlf.exec:\xlffrlf.exe167⤵
-
\??\c:\htbtnh.exec:\htbtnh.exe168⤵
-
\??\c:\5hhhtn.exec:\5hhhtn.exe169⤵
-
\??\c:\vvpjv.exec:\vvpjv.exe170⤵
-
\??\c:\jjpjv.exec:\jjpjv.exe171⤵
-
\??\c:\ffrrrlx.exec:\ffrrrlx.exe172⤵
-
\??\c:\rfxrfxr.exec:\rfxrfxr.exe173⤵
-
\??\c:\rlrrlfx.exec:\rlrrlfx.exe174⤵
-
\??\c:\bnnbnh.exec:\bnnbnh.exe175⤵
-
\??\c:\5vpdv.exec:\5vpdv.exe176⤵
-
\??\c:\pdpdv.exec:\pdpdv.exe177⤵
-
\??\c:\9rrlxxl.exec:\9rrlxxl.exe178⤵
-
\??\c:\frrrfrf.exec:\frrrfrf.exe179⤵
-
\??\c:\ntnhbt.exec:\ntnhbt.exe180⤵
-
\??\c:\tntnnh.exec:\tntnnh.exe181⤵
-
\??\c:\7jjdj.exec:\7jjdj.exe182⤵
-
\??\c:\9ppdj.exec:\9ppdj.exe183⤵
-
\??\c:\fllfrlf.exec:\fllfrlf.exe184⤵
-
\??\c:\htbntn.exec:\htbntn.exe185⤵
-
\??\c:\nbthtn.exec:\nbthtn.exe186⤵
-
\??\c:\7vpdp.exec:\7vpdp.exe187⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe188⤵
-
\??\c:\xrffxfx.exec:\xrffxfx.exe189⤵
-
\??\c:\fxxrlfr.exec:\fxxrlfr.exe190⤵
-
\??\c:\1xxxrrr.exec:\1xxxrrr.exe191⤵
-
\??\c:\3tnnhb.exec:\3tnnhb.exe192⤵
-
\??\c:\nbthnn.exec:\nbthnn.exe193⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe194⤵
-
\??\c:\jvjvj.exec:\jvjvj.exe195⤵
-
\??\c:\lxxrrlf.exec:\lxxrrlf.exe196⤵
-
\??\c:\1rlxrrf.exec:\1rlxrrf.exe197⤵
-
\??\c:\rfrfxfx.exec:\rfrfxfx.exe198⤵
-
\??\c:\ntbbtn.exec:\ntbbtn.exe199⤵
-
\??\c:\1bhtnn.exec:\1bhtnn.exe200⤵
-
\??\c:\vjvpv.exec:\vjvpv.exe201⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe202⤵
-
\??\c:\fxffflr.exec:\fxffflr.exe203⤵
-
\??\c:\3fffxrr.exec:\3fffxrr.exe204⤵
-
\??\c:\thhthh.exec:\thhthh.exe205⤵
-
\??\c:\btnhbt.exec:\btnhbt.exe206⤵
-
\??\c:\vvvpd.exec:\vvvpd.exe207⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe208⤵
-
\??\c:\xllfrrl.exec:\xllfrrl.exe209⤵
-
\??\c:\nthbbt.exec:\nthbbt.exe210⤵
-
\??\c:\btnhtt.exec:\btnhtt.exe211⤵
-
\??\c:\5pjvj.exec:\5pjvj.exe212⤵
-
\??\c:\jppjp.exec:\jppjp.exe213⤵
-
\??\c:\rrrlrrf.exec:\rrrlrrf.exe214⤵
-
\??\c:\lrllfxl.exec:\lrllfxl.exe215⤵
-
\??\c:\nbbtbt.exec:\nbbtbt.exe216⤵
-
\??\c:\bnbhbt.exec:\bnbhbt.exe217⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe218⤵
-
\??\c:\pvvpd.exec:\pvvpd.exe219⤵
-
\??\c:\xrlrlfx.exec:\xrlrlfx.exe220⤵
-
\??\c:\xxxrffl.exec:\xxxrffl.exe221⤵
-
\??\c:\htthbt.exec:\htthbt.exe222⤵
-
\??\c:\3thbnn.exec:\3thbnn.exe223⤵
-
\??\c:\5jjdp.exec:\5jjdp.exe224⤵
-
\??\c:\pjdvd.exec:\pjdvd.exe225⤵
-
\??\c:\xrlfffr.exec:\xrlfffr.exe226⤵
-
\??\c:\hbttnh.exec:\hbttnh.exe227⤵
-
\??\c:\7hnhtn.exec:\7hnhtn.exe228⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe229⤵
-
\??\c:\rxxxrlf.exec:\rxxxrlf.exe230⤵
-
\??\c:\btbntt.exec:\btbntt.exe231⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe232⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe233⤵
-
\??\c:\9dvpj.exec:\9dvpj.exe234⤵
-
\??\c:\xffxrlx.exec:\xffxrlx.exe235⤵
-
\??\c:\rfrlxlx.exec:\rfrlxlx.exe236⤵
-
\??\c:\ntbhnb.exec:\ntbhnb.exe237⤵
-
\??\c:\5nnhbt.exec:\5nnhbt.exe238⤵
-
\??\c:\pjjvj.exec:\pjjvj.exe239⤵
-
\??\c:\ddjdp.exec:\ddjdp.exe240⤵
-
\??\c:\frlfxrl.exec:\frlfxrl.exe241⤵