Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
23-05-2024 19:09
General
-
Target
1b7ea709cbe4a127f9757ff32486f4d1b4198d70e2f8e980f6c317fc0b4a5a8e.exe
-
Size
306KB
-
MD5
ca154b3b3b8bfdd413af1b880a72b6b0
-
SHA1
c3b5ee5201dc7546093adf8f72002e64d039d64f
-
SHA256
1b7ea709cbe4a127f9757ff32486f4d1b4198d70e2f8e980f6c317fc0b4a5a8e
-
SHA512
efe6da22648095463113cfed5a7c8bb00c64c92f0f902360bc1d2da1c5fc1faf68fe7e806bdac6515f8d06b39bdb3f5a7f9523bac08a01791f09a68a90480a83
-
SSDEEP
6144:n3C9BRo/AIuuOthLmH403Pyr6UWO6jUl7sPgvwN4:n3C9uDVOXLmHBKWyn+Pgvu4
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
UPX dump on OEP (original entry point) 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1b7ea709cbe4a127f9757ff32486f4d1b4198d70e2f8e980f6c317fc0b4a5a8e.exe"C:\Users\Admin\AppData\Local\Temp\1b7ea709cbe4a127f9757ff32486f4d1b4198d70e2f8e980f6c317fc0b4a5a8e.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9dvpd.exec:\9dvpd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxrlfx.exec:\lxxrlfx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhbn.exec:\tnnhbn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nnnnn.exec:\9nnnnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdd.exec:\pdjdd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpppj.exec:\vpppj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnhnn.exec:\hbnhnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnhbt.exec:\hbnhbt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjdv.exec:\jvjdv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3llfffx.exec:\3llfffx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxffxr.exec:\rrxffxr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthbbb.exec:\nthbbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdpj.exec:\pvdpj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnhhh.exec:\hbnhhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnnt.exec:\hbtnnt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflfxxr.exec:\fflfxxr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppdv.exec:\vppdv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vdvv.exec:\5vdvv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bnhhh.exec:\5bnhhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrllll.exec:\rrrllll.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5htnhh.exec:\5htnhh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjjj.exec:\vdjjj.exe23⤵
- Executes dropped EXE
-
\??\c:\dpvpv.exec:\dpvpv.exe24⤵
- Executes dropped EXE
-
\??\c:\pdjdd.exec:\pdjdd.exe25⤵
- Executes dropped EXE
-
\??\c:\vpvpv.exec:\vpvpv.exe26⤵
- Executes dropped EXE
-
\??\c:\3bnttt.exec:\3bnttt.exe27⤵
- Executes dropped EXE
-
\??\c:\7xxxrrl.exec:\7xxxrrl.exe28⤵
- Executes dropped EXE
-
\??\c:\nbhbbb.exec:\nbhbbb.exe29⤵
- Executes dropped EXE
-
\??\c:\9vdvp.exec:\9vdvp.exe30⤵
- Executes dropped EXE
-
\??\c:\lfrlrlr.exec:\lfrlrlr.exe31⤵
- Executes dropped EXE
-
\??\c:\3nhbtb.exec:\3nhbtb.exe32⤵
- Executes dropped EXE
-
\??\c:\jvdvv.exec:\jvdvv.exe33⤵
- Executes dropped EXE
-
\??\c:\fxfffll.exec:\fxfffll.exe34⤵
- Executes dropped EXE
-
\??\c:\5ntbhn.exec:\5ntbhn.exe35⤵
- Executes dropped EXE
-
\??\c:\bnnhbt.exec:\bnnhbt.exe36⤵
- Executes dropped EXE
-
\??\c:\dpjvd.exec:\dpjvd.exe37⤵
- Executes dropped EXE
-
\??\c:\lfrlrrl.exec:\lfrlrrl.exe38⤵
- Executes dropped EXE
-
\??\c:\tnthhb.exec:\tnthhb.exe39⤵
- Executes dropped EXE
-
\??\c:\5ntnnn.exec:\5ntnnn.exe40⤵
- Executes dropped EXE
-
\??\c:\djpjd.exec:\djpjd.exe41⤵
- Executes dropped EXE
-
\??\c:\lfrlfxr.exec:\lfrlfxr.exe42⤵
- Executes dropped EXE
-
\??\c:\lxffflf.exec:\lxffflf.exe43⤵
- Executes dropped EXE
-
\??\c:\5nnnhh.exec:\5nnnhh.exe44⤵
- Executes dropped EXE
-
\??\c:\3djjj.exec:\3djjj.exe45⤵
- Executes dropped EXE
-
\??\c:\xllxrrl.exec:\xllxrrl.exe46⤵
- Executes dropped EXE
-
\??\c:\hhtnhb.exec:\hhtnhb.exe47⤵
- Executes dropped EXE
-
\??\c:\hbnhhn.exec:\hbnhhn.exe48⤵
- Executes dropped EXE
-
\??\c:\dpdvv.exec:\dpdvv.exe49⤵
- Executes dropped EXE
-
\??\c:\rflrxxx.exec:\rflrxxx.exe50⤵
- Executes dropped EXE
-
\??\c:\hbhbtb.exec:\hbhbtb.exe51⤵
- Executes dropped EXE
-
\??\c:\vjpjj.exec:\vjpjj.exe52⤵
- Executes dropped EXE
-
\??\c:\xflfllr.exec:\xflfllr.exe53⤵
- Executes dropped EXE
-
\??\c:\nhhnhn.exec:\nhhnhn.exe54⤵
- Executes dropped EXE
-
\??\c:\9jvpp.exec:\9jvpp.exe55⤵
- Executes dropped EXE
-
\??\c:\vppjj.exec:\vppjj.exe56⤵
- Executes dropped EXE
-
\??\c:\lllffxx.exec:\lllffxx.exe57⤵
- Executes dropped EXE
-
\??\c:\bntnnn.exec:\bntnnn.exe58⤵
- Executes dropped EXE
-
\??\c:\tnbtbb.exec:\tnbtbb.exe59⤵
- Executes dropped EXE
-
\??\c:\vddvv.exec:\vddvv.exe60⤵
- Executes dropped EXE
-
\??\c:\xrxlfrr.exec:\xrxlfrr.exe61⤵
- Executes dropped EXE
-
\??\c:\5xfxxxx.exec:\5xfxxxx.exe62⤵
- Executes dropped EXE
-
\??\c:\hbtnnn.exec:\hbtnnn.exe63⤵
- Executes dropped EXE
-
\??\c:\ddjdp.exec:\ddjdp.exe64⤵
- Executes dropped EXE
-
\??\c:\fxxrllf.exec:\fxxrllf.exe65⤵
- Executes dropped EXE
-
\??\c:\lxfxrrr.exec:\lxfxrrr.exe66⤵
-
\??\c:\hbnnnn.exec:\hbnnnn.exe67⤵
-
\??\c:\1vdvp.exec:\1vdvp.exe68⤵
-
\??\c:\dpdvd.exec:\dpdvd.exe69⤵
-
\??\c:\lxfxxrr.exec:\lxfxxrr.exe70⤵
-
\??\c:\frxxrrr.exec:\frxxrrr.exe71⤵
-
\??\c:\tnnnnn.exec:\tnnnnn.exe72⤵
-
\??\c:\ntbtnn.exec:\ntbtnn.exe73⤵
-
\??\c:\3jjdd.exec:\3jjdd.exe74⤵
-
\??\c:\lflfxxx.exec:\lflfxxx.exe75⤵
-
\??\c:\fxxxrrr.exec:\fxxxrrr.exe76⤵
-
\??\c:\7bnhbh.exec:\7bnhbh.exe77⤵
-
\??\c:\3bnnhh.exec:\3bnnhh.exe78⤵
-
\??\c:\jvddv.exec:\jvddv.exe79⤵
-
\??\c:\jdppd.exec:\jdppd.exe80⤵
-
\??\c:\fxrfrxf.exec:\fxrfrxf.exe81⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe82⤵
-
\??\c:\btbnnh.exec:\btbnnh.exe83⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe84⤵
-
\??\c:\pjpjv.exec:\pjpjv.exe85⤵
-
\??\c:\xrrrlll.exec:\xrrrlll.exe86⤵
-
\??\c:\rflfxfx.exec:\rflfxfx.exe87⤵
-
\??\c:\nnntnn.exec:\nnntnn.exe88⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe89⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe90⤵
-
\??\c:\rlllxxx.exec:\rlllxxx.exe91⤵
-
\??\c:\hhhhbb.exec:\hhhhbb.exe92⤵
-
\??\c:\1ntnnn.exec:\1ntnnn.exe93⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe94⤵
-
\??\c:\pjvjv.exec:\pjvjv.exe95⤵
-
\??\c:\xrfxxxl.exec:\xrfxxxl.exe96⤵
-
\??\c:\bhnhtb.exec:\bhnhtb.exe97⤵
-
\??\c:\7jjjd.exec:\7jjjd.exe98⤵
-
\??\c:\5rxxrff.exec:\5rxxrff.exe99⤵
-
\??\c:\xfllfll.exec:\xfllfll.exe100⤵
-
\??\c:\tnthbb.exec:\tnthbb.exe101⤵
-
\??\c:\thnnhn.exec:\thnnhn.exe102⤵
-
\??\c:\jvjdv.exec:\jvjdv.exe103⤵
-
\??\c:\fxfxxxx.exec:\fxfxxxx.exe104⤵
-
\??\c:\lfxrlrl.exec:\lfxrlrl.exe105⤵
-
\??\c:\bnbttt.exec:\bnbttt.exe106⤵
-
\??\c:\dvdjd.exec:\dvdjd.exe107⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe108⤵
-
\??\c:\xfrlffx.exec:\xfrlffx.exe109⤵
-
\??\c:\xrfxrxr.exec:\xrfxrxr.exe110⤵
-
\??\c:\5hnnhb.exec:\5hnnhb.exe111⤵
-
\??\c:\nhbtnn.exec:\nhbtnn.exe112⤵
-
\??\c:\3vpjd.exec:\3vpjd.exe113⤵
-
\??\c:\1pppj.exec:\1pppj.exe114⤵
-
\??\c:\7rxxxxf.exec:\7rxxxxf.exe115⤵
-
\??\c:\flrrrll.exec:\flrrrll.exe116⤵
-
\??\c:\bhtnbb.exec:\bhtnbb.exe117⤵
-
\??\c:\ntbttn.exec:\ntbttn.exe118⤵
-
\??\c:\vpppj.exec:\vpppj.exe119⤵
-
\??\c:\pppjd.exec:\pppjd.exe120⤵
-
\??\c:\llxxfxx.exec:\llxxfxx.exe121⤵
-
\??\c:\fxxrllf.exec:\fxxrllf.exe122⤵
-
\??\c:\nhnhnn.exec:\nhnhnn.exe123⤵
-
\??\c:\btbttt.exec:\btbttt.exe124⤵
-
\??\c:\jvjdv.exec:\jvjdv.exe125⤵
-
\??\c:\llrrxrx.exec:\llrrxrx.exe126⤵
-
\??\c:\rfffxfx.exec:\rfffxfx.exe127⤵
-
\??\c:\tnttnb.exec:\tnttnb.exe128⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe129⤵
-
\??\c:\vdjvp.exec:\vdjvp.exe130⤵
-
\??\c:\7rrfxxx.exec:\7rrfxxx.exe131⤵
-
\??\c:\fffrlrr.exec:\fffrlrr.exe132⤵
-
\??\c:\tnthhh.exec:\tnthhh.exe133⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe134⤵
-
\??\c:\xrrlffx.exec:\xrrlffx.exe135⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe136⤵
-
\??\c:\dpjdp.exec:\dpjdp.exe137⤵
-
\??\c:\xxrllll.exec:\xxrllll.exe138⤵
-
\??\c:\xlxrrll.exec:\xlxrrll.exe139⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe140⤵
-
\??\c:\dpdvp.exec:\dpdvp.exe141⤵
-
\??\c:\rlxrxrx.exec:\rlxrxrx.exe142⤵
-
\??\c:\1bbttt.exec:\1bbttt.exe143⤵
-
\??\c:\9bbtbb.exec:\9bbtbb.exe144⤵
-
\??\c:\jvddv.exec:\jvddv.exe145⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe146⤵
-
\??\c:\xrrlrll.exec:\xrrlrll.exe147⤵
-
\??\c:\3tnttb.exec:\3tnttb.exe148⤵
-
\??\c:\bthbbb.exec:\bthbbb.exe149⤵
-
\??\c:\pdvpj.exec:\pdvpj.exe150⤵
-
\??\c:\rxffxfx.exec:\rxffxfx.exe151⤵
-
\??\c:\llrllll.exec:\llrllll.exe152⤵
-
\??\c:\ttnnhh.exec:\ttnnhh.exe153⤵
-
\??\c:\bntttn.exec:\bntttn.exe154⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe155⤵
-
\??\c:\lrlrrxx.exec:\lrlrrxx.exe156⤵
-
\??\c:\1fxxxxx.exec:\1fxxxxx.exe157⤵
-
\??\c:\9nnhbb.exec:\9nnhbb.exe158⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe159⤵
-
\??\c:\vppjd.exec:\vppjd.exe160⤵
-
\??\c:\xlxrrlf.exec:\xlxrrlf.exe161⤵
-
\??\c:\nhnnhb.exec:\nhnnhb.exe162⤵
-
\??\c:\tbhhbn.exec:\tbhhbn.exe163⤵
-
\??\c:\ddpjd.exec:\ddpjd.exe164⤵
-
\??\c:\fxfxrrr.exec:\fxfxrrr.exe165⤵
-
\??\c:\nnbtnh.exec:\nnbtnh.exe166⤵
-
\??\c:\bbttbb.exec:\bbttbb.exe167⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe168⤵
-
\??\c:\fffxlff.exec:\fffxlff.exe169⤵
-
\??\c:\lflfxrx.exec:\lflfxrx.exe170⤵
-
\??\c:\tnhbtb.exec:\tnhbtb.exe171⤵
-
\??\c:\3dvjd.exec:\3dvjd.exe172⤵
-
\??\c:\1vdvp.exec:\1vdvp.exe173⤵
-
\??\c:\flrllll.exec:\flrllll.exe174⤵
-
\??\c:\fffffff.exec:\fffffff.exe175⤵
-
\??\c:\nbhhhh.exec:\nbhhhh.exe176⤵
-
\??\c:\btbbtb.exec:\btbbtb.exe177⤵
-
\??\c:\7pjdd.exec:\7pjdd.exe178⤵
-
\??\c:\rrffxxf.exec:\rrffxxf.exe179⤵
-
\??\c:\nbhbbt.exec:\nbhbbt.exe180⤵
-
\??\c:\bbhbtt.exec:\bbhbtt.exe181⤵
-
\??\c:\vvjjv.exec:\vvjjv.exe182⤵
-
\??\c:\vppjj.exec:\vppjj.exe183⤵
-
\??\c:\ffrlrlr.exec:\ffrlrlr.exe184⤵
-
\??\c:\rrxxrrr.exec:\rrxxrrr.exe185⤵
-
\??\c:\7bbtnn.exec:\7bbtnn.exe186⤵
-
\??\c:\hhbttb.exec:\hhbttb.exe187⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe188⤵
-
\??\c:\xxxfffx.exec:\xxxfffx.exe189⤵
-
\??\c:\lxrrxxx.exec:\lxrrxxx.exe190⤵
-
\??\c:\btbttn.exec:\btbttn.exe191⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe192⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe193⤵
-
\??\c:\5ffxrrr.exec:\5ffxrrr.exe194⤵
-
\??\c:\9nhbtt.exec:\9nhbtt.exe195⤵
-
\??\c:\tbnnbb.exec:\tbnnbb.exe196⤵
-
\??\c:\jvpjd.exec:\jvpjd.exe197⤵
-
\??\c:\lrfxrrr.exec:\lrfxrrr.exe198⤵
-
\??\c:\xrllxxx.exec:\xrllxxx.exe199⤵
-
\??\c:\btnhhh.exec:\btnhhh.exe200⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe201⤵
-
\??\c:\7jjjj.exec:\7jjjj.exe202⤵
-
\??\c:\hbnhhn.exec:\hbnhhn.exe203⤵
-
\??\c:\hnntnt.exec:\hnntnt.exe204⤵
-
\??\c:\jjvdd.exec:\jjvdd.exe205⤵
-
\??\c:\9llfxxx.exec:\9llfxxx.exe206⤵
-
\??\c:\llxxrll.exec:\llxxrll.exe207⤵
-
\??\c:\9bthnn.exec:\9bthnn.exe208⤵
-
\??\c:\pjddj.exec:\pjddj.exe209⤵
-
\??\c:\bthntb.exec:\bthntb.exe210⤵
-
\??\c:\vvdvv.exec:\vvdvv.exe211⤵
-
\??\c:\llffxxx.exec:\llffxxx.exe212⤵
-
\??\c:\hnbhhh.exec:\hnbhhh.exe213⤵
-
\??\c:\rxffllr.exec:\rxffllr.exe214⤵
-
\??\c:\hbnntt.exec:\hbnntt.exe215⤵
-
\??\c:\htbbbh.exec:\htbbbh.exe216⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe217⤵
-
\??\c:\9rxrlrl.exec:\9rxrlrl.exe218⤵
-
\??\c:\nhhbth.exec:\nhhbth.exe219⤵
-
\??\c:\bhtnnh.exec:\bhtnnh.exe220⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe221⤵
-
\??\c:\fxffxxx.exec:\fxffxxx.exe222⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe223⤵
-
\??\c:\hhnhhb.exec:\hhnhhb.exe224⤵
-
\??\c:\ppvpp.exec:\ppvpp.exe225⤵
-
\??\c:\lllfxrr.exec:\lllfxrr.exe226⤵
-
\??\c:\rxxlrrr.exec:\rxxlrrr.exe227⤵
-
\??\c:\nbbtnh.exec:\nbbtnh.exe228⤵
-
\??\c:\vjppj.exec:\vjppj.exe229⤵
-
\??\c:\xrfrlfr.exec:\xrfrlfr.exe230⤵
-
\??\c:\lllffxr.exec:\lllffxr.exe231⤵
-
\??\c:\bbhttb.exec:\bbhttb.exe232⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe233⤵
-
\??\c:\pdvpj.exec:\pdvpj.exe234⤵
-
\??\c:\1fxrrrr.exec:\1fxrrrr.exe235⤵
-
\??\c:\rllffff.exec:\rllffff.exe236⤵
-
\??\c:\hbhnht.exec:\hbhnht.exe237⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe238⤵
-
\??\c:\1vpvv.exec:\1vpvv.exe239⤵
-
\??\c:\flrlfll.exec:\flrlfll.exe240⤵
-
\??\c:\hbnhhh.exec:\hbnhhh.exe241⤵