Analysis
-
max time kernel
150s -
max time network
115s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
23-05-2024 21:12
General
-
Target
8a871daba14f59c2388284a6a19930bef754ee1fd149db3dabfbbf054b9b1add.exe
-
Size
76KB
-
MD5
10b9ad213860fab1096beb2d0178ecd0
-
SHA1
0503c2c17505da522bd197b06ba8d61b749fb773
-
SHA256
8a871daba14f59c2388284a6a19930bef754ee1fd149db3dabfbbf054b9b1add
-
SHA512
c490b90c77c4c83b1a5c159325570e548eeced3a27b3a48832ee1e79108156383d23a5d49202c58171143fa1888e092ba1c2c026cfb4e25237e9db810c135164
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIjaQkPcy8WTeAwHWkDLn/:ymb3NkkiQ3mdBjFIpkPcy8qsHjDD/
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8a871daba14f59c2388284a6a19930bef754ee1fd149db3dabfbbf054b9b1add.exe"C:\Users\Admin\AppData\Local\Temp\8a871daba14f59c2388284a6a19930bef754ee1fd149db3dabfbbf054b9b1add.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hntbbn.exec:\hntbbn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddj.exec:\dvddj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflfrll.exec:\xflfrll.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjpj.exec:\pjjpj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflrrll.exec:\fflrrll.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnnnb.exec:\nnnnnb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pvdd.exec:\9pvdd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3flllfl.exec:\3flllfl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnntb.exec:\hbnntb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpdp.exec:\dvpdp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhbb.exec:\bthhbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdp.exec:\pjvdp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvdv.exec:\djvdv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbttb.exec:\nnbttb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppj.exec:\pjppj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrlflf.exec:\lxrlflf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfffrfr.exec:\lfffrfr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttthnn.exec:\ttthnn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdvp.exec:\vvdvp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnthnn.exec:\nnthnn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttntnn.exec:\ttntnn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pddd.exec:\3pddd.exe23⤵
- Executes dropped EXE
-
\??\c:\fxrlfll.exec:\fxrlfll.exe24⤵
- Executes dropped EXE
-
\??\c:\nhntbh.exec:\nhntbh.exe25⤵
- Executes dropped EXE
-
\??\c:\7djpd.exec:\7djpd.exe26⤵
- Executes dropped EXE
-
\??\c:\jpppp.exec:\jpppp.exe27⤵
- Executes dropped EXE
-
\??\c:\fllllll.exec:\fllllll.exe28⤵
- Executes dropped EXE
-
\??\c:\tbnttb.exec:\tbnttb.exe29⤵
- Executes dropped EXE
-
\??\c:\vjjjv.exec:\vjjjv.exe30⤵
- Executes dropped EXE
-
\??\c:\1lffflx.exec:\1lffflx.exe31⤵
- Executes dropped EXE
-
\??\c:\9rxflfr.exec:\9rxflfr.exe32⤵
- Executes dropped EXE
-
\??\c:\bbttbh.exec:\bbttbh.exe33⤵
- Executes dropped EXE
-
\??\c:\1vdvd.exec:\1vdvd.exe34⤵
- Executes dropped EXE
-
\??\c:\rrrrrxx.exec:\rrrrrxx.exe35⤵
- Executes dropped EXE
-
\??\c:\3xffxfr.exec:\3xffxfr.exe36⤵
- Executes dropped EXE
-
\??\c:\bbhhnt.exec:\bbhhnt.exe37⤵
- Executes dropped EXE
-
\??\c:\pppjp.exec:\pppjp.exe38⤵
- Executes dropped EXE
-
\??\c:\vppvd.exec:\vppvd.exe39⤵
- Executes dropped EXE
-
\??\c:\1flllrr.exec:\1flllrr.exe40⤵
- Executes dropped EXE
-
\??\c:\nhnntb.exec:\nhnntb.exe41⤵
- Executes dropped EXE
-
\??\c:\nthhtb.exec:\nthhtb.exe42⤵
- Executes dropped EXE
-
\??\c:\dvddj.exec:\dvddj.exe43⤵
- Executes dropped EXE
-
\??\c:\lrrxfrf.exec:\lrrxfrf.exe44⤵
- Executes dropped EXE
-
\??\c:\frxfxlr.exec:\frxfxlr.exe45⤵
- Executes dropped EXE
-
\??\c:\bnbthb.exec:\bnbthb.exe46⤵
- Executes dropped EXE
-
\??\c:\dvppj.exec:\dvppj.exe47⤵
- Executes dropped EXE
-
\??\c:\rffxxlr.exec:\rffxxlr.exe48⤵
- Executes dropped EXE
-
\??\c:\nhthnb.exec:\nhthnb.exe49⤵
- Executes dropped EXE
-
\??\c:\5bhntb.exec:\5bhntb.exe50⤵
- Executes dropped EXE
-
\??\c:\jdpvd.exec:\jdpvd.exe51⤵
- Executes dropped EXE
-
\??\c:\lxllfll.exec:\lxllfll.exe52⤵
- Executes dropped EXE
-
\??\c:\bhnhtn.exec:\bhnhtn.exe53⤵
- Executes dropped EXE
-
\??\c:\pdpvd.exec:\pdpvd.exe54⤵
- Executes dropped EXE
-
\??\c:\rxxxlfr.exec:\rxxxlfr.exe55⤵
- Executes dropped EXE
-
\??\c:\nhbthb.exec:\nhbthb.exe56⤵
- Executes dropped EXE
-
\??\c:\jdpjd.exec:\jdpjd.exe57⤵
- Executes dropped EXE
-
\??\c:\lrlrrlr.exec:\lrlrrlr.exe58⤵
- Executes dropped EXE
-
\??\c:\btbnbt.exec:\btbnbt.exe59⤵
- Executes dropped EXE
-
\??\c:\ppjvj.exec:\ppjvj.exe60⤵
- Executes dropped EXE
-
\??\c:\fxfrxlr.exec:\fxfrxlr.exe61⤵
- Executes dropped EXE
-
\??\c:\nhnttb.exec:\nhnttb.exe62⤵
- Executes dropped EXE
-
\??\c:\lrxxfxr.exec:\lrxxfxr.exe63⤵
- Executes dropped EXE
-
\??\c:\rflfflf.exec:\rflfflf.exe64⤵
- Executes dropped EXE
-
\??\c:\bbtthn.exec:\bbtthn.exe65⤵
- Executes dropped EXE
-
\??\c:\7dddd.exec:\7dddd.exe66⤵
-
\??\c:\llllffx.exec:\llllffx.exe67⤵
-
\??\c:\xxrllrr.exec:\xxrllrr.exe68⤵
-
\??\c:\nhtnhh.exec:\nhtnhh.exe69⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe70⤵
-
\??\c:\rlxrlrx.exec:\rlxrlrx.exe71⤵
-
\??\c:\bbttnn.exec:\bbttnn.exe72⤵
-
\??\c:\nhtbth.exec:\nhtbth.exe73⤵
-
\??\c:\dvpjp.exec:\dvpjp.exe74⤵
-
\??\c:\lffxrff.exec:\lffxrff.exe75⤵
-
\??\c:\bnbhhb.exec:\bnbhhb.exe76⤵
-
\??\c:\btntbn.exec:\btntbn.exe77⤵
-
\??\c:\tnbbbb.exec:\tnbbbb.exe78⤵
-
\??\c:\dpppp.exec:\dpppp.exe79⤵
-
\??\c:\rxxrfxf.exec:\rxxrfxf.exe80⤵
-
\??\c:\rlfxrxx.exec:\rlfxrxx.exe81⤵
-
\??\c:\nntnnn.exec:\nntnnn.exe82⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe83⤵
-
\??\c:\fxffflr.exec:\fxffflr.exe84⤵
-
\??\c:\9xffflr.exec:\9xffflr.exe85⤵
-
\??\c:\djpdd.exec:\djpdd.exe86⤵
-
\??\c:\vdpjp.exec:\vdpjp.exe87⤵
-
\??\c:\fxxrllf.exec:\fxxrllf.exe88⤵
-
\??\c:\tttbtt.exec:\tttbtt.exe89⤵
-
\??\c:\dpvjp.exec:\dpvjp.exe90⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe91⤵
-
\??\c:\frlfxxr.exec:\frlfxxr.exe92⤵
-
\??\c:\tnbbnn.exec:\tnbbnn.exe93⤵
-
\??\c:\dvpjp.exec:\dvpjp.exe94⤵
-
\??\c:\3ddpj.exec:\3ddpj.exe95⤵
-
\??\c:\frrfrxl.exec:\frrfrxl.exe96⤵
-
\??\c:\tnnbth.exec:\tnnbth.exe97⤵
-
\??\c:\vvjpj.exec:\vvjpj.exe98⤵
-
\??\c:\lllfxxx.exec:\lllfxxx.exe99⤵
-
\??\c:\hbhhnt.exec:\hbhhnt.exe100⤵
-
\??\c:\5vjdj.exec:\5vjdj.exe101⤵
-
\??\c:\rrxrfrf.exec:\rrxrfrf.exe102⤵
-
\??\c:\flrfffx.exec:\flrfffx.exe103⤵
-
\??\c:\nbbnht.exec:\nbbnht.exe104⤵
-
\??\c:\3jjpd.exec:\3jjpd.exe105⤵
-
\??\c:\lflllxr.exec:\lflllxr.exe106⤵
-
\??\c:\ntbbtt.exec:\ntbbtt.exe107⤵
-
\??\c:\9htttn.exec:\9htttn.exe108⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe109⤵
-
\??\c:\rfxfffx.exec:\rfxfffx.exe110⤵
-
\??\c:\xrxxxfx.exec:\xrxxxfx.exe111⤵
-
\??\c:\ttttnt.exec:\ttttnt.exe112⤵
-
\??\c:\3hhhnn.exec:\3hhhnn.exe113⤵
-
\??\c:\dpdvp.exec:\dpdvp.exe114⤵
-
\??\c:\lrrrlrl.exec:\lrrrlrl.exe115⤵
-
\??\c:\tbtnbb.exec:\tbtnbb.exe116⤵
-
\??\c:\btbbht.exec:\btbbht.exe117⤵
-
\??\c:\vppvv.exec:\vppvv.exe118⤵
-
\??\c:\ppjjd.exec:\ppjjd.exe119⤵
-
\??\c:\5xfffxx.exec:\5xfffxx.exe120⤵
-
\??\c:\hhhhbt.exec:\hhhhbt.exe121⤵
-
\??\c:\5bnnhh.exec:\5bnnhh.exe122⤵
-
\??\c:\5vjjv.exec:\5vjjv.exe123⤵
-
\??\c:\3ffxflf.exec:\3ffxflf.exe124⤵
-
\??\c:\bttbnt.exec:\bttbnt.exe125⤵
-
\??\c:\bbnnnt.exec:\bbnnnt.exe126⤵
-
\??\c:\ddjpv.exec:\ddjpv.exe127⤵
-
\??\c:\xflllfr.exec:\xflllfr.exe128⤵
-
\??\c:\1flxrxx.exec:\1flxrxx.exe129⤵
-
\??\c:\hnhhhn.exec:\hnhhhn.exe130⤵
-
\??\c:\xxrrxrf.exec:\xxrrxrf.exe131⤵
-
\??\c:\xllfrrf.exec:\xllfrrf.exe132⤵
-
\??\c:\vvppv.exec:\vvppv.exe133⤵
-
\??\c:\jvddj.exec:\jvddj.exe134⤵
-
\??\c:\rfxlxrl.exec:\rfxlxrl.exe135⤵
-
\??\c:\bbhhbb.exec:\bbhhbb.exe136⤵
-
\??\c:\hnnhht.exec:\hnnhht.exe137⤵
-
\??\c:\vpdpj.exec:\vpdpj.exe138⤵
-
\??\c:\9pvdv.exec:\9pvdv.exe139⤵
-
\??\c:\lfxlxlf.exec:\lfxlxlf.exe140⤵
-
\??\c:\nnhbhb.exec:\nnhbhb.exe141⤵
-
\??\c:\vjjjj.exec:\vjjjj.exe142⤵
-
\??\c:\vvvdj.exec:\vvvdj.exe143⤵
-
\??\c:\xlfrrlx.exec:\xlfrrlx.exe144⤵
-
\??\c:\pjjvp.exec:\pjjvp.exe145⤵
-
\??\c:\lrlrfff.exec:\lrlrfff.exe146⤵
-
\??\c:\xlfrrrl.exec:\xlfrrrl.exe147⤵
-
\??\c:\nhthnn.exec:\nhthnn.exe148⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe149⤵
-
\??\c:\pjvpd.exec:\pjvpd.exe150⤵
-
\??\c:\xrxlrrr.exec:\xrxlrrr.exe151⤵
-
\??\c:\tbhbtt.exec:\tbhbtt.exe152⤵
-
\??\c:\bnhnhn.exec:\bnhnhn.exe153⤵
-
\??\c:\dppdj.exec:\dppdj.exe154⤵
-
\??\c:\fxffxrf.exec:\fxffxrf.exe155⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe156⤵
-
\??\c:\rxflrfr.exec:\rxflrfr.exe157⤵
-
\??\c:\thhntb.exec:\thhntb.exe158⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe159⤵
-
\??\c:\ttnhhn.exec:\ttnhhn.exe160⤵
-
\??\c:\dpdvv.exec:\dpdvv.exe161⤵
-
\??\c:\xxxfxrf.exec:\xxxfxrf.exe162⤵
-
\??\c:\hhbhhb.exec:\hhbhhb.exe163⤵
-
\??\c:\htbnnt.exec:\htbnnt.exe164⤵
-
\??\c:\htnbbn.exec:\htnbbn.exe165⤵
-
\??\c:\vjvdp.exec:\vjvdp.exe166⤵
-
\??\c:\llxxllx.exec:\llxxllx.exe167⤵
-
\??\c:\rllrxfr.exec:\rllrxfr.exe168⤵
-
\??\c:\thhhbb.exec:\thhhbb.exe169⤵
-
\??\c:\hbbnnt.exec:\hbbnnt.exe170⤵
-
\??\c:\vjpdd.exec:\vjpdd.exe171⤵
-
\??\c:\xlrxxxr.exec:\xlrxxxr.exe172⤵
-
\??\c:\xxlrllx.exec:\xxlrllx.exe173⤵
-
\??\c:\3thbnn.exec:\3thbnn.exe174⤵
-
\??\c:\3hbbnt.exec:\3hbbnt.exe175⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe176⤵
-
\??\c:\xxrrrxr.exec:\xxrrrxr.exe177⤵
-
\??\c:\rllflff.exec:\rllflff.exe178⤵
-
\??\c:\thbtbb.exec:\thbtbb.exe179⤵
-
\??\c:\ttbnnh.exec:\ttbnnh.exe180⤵
-
\??\c:\vpddd.exec:\vpddd.exe181⤵
-
\??\c:\9flrrxx.exec:\9flrrxx.exe182⤵
-
\??\c:\fxllfxl.exec:\fxllfxl.exe183⤵
-
\??\c:\tnntnb.exec:\tnntnb.exe184⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe185⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe186⤵
-
\??\c:\5frxrxx.exec:\5frxrxx.exe187⤵
-
\??\c:\lrlffxx.exec:\lrlffxx.exe188⤵
-
\??\c:\bttnnn.exec:\bttnnn.exe189⤵
-
\??\c:\dvdpd.exec:\dvdpd.exe190⤵
-
\??\c:\djppj.exec:\djppj.exe191⤵
-
\??\c:\frrxxxf.exec:\frrxxxf.exe192⤵
-
\??\c:\xfrxfrr.exec:\xfrxfrr.exe193⤵
-
\??\c:\hbthbb.exec:\hbthbb.exe194⤵
-
\??\c:\vdvdv.exec:\vdvdv.exe195⤵
-
\??\c:\rxxllxf.exec:\rxxllxf.exe196⤵
-
\??\c:\rfxxlrr.exec:\rfxxlrr.exe197⤵
-
\??\c:\bthhhh.exec:\bthhhh.exe198⤵
-
\??\c:\3jjjd.exec:\3jjjd.exe199⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe200⤵
-
\??\c:\flrlfxx.exec:\flrlfxx.exe201⤵
-
\??\c:\btbtnh.exec:\btbtnh.exe202⤵
-
\??\c:\nhnhhb.exec:\nhnhhb.exe203⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe204⤵
-
\??\c:\xffffxf.exec:\xffffxf.exe205⤵
-
\??\c:\nnhbbt.exec:\nnhbbt.exe206⤵
-
\??\c:\ppvjd.exec:\ppvjd.exe207⤵
-
\??\c:\jjpjd.exec:\jjpjd.exe208⤵
-
\??\c:\xlxxlrl.exec:\xlxxlrl.exe209⤵
-
\??\c:\httnnn.exec:\httnnn.exe210⤵
-
\??\c:\bnnhbh.exec:\bnnhbh.exe211⤵
-
\??\c:\jvjpd.exec:\jvjpd.exe212⤵
-
\??\c:\ffllffx.exec:\ffllffx.exe213⤵
-
\??\c:\frxrrrl.exec:\frxrrrl.exe214⤵
-
\??\c:\hthnnn.exec:\hthnnn.exe215⤵
-
\??\c:\djpjd.exec:\djpjd.exe216⤵
-
\??\c:\5vdjj.exec:\5vdjj.exe217⤵
-
\??\c:\xflfxrr.exec:\xflfxrr.exe218⤵
-
\??\c:\hhnhhn.exec:\hhnhhn.exe219⤵
-
\??\c:\hnhnnt.exec:\hnhnnt.exe220⤵
-
\??\c:\9vdvd.exec:\9vdvd.exe221⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe222⤵
-
\??\c:\xflffxx.exec:\xflffxx.exe223⤵
-
\??\c:\xflfrlf.exec:\xflfrlf.exe224⤵
-
\??\c:\ttntht.exec:\ttntht.exe225⤵
-
\??\c:\pvvvd.exec:\pvvvd.exe226⤵
-
\??\c:\dpddv.exec:\dpddv.exe227⤵
-
\??\c:\fffffff.exec:\fffffff.exe228⤵
-
\??\c:\rrfrrrr.exec:\rrfrrrr.exe229⤵
-
\??\c:\1hthhh.exec:\1hthhh.exe230⤵
-
\??\c:\vjddv.exec:\vjddv.exe231⤵
-
\??\c:\djjjv.exec:\djjjv.exe232⤵
-
\??\c:\rfxxxrl.exec:\rfxxxrl.exe233⤵
-
\??\c:\lxlffxr.exec:\lxlffxr.exe234⤵
-
\??\c:\tthntt.exec:\tthntt.exe235⤵
-
\??\c:\djpdv.exec:\djpdv.exe236⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe237⤵
-
\??\c:\frxrfxf.exec:\frxrfxf.exe238⤵
-
\??\c:\thhttb.exec:\thhttb.exe239⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe240⤵