Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
24-05-2024 23:19
General
-
Target
73fbe8f01abf009ae3e7b278f610989760f7d87c5b8ddf6887587f97a8de6445.exe
-
Size
77KB
-
MD5
1b3bd8d426377af1df2c64dd7139747b
-
SHA1
87954ae40414e6182b24bdf81688d3a2a43be5ec
-
SHA256
73fbe8f01abf009ae3e7b278f610989760f7d87c5b8ddf6887587f97a8de6445
-
SHA512
cede94198ab2bfd398768358441ff87a53ab916b19c4cbbabfe459c07a44e5ea4483b1e3a26f40160f728a7c96a5dd6814127770398c8aaac46f7085d7209369
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73tgygQwKjiawEmBs:ymb3NkkiQ3mdBjFo73thgQ/wEks
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
UPX dump on OEP (original entry point) 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\73fbe8f01abf009ae3e7b278f610989760f7d87c5b8ddf6887587f97a8de6445.exe"C:\Users\Admin\AppData\Local\Temp\73fbe8f01abf009ae3e7b278f610989760f7d87c5b8ddf6887587f97a8de6445.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrfllx.exec:\rlrfllx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbnbh.exec:\nnbnbh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hbbnn.exec:\3hbbnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvdj.exec:\vvvdj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjpv.exec:\jjjpv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxfffl.exec:\llxfffl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdpv.exec:\vpdpv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jvpd.exec:\1jvpd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrfffl.exec:\lfrfffl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbbht.exec:\nbbbht.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjvv.exec:\jdjvv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjjp.exec:\dpjjp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrffrlx.exec:\xrffrlx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnnbb.exec:\htnnbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nhntb.exec:\5nhntb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvj.exec:\jdpvj.exe17⤵
- Executes dropped EXE
-
\??\c:\lxlrflf.exec:\lxlrflf.exe18⤵
- Executes dropped EXE
-
\??\c:\llxxfxf.exec:\llxxfxf.exe19⤵
- Executes dropped EXE
-
\??\c:\hthtbb.exec:\hthtbb.exe20⤵
- Executes dropped EXE
-
\??\c:\dvjpp.exec:\dvjpp.exe21⤵
- Executes dropped EXE
-
\??\c:\7fxlrxl.exec:\7fxlrxl.exe22⤵
- Executes dropped EXE
-
\??\c:\lrllrlx.exec:\lrllrlx.exe23⤵
- Executes dropped EXE
-
\??\c:\hbthtt.exec:\hbthtt.exe24⤵
- Executes dropped EXE
-
\??\c:\hbntth.exec:\hbntth.exe25⤵
- Executes dropped EXE
-
\??\c:\vpjpv.exec:\vpjpv.exe26⤵
- Executes dropped EXE
-
\??\c:\lfrxxxr.exec:\lfrxxxr.exe27⤵
- Executes dropped EXE
-
\??\c:\bthnbb.exec:\bthnbb.exe28⤵
- Executes dropped EXE
-
\??\c:\9tntbh.exec:\9tntbh.exe29⤵
- Executes dropped EXE
-
\??\c:\7jjpd.exec:\7jjpd.exe30⤵
- Executes dropped EXE
-
\??\c:\3rffflr.exec:\3rffflr.exe31⤵
- Executes dropped EXE
-
\??\c:\xxflxxl.exec:\xxflxxl.exe32⤵
- Executes dropped EXE
-
\??\c:\btnbhn.exec:\btnbhn.exe33⤵
- Executes dropped EXE
-
\??\c:\nhbhhh.exec:\nhbhhh.exe34⤵
- Executes dropped EXE
-
\??\c:\jvpjp.exec:\jvpjp.exe35⤵
- Executes dropped EXE
-
\??\c:\dvpjp.exec:\dvpjp.exe36⤵
- Executes dropped EXE
-
\??\c:\lfrrxff.exec:\lfrrxff.exe37⤵
- Executes dropped EXE
-
\??\c:\xrfrrxf.exec:\xrfrrxf.exe38⤵
- Executes dropped EXE
-
\??\c:\nbthtb.exec:\nbthtb.exe39⤵
- Executes dropped EXE
-
\??\c:\htbhtt.exec:\htbhtt.exe40⤵
- Executes dropped EXE
-
\??\c:\pjvvd.exec:\pjvvd.exe41⤵
- Executes dropped EXE
-
\??\c:\1vppv.exec:\1vppv.exe42⤵
- Executes dropped EXE
-
\??\c:\fxrrrrx.exec:\fxrrrrx.exe43⤵
- Executes dropped EXE
-
\??\c:\9lfflff.exec:\9lfflff.exe44⤵
- Executes dropped EXE
-
\??\c:\hthntt.exec:\hthntt.exe45⤵
- Executes dropped EXE
-
\??\c:\bthhhh.exec:\bthhhh.exe46⤵
- Executes dropped EXE
-
\??\c:\dvdjj.exec:\dvdjj.exe47⤵
- Executes dropped EXE
-
\??\c:\lfrrllr.exec:\lfrrllr.exe48⤵
- Executes dropped EXE
-
\??\c:\5rrlffl.exec:\5rrlffl.exe49⤵
- Executes dropped EXE
-
\??\c:\7btbnn.exec:\7btbnn.exe50⤵
- Executes dropped EXE
-
\??\c:\9hbbhb.exec:\9hbbhb.exe51⤵
- Executes dropped EXE
-
\??\c:\ppjjp.exec:\ppjjp.exe52⤵
- Executes dropped EXE
-
\??\c:\ddpvd.exec:\ddpvd.exe53⤵
- Executes dropped EXE
-
\??\c:\9frrxxf.exec:\9frrxxf.exe54⤵
- Executes dropped EXE
-
\??\c:\frfrfxf.exec:\frfrfxf.exe55⤵
- Executes dropped EXE
-
\??\c:\5tthbn.exec:\5tthbn.exe56⤵
- Executes dropped EXE
-
\??\c:\hhbnth.exec:\hhbnth.exe57⤵
- Executes dropped EXE
-
\??\c:\3ddjv.exec:\3ddjv.exe58⤵
- Executes dropped EXE
-
\??\c:\vpvdv.exec:\vpvdv.exe59⤵
- Executes dropped EXE
-
\??\c:\ddjpp.exec:\ddjpp.exe60⤵
- Executes dropped EXE
-
\??\c:\llflrrx.exec:\llflrrx.exe61⤵
- Executes dropped EXE
-
\??\c:\bthntt.exec:\bthntt.exe62⤵
- Executes dropped EXE
-
\??\c:\3ttttt.exec:\3ttttt.exe63⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe64⤵
- Executes dropped EXE
-
\??\c:\1vvpp.exec:\1vvpp.exe65⤵
- Executes dropped EXE
-
\??\c:\lflrrrx.exec:\lflrrrx.exe66⤵
-
\??\c:\lfrflrr.exec:\lfrflrr.exe67⤵
-
\??\c:\ttntnt.exec:\ttntnt.exe68⤵
-
\??\c:\thtntb.exec:\thtntb.exe69⤵
-
\??\c:\5hhbtt.exec:\5hhbtt.exe70⤵
-
\??\c:\1dvvp.exec:\1dvvp.exe71⤵
-
\??\c:\7fxfrfr.exec:\7fxfrfr.exe72⤵
-
\??\c:\rxfxfxf.exec:\rxfxfxf.exe73⤵
-
\??\c:\frrrflx.exec:\frrrflx.exe74⤵
-
\??\c:\nnbtnb.exec:\nnbtnb.exe75⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe76⤵
-
\??\c:\jjddd.exec:\jjddd.exe77⤵
-
\??\c:\lfxxxxl.exec:\lfxxxxl.exe78⤵
-
\??\c:\rlfffrf.exec:\rlfffrf.exe79⤵
-
\??\c:\3nhhhn.exec:\3nhhhn.exe80⤵
-
\??\c:\btbhnn.exec:\btbhnn.exe81⤵
-
\??\c:\nhtthh.exec:\nhtthh.exe82⤵
-
\??\c:\vvjjv.exec:\vvjjv.exe83⤵
-
\??\c:\vdjvj.exec:\vdjvj.exe84⤵
-
\??\c:\lfxrxxf.exec:\lfxrxxf.exe85⤵
-
\??\c:\7ffrffr.exec:\7ffrffr.exe86⤵
-
\??\c:\5nbhtb.exec:\5nbhtb.exe87⤵
-
\??\c:\nhttnn.exec:\nhttnn.exe88⤵
-
\??\c:\jdjvv.exec:\jdjvv.exe89⤵
-
\??\c:\pdpvv.exec:\pdpvv.exe90⤵
-
\??\c:\lfrxxxr.exec:\lfrxxxr.exe91⤵
-
\??\c:\1lfrxfr.exec:\1lfrxfr.exe92⤵
-
\??\c:\nhtbhh.exec:\nhtbhh.exe93⤵
-
\??\c:\nbnnhn.exec:\nbnnhn.exe94⤵
-
\??\c:\vdvjd.exec:\vdvjd.exe95⤵
-
\??\c:\vdvvj.exec:\vdvvj.exe96⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe97⤵
-
\??\c:\3rllrxf.exec:\3rllrxf.exe98⤵
-
\??\c:\3flfrrf.exec:\3flfrrf.exe99⤵
-
\??\c:\btnntt.exec:\btnntt.exe100⤵
-
\??\c:\bthntt.exec:\bthntt.exe101⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe102⤵
-
\??\c:\vvjjp.exec:\vvjjp.exe103⤵
-
\??\c:\lfflrlx.exec:\lfflrlx.exe104⤵
-
\??\c:\lffrxrr.exec:\lffrxrr.exe105⤵
-
\??\c:\ttthnb.exec:\ttthnb.exe106⤵
-
\??\c:\tnbhnn.exec:\tnbhnn.exe107⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe108⤵
-
\??\c:\pjpdv.exec:\pjpdv.exe109⤵
-
\??\c:\xrllllr.exec:\xrllllr.exe110⤵
-
\??\c:\fxllrrf.exec:\fxllrrf.exe111⤵
-
\??\c:\xxlxlfl.exec:\xxlxlfl.exe112⤵
-
\??\c:\7nbhnn.exec:\7nbhnn.exe113⤵
-
\??\c:\nhbhbn.exec:\nhbhbn.exe114⤵
-
\??\c:\5vjjj.exec:\5vjjj.exe115⤵
-
\??\c:\5dvvd.exec:\5dvvd.exe116⤵
-
\??\c:\fxrrlrr.exec:\fxrrlrr.exe117⤵
-
\??\c:\lflxfrx.exec:\lflxfrx.exe118⤵
-
\??\c:\bbnhnn.exec:\bbnhnn.exe119⤵
-
\??\c:\bbnttb.exec:\bbnttb.exe120⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-