Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
24-05-2024 00:34
General
-
Target
9096aaf84c75e8704ea15eb2ea4d987e199b54f271b9d7d70db65cf642cd93bb.exe
-
Size
306KB
-
MD5
1fe76f02bb16c5a6656a9be5a41e8841
-
SHA1
8fcee84a834217085312eb419e8010150dae842f
-
SHA256
9096aaf84c75e8704ea15eb2ea4d987e199b54f271b9d7d70db65cf642cd93bb
-
SHA512
fb8df427a828e42e00bcb0d64df5070cb722af0395f0e4b0b9162d70326acdabfba2bda1e8fba86773d9da6da9c34143d2701233e421dc6a6c04e205658cd235
-
SSDEEP
6144:n3C9BRo/AIuuOthLmH403Pyr6UWO6jUl7sPgvwNL:n3C9uDVOXLmHBKWyn+PgvuL
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
UPX dump on OEP (original entry point) 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 21 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9096aaf84c75e8704ea15eb2ea4d987e199b54f271b9d7d70db65cf642cd93bb.exe"C:\Users\Admin\AppData\Local\Temp\9096aaf84c75e8704ea15eb2ea4d987e199b54f271b9d7d70db65cf642cd93bb.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3vvdp.exec:\3vvdp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rlrffl.exec:\3rlrffl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxlxrf.exec:\xrxlxrf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjv.exec:\vpjjv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbtbbn.exec:\tbtbbn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppd.exec:\dvppd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllxrff.exec:\lllxrff.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrrrrr.exec:\xlrrrrr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhnt.exec:\bthhnt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxllxxl.exec:\lxllxxl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnnnt.exec:\hbnnnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvjj.exec:\dpvjj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdpj.exec:\pjdpj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnbht.exec:\hbnbht.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjvd.exec:\ppjvd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrflxr.exec:\llrflxr.exe17⤵
- Executes dropped EXE
-
\??\c:\tnbhtt.exec:\tnbhtt.exe18⤵
- Executes dropped EXE
-
\??\c:\vvvjd.exec:\vvvjd.exe19⤵
- Executes dropped EXE
-
\??\c:\xxxxlfr.exec:\xxxxlfr.exe20⤵
- Executes dropped EXE
-
\??\c:\9vdjp.exec:\9vdjp.exe21⤵
- Executes dropped EXE
-
\??\c:\vvjdv.exec:\vvjdv.exe22⤵
- Executes dropped EXE
-
\??\c:\hhbbhn.exec:\hhbbhn.exe23⤵
- Executes dropped EXE
-
\??\c:\vvjpv.exec:\vvjpv.exe24⤵
- Executes dropped EXE
-
\??\c:\tbtnbh.exec:\tbtnbh.exe25⤵
- Executes dropped EXE
-
\??\c:\ppddv.exec:\ppddv.exe26⤵
- Executes dropped EXE
-
\??\c:\hbnthh.exec:\hbnthh.exe27⤵
- Executes dropped EXE
-
\??\c:\vjdjp.exec:\vjdjp.exe28⤵
- Executes dropped EXE
-
\??\c:\ffrfrrf.exec:\ffrfrrf.exe29⤵
- Executes dropped EXE
-
\??\c:\thnbnt.exec:\thnbnt.exe30⤵
- Executes dropped EXE
-
\??\c:\1pjvd.exec:\1pjvd.exe31⤵
- Executes dropped EXE
-
\??\c:\thtbht.exec:\thtbht.exe32⤵
- Executes dropped EXE
-
\??\c:\dpjjp.exec:\dpjjp.exe33⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe34⤵
- Executes dropped EXE
-
\??\c:\bnbbbb.exec:\bnbbbb.exe35⤵
-
\??\c:\5httnn.exec:\5httnn.exe36⤵
- Executes dropped EXE
-
\??\c:\9pjpd.exec:\9pjpd.exe37⤵
- Executes dropped EXE
-
\??\c:\5xlffff.exec:\5xlffff.exe38⤵
- Executes dropped EXE
-
\??\c:\ttbbtn.exec:\ttbbtn.exe39⤵
- Executes dropped EXE
-
\??\c:\7tthth.exec:\7tthth.exe40⤵
- Executes dropped EXE
-
\??\c:\7jjpd.exec:\7jjpd.exe41⤵
- Executes dropped EXE
-
\??\c:\fxxrffl.exec:\fxxrffl.exe42⤵
- Executes dropped EXE
-
\??\c:\nhbhbb.exec:\nhbhbb.exe43⤵
- Executes dropped EXE
-
\??\c:\5bnntt.exec:\5bnntt.exe44⤵
- Executes dropped EXE
-
\??\c:\vpdpv.exec:\vpdpv.exe45⤵
- Executes dropped EXE
-
\??\c:\9xrfxfl.exec:\9xrfxfl.exe46⤵
- Executes dropped EXE
-
\??\c:\fxlrxfr.exec:\fxlrxfr.exe47⤵
- Executes dropped EXE
-
\??\c:\hbnnnn.exec:\hbnnnn.exe48⤵
- Executes dropped EXE
-
\??\c:\bbtbnt.exec:\bbtbnt.exe49⤵
- Executes dropped EXE
-
\??\c:\dvpdj.exec:\dvpdj.exe50⤵
- Executes dropped EXE
-
\??\c:\9xllrrf.exec:\9xllrrf.exe51⤵
- Executes dropped EXE
-
\??\c:\5lxxfxx.exec:\5lxxfxx.exe52⤵
- Executes dropped EXE
-
\??\c:\thbtbb.exec:\thbtbb.exe53⤵
- Executes dropped EXE
-
\??\c:\hhhthn.exec:\hhhthn.exe54⤵
- Executes dropped EXE
-
\??\c:\pddvj.exec:\pddvj.exe55⤵
- Executes dropped EXE
-
\??\c:\rrrrfrr.exec:\rrrrfrr.exe56⤵
- Executes dropped EXE
-
\??\c:\9rlrxxl.exec:\9rlrxxl.exe57⤵
- Executes dropped EXE
-
\??\c:\nnbnnh.exec:\nnbnnh.exe58⤵
- Executes dropped EXE
-
\??\c:\5dppd.exec:\5dppd.exe59⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe60⤵
- Executes dropped EXE
-
\??\c:\frllrlr.exec:\frllrlr.exe61⤵
- Executes dropped EXE
-
\??\c:\9rxlfxf.exec:\9rxlfxf.exe62⤵
- Executes dropped EXE
-
\??\c:\1bbbnn.exec:\1bbbnn.exe63⤵
- Executes dropped EXE
-
\??\c:\jdvjv.exec:\jdvjv.exe64⤵
- Executes dropped EXE
-
\??\c:\vdppv.exec:\vdppv.exe65⤵
- Executes dropped EXE
-
\??\c:\1xrflrf.exec:\1xrflrf.exe66⤵
- Executes dropped EXE
-
\??\c:\nnhhtb.exec:\nnhhtb.exe67⤵
-
\??\c:\9nhntt.exec:\9nhntt.exe68⤵
-
\??\c:\dpdpv.exec:\dpdpv.exe69⤵
-
\??\c:\rlrflxf.exec:\rlrflxf.exe70⤵
-
\??\c:\fxrxxfr.exec:\fxrxxfr.exe71⤵
-
\??\c:\nhtbnt.exec:\nhtbnt.exe72⤵
-
\??\c:\bthntt.exec:\bthntt.exe73⤵
-
\??\c:\pdpvj.exec:\pdpvj.exe74⤵
-
\??\c:\rrffxlr.exec:\rrffxlr.exe75⤵
-
\??\c:\llxfxrf.exec:\llxfxrf.exe76⤵
-
\??\c:\3bhbhn.exec:\3bhbhn.exe77⤵
-
\??\c:\5bhbhn.exec:\5bhbhn.exe78⤵
-
\??\c:\jdpdj.exec:\jdpdj.exe79⤵
-
\??\c:\rlxxxxl.exec:\rlxxxxl.exe80⤵
-
\??\c:\xrflrxl.exec:\xrflrxl.exe81⤵
-
\??\c:\hbtbhh.exec:\hbtbhh.exe82⤵
-
\??\c:\tnhnnb.exec:\tnhnnb.exe83⤵
-
\??\c:\jvdpd.exec:\jvdpd.exe84⤵
-
\??\c:\lrfxffx.exec:\lrfxffx.exe85⤵
-
\??\c:\9rflrlr.exec:\9rflrlr.exe86⤵
-
\??\c:\5hhhth.exec:\5hhhth.exe87⤵
-
\??\c:\9vjdp.exec:\9vjdp.exe88⤵
-
\??\c:\3ppdj.exec:\3ppdj.exe89⤵
-
\??\c:\1xllrxf.exec:\1xllrxf.exe90⤵
-
\??\c:\hhtbnt.exec:\hhtbnt.exe91⤵
-
\??\c:\hbnntt.exec:\hbnntt.exe92⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe93⤵
-
\??\c:\pjdjd.exec:\pjdjd.exe94⤵
-
\??\c:\rrflrxl.exec:\rrflrxl.exe95⤵
-
\??\c:\htbtbh.exec:\htbtbh.exe96⤵
-
\??\c:\nnnnbb.exec:\nnnnbb.exe97⤵
-
\??\c:\9jddj.exec:\9jddj.exe98⤵
-
\??\c:\vvpvd.exec:\vvpvd.exe99⤵
-
\??\c:\lxfrrff.exec:\lxfrrff.exe100⤵
-
\??\c:\xxrrflr.exec:\xxrrflr.exe101⤵
-
\??\c:\thhnbt.exec:\thhnbt.exe102⤵
-
\??\c:\dvjvj.exec:\dvjvj.exe103⤵
-
\??\c:\dvvdd.exec:\dvvdd.exe104⤵
-
\??\c:\9fxflrr.exec:\9fxflrr.exe105⤵
-
\??\c:\rlxxlxr.exec:\rlxxlxr.exe106⤵
-
\??\c:\hhtbnb.exec:\hhtbnb.exe107⤵
-
\??\c:\jddvd.exec:\jddvd.exe108⤵
-
\??\c:\vppvj.exec:\vppvj.exe109⤵
-
\??\c:\ffffrrl.exec:\ffffrrl.exe110⤵
-
\??\c:\lxfxrlf.exec:\lxfxrlf.exe111⤵
-
\??\c:\bbnthn.exec:\bbnthn.exe112⤵
-
\??\c:\ddpdj.exec:\ddpdj.exe113⤵
-
\??\c:\jdppv.exec:\jdppv.exe114⤵
-
\??\c:\fxxfxfx.exec:\fxxfxfx.exe115⤵
-
\??\c:\bbbbhn.exec:\bbbbhn.exe116⤵
-
\??\c:\9tbhnn.exec:\9tbhnn.exe117⤵
-
\??\c:\ddvvd.exec:\ddvvd.exe118⤵
-
\??\c:\9jjjv.exec:\9jjjv.exe119⤵
-
\??\c:\xflffxr.exec:\xflffxr.exe120⤵
-
\??\c:\7nhtbb.exec:\7nhtbb.exe121⤵
-
\??\c:\tbnhnh.exec:\tbnhnh.exe122⤵
-
\??\c:\ppjpj.exec:\ppjpj.exe123⤵
-
\??\c:\ppjdv.exec:\ppjdv.exe124⤵
-
\??\c:\3xrlrrf.exec:\3xrlrrf.exe125⤵
-
\??\c:\hthhnn.exec:\hthhnn.exe126⤵
-
\??\c:\btnnbh.exec:\btnnbh.exe127⤵
-
\??\c:\ppjjj.exec:\ppjjj.exe128⤵
-
\??\c:\7fxlxxl.exec:\7fxlxxl.exe129⤵
-
\??\c:\rlxxffl.exec:\rlxxffl.exe130⤵
-
\??\c:\tbnbth.exec:\tbnbth.exe131⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe132⤵
-
\??\c:\5dppp.exec:\5dppp.exe133⤵
-
\??\c:\rrffrxr.exec:\rrffrxr.exe134⤵
-
\??\c:\nnbhnh.exec:\nnbhnh.exe135⤵
-
\??\c:\nnhhth.exec:\nnhhth.exe136⤵
-
\??\c:\9jjjp.exec:\9jjjp.exe137⤵
-
\??\c:\llffllr.exec:\llffllr.exe138⤵
-
\??\c:\fxrrxxf.exec:\fxrrxxf.exe139⤵
-
\??\c:\1tbbbb.exec:\1tbbbb.exe140⤵
-
\??\c:\ddpdp.exec:\ddpdp.exe141⤵
-
\??\c:\jdpvv.exec:\jdpvv.exe142⤵
-
\??\c:\5xrrxlr.exec:\5xrrxlr.exe143⤵
-
\??\c:\lllxlxx.exec:\lllxlxx.exe144⤵
-
\??\c:\bbhbbb.exec:\bbhbbb.exe145⤵
-
\??\c:\1jvpd.exec:\1jvpd.exe146⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe147⤵
-
\??\c:\fxrfrrf.exec:\fxrfrrf.exe148⤵
-
\??\c:\3bnntt.exec:\3bnntt.exe149⤵
-
\??\c:\ppddp.exec:\ppddp.exe150⤵
-
\??\c:\7dvvd.exec:\7dvvd.exe151⤵
-
\??\c:\fxflrxl.exec:\fxflrxl.exe152⤵
-
\??\c:\fflrxfr.exec:\fflrxfr.exe153⤵
-
\??\c:\1htntt.exec:\1htntt.exe154⤵
-
\??\c:\7ddvp.exec:\7ddvp.exe155⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe156⤵
-
\??\c:\xrffllx.exec:\xrffllx.exe157⤵
-
\??\c:\xrfrxfl.exec:\xrfrxfl.exe158⤵
-
\??\c:\bbtbtt.exec:\bbtbtt.exe159⤵
-
\??\c:\3thtnn.exec:\3thtnn.exe160⤵
-
\??\c:\vpdpv.exec:\vpdpv.exe161⤵
-
\??\c:\fxxflrf.exec:\fxxflrf.exe162⤵
-
\??\c:\xxlfrfl.exec:\xxlfrfl.exe163⤵
-
\??\c:\tnhtnn.exec:\tnhtnn.exe164⤵
-
\??\c:\7pjvj.exec:\7pjvj.exe165⤵
-
\??\c:\vppjv.exec:\vppjv.exe166⤵
-
\??\c:\7lffffr.exec:\7lffffr.exe167⤵
-
\??\c:\ffxxlrx.exec:\ffxxlrx.exe168⤵
-
\??\c:\hbthtb.exec:\hbthtb.exe169⤵
-
\??\c:\9jvjv.exec:\9jvjv.exe170⤵
-
\??\c:\djddj.exec:\djddj.exe171⤵
-
\??\c:\xxlflxl.exec:\xxlflxl.exe172⤵
-
\??\c:\xrfrxfr.exec:\xrfrxfr.exe173⤵
-
\??\c:\bbbthn.exec:\bbbthn.exe174⤵
-
\??\c:\ppddv.exec:\ppddv.exe175⤵
-
\??\c:\dddjv.exec:\dddjv.exe176⤵
-
\??\c:\frrlrfx.exec:\frrlrfx.exe177⤵
-
\??\c:\lrlfrfr.exec:\lrlfrfr.exe178⤵
-
\??\c:\nbttth.exec:\nbttth.exe179⤵
-
\??\c:\5jdpj.exec:\5jdpj.exe180⤵
-
\??\c:\9rfrlrl.exec:\9rfrlrl.exe181⤵
-
\??\c:\rxrrlrr.exec:\rxrrlrr.exe182⤵
-
\??\c:\nhtbht.exec:\nhtbht.exe183⤵
-
\??\c:\3pdjd.exec:\3pdjd.exe184⤵
-
\??\c:\7vppd.exec:\7vppd.exe185⤵
-
\??\c:\3llfxll.exec:\3llfxll.exe186⤵
-
\??\c:\hhnnbb.exec:\hhnnbb.exe187⤵
-
\??\c:\bbntnt.exec:\bbntnt.exe188⤵
-
\??\c:\dddpd.exec:\dddpd.exe189⤵
-
\??\c:\5jppv.exec:\5jppv.exe190⤵
-
\??\c:\5xrlrrx.exec:\5xrlrrx.exe191⤵
-
\??\c:\nhntbn.exec:\nhntbn.exe192⤵
-
\??\c:\9thntb.exec:\9thntb.exe193⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe194⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe195⤵
-
\??\c:\fflrxfl.exec:\fflrxfl.exe196⤵
-
\??\c:\hntnnh.exec:\hntnnh.exe197⤵
-
\??\c:\ppvdd.exec:\ppvdd.exe198⤵
-
\??\c:\dddpd.exec:\dddpd.exe199⤵
-
\??\c:\xxxxflr.exec:\xxxxflr.exe200⤵
-
\??\c:\rrrfrfx.exec:\rrrfrfx.exe201⤵
-
\??\c:\bbnbhh.exec:\bbnbhh.exe202⤵
-
\??\c:\pppdj.exec:\pppdj.exe203⤵
-
\??\c:\1vjpv.exec:\1vjpv.exe204⤵
-
\??\c:\xrlrxfr.exec:\xrlrxfr.exe205⤵
-
\??\c:\nhttbh.exec:\nhttbh.exe206⤵
-
\??\c:\1nhtbh.exec:\1nhtbh.exe207⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe208⤵
-
\??\c:\dpjjv.exec:\dpjjv.exe209⤵
-
\??\c:\ffxrflx.exec:\ffxrflx.exe210⤵
-
\??\c:\ttntbh.exec:\ttntbh.exe211⤵
-
\??\c:\bbtthb.exec:\bbtthb.exe212⤵
-
\??\c:\7jdvj.exec:\7jdvj.exe213⤵
-
\??\c:\jdpdj.exec:\jdpdj.exe214⤵
-
\??\c:\llflrfr.exec:\llflrfr.exe215⤵
-
\??\c:\tnbhth.exec:\tnbhth.exe216⤵
-
\??\c:\3ttbhn.exec:\3ttbhn.exe217⤵
-
\??\c:\ppjdp.exec:\ppjdp.exe218⤵
-
\??\c:\rfrxllx.exec:\rfrxllx.exe219⤵
-
\??\c:\rfrffxf.exec:\rfrffxf.exe220⤵
-
\??\c:\7bttnb.exec:\7bttnb.exe221⤵
-
\??\c:\nhbntb.exec:\nhbntb.exe222⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe223⤵
-
\??\c:\1lllrfr.exec:\1lllrfr.exe224⤵
-
\??\c:\7rlflrx.exec:\7rlflrx.exe225⤵
-
\??\c:\tnhtbn.exec:\tnhtbn.exe226⤵
-
\??\c:\ttnthh.exec:\ttnthh.exe227⤵
-
\??\c:\1vvjp.exec:\1vvjp.exe228⤵
-
\??\c:\ffllxfr.exec:\ffllxfr.exe229⤵
-
\??\c:\xxxlflf.exec:\xxxlflf.exe230⤵
-
\??\c:\bnnhnh.exec:\bnnhnh.exe231⤵
-
\??\c:\pjjpd.exec:\pjjpd.exe232⤵
-
\??\c:\jjdpv.exec:\jjdpv.exe233⤵
-
\??\c:\5xxfrfx.exec:\5xxfrfx.exe234⤵
-
\??\c:\htbnnh.exec:\htbnnh.exe235⤵
-
\??\c:\hbnbtb.exec:\hbnbtb.exe236⤵
-
\??\c:\ddvjd.exec:\ddvjd.exe237⤵
-
\??\c:\llffrff.exec:\llffrff.exe238⤵
-
\??\c:\lfrlrll.exec:\lfrlrll.exe239⤵
-
\??\c:\nhtbhh.exec:\nhtbhh.exe240⤵