Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
24-05-2024 01:27
General
-
Target
a4e5c0f35ab788354610390bb1656f151bff75980a7abc240d8741e55d41d2e6.exe
-
Size
82KB
-
MD5
599d2a837d0a2818dbfb4c8864813668
-
SHA1
17643fb49a1b657298f7641e80d483f10e93ea79
-
SHA256
a4e5c0f35ab788354610390bb1656f151bff75980a7abc240d8741e55d41d2e6
-
SHA512
9ffc85aefe23c93d05db12eb97ed13d11da0e802e7b019b3d8b31959cf399967e572bcb3ea071765f69d72fc79ee753ed3ca38551bda9c6ce3a482cfbc2c3425
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDInWeNCYGyA2R7JkZPsv7x:ymb3NkkiQ3mdBjFIWeFGyA9PE
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
UPX dump on OEP (original entry point) 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a4e5c0f35ab788354610390bb1656f151bff75980a7abc240d8741e55d41d2e6.exe"C:\Users\Admin\AppData\Local\Temp\a4e5c0f35ab788354610390bb1656f151bff75980a7abc240d8741e55d41d2e6.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7lxfrxl.exec:\7lxfrxl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjdj.exec:\ppjdj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxxflx.exec:\xxxxflx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrxrxf.exec:\llrxrxf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvjj.exec:\jjvjj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vdjd.exec:\3vdjd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lxrffl.exec:\5lxrffl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhhnt.exec:\nnhhnt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjpp.exec:\dvjpp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lflrxf.exec:\7lflrxf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrfxxl.exec:\xxrfxxl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbnhh.exec:\hbbnhh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jddp.exec:\3jddp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pddp.exec:\7pddp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllflfr.exec:\rllflfr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnhtb.exec:\ntnhtb.exe17⤵
- Executes dropped EXE
-
\??\c:\7vjpv.exec:\7vjpv.exe18⤵
- Executes dropped EXE
-
\??\c:\7vjvd.exec:\7vjvd.exe19⤵
- Executes dropped EXE
-
\??\c:\lfxflxf.exec:\lfxflxf.exe20⤵
- Executes dropped EXE
-
\??\c:\fxrrflr.exec:\fxrrflr.exe21⤵
- Executes dropped EXE
-
\??\c:\5nthth.exec:\5nthth.exe22⤵
- Executes dropped EXE
-
\??\c:\ppdpv.exec:\ppdpv.exe23⤵
- Executes dropped EXE
-
\??\c:\lffrffr.exec:\lffrffr.exe24⤵
- Executes dropped EXE
-
\??\c:\thhtnb.exec:\thhtnb.exe25⤵
- Executes dropped EXE
-
\??\c:\vvdvp.exec:\vvdvp.exe26⤵
- Executes dropped EXE
-
\??\c:\pvpdp.exec:\pvpdp.exe27⤵
- Executes dropped EXE
-
\??\c:\xfrfrxf.exec:\xfrfrxf.exe28⤵
- Executes dropped EXE
-
\??\c:\9nhnhh.exec:\9nhnhh.exe29⤵
- Executes dropped EXE
-
\??\c:\btthbt.exec:\btthbt.exe30⤵
- Executes dropped EXE
-
\??\c:\jddpv.exec:\jddpv.exe31⤵
- Executes dropped EXE
-
\??\c:\xxxxlrl.exec:\xxxxlrl.exe32⤵
- Executes dropped EXE
-
\??\c:\3frxflx.exec:\3frxflx.exe33⤵
-
\??\c:\btntht.exec:\btntht.exe34⤵
- Executes dropped EXE
-
\??\c:\vvpjv.exec:\vvpjv.exe35⤵
- Executes dropped EXE
-
\??\c:\rlfrrxf.exec:\rlfrrxf.exe36⤵
- Executes dropped EXE
-
\??\c:\llxxfxl.exec:\llxxfxl.exe37⤵
- Executes dropped EXE
-
\??\c:\hbhtth.exec:\hbhtth.exe38⤵
- Executes dropped EXE
-
\??\c:\7tntbb.exec:\7tntbb.exe39⤵
- Executes dropped EXE
-
\??\c:\vdjjv.exec:\vdjjv.exe40⤵
- Executes dropped EXE
-
\??\c:\9dddd.exec:\9dddd.exe41⤵
- Executes dropped EXE
-
\??\c:\rflflrr.exec:\rflflrr.exe42⤵
- Executes dropped EXE
-
\??\c:\bbtbtn.exec:\bbtbtn.exe43⤵
- Executes dropped EXE
-
\??\c:\9hhhnt.exec:\9hhhnt.exe44⤵
- Executes dropped EXE
-
\??\c:\vpvdd.exec:\vpvdd.exe45⤵
- Executes dropped EXE
-
\??\c:\vvpvp.exec:\vvpvp.exe46⤵
- Executes dropped EXE
-
\??\c:\9lfrrrx.exec:\9lfrrrx.exe47⤵
- Executes dropped EXE
-
\??\c:\fxrfflx.exec:\fxrfflx.exe48⤵
- Executes dropped EXE
-
\??\c:\nnbhtb.exec:\nnbhtb.exe49⤵
- Executes dropped EXE
-
\??\c:\bnbhhh.exec:\bnbhhh.exe50⤵
- Executes dropped EXE
-
\??\c:\pjvvd.exec:\pjvvd.exe51⤵
- Executes dropped EXE
-
\??\c:\dvpvv.exec:\dvpvv.exe52⤵
- Executes dropped EXE
-
\??\c:\1rrxrxl.exec:\1rrxrxl.exe53⤵
- Executes dropped EXE
-
\??\c:\lxlxlfl.exec:\lxlxlfl.exe54⤵
- Executes dropped EXE
-
\??\c:\tnnnhh.exec:\tnnnhh.exe55⤵
- Executes dropped EXE
-
\??\c:\jdvjj.exec:\jdvjj.exe56⤵
- Executes dropped EXE
-
\??\c:\llxxxfr.exec:\llxxxfr.exe57⤵
- Executes dropped EXE
-
\??\c:\rlffxxf.exec:\rlffxxf.exe58⤵
- Executes dropped EXE
-
\??\c:\3hbbhh.exec:\3hbbhh.exe59⤵
- Executes dropped EXE
-
\??\c:\1bntbn.exec:\1bntbn.exe60⤵
- Executes dropped EXE
-
\??\c:\vvdjp.exec:\vvdjp.exe61⤵
- Executes dropped EXE
-
\??\c:\9vdpj.exec:\9vdpj.exe62⤵
- Executes dropped EXE
-
\??\c:\7xxfllr.exec:\7xxfllr.exe63⤵
- Executes dropped EXE
-
\??\c:\xrffllf.exec:\xrffllf.exe64⤵
- Executes dropped EXE
-
\??\c:\bthhnn.exec:\bthhnn.exe65⤵
- Executes dropped EXE
-
\??\c:\vvddv.exec:\vvddv.exe66⤵
- Executes dropped EXE
-
\??\c:\vpvdj.exec:\vpvdj.exe67⤵
-
\??\c:\7xlllrx.exec:\7xlllrx.exe68⤵
-
\??\c:\rlxfrlr.exec:\rlxfrlr.exe69⤵
-
\??\c:\1htbhh.exec:\1htbhh.exe70⤵
-
\??\c:\bbnntt.exec:\bbnntt.exe71⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe72⤵
-
\??\c:\rfrxxxf.exec:\rfrxxxf.exe73⤵
-
\??\c:\1fxxxxl.exec:\1fxxxxl.exe74⤵
-
\??\c:\bnbbnn.exec:\bnbbnn.exe75⤵
-
\??\c:\nbhntb.exec:\nbhntb.exe76⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe77⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe78⤵
-
\??\c:\1xrflxf.exec:\1xrflxf.exe79⤵
-
\??\c:\fxlrlrx.exec:\fxlrlrx.exe80⤵
-
\??\c:\nhtnbn.exec:\nhtnbn.exe81⤵
-
\??\c:\1nbttt.exec:\1nbttt.exe82⤵
-
\??\c:\7ppvj.exec:\7ppvj.exe83⤵
-
\??\c:\pjppv.exec:\pjppv.exe84⤵
-
\??\c:\rfrrrrx.exec:\rfrrrrx.exe85⤵
-
\??\c:\rlxffxr.exec:\rlxffxr.exe86⤵
-
\??\c:\5hntnh.exec:\5hntnh.exe87⤵
-
\??\c:\nhnnhn.exec:\nhnnhn.exe88⤵
-
\??\c:\7jddp.exec:\7jddp.exe89⤵
-
\??\c:\1jpjj.exec:\1jpjj.exe90⤵
-
\??\c:\7flllrx.exec:\7flllrx.exe91⤵
-
\??\c:\rlfxxfr.exec:\rlfxxfr.exe92⤵
-
\??\c:\nhthtt.exec:\nhthtt.exe93⤵
-
\??\c:\thtbbh.exec:\thtbbh.exe94⤵
-
\??\c:\jvpjp.exec:\jvpjp.exe95⤵
-
\??\c:\jdjvj.exec:\jdjvj.exe96⤵
-
\??\c:\rllllfl.exec:\rllllfl.exe97⤵
-
\??\c:\xrfxffl.exec:\xrfxffl.exe98⤵
-
\??\c:\rlxffxr.exec:\rlxffxr.exe99⤵
-
\??\c:\3bnhht.exec:\3bnhht.exe100⤵
-
\??\c:\9htbnn.exec:\9htbnn.exe101⤵
-
\??\c:\7dvpj.exec:\7dvpj.exe102⤵
-
\??\c:\jdvpv.exec:\jdvpv.exe103⤵
-
\??\c:\1rffllr.exec:\1rffllr.exe104⤵
-
\??\c:\tnbhhh.exec:\tnbhhh.exe105⤵
-
\??\c:\3nbbnt.exec:\3nbbnt.exe106⤵
-
\??\c:\3vvvj.exec:\3vvvj.exe107⤵
-
\??\c:\7pvpd.exec:\7pvpd.exe108⤵
-
\??\c:\7rfxrxf.exec:\7rfxrxf.exe109⤵
-
\??\c:\lxlrrxf.exec:\lxlrrxf.exe110⤵
-
\??\c:\5hbnbh.exec:\5hbnbh.exe111⤵
-
\??\c:\nhbbhh.exec:\nhbbhh.exe112⤵
-
\??\c:\hbntbb.exec:\hbntbb.exe113⤵
-
\??\c:\3pvvd.exec:\3pvvd.exe114⤵
-
\??\c:\xrxrxxx.exec:\xrxrxxx.exe115⤵
-
\??\c:\fxxxffr.exec:\fxxxffr.exe116⤵
-
\??\c:\xlxfxxx.exec:\xlxfxxx.exe117⤵
-
\??\c:\htbhhb.exec:\htbhhb.exe118⤵
-
\??\c:\nbtbnn.exec:\nbtbnn.exe119⤵
-
\??\c:\dvjpj.exec:\dvjpj.exe120⤵
-
\??\c:\5vjjj.exec:\5vjjj.exe121⤵
-
\??\c:\xrlrlxx.exec:\xrlrlxx.exe122⤵
-
\??\c:\lxlxllx.exec:\lxlxllx.exe123⤵
-
\??\c:\5bntnt.exec:\5bntnt.exe124⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe125⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe126⤵
-
\??\c:\dvdpd.exec:\dvdpd.exe127⤵
-
\??\c:\lxlllll.exec:\lxlllll.exe128⤵
-
\??\c:\lflfrrx.exec:\lflfrrx.exe129⤵
-
\??\c:\nnhnbt.exec:\nnhnbt.exe130⤵
-
\??\c:\hhtnht.exec:\hhtnht.exe131⤵
-
\??\c:\vddvd.exec:\vddvd.exe132⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe133⤵
-
\??\c:\frffflr.exec:\frffflr.exe134⤵
-
\??\c:\rlrrffl.exec:\rlrrffl.exe135⤵
-
\??\c:\nhtnbn.exec:\nhtnbn.exe136⤵
-
\??\c:\5bnntb.exec:\5bnntb.exe137⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe138⤵
-
\??\c:\1pppp.exec:\1pppp.exe139⤵
-
\??\c:\fxxlrxf.exec:\fxxlrxf.exe140⤵
-
\??\c:\fxlrffr.exec:\fxlrffr.exe141⤵
-
\??\c:\nbnnbh.exec:\nbnnbh.exe142⤵
-
\??\c:\djjdj.exec:\djjdj.exe143⤵
-
\??\c:\lrflxfx.exec:\lrflxfx.exe144⤵
-
\??\c:\flxrrlf.exec:\flxrrlf.exe145⤵
-
\??\c:\btthhh.exec:\btthhh.exe146⤵
-
\??\c:\1bhhnt.exec:\1bhhnt.exe147⤵
-
\??\c:\9jjjp.exec:\9jjjp.exe148⤵
-
\??\c:\ppdjj.exec:\ppdjj.exe149⤵
-
\??\c:\rrlxlrf.exec:\rrlxlrf.exe150⤵
-
\??\c:\rffrxrf.exec:\rffrxrf.exe151⤵
-
\??\c:\nhhtht.exec:\nhhtht.exe152⤵
-
\??\c:\1pdpv.exec:\1pdpv.exe153⤵
-
\??\c:\5jdpd.exec:\5jdpd.exe154⤵
-
\??\c:\7fxxxxl.exec:\7fxxxxl.exe155⤵
-
\??\c:\ffrflxl.exec:\ffrflxl.exe156⤵
-
\??\c:\thbntb.exec:\thbntb.exe157⤵
-
\??\c:\1hhhnh.exec:\1hhhnh.exe158⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe159⤵
-
\??\c:\1jvvv.exec:\1jvvv.exe160⤵
-
\??\c:\rlxfxrl.exec:\rlxfxrl.exe161⤵
-
\??\c:\9xxrflr.exec:\9xxrflr.exe162⤵
-
\??\c:\hbnnbb.exec:\hbnnbb.exe163⤵
-
\??\c:\thbntb.exec:\thbntb.exe164⤵
-
\??\c:\pvpjp.exec:\pvpjp.exe165⤵
-
\??\c:\pjddj.exec:\pjddj.exe166⤵
-
\??\c:\7lrflrf.exec:\7lrflrf.exe167⤵
-
\??\c:\bthtnt.exec:\bthtnt.exe168⤵
-
\??\c:\nhbntb.exec:\nhbntb.exe169⤵
-
\??\c:\5jjpp.exec:\5jjpp.exe170⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe171⤵
-
\??\c:\xrflrrx.exec:\xrflrrx.exe172⤵
-
\??\c:\ffrxlrx.exec:\ffrxlrx.exe173⤵
-
\??\c:\3nnhbh.exec:\3nnhbh.exe174⤵
-
\??\c:\nhhttb.exec:\nhhttb.exe175⤵
-
\??\c:\3pvjv.exec:\3pvjv.exe176⤵
-
\??\c:\lfflfxl.exec:\lfflfxl.exe177⤵
-
\??\c:\5lrrxfr.exec:\5lrrxfr.exe178⤵
-
\??\c:\bbntbt.exec:\bbntbt.exe179⤵
-
\??\c:\bbhhtb.exec:\bbhhtb.exe180⤵
-
\??\c:\jdppv.exec:\jdppv.exe181⤵
-
\??\c:\3ffffrx.exec:\3ffffrx.exe182⤵
-
\??\c:\lfllrxl.exec:\lfllrxl.exe183⤵
-
\??\c:\btbntb.exec:\btbntb.exe184⤵
-
\??\c:\hbtbhh.exec:\hbtbhh.exe185⤵
-
\??\c:\dddjd.exec:\dddjd.exe186⤵
-
\??\c:\dppdj.exec:\dppdj.exe187⤵
-
\??\c:\lxllllx.exec:\lxllllx.exe188⤵
-
\??\c:\1nhthh.exec:\1nhthh.exe189⤵
-
\??\c:\jdjvd.exec:\jdjvd.exe190⤵
-
\??\c:\jdvjj.exec:\jdvjj.exe191⤵
-
\??\c:\rrfllrf.exec:\rrfllrf.exe192⤵
-
\??\c:\xxrrxfl.exec:\xxrrxfl.exe193⤵
-
\??\c:\nnhthh.exec:\nnhthh.exe194⤵
-
\??\c:\vvvpv.exec:\vvvpv.exe195⤵
-
\??\c:\1jppd.exec:\1jppd.exe196⤵
-
\??\c:\rlxfxlx.exec:\rlxfxlx.exe197⤵
-
\??\c:\lxrlrxf.exec:\lxrlrxf.exe198⤵
-
\??\c:\hbbhnt.exec:\hbbhnt.exe199⤵
-
\??\c:\7bbtbh.exec:\7bbtbh.exe200⤵
-
\??\c:\jjvdj.exec:\jjvdj.exe201⤵
-
\??\c:\3jjpp.exec:\3jjpp.exe202⤵
-
\??\c:\xlxflrx.exec:\xlxflrx.exe203⤵
-
\??\c:\fxfrllr.exec:\fxfrllr.exe204⤵
-
\??\c:\btnbnn.exec:\btnbnn.exe205⤵
-
\??\c:\tnbnhn.exec:\tnbnhn.exe206⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe207⤵
-
\??\c:\djppp.exec:\djppp.exe208⤵
-
\??\c:\xxlrllf.exec:\xxlrllf.exe209⤵
-
\??\c:\xxfrflx.exec:\xxfrflx.exe210⤵
-
\??\c:\9bbhtt.exec:\9bbhtt.exe211⤵
-
\??\c:\hbnbhh.exec:\hbnbhh.exe212⤵
-
\??\c:\5jdjv.exec:\5jdjv.exe213⤵
-
\??\c:\9vvpv.exec:\9vvpv.exe214⤵
-
\??\c:\frxffrx.exec:\frxffrx.exe215⤵
-
\??\c:\nhnbtt.exec:\nhnbtt.exe216⤵
-
\??\c:\9ttbbn.exec:\9ttbbn.exe217⤵
-
\??\c:\jdvjv.exec:\jdvjv.exe218⤵
-
\??\c:\jjjdj.exec:\jjjdj.exe219⤵
-
\??\c:\xxrrxfl.exec:\xxrrxfl.exe220⤵
-
\??\c:\1rffllr.exec:\1rffllr.exe221⤵
-
\??\c:\tnbnhn.exec:\tnbnhn.exe222⤵
-
\??\c:\9nhhnb.exec:\9nhhnb.exe223⤵
-
\??\c:\1vjdd.exec:\1vjdd.exe224⤵
-
\??\c:\pdvvj.exec:\pdvvj.exe225⤵
-
\??\c:\5rrxffr.exec:\5rrxffr.exe226⤵
-
\??\c:\xlxfrlr.exec:\xlxfrlr.exe227⤵
-
\??\c:\btbnhh.exec:\btbnhh.exe228⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe229⤵
-
\??\c:\djpdp.exec:\djpdp.exe230⤵
-
\??\c:\xrflxfr.exec:\xrflxfr.exe231⤵
-
\??\c:\3xrlffl.exec:\3xrlffl.exe232⤵
-
\??\c:\hhtbhn.exec:\hhtbhn.exe233⤵
-
\??\c:\btbbtb.exec:\btbbtb.exe234⤵
-
\??\c:\3vppv.exec:\3vppv.exe235⤵
-
\??\c:\9jjjv.exec:\9jjjv.exe236⤵
-
\??\c:\7xflrrx.exec:\7xflrrx.exe237⤵
-
\??\c:\rrrlxfl.exec:\rrrlxfl.exe238⤵
-
\??\c:\hbhnbn.exec:\hbhnbn.exe239⤵
-
\??\c:\nhbntb.exec:\nhbntb.exe240⤵