Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
24-05-2024 04:00
General
-
Target
a1dd0b0af2d9c7e40a9dd1651461d0d02e5d0e326b2eb96bcaac844e88aba736.exe
-
Size
56KB
-
MD5
1119de8e6d435ad08c4fa3f56724df80
-
SHA1
788c1cfdd35597b5aa8b1b951618ea286bd537e6
-
SHA256
a1dd0b0af2d9c7e40a9dd1651461d0d02e5d0e326b2eb96bcaac844e88aba736
-
SHA512
1406225dba4a79c0ee943e02aeaeb08e2ac685f96e2add54b81ff5c747e896ef9033699d64863cc3f84b0fd0335b323b9bf93ca2be7be826f71e15ba31e9f8e0
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb6tZ9bA:ymb3NkkiQ3mdBjFIb6tZNA
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a1dd0b0af2d9c7e40a9dd1651461d0d02e5d0e326b2eb96bcaac844e88aba736.exe"C:\Users\Admin\AppData\Local\Temp\a1dd0b0af2d9c7e40a9dd1651461d0d02e5d0e326b2eb96bcaac844e88aba736.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdjv.exec:\dvdjv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvjj.exec:\ddvjj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbhh.exec:\nhtbhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jpdp.exec:\7jpdp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthbtt.exec:\bthbtt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjpj.exec:\jdjpj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jddd.exec:\5jddd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xxfflf.exec:\1xxfflf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnnth.exec:\btnnth.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpvd.exec:\vjpvd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdj.exec:\jdjdj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rlllfr.exec:\1rlllfr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnhnh.exec:\thnhnh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnttt.exec:\ntnttt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdpd.exec:\dvdpd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvdj.exec:\jdvdj.exe17⤵
- Executes dropped EXE
-
\??\c:\fxrxffr.exec:\fxrxffr.exe18⤵
- Executes dropped EXE
-
\??\c:\nhtthh.exec:\nhtthh.exe19⤵
- Executes dropped EXE
-
\??\c:\btnhnh.exec:\btnhnh.exe20⤵
- Executes dropped EXE
-
\??\c:\jdpjp.exec:\jdpjp.exe21⤵
- Executes dropped EXE
-
\??\c:\fxlrffr.exec:\fxlrffr.exe22⤵
- Executes dropped EXE
-
\??\c:\rfrxflr.exec:\rfrxflr.exe23⤵
- Executes dropped EXE
-
\??\c:\1tbtbh.exec:\1tbtbh.exe24⤵
- Executes dropped EXE
-
\??\c:\vjvvj.exec:\vjvvj.exe25⤵
- Executes dropped EXE
-
\??\c:\vvvjv.exec:\vvvjv.exe26⤵
- Executes dropped EXE
-
\??\c:\7lflrxf.exec:\7lflrxf.exe27⤵
- Executes dropped EXE
-
\??\c:\1bhnnt.exec:\1bhnnt.exe28⤵
- Executes dropped EXE
-
\??\c:\dvpvv.exec:\dvpvv.exe29⤵
- Executes dropped EXE
-
\??\c:\rlfrxfl.exec:\rlfrxfl.exe30⤵
- Executes dropped EXE
-
\??\c:\bthntt.exec:\bthntt.exe31⤵
- Executes dropped EXE
-
\??\c:\bbhtbn.exec:\bbhtbn.exe32⤵
- Executes dropped EXE
-
\??\c:\jjvdv.exec:\jjvdv.exe33⤵
- Executes dropped EXE
-
\??\c:\1rrrffr.exec:\1rrrffr.exe34⤵
- Executes dropped EXE
-
\??\c:\1frxlxf.exec:\1frxlxf.exe35⤵
- Executes dropped EXE
-
\??\c:\5bbthh.exec:\5bbthh.exe36⤵
- Executes dropped EXE
-
\??\c:\5nbbhb.exec:\5nbbhb.exe37⤵
- Executes dropped EXE
-
\??\c:\jdpvp.exec:\jdpvp.exe38⤵
- Executes dropped EXE
-
\??\c:\lxfflfl.exec:\lxfflfl.exe39⤵
- Executes dropped EXE
-
\??\c:\fxlrfrx.exec:\fxlrfrx.exe40⤵
- Executes dropped EXE
-
\??\c:\hbnbnn.exec:\hbnbnn.exe41⤵
- Executes dropped EXE
-
\??\c:\7htbhb.exec:\7htbhb.exe42⤵
- Executes dropped EXE
-
\??\c:\pjpvj.exec:\pjpvj.exe43⤵
- Executes dropped EXE
-
\??\c:\dvvvj.exec:\dvvvj.exe44⤵
- Executes dropped EXE
-
\??\c:\7xlrrfl.exec:\7xlrrfl.exe45⤵
- Executes dropped EXE
-
\??\c:\xrflxxf.exec:\xrflxxf.exe46⤵
- Executes dropped EXE
-
\??\c:\3tnntt.exec:\3tnntt.exe47⤵
- Executes dropped EXE
-
\??\c:\bnbttn.exec:\bnbttn.exe48⤵
- Executes dropped EXE
-
\??\c:\pdpvp.exec:\pdpvp.exe49⤵
- Executes dropped EXE
-
\??\c:\3fflffr.exec:\3fflffr.exe50⤵
- Executes dropped EXE
-
\??\c:\xrrxfxl.exec:\xrrxfxl.exe51⤵
- Executes dropped EXE
-
\??\c:\tnnnnn.exec:\tnnnnn.exe52⤵
- Executes dropped EXE
-
\??\c:\hbtbnt.exec:\hbtbnt.exe53⤵
- Executes dropped EXE
-
\??\c:\dvvdj.exec:\dvvdj.exe54⤵
- Executes dropped EXE
-
\??\c:\jjdjp.exec:\jjdjp.exe55⤵
- Executes dropped EXE
-
\??\c:\xrflrfl.exec:\xrflrfl.exe56⤵
- Executes dropped EXE
-
\??\c:\rlrxfll.exec:\rlrxfll.exe57⤵
- Executes dropped EXE
-
\??\c:\btbhnn.exec:\btbhnn.exe58⤵
- Executes dropped EXE
-
\??\c:\htbbnn.exec:\htbbnn.exe59⤵
- Executes dropped EXE
-
\??\c:\pdpdv.exec:\pdpdv.exe60⤵
- Executes dropped EXE
-
\??\c:\vpjvd.exec:\vpjvd.exe61⤵
- Executes dropped EXE
-
\??\c:\xrlrxrx.exec:\xrlrxrx.exe62⤵
- Executes dropped EXE
-
\??\c:\rlxxffr.exec:\rlxxffr.exe63⤵
- Executes dropped EXE
-
\??\c:\nhtbnt.exec:\nhtbnt.exe64⤵
- Executes dropped EXE
-
\??\c:\bnbhhh.exec:\bnbhhh.exe65⤵
- Executes dropped EXE
-
\??\c:\3vppv.exec:\3vppv.exe66⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe67⤵
-
\??\c:\xrlfrrx.exec:\xrlfrrx.exe68⤵
-
\??\c:\xlrllrr.exec:\xlrllrr.exe69⤵
-
\??\c:\7fxxrrl.exec:\7fxxrrl.exe70⤵
-
\??\c:\5htbhn.exec:\5htbhn.exe71⤵
-
\??\c:\tnbhnh.exec:\tnbhnh.exe72⤵
-
\??\c:\dvddv.exec:\dvddv.exe73⤵
-
\??\c:\jjjjp.exec:\jjjjp.exe74⤵
-
\??\c:\xrlrxxf.exec:\xrlrxxf.exe75⤵
-
\??\c:\lflrxxf.exec:\lflrxxf.exe76⤵
-
\??\c:\bnbnbn.exec:\bnbnbn.exe77⤵
-
\??\c:\bnbnnn.exec:\bnbnnn.exe78⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe79⤵
-
\??\c:\vjpjp.exec:\vjpjp.exe80⤵
-
\??\c:\lfxfrrf.exec:\lfxfrrf.exe81⤵
-
\??\c:\7thbhh.exec:\7thbhh.exe82⤵
-
\??\c:\hbnbhh.exec:\hbnbhh.exe83⤵
-
\??\c:\5vddp.exec:\5vddp.exe84⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe85⤵
-
\??\c:\lfrfflr.exec:\lfrfflr.exe86⤵
-
\??\c:\xrxfflr.exec:\xrxfflr.exe87⤵
-
\??\c:\nhttbt.exec:\nhttbt.exe88⤵
-
\??\c:\btttbb.exec:\btttbb.exe89⤵
-
\??\c:\vpjjj.exec:\vpjjj.exe90⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe91⤵
-
\??\c:\xrlllll.exec:\xrlllll.exe92⤵
-
\??\c:\rlxfrlx.exec:\rlxfrlx.exe93⤵
-
\??\c:\1btbnt.exec:\1btbnt.exe94⤵
-
\??\c:\9bnnbh.exec:\9bnnbh.exe95⤵
-
\??\c:\1vjdd.exec:\1vjdd.exe96⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe97⤵
-
\??\c:\fxfflrf.exec:\fxfflrf.exe98⤵
-
\??\c:\1fxfffl.exec:\1fxfffl.exe99⤵
-
\??\c:\htbtbh.exec:\htbtbh.exe100⤵
-
\??\c:\tnbbnn.exec:\tnbbnn.exe101⤵
-
\??\c:\dvdjd.exec:\dvdjd.exe102⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe103⤵
-
\??\c:\7xxffff.exec:\7xxffff.exe104⤵
-
\??\c:\7rxxxxx.exec:\7rxxxxx.exe105⤵
-
\??\c:\bbthtn.exec:\bbthtn.exe106⤵
-
\??\c:\btnttb.exec:\btnttb.exe107⤵
-
\??\c:\jdppd.exec:\jdppd.exe108⤵
-
\??\c:\vvpdv.exec:\vvpdv.exe109⤵
-
\??\c:\lxlllrx.exec:\lxlllrx.exe110⤵
-
\??\c:\ffxlxxf.exec:\ffxlxxf.exe111⤵
-
\??\c:\1nbhtb.exec:\1nbhtb.exe112⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe113⤵
-
\??\c:\jvpjp.exec:\jvpjp.exe114⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe115⤵
-
\??\c:\llflrxf.exec:\llflrxf.exe116⤵
-
\??\c:\tnhntt.exec:\tnhntt.exe117⤵
-
\??\c:\nbnhhh.exec:\nbnhhh.exe118⤵
-
\??\c:\nhtttn.exec:\nhtttn.exe119⤵
-
\??\c:\pjdvd.exec:\pjdvd.exe120⤵
-
\??\c:\9vddj.exec:\9vddj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-