Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
24-05-2024 04:07
General
-
Target
db422738d1b517bcb4fc386f29c67dc4e937fb7700d18c29e0ce327669222fef.exe
-
Size
95KB
-
MD5
bbab3adcd6ac40959876a4e811a36444
-
SHA1
bfd24f1ac2e345c34e223cf39a999c898d5ad758
-
SHA256
db422738d1b517bcb4fc386f29c67dc4e937fb7700d18c29e0ce327669222fef
-
SHA512
f44240ce6aa5cfbbf50c31a03d242cf8a1a0ff1f2b006b2870542c4c0b66580d470c90537f7a2acb9dd2fd7b8b7447d5703334a4d6e4e5ea541e80b98e2ebdfa
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIkpi+qP1hvZo66Ox4oq2SQwfTQ0:ymb3NkkiQ3mdBjFIj+qNhvZuHQY00
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
UPX dump on OEP (original entry point) 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\db422738d1b517bcb4fc386f29c67dc4e937fb7700d18c29e0ce327669222fef.exe"C:\Users\Admin\AppData\Local\Temp\db422738d1b517bcb4fc386f29c67dc4e937fb7700d18c29e0ce327669222fef.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvdp.exec:\vpvdp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxllxr.exec:\rrxllxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnbbb.exec:\nbnbbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vddj.exec:\9vddj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxllflr.exec:\lxllflr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrrfxf.exec:\fxrrfxf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9frrxfl.exec:\9frrxfl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nbhhh.exec:\1nbhhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddj.exec:\dvddj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrffrrl.exec:\rrffrrl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrlrxx.exec:\rfrlrxx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnthth.exec:\tnthth.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pjdd.exec:\1pjdd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjjj.exec:\pdjjj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfllfl.exec:\frfllfl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtbhn.exec:\hhtbhn.exe17⤵
- Executes dropped EXE
-
\??\c:\nbhbbt.exec:\nbhbbt.exe18⤵
- Executes dropped EXE
-
\??\c:\vjjpv.exec:\vjjpv.exe19⤵
- Executes dropped EXE
-
\??\c:\dvppv.exec:\dvppv.exe20⤵
- Executes dropped EXE
-
\??\c:\3flfrrf.exec:\3flfrrf.exe21⤵
- Executes dropped EXE
-
\??\c:\7nhhtb.exec:\7nhhtb.exe22⤵
- Executes dropped EXE
-
\??\c:\nhtbbh.exec:\nhtbbh.exe23⤵
- Executes dropped EXE
-
\??\c:\pjvpv.exec:\pjvpv.exe24⤵
- Executes dropped EXE
-
\??\c:\pjjvv.exec:\pjjvv.exe25⤵
- Executes dropped EXE
-
\??\c:\xllffxf.exec:\xllffxf.exe26⤵
- Executes dropped EXE
-
\??\c:\5lxlllr.exec:\5lxlllr.exe27⤵
- Executes dropped EXE
-
\??\c:\nbnnnh.exec:\nbnnnh.exe28⤵
- Executes dropped EXE
-
\??\c:\nnhbbn.exec:\nnhbbn.exe29⤵
- Executes dropped EXE
-
\??\c:\pjddp.exec:\pjddp.exe30⤵
- Executes dropped EXE
-
\??\c:\3xrrxxf.exec:\3xrrxxf.exe31⤵
- Executes dropped EXE
-
\??\c:\frxrrrr.exec:\frxrrrr.exe32⤵
- Executes dropped EXE
-
\??\c:\hhttbh.exec:\hhttbh.exe33⤵
- Executes dropped EXE
-
\??\c:\jjpjj.exec:\jjpjj.exe34⤵
- Executes dropped EXE
-
\??\c:\5jjvj.exec:\5jjvj.exe35⤵
- Executes dropped EXE
-
\??\c:\lfrxlfl.exec:\lfrxlfl.exe36⤵
- Executes dropped EXE
-
\??\c:\rlrxxlx.exec:\rlrxxlx.exe37⤵
- Executes dropped EXE
-
\??\c:\nhthbb.exec:\nhthbb.exe38⤵
- Executes dropped EXE
-
\??\c:\btbhtb.exec:\btbhtb.exe39⤵
- Executes dropped EXE
-
\??\c:\vvdjj.exec:\vvdjj.exe40⤵
- Executes dropped EXE
-
\??\c:\jjpdp.exec:\jjpdp.exe41⤵
- Executes dropped EXE
-
\??\c:\5lllffl.exec:\5lllffl.exe42⤵
- Executes dropped EXE
-
\??\c:\3nbhhh.exec:\3nbhhh.exe43⤵
- Executes dropped EXE
-
\??\c:\tntbbb.exec:\tntbbb.exe44⤵
- Executes dropped EXE
-
\??\c:\vjdjp.exec:\vjdjp.exe45⤵
- Executes dropped EXE
-
\??\c:\5vppd.exec:\5vppd.exe46⤵
- Executes dropped EXE
-
\??\c:\3rxrxxf.exec:\3rxrxxf.exe47⤵
- Executes dropped EXE
-
\??\c:\fxrrxrf.exec:\fxrrxrf.exe48⤵
- Executes dropped EXE
-
\??\c:\xlxlrrr.exec:\xlxlrrr.exe49⤵
- Executes dropped EXE
-
\??\c:\tnttbh.exec:\tnttbh.exe50⤵
- Executes dropped EXE
-
\??\c:\nbhnnt.exec:\nbhnnt.exe51⤵
- Executes dropped EXE
-
\??\c:\jdjdp.exec:\jdjdp.exe52⤵
- Executes dropped EXE
-
\??\c:\vvpvj.exec:\vvpvj.exe53⤵
- Executes dropped EXE
-
\??\c:\3lfllxr.exec:\3lfllxr.exe54⤵
- Executes dropped EXE
-
\??\c:\rrlrffr.exec:\rrlrffr.exe55⤵
- Executes dropped EXE
-
\??\c:\bbtnht.exec:\bbtnht.exe56⤵
- Executes dropped EXE
-
\??\c:\jjddp.exec:\jjddp.exe57⤵
- Executes dropped EXE
-
\??\c:\5jvjj.exec:\5jvjj.exe58⤵
- Executes dropped EXE
-
\??\c:\fxrxxfx.exec:\fxrxxfx.exe59⤵
- Executes dropped EXE
-
\??\c:\llfrlll.exec:\llfrlll.exe60⤵
- Executes dropped EXE
-
\??\c:\tnbbnn.exec:\tnbbnn.exe61⤵
- Executes dropped EXE
-
\??\c:\3nthtn.exec:\3nthtn.exe62⤵
- Executes dropped EXE
-
\??\c:\ppjpd.exec:\ppjpd.exe63⤵
- Executes dropped EXE
-
\??\c:\5jdjj.exec:\5jdjj.exe64⤵
- Executes dropped EXE
-
\??\c:\9lllrrx.exec:\9lllrrx.exe65⤵
- Executes dropped EXE
-
\??\c:\fxlrxxx.exec:\fxlrxxx.exe66⤵
-
\??\c:\3tthbn.exec:\3tthbn.exe67⤵
-
\??\c:\1nhnbb.exec:\1nhnbb.exe68⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe69⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe70⤵
-
\??\c:\bnbtbn.exec:\bnbtbn.exe71⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe72⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe73⤵
-
\??\c:\5frxlrx.exec:\5frxlrx.exe74⤵
-
\??\c:\lffxxxf.exec:\lffxxxf.exe75⤵
-
\??\c:\frxxffl.exec:\frxxffl.exe76⤵
-
\??\c:\7thhhb.exec:\7thhhb.exe77⤵
-
\??\c:\9tbhtb.exec:\9tbhtb.exe78⤵
-
\??\c:\dvpvp.exec:\dvpvp.exe79⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe80⤵
-
\??\c:\rxlxfff.exec:\rxlxfff.exe81⤵
-
\??\c:\3xlllll.exec:\3xlllll.exe82⤵
-
\??\c:\tntthh.exec:\tntthh.exe83⤵
-
\??\c:\5hbbbn.exec:\5hbbbn.exe84⤵
-
\??\c:\jvdvd.exec:\jvdvd.exe85⤵
-
\??\c:\jjdpj.exec:\jjdpj.exe86⤵
-
\??\c:\lfflffr.exec:\lfflffr.exe87⤵
-
\??\c:\lfrrfxx.exec:\lfrrfxx.exe88⤵
-
\??\c:\tbbbtb.exec:\tbbbtb.exe89⤵
-
\??\c:\hthbbb.exec:\hthbbb.exe90⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe91⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe92⤵
-
\??\c:\rlrxlrf.exec:\rlrxlrf.exe93⤵
-
\??\c:\1ffflrr.exec:\1ffflrr.exe94⤵
-
\??\c:\btbhbn.exec:\btbhbn.exe95⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe96⤵
-
\??\c:\jdppv.exec:\jdppv.exe97⤵
-
\??\c:\3jjjp.exec:\3jjjp.exe98⤵
-
\??\c:\lfrflrf.exec:\lfrflrf.exe99⤵
-
\??\c:\rflrffl.exec:\rflrffl.exe100⤵
-
\??\c:\ffxllrf.exec:\ffxllrf.exe101⤵
-
\??\c:\tthnht.exec:\tthnht.exe102⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe103⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe104⤵
-
\??\c:\7rfrlxf.exec:\7rfrlxf.exe105⤵
-
\??\c:\rflrllx.exec:\rflrllx.exe106⤵
-
\??\c:\3thttn.exec:\3thttn.exe107⤵
-
\??\c:\thbhbb.exec:\thbhbb.exe108⤵
-
\??\c:\pjvjp.exec:\pjvjp.exe109⤵
-
\??\c:\7rllxff.exec:\7rllxff.exe110⤵
-
\??\c:\fxfffff.exec:\fxfffff.exe111⤵
-
\??\c:\3xxlrxl.exec:\3xxlrxl.exe112⤵
-
\??\c:\thhhth.exec:\thhhth.exe113⤵
-
\??\c:\pjjvj.exec:\pjjvj.exe114⤵
-
\??\c:\1pdjv.exec:\1pdjv.exe115⤵
-
\??\c:\xrxxllx.exec:\xrxxllx.exe116⤵
-
\??\c:\bhthnb.exec:\bhthnb.exe117⤵
-
\??\c:\hbbbhb.exec:\hbbbhb.exe118⤵
-
\??\c:\ppjvj.exec:\ppjvj.exe119⤵
-
\??\c:\vdvvv.exec:\vdvvv.exe120⤵
-
\??\c:\7rxrrlr.exec:\7rxrrlr.exe121⤵
-
\??\c:\7bnnbh.exec:\7bnnbh.exe122⤵
-
\??\c:\nhnthh.exec:\nhnthh.exe123⤵
-
\??\c:\dppjp.exec:\dppjp.exe124⤵
-
\??\c:\3jjvj.exec:\3jjvj.exe125⤵
-
\??\c:\fxrfllx.exec:\fxrfllx.exe126⤵
-
\??\c:\llrxfff.exec:\llrxfff.exe127⤵
-
\??\c:\nbnnnh.exec:\nbnnnh.exe128⤵
-
\??\c:\bthhnn.exec:\bthhnn.exe129⤵
-
\??\c:\5tnnbh.exec:\5tnnbh.exe130⤵
-
\??\c:\7vjpp.exec:\7vjpp.exe131⤵
-
\??\c:\xrlxflr.exec:\xrlxflr.exe132⤵
-
\??\c:\9rflrxf.exec:\9rflrxf.exe133⤵
-
\??\c:\5hntbt.exec:\5hntbt.exe134⤵
-
\??\c:\9hhtth.exec:\9hhtth.exe135⤵
-
\??\c:\btnttn.exec:\btnttn.exe136⤵
-
\??\c:\3vddp.exec:\3vddp.exe137⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe138⤵
-
\??\c:\xrxrlll.exec:\xrxrlll.exe139⤵
-
\??\c:\xxrrrrr.exec:\xxrrrrr.exe140⤵
-
\??\c:\ntbtnn.exec:\ntbtnn.exe141⤵
-
\??\c:\tntthh.exec:\tntthh.exe142⤵
-
\??\c:\ddvvp.exec:\ddvvp.exe143⤵
-
\??\c:\7vjdd.exec:\7vjdd.exe144⤵
-
\??\c:\fxlrxxf.exec:\fxlrxxf.exe145⤵
-
\??\c:\fxlrffl.exec:\fxlrffl.exe146⤵
-
\??\c:\tbhttn.exec:\tbhttn.exe147⤵
-
\??\c:\vvddd.exec:\vvddd.exe148⤵
-
\??\c:\3dvvp.exec:\3dvvp.exe149⤵
-
\??\c:\llflrrl.exec:\llflrrl.exe150⤵
-
\??\c:\lffllfr.exec:\lffllfr.exe151⤵
-
\??\c:\bbtnht.exec:\bbtnht.exe152⤵
-
\??\c:\btbhnh.exec:\btbhnh.exe153⤵
-
\??\c:\vdjdp.exec:\vdjdp.exe154⤵
-
\??\c:\3ffxflx.exec:\3ffxflx.exe155⤵
-
\??\c:\xfxlxlx.exec:\xfxlxlx.exe156⤵
-
\??\c:\hbntbb.exec:\hbntbb.exe157⤵
-
\??\c:\tnbhtb.exec:\tnbhtb.exe158⤵
-
\??\c:\3vdjv.exec:\3vdjv.exe159⤵
-
\??\c:\vjvdj.exec:\vjvdj.exe160⤵
-
\??\c:\lxxxfff.exec:\lxxxfff.exe161⤵
-
\??\c:\fxxrrlx.exec:\fxxrrlx.exe162⤵
-
\??\c:\tnttnn.exec:\tnttnn.exe163⤵
-
\??\c:\3tbtbb.exec:\3tbtbb.exe164⤵
-
\??\c:\jjpvv.exec:\jjpvv.exe165⤵
-
\??\c:\7pjdd.exec:\7pjdd.exe166⤵
-
\??\c:\lxflrxx.exec:\lxflrxx.exe167⤵
-
\??\c:\7xlxxxl.exec:\7xlxxxl.exe168⤵
-
\??\c:\bthnhb.exec:\bthnhb.exe169⤵
-
\??\c:\tnbhnt.exec:\tnbhnt.exe170⤵
-
\??\c:\httthh.exec:\httthh.exe171⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe172⤵
-
\??\c:\ffrxxff.exec:\ffrxxff.exe173⤵
-
\??\c:\xrffllr.exec:\xrffllr.exe174⤵
-
\??\c:\3nhhnt.exec:\3nhhnt.exe175⤵
-
\??\c:\9tntbh.exec:\9tntbh.exe176⤵
-
\??\c:\ppjdj.exec:\ppjdj.exe177⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe178⤵
-
\??\c:\rrxxxxl.exec:\rrxxxxl.exe179⤵
-
\??\c:\nhnntb.exec:\nhnntb.exe180⤵
-
\??\c:\bnthhh.exec:\bnthhh.exe181⤵
-
\??\c:\jjdpd.exec:\jjdpd.exe182⤵
-
\??\c:\dpdjp.exec:\dpdjp.exe183⤵
-
\??\c:\fxfxflf.exec:\fxfxflf.exe184⤵
-
\??\c:\xlxrxrx.exec:\xlxrxrx.exe185⤵
-
\??\c:\hhtbbb.exec:\hhtbbb.exe186⤵
-
\??\c:\tnbnhn.exec:\tnbnhn.exe187⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe188⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe189⤵
-
\??\c:\7fflfrr.exec:\7fflfrr.exe190⤵
-
\??\c:\rlfrxxf.exec:\rlfrxxf.exe191⤵
-
\??\c:\5httbt.exec:\5httbt.exe192⤵
-
\??\c:\nhbthn.exec:\nhbthn.exe193⤵
-
\??\c:\dpvvj.exec:\dpvvj.exe194⤵
-
\??\c:\7jvpj.exec:\7jvpj.exe195⤵
-
\??\c:\xrlflfl.exec:\xrlflfl.exe196⤵
-
\??\c:\rlxfllx.exec:\rlxfllx.exe197⤵
-
\??\c:\tnhhnn.exec:\tnhhnn.exe198⤵
-
\??\c:\3vvdv.exec:\3vvdv.exe199⤵
-
\??\c:\xxxlflf.exec:\xxxlflf.exe200⤵
-
\??\c:\fflrxfr.exec:\fflrxfr.exe201⤵
-
\??\c:\7tnnnt.exec:\7tnnnt.exe202⤵
-
\??\c:\3tbbnn.exec:\3tbbnn.exe203⤵
-
\??\c:\vpjjj.exec:\vpjjj.exe204⤵
-
\??\c:\5vppd.exec:\5vppd.exe205⤵
-
\??\c:\ffxlxlx.exec:\ffxlxlx.exe206⤵
-
\??\c:\9fxlxlx.exec:\9fxlxlx.exe207⤵
-
\??\c:\bthnnt.exec:\bthnnt.exe208⤵
-
\??\c:\9bthhh.exec:\9bthhh.exe209⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe210⤵
-
\??\c:\tnhnbh.exec:\tnhnbh.exe211⤵
-
\??\c:\tththt.exec:\tththt.exe212⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe213⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe214⤵
-
\??\c:\3llrxlf.exec:\3llrxlf.exe215⤵
-
\??\c:\lxrflxl.exec:\lxrflxl.exe216⤵
-
\??\c:\tnbhtt.exec:\tnbhtt.exe217⤵
-
\??\c:\7tnnnt.exec:\7tnnnt.exe218⤵
-
\??\c:\hhbttb.exec:\hhbttb.exe219⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe220⤵
-
\??\c:\frfxfxx.exec:\frfxfxx.exe221⤵
-
\??\c:\lfrlllr.exec:\lfrlllr.exe222⤵
-
\??\c:\7tnbhn.exec:\7tnbhn.exe223⤵
-
\??\c:\hbhbhh.exec:\hbhbhh.exe224⤵
-
\??\c:\1tbbbh.exec:\1tbbbh.exe225⤵
-
\??\c:\ddvdd.exec:\ddvdd.exe226⤵
-
\??\c:\ddvvp.exec:\ddvvp.exe227⤵
-
\??\c:\rllxfrr.exec:\rllxfrr.exe228⤵
-
\??\c:\fllxrxf.exec:\fllxrxf.exe229⤵
-
\??\c:\bbtnhn.exec:\bbtnhn.exe230⤵
-
\??\c:\tnhnnt.exec:\tnhnnt.exe231⤵
-
\??\c:\vdpdv.exec:\vdpdv.exe232⤵
-
\??\c:\dvpdj.exec:\dvpdj.exe233⤵
-
\??\c:\lffflrx.exec:\lffflrx.exe234⤵
-
\??\c:\1xfxxlx.exec:\1xfxxlx.exe235⤵
-
\??\c:\5hbbhn.exec:\5hbbhn.exe236⤵
-
\??\c:\hhntnb.exec:\hhntnb.exe237⤵
-
\??\c:\djppv.exec:\djppv.exe238⤵
-
\??\c:\ppjvd.exec:\ppjvd.exe239⤵
-
\??\c:\rlflrxf.exec:\rlflrxf.exe240⤵