Analysis
-
max time kernel
150s -
max time network
111s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
24-05-2024 04:07
General
-
Target
db422738d1b517bcb4fc386f29c67dc4e937fb7700d18c29e0ce327669222fef.exe
-
Size
95KB
-
MD5
bbab3adcd6ac40959876a4e811a36444
-
SHA1
bfd24f1ac2e345c34e223cf39a999c898d5ad758
-
SHA256
db422738d1b517bcb4fc386f29c67dc4e937fb7700d18c29e0ce327669222fef
-
SHA512
f44240ce6aa5cfbbf50c31a03d242cf8a1a0ff1f2b006b2870542c4c0b66580d470c90537f7a2acb9dd2fd7b8b7447d5703334a4d6e4e5ea541e80b98e2ebdfa
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIkpi+qP1hvZo66Ox4oq2SQwfTQ0:ymb3NkkiQ3mdBjFIj+qNhvZuHQY00
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
UPX dump on OEP (original entry point) 35 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 35 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\db422738d1b517bcb4fc386f29c67dc4e937fb7700d18c29e0ce327669222fef.exe"C:\Users\Admin\AppData\Local\Temp\db422738d1b517bcb4fc386f29c67dc4e937fb7700d18c29e0ce327669222fef.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrlff.exec:\ffrrlff.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhtbtn.exec:\bhtbtn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjjp.exec:\ddjjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7htnht.exec:\7htnht.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvpp.exec:\ddvpp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1djdv.exec:\1djdv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbbbb.exec:\tbbbbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppjj.exec:\jppjj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxrll.exec:\lffxrll.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdddv.exec:\vdddv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdd.exec:\jdjdd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrfxff.exec:\xxrfxff.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntthhh.exec:\ntthhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lrlllf.exec:\1lrlllf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllxxfr.exec:\rllxxfr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbbhb.exec:\bbbbhb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjjd.exec:\jpjjd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfrfff.exec:\rxfrfff.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xxrlff.exec:\9xxrlff.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbtn.exec:\tnhbtn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdddv.exec:\vdddv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdjp.exec:\ppdjp.exe23⤵
- Executes dropped EXE
-
\??\c:\thhbtn.exec:\thhbtn.exe24⤵
- Executes dropped EXE
-
\??\c:\djvpv.exec:\djvpv.exe25⤵
- Executes dropped EXE
-
\??\c:\5jpjd.exec:\5jpjd.exe26⤵
- Executes dropped EXE
-
\??\c:\hbbtnt.exec:\hbbtnt.exe27⤵
- Executes dropped EXE
-
\??\c:\vjjpj.exec:\vjjpj.exe28⤵
- Executes dropped EXE
-
\??\c:\vpdvp.exec:\vpdvp.exe29⤵
- Executes dropped EXE
-
\??\c:\rxffrrr.exec:\rxffrrr.exe30⤵
- Executes dropped EXE
-
\??\c:\nhbbtt.exec:\nhbbtt.exe31⤵
- Executes dropped EXE
-
\??\c:\pjpjj.exec:\pjpjj.exe32⤵
- Executes dropped EXE
-
\??\c:\jpvdv.exec:\jpvdv.exe33⤵
- Executes dropped EXE
-
\??\c:\lfrfxll.exec:\lfrfxll.exe34⤵
- Executes dropped EXE
-
\??\c:\hbbttn.exec:\hbbttn.exe35⤵
- Executes dropped EXE
-
\??\c:\ppvdv.exec:\ppvdv.exe36⤵
- Executes dropped EXE
-
\??\c:\vvddd.exec:\vvddd.exe37⤵
- Executes dropped EXE
-
\??\c:\frlfxxl.exec:\frlfxxl.exe38⤵
- Executes dropped EXE
-
\??\c:\btbbbt.exec:\btbbbt.exe39⤵
- Executes dropped EXE
-
\??\c:\dvdvd.exec:\dvdvd.exe40⤵
- Executes dropped EXE
-
\??\c:\vvpjj.exec:\vvpjj.exe41⤵
- Executes dropped EXE
-
\??\c:\rfxlrrl.exec:\rfxlrrl.exe42⤵
- Executes dropped EXE
-
\??\c:\hhbbtt.exec:\hhbbtt.exe43⤵
- Executes dropped EXE
-
\??\c:\hbhbtt.exec:\hbhbtt.exe44⤵
- Executes dropped EXE
-
\??\c:\vjvpd.exec:\vjvpd.exe45⤵
- Executes dropped EXE
-
\??\c:\xrrxlrl.exec:\xrrxlrl.exe46⤵
- Executes dropped EXE
-
\??\c:\rfrrlfx.exec:\rfrrlfx.exe47⤵
- Executes dropped EXE
-
\??\c:\djpjd.exec:\djpjd.exe48⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe49⤵
- Executes dropped EXE
-
\??\c:\fxxxrrr.exec:\fxxxrrr.exe50⤵
- Executes dropped EXE
-
\??\c:\7bhhbh.exec:\7bhhbh.exe51⤵
- Executes dropped EXE
-
\??\c:\7htnbb.exec:\7htnbb.exe52⤵
- Executes dropped EXE
-
\??\c:\vpvvp.exec:\vpvvp.exe53⤵
- Executes dropped EXE
-
\??\c:\vjpjj.exec:\vjpjj.exe54⤵
- Executes dropped EXE
-
\??\c:\rrfflll.exec:\rrfflll.exe55⤵
- Executes dropped EXE
-
\??\c:\3xlrllr.exec:\3xlrllr.exe56⤵
- Executes dropped EXE
-
\??\c:\bthhtb.exec:\bthhtb.exe57⤵
- Executes dropped EXE
-
\??\c:\3bnhtt.exec:\3bnhtt.exe58⤵
- Executes dropped EXE
-
\??\c:\vdddd.exec:\vdddd.exe59⤵
- Executes dropped EXE
-
\??\c:\jpvpj.exec:\jpvpj.exe60⤵
- Executes dropped EXE
-
\??\c:\frxfxxx.exec:\frxfxxx.exe61⤵
- Executes dropped EXE
-
\??\c:\ffxrrrl.exec:\ffxrrrl.exe62⤵
- Executes dropped EXE
-
\??\c:\ntnnhb.exec:\ntnnhb.exe63⤵
- Executes dropped EXE
-
\??\c:\vjdvv.exec:\vjdvv.exe64⤵
- Executes dropped EXE
-
\??\c:\fxrxflx.exec:\fxrxflx.exe65⤵
- Executes dropped EXE
-
\??\c:\tthbhn.exec:\tthbhn.exe66⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe67⤵
-
\??\c:\rrrlllf.exec:\rrrlllf.exe68⤵
-
\??\c:\rlflxrx.exec:\rlflxrx.exe69⤵
-
\??\c:\nntbhb.exec:\nntbhb.exe70⤵
-
\??\c:\7hbbnn.exec:\7hbbnn.exe71⤵
-
\??\c:\ppjvp.exec:\ppjvp.exe72⤵
-
\??\c:\rlxrffl.exec:\rlxrffl.exe73⤵
-
\??\c:\ffxxrll.exec:\ffxxrll.exe74⤵
-
\??\c:\1hnhbb.exec:\1hnhbb.exe75⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe76⤵
-
\??\c:\jddpv.exec:\jddpv.exe77⤵
-
\??\c:\lfffffx.exec:\lfffffx.exe78⤵
-
\??\c:\nthhtt.exec:\nthhtt.exe79⤵
-
\??\c:\bhnbth.exec:\bhnbth.exe80⤵
-
\??\c:\pddpd.exec:\pddpd.exe81⤵
-
\??\c:\vdpjj.exec:\vdpjj.exe82⤵
-
\??\c:\rllfxrr.exec:\rllfxrr.exe83⤵
-
\??\c:\tbbbtt.exec:\tbbbtt.exe84⤵
-
\??\c:\hbhtnt.exec:\hbhtnt.exe85⤵
-
\??\c:\3jpjp.exec:\3jpjp.exe86⤵
-
\??\c:\frfxrrx.exec:\frfxrrx.exe87⤵
-
\??\c:\rfllfff.exec:\rfllfff.exe88⤵
-
\??\c:\frrlfxr.exec:\frrlfxr.exe89⤵
-
\??\c:\nbnnnn.exec:\nbnnnn.exe90⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe91⤵
-
\??\c:\djdpd.exec:\djdpd.exe92⤵
-
\??\c:\flxrlll.exec:\flxrlll.exe93⤵
-
\??\c:\9rrxxxx.exec:\9rrxxxx.exe94⤵
-
\??\c:\bbnntt.exec:\bbnntt.exe95⤵
-
\??\c:\bttnnh.exec:\bttnnh.exe96⤵
-
\??\c:\vpjvv.exec:\vpjvv.exe97⤵
-
\??\c:\vvjdv.exec:\vvjdv.exe98⤵
-
\??\c:\7lxrxxr.exec:\7lxrxxr.exe99⤵
-
\??\c:\7xfffxl.exec:\7xfffxl.exe100⤵
-
\??\c:\5hthht.exec:\5hthht.exe101⤵
-
\??\c:\thnhbn.exec:\thnhbn.exe102⤵
-
\??\c:\djppj.exec:\djppj.exe103⤵
-
\??\c:\7dvdp.exec:\7dvdp.exe104⤵
-
\??\c:\rlflfrx.exec:\rlflfrx.exe105⤵
-
\??\c:\fxrlfll.exec:\fxrlfll.exe106⤵
-
\??\c:\ffxrrlf.exec:\ffxrrlf.exe107⤵
-
\??\c:\nhnhbt.exec:\nhnhbt.exe108⤵
-
\??\c:\xxflfrx.exec:\xxflfrx.exe109⤵
-
\??\c:\ttttnn.exec:\ttttnn.exe110⤵
-
\??\c:\nhtnhh.exec:\nhtnhh.exe111⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe112⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe113⤵
-
\??\c:\fflffff.exec:\fflffff.exe114⤵
-
\??\c:\nhbtnn.exec:\nhbtnn.exe115⤵
-
\??\c:\hhhbbt.exec:\hhhbbt.exe116⤵
-
\??\c:\nhnhtt.exec:\nhnhtt.exe117⤵
-
\??\c:\vvddd.exec:\vvddd.exe118⤵
-
\??\c:\vjpvv.exec:\vjpvv.exe119⤵
-
\??\c:\ffffxxl.exec:\ffffxxl.exe120⤵
-
\??\c:\xxxfxxf.exec:\xxxfxxf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-