Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
24-05-2024 04:42
General
-
Target
aa0c454113290f64a7faab811d8e27f98fd7d58b08d22e208c984aa1d6ce7ebb.exe
-
Size
483KB
-
MD5
29ab3c436993c7f0c3a55f9c4c729850
-
SHA1
77cbaeea5edab68d8dfba5a463df648a8c588181
-
SHA256
aa0c454113290f64a7faab811d8e27f98fd7d58b08d22e208c984aa1d6ce7ebb
-
SHA512
da80a146f729c9274b0186491f1b558518f75ab3d7912237b71c4b8708a45072ccaee46ee6099bdb2cce80401f4a6419ca9f08c930d9ca9266016d36a9e29df0
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwu1b26X1wjhtSizjZ:q7Tc2NYHUrAwqzcX
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 38 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 52 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\aa0c454113290f64a7faab811d8e27f98fd7d58b08d22e208c984aa1d6ce7ebb.exe"C:\Users\Admin\AppData\Local\Temp\aa0c454113290f64a7faab811d8e27f98fd7d58b08d22e208c984aa1d6ce7ebb.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhtb.exec:\tnhhtb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnbtb.exec:\ttnbtb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbttt.exec:\tnbttt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddjp.exec:\jddjp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbttnt.exec:\bbttnt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddvp.exec:\vddvp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lllrrl.exec:\1lllrrl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpvj.exec:\vvpvj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbttbh.exec:\nbttbh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvvd.exec:\vjvvd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbnbh.exec:\nhbnbh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddjp.exec:\dddjp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rllxlr.exec:\3rllxlr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtbnn.exec:\nbtbnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxxffr.exec:\xlxxffr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhnbh.exec:\hhhnbh.exe17⤵
- Executes dropped EXE
-
\??\c:\xlxxxfl.exec:\xlxxxfl.exe18⤵
- Executes dropped EXE
-
\??\c:\rlxflrx.exec:\rlxflrx.exe19⤵
- Executes dropped EXE
-
\??\c:\rfllxxf.exec:\rfllxxf.exe20⤵
- Executes dropped EXE
-
\??\c:\pjvjp.exec:\pjvjp.exe21⤵
- Executes dropped EXE
-
\??\c:\nbnthb.exec:\nbnthb.exe22⤵
- Executes dropped EXE
-
\??\c:\1nhbnn.exec:\1nhbnn.exe23⤵
- Executes dropped EXE
-
\??\c:\htnnhh.exec:\htnnhh.exe24⤵
- Executes dropped EXE
-
\??\c:\pvpvj.exec:\pvpvj.exe25⤵
- Executes dropped EXE
-
\??\c:\hhtbhn.exec:\hhtbhn.exe26⤵
- Executes dropped EXE
-
\??\c:\jdpjv.exec:\jdpjv.exe27⤵
- Executes dropped EXE
-
\??\c:\nnhhtn.exec:\nnhhtn.exe28⤵
- Executes dropped EXE
-
\??\c:\5dvvv.exec:\5dvvv.exe29⤵
- Executes dropped EXE
-
\??\c:\bbnntt.exec:\bbnntt.exe30⤵
- Executes dropped EXE
-
\??\c:\5vjdj.exec:\5vjdj.exe31⤵
- Executes dropped EXE
-
\??\c:\thbhnn.exec:\thbhnn.exe32⤵
- Executes dropped EXE
-
\??\c:\5pjdj.exec:\5pjdj.exe33⤵
- Executes dropped EXE
-
\??\c:\btntbb.exec:\btntbb.exe34⤵
- Executes dropped EXE
-
\??\c:\hbttnt.exec:\hbttnt.exe35⤵
- Executes dropped EXE
-
\??\c:\3dpvd.exec:\3dpvd.exe36⤵
- Executes dropped EXE
-
\??\c:\fflfllx.exec:\fflfllx.exe37⤵
- Executes dropped EXE
-
\??\c:\nnhntt.exec:\nnhntt.exe38⤵
- Executes dropped EXE
-
\??\c:\nhhhtn.exec:\nhhhtn.exe39⤵
- Executes dropped EXE
-
\??\c:\3vpjp.exec:\3vpjp.exe40⤵
- Executes dropped EXE
-
\??\c:\5lrrlrr.exec:\5lrrlrr.exe41⤵
- Executes dropped EXE
-
\??\c:\lrlrffr.exec:\lrlrffr.exe42⤵
- Executes dropped EXE
-
\??\c:\tnbtbt.exec:\tnbtbt.exe43⤵
- Executes dropped EXE
-
\??\c:\jjddp.exec:\jjddp.exe44⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe45⤵
- Executes dropped EXE
-
\??\c:\fxllrlx.exec:\fxllrlx.exe46⤵
- Executes dropped EXE
-
\??\c:\tnhbnn.exec:\tnhbnn.exe47⤵
- Executes dropped EXE
-
\??\c:\5vvdd.exec:\5vvdd.exe48⤵
- Executes dropped EXE
-
\??\c:\ddpjv.exec:\ddpjv.exe49⤵
- Executes dropped EXE
-
\??\c:\1lfrxfr.exec:\1lfrxfr.exe50⤵
- Executes dropped EXE
-
\??\c:\tnhnbh.exec:\tnhnbh.exe51⤵
- Executes dropped EXE
-
\??\c:\jdjpd.exec:\jdjpd.exe52⤵
- Executes dropped EXE
-
\??\c:\fxfllxf.exec:\fxfllxf.exe53⤵
- Executes dropped EXE
-
\??\c:\hbnhhh.exec:\hbnhhh.exe54⤵
- Executes dropped EXE
-
\??\c:\pdvdp.exec:\pdvdp.exe55⤵
- Executes dropped EXE
-
\??\c:\pdvvd.exec:\pdvvd.exe56⤵
- Executes dropped EXE
-
\??\c:\frrrfxr.exec:\frrrfxr.exe57⤵
- Executes dropped EXE
-
\??\c:\3ntnbb.exec:\3ntnbb.exe58⤵
- Executes dropped EXE
-
\??\c:\vjvpv.exec:\vjvpv.exe59⤵
- Executes dropped EXE
-
\??\c:\pdppp.exec:\pdppp.exe60⤵
- Executes dropped EXE
-
\??\c:\rrlrxff.exec:\rrlrxff.exe61⤵
- Executes dropped EXE
-
\??\c:\nhttbh.exec:\nhttbh.exe62⤵
- Executes dropped EXE
-
\??\c:\1pjpp.exec:\1pjpp.exe63⤵
- Executes dropped EXE
-
\??\c:\jdpvv.exec:\jdpvv.exe64⤵
- Executes dropped EXE
-
\??\c:\rfxxffl.exec:\rfxxffl.exe65⤵
- Executes dropped EXE
-
\??\c:\tnhthn.exec:\tnhthn.exe66⤵
-
\??\c:\3hnttt.exec:\3hnttt.exe67⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe68⤵
-
\??\c:\xlrrxxl.exec:\xlrrxxl.exe69⤵
-
\??\c:\htbbnn.exec:\htbbnn.exe70⤵
-
\??\c:\bnbtbb.exec:\bnbtbb.exe71⤵
-
\??\c:\ppjpv.exec:\ppjpv.exe72⤵
-
\??\c:\xrflxxf.exec:\xrflxxf.exe73⤵
-
\??\c:\ttnthh.exec:\ttnthh.exe74⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe75⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe76⤵
-
\??\c:\xlxxffl.exec:\xlxxffl.exe77⤵
-
\??\c:\hhnbth.exec:\hhnbth.exe78⤵
-
\??\c:\dvddj.exec:\dvddj.exe79⤵
-
\??\c:\7pjdj.exec:\7pjdj.exe80⤵
-
\??\c:\rrllrlr.exec:\rrllrlr.exe81⤵
-
\??\c:\tnhhbb.exec:\tnhhbb.exe82⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe83⤵
-
\??\c:\7vjjj.exec:\7vjjj.exe84⤵
-
\??\c:\xxrrxxx.exec:\xxrrxxx.exe85⤵
-
\??\c:\tnttbh.exec:\tnttbh.exe86⤵
-
\??\c:\tththh.exec:\tththh.exe87⤵
-
\??\c:\pdpvd.exec:\pdpvd.exe88⤵
-
\??\c:\rlfffxf.exec:\rlfffxf.exe89⤵
-
\??\c:\rlrxflr.exec:\rlrxflr.exe90⤵
-
\??\c:\3nbbbh.exec:\3nbbbh.exe91⤵
-
\??\c:\7vjpp.exec:\7vjpp.exe92⤵
-
\??\c:\1vdvv.exec:\1vdvv.exe93⤵
-
\??\c:\9xlffff.exec:\9xlffff.exe94⤵
-
\??\c:\tntttn.exec:\tntttn.exe95⤵
-
\??\c:\bnbbhn.exec:\bnbbhn.exe96⤵
-
\??\c:\dpdpv.exec:\dpdpv.exe97⤵
-
\??\c:\xrllrlr.exec:\xrllrlr.exe98⤵
-
\??\c:\xrflrrf.exec:\xrflrrf.exe99⤵
-
\??\c:\nhtbnn.exec:\nhtbnn.exe100⤵
-
\??\c:\vvdjp.exec:\vvdjp.exe101⤵
-
\??\c:\xlxrrrx.exec:\xlxrrrx.exe102⤵
-
\??\c:\xrlfllr.exec:\xrlfllr.exe103⤵
-
\??\c:\bnhthn.exec:\bnhthn.exe104⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe105⤵
-
\??\c:\5rlrrlx.exec:\5rlrrlx.exe106⤵
-
\??\c:\xfrrfxr.exec:\xfrrfxr.exe107⤵
-
\??\c:\1bnnnn.exec:\1bnnnn.exe108⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe109⤵
-
\??\c:\jvjdj.exec:\jvjdj.exe110⤵
-
\??\c:\xrfxfxf.exec:\xrfxfxf.exe111⤵
-
\??\c:\7htttt.exec:\7htttt.exe112⤵
-
\??\c:\bthntn.exec:\bthntn.exe113⤵
-
\??\c:\jdppd.exec:\jdppd.exe114⤵
-
\??\c:\1rfxffl.exec:\1rfxffl.exe115⤵
-
\??\c:\btnbhh.exec:\btnbhh.exe116⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe117⤵
-
\??\c:\xlflrxl.exec:\xlflrxl.exe118⤵
-
\??\c:\bntthh.exec:\bntthh.exe119⤵
-
\??\c:\hthhnn.exec:\hthhnn.exe120⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe121⤵
-
\??\c:\xrflrxf.exec:\xrflrxf.exe122⤵
-
\??\c:\hbnthh.exec:\hbnthh.exe123⤵
-
\??\c:\5bnttt.exec:\5bnttt.exe124⤵
-
\??\c:\dpjjj.exec:\dpjjj.exe125⤵
-
\??\c:\5pppv.exec:\5pppv.exe126⤵
-
\??\c:\rlxlllx.exec:\rlxlllx.exe127⤵
-
\??\c:\nnbbhn.exec:\nnbbhn.exe128⤵
-
\??\c:\3pdvv.exec:\3pdvv.exe129⤵
-
\??\c:\3dvvd.exec:\3dvvd.exe130⤵
-
\??\c:\frffrrx.exec:\frffrrx.exe131⤵
-
\??\c:\hthhnh.exec:\hthhnh.exe132⤵
-
\??\c:\nbtbnn.exec:\nbtbnn.exe133⤵
-
\??\c:\vjddp.exec:\vjddp.exe134⤵
-
\??\c:\3lrxxfl.exec:\3lrxxfl.exe135⤵
-
\??\c:\hbntbb.exec:\hbntbb.exe136⤵
-
\??\c:\nbnhtt.exec:\nbnhtt.exe137⤵
-
\??\c:\pdppv.exec:\pdppv.exe138⤵
-
\??\c:\ppjpv.exec:\ppjpv.exe139⤵
-
\??\c:\xxrrffr.exec:\xxrrffr.exe140⤵
-
\??\c:\9tbbhh.exec:\9tbbhh.exe141⤵
-
\??\c:\jdjdj.exec:\jdjdj.exe142⤵
-
\??\c:\vvpvp.exec:\vvpvp.exe143⤵
-
\??\c:\lfrrrrx.exec:\lfrrrrx.exe144⤵
-
\??\c:\nnhnbb.exec:\nnhnbb.exe145⤵
-
\??\c:\1pppv.exec:\1pppv.exe146⤵
-
\??\c:\pdvvj.exec:\pdvvj.exe147⤵
-
\??\c:\rlxfflx.exec:\rlxfflx.exe148⤵
-
\??\c:\nnnbhh.exec:\nnnbhh.exe149⤵
-
\??\c:\bnhhhh.exec:\bnhhhh.exe150⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe151⤵
-
\??\c:\xlrrrrr.exec:\xlrrrrr.exe152⤵
-
\??\c:\rlrrffl.exec:\rlrrffl.exe153⤵
-
\??\c:\3ntthh.exec:\3ntthh.exe154⤵
-
\??\c:\vpddp.exec:\vpddp.exe155⤵
-
\??\c:\jjddp.exec:\jjddp.exe156⤵
-
\??\c:\9xlrrxx.exec:\9xlrrxx.exe157⤵
-
\??\c:\1htbnn.exec:\1htbnn.exe158⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe159⤵
-
\??\c:\vvpdv.exec:\vvpdv.exe160⤵
-
\??\c:\frffllr.exec:\frffllr.exe161⤵
-
\??\c:\1nttnn.exec:\1nttnn.exe162⤵
-
\??\c:\9hhhtb.exec:\9hhhtb.exe163⤵
-
\??\c:\1dpvj.exec:\1dpvj.exe164⤵
-
\??\c:\rrrrxfl.exec:\rrrrxfl.exe165⤵
-
\??\c:\frffrxf.exec:\frffrxf.exe166⤵
-
\??\c:\hbnbhn.exec:\hbnbhn.exe167⤵
-
\??\c:\jjdjp.exec:\jjdjp.exe168⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe169⤵
-
\??\c:\lxlrxff.exec:\lxlrxff.exe170⤵
-
\??\c:\1bhhnn.exec:\1bhhnn.exe171⤵
-
\??\c:\thtntt.exec:\thtntt.exe172⤵
-
\??\c:\1vvvd.exec:\1vvvd.exe173⤵
-
\??\c:\5rrrrrx.exec:\5rrrrrx.exe174⤵
-
\??\c:\xlrlrrx.exec:\xlrlrrx.exe175⤵
-
\??\c:\nhttbh.exec:\nhttbh.exe176⤵
-
\??\c:\tnbhtb.exec:\tnbhtb.exe177⤵
-
\??\c:\dvpdj.exec:\dvpdj.exe178⤵
-
\??\c:\1xllfll.exec:\1xllfll.exe179⤵
-
\??\c:\5nbbbb.exec:\5nbbbb.exe180⤵
-
\??\c:\7nhhbb.exec:\7nhhbb.exe181⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe182⤵
-
\??\c:\5dpvd.exec:\5dpvd.exe183⤵
-
\??\c:\xlffllx.exec:\xlffllx.exe184⤵
-
\??\c:\tnhhnh.exec:\tnhhnh.exe185⤵
-
\??\c:\vvjpd.exec:\vvjpd.exe186⤵
-
\??\c:\jdvdv.exec:\jdvdv.exe187⤵
-
\??\c:\1rlfxxr.exec:\1rlfxxr.exe188⤵
-
\??\c:\nnhthh.exec:\nnhthh.exe189⤵
-
\??\c:\5bthhh.exec:\5bthhh.exe190⤵
-
\??\c:\pvddj.exec:\pvddj.exe191⤵
-
\??\c:\rlflxxr.exec:\rlflxxr.exe192⤵
-
\??\c:\htnttt.exec:\htnttt.exe193⤵
-
\??\c:\djdjd.exec:\djdjd.exe194⤵
-
\??\c:\pjdjj.exec:\pjdjj.exe195⤵
-
\??\c:\frffllr.exec:\frffllr.exe196⤵
-
\??\c:\nnbbnt.exec:\nnbbnt.exe197⤵
-
\??\c:\thtbhn.exec:\thtbhn.exe198⤵
-
\??\c:\dppdv.exec:\dppdv.exe199⤵
-
\??\c:\rfrlrrx.exec:\rfrlrrx.exe200⤵
-
\??\c:\7rlrxxl.exec:\7rlrxxl.exe201⤵
-
\??\c:\nbhbhb.exec:\nbhbhb.exe202⤵
-
\??\c:\htbbhn.exec:\htbbhn.exe203⤵
-
\??\c:\1vjdd.exec:\1vjdd.exe204⤵
-
\??\c:\xlflrrx.exec:\xlflrrx.exe205⤵
-
\??\c:\xrxfxrx.exec:\xrxfxrx.exe206⤵
-
\??\c:\hbhntt.exec:\hbhntt.exe207⤵
-
\??\c:\dvpvv.exec:\dvpvv.exe208⤵
-
\??\c:\vvpvp.exec:\vvpvp.exe209⤵
-
\??\c:\lxllflr.exec:\lxllflr.exe210⤵
-
\??\c:\3tbnnn.exec:\3tbnnn.exe211⤵
-
\??\c:\hbhbbb.exec:\hbhbbb.exe212⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe213⤵
-
\??\c:\rlffrxf.exec:\rlffrxf.exe214⤵
-
\??\c:\rrflxfl.exec:\rrflxfl.exe215⤵
-
\??\c:\3thbhh.exec:\3thbhh.exe216⤵
-
\??\c:\7dppp.exec:\7dppp.exe217⤵
-
\??\c:\dpddd.exec:\dpddd.exe218⤵
-
\??\c:\xrfflfr.exec:\xrfflfr.exe219⤵
-
\??\c:\nhnnnt.exec:\nhnnnt.exe220⤵
-
\??\c:\3thbbb.exec:\3thbbb.exe221⤵
-
\??\c:\dpvvd.exec:\dpvvd.exe222⤵
-
\??\c:\llffrrf.exec:\llffrrf.exe223⤵
-
\??\c:\rlrlrxf.exec:\rlrlrxf.exe224⤵
-
\??\c:\5htbnn.exec:\5htbnn.exe225⤵
-
\??\c:\ddppp.exec:\ddppp.exe226⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe227⤵
-
\??\c:\rlrlrlx.exec:\rlrlrlx.exe228⤵
-
\??\c:\bntbbh.exec:\bntbbh.exe229⤵
-
\??\c:\7tnhhh.exec:\7tnhhh.exe230⤵
-
\??\c:\7jvpp.exec:\7jvpp.exe231⤵
-
\??\c:\rfrrrrf.exec:\rfrrrrf.exe232⤵
-
\??\c:\xrxflrf.exec:\xrxflrf.exe233⤵
-
\??\c:\nhbhnn.exec:\nhbhnn.exe234⤵
-
\??\c:\vjddd.exec:\vjddd.exe235⤵
-
\??\c:\3pdvv.exec:\3pdvv.exe236⤵
-
\??\c:\rrfxfff.exec:\rrfxfff.exe237⤵
-
\??\c:\hbtbnt.exec:\hbtbnt.exe238⤵
-
\??\c:\dpdjj.exec:\dpdjj.exe239⤵
-
\??\c:\pdvjp.exec:\pdvjp.exe240⤵