Analysis
-
max time kernel
150s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
24-05-2024 18:25
General
-
Target
07ab195ff076b895801f25c4f374ce266a1eeb06247fd3cab1ac0c6e97295e84.exe
-
Size
90KB
-
MD5
7a7bab780976bc9bbde8ab06c9e439d7
-
SHA1
a7bbf3acf43c378ca65b131f13bf710e14252928
-
SHA256
07ab195ff076b895801f25c4f374ce266a1eeb06247fd3cab1ac0c6e97295e84
-
SHA512
922e81aa31c84a28d6bed8f3874c7999cd06bbe518e3ba6b98f019d0657025aea534ca3fc757f82b0f92c994253b3d171f0878938f515e977eb164c56f2262b6
-
SSDEEP
1536:cvQBeOGtrYS3srx93UBWfwC6Ggnouy8mVeygryFU2li0gx4EBbhnyLFW+Y5:chOmTsF93UYfwC6GIoutieyhC2lbgGi/
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
UPX dump on OEP (original entry point) 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\07ab195ff076b895801f25c4f374ce266a1eeb06247fd3cab1ac0c6e97295e84.exe"C:\Users\Admin\AppData\Local\Temp\07ab195ff076b895801f25c4f374ce266a1eeb06247fd3cab1ac0c6e97295e84.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5thhhh.exec:\5thhhh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdv.exec:\vpjdv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjdv.exec:\djjdv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xxrlll.exec:\7xxrlll.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llffllx.exec:\llffllx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nbbtb.exec:\5nbbtb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dddd.exec:\9dddd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frffflf.exec:\frffflf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxxxxx.exec:\xfxxxxx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnttnh.exec:\tnttnh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpppp.exec:\vpppp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrrrr.exec:\fxxrrrr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nbbtt.exec:\3nbbtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntbht.exec:\nntbht.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpppj.exec:\vpppj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrfrll.exec:\fxrfrll.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbtn.exec:\nbhbtn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hhbnh.exec:\5hhbnh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjpj.exec:\pdjpj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rxrffl.exec:\9rxrffl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttntn.exec:\tttntn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjvj.exec:\vdjvj.exe23⤵
- Executes dropped EXE
-
\??\c:\pvddd.exec:\pvddd.exe24⤵
- Executes dropped EXE
-
\??\c:\xlrrfff.exec:\xlrrfff.exe25⤵
- Executes dropped EXE
-
\??\c:\9ttnbh.exec:\9ttnbh.exe26⤵
- Executes dropped EXE
-
\??\c:\jpppp.exec:\jpppp.exe27⤵
- Executes dropped EXE
-
\??\c:\ppdvv.exec:\ppdvv.exe28⤵
- Executes dropped EXE
-
\??\c:\xxrxrrl.exec:\xxrxrrl.exe29⤵
- Executes dropped EXE
-
\??\c:\fxlfxxr.exec:\fxlfxxr.exe30⤵
- Executes dropped EXE
-
\??\c:\tbbbbt.exec:\tbbbbt.exe31⤵
- Executes dropped EXE
-
\??\c:\pjdpv.exec:\pjdpv.exe32⤵
- Executes dropped EXE
-
\??\c:\rlrlxxx.exec:\rlrlxxx.exe33⤵
- Executes dropped EXE
-
\??\c:\hbhntt.exec:\hbhntt.exe34⤵
- Executes dropped EXE
-
\??\c:\hnnnnn.exec:\hnnnnn.exe35⤵
- Executes dropped EXE
-
\??\c:\7jvvv.exec:\7jvvv.exe36⤵
- Executes dropped EXE
-
\??\c:\djjdv.exec:\djjdv.exe37⤵
- Executes dropped EXE
-
\??\c:\9fffxxr.exec:\9fffxxr.exe38⤵
- Executes dropped EXE
-
\??\c:\frrrrrl.exec:\frrrrrl.exe39⤵
- Executes dropped EXE
-
\??\c:\vpdvv.exec:\vpdvv.exe40⤵
- Executes dropped EXE
-
\??\c:\dvpvp.exec:\dvpvp.exe41⤵
- Executes dropped EXE
-
\??\c:\lxfxrxx.exec:\lxfxrxx.exe42⤵
- Executes dropped EXE
-
\??\c:\xrxxrxx.exec:\xrxxrxx.exe43⤵
- Executes dropped EXE
-
\??\c:\bttttn.exec:\bttttn.exe44⤵
- Executes dropped EXE
-
\??\c:\btnnnb.exec:\btnnnb.exe45⤵
- Executes dropped EXE
-
\??\c:\vpjdd.exec:\vpjdd.exe46⤵
- Executes dropped EXE
-
\??\c:\pvvvp.exec:\pvvvp.exe47⤵
- Executes dropped EXE
-
\??\c:\lxxxrrr.exec:\lxxxrrr.exe48⤵
- Executes dropped EXE
-
\??\c:\lxrlfxf.exec:\lxrlfxf.exe49⤵
- Executes dropped EXE
-
\??\c:\nhbbht.exec:\nhbbht.exe50⤵
- Executes dropped EXE
-
\??\c:\jdjpj.exec:\jdjpj.exe51⤵
- Executes dropped EXE
-
\??\c:\xxrrffx.exec:\xxrrffx.exe52⤵
- Executes dropped EXE
-
\??\c:\3llrllr.exec:\3llrllr.exe53⤵
- Executes dropped EXE
-
\??\c:\nbnhbb.exec:\nbnhbb.exe54⤵
- Executes dropped EXE
-
\??\c:\7tbhbb.exec:\7tbhbb.exe55⤵
- Executes dropped EXE
-
\??\c:\jvvpj.exec:\jvvpj.exe56⤵
- Executes dropped EXE
-
\??\c:\dvvjd.exec:\dvvjd.exe57⤵
- Executes dropped EXE
-
\??\c:\xfrlrrx.exec:\xfrlrrx.exe58⤵
- Executes dropped EXE
-
\??\c:\nhbbbt.exec:\nhbbbt.exe59⤵
- Executes dropped EXE
-
\??\c:\nnhbnn.exec:\nnhbnn.exe60⤵
- Executes dropped EXE
-
\??\c:\vpvvv.exec:\vpvvv.exe61⤵
- Executes dropped EXE
-
\??\c:\ppvjj.exec:\ppvjj.exe62⤵
- Executes dropped EXE
-
\??\c:\rfflxrl.exec:\rfflxrl.exe63⤵
- Executes dropped EXE
-
\??\c:\9tnhhn.exec:\9tnhhn.exe64⤵
- Executes dropped EXE
-
\??\c:\9bhbbb.exec:\9bhbbb.exe65⤵
- Executes dropped EXE
-
\??\c:\tnbthb.exec:\tnbthb.exe66⤵
-
\??\c:\3dpjj.exec:\3dpjj.exe67⤵
-
\??\c:\fxxrxrx.exec:\fxxrxrx.exe68⤵
-
\??\c:\rxfxxrl.exec:\rxfxxrl.exe69⤵
-
\??\c:\xlrfrlf.exec:\xlrfrlf.exe70⤵
-
\??\c:\nnnbhh.exec:\nnnbhh.exe71⤵
-
\??\c:\3bhtnn.exec:\3bhtnn.exe72⤵
-
\??\c:\jvjdd.exec:\jvjdd.exe73⤵
-
\??\c:\djpjd.exec:\djpjd.exe74⤵
-
\??\c:\7rxrxxr.exec:\7rxrxxr.exe75⤵
-
\??\c:\rxfxrrr.exec:\rxfxrrr.exe76⤵
-
\??\c:\9nthbb.exec:\9nthbb.exe77⤵
-
\??\c:\hbttnn.exec:\hbttnn.exe78⤵
-
\??\c:\1dddp.exec:\1dddp.exe79⤵
-
\??\c:\pddjv.exec:\pddjv.exe80⤵
-
\??\c:\fxfrlfx.exec:\fxfrlfx.exe81⤵
-
\??\c:\rlrxfxf.exec:\rlrxfxf.exe82⤵
-
\??\c:\nbhhhh.exec:\nbhhhh.exe83⤵
-
\??\c:\hnbbtn.exec:\hnbbtn.exe84⤵
-
\??\c:\3dvpd.exec:\3dvpd.exe85⤵
-
\??\c:\dpdjj.exec:\dpdjj.exe86⤵
-
\??\c:\flrlxrl.exec:\flrlxrl.exe87⤵
-
\??\c:\9lrlrrl.exec:\9lrlrrl.exe88⤵
-
\??\c:\3xxxrrr.exec:\3xxxrrr.exe89⤵
-
\??\c:\nhtttt.exec:\nhtttt.exe90⤵
-
\??\c:\jdjvd.exec:\jdjvd.exe91⤵
-
\??\c:\dpjvj.exec:\dpjvj.exe92⤵
-
\??\c:\rlfrfrr.exec:\rlfrfrr.exe93⤵
-
\??\c:\xxlxlfr.exec:\xxlxlfr.exe94⤵
-
\??\c:\bbhbtt.exec:\bbhbtt.exe95⤵
-
\??\c:\ppvpj.exec:\ppvpj.exe96⤵
-
\??\c:\3jdvp.exec:\3jdvp.exe97⤵
-
\??\c:\rlrfffx.exec:\rlrfffx.exe98⤵
-
\??\c:\btntbh.exec:\btntbh.exe99⤵
-
\??\c:\hnbnnh.exec:\hnbnnh.exe100⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe101⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe102⤵
-
\??\c:\9llfrrl.exec:\9llfrrl.exe103⤵
-
\??\c:\rrxrlll.exec:\rrxrlll.exe104⤵
-
\??\c:\nhhhbb.exec:\nhhhbb.exe105⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe106⤵
-
\??\c:\vdjdp.exec:\vdjdp.exe107⤵
-
\??\c:\rllxrrr.exec:\rllxrrr.exe108⤵
-
\??\c:\xrxxrlf.exec:\xrxxrlf.exe109⤵
-
\??\c:\nnttbh.exec:\nnttbh.exe110⤵
-
\??\c:\1hbttn.exec:\1hbttn.exe111⤵
-
\??\c:\pdvpj.exec:\pdvpj.exe112⤵
-
\??\c:\fffxlff.exec:\fffxlff.exe113⤵
-
\??\c:\1fxfrrf.exec:\1fxfrrf.exe114⤵
-
\??\c:\bttbnb.exec:\bttbnb.exe115⤵
-
\??\c:\vvvvj.exec:\vvvvj.exe116⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe117⤵
-
\??\c:\vdjjd.exec:\vdjjd.exe118⤵
-
\??\c:\rllxllf.exec:\rllxllf.exe119⤵
-
\??\c:\bthbbb.exec:\bthbbb.exe120⤵
-
\??\c:\ntbtnn.exec:\ntbtnn.exe121⤵
-
\??\c:\9bhbnn.exec:\9bhbnn.exe122⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe123⤵
-
\??\c:\5jpjj.exec:\5jpjj.exe124⤵
-
\??\c:\rrlfxxl.exec:\rrlfxxl.exe125⤵
-
\??\c:\fffxrrl.exec:\fffxrrl.exe126⤵
-
\??\c:\9nnnhh.exec:\9nnnhh.exe127⤵
-
\??\c:\nhtntt.exec:\nhtntt.exe128⤵
-
\??\c:\djjjj.exec:\djjjj.exe129⤵
-
\??\c:\pvvjj.exec:\pvvjj.exe130⤵
-
\??\c:\5lrllrr.exec:\5lrllrr.exe131⤵
-
\??\c:\llffxfx.exec:\llffxfx.exe132⤵
-
\??\c:\7nnhbb.exec:\7nnhbb.exe133⤵
-
\??\c:\nnnntt.exec:\nnnntt.exe134⤵
-
\??\c:\nbttbh.exec:\nbttbh.exe135⤵
-
\??\c:\dppvp.exec:\dppvp.exe136⤵
-
\??\c:\vjppj.exec:\vjppj.exe137⤵
-
\??\c:\rrxxffl.exec:\rrxxffl.exe138⤵
-
\??\c:\xrflllf.exec:\xrflllf.exe139⤵
-
\??\c:\1flfxxf.exec:\1flfxxf.exe140⤵
-
\??\c:\hnnnhh.exec:\hnnnhh.exe141⤵
-
\??\c:\nhhbnn.exec:\nhhbnn.exe142⤵
-
\??\c:\jddjd.exec:\jddjd.exe143⤵
-
\??\c:\djpdv.exec:\djpdv.exe144⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe145⤵
-
\??\c:\ffxrfff.exec:\ffxrfff.exe146⤵
-
\??\c:\bbbbbb.exec:\bbbbbb.exe147⤵
-
\??\c:\bhhbht.exec:\bhhbht.exe148⤵
-
\??\c:\9pdpj.exec:\9pdpj.exe149⤵
-
\??\c:\ddppv.exec:\ddppv.exe150⤵
-
\??\c:\9fffrrr.exec:\9fffrrr.exe151⤵
-
\??\c:\1rfxxrl.exec:\1rfxxrl.exe152⤵
-
\??\c:\tnbhhn.exec:\tnbhhn.exe153⤵
-
\??\c:\btttnn.exec:\btttnn.exe154⤵
-
\??\c:\pvdpp.exec:\pvdpp.exe155⤵
-
\??\c:\xfllfff.exec:\xfllfff.exe156⤵
-
\??\c:\7fxllrr.exec:\7fxllrr.exe157⤵
-
\??\c:\3tbbbb.exec:\3tbbbb.exe158⤵
-
\??\c:\bnnhbb.exec:\bnnhbb.exe159⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe160⤵
-
\??\c:\5pjdd.exec:\5pjdd.exe161⤵
-
\??\c:\rlllxxr.exec:\rlllxxr.exe162⤵
-
\??\c:\3xrxrlf.exec:\3xrxrlf.exe163⤵
-
\??\c:\ntbhhn.exec:\ntbhhn.exe164⤵
-
\??\c:\nnnhhb.exec:\nnnhhb.exe165⤵
-
\??\c:\djdvv.exec:\djdvv.exe166⤵
-
\??\c:\ppdvp.exec:\ppdvp.exe167⤵
-
\??\c:\1dpjj.exec:\1dpjj.exe168⤵
-
\??\c:\xrlffff.exec:\xrlffff.exe169⤵
-
\??\c:\fllrxfl.exec:\fllrxfl.exe170⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe171⤵
-
\??\c:\5nttnt.exec:\5nttnt.exe172⤵
-
\??\c:\3vdjj.exec:\3vdjj.exe173⤵
-
\??\c:\3ddvp.exec:\3ddvp.exe174⤵
-
\??\c:\rllfxxr.exec:\rllfxxr.exe175⤵
-
\??\c:\frrlfff.exec:\frrlfff.exe176⤵
-
\??\c:\tttttn.exec:\tttttn.exe177⤵
-
\??\c:\tbnhnn.exec:\tbnhnn.exe178⤵
-
\??\c:\3ddjd.exec:\3ddjd.exe179⤵
-
\??\c:\5xfllll.exec:\5xfllll.exe180⤵
-
\??\c:\rxffxff.exec:\rxffxff.exe181⤵
-
\??\c:\9btttt.exec:\9btttt.exe182⤵
-
\??\c:\bnnttb.exec:\bnnttb.exe183⤵
-
\??\c:\vdddj.exec:\vdddj.exe184⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe185⤵
-
\??\c:\xrfxrlf.exec:\xrfxrlf.exe186⤵
-
\??\c:\9ffffff.exec:\9ffffff.exe187⤵
-
\??\c:\3bhhhh.exec:\3bhhhh.exe188⤵
-
\??\c:\tnhbbt.exec:\tnhbbt.exe189⤵
-
\??\c:\7jpjj.exec:\7jpjj.exe190⤵
-
\??\c:\jpdvj.exec:\jpdvj.exe191⤵
-
\??\c:\xffxrxr.exec:\xffxrxr.exe192⤵
-
\??\c:\ttbhbb.exec:\ttbhbb.exe193⤵
-
\??\c:\7pvdp.exec:\7pvdp.exe194⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe195⤵
-
\??\c:\5flllfl.exec:\5flllfl.exe196⤵
-
\??\c:\nbhbbb.exec:\nbhbbb.exe197⤵
-
\??\c:\bnttnn.exec:\bnttnn.exe198⤵
-
\??\c:\xrllfll.exec:\xrllfll.exe199⤵
-
\??\c:\ntbnbb.exec:\ntbnbb.exe200⤵
-
\??\c:\hntbnt.exec:\hntbnt.exe201⤵
-
\??\c:\7ppjp.exec:\7ppjp.exe202⤵
-
\??\c:\1xxrllf.exec:\1xxrllf.exe203⤵
-
\??\c:\bbttnn.exec:\bbttnn.exe204⤵
-
\??\c:\3tbttt.exec:\3tbttt.exe205⤵
-
\??\c:\pvdjj.exec:\pvdjj.exe206⤵
-
\??\c:\xrrfxrl.exec:\xrrfxrl.exe207⤵
-
\??\c:\hbbbbb.exec:\hbbbbb.exe208⤵
-
\??\c:\bhnhbb.exec:\bhnhbb.exe209⤵
-
\??\c:\5pjjj.exec:\5pjjj.exe210⤵
-
\??\c:\lllfflf.exec:\lllfflf.exe211⤵
-
\??\c:\nbbttt.exec:\nbbttt.exe212⤵
-
\??\c:\bbhhnt.exec:\bbhhnt.exe213⤵
-
\??\c:\pppjv.exec:\pppjv.exe214⤵
-
\??\c:\ppjvp.exec:\ppjvp.exe215⤵
-
\??\c:\1lfxrrl.exec:\1lfxrrl.exe216⤵
-
\??\c:\tbbtth.exec:\tbbtth.exe217⤵
-
\??\c:\hbhhbb.exec:\hbhhbb.exe218⤵
-
\??\c:\1jpjj.exec:\1jpjj.exe219⤵
-
\??\c:\vppjv.exec:\vppjv.exe220⤵
-
\??\c:\3ffxrrr.exec:\3ffxrrr.exe221⤵
-
\??\c:\9thhhh.exec:\9thhhh.exe222⤵
-
\??\c:\1hhnbb.exec:\1hhnbb.exe223⤵
-
\??\c:\jvvdp.exec:\jvvdp.exe224⤵
-
\??\c:\ppppj.exec:\ppppj.exe225⤵
-
\??\c:\dvddv.exec:\dvddv.exe226⤵
-
\??\c:\xlfxxxf.exec:\xlfxxxf.exe227⤵
-
\??\c:\btnhnh.exec:\btnhnh.exe228⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe229⤵
-
\??\c:\1pdpd.exec:\1pdpd.exe230⤵
-
\??\c:\1xlxxrx.exec:\1xlxxrx.exe231⤵
-
\??\c:\xrrlxrr.exec:\xrrlxrr.exe232⤵
-
\??\c:\tbhhhb.exec:\tbhhhb.exe233⤵
-
\??\c:\tbbbbt.exec:\tbbbbt.exe234⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe235⤵
-
\??\c:\vdpdj.exec:\vdpdj.exe236⤵
-
\??\c:\lxlxxxr.exec:\lxlxxxr.exe237⤵
-
\??\c:\fffxxxx.exec:\fffxxxx.exe238⤵
-
\??\c:\hbbttn.exec:\hbbttn.exe239⤵
-
\??\c:\jjddp.exec:\jjddp.exe240⤵