Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
24-05-2024 18:20
General
-
Target
05f19cc5dcce6ed289265394c3f8dc4e5d66b6ba36731dc04afc109dcaf767a3.exe
-
Size
64KB
-
MD5
624b471207ec4f6addfe65ff7d245743
-
SHA1
5d8aebc2f6f7a7b5e70ae7c27da579da9b2e2437
-
SHA256
05f19cc5dcce6ed289265394c3f8dc4e5d66b6ba36731dc04afc109dcaf767a3
-
SHA512
e0d37162f42a34d38583a330d5cc4ced963d885702987992660bd210db17c25170ce5e25c584f85045bc15369ad812371c2349f6426d0dcfb11a9ce31b41ae20
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIhJm/wK:ymb3NkkiQ3mdBjFILmd
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
UPX dump on OEP (original entry point) 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\05f19cc5dcce6ed289265394c3f8dc4e5d66b6ba36731dc04afc109dcaf767a3.exe"C:\Users\Admin\AppData\Local\Temp\05f19cc5dcce6ed289265394c3f8dc4e5d66b6ba36731dc04afc109dcaf767a3.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5jppv.exec:\5jppv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdj.exec:\pjvdj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9llllrx.exec:\9llllrx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhtnt.exec:\tnhtnt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ppvd.exec:\1ppvd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfxxxf.exec:\frfxxxf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrllf.exec:\fxlrllf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbbb.exec:\hbhbbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vjpv.exec:\9vjpv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvv.exec:\dvdvv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxlflr.exec:\fxxlflr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnntb.exec:\htnntb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vjvd.exec:\9vjvd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jppv.exec:\9jppv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xxfllx.exec:\1xxfllx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxxflx.exec:\rxxxflx.exe17⤵
- Executes dropped EXE
-
\??\c:\nhbnth.exec:\nhbnth.exe18⤵
- Executes dropped EXE
-
\??\c:\dvdjp.exec:\dvdjp.exe19⤵
- Executes dropped EXE
-
\??\c:\dddjd.exec:\dddjd.exe20⤵
- Executes dropped EXE
-
\??\c:\llxfxxf.exec:\llxfxxf.exe21⤵
- Executes dropped EXE
-
\??\c:\bbtntb.exec:\bbtntb.exe22⤵
- Executes dropped EXE
-
\??\c:\hhtnnb.exec:\hhtnnb.exe23⤵
- Executes dropped EXE
-
\??\c:\vjjvp.exec:\vjjvp.exe24⤵
- Executes dropped EXE
-
\??\c:\ffflxfr.exec:\ffflxfr.exe25⤵
- Executes dropped EXE
-
\??\c:\xlrfrrf.exec:\xlrfrrf.exe26⤵
- Executes dropped EXE
-
\??\c:\thbhhh.exec:\thbhhh.exe27⤵
- Executes dropped EXE
-
\??\c:\tnbbhn.exec:\tnbbhn.exe28⤵
- Executes dropped EXE
-
\??\c:\3rllffx.exec:\3rllffx.exe29⤵
- Executes dropped EXE
-
\??\c:\7rfrffr.exec:\7rfrffr.exe30⤵
- Executes dropped EXE
-
\??\c:\3hthtt.exec:\3hthtt.exe31⤵
- Executes dropped EXE
-
\??\c:\dvjpv.exec:\dvjpv.exe32⤵
- Executes dropped EXE
-
\??\c:\rrxlflx.exec:\rrxlflx.exe33⤵
- Executes dropped EXE
-
\??\c:\bnhhtt.exec:\bnhhtt.exe34⤵
- Executes dropped EXE
-
\??\c:\nnnbtb.exec:\nnnbtb.exe35⤵
- Executes dropped EXE
-
\??\c:\3vpvd.exec:\3vpvd.exe36⤵
- Executes dropped EXE
-
\??\c:\xxrrfll.exec:\xxrrfll.exe37⤵
- Executes dropped EXE
-
\??\c:\frllxrf.exec:\frllxrf.exe38⤵
- Executes dropped EXE
-
\??\c:\5rrrfrf.exec:\5rrrfrf.exe39⤵
- Executes dropped EXE
-
\??\c:\5nhnhh.exec:\5nhnhh.exe40⤵
- Executes dropped EXE
-
\??\c:\vdjjj.exec:\vdjjj.exe41⤵
- Executes dropped EXE
-
\??\c:\3dpjp.exec:\3dpjp.exe42⤵
- Executes dropped EXE
-
\??\c:\rffxrfr.exec:\rffxrfr.exe43⤵
- Executes dropped EXE
-
\??\c:\7lxfrrr.exec:\7lxfrrr.exe44⤵
- Executes dropped EXE
-
\??\c:\5rlxlfr.exec:\5rlxlfr.exe45⤵
- Executes dropped EXE
-
\??\c:\nhtntt.exec:\nhtntt.exe46⤵
- Executes dropped EXE
-
\??\c:\bbntnn.exec:\bbntnn.exe47⤵
- Executes dropped EXE
-
\??\c:\pjvdv.exec:\pjvdv.exe48⤵
- Executes dropped EXE
-
\??\c:\jvpjp.exec:\jvpjp.exe49⤵
- Executes dropped EXE
-
\??\c:\lxrxxfx.exec:\lxrxxfx.exe50⤵
- Executes dropped EXE
-
\??\c:\xlxllff.exec:\xlxllff.exe51⤵
- Executes dropped EXE
-
\??\c:\nhtbnt.exec:\nhtbnt.exe52⤵
- Executes dropped EXE
-
\??\c:\tntbbn.exec:\tntbbn.exe53⤵
- Executes dropped EXE
-
\??\c:\9jjjd.exec:\9jjjd.exe54⤵
- Executes dropped EXE
-
\??\c:\ppjdv.exec:\ppjdv.exe55⤵
- Executes dropped EXE
-
\??\c:\rxlrfff.exec:\rxlrfff.exe56⤵
- Executes dropped EXE
-
\??\c:\fxflrxf.exec:\fxflrxf.exe57⤵
- Executes dropped EXE
-
\??\c:\3frfllx.exec:\3frfllx.exe58⤵
- Executes dropped EXE
-
\??\c:\5tthhh.exec:\5tthhh.exe59⤵
- Executes dropped EXE
-
\??\c:\nhbbbb.exec:\nhbbbb.exe60⤵
- Executes dropped EXE
-
\??\c:\pjvvj.exec:\pjvvj.exe61⤵
- Executes dropped EXE
-
\??\c:\xfllfxl.exec:\xfllfxl.exe62⤵
- Executes dropped EXE
-
\??\c:\1frxfxl.exec:\1frxfxl.exe63⤵
- Executes dropped EXE
-
\??\c:\ttbthh.exec:\ttbthh.exe64⤵
- Executes dropped EXE
-
\??\c:\dpppd.exec:\dpppd.exe65⤵
- Executes dropped EXE
-
\??\c:\jvpjj.exec:\jvpjj.exe66⤵
-
\??\c:\rlrrrxx.exec:\rlrrrxx.exe67⤵
-
\??\c:\rlrflll.exec:\rlrflll.exe68⤵
-
\??\c:\htbhhh.exec:\htbhhh.exe69⤵
-
\??\c:\nbbhhn.exec:\nbbhhn.exe70⤵
-
\??\c:\7vjjd.exec:\7vjjd.exe71⤵
-
\??\c:\pdjvv.exec:\pdjvv.exe72⤵
-
\??\c:\rffxlxx.exec:\rffxlxx.exe73⤵
-
\??\c:\bthnbb.exec:\bthnbb.exe74⤵
-
\??\c:\hbhnnn.exec:\hbhnnn.exe75⤵
-
\??\c:\pdjpv.exec:\pdjpv.exe76⤵
-
\??\c:\ppjdj.exec:\ppjdj.exe77⤵
-
\??\c:\fxllflx.exec:\fxllflx.exe78⤵
-
\??\c:\llffllf.exec:\llffllf.exe79⤵
-
\??\c:\thntbb.exec:\thntbb.exe80⤵
-
\??\c:\jpjpp.exec:\jpjpp.exe81⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe82⤵
-
\??\c:\rlrrrxf.exec:\rlrrrxf.exe83⤵
-
\??\c:\nbnntb.exec:\nbnntb.exe84⤵
-
\??\c:\5thhtb.exec:\5thhtb.exe85⤵
-
\??\c:\1ntbbb.exec:\1ntbbb.exe86⤵
-
\??\c:\5pppj.exec:\5pppj.exe87⤵
-
\??\c:\1lfflrx.exec:\1lfflrx.exe88⤵
-
\??\c:\3rllxlx.exec:\3rllxlx.exe89⤵
-
\??\c:\thhhnt.exec:\thhhnt.exe90⤵
-
\??\c:\tnthtb.exec:\tnthtb.exe91⤵
-
\??\c:\jdddp.exec:\jdddp.exe92⤵
-
\??\c:\vjdpv.exec:\vjdpv.exe93⤵
-
\??\c:\rlrrrrl.exec:\rlrrrrl.exe94⤵
-
\??\c:\7xlffxl.exec:\7xlffxl.exe95⤵
-
\??\c:\btthtt.exec:\btthtt.exe96⤵
-
\??\c:\5pjjj.exec:\5pjjj.exe97⤵
-
\??\c:\djdvj.exec:\djdvj.exe98⤵
-
\??\c:\rlffrlx.exec:\rlffrlx.exe99⤵
-
\??\c:\lxfflff.exec:\lxfflff.exe100⤵
-
\??\c:\ntbhhh.exec:\ntbhhh.exe101⤵
-
\??\c:\5nhhtn.exec:\5nhhtn.exe102⤵
-
\??\c:\pjddd.exec:\pjddd.exe103⤵
-
\??\c:\pvdjp.exec:\pvdjp.exe104⤵
-
\??\c:\xlxxflr.exec:\xlxxflr.exe105⤵
-
\??\c:\frxfxxx.exec:\frxfxxx.exe106⤵
-
\??\c:\7bntbt.exec:\7bntbt.exe107⤵
-
\??\c:\jvvvp.exec:\jvvvp.exe108⤵
-
\??\c:\dpjpd.exec:\dpjpd.exe109⤵
-
\??\c:\3rrrrxx.exec:\3rrrrxx.exe110⤵
-
\??\c:\xxrxxff.exec:\xxrxxff.exe111⤵
-
\??\c:\nbnntn.exec:\nbnntn.exe112⤵
-
\??\c:\htnthn.exec:\htnthn.exe113⤵
-
\??\c:\frxfllr.exec:\frxfllr.exe114⤵
-
\??\c:\xlxxlrr.exec:\xlxxlrr.exe115⤵
-
\??\c:\hnhntt.exec:\hnhntt.exe116⤵
-
\??\c:\vvdpv.exec:\vvdpv.exe117⤵
-
\??\c:\vjvjp.exec:\vjvjp.exe118⤵
-
\??\c:\llllfrr.exec:\llllfrr.exe119⤵
-
\??\c:\nbhbhb.exec:\nbhbhb.exe120⤵
-
\??\c:\hbnhnb.exec:\hbnhnb.exe121⤵
-
\??\c:\vjvdd.exec:\vjvdd.exe122⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe123⤵
-
\??\c:\frxrxrr.exec:\frxrxrr.exe124⤵
-
\??\c:\rrffrrf.exec:\rrffrrf.exe125⤵
-
\??\c:\httntn.exec:\httntn.exe126⤵
-
\??\c:\thnnnn.exec:\thnnnn.exe127⤵
-
\??\c:\9pdpj.exec:\9pdpj.exe128⤵
-
\??\c:\dvvdp.exec:\dvvdp.exe129⤵
-
\??\c:\7rfffff.exec:\7rfffff.exe130⤵
-
\??\c:\xrlrrrx.exec:\xrlrrrx.exe131⤵
-
\??\c:\5lxlxfx.exec:\5lxlxfx.exe132⤵
-
\??\c:\thbhtt.exec:\thbhtt.exe133⤵
-
\??\c:\pddjp.exec:\pddjp.exe134⤵
-
\??\c:\pdjdj.exec:\pdjdj.exe135⤵
-
\??\c:\9lrlxrf.exec:\9lrlxrf.exe136⤵
-
\??\c:\fffxffr.exec:\fffxffr.exe137⤵
-
\??\c:\thhnhh.exec:\thhnhh.exe138⤵
-
\??\c:\1hbnhh.exec:\1hbnhh.exe139⤵
-
\??\c:\3ppvp.exec:\3ppvp.exe140⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe141⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe142⤵
-
\??\c:\llxlxrr.exec:\llxlxrr.exe143⤵
-
\??\c:\bthntt.exec:\bthntt.exe144⤵
-
\??\c:\3thbhh.exec:\3thbhh.exe145⤵
-
\??\c:\1thhnh.exec:\1thhnh.exe146⤵
-
\??\c:\vjjdj.exec:\vjjdj.exe147⤵
-
\??\c:\pdvdv.exec:\pdvdv.exe148⤵
-
\??\c:\9xxxxff.exec:\9xxxxff.exe149⤵
-
\??\c:\5xfffff.exec:\5xfffff.exe150⤵
-
\??\c:\thhntn.exec:\thhntn.exe151⤵
-
\??\c:\nhnnbn.exec:\nhnnbn.exe152⤵
-
\??\c:\5vjjp.exec:\5vjjp.exe153⤵
-
\??\c:\jvddv.exec:\jvddv.exe154⤵
-
\??\c:\9frlrlr.exec:\9frlrlr.exe155⤵
-
\??\c:\xrxlxlx.exec:\xrxlxlx.exe156⤵
-
\??\c:\nhntnn.exec:\nhntnn.exe157⤵
-
\??\c:\bnnnhh.exec:\bnnnhh.exe158⤵
-
\??\c:\djvjd.exec:\djvjd.exe159⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe160⤵
-
\??\c:\rffrxxf.exec:\rffrxxf.exe161⤵
-
\??\c:\fffrxxr.exec:\fffrxxr.exe162⤵
-
\??\c:\tthhnh.exec:\tthhnh.exe163⤵
-
\??\c:\hbthnt.exec:\hbthnt.exe164⤵
-
\??\c:\vvddj.exec:\vvddj.exe165⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe166⤵
-
\??\c:\xrflxxl.exec:\xrflxxl.exe167⤵
-
\??\c:\xxllxfr.exec:\xxllxfr.exe168⤵
-
\??\c:\5tttbt.exec:\5tttbt.exe169⤵
-
\??\c:\7hhtht.exec:\7hhtht.exe170⤵
-
\??\c:\thtbhh.exec:\thtbhh.exe171⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe172⤵
-
\??\c:\5vppv.exec:\5vppv.exe173⤵
-
\??\c:\3rrxffr.exec:\3rrxffr.exe174⤵
-
\??\c:\lxfxfff.exec:\lxfxfff.exe175⤵
-
\??\c:\hbnbnh.exec:\hbnbnh.exe176⤵
-
\??\c:\tntthh.exec:\tntthh.exe177⤵
-
\??\c:\jdvdd.exec:\jdvdd.exe178⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe179⤵
-
\??\c:\lxrxxxr.exec:\lxrxxxr.exe180⤵
-
\??\c:\rxxxxff.exec:\rxxxxff.exe181⤵
-
\??\c:\7fxflrf.exec:\7fxflrf.exe182⤵
-
\??\c:\nhbhhh.exec:\nhbhhh.exe183⤵
-
\??\c:\3hnbbh.exec:\3hnbbh.exe184⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe185⤵
-
\??\c:\7vjpv.exec:\7vjpv.exe186⤵
-
\??\c:\rfxxxrr.exec:\rfxxxrr.exe187⤵
-
\??\c:\ffllrll.exec:\ffllrll.exe188⤵
-
\??\c:\thhntt.exec:\thhntt.exe189⤵
-
\??\c:\dpppv.exec:\dpppv.exe190⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe191⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe192⤵
-
\??\c:\xxlfxxr.exec:\xxlfxxr.exe193⤵
-
\??\c:\9lrrflf.exec:\9lrrflf.exe194⤵
-
\??\c:\9nhtbh.exec:\9nhtbh.exe195⤵
-
\??\c:\3djjp.exec:\3djjp.exe196⤵
-
\??\c:\vpddv.exec:\vpddv.exe197⤵
-
\??\c:\fxrxxfx.exec:\fxrxxfx.exe198⤵
-
\??\c:\3djpv.exec:\3djpv.exe199⤵
-
\??\c:\llxxfrl.exec:\llxxfrl.exe200⤵
-
\??\c:\xxrrffl.exec:\xxrrffl.exe201⤵
-
\??\c:\btnbnt.exec:\btnbnt.exe202⤵
-
\??\c:\hntnhn.exec:\hntnhn.exe203⤵
-
\??\c:\rxxffxl.exec:\rxxffxl.exe204⤵
-
\??\c:\fxfffff.exec:\fxfffff.exe205⤵
-
\??\c:\hhbnbh.exec:\hhbnbh.exe206⤵
-
\??\c:\7bnbnt.exec:\7bnbnt.exe207⤵
-
\??\c:\ddvjd.exec:\ddvjd.exe208⤵
-
\??\c:\9jdjj.exec:\9jdjj.exe209⤵
-
\??\c:\dddpp.exec:\dddpp.exe210⤵
-
\??\c:\rlxfflr.exec:\rlxfflr.exe211⤵
-
\??\c:\rllrrrx.exec:\rllrrrx.exe212⤵
-
\??\c:\nbhbbh.exec:\nbhbbh.exe213⤵
-
\??\c:\tnbhht.exec:\tnbhht.exe214⤵
-
\??\c:\ppvjp.exec:\ppvjp.exe215⤵
-
\??\c:\jvjdj.exec:\jvjdj.exe216⤵
-
\??\c:\pjvjv.exec:\pjvjv.exe217⤵
-
\??\c:\llrrxxf.exec:\llrrxxf.exe218⤵
-
\??\c:\3rrrrxl.exec:\3rrrrxl.exe219⤵
-
\??\c:\bnbbhb.exec:\bnbbhb.exe220⤵
-
\??\c:\nhtbnn.exec:\nhtbnn.exe221⤵
-
\??\c:\vvddd.exec:\vvddd.exe222⤵
-
\??\c:\jdppv.exec:\jdppv.exe223⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe224⤵
-
\??\c:\5fxfffr.exec:\5fxfffr.exe225⤵
-
\??\c:\7frxlrf.exec:\7frxlrf.exe226⤵
-
\??\c:\ttbtbh.exec:\ttbtbh.exe227⤵
-
\??\c:\thbbhh.exec:\thbbhh.exe228⤵
-
\??\c:\3jvpp.exec:\3jvpp.exe229⤵
-
\??\c:\pjppp.exec:\pjppp.exe230⤵
-
\??\c:\9fffffx.exec:\9fffffx.exe231⤵
-
\??\c:\rlrrxxf.exec:\rlrrxxf.exe232⤵
-
\??\c:\1hnhhn.exec:\1hnhhn.exe233⤵
-
\??\c:\hnhtnh.exec:\hnhtnh.exe234⤵
-
\??\c:\9vvjv.exec:\9vvjv.exe235⤵
-
\??\c:\jdjvp.exec:\jdjvp.exe236⤵
-
\??\c:\3xlxrfx.exec:\3xlxrfx.exe237⤵
-
\??\c:\rrflfxf.exec:\rrflfxf.exe238⤵
-
\??\c:\tnhntb.exec:\tnhntb.exe239⤵
-
\??\c:\nhtbhh.exec:\nhtbhh.exe240⤵