Analysis
-
max time kernel
150s -
max time network
117s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
24-05-2024 18:19
General
-
Target
05645442132cb14ff2f64e0b0f2a740f2b07505949961eb96423c6564c5dc264.exe
-
Size
76KB
-
MD5
287414622bb8b4193a47085f7537410a
-
SHA1
48684dfe3568f87669d3265f1e7bdf9b70decf18
-
SHA256
05645442132cb14ff2f64e0b0f2a740f2b07505949961eb96423c6564c5dc264
-
SHA512
9ac31e4c1738568255b56403c2f716e8617faf8ffc4f9ba9134d8d72eb614c9ab0768be1b7bfd9d5bf602a8623b7025804fec12cea751220a3ccb5d449064139
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoAX8gu3Gno9yvrjKI:ymb3NkkiQ3mdBjFo68t3Gno9Ij
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
UPX dump on OEP (original entry point) 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\05645442132cb14ff2f64e0b0f2a740f2b07505949961eb96423c6564c5dc264.exe"C:\Users\Admin\AppData\Local\Temp\05645442132cb14ff2f64e0b0f2a740f2b07505949961eb96423c6564c5dc264.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrffrr.exec:\lfrffrr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\42204.exec:\42204.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\428282.exec:\428282.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\002082.exec:\002082.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\80226.exec:\80226.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntttnb.exec:\ntttnb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhtb.exec:\btnhtb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\82448.exec:\82448.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\60266.exec:\60266.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdpj.exec:\vjdpj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtbtn.exec:\hbtbtn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxrlfl.exec:\frxrlfl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6246428.exec:\6246428.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\82260.exec:\82260.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\22820.exec:\22820.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbbbn.exec:\ntbbbn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrrxr.exec:\xrlrrxr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2404400.exec:\2404400.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bnntb.exec:\9bnntb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdvv.exec:\jpdvv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4620426.exec:\4620426.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvdp.exec:\vvvdp.exe23⤵
- Executes dropped EXE
-
\??\c:\rfflxrl.exec:\rfflxrl.exe24⤵
- Executes dropped EXE
-
\??\c:\640488.exec:\640488.exe25⤵
- Executes dropped EXE
-
\??\c:\6400826.exec:\6400826.exe26⤵
- Executes dropped EXE
-
\??\c:\068222.exec:\068222.exe27⤵
- Executes dropped EXE
-
\??\c:\4882660.exec:\4882660.exe28⤵
- Executes dropped EXE
-
\??\c:\pjdvp.exec:\pjdvp.exe29⤵
- Executes dropped EXE
-
\??\c:\0020226.exec:\0020226.exe30⤵
- Executes dropped EXE
-
\??\c:\vddvd.exec:\vddvd.exe31⤵
- Executes dropped EXE
-
\??\c:\8200622.exec:\8200622.exe32⤵
- Executes dropped EXE
-
\??\c:\4448682.exec:\4448682.exe33⤵
- Executes dropped EXE
-
\??\c:\vjvpp.exec:\vjvpp.exe34⤵
- Executes dropped EXE
-
\??\c:\00664.exec:\00664.exe35⤵
- Executes dropped EXE
-
\??\c:\lffxrrr.exec:\lffxrrr.exe36⤵
- Executes dropped EXE
-
\??\c:\846048.exec:\846048.exe37⤵
- Executes dropped EXE
-
\??\c:\266648.exec:\266648.exe38⤵
- Executes dropped EXE
-
\??\c:\a2804.exec:\a2804.exe39⤵
- Executes dropped EXE
-
\??\c:\xrfxrfr.exec:\xrfxrfr.exe40⤵
- Executes dropped EXE
-
\??\c:\68000.exec:\68000.exe41⤵
- Executes dropped EXE
-
\??\c:\4204026.exec:\4204026.exe42⤵
- Executes dropped EXE
-
\??\c:\rxffffl.exec:\rxffffl.exe43⤵
- Executes dropped EXE
-
\??\c:\0000000.exec:\0000000.exe44⤵
- Executes dropped EXE
-
\??\c:\dpvjv.exec:\dpvjv.exe45⤵
- Executes dropped EXE
-
\??\c:\dvdvd.exec:\dvdvd.exe46⤵
- Executes dropped EXE
-
\??\c:\3vvjd.exec:\3vvjd.exe47⤵
- Executes dropped EXE
-
\??\c:\hnnhtt.exec:\hnnhtt.exe48⤵
- Executes dropped EXE
-
\??\c:\lxrxrfr.exec:\lxrxrfr.exe49⤵
- Executes dropped EXE
-
\??\c:\pddpp.exec:\pddpp.exe50⤵
- Executes dropped EXE
-
\??\c:\u844604.exec:\u844604.exe51⤵
- Executes dropped EXE
-
\??\c:\3vddv.exec:\3vddv.exe52⤵
- Executes dropped EXE
-
\??\c:\frxlxxr.exec:\frxlxxr.exe53⤵
- Executes dropped EXE
-
\??\c:\0448226.exec:\0448226.exe54⤵
- Executes dropped EXE
-
\??\c:\nhhbtn.exec:\nhhbtn.exe55⤵
- Executes dropped EXE
-
\??\c:\042806.exec:\042806.exe56⤵
- Executes dropped EXE
-
\??\c:\802888.exec:\802888.exe57⤵
- Executes dropped EXE
-
\??\c:\028822.exec:\028822.exe58⤵
- Executes dropped EXE
-
\??\c:\284826.exec:\284826.exe59⤵
- Executes dropped EXE
-
\??\c:\htnhbb.exec:\htnhbb.exe60⤵
- Executes dropped EXE
-
\??\c:\88406.exec:\88406.exe61⤵
- Executes dropped EXE
-
\??\c:\288824.exec:\288824.exe62⤵
- Executes dropped EXE
-
\??\c:\6040280.exec:\6040280.exe63⤵
- Executes dropped EXE
-
\??\c:\bbbthh.exec:\bbbthh.exe64⤵
- Executes dropped EXE
-
\??\c:\60048.exec:\60048.exe65⤵
- Executes dropped EXE
-
\??\c:\084480.exec:\084480.exe66⤵
-
\??\c:\xrlfrrr.exec:\xrlfrrr.exe67⤵
-
\??\c:\86822.exec:\86822.exe68⤵
-
\??\c:\fxxlffx.exec:\fxxlffx.exe69⤵
-
\??\c:\a0882.exec:\a0882.exe70⤵
-
\??\c:\1bbbbn.exec:\1bbbbn.exe71⤵
-
\??\c:\68488.exec:\68488.exe72⤵
-
\??\c:\48884.exec:\48884.exe73⤵
-
\??\c:\8444448.exec:\8444448.exe74⤵
-
\??\c:\6684444.exec:\6684444.exe75⤵
-
\??\c:\bhtttt.exec:\bhtttt.exe76⤵
-
\??\c:\xlfxrxx.exec:\xlfxrxx.exe77⤵
-
\??\c:\fxxxrxx.exec:\fxxxrxx.exe78⤵
-
\??\c:\g2886.exec:\g2886.exe79⤵
-
\??\c:\840488.exec:\840488.exe80⤵
-
\??\c:\pvddv.exec:\pvddv.exe81⤵
-
\??\c:\82208.exec:\82208.exe82⤵
-
\??\c:\28842.exec:\28842.exe83⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe84⤵
-
\??\c:\04488.exec:\04488.exe85⤵
-
\??\c:\0200006.exec:\0200006.exe86⤵
-
\??\c:\22226.exec:\22226.exe87⤵
-
\??\c:\s2888.exec:\s2888.exe88⤵
-
\??\c:\o844488.exec:\o844488.exe89⤵
-
\??\c:\7htntt.exec:\7htntt.exe90⤵
-
\??\c:\tthbbb.exec:\tthbbb.exe91⤵
-
\??\c:\482604.exec:\482604.exe92⤵
-
\??\c:\hbtnhh.exec:\hbtnhh.exe93⤵
-
\??\c:\hnnhtt.exec:\hnnhtt.exe94⤵
-
\??\c:\ttnhnh.exec:\ttnhnh.exe95⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe96⤵
-
\??\c:\ntbtnn.exec:\ntbtnn.exe97⤵
-
\??\c:\820406.exec:\820406.exe98⤵
-
\??\c:\lffxxrf.exec:\lffxxrf.exe99⤵
-
\??\c:\048260.exec:\048260.exe100⤵
-
\??\c:\82260.exec:\82260.exe101⤵
-
\??\c:\86820.exec:\86820.exe102⤵
-
\??\c:\dpvdd.exec:\dpvdd.exe103⤵
-
\??\c:\nhnhbb.exec:\nhnhbb.exe104⤵
-
\??\c:\dppdd.exec:\dppdd.exe105⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe106⤵
-
\??\c:\xlllxxr.exec:\xlllxxr.exe107⤵
-
\??\c:\4082662.exec:\4082662.exe108⤵
-
\??\c:\lfxxfxf.exec:\lfxxfxf.exe109⤵
-
\??\c:\260624.exec:\260624.exe110⤵
-
\??\c:\pvvpd.exec:\pvvpd.exe111⤵
-
\??\c:\hthhbb.exec:\hthhbb.exe112⤵
-
\??\c:\pvdvp.exec:\pvdvp.exe113⤵
-
\??\c:\86206.exec:\86206.exe114⤵
-
\??\c:\44004.exec:\44004.exe115⤵
-
\??\c:\400044.exec:\400044.exe116⤵
-
\??\c:\2622040.exec:\2622040.exe117⤵
-
\??\c:\lrlllfx.exec:\lrlllfx.exe118⤵
-
\??\c:\248664.exec:\248664.exe119⤵
-
\??\c:\tbthnh.exec:\tbthnh.exe120⤵
-
\??\c:\thnbnn.exec:\thnbnn.exe121⤵
-
\??\c:\48080.exec:\48080.exe122⤵
-
\??\c:\02044.exec:\02044.exe123⤵
-
\??\c:\5dvpj.exec:\5dvpj.exe124⤵
-
\??\c:\0848888.exec:\0848888.exe125⤵
-
\??\c:\0688400.exec:\0688400.exe126⤵
-
\??\c:\o844822.exec:\o844822.exe127⤵
-
\??\c:\6826044.exec:\6826044.exe128⤵
-
\??\c:\lxflxlx.exec:\lxflxlx.exe129⤵
-
\??\c:\dpjpd.exec:\dpjpd.exe130⤵
-
\??\c:\48884.exec:\48884.exe131⤵
-
\??\c:\1nnnbb.exec:\1nnnbb.exe132⤵
-
\??\c:\06000.exec:\06000.exe133⤵
-
\??\c:\02482.exec:\02482.exe134⤵
-
\??\c:\vvjjj.exec:\vvjjj.exe135⤵
-
\??\c:\3jpvp.exec:\3jpvp.exe136⤵
-
\??\c:\664860.exec:\664860.exe137⤵
-
\??\c:\82408.exec:\82408.exe138⤵
-
\??\c:\2840060.exec:\2840060.exe139⤵
-
\??\c:\jdppd.exec:\jdppd.exe140⤵
-
\??\c:\fllllrl.exec:\fllllrl.exe141⤵
-
\??\c:\08662.exec:\08662.exe142⤵
-
\??\c:\3rxxffl.exec:\3rxxffl.exe143⤵
-
\??\c:\tbhhht.exec:\tbhhht.exe144⤵
-
\??\c:\82268.exec:\82268.exe145⤵
-
\??\c:\9fxfxxr.exec:\9fxfxxr.exe146⤵
-
\??\c:\0066600.exec:\0066600.exe147⤵
-
\??\c:\bnbtnn.exec:\bnbtnn.exe148⤵
-
\??\c:\q84822.exec:\q84822.exe149⤵
-
\??\c:\02882.exec:\02882.exe150⤵
-
\??\c:\xlxrxxf.exec:\xlxrxxf.exe151⤵
-
\??\c:\pppjd.exec:\pppjd.exe152⤵
-
\??\c:\fxrlfff.exec:\fxrlfff.exe153⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe154⤵
-
\??\c:\606606.exec:\606606.exe155⤵
-
\??\c:\26406.exec:\26406.exe156⤵
-
\??\c:\20880.exec:\20880.exe157⤵
-
\??\c:\26266.exec:\26266.exe158⤵
-
\??\c:\a0464.exec:\a0464.exe159⤵
-
\??\c:\lfrlffx.exec:\lfrlffx.exe160⤵
-
\??\c:\024660.exec:\024660.exe161⤵
-
\??\c:\8604826.exec:\8604826.exe162⤵
-
\??\c:\u644006.exec:\u644006.exe163⤵
-
\??\c:\264488.exec:\264488.exe164⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe165⤵
-
\??\c:\062288.exec:\062288.exe166⤵
-
\??\c:\02826.exec:\02826.exe167⤵
-
\??\c:\024422.exec:\024422.exe168⤵
-
\??\c:\xlxrlfx.exec:\xlxrlfx.exe169⤵
-
\??\c:\hbtbtt.exec:\hbtbtt.exe170⤵
-
\??\c:\ttnnbh.exec:\ttnnbh.exe171⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe172⤵
-
\??\c:\w84444.exec:\w84444.exe173⤵
-
\??\c:\1vdvp.exec:\1vdvp.exe174⤵
-
\??\c:\480442.exec:\480442.exe175⤵
-
\??\c:\bttbnn.exec:\bttbnn.exe176⤵
-
\??\c:\60884.exec:\60884.exe177⤵
-
\??\c:\1rxxllf.exec:\1rxxllf.exe178⤵
-
\??\c:\04666.exec:\04666.exe179⤵
-
\??\c:\08482.exec:\08482.exe180⤵
-
\??\c:\20660.exec:\20660.exe181⤵
-
\??\c:\bnnhbb.exec:\bnnhbb.exe182⤵
-
\??\c:\0062226.exec:\0062226.exe183⤵
-
\??\c:\7hbbtb.exec:\7hbbtb.exe184⤵
-
\??\c:\btbtbb.exec:\btbtbb.exe185⤵
-
\??\c:\686266.exec:\686266.exe186⤵
-
\??\c:\lxxxffx.exec:\lxxxffx.exe187⤵
-
\??\c:\2404448.exec:\2404448.exe188⤵
-
\??\c:\44882.exec:\44882.exe189⤵
-
\??\c:\g6200.exec:\g6200.exe190⤵
-
\??\c:\ppvdd.exec:\ppvdd.exe191⤵
-
\??\c:\xrlfrrr.exec:\xrlfrrr.exe192⤵
-
\??\c:\dvddv.exec:\dvddv.exe193⤵
-
\??\c:\hbnnnn.exec:\hbnnnn.exe194⤵
-
\??\c:\hnthbb.exec:\hnthbb.exe195⤵
-
\??\c:\5nthnn.exec:\5nthnn.exe196⤵
-
\??\c:\hbbbtn.exec:\hbbbtn.exe197⤵
-
\??\c:\rllfxxr.exec:\rllfxxr.exe198⤵
-
\??\c:\2082604.exec:\2082604.exe199⤵
-
\??\c:\lrfrffx.exec:\lrfrffx.exe200⤵
-
\??\c:\084888.exec:\084888.exe201⤵
-
\??\c:\rxxfxff.exec:\rxxfxff.exe202⤵
-
\??\c:\fllfxxr.exec:\fllfxxr.exe203⤵
-
\??\c:\028888.exec:\028888.exe204⤵
-
\??\c:\84482.exec:\84482.exe205⤵
-
\??\c:\040422.exec:\040422.exe206⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe207⤵
-
\??\c:\nhhnhh.exec:\nhhnhh.exe208⤵
-
\??\c:\xlrrllf.exec:\xlrrllf.exe209⤵
-
\??\c:\pdjjj.exec:\pdjjj.exe210⤵
-
\??\c:\ffffrrr.exec:\ffffrrr.exe211⤵
-
\??\c:\fxrlffx.exec:\fxrlffx.exe212⤵
-
\??\c:\vpppj.exec:\vpppj.exe213⤵
-
\??\c:\2848888.exec:\2848888.exe214⤵
-
\??\c:\hbbhht.exec:\hbbhht.exe215⤵
-
\??\c:\g8262.exec:\g8262.exe216⤵
-
\??\c:\20842.exec:\20842.exe217⤵
-
\??\c:\bhhhhh.exec:\bhhhhh.exe218⤵
-
\??\c:\hthhht.exec:\hthhht.exe219⤵
-
\??\c:\rlxrflr.exec:\rlxrflr.exe220⤵
-
\??\c:\rxxxrrl.exec:\rxxxrrl.exe221⤵
-
\??\c:\rfffxxr.exec:\rfffxxr.exe222⤵
-
\??\c:\0828424.exec:\0828424.exe223⤵
-
\??\c:\fxrlflf.exec:\fxrlflf.exe224⤵
-
\??\c:\6866246.exec:\6866246.exe225⤵
-
\??\c:\thbbtt.exec:\thbbtt.exe226⤵
-
\??\c:\m4820.exec:\m4820.exe227⤵
-
\??\c:\e02088.exec:\e02088.exe228⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe229⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe230⤵
-
\??\c:\frlfxxr.exec:\frlfxxr.exe231⤵
-
\??\c:\24600.exec:\24600.exe232⤵
-
\??\c:\602066.exec:\602066.exe233⤵
-
\??\c:\jpvdp.exec:\jpvdp.exe234⤵
-
\??\c:\6082602.exec:\6082602.exe235⤵
-
\??\c:\04260.exec:\04260.exe236⤵
-
\??\c:\484844.exec:\484844.exe237⤵
-
\??\c:\62260.exec:\62260.exe238⤵
-
\??\c:\4028660.exec:\4028660.exe239⤵
-
\??\c:\48848.exec:\48848.exe240⤵