Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
24-05-2024 19:21
General
-
Target
1d36dedc58ab5952e125c9348b3700d50a1e35c8ccc411604316aa8fbd588cd6.exe
-
Size
61KB
-
MD5
932c1ad1322f78b9a2f4602b4fdf65f9
-
SHA1
22076e7d93c1fbfe230ffc2f8a1dd8e4a0d4d39e
-
SHA256
1d36dedc58ab5952e125c9348b3700d50a1e35c8ccc411604316aa8fbd588cd6
-
SHA512
f05acf12c747632910c0d4aeab24d67609e96ea2af15b2d3ac2339b46052ee256e0c1654c23ce15ce8a135bdabfc152fa57106df1060a4c36b99d953b951f642
-
SSDEEP
1536:zvQBeOGtrYS3srx93UBWfwC6Ggnouy8iT4+EMdbVs:zhOmTsF93UYfwC6GIoutiTWMdb6
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
UPX dump on OEP (original entry point) 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1d36dedc58ab5952e125c9348b3700d50a1e35c8ccc411604316aa8fbd588cd6.exe"C:\Users\Admin\AppData\Local\Temp\1d36dedc58ab5952e125c9348b3700d50a1e35c8ccc411604316aa8fbd588cd6.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbnbt.exec:\tbbnbt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntthtt.exec:\ntthtt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrlfff.exec:\lrrlfff.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrfxr.exec:\rlrrfxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnhbt.exec:\nnnhbt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbhh.exec:\hbbbhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddv.exec:\dvddv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjvj.exec:\ddjvj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrfxxl.exec:\lfrfxxl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnhb.exec:\bttnhb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjj.exec:\jdjjj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vvjv.exec:\9vvjv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfffxlx.exec:\xfffxlx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbnhb.exec:\btbnhb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tthtn.exec:\3tthtn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjv.exec:\vppjv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ppdp.exec:\1ppdp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrlff.exec:\xrrrlff.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntnhh.exec:\hntnhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhhh.exec:\tnnhhh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvjv.exec:\jvvjv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxrlff.exec:\lfxrlff.exe23⤵
- Executes dropped EXE
-
\??\c:\3frffxf.exec:\3frffxf.exe24⤵
- Executes dropped EXE
-
\??\c:\thhtnh.exec:\thhtnh.exe25⤵
- Executes dropped EXE
-
\??\c:\nttnbt.exec:\nttnbt.exe26⤵
- Executes dropped EXE
-
\??\c:\ppvpd.exec:\ppvpd.exe27⤵
- Executes dropped EXE
-
\??\c:\rxxrfff.exec:\rxxrfff.exe28⤵
- Executes dropped EXE
-
\??\c:\7hbhhh.exec:\7hbhhh.exe29⤵
- Executes dropped EXE
-
\??\c:\bthnhn.exec:\bthnhn.exe30⤵
- Executes dropped EXE
-
\??\c:\dvjjv.exec:\dvjjv.exe31⤵
- Executes dropped EXE
-
\??\c:\rflxlll.exec:\rflxlll.exe32⤵
- Executes dropped EXE
-
\??\c:\lxxrlff.exec:\lxxrlff.exe33⤵
- Executes dropped EXE
-
\??\c:\thhbbt.exec:\thhbbt.exe34⤵
- Executes dropped EXE
-
\??\c:\7pvpd.exec:\7pvpd.exe35⤵
- Executes dropped EXE
-
\??\c:\djvdp.exec:\djvdp.exe36⤵
- Executes dropped EXE
-
\??\c:\3fxfllx.exec:\3fxfllx.exe37⤵
- Executes dropped EXE
-
\??\c:\flllfxr.exec:\flllfxr.exe38⤵
- Executes dropped EXE
-
\??\c:\nhbthh.exec:\nhbthh.exe39⤵
- Executes dropped EXE
-
\??\c:\1nhthb.exec:\1nhthb.exe40⤵
- Executes dropped EXE
-
\??\c:\vvdjp.exec:\vvdjp.exe41⤵
- Executes dropped EXE
-
\??\c:\9vdvv.exec:\9vdvv.exe42⤵
- Executes dropped EXE
-
\??\c:\xllrrlx.exec:\xllrrlx.exe43⤵
- Executes dropped EXE
-
\??\c:\5rrlrrl.exec:\5rrlrrl.exe44⤵
- Executes dropped EXE
-
\??\c:\tnhbtt.exec:\tnhbtt.exe45⤵
- Executes dropped EXE
-
\??\c:\djpjv.exec:\djpjv.exe46⤵
- Executes dropped EXE
-
\??\c:\3djvd.exec:\3djvd.exe47⤵
- Executes dropped EXE
-
\??\c:\ffrlxfl.exec:\ffrlxfl.exe48⤵
- Executes dropped EXE
-
\??\c:\1nhhtb.exec:\1nhhtb.exe49⤵
- Executes dropped EXE
-
\??\c:\5ppjv.exec:\5ppjv.exe50⤵
- Executes dropped EXE
-
\??\c:\xxlxlfr.exec:\xxlxlfr.exe51⤵
- Executes dropped EXE
-
\??\c:\1lrllfx.exec:\1lrllfx.exe52⤵
- Executes dropped EXE
-
\??\c:\3nhnbb.exec:\3nhnbb.exe53⤵
- Executes dropped EXE
-
\??\c:\7hnhnn.exec:\7hnhnn.exe54⤵
- Executes dropped EXE
-
\??\c:\1jpdv.exec:\1jpdv.exe55⤵
- Executes dropped EXE
-
\??\c:\rxfxlfx.exec:\rxfxlfx.exe56⤵
- Executes dropped EXE
-
\??\c:\bbtttn.exec:\bbtttn.exe57⤵
- Executes dropped EXE
-
\??\c:\hbnhtb.exec:\hbnhtb.exe58⤵
- Executes dropped EXE
-
\??\c:\jpjjd.exec:\jpjjd.exe59⤵
- Executes dropped EXE
-
\??\c:\vdpdd.exec:\vdpdd.exe60⤵
- Executes dropped EXE
-
\??\c:\7lrlfff.exec:\7lrlfff.exe61⤵
- Executes dropped EXE
-
\??\c:\tbbtnh.exec:\tbbtnh.exe62⤵
- Executes dropped EXE
-
\??\c:\5nnhbb.exec:\5nnhbb.exe63⤵
- Executes dropped EXE
-
\??\c:\pjpvv.exec:\pjpvv.exe64⤵
- Executes dropped EXE
-
\??\c:\7pjvd.exec:\7pjvd.exe65⤵
- Executes dropped EXE
-
\??\c:\lrrlxrl.exec:\lrrlxrl.exe66⤵
-
\??\c:\xflxxxx.exec:\xflxxxx.exe67⤵
-
\??\c:\hhnhtn.exec:\hhnhtn.exe68⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe69⤵
-
\??\c:\7tbnnn.exec:\7tbnnn.exe70⤵
-
\??\c:\vvppp.exec:\vvppp.exe71⤵
-
\??\c:\ppdvd.exec:\ppdvd.exe72⤵
-
\??\c:\rflrlfr.exec:\rflrlfr.exe73⤵
-
\??\c:\5hhbtt.exec:\5hhbtt.exe74⤵
-
\??\c:\ntnnbt.exec:\ntnnbt.exe75⤵
-
\??\c:\1dvpd.exec:\1dvpd.exe76⤵
-
\??\c:\9pjvj.exec:\9pjvj.exe77⤵
-
\??\c:\lxxxxfr.exec:\lxxxxfr.exe78⤵
-
\??\c:\btbhnn.exec:\btbhnn.exe79⤵
-
\??\c:\bhnhtn.exec:\bhnhtn.exe80⤵
-
\??\c:\vvjjp.exec:\vvjjp.exe81⤵
-
\??\c:\jjjdj.exec:\jjjdj.exe82⤵
-
\??\c:\fxxrrll.exec:\fxxrrll.exe83⤵
-
\??\c:\9lllxxf.exec:\9lllxxf.exe84⤵
-
\??\c:\nnnhth.exec:\nnnhth.exe85⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe86⤵
-
\??\c:\3djpj.exec:\3djpj.exe87⤵
-
\??\c:\pjjvv.exec:\pjjvv.exe88⤵
-
\??\c:\lflfxlf.exec:\lflfxlf.exe89⤵
-
\??\c:\1htnbb.exec:\1htnbb.exe90⤵
-
\??\c:\9bhhhh.exec:\9bhhhh.exe91⤵
-
\??\c:\7flfxrr.exec:\7flfxrr.exe92⤵
-
\??\c:\llrxrrr.exec:\llrxrrr.exe93⤵
-
\??\c:\tttnnn.exec:\tttnnn.exe94⤵
-
\??\c:\7thbbh.exec:\7thbbh.exe95⤵
-
\??\c:\5nbbhh.exec:\5nbbhh.exe96⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe97⤵
-
\??\c:\9vpjv.exec:\9vpjv.exe98⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe99⤵
-
\??\c:\lrlxfrf.exec:\lrlxfrf.exe100⤵
-
\??\c:\9httnn.exec:\9httnn.exe101⤵
-
\??\c:\btnthh.exec:\btnthh.exe102⤵
-
\??\c:\jjpdv.exec:\jjpdv.exe103⤵
-
\??\c:\3dppd.exec:\3dppd.exe104⤵
-
\??\c:\xlrrxxx.exec:\xlrrxxx.exe105⤵
-
\??\c:\rxxlffx.exec:\rxxlffx.exe106⤵
-
\??\c:\bbbbtb.exec:\bbbbtb.exe107⤵
-
\??\c:\bbntnn.exec:\bbntnn.exe108⤵
-
\??\c:\vpdpj.exec:\vpdpj.exe109⤵
-
\??\c:\pjppj.exec:\pjppj.exe110⤵
-
\??\c:\xrxxrxr.exec:\xrxxrxr.exe111⤵
-
\??\c:\btnnnn.exec:\btnnnn.exe112⤵
-
\??\c:\bbbthh.exec:\bbbthh.exe113⤵
-
\??\c:\bhthbn.exec:\bhthbn.exe114⤵
-
\??\c:\dppjd.exec:\dppjd.exe115⤵
-
\??\c:\7xxrlxr.exec:\7xxrlxr.exe116⤵
-
\??\c:\bttttt.exec:\bttttt.exe117⤵
-
\??\c:\nbnhtt.exec:\nbnhtt.exe118⤵
-
\??\c:\djpjd.exec:\djpjd.exe119⤵
-
\??\c:\3dpjp.exec:\3dpjp.exe120⤵
-
\??\c:\lxlffff.exec:\lxlffff.exe121⤵
-
\??\c:\flxrrrl.exec:\flxrrrl.exe122⤵
-
\??\c:\bhbttb.exec:\bhbttb.exe123⤵
-
\??\c:\pvvvj.exec:\pvvvj.exe124⤵
-
\??\c:\3pdpp.exec:\3pdpp.exe125⤵
-
\??\c:\3llrxxx.exec:\3llrxxx.exe126⤵
-
\??\c:\bbbthh.exec:\bbbthh.exe127⤵
-
\??\c:\tntbbb.exec:\tntbbb.exe128⤵
-
\??\c:\1vdvj.exec:\1vdvj.exe129⤵
-
\??\c:\xrrlxxr.exec:\xrrlxxr.exe130⤵
-
\??\c:\lxxfxxx.exec:\lxxfxxx.exe131⤵
-
\??\c:\htnnnn.exec:\htnnnn.exe132⤵
-
\??\c:\ddppj.exec:\ddppj.exe133⤵
-
\??\c:\1jppj.exec:\1jppj.exe134⤵
-
\??\c:\3lrrrrx.exec:\3lrrrrx.exe135⤵
-
\??\c:\rfrrlll.exec:\rfrrlll.exe136⤵
-
\??\c:\btbbtb.exec:\btbbtb.exe137⤵
-
\??\c:\thbbtn.exec:\thbbtn.exe138⤵
-
\??\c:\httthh.exec:\httthh.exe139⤵
-
\??\c:\vddvp.exec:\vddvp.exe140⤵
-
\??\c:\pddjv.exec:\pddjv.exe141⤵
-
\??\c:\rxflfll.exec:\rxflfll.exe142⤵
-
\??\c:\5fffxxx.exec:\5fffxxx.exe143⤵
-
\??\c:\bttttb.exec:\bttttb.exe144⤵
-
\??\c:\rflrxxx.exec:\rflrxxx.exe145⤵
-
\??\c:\rrxfxxr.exec:\rrxfxxr.exe146⤵
-
\??\c:\hhbbbb.exec:\hhbbbb.exe147⤵
-
\??\c:\1vppp.exec:\1vppp.exe148⤵
-
\??\c:\jpvvv.exec:\jpvvv.exe149⤵
-
\??\c:\xrrxfll.exec:\xrrxfll.exe150⤵
-
\??\c:\7rrrllf.exec:\7rrrllf.exe151⤵
-
\??\c:\nbbtnn.exec:\nbbtnn.exe152⤵
-
\??\c:\5nbhbt.exec:\5nbhbt.exe153⤵
-
\??\c:\vdpvv.exec:\vdpvv.exe154⤵
-
\??\c:\9pvpj.exec:\9pvpj.exe155⤵
-
\??\c:\9rrlxxx.exec:\9rrlxxx.exe156⤵
-
\??\c:\lfxrfrl.exec:\lfxrfrl.exe157⤵
-
\??\c:\bnhbhh.exec:\bnhbhh.exe158⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe159⤵
-
\??\c:\3pppj.exec:\3pppj.exe160⤵
-
\??\c:\7lfxxxr.exec:\7lfxxxr.exe161⤵
-
\??\c:\flxxrrr.exec:\flxxrrr.exe162⤵
-
\??\c:\3lrxrrf.exec:\3lrxrrf.exe163⤵
-
\??\c:\9bbtnn.exec:\9bbtnn.exe164⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe165⤵
-
\??\c:\djjdp.exec:\djjdp.exe166⤵
-
\??\c:\rllfxxr.exec:\rllfxxr.exe167⤵
-
\??\c:\7fxxrrl.exec:\7fxxrrl.exe168⤵
-
\??\c:\ntttnn.exec:\ntttnn.exe169⤵
-
\??\c:\hhhhbh.exec:\hhhhbh.exe170⤵
-
\??\c:\nbttnb.exec:\nbttnb.exe171⤵
-
\??\c:\vpppd.exec:\vpppd.exe172⤵
-
\??\c:\fllxfrf.exec:\fllxfrf.exe173⤵
-
\??\c:\rxxrllf.exec:\rxxrllf.exe174⤵
-
\??\c:\nbnntt.exec:\nbnntt.exe175⤵
-
\??\c:\7tbttt.exec:\7tbttt.exe176⤵
-
\??\c:\jddvj.exec:\jddvj.exe177⤵
-
\??\c:\frxfrlx.exec:\frxfrlx.exe178⤵
-
\??\c:\5rllfxr.exec:\5rllfxr.exe179⤵
-
\??\c:\hbttnn.exec:\hbttnn.exe180⤵
-
\??\c:\nbhhtt.exec:\nbhhtt.exe181⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe182⤵
-
\??\c:\1jppd.exec:\1jppd.exe183⤵
-
\??\c:\xllfrff.exec:\xllfrff.exe184⤵
-
\??\c:\xrrrlll.exec:\xrrrlll.exe185⤵
-
\??\c:\rlfxrrl.exec:\rlfxrrl.exe186⤵
-
\??\c:\bttbbb.exec:\bttbbb.exe187⤵
-
\??\c:\tttnnb.exec:\tttnnb.exe188⤵
-
\??\c:\1vpjd.exec:\1vpjd.exe189⤵
-
\??\c:\jjppp.exec:\jjppp.exe190⤵
-
\??\c:\rxlxrrr.exec:\rxlxrrr.exe191⤵
-
\??\c:\flffxxx.exec:\flffxxx.exe192⤵
-
\??\c:\nbhhhh.exec:\nbhhhh.exe193⤵
-
\??\c:\7bhbtt.exec:\7bhbtt.exe194⤵
-
\??\c:\vvdvp.exec:\vvdvp.exe195⤵
-
\??\c:\3flfxrr.exec:\3flfxrr.exe196⤵
-
\??\c:\xxffxxx.exec:\xxffxxx.exe197⤵
-
\??\c:\hhhnhh.exec:\hhhnhh.exe198⤵
-
\??\c:\tttbtb.exec:\tttbtb.exe199⤵
-
\??\c:\pvddp.exec:\pvddp.exe200⤵
-
\??\c:\7djdp.exec:\7djdp.exe201⤵
-
\??\c:\rllxrrl.exec:\rllxrrl.exe202⤵
-
\??\c:\ffxrxxx.exec:\ffxrxxx.exe203⤵
-
\??\c:\ntbbhh.exec:\ntbbhh.exe204⤵
-
\??\c:\btbtnn.exec:\btbtnn.exe205⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe206⤵
-
\??\c:\djjjd.exec:\djjjd.exe207⤵
-
\??\c:\rlrxrlf.exec:\rlrxrlf.exe208⤵
-
\??\c:\7nnhbb.exec:\7nnhbb.exe209⤵
-
\??\c:\hhhbtt.exec:\hhhbtt.exe210⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe211⤵
-
\??\c:\xfxlxrf.exec:\xfxlxrf.exe212⤵
-
\??\c:\bthhtt.exec:\bthhtt.exe213⤵
-
\??\c:\vddvp.exec:\vddvp.exe214⤵
-
\??\c:\lllxrlx.exec:\lllxrlx.exe215⤵
-
\??\c:\nnbbbh.exec:\nnbbbh.exe216⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe217⤵
-
\??\c:\llxxxxl.exec:\llxxxxl.exe218⤵
-
\??\c:\llllxxl.exec:\llllxxl.exe219⤵
-
\??\c:\tbbbnh.exec:\tbbbnh.exe220⤵
-
\??\c:\nthhtb.exec:\nthhtb.exe221⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe222⤵
-
\??\c:\lffrxxf.exec:\lffrxxf.exe223⤵
-
\??\c:\lflfxxf.exec:\lflfxxf.exe224⤵
-
\??\c:\bhhbtn.exec:\bhhbtn.exe225⤵
-
\??\c:\dddvv.exec:\dddvv.exe226⤵
-
\??\c:\dvddp.exec:\dvddp.exe227⤵
-
\??\c:\9xxxlll.exec:\9xxxlll.exe228⤵
-
\??\c:\rxrlxxf.exec:\rxrlxxf.exe229⤵
-
\??\c:\xxxfffr.exec:\xxxfffr.exe230⤵
-
\??\c:\thnttb.exec:\thnttb.exe231⤵
-
\??\c:\tnnbbt.exec:\tnnbbt.exe232⤵
-
\??\c:\vvdvd.exec:\vvdvd.exe233⤵
-
\??\c:\lfrfrxf.exec:\lfrfrxf.exe234⤵
-
\??\c:\rfffxrf.exec:\rfffxrf.exe235⤵
-
\??\c:\hhbbtt.exec:\hhbbtt.exe236⤵
-
\??\c:\bthbtt.exec:\bthbtt.exe237⤵
-
\??\c:\7jpjd.exec:\7jpjd.exe238⤵
-
\??\c:\rxrxxrx.exec:\rxrxxrx.exe239⤵
-
\??\c:\lxxxrlx.exec:\lxxxrlx.exe240⤵