Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
24-05-2024 19:22
General
-
Target
1d8db73d352bdece316df0f381ccf74bfc9998789b68d311b348c37197f68f36.exe
-
Size
76KB
-
MD5
803cccb715ccf18e0804751fe6d15406
-
SHA1
0a4c38c1f0f4f5b0a4e489c78eecec9283197cbd
-
SHA256
1d8db73d352bdece316df0f381ccf74bfc9998789b68d311b348c37197f68f36
-
SHA512
1b00a11c9e04fca68ff1063bb9495081d10005498cfec9b9e77ee6d648bbeeb1a799f6c98d93c29874711594d45036b41d6d87c90b0832a7488194743634a4ee
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrAw:ymb3NkkiQ3mdBjFIIp9L9QrrAw
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
UPX dump on OEP (original entry point) 30 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1d8db73d352bdece316df0f381ccf74bfc9998789b68d311b348c37197f68f36.exe"C:\Users\Admin\AppData\Local\Temp\1d8db73d352bdece316df0f381ccf74bfc9998789b68d311b348c37197f68f36.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\htnhbb.exec:\htnhbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbthb.exec:\hhbthb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvp.exec:\jddvp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxrlf.exec:\rlfxrlf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllffff.exec:\rllffff.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nnhbb.exec:\7nnhbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjdv.exec:\dvjdv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxfrrr.exec:\rrxfrrr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnthh.exec:\htnthh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvpj.exec:\pvvpj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lxrxfl.exec:\3lxrxfl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfxrrf.exec:\frfxrrf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhbbn.exec:\thhbbn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjdv.exec:\jpjdv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjdj.exec:\ddjdj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllfxxx.exec:\fllfxxx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbttt.exec:\htbttt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvp.exec:\pjdvp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvdd.exec:\jpvdd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxxlxr.exec:\frxxlxr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhtnt.exec:\bnhtnt.exe23⤵
- Executes dropped EXE
-
\??\c:\7hbtnn.exec:\7hbtnn.exe24⤵
- Executes dropped EXE
-
\??\c:\dpdvd.exec:\dpdvd.exe25⤵
- Executes dropped EXE
-
\??\c:\lfxrllf.exec:\lfxrllf.exe26⤵
- Executes dropped EXE
-
\??\c:\lfxrrrx.exec:\lfxrrrx.exe27⤵
- Executes dropped EXE
-
\??\c:\tntttb.exec:\tntttb.exe28⤵
- Executes dropped EXE
-
\??\c:\jddpv.exec:\jddpv.exe29⤵
- Executes dropped EXE
-
\??\c:\7vvjd.exec:\7vvjd.exe30⤵
- Executes dropped EXE
-
\??\c:\lllfffx.exec:\lllfffx.exe31⤵
- Executes dropped EXE
-
\??\c:\hhhbbt.exec:\hhhbbt.exe32⤵
- Executes dropped EXE
-
\??\c:\ddvvj.exec:\ddvvj.exe33⤵
- Executes dropped EXE
-
\??\c:\vpjjd.exec:\vpjjd.exe34⤵
- Executes dropped EXE
-
\??\c:\jjpjd.exec:\jjpjd.exe35⤵
- Executes dropped EXE
-
\??\c:\7flfxxr.exec:\7flfxxr.exe36⤵
- Executes dropped EXE
-
\??\c:\frrlrrx.exec:\frrlrrx.exe37⤵
- Executes dropped EXE
-
\??\c:\hnntnn.exec:\hnntnn.exe38⤵
- Executes dropped EXE
-
\??\c:\7ttnbb.exec:\7ttnbb.exe39⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe40⤵
- Executes dropped EXE
-
\??\c:\vpvpp.exec:\vpvpp.exe41⤵
- Executes dropped EXE
-
\??\c:\flfxllf.exec:\flfxllf.exe42⤵
- Executes dropped EXE
-
\??\c:\rrfrllr.exec:\rrfrllr.exe43⤵
- Executes dropped EXE
-
\??\c:\nhbnhn.exec:\nhbnhn.exe44⤵
- Executes dropped EXE
-
\??\c:\nntnbb.exec:\nntnbb.exe45⤵
- Executes dropped EXE
-
\??\c:\ddjdp.exec:\ddjdp.exe46⤵
- Executes dropped EXE
-
\??\c:\lxxlxxr.exec:\lxxlxxr.exe47⤵
- Executes dropped EXE
-
\??\c:\rffxrrl.exec:\rffxrrl.exe48⤵
- Executes dropped EXE
-
\??\c:\bbnhtn.exec:\bbnhtn.exe49⤵
- Executes dropped EXE
-
\??\c:\dpdjp.exec:\dpdjp.exe50⤵
- Executes dropped EXE
-
\??\c:\vjdvj.exec:\vjdvj.exe51⤵
- Executes dropped EXE
-
\??\c:\rlfxllf.exec:\rlfxllf.exe52⤵
- Executes dropped EXE
-
\??\c:\rrrlxxx.exec:\rrrlxxx.exe53⤵
- Executes dropped EXE
-
\??\c:\nhbbtt.exec:\nhbbtt.exe54⤵
- Executes dropped EXE
-
\??\c:\bnnnhh.exec:\bnnnhh.exe55⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe56⤵
- Executes dropped EXE
-
\??\c:\9jjpd.exec:\9jjpd.exe57⤵
- Executes dropped EXE
-
\??\c:\1rlfxrl.exec:\1rlfxrl.exe58⤵
- Executes dropped EXE
-
\??\c:\1bnhhh.exec:\1bnhhh.exe59⤵
- Executes dropped EXE
-
\??\c:\3nnhtt.exec:\3nnhtt.exe60⤵
- Executes dropped EXE
-
\??\c:\vdjdv.exec:\vdjdv.exe61⤵
- Executes dropped EXE
-
\??\c:\jdvjd.exec:\jdvjd.exe62⤵
- Executes dropped EXE
-
\??\c:\jjvvj.exec:\jjvvj.exe63⤵
- Executes dropped EXE
-
\??\c:\rfffffx.exec:\rfffffx.exe64⤵
- Executes dropped EXE
-
\??\c:\5bhnhh.exec:\5bhnhh.exe65⤵
- Executes dropped EXE
-
\??\c:\5tttnt.exec:\5tttnt.exe66⤵
- Executes dropped EXE
-
\??\c:\hthbbb.exec:\hthbbb.exe67⤵
-
\??\c:\jdddv.exec:\jdddv.exe68⤵
-
\??\c:\9vvpj.exec:\9vvpj.exe69⤵
-
\??\c:\lllrffx.exec:\lllrffx.exe70⤵
-
\??\c:\llrrrrl.exec:\llrrrrl.exe71⤵
-
\??\c:\nhnntt.exec:\nhnntt.exe72⤵
-
\??\c:\nnhbtt.exec:\nnhbtt.exe73⤵
-
\??\c:\nhbtnt.exec:\nhbtnt.exe74⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe75⤵
-
\??\c:\jvvvj.exec:\jvvvj.exe76⤵
-
\??\c:\xlrlflf.exec:\xlrlflf.exe77⤵
-
\??\c:\rffxrrr.exec:\rffxrrr.exe78⤵
-
\??\c:\bnhbbb.exec:\bnhbbb.exe79⤵
-
\??\c:\hbttbb.exec:\hbttbb.exe80⤵
-
\??\c:\bttntt.exec:\bttntt.exe81⤵
-
\??\c:\vvjvj.exec:\vvjvj.exe82⤵
-
\??\c:\dpvpd.exec:\dpvpd.exe83⤵
-
\??\c:\rxxfxfx.exec:\rxxfxfx.exe84⤵
-
\??\c:\rfflrll.exec:\rfflrll.exe85⤵
-
\??\c:\bthhnt.exec:\bthhnt.exe86⤵
-
\??\c:\3hhbbh.exec:\3hhbbh.exe87⤵
-
\??\c:\ppvpp.exec:\ppvpp.exe88⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe89⤵
-
\??\c:\xfllxxx.exec:\xfllxxx.exe90⤵
-
\??\c:\5lxxxxr.exec:\5lxxxxr.exe91⤵
-
\??\c:\nhbhbb.exec:\nhbhbb.exe92⤵
-
\??\c:\bnbhbh.exec:\bnbhbh.exe93⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe94⤵
-
\??\c:\dppjv.exec:\dppjv.exe95⤵
-
\??\c:\vvddp.exec:\vvddp.exe96⤵
-
\??\c:\xlrrlll.exec:\xlrrlll.exe97⤵
-
\??\c:\7xlfxxr.exec:\7xlfxxr.exe98⤵
-
\??\c:\1pvvp.exec:\1pvvp.exe99⤵
-
\??\c:\1pvpd.exec:\1pvpd.exe100⤵
-
\??\c:\lxfxrrr.exec:\lxfxrrr.exe101⤵
-
\??\c:\hbbtbn.exec:\hbbtbn.exe102⤵
-
\??\c:\bhnnhh.exec:\bhnnhh.exe103⤵
-
\??\c:\3hhhnt.exec:\3hhhnt.exe104⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe105⤵
-
\??\c:\xxxrllf.exec:\xxxrllf.exe106⤵
-
\??\c:\xxffllf.exec:\xxffllf.exe107⤵
-
\??\c:\nbtnhh.exec:\nbtnhh.exe108⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe109⤵
-
\??\c:\ppppj.exec:\ppppj.exe110⤵
-
\??\c:\vjdvj.exec:\vjdvj.exe111⤵
-
\??\c:\9fllfll.exec:\9fllfll.exe112⤵
-
\??\c:\1ffrllf.exec:\1ffrllf.exe113⤵
-
\??\c:\nhttnn.exec:\nhttnn.exe114⤵
-
\??\c:\hhnnhh.exec:\hhnnhh.exe115⤵
-
\??\c:\vdpvp.exec:\vdpvp.exe116⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe117⤵
-
\??\c:\llllflf.exec:\llllflf.exe118⤵
-
\??\c:\9flfxrl.exec:\9flfxrl.exe119⤵
-
\??\c:\ntbhhh.exec:\ntbhhh.exe120⤵
-
\??\c:\hnhbtt.exec:\hnhbtt.exe121⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe122⤵
-
\??\c:\vpppd.exec:\vpppd.exe123⤵
-
\??\c:\5xxfffx.exec:\5xxfffx.exe124⤵
-
\??\c:\5bttnh.exec:\5bttnh.exe125⤵
-
\??\c:\tnhbtn.exec:\tnhbtn.exe126⤵
-
\??\c:\vjpdv.exec:\vjpdv.exe127⤵
-
\??\c:\pvvpd.exec:\pvvpd.exe128⤵
-
\??\c:\xxffffx.exec:\xxffffx.exe129⤵
-
\??\c:\htnnnn.exec:\htnnnn.exe130⤵
-
\??\c:\5nbbbb.exec:\5nbbbb.exe131⤵
-
\??\c:\jddpp.exec:\jddpp.exe132⤵
-
\??\c:\rllfxxr.exec:\rllfxxr.exe133⤵
-
\??\c:\lxffxll.exec:\lxffxll.exe134⤵
-
\??\c:\hbbbbb.exec:\hbbbbb.exe135⤵
-
\??\c:\ttnhtt.exec:\ttnhtt.exe136⤵
-
\??\c:\fxllffx.exec:\fxllffx.exe137⤵
-
\??\c:\rxffrrl.exec:\rxffrrl.exe138⤵
-
\??\c:\tttttt.exec:\tttttt.exe139⤵
-
\??\c:\1thbnn.exec:\1thbnn.exe140⤵
-
\??\c:\nhbhtt.exec:\nhbhtt.exe141⤵
-
\??\c:\dpvpd.exec:\dpvpd.exe142⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe143⤵
-
\??\c:\9rrrfxx.exec:\9rrrfxx.exe144⤵
-
\??\c:\fffxfff.exec:\fffxfff.exe145⤵
-
\??\c:\5hbnth.exec:\5hbnth.exe146⤵
-
\??\c:\5nnhbt.exec:\5nnhbt.exe147⤵
-
\??\c:\dpvdv.exec:\dpvdv.exe148⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe149⤵
-
\??\c:\rffrllf.exec:\rffrllf.exe150⤵
-
\??\c:\rxfxrrx.exec:\rxfxrrx.exe151⤵
-
\??\c:\tnhhbt.exec:\tnhhbt.exe152⤵
-
\??\c:\hbtnhh.exec:\hbtnhh.exe153⤵
-
\??\c:\rlfrlrl.exec:\rlfrlrl.exe154⤵
-
\??\c:\lxxrlrl.exec:\lxxrlrl.exe155⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe156⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe157⤵
-
\??\c:\jddvj.exec:\jddvj.exe158⤵
-
\??\c:\1fflfff.exec:\1fflfff.exe159⤵
-
\??\c:\7flfxxr.exec:\7flfxxr.exe160⤵
-
\??\c:\9bttnn.exec:\9bttnn.exe161⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe162⤵
-
\??\c:\nbbbtn.exec:\nbbbtn.exe163⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe164⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe165⤵
-
\??\c:\frxxrrl.exec:\frxxrrl.exe166⤵
-
\??\c:\xxrrrrr.exec:\xxrrrrr.exe167⤵
-
\??\c:\tnntnn.exec:\tnntnn.exe168⤵
-
\??\c:\bttnbb.exec:\bttnbb.exe169⤵
-
\??\c:\jdvdv.exec:\jdvdv.exe170⤵
-
\??\c:\pjpjv.exec:\pjpjv.exe171⤵
-
\??\c:\rlfrlrl.exec:\rlfrlrl.exe172⤵
-
\??\c:\xfffxxr.exec:\xfffxxr.exe173⤵
-
\??\c:\fxxrllr.exec:\fxxrllr.exe174⤵
-
\??\c:\7tbbnb.exec:\7tbbnb.exe175⤵
-
\??\c:\5httnn.exec:\5httnn.exe176⤵
-
\??\c:\vppjv.exec:\vppjv.exe177⤵
-
\??\c:\7pvpj.exec:\7pvpj.exe178⤵
-
\??\c:\xxxxllf.exec:\xxxxllf.exe179⤵
-
\??\c:\7lfxfff.exec:\7lfxfff.exe180⤵
-
\??\c:\hnntnb.exec:\hnntnb.exe181⤵
-
\??\c:\hnnbnh.exec:\hnnbnh.exe182⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe183⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe184⤵
-
\??\c:\rlfxlll.exec:\rlfxlll.exe185⤵
-
\??\c:\lxxrllf.exec:\lxxrllf.exe186⤵
-
\??\c:\hnnhbb.exec:\hnnhbb.exe187⤵
-
\??\c:\bbhbhh.exec:\bbhbhh.exe188⤵
-
\??\c:\1pvjv.exec:\1pvjv.exe189⤵
-
\??\c:\1jvdp.exec:\1jvdp.exe190⤵
-
\??\c:\jddvj.exec:\jddvj.exe191⤵
-
\??\c:\rllffff.exec:\rllffff.exe192⤵
-
\??\c:\1xxxrxr.exec:\1xxxrxr.exe193⤵
-
\??\c:\3hbttn.exec:\3hbttn.exe194⤵
-
\??\c:\hbnhhh.exec:\hbnhhh.exe195⤵
-
\??\c:\tbhbnb.exec:\tbhbnb.exe196⤵
-
\??\c:\7pvvp.exec:\7pvvp.exe197⤵
-
\??\c:\lrlxxrf.exec:\lrlxxrf.exe198⤵
-
\??\c:\lxllrxl.exec:\lxllrxl.exe199⤵
-
\??\c:\1tthbh.exec:\1tthbh.exe200⤵
-
\??\c:\vppjv.exec:\vppjv.exe201⤵
-
\??\c:\vjdvv.exec:\vjdvv.exe202⤵
-
\??\c:\lxlrfll.exec:\lxlrfll.exe203⤵
-
\??\c:\rllxrxx.exec:\rllxrxx.exe204⤵
-
\??\c:\bntttt.exec:\bntttt.exe205⤵
-
\??\c:\1hnhbb.exec:\1hnhbb.exe206⤵
-
\??\c:\rfxxllx.exec:\rfxxllx.exe207⤵
-
\??\c:\rlxrxrr.exec:\rlxrxrr.exe208⤵
-
\??\c:\btnhbt.exec:\btnhbt.exe209⤵
-
\??\c:\vjppj.exec:\vjppj.exe210⤵
-
\??\c:\fflfffl.exec:\fflfffl.exe211⤵
-
\??\c:\7rfxxxf.exec:\7rfxxxf.exe212⤵
-
\??\c:\hhhbtt.exec:\hhhbtt.exe213⤵
-
\??\c:\tbtbnt.exec:\tbtbnt.exe214⤵
-
\??\c:\7pdvj.exec:\7pdvj.exe215⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe216⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe217⤵
-
\??\c:\lrllffx.exec:\lrllffx.exe218⤵
-
\??\c:\xrrxrfr.exec:\xrrxrfr.exe219⤵
-
\??\c:\nnhthb.exec:\nnhthb.exe220⤵
-
\??\c:\tnnnbn.exec:\tnnnbn.exe221⤵
-
\??\c:\hthbbb.exec:\hthbbb.exe222⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe223⤵
-
\??\c:\vjjdj.exec:\vjjdj.exe224⤵
-
\??\c:\rrlfxxx.exec:\rrlfxxx.exe225⤵
-
\??\c:\3xffrrr.exec:\3xffrrr.exe226⤵
-
\??\c:\9xfxrrl.exec:\9xfxrrl.exe227⤵
-
\??\c:\nbbhhb.exec:\nbbhhb.exe228⤵
-
\??\c:\ntbbtb.exec:\ntbbtb.exe229⤵
-
\??\c:\pvpvj.exec:\pvpvj.exe230⤵
-
\??\c:\pjddv.exec:\pjddv.exe231⤵
-
\??\c:\3jpjv.exec:\3jpjv.exe232⤵
-
\??\c:\llrlffx.exec:\llrlffx.exe233⤵
-
\??\c:\llfxxxx.exec:\llfxxxx.exe234⤵
-
\??\c:\9flllll.exec:\9flllll.exe235⤵
-
\??\c:\thnttb.exec:\thnttb.exe236⤵
-
\??\c:\hnhtnt.exec:\hnhtnt.exe237⤵
-
\??\c:\dppdd.exec:\dppdd.exe238⤵
-
\??\c:\9jpjv.exec:\9jpjv.exe239⤵
-
\??\c:\rffrxxr.exec:\rffrxxr.exe240⤵
-
\??\c:\xlllllf.exec:\xlllllf.exe241⤵