Analysis
-
max time kernel
150s -
max time network
100s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
24-05-2024 19:29
General
-
Target
1f6eeaf58cce24189277e3287e4b24e84a0bfd73f0950af1a5f6fcf4f106b6f5.exe
-
Size
54KB
-
MD5
4f190b1cbacada5679d99ccc24ec028a
-
SHA1
5eeae36011ed094d250fcde022475d1a14a296e4
-
SHA256
1f6eeaf58cce24189277e3287e4b24e84a0bfd73f0950af1a5f6fcf4f106b6f5
-
SHA512
51db93c2f0c153010bb5c5a231862116d2e9c524a30ff976db053412df5b911cf44a3b7880d8317ef05de40c2a1fa7e43ecb573ebcc57d9b601b3656b712c6f9
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFUn:ymb3NkkiQ3mdBjFIFe
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
UPX dump on OEP (original entry point) 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1f6eeaf58cce24189277e3287e4b24e84a0bfd73f0950af1a5f6fcf4f106b6f5.exe"C:\Users\Admin\AppData\Local\Temp\1f6eeaf58cce24189277e3287e4b24e84a0bfd73f0950af1a5f6fcf4f106b6f5.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfxrrr.exec:\xxfxrrr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhhhh.exec:\thhhhh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhhtt.exec:\thhhtt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7llrfll.exec:\7llrfll.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhtnh.exec:\nbhtnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ddpd.exec:\3ddpd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrffrrf.exec:\xrffrrf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllxfff.exec:\xllxfff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tbbth.exec:\5tbbth.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjdp.exec:\ddjdp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjjv.exec:\jjjjv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrrll.exec:\fxxrrll.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nhhbh.exec:\3nhhbh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntnhh.exec:\tntnhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpjd.exec:\pvpjd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrlfxr.exec:\llrlfxr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxxrrr.exec:\frxxrrr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbbtb.exec:\tbbbtb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhbhh.exec:\thhbhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddvv.exec:\dddvv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflflff.exec:\fflflff.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rxrxxl.exec:\7rxrxxl.exe23⤵
- Executes dropped EXE
-
\??\c:\nhnnhh.exec:\nhnnhh.exe24⤵
- Executes dropped EXE
-
\??\c:\jddpj.exec:\jddpj.exe25⤵
- Executes dropped EXE
-
\??\c:\vpdvj.exec:\vpdvj.exe26⤵
- Executes dropped EXE
-
\??\c:\rllfrxr.exec:\rllfrxr.exe27⤵
- Executes dropped EXE
-
\??\c:\llffxxr.exec:\llffxxr.exe28⤵
- Executes dropped EXE
-
\??\c:\nhtnhb.exec:\nhtnhb.exe29⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe30⤵
- Executes dropped EXE
-
\??\c:\xllxrrr.exec:\xllxrrr.exe31⤵
- Executes dropped EXE
-
\??\c:\3lfxlfx.exec:\3lfxlfx.exe32⤵
- Executes dropped EXE
-
\??\c:\9bhnnn.exec:\9bhnnn.exe33⤵
- Executes dropped EXE
-
\??\c:\dvppp.exec:\dvppp.exe34⤵
- Executes dropped EXE
-
\??\c:\3rxxllf.exec:\3rxxllf.exe35⤵
- Executes dropped EXE
-
\??\c:\bhbbtt.exec:\bhbbtt.exe36⤵
- Executes dropped EXE
-
\??\c:\hbnnnn.exec:\hbnnnn.exe37⤵
- Executes dropped EXE
-
\??\c:\vjjdv.exec:\vjjdv.exe38⤵
- Executes dropped EXE
-
\??\c:\ffffxxx.exec:\ffffxxx.exe39⤵
- Executes dropped EXE
-
\??\c:\hbhtht.exec:\hbhtht.exe40⤵
-
\??\c:\bbnnbh.exec:\bbnnbh.exe41⤵
- Executes dropped EXE
-
\??\c:\dpjdp.exec:\dpjdp.exe42⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe43⤵
- Executes dropped EXE
-
\??\c:\lxfxlll.exec:\lxfxlll.exe44⤵
- Executes dropped EXE
-
\??\c:\lflfrll.exec:\lflfrll.exe45⤵
- Executes dropped EXE
-
\??\c:\9tnhbt.exec:\9tnhbt.exe46⤵
- Executes dropped EXE
-
\??\c:\tnbtnn.exec:\tnbtnn.exe47⤵
- Executes dropped EXE
-
\??\c:\pjdpd.exec:\pjdpd.exe48⤵
- Executes dropped EXE
-
\??\c:\xxrrlll.exec:\xxrrlll.exe49⤵
- Executes dropped EXE
-
\??\c:\flrrlrl.exec:\flrrlrl.exe50⤵
- Executes dropped EXE
-
\??\c:\hnhtnh.exec:\hnhtnh.exe51⤵
- Executes dropped EXE
-
\??\c:\thhbbb.exec:\thhbbb.exe52⤵
- Executes dropped EXE
-
\??\c:\3jvpj.exec:\3jvpj.exe53⤵
- Executes dropped EXE
-
\??\c:\xlfxrll.exec:\xlfxrll.exe54⤵
- Executes dropped EXE
-
\??\c:\3xrlfrl.exec:\3xrlfrl.exe55⤵
- Executes dropped EXE
-
\??\c:\bhnhbb.exec:\bhnhbb.exe56⤵
- Executes dropped EXE
-
\??\c:\nhnntt.exec:\nhnntt.exe57⤵
- Executes dropped EXE
-
\??\c:\dpvvv.exec:\dpvvv.exe58⤵
- Executes dropped EXE
-
\??\c:\7pddp.exec:\7pddp.exe59⤵
- Executes dropped EXE
-
\??\c:\lfrrrrr.exec:\lfrrrrr.exe60⤵
- Executes dropped EXE
-
\??\c:\httnnn.exec:\httnnn.exe61⤵
- Executes dropped EXE
-
\??\c:\tbbnnn.exec:\tbbnnn.exe62⤵
- Executes dropped EXE
-
\??\c:\3pdvp.exec:\3pdvp.exe63⤵
- Executes dropped EXE
-
\??\c:\llrfllf.exec:\llrfllf.exe64⤵
- Executes dropped EXE
-
\??\c:\ffllfrr.exec:\ffllfrr.exe65⤵
- Executes dropped EXE
-
\??\c:\3bbtnn.exec:\3bbtnn.exe66⤵
- Executes dropped EXE
-
\??\c:\jpvpd.exec:\jpvpd.exe67⤵
-
\??\c:\vpddv.exec:\vpddv.exe68⤵
-
\??\c:\frxrlff.exec:\frxrlff.exe69⤵
-
\??\c:\1nthbb.exec:\1nthbb.exe70⤵
-
\??\c:\bbnhbh.exec:\bbnhbh.exe71⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe72⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe73⤵
-
\??\c:\lxfxlrx.exec:\lxfxlrx.exe74⤵
-
\??\c:\ntbttt.exec:\ntbttt.exe75⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe76⤵
-
\??\c:\lflfxlf.exec:\lflfxlf.exe77⤵
-
\??\c:\tthnnb.exec:\tthnnb.exe78⤵
-
\??\c:\btbbbh.exec:\btbbbh.exe79⤵
-
\??\c:\7jpjv.exec:\7jpjv.exe80⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe81⤵
-
\??\c:\fxrlffx.exec:\fxrlffx.exe82⤵
-
\??\c:\rxxfxxx.exec:\rxxfxxx.exe83⤵
-
\??\c:\3tnnhh.exec:\3tnnhh.exe84⤵
-
\??\c:\tttnhn.exec:\tttnhn.exe85⤵
-
\??\c:\lrffxxx.exec:\lrffxxx.exe86⤵
-
\??\c:\xxrlflf.exec:\xxrlflf.exe87⤵
-
\??\c:\thnnnn.exec:\thnnnn.exe88⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe89⤵
-
\??\c:\pjddv.exec:\pjddv.exe90⤵
-
\??\c:\rrlrrll.exec:\rrlrrll.exe91⤵
-
\??\c:\rxfxfff.exec:\rxfxfff.exe92⤵
-
\??\c:\tnbbbb.exec:\tnbbbb.exe93⤵
-
\??\c:\jpjvp.exec:\jpjvp.exe94⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe95⤵
-
\??\c:\xllffff.exec:\xllffff.exe96⤵
-
\??\c:\flfrfxl.exec:\flfrfxl.exe97⤵
-
\??\c:\hbbnhh.exec:\hbbnhh.exe98⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe99⤵
-
\??\c:\xxxfrrl.exec:\xxxfrrl.exe100⤵
-
\??\c:\rlrrlfx.exec:\rlrrlfx.exe101⤵
-
\??\c:\btbtbb.exec:\btbtbb.exe102⤵
-
\??\c:\djvpp.exec:\djvpp.exe103⤵
-
\??\c:\1xxrfff.exec:\1xxrfff.exe104⤵
-
\??\c:\rxxrffr.exec:\rxxrffr.exe105⤵
-
\??\c:\thhhhh.exec:\thhhhh.exe106⤵
-
\??\c:\nnbnhn.exec:\nnbnhn.exe107⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe108⤵
-
\??\c:\rxfrrlr.exec:\rxfrrlr.exe109⤵
-
\??\c:\btbttt.exec:\btbttt.exe110⤵
-
\??\c:\hhnnhh.exec:\hhnnhh.exe111⤵
-
\??\c:\djjpj.exec:\djjpj.exe112⤵
-
\??\c:\vppjv.exec:\vppjv.exe113⤵
-
\??\c:\lxxrlrl.exec:\lxxrlrl.exe114⤵
-
\??\c:\hhhbhh.exec:\hhhbhh.exe115⤵
-
\??\c:\bbhhbb.exec:\bbhhbb.exe116⤵
-
\??\c:\ppjjd.exec:\ppjjd.exe117⤵
-
\??\c:\dpjdv.exec:\dpjdv.exe118⤵
-
\??\c:\bbhbtt.exec:\bbhbtt.exe119⤵
-
\??\c:\nhbbbb.exec:\nhbbbb.exe120⤵
-
\??\c:\vvvjd.exec:\vvvjd.exe121⤵
-
\??\c:\1pvvv.exec:\1pvvv.exe122⤵
-
\??\c:\xxlfxrl.exec:\xxlfxrl.exe123⤵
-
\??\c:\btbbbh.exec:\btbbbh.exe124⤵
-
\??\c:\bttnbb.exec:\bttnbb.exe125⤵
-
\??\c:\dpddv.exec:\dpddv.exe126⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe127⤵
-
\??\c:\rlxfrrl.exec:\rlxfrrl.exe128⤵
-
\??\c:\fxrrlll.exec:\fxrrlll.exe129⤵
-
\??\c:\tbhhbb.exec:\tbhhbb.exe130⤵
-
\??\c:\5bbbtn.exec:\5bbbtn.exe131⤵
-
\??\c:\ppppj.exec:\ppppj.exe132⤵
-
\??\c:\ffrrxll.exec:\ffrrxll.exe133⤵
-
\??\c:\ttttbn.exec:\ttttbn.exe134⤵
-
\??\c:\nttnnn.exec:\nttnnn.exe135⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe136⤵
-
\??\c:\fxxxllf.exec:\fxxxllf.exe137⤵
-
\??\c:\httnhb.exec:\httnhb.exe138⤵
-
\??\c:\7vddd.exec:\7vddd.exe139⤵
-
\??\c:\tnnbhb.exec:\tnnbhb.exe140⤵
-
\??\c:\jjddp.exec:\jjddp.exe141⤵
-
\??\c:\jpddd.exec:\jpddd.exe142⤵
-
\??\c:\flrlxfx.exec:\flrlxfx.exe143⤵
-
\??\c:\llllffx.exec:\llllffx.exe144⤵
-
\??\c:\7hhhhb.exec:\7hhhhb.exe145⤵
-
\??\c:\djdjd.exec:\djdjd.exe146⤵
-
\??\c:\rfxrxxx.exec:\rfxrxxx.exe147⤵
-
\??\c:\lrxfxxf.exec:\lrxfxxf.exe148⤵
-
\??\c:\tntttt.exec:\tntttt.exe149⤵
-
\??\c:\pjjvj.exec:\pjjvj.exe150⤵
-
\??\c:\7jjdp.exec:\7jjdp.exe151⤵
-
\??\c:\rfxxxxr.exec:\rfxxxxr.exe152⤵
-
\??\c:\tttttt.exec:\tttttt.exe153⤵
-
\??\c:\hbbthh.exec:\hbbthh.exe154⤵
-
\??\c:\1jvpp.exec:\1jvpp.exe155⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe156⤵
-
\??\c:\7rlfxrr.exec:\7rlfxrr.exe157⤵
-
\??\c:\fxrffxx.exec:\fxrffxx.exe158⤵
-
\??\c:\btthbn.exec:\btthbn.exe159⤵
-
\??\c:\nhhbhh.exec:\nhhbhh.exe160⤵
-
\??\c:\1jvvv.exec:\1jvvv.exe161⤵
-
\??\c:\xllrffx.exec:\xllrffx.exe162⤵
-
\??\c:\tbhbhh.exec:\tbhbhh.exe163⤵
-
\??\c:\3htttt.exec:\3htttt.exe164⤵
-
\??\c:\nnhnhh.exec:\nnhnhh.exe165⤵
-
\??\c:\9vdvj.exec:\9vdvj.exe166⤵
-
\??\c:\xllflrl.exec:\xllflrl.exe167⤵
-
\??\c:\xlfxrrr.exec:\xlfxrrr.exe168⤵
-
\??\c:\ttnnnn.exec:\ttnnnn.exe169⤵
-
\??\c:\hbhhhh.exec:\hbhhhh.exe170⤵
-
\??\c:\ddjjv.exec:\ddjjv.exe171⤵
-
\??\c:\jvdpd.exec:\jvdpd.exe172⤵
-
\??\c:\5rlfxrr.exec:\5rlfxrr.exe173⤵
-
\??\c:\xxxxlrf.exec:\xxxxlrf.exe174⤵
-
\??\c:\btbbbb.exec:\btbbbb.exe175⤵
-
\??\c:\9ppvv.exec:\9ppvv.exe176⤵
-
\??\c:\7vvpd.exec:\7vvpd.exe177⤵
-
\??\c:\xxfxrrl.exec:\xxfxrrl.exe178⤵
-
\??\c:\fxrrlll.exec:\fxrrlll.exe179⤵
-
\??\c:\ttttbb.exec:\ttttbb.exe180⤵
-
\??\c:\pjjjp.exec:\pjjjp.exe181⤵
-
\??\c:\vdddv.exec:\vdddv.exe182⤵
-
\??\c:\7lxxllx.exec:\7lxxllx.exe183⤵
-
\??\c:\rfllfff.exec:\rfllfff.exe184⤵
-
\??\c:\3nnhhh.exec:\3nnhhh.exe185⤵
-
\??\c:\ppppd.exec:\ppppd.exe186⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe187⤵
-
\??\c:\lflfffl.exec:\lflfffl.exe188⤵
-
\??\c:\httttb.exec:\httttb.exe189⤵
-
\??\c:\btnbtn.exec:\btnbtn.exe190⤵
-
\??\c:\9hhtnh.exec:\9hhtnh.exe191⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe192⤵
-
\??\c:\1lfxlfx.exec:\1lfxlfx.exe193⤵
-
\??\c:\xrrxrrr.exec:\xrrxrrr.exe194⤵
-
\??\c:\5nnnht.exec:\5nnnht.exe195⤵
-
\??\c:\3vvjv.exec:\3vvjv.exe196⤵
-
\??\c:\7vvdp.exec:\7vvdp.exe197⤵
-
\??\c:\3frffxx.exec:\3frffxx.exe198⤵
-
\??\c:\xxrfxrl.exec:\xxrfxrl.exe199⤵
-
\??\c:\hbbhnn.exec:\hbbhnn.exe200⤵
-
\??\c:\hhnhbb.exec:\hhnhbb.exe201⤵
-
\??\c:\3vpdv.exec:\3vpdv.exe202⤵
-
\??\c:\vdjjd.exec:\vdjjd.exe203⤵
-
\??\c:\1fffrrl.exec:\1fffrrl.exe204⤵
-
\??\c:\3bbbtb.exec:\3bbbtb.exe205⤵
-
\??\c:\7hhbnn.exec:\7hhbnn.exe206⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe207⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe208⤵
-
\??\c:\xlfrllf.exec:\xlfrllf.exe209⤵
-
\??\c:\thtntn.exec:\thtntn.exe210⤵
-
\??\c:\tnhbnn.exec:\tnhbnn.exe211⤵
-
\??\c:\1djvp.exec:\1djvp.exe212⤵
-
\??\c:\pdvpd.exec:\pdvpd.exe213⤵
-
\??\c:\lfxrlfx.exec:\lfxrlfx.exe214⤵
-
\??\c:\xrxrffr.exec:\xrxrffr.exe215⤵
-
\??\c:\nbhhbb.exec:\nbhhbb.exe216⤵
-
\??\c:\thnhbb.exec:\thnhbb.exe217⤵
-
\??\c:\1vvjv.exec:\1vvjv.exe218⤵
-
\??\c:\rxrlfxx.exec:\rxrlfxx.exe219⤵
-
\??\c:\7xxfrxr.exec:\7xxfrxr.exe220⤵
-
\??\c:\bbttnn.exec:\bbttnn.exe221⤵
-
\??\c:\3ttnbt.exec:\3ttnbt.exe222⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe223⤵
-
\??\c:\7lrffxl.exec:\7lrffxl.exe224⤵
-
\??\c:\frxrrrf.exec:\frxrrrf.exe225⤵
-
\??\c:\btnhbt.exec:\btnhbt.exe226⤵
-
\??\c:\pdpjv.exec:\pdpjv.exe227⤵
-
\??\c:\dpdvj.exec:\dpdvj.exe228⤵
-
\??\c:\3rxrlfx.exec:\3rxrlfx.exe229⤵
-
\??\c:\fxfrlrl.exec:\fxfrlrl.exe230⤵
-
\??\c:\tbnhhh.exec:\tbnhhh.exe231⤵
-
\??\c:\pjjjj.exec:\pjjjj.exe232⤵
-
\??\c:\fxrlfxx.exec:\fxrlfxx.exe233⤵
-
\??\c:\7rllfff.exec:\7rllfff.exe234⤵
-
\??\c:\xlfxxrl.exec:\xlfxxrl.exe235⤵
-
\??\c:\nhbthh.exec:\nhbthh.exe236⤵
-
\??\c:\nhnhtt.exec:\nhnhtt.exe237⤵
-
\??\c:\3jjdp.exec:\3jjdp.exe238⤵
-
\??\c:\7flfxrr.exec:\7flfxrr.exe239⤵
-
\??\c:\rxrllff.exec:\rxrllff.exe240⤵