Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
24-05-2024 18:42
General
-
Target
0d1b94afcca445412f4f12eb7fa4635fe674aab7b5080dc43e96835923760b1f.exe
-
Size
382KB
-
MD5
8e841499ab16f5a328227712355e31af
-
SHA1
843b0b7bb9a7f680f9569fdeff1986f16fcd0f9e
-
SHA256
0d1b94afcca445412f4f12eb7fa4635fe674aab7b5080dc43e96835923760b1f
-
SHA512
da00c51e9519fca2743ef5897ed612ef005eb6f583a2e8b5b56c26d145cfee1d13faf1dcb2c34a9ecdd54e87fa4593ef0bd6a39279c9ba00176b36137a5a3086
-
SSDEEP
6144:n3C9BRIG0asYFm71mPfkVB8dKwaO5CVwg:n3C9uYA7okVqdKwaO5CVF
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 15 IoCs
-
UPX dump on OEP (original entry point) 15 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 15 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0d1b94afcca445412f4f12eb7fa4635fe674aab7b5080dc43e96835923760b1f.exe"C:\Users\Admin\AppData\Local\Temp\0d1b94afcca445412f4f12eb7fa4635fe674aab7b5080dc43e96835923760b1f.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rrflxxl.exec:\rrflxxl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhntt.exec:\nnhntt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjd.exec:\vjpjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nhhht.exec:\1nhhht.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vvvd.exec:\9vvvd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vdjj.exec:\7vdjj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjv.exec:\dvjjv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjv.exec:\pjdjv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3btnhn.exec:\3btnhn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxfrxf.exec:\rfxfrxf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlrflr.exec:\xxlrflr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhhnt.exec:\bnhhnt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdjd.exec:\jjdjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bnntt.exec:\5bnntt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pdjp.exec:\7pdjp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxfxxr.exec:\xxxfxxr.exe17⤵
- Executes dropped EXE
-
\??\c:\nnbnhh.exec:\nnbnhh.exe18⤵
- Executes dropped EXE
-
\??\c:\xxxfxlx.exec:\xxxfxlx.exe19⤵
- Executes dropped EXE
-
\??\c:\1frrxrx.exec:\1frrxrx.exe20⤵
- Executes dropped EXE
-
\??\c:\vpjjv.exec:\vpjjv.exe21⤵
- Executes dropped EXE
-
\??\c:\lflfxfr.exec:\lflfxfr.exe22⤵
- Executes dropped EXE
-
\??\c:\1btttt.exec:\1btttt.exe23⤵
- Executes dropped EXE
-
\??\c:\ddpdj.exec:\ddpdj.exe24⤵
- Executes dropped EXE
-
\??\c:\rlxxffr.exec:\rlxxffr.exe25⤵
- Executes dropped EXE
-
\??\c:\thbbhh.exec:\thbbhh.exe26⤵
- Executes dropped EXE
-
\??\c:\jjdjj.exec:\jjdjj.exe27⤵
- Executes dropped EXE
-
\??\c:\7nbnbh.exec:\7nbnbh.exe28⤵
- Executes dropped EXE
-
\??\c:\3dpvd.exec:\3dpvd.exe29⤵
- Executes dropped EXE
-
\??\c:\9frxrxl.exec:\9frxrxl.exe30⤵
- Executes dropped EXE
-
\??\c:\ttttnb.exec:\ttttnb.exe31⤵
- Executes dropped EXE
-
\??\c:\7vjpv.exec:\7vjpv.exe32⤵
- Executes dropped EXE
-
\??\c:\nnhhhn.exec:\nnhhhn.exe33⤵
- Executes dropped EXE
-
\??\c:\hhbhbh.exec:\hhbhbh.exe34⤵
- Executes dropped EXE
-
\??\c:\1rlrxfl.exec:\1rlrxfl.exe35⤵
- Executes dropped EXE
-
\??\c:\lfflfrr.exec:\lfflfrr.exe36⤵
- Executes dropped EXE
-
\??\c:\hbtthh.exec:\hbtthh.exe37⤵
- Executes dropped EXE
-
\??\c:\pdvvv.exec:\pdvvv.exe38⤵
- Executes dropped EXE
-
\??\c:\ddvdj.exec:\ddvdj.exe39⤵
- Executes dropped EXE
-
\??\c:\xlxlxrf.exec:\xlxlxrf.exe40⤵
- Executes dropped EXE
-
\??\c:\ttnbth.exec:\ttnbth.exe41⤵
- Executes dropped EXE
-
\??\c:\1pjpd.exec:\1pjpd.exe42⤵
- Executes dropped EXE
-
\??\c:\vpjpj.exec:\vpjpj.exe43⤵
- Executes dropped EXE
-
\??\c:\5xxfllx.exec:\5xxfllx.exe44⤵
- Executes dropped EXE
-
\??\c:\3nbbhh.exec:\3nbbhh.exe45⤵
- Executes dropped EXE
-
\??\c:\1nhhnt.exec:\1nhhnt.exe46⤵
- Executes dropped EXE
-
\??\c:\jjddj.exec:\jjddj.exe47⤵
- Executes dropped EXE
-
\??\c:\3xrflrl.exec:\3xrflrl.exe48⤵
- Executes dropped EXE
-
\??\c:\tbbbht.exec:\tbbbht.exe49⤵
- Executes dropped EXE
-
\??\c:\nbnttt.exec:\nbnttt.exe50⤵
- Executes dropped EXE
-
\??\c:\ppvvp.exec:\ppvvp.exe51⤵
- Executes dropped EXE
-
\??\c:\xrlrxlx.exec:\xrlrxlx.exe52⤵
- Executes dropped EXE
-
\??\c:\nhtbnn.exec:\nhtbnn.exe53⤵
- Executes dropped EXE
-
\??\c:\bbnhtn.exec:\bbnhtn.exe54⤵
- Executes dropped EXE
-
\??\c:\vpjjv.exec:\vpjjv.exe55⤵
- Executes dropped EXE
-
\??\c:\fxflflx.exec:\fxflflx.exe56⤵
- Executes dropped EXE
-
\??\c:\rfxxffl.exec:\rfxxffl.exe57⤵
- Executes dropped EXE
-
\??\c:\hhhbnb.exec:\hhhbnb.exe58⤵
- Executes dropped EXE
-
\??\c:\jvjvp.exec:\jvjvp.exe59⤵
- Executes dropped EXE
-
\??\c:\xrrxrrx.exec:\xrrxrrx.exe60⤵
- Executes dropped EXE
-
\??\c:\lfxxrxf.exec:\lfxxrxf.exe61⤵
- Executes dropped EXE
-
\??\c:\nhtbhn.exec:\nhtbhn.exe62⤵
- Executes dropped EXE
-
\??\c:\jdpdp.exec:\jdpdp.exe63⤵
- Executes dropped EXE
-
\??\c:\dpjjp.exec:\dpjjp.exe64⤵
- Executes dropped EXE
-
\??\c:\5xrlllr.exec:\5xrlllr.exe65⤵
- Executes dropped EXE
-
\??\c:\9btbnn.exec:\9btbnn.exe66⤵
-
\??\c:\ddjpj.exec:\ddjpj.exe67⤵
-
\??\c:\1jjjj.exec:\1jjjj.exe68⤵
-
\??\c:\rlffxfr.exec:\rlffxfr.exe69⤵
-
\??\c:\htbnnh.exec:\htbnnh.exe70⤵
-
\??\c:\jdjvd.exec:\jdjvd.exe71⤵
-
\??\c:\9xfrrxl.exec:\9xfrrxl.exe72⤵
-
\??\c:\lxffllf.exec:\lxffllf.exe73⤵
-
\??\c:\7hbbnn.exec:\7hbbnn.exe74⤵
-
\??\c:\pppvj.exec:\pppvj.exe75⤵
-
\??\c:\rlrxlxx.exec:\rlrxlxx.exe76⤵
-
\??\c:\lxrxxfl.exec:\lxrxxfl.exe77⤵
-
\??\c:\7hbnnb.exec:\7hbnnb.exe78⤵
-
\??\c:\ppppj.exec:\ppppj.exe79⤵
-
\??\c:\pdjpd.exec:\pdjpd.exe80⤵
-
\??\c:\9frxfll.exec:\9frxfll.exe81⤵
-
\??\c:\bhnttn.exec:\bhnttn.exe82⤵
-
\??\c:\bbbhnn.exec:\bbbhnn.exe83⤵
-
\??\c:\ddvpd.exec:\ddvpd.exe84⤵
-
\??\c:\rrrfrrl.exec:\rrrfrrl.exe85⤵
-
\??\c:\xlxxffr.exec:\xlxxffr.exe86⤵
-
\??\c:\nnhtbh.exec:\nnhtbh.exe87⤵
-
\??\c:\9jjpv.exec:\9jjpv.exe88⤵
-
\??\c:\frxlrfr.exec:\frxlrfr.exe89⤵
-
\??\c:\5fxfrfr.exec:\5fxfrfr.exe90⤵
-
\??\c:\9bbbtb.exec:\9bbbtb.exe91⤵
-
\??\c:\jjjpd.exec:\jjjpd.exe92⤵
-
\??\c:\vvjdv.exec:\vvjdv.exe93⤵
-
\??\c:\7xrxxfl.exec:\7xrxxfl.exe94⤵
-
\??\c:\tnbhbh.exec:\tnbhbh.exe95⤵
-
\??\c:\1dpvp.exec:\1dpvp.exe96⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe97⤵
-
\??\c:\fxrxflx.exec:\fxrxflx.exe98⤵
-
\??\c:\1hnttt.exec:\1hnttt.exe99⤵
-
\??\c:\bbbbnn.exec:\bbbbnn.exe100⤵
-
\??\c:\9vppv.exec:\9vppv.exe101⤵
-
\??\c:\lxrfxfr.exec:\lxrfxfr.exe102⤵
-
\??\c:\bbttbt.exec:\bbttbt.exe103⤵
-
\??\c:\1hbhnn.exec:\1hbhnn.exe104⤵
-
\??\c:\vjdvd.exec:\vjdvd.exe105⤵
-
\??\c:\xlfrxlx.exec:\xlfrxlx.exe106⤵
-
\??\c:\rfxrffl.exec:\rfxrffl.exe107⤵
-
\??\c:\7tbbhb.exec:\7tbbhb.exe108⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe109⤵
-
\??\c:\pvpjd.exec:\pvpjd.exe110⤵
-
\??\c:\fxlfllx.exec:\fxlfllx.exe111⤵
-
\??\c:\rxrxllx.exec:\rxrxllx.exe112⤵
-
\??\c:\bnnbbh.exec:\bnnbbh.exe113⤵
-
\??\c:\1ppdj.exec:\1ppdj.exe114⤵
-
\??\c:\9jdjp.exec:\9jdjp.exe115⤵
-
\??\c:\lrlfllx.exec:\lrlfllx.exe116⤵
-
\??\c:\9hthnt.exec:\9hthnt.exe117⤵
-
\??\c:\tttbhn.exec:\tttbhn.exe118⤵
-
\??\c:\vpjvd.exec:\vpjvd.exe119⤵
-
\??\c:\rlxfxxr.exec:\rlxfxxr.exe120⤵
-
\??\c:\tnhbbb.exec:\tnhbbb.exe121⤵
-
\??\c:\bbbnhh.exec:\bbbnhh.exe122⤵
-
\??\c:\9vvvp.exec:\9vvvp.exe123⤵
-
\??\c:\3vpjp.exec:\3vpjp.exe124⤵
-
\??\c:\ffffxfr.exec:\ffffxfr.exe125⤵
-
\??\c:\bhnhth.exec:\bhnhth.exe126⤵
-
\??\c:\nhthtt.exec:\nhthtt.exe127⤵
-
\??\c:\3vpdj.exec:\3vpdj.exe128⤵
-
\??\c:\xrlllrf.exec:\xrlllrf.exe129⤵
-
\??\c:\7lflxfr.exec:\7lflxfr.exe130⤵
-
\??\c:\bbthtt.exec:\bbthtt.exe131⤵
-
\??\c:\5pjpd.exec:\5pjpd.exe132⤵
-
\??\c:\1djpp.exec:\1djpp.exe133⤵
-
\??\c:\xlxxlfl.exec:\xlxxlfl.exe134⤵
-
\??\c:\hbnthh.exec:\hbnthh.exe135⤵
-
\??\c:\jppdv.exec:\jppdv.exe136⤵
-
\??\c:\lfrfrrx.exec:\lfrfrrx.exe137⤵
-
\??\c:\bntntb.exec:\bntntb.exe138⤵
-
\??\c:\3hhtbh.exec:\3hhtbh.exe139⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe140⤵
-
\??\c:\xllxrrx.exec:\xllxrrx.exe141⤵
-
\??\c:\lfrrllx.exec:\lfrrllx.exe142⤵
-
\??\c:\nnnttt.exec:\nnnttt.exe143⤵
-
\??\c:\jvvvv.exec:\jvvvv.exe144⤵
-
\??\c:\ddjpv.exec:\ddjpv.exe145⤵
-
\??\c:\1llfrfx.exec:\1llfrfx.exe146⤵
-
\??\c:\9hhtbh.exec:\9hhtbh.exe147⤵
-
\??\c:\bthhbh.exec:\bthhbh.exe148⤵
-
\??\c:\jjdvd.exec:\jjdvd.exe149⤵
-
\??\c:\ddpdp.exec:\ddpdp.exe150⤵
-
\??\c:\xfllllr.exec:\xfllllr.exe151⤵
-
\??\c:\hbthtb.exec:\hbthtb.exe152⤵
-
\??\c:\hbbhtb.exec:\hbbhtb.exe153⤵
-
\??\c:\dpjpd.exec:\dpjpd.exe154⤵
-
\??\c:\rfxffrf.exec:\rfxffrf.exe155⤵
-
\??\c:\rlflflr.exec:\rlflflr.exe156⤵
-
\??\c:\ttnbtb.exec:\ttnbtb.exe157⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe158⤵
-
\??\c:\vjddd.exec:\vjddd.exe159⤵
-
\??\c:\fxrfrxr.exec:\fxrfrxr.exe160⤵
-
\??\c:\1thbhh.exec:\1thbhh.exe161⤵
-
\??\c:\hhhbhb.exec:\hhhbhb.exe162⤵
-
\??\c:\1vddj.exec:\1vddj.exe163⤵
-
\??\c:\frllxfr.exec:\frllxfr.exe164⤵
-
\??\c:\lfxfrxf.exec:\lfxfrxf.exe165⤵
-
\??\c:\nbhhnb.exec:\nbhhnb.exe166⤵
-
\??\c:\hbbhbh.exec:\hbbhbh.exe167⤵
-
\??\c:\jjjvp.exec:\jjjvp.exe168⤵
-
\??\c:\ffxlrxx.exec:\ffxlrxx.exe169⤵
-
\??\c:\fxxrlrl.exec:\fxxrlrl.exe170⤵
-
\??\c:\tnnttb.exec:\tnnttb.exe171⤵
-
\??\c:\ddvjv.exec:\ddvjv.exe172⤵
-
\??\c:\3vvjj.exec:\3vvjj.exe173⤵
-
\??\c:\frxxrxr.exec:\frxxrxr.exe174⤵
-
\??\c:\lxlllll.exec:\lxlllll.exe175⤵
-
\??\c:\nhbhtt.exec:\nhbhtt.exe176⤵
-
\??\c:\jvjpd.exec:\jvjpd.exe177⤵
-
\??\c:\5lffrxf.exec:\5lffrxf.exe178⤵
-
\??\c:\7xxlrfr.exec:\7xxlrfr.exe179⤵
-
\??\c:\hnbbnn.exec:\hnbbnn.exe180⤵
-
\??\c:\9dpjv.exec:\9dpjv.exe181⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe182⤵
-
\??\c:\rrlrxlx.exec:\rrlrxlx.exe183⤵
-
\??\c:\nhnnbt.exec:\nhnnbt.exe184⤵
-
\??\c:\5jjpv.exec:\5jjpv.exe185⤵
-
\??\c:\pjjvd.exec:\pjjvd.exe186⤵
-
\??\c:\1fxlrxl.exec:\1fxlrxl.exe187⤵
-
\??\c:\nthbhn.exec:\nthbhn.exe188⤵
-
\??\c:\7nbbnn.exec:\7nbbnn.exe189⤵
-
\??\c:\pdpdd.exec:\pdpdd.exe190⤵
-
\??\c:\ffxrlrx.exec:\ffxrlrx.exe191⤵
-
\??\c:\rlflxfr.exec:\rlflxfr.exe192⤵
-
\??\c:\tbbhtb.exec:\tbbhtb.exe193⤵
-
\??\c:\1pvdj.exec:\1pvdj.exe194⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe195⤵
-
\??\c:\frrrrfl.exec:\frrrrfl.exe196⤵
-
\??\c:\bbtbtt.exec:\bbtbtt.exe197⤵
-
\??\c:\nbbhtn.exec:\nbbhtn.exe198⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe199⤵
-
\??\c:\xrfxfll.exec:\xrfxfll.exe200⤵
-
\??\c:\tnnnbb.exec:\tnnnbb.exe201⤵
-
\??\c:\hbbbnt.exec:\hbbbnt.exe202⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe203⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe204⤵
-
\??\c:\lfflflf.exec:\lfflflf.exe205⤵
-
\??\c:\bhhbnn.exec:\bhhbnn.exe206⤵
-
\??\c:\bbbhbh.exec:\bbbhbh.exe207⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe208⤵
-
\??\c:\7lrrxxl.exec:\7lrrxxl.exe209⤵
-
\??\c:\fxllxxl.exec:\fxllxxl.exe210⤵
-
\??\c:\tnnbnt.exec:\tnnbnt.exe211⤵
-
\??\c:\nnbhtt.exec:\nnbhtt.exe212⤵
-
\??\c:\pjppv.exec:\pjppv.exe213⤵
-
\??\c:\lfxlxfr.exec:\lfxlxfr.exe214⤵
-
\??\c:\lxflllr.exec:\lxflllr.exe215⤵
-
\??\c:\ttnhbh.exec:\ttnhbh.exe216⤵
-
\??\c:\bbnbtt.exec:\bbnbtt.exe217⤵
-
\??\c:\vpjjd.exec:\vpjjd.exe218⤵
-
\??\c:\lxlfflr.exec:\lxlfflr.exe219⤵
-
\??\c:\5fxxrlr.exec:\5fxxrlr.exe220⤵
-
\??\c:\hbtttb.exec:\hbtttb.exe221⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe222⤵
-
\??\c:\ffxfrfx.exec:\ffxfrfx.exe223⤵
-
\??\c:\rlxrlrf.exec:\rlxrlrf.exe224⤵
-
\??\c:\nnhhbh.exec:\nnhhbh.exe225⤵
-
\??\c:\vvpvj.exec:\vvpvj.exe226⤵
-
\??\c:\pjjpj.exec:\pjjpj.exe227⤵
-
\??\c:\5fffrrx.exec:\5fffrrx.exe228⤵
-
\??\c:\ttnbtb.exec:\ttnbtb.exe229⤵
-
\??\c:\nhbbnn.exec:\nhbbnn.exe230⤵
-
\??\c:\7dvpj.exec:\7dvpj.exe231⤵
-
\??\c:\ffxfrxr.exec:\ffxfrxr.exe232⤵
-
\??\c:\ntntbh.exec:\ntntbh.exe233⤵
-
\??\c:\7hbhbh.exec:\7hbhbh.exe234⤵
-
\??\c:\vvjvp.exec:\vvjvp.exe235⤵
-
\??\c:\5lxxlrx.exec:\5lxxlrx.exe236⤵
-
\??\c:\3lxlrxf.exec:\3lxlrxf.exe237⤵
-
\??\c:\bttbnn.exec:\bttbnn.exe238⤵
-
\??\c:\9jdvv.exec:\9jdvv.exe239⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe240⤵