Analysis
-
max time kernel
150s -
max time network
110s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
24-05-2024 19:57
General
-
Target
1d8db73d352bdece316df0f381ccf74bfc9998789b68d311b348c37197f68f36.exe
-
Size
76KB
-
MD5
803cccb715ccf18e0804751fe6d15406
-
SHA1
0a4c38c1f0f4f5b0a4e489c78eecec9283197cbd
-
SHA256
1d8db73d352bdece316df0f381ccf74bfc9998789b68d311b348c37197f68f36
-
SHA512
1b00a11c9e04fca68ff1063bb9495081d10005498cfec9b9e77ee6d648bbeeb1a799f6c98d93c29874711594d45036b41d6d87c90b0832a7488194743634a4ee
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrAw:ymb3NkkiQ3mdBjFIIp9L9QrrAw
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1d8db73d352bdece316df0f381ccf74bfc9998789b68d311b348c37197f68f36.exe"C:\Users\Admin\AppData\Local\Temp\1d8db73d352bdece316df0f381ccf74bfc9998789b68d311b348c37197f68f36.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\flllffx.exec:\flllffx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfrlll.exec:\rlfrlll.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnhbh.exec:\thnhbh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppvp.exec:\pppvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrflfxx.exec:\xrflfxx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrlxxr.exec:\llrlxxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbth.exec:\hbhbth.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hhbnn.exec:\1hhbnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpj.exec:\jdvpj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpjv.exec:\jvpjv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xffxff.exec:\7xffxff.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnnhh.exec:\tnnnhh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhtnht.exec:\bhtnht.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pjdv.exec:\1pjdv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llffrrr.exec:\llffrrr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxrlff.exec:\rrxrlff.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnttnn.exec:\hnttnn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhbb.exec:\nhnhbb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdpj.exec:\pjdpj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1llfxxr.exec:\1llfxxr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrflfx.exec:\lrrflfx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbtt.exec:\nhhbtt.exe23⤵
- Executes dropped EXE
-
\??\c:\ddvvj.exec:\ddvvj.exe24⤵
- Executes dropped EXE
-
\??\c:\jvjdv.exec:\jvjdv.exe25⤵
- Executes dropped EXE
-
\??\c:\xrrfffx.exec:\xrrfffx.exe26⤵
- Executes dropped EXE
-
\??\c:\hhntnn.exec:\hhntnn.exe27⤵
- Executes dropped EXE
-
\??\c:\nntbnn.exec:\nntbnn.exe28⤵
- Executes dropped EXE
-
\??\c:\1dpjd.exec:\1dpjd.exe29⤵
- Executes dropped EXE
-
\??\c:\vdpjd.exec:\vdpjd.exe30⤵
- Executes dropped EXE
-
\??\c:\lxxrrlr.exec:\lxxrrlr.exe31⤵
- Executes dropped EXE
-
\??\c:\7hbttn.exec:\7hbttn.exe32⤵
- Executes dropped EXE
-
\??\c:\bhnnnn.exec:\bhnnnn.exe33⤵
- Executes dropped EXE
-
\??\c:\vvvpp.exec:\vvvpp.exe34⤵
- Executes dropped EXE
-
\??\c:\jjpjv.exec:\jjpjv.exe35⤵
- Executes dropped EXE
-
\??\c:\fxxxllx.exec:\fxxxllx.exe36⤵
- Executes dropped EXE
-
\??\c:\xxrrrxx.exec:\xxrrrxx.exe37⤵
- Executes dropped EXE
-
\??\c:\bbntbb.exec:\bbntbb.exe38⤵
- Executes dropped EXE
-
\??\c:\vpdvv.exec:\vpdvv.exe39⤵
- Executes dropped EXE
-
\??\c:\rlfxxrl.exec:\rlfxxrl.exe40⤵
- Executes dropped EXE
-
\??\c:\fxxxlll.exec:\fxxxlll.exe41⤵
- Executes dropped EXE
-
\??\c:\tnnhbb.exec:\tnnhbb.exe42⤵
- Executes dropped EXE
-
\??\c:\1ppdv.exec:\1ppdv.exe43⤵
- Executes dropped EXE
-
\??\c:\jvpdv.exec:\jvpdv.exe44⤵
- Executes dropped EXE
-
\??\c:\xflrxll.exec:\xflrxll.exe45⤵
- Executes dropped EXE
-
\??\c:\llflfff.exec:\llflfff.exe46⤵
- Executes dropped EXE
-
\??\c:\htbhtn.exec:\htbhtn.exe47⤵
- Executes dropped EXE
-
\??\c:\1ddvp.exec:\1ddvp.exe48⤵
- Executes dropped EXE
-
\??\c:\xfxrrll.exec:\xfxrrll.exe49⤵
- Executes dropped EXE
-
\??\c:\nnbttn.exec:\nnbttn.exe50⤵
- Executes dropped EXE
-
\??\c:\hnhhbn.exec:\hnhhbn.exe51⤵
- Executes dropped EXE
-
\??\c:\vjppp.exec:\vjppp.exe52⤵
- Executes dropped EXE
-
\??\c:\9xfxlfl.exec:\9xfxlfl.exe53⤵
- Executes dropped EXE
-
\??\c:\5hnhbb.exec:\5hnhbb.exe54⤵
- Executes dropped EXE
-
\??\c:\thttnn.exec:\thttnn.exe55⤵
- Executes dropped EXE
-
\??\c:\jvvvj.exec:\jvvvj.exe56⤵
- Executes dropped EXE
-
\??\c:\rlrlllf.exec:\rlrlllf.exe57⤵
- Executes dropped EXE
-
\??\c:\3xrxrxr.exec:\3xrxrxr.exe58⤵
- Executes dropped EXE
-
\??\c:\nhhhbb.exec:\nhhhbb.exe59⤵
- Executes dropped EXE
-
\??\c:\nhhttt.exec:\nhhttt.exe60⤵
- Executes dropped EXE
-
\??\c:\djvvj.exec:\djvvj.exe61⤵
- Executes dropped EXE
-
\??\c:\7vvjv.exec:\7vvjv.exe62⤵
- Executes dropped EXE
-
\??\c:\7fxrllf.exec:\7fxrllf.exe63⤵
- Executes dropped EXE
-
\??\c:\3frrrlf.exec:\3frrrlf.exe64⤵
- Executes dropped EXE
-
\??\c:\7nhttt.exec:\7nhttt.exe65⤵
- Executes dropped EXE
-
\??\c:\bhttnt.exec:\bhttnt.exe66⤵
-
\??\c:\1dppj.exec:\1dppj.exe67⤵
-
\??\c:\dpvpd.exec:\dpvpd.exe68⤵
-
\??\c:\fxfxxxr.exec:\fxfxxxr.exe69⤵
-
\??\c:\xlfxrrl.exec:\xlfxrrl.exe70⤵
-
\??\c:\1nttbb.exec:\1nttbb.exe71⤵
-
\??\c:\7nbttn.exec:\7nbttn.exe72⤵
-
\??\c:\dpdpj.exec:\dpdpj.exe73⤵
-
\??\c:\pdddv.exec:\pdddv.exe74⤵
-
\??\c:\llxrlrr.exec:\llxrlrr.exe75⤵
-
\??\c:\rxxxrrl.exec:\rxxxrrl.exe76⤵
-
\??\c:\5nhhbh.exec:\5nhhbh.exe77⤵
-
\??\c:\vjpvp.exec:\vjpvp.exe78⤵
-
\??\c:\jvpjj.exec:\jvpjj.exe79⤵
-
\??\c:\xlllxxl.exec:\xlllxxl.exe80⤵
-
\??\c:\xrrrrxx.exec:\xrrrrxx.exe81⤵
-
\??\c:\bhnnhh.exec:\bhnnhh.exe82⤵
-
\??\c:\bbnnbb.exec:\bbnnbb.exe83⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe84⤵
-
\??\c:\vpjvp.exec:\vpjvp.exe85⤵
-
\??\c:\lffrlrl.exec:\lffrlrl.exe86⤵
-
\??\c:\rllrlfx.exec:\rllrlfx.exe87⤵
-
\??\c:\bbnbnn.exec:\bbnbnn.exe88⤵
-
\??\c:\ppdvv.exec:\ppdvv.exe89⤵
-
\??\c:\djpjv.exec:\djpjv.exe90⤵
-
\??\c:\lfxrfll.exec:\lfxrfll.exe91⤵
-
\??\c:\xlrllll.exec:\xlrllll.exe92⤵
-
\??\c:\tthnnb.exec:\tthnnb.exe93⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe94⤵
-
\??\c:\rllfxxr.exec:\rllfxxr.exe95⤵
-
\??\c:\9fllllr.exec:\9fllllr.exe96⤵
-
\??\c:\htbbtn.exec:\htbbtn.exe97⤵
-
\??\c:\nhhhbb.exec:\nhhhbb.exe98⤵
-
\??\c:\ddjjj.exec:\ddjjj.exe99⤵
-
\??\c:\pdpjv.exec:\pdpjv.exe100⤵
-
\??\c:\xlllxxx.exec:\xlllxxx.exe101⤵
-
\??\c:\7rxrllf.exec:\7rxrllf.exe102⤵
-
\??\c:\hthnhh.exec:\hthnhh.exe103⤵
-
\??\c:\bttnnn.exec:\bttnnn.exe104⤵
-
\??\c:\jpvvv.exec:\jpvvv.exe105⤵
-
\??\c:\pppjd.exec:\pppjd.exe106⤵
-
\??\c:\fxxxrlf.exec:\fxxxrlf.exe107⤵
-
\??\c:\nnhhhh.exec:\nnhhhh.exe108⤵
-
\??\c:\tntnbh.exec:\tntnbh.exe109⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe110⤵
-
\??\c:\lfllxxx.exec:\lfllxxx.exe111⤵
-
\??\c:\rrxxrxr.exec:\rrxxrxr.exe112⤵
-
\??\c:\hbnnnn.exec:\hbnnnn.exe113⤵
-
\??\c:\ttnnbb.exec:\ttnnbb.exe114⤵
-
\??\c:\djvvj.exec:\djvvj.exe115⤵
-
\??\c:\jpdvp.exec:\jpdvp.exe116⤵
-
\??\c:\xflfxxr.exec:\xflfxxr.exe117⤵
-
\??\c:\5xlfxxr.exec:\5xlfxxr.exe118⤵
-
\??\c:\tnhhth.exec:\tnhhth.exe119⤵
-
\??\c:\3ntnhh.exec:\3ntnhh.exe120⤵
-
\??\c:\pppdv.exec:\pppdv.exe121⤵
-
\??\c:\frrlffx.exec:\frrlffx.exe122⤵
-
\??\c:\rxlllll.exec:\rxlllll.exe123⤵
-
\??\c:\hhnnnn.exec:\hhnnnn.exe124⤵
-
\??\c:\bthhbb.exec:\bthhbb.exe125⤵
-
\??\c:\djvpj.exec:\djvpj.exe126⤵
-
\??\c:\pjjjj.exec:\pjjjj.exe127⤵
-
\??\c:\xxrrrrr.exec:\xxrrrrr.exe128⤵
-
\??\c:\fflllxr.exec:\fflllxr.exe129⤵
-
\??\c:\hhbbbb.exec:\hhbbbb.exe130⤵
-
\??\c:\9nbbhh.exec:\9nbbhh.exe131⤵
-
\??\c:\vjvdv.exec:\vjvdv.exe132⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe133⤵
-
\??\c:\ffllffr.exec:\ffllffr.exe134⤵
-
\??\c:\llllflf.exec:\llllflf.exe135⤵
-
\??\c:\hbbttt.exec:\hbbttt.exe136⤵
-
\??\c:\nhtnhh.exec:\nhtnhh.exe137⤵
-
\??\c:\ddvvp.exec:\ddvvp.exe138⤵
-
\??\c:\5djdv.exec:\5djdv.exe139⤵
-
\??\c:\5rrlfff.exec:\5rrlfff.exe140⤵
-
\??\c:\xllfrlr.exec:\xllfrlr.exe141⤵
-
\??\c:\lllrrrx.exec:\lllrrrx.exe142⤵
-
\??\c:\hhnnhh.exec:\hhnnhh.exe143⤵
-
\??\c:\nthtnn.exec:\nthtnn.exe144⤵
-
\??\c:\dvddv.exec:\dvddv.exe145⤵
-
\??\c:\vpjpj.exec:\vpjpj.exe146⤵
-
\??\c:\xrfxxxx.exec:\xrfxxxx.exe147⤵
-
\??\c:\7rrllrl.exec:\7rrllrl.exe148⤵
-
\??\c:\tthhbh.exec:\tthhbh.exe149⤵
-
\??\c:\9htthh.exec:\9htthh.exe150⤵
-
\??\c:\bhttnn.exec:\bhttnn.exe151⤵
-
\??\c:\bbnnbb.exec:\bbnnbb.exe152⤵
-
\??\c:\hhnhbb.exec:\hhnhbb.exe153⤵
-
\??\c:\5dppd.exec:\5dppd.exe154⤵
-
\??\c:\7pjpv.exec:\7pjpv.exe155⤵
-
\??\c:\fxlfrrx.exec:\fxlfrrx.exe156⤵
-
\??\c:\frxfxxx.exec:\frxfxxx.exe157⤵
-
\??\c:\thnhbt.exec:\thnhbt.exe158⤵
-
\??\c:\nnbbnn.exec:\nnbbnn.exe159⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe160⤵
-
\??\c:\ppdvv.exec:\ppdvv.exe161⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe162⤵
-
\??\c:\rxrrfff.exec:\rxrrfff.exe163⤵
-
\??\c:\lllxxxx.exec:\lllxxxx.exe164⤵
-
\??\c:\bthhnn.exec:\bthhnn.exe165⤵
-
\??\c:\thnhbb.exec:\thnhbb.exe166⤵
-
\??\c:\5ttthh.exec:\5ttthh.exe167⤵
-
\??\c:\7dddp.exec:\7dddp.exe168⤵
-
\??\c:\flxxlxx.exec:\flxxlxx.exe169⤵
-
\??\c:\frrlxxl.exec:\frrlxxl.exe170⤵
-
\??\c:\lxxxxxx.exec:\lxxxxxx.exe171⤵
-
\??\c:\hbhhtt.exec:\hbhhtt.exe172⤵
-
\??\c:\9bbbtn.exec:\9bbbtn.exe173⤵
-
\??\c:\jvdpp.exec:\jvdpp.exe174⤵
-
\??\c:\dppjj.exec:\dppjj.exe175⤵
-
\??\c:\rllflfr.exec:\rllflfr.exe176⤵
-
\??\c:\5rxxxxr.exec:\5rxxxxr.exe177⤵
-
\??\c:\bnttnn.exec:\bnttnn.exe178⤵
-
\??\c:\bttthh.exec:\bttthh.exe179⤵
-
\??\c:\vjvvj.exec:\vjvvj.exe180⤵
-
\??\c:\jvvvd.exec:\jvvvd.exe181⤵
-
\??\c:\fxxxrrr.exec:\fxxxrrr.exe182⤵
-
\??\c:\xlxrlff.exec:\xlxrlff.exe183⤵
-
\??\c:\xrfxrxx.exec:\xrfxrxx.exe184⤵
-
\??\c:\hbtttt.exec:\hbtttt.exe185⤵
-
\??\c:\jvvjj.exec:\jvvjj.exe186⤵
-
\??\c:\1pdvp.exec:\1pdvp.exe187⤵
-
\??\c:\fxfxxfl.exec:\fxfxxfl.exe188⤵
-
\??\c:\rffffff.exec:\rffffff.exe189⤵
-
\??\c:\nnbbhh.exec:\nnbbhh.exe190⤵
-
\??\c:\3htnbh.exec:\3htnbh.exe191⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe192⤵
-
\??\c:\pppjj.exec:\pppjj.exe193⤵
-
\??\c:\rlfxflf.exec:\rlfxflf.exe194⤵
-
\??\c:\lfffflf.exec:\lfffflf.exe195⤵
-
\??\c:\tthntt.exec:\tthntt.exe196⤵
-
\??\c:\bnbbtt.exec:\bnbbtt.exe197⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe198⤵
-
\??\c:\rffxrrl.exec:\rffxrrl.exe199⤵
-
\??\c:\llffxxr.exec:\llffxxr.exe200⤵
-
\??\c:\xrrrlff.exec:\xrrrlff.exe201⤵
-
\??\c:\hhnntn.exec:\hhnntn.exe202⤵
-
\??\c:\3rxxlxf.exec:\3rxxlxf.exe203⤵
-
\??\c:\ffffxxx.exec:\ffffxxx.exe204⤵
-
\??\c:\btttnn.exec:\btttnn.exe205⤵
-
\??\c:\nnhbtt.exec:\nnhbtt.exe206⤵
-
\??\c:\tbtnbn.exec:\tbtnbn.exe207⤵
-
\??\c:\7dppj.exec:\7dppj.exe208⤵
-
\??\c:\5pjjv.exec:\5pjjv.exe209⤵
-
\??\c:\5xrlffx.exec:\5xrlffx.exe210⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe211⤵
-
\??\c:\rrlffxf.exec:\rrlffxf.exe212⤵
-
\??\c:\hthhnh.exec:\hthhnh.exe213⤵
-
\??\c:\bthnnt.exec:\bthnnt.exe214⤵
-
\??\c:\9djjp.exec:\9djjp.exe215⤵
-
\??\c:\9pjdv.exec:\9pjdv.exe216⤵
-
\??\c:\xfffrxr.exec:\xfffrxr.exe217⤵
-
\??\c:\xrflrrf.exec:\xrflrrf.exe218⤵
-
\??\c:\lrlrllf.exec:\lrlrllf.exe219⤵
-
\??\c:\bbnntb.exec:\bbnntb.exe220⤵
-
\??\c:\thbbbb.exec:\thbbbb.exe221⤵
-
\??\c:\9jppp.exec:\9jppp.exe222⤵
-
\??\c:\ppvvv.exec:\ppvvv.exe223⤵
-
\??\c:\vvddv.exec:\vvddv.exe224⤵
-
\??\c:\rrfrxxf.exec:\rrfrxxf.exe225⤵
-
\??\c:\lffxrrf.exec:\lffxrrf.exe226⤵
-
\??\c:\bbtnnn.exec:\bbtnnn.exe227⤵
-
\??\c:\bnthnb.exec:\bnthnb.exe228⤵
-
\??\c:\7jvjv.exec:\7jvjv.exe229⤵
-
\??\c:\rrfxrrr.exec:\rrfxrrr.exe230⤵
-
\??\c:\7ppjd.exec:\7ppjd.exe231⤵
-
\??\c:\rllfxlf.exec:\rllfxlf.exe232⤵
-
\??\c:\5frrxxl.exec:\5frrxxl.exe233⤵
-
\??\c:\bbbnbb.exec:\bbbnbb.exe234⤵
-
\??\c:\tbbbtt.exec:\tbbbtt.exe235⤵
-
\??\c:\jdddv.exec:\jdddv.exe236⤵
-
\??\c:\jjdpd.exec:\jjdpd.exe237⤵
-
\??\c:\xrlxxrf.exec:\xrlxxrf.exe238⤵
-
\??\c:\xxxxrrr.exec:\xxxxrrr.exe239⤵
-
\??\c:\tnbhbb.exec:\tnbhbb.exe240⤵