Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
24-05-2024 21:14
General
-
Target
477387a14485a87d7e23cec854917a6c0701a8465dc7164c87f9846ed9a20f4c.exe
-
Size
75KB
-
MD5
01a7ecd015482a7aeac6aacc76e1957a
-
SHA1
550d7b996f3ed32f2b38210d6e1f04cda13e2360
-
SHA256
477387a14485a87d7e23cec854917a6c0701a8465dc7164c87f9846ed9a20f4c
-
SHA512
229bb7a66b1556fdffdff9c280825935a2f48b6a4c93c205428c42354c46fdb7b17f39a949561abd172f71a80526122a3726dce399a4977ae229ce68333de522
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqC5O:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqCM
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
UPX dump on OEP (original entry point) 33 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\477387a14485a87d7e23cec854917a6c0701a8465dc7164c87f9846ed9a20f4c.exe"C:\Users\Admin\AppData\Local\Temp\477387a14485a87d7e23cec854917a6c0701a8465dc7164c87f9846ed9a20f4c.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rrllxlf.exec:\rrllxlf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttntbb.exec:\ttntbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpvj.exec:\jjpvj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrffl.exec:\xrlrffl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjjv.exec:\vvjjv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpj.exec:\ppvpj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rffrrl.exec:\1rffrrl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnntt.exec:\nhnntt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jddp.exec:\7jddp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlrrrx.exec:\lxlrrrx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrffxrf.exec:\xrffxrf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnbbh.exec:\hbnbbh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvjv.exec:\ddvjv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jdpp.exec:\3jdpp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrrxxl.exec:\lxrrxxl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbthnn.exec:\nbthnn.exe17⤵
- Executes dropped EXE
-
\??\c:\5dvpv.exec:\5dvpv.exe18⤵
- Executes dropped EXE
-
\??\c:\pjjpp.exec:\pjjpp.exe19⤵
- Executes dropped EXE
-
\??\c:\xlxxxxf.exec:\xlxxxxf.exe20⤵
- Executes dropped EXE
-
\??\c:\7tntbb.exec:\7tntbb.exe21⤵
- Executes dropped EXE
-
\??\c:\btnbhn.exec:\btnbhn.exe22⤵
- Executes dropped EXE
-
\??\c:\1ppvd.exec:\1ppvd.exe23⤵
- Executes dropped EXE
-
\??\c:\lfxflxf.exec:\lfxflxf.exe24⤵
- Executes dropped EXE
-
\??\c:\rfxrflr.exec:\rfxrflr.exe25⤵
- Executes dropped EXE
-
\??\c:\nhttbt.exec:\nhttbt.exe26⤵
- Executes dropped EXE
-
\??\c:\9dvpd.exec:\9dvpd.exe27⤵
- Executes dropped EXE
-
\??\c:\pppdj.exec:\pppdj.exe28⤵
- Executes dropped EXE
-
\??\c:\llxrxxr.exec:\llxrxxr.exe29⤵
- Executes dropped EXE
-
\??\c:\hbbhtb.exec:\hbbhtb.exe30⤵
- Executes dropped EXE
-
\??\c:\jvdvd.exec:\jvdvd.exe31⤵
- Executes dropped EXE
-
\??\c:\dpjjv.exec:\dpjjv.exe32⤵
- Executes dropped EXE
-
\??\c:\fxlrffr.exec:\fxlrffr.exe33⤵
- Executes dropped EXE
-
\??\c:\bhthnh.exec:\bhthnh.exe34⤵
- Executes dropped EXE
-
\??\c:\bttbhn.exec:\bttbhn.exe35⤵
- Executes dropped EXE
-
\??\c:\7pjjp.exec:\7pjjp.exe36⤵
- Executes dropped EXE
-
\??\c:\rlfrfrl.exec:\rlfrfrl.exe37⤵
- Executes dropped EXE
-
\??\c:\xrlfllr.exec:\xrlfllr.exe38⤵
- Executes dropped EXE
-
\??\c:\9hhhbb.exec:\9hhhbb.exe39⤵
- Executes dropped EXE
-
\??\c:\bthntt.exec:\bthntt.exe40⤵
- Executes dropped EXE
-
\??\c:\jjdpv.exec:\jjdpv.exe41⤵
- Executes dropped EXE
-
\??\c:\jddjp.exec:\jddjp.exe42⤵
- Executes dropped EXE
-
\??\c:\rlllrxx.exec:\rlllrxx.exe43⤵
- Executes dropped EXE
-
\??\c:\nnnthn.exec:\nnnthn.exe44⤵
- Executes dropped EXE
-
\??\c:\vvppd.exec:\vvppd.exe45⤵
- Executes dropped EXE
-
\??\c:\pjpdv.exec:\pjpdv.exe46⤵
- Executes dropped EXE
-
\??\c:\9fxxxxl.exec:\9fxxxxl.exe47⤵
- Executes dropped EXE
-
\??\c:\5rxfrrl.exec:\5rxfrrl.exe48⤵
- Executes dropped EXE
-
\??\c:\9hbntt.exec:\9hbntt.exe49⤵
- Executes dropped EXE
-
\??\c:\tnntbh.exec:\tnntbh.exe50⤵
- Executes dropped EXE
-
\??\c:\5thnnn.exec:\5thnnn.exe51⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe52⤵
- Executes dropped EXE
-
\??\c:\vpjjj.exec:\vpjjj.exe53⤵
- Executes dropped EXE
-
\??\c:\5rffffx.exec:\5rffffx.exe54⤵
- Executes dropped EXE
-
\??\c:\7frlrff.exec:\7frlrff.exe55⤵
- Executes dropped EXE
-
\??\c:\lrfrlrl.exec:\lrfrlrl.exe56⤵
- Executes dropped EXE
-
\??\c:\9hbbnn.exec:\9hbbnn.exe57⤵
- Executes dropped EXE
-
\??\c:\7vvdj.exec:\7vvdj.exe58⤵
- Executes dropped EXE
-
\??\c:\dddjv.exec:\dddjv.exe59⤵
- Executes dropped EXE
-
\??\c:\vjppd.exec:\vjppd.exe60⤵
- Executes dropped EXE
-
\??\c:\7lxrxfl.exec:\7lxrxfl.exe61⤵
- Executes dropped EXE
-
\??\c:\rlflxlx.exec:\rlflxlx.exe62⤵
- Executes dropped EXE
-
\??\c:\tnhnnn.exec:\tnhnnn.exe63⤵
- Executes dropped EXE
-
\??\c:\1nnhtb.exec:\1nnhtb.exe64⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe65⤵
- Executes dropped EXE
-
\??\c:\jjjpj.exec:\jjjpj.exe66⤵
-
\??\c:\3xrfllx.exec:\3xrfllx.exe67⤵
-
\??\c:\xrxflxx.exec:\xrxflxx.exe68⤵
-
\??\c:\bnhhtt.exec:\bnhhtt.exe69⤵
-
\??\c:\5bbnhh.exec:\5bbnhh.exe70⤵
-
\??\c:\dpvdv.exec:\dpvdv.exe71⤵
-
\??\c:\rrrfxfr.exec:\rrrfxfr.exe72⤵
-
\??\c:\fffxfff.exec:\fffxfff.exe73⤵
-
\??\c:\bnhhbb.exec:\bnhhbb.exe74⤵
-
\??\c:\tntbnn.exec:\tntbnn.exe75⤵
-
\??\c:\dvdpp.exec:\dvdpp.exe76⤵
-
\??\c:\pdppd.exec:\pdppd.exe77⤵
-
\??\c:\dvddj.exec:\dvddj.exe78⤵
-
\??\c:\rfrflfl.exec:\rfrflfl.exe79⤵
-
\??\c:\nhntbn.exec:\nhntbn.exe80⤵
-
\??\c:\ttnnhb.exec:\ttnnhb.exe81⤵
-
\??\c:\djppd.exec:\djppd.exe82⤵
-
\??\c:\pvvpp.exec:\pvvpp.exe83⤵
-
\??\c:\xrllrxf.exec:\xrllrxf.exe84⤵
-
\??\c:\7xrxflx.exec:\7xrxflx.exe85⤵
-
\??\c:\hbnhtb.exec:\hbnhtb.exe86⤵
-
\??\c:\tnhhtt.exec:\tnhhtt.exe87⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe88⤵
-
\??\c:\jdjpd.exec:\jdjpd.exe89⤵
-
\??\c:\lffrxll.exec:\lffrxll.exe90⤵
-
\??\c:\rlxrfrx.exec:\rlxrfrx.exe91⤵
-
\??\c:\5nnbbh.exec:\5nnbbh.exe92⤵
-
\??\c:\thntbh.exec:\thntbh.exe93⤵
-
\??\c:\3jvjj.exec:\3jvjj.exe94⤵
-
\??\c:\9jdjj.exec:\9jdjj.exe95⤵
-
\??\c:\xrflxxf.exec:\xrflxxf.exe96⤵
-
\??\c:\1xxlflr.exec:\1xxlflr.exe97⤵
-
\??\c:\hhhntt.exec:\hhhntt.exe98⤵
-
\??\c:\btnhhb.exec:\btnhhb.exe99⤵
-
\??\c:\pvvpp.exec:\pvvpp.exe100⤵
-
\??\c:\7dvdj.exec:\7dvdj.exe101⤵
-
\??\c:\7rffxlr.exec:\7rffxlr.exe102⤵
-
\??\c:\lfflrrx.exec:\lfflrrx.exe103⤵
-
\??\c:\tthbnt.exec:\tthbnt.exe104⤵
-
\??\c:\hbntnn.exec:\hbntnn.exe105⤵
-
\??\c:\pjvpd.exec:\pjvpd.exe106⤵
-
\??\c:\dpddd.exec:\dpddd.exe107⤵
-
\??\c:\1xrxffl.exec:\1xrxffl.exe108⤵
-
\??\c:\5xlrxxf.exec:\5xlrxxf.exe109⤵
-
\??\c:\xlrlrfl.exec:\xlrlrfl.exe110⤵
-
\??\c:\3htbbb.exec:\3htbbb.exe111⤵
-
\??\c:\tnthtb.exec:\tnthtb.exe112⤵
-
\??\c:\1ppjv.exec:\1ppjv.exe113⤵
-
\??\c:\ppjvj.exec:\ppjvj.exe114⤵
-
\??\c:\lflfrxf.exec:\lflfrxf.exe115⤵
-
\??\c:\9lllrff.exec:\9lllrff.exe116⤵
-
\??\c:\3tnnbh.exec:\3tnnbh.exe117⤵
-
\??\c:\7btbhn.exec:\7btbhn.exe118⤵
-
\??\c:\vpddj.exec:\vpddj.exe119⤵
-
\??\c:\dpdjj.exec:\dpdjj.exe120⤵
-
\??\c:\vpvdj.exec:\vpvdj.exe121⤵
-
\??\c:\fxlfffr.exec:\fxlfffr.exe122⤵
-
\??\c:\5ffrxfl.exec:\5ffrxfl.exe123⤵
-
\??\c:\thntbb.exec:\thntbb.exe124⤵
-
\??\c:\nhtbnn.exec:\nhtbnn.exe125⤵
-
\??\c:\jjvdv.exec:\jjvdv.exe126⤵
-
\??\c:\7dvdd.exec:\7dvdd.exe127⤵
-
\??\c:\xxxxllf.exec:\xxxxllf.exe128⤵
-
\??\c:\1xlxflr.exec:\1xlxflr.exe129⤵
-
\??\c:\bbhtbb.exec:\bbhtbb.exe130⤵
-
\??\c:\3pvdp.exec:\3pvdp.exe131⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe132⤵
-
\??\c:\xlxxxfl.exec:\xlxxxfl.exe133⤵
-
\??\c:\1rlflll.exec:\1rlflll.exe134⤵
-
\??\c:\tnbnnt.exec:\tnbnnt.exe135⤵
-
\??\c:\5nhnhh.exec:\5nhnhh.exe136⤵
-
\??\c:\pjppd.exec:\pjppd.exe137⤵
-
\??\c:\pvjjp.exec:\pvjjp.exe138⤵
-
\??\c:\fffrxfx.exec:\fffrxfx.exe139⤵
-
\??\c:\rlrxllx.exec:\rlrxllx.exe140⤵
-
\??\c:\7ttbnn.exec:\7ttbnn.exe141⤵
-
\??\c:\9tbnth.exec:\9tbnth.exe142⤵
-
\??\c:\ppvdv.exec:\ppvdv.exe143⤵
-
\??\c:\vpvdj.exec:\vpvdj.exe144⤵
-
\??\c:\fxllxfl.exec:\fxllxfl.exe145⤵
-
\??\c:\lfxfrxl.exec:\lfxfrxl.exe146⤵
-
\??\c:\nhhnhh.exec:\nhhnhh.exe147⤵
-
\??\c:\1dpjv.exec:\1dpjv.exe148⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe149⤵
-
\??\c:\1lrlfrf.exec:\1lrlfrf.exe150⤵
-
\??\c:\1xxflfr.exec:\1xxflfr.exe151⤵
-
\??\c:\9httbt.exec:\9httbt.exe152⤵
-
\??\c:\thhhtt.exec:\thhhtt.exe153⤵
-
\??\c:\nhthnn.exec:\nhthnn.exe154⤵
-
\??\c:\vpppv.exec:\vpppv.exe155⤵
-
\??\c:\fxflrrr.exec:\fxflrrr.exe156⤵
-
\??\c:\llflrrx.exec:\llflrrx.exe157⤵
-
\??\c:\lfrllrx.exec:\lfrllrx.exe158⤵
-
\??\c:\hbbthh.exec:\hbbthh.exe159⤵
-
\??\c:\btbntb.exec:\btbntb.exe160⤵
-
\??\c:\vvdvp.exec:\vvdvp.exe161⤵
-
\??\c:\1jddp.exec:\1jddp.exe162⤵
-
\??\c:\xlrrllr.exec:\xlrrllr.exe163⤵
-
\??\c:\fxxxllf.exec:\fxxxllf.exe164⤵
-
\??\c:\3thhhn.exec:\3thhhn.exe165⤵
-
\??\c:\bnbttb.exec:\bnbttb.exe166⤵
-
\??\c:\3jdpp.exec:\3jdpp.exe167⤵
-
\??\c:\dvppv.exec:\dvppv.exe168⤵
-
\??\c:\3lxrlrl.exec:\3lxrlrl.exe169⤵
-
\??\c:\lllrflx.exec:\lllrflx.exe170⤵
-
\??\c:\5bhbnt.exec:\5bhbnt.exe171⤵
-
\??\c:\thbhhn.exec:\thbhhn.exe172⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe173⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe174⤵
-
\??\c:\rlrrffl.exec:\rlrrffl.exe175⤵
-
\??\c:\rlxfxrf.exec:\rlxfxrf.exe176⤵
-
\??\c:\hbntbh.exec:\hbntbh.exe177⤵
-
\??\c:\3tbnth.exec:\3tbnth.exe178⤵
-
\??\c:\5jdjp.exec:\5jdjp.exe179⤵
-
\??\c:\dvddd.exec:\dvddd.exe180⤵
-
\??\c:\vvjvd.exec:\vvjvd.exe181⤵
-
\??\c:\rllxxxr.exec:\rllxxxr.exe182⤵
-
\??\c:\rlflrxf.exec:\rlflrxf.exe183⤵
-
\??\c:\bbnntt.exec:\bbnntt.exe184⤵
-
\??\c:\hhtnhn.exec:\hhtnhn.exe185⤵
-
\??\c:\3ddjd.exec:\3ddjd.exe186⤵
-
\??\c:\xlxfxxf.exec:\xlxfxxf.exe187⤵
-
\??\c:\rxxfxxl.exec:\rxxfxxl.exe188⤵
-
\??\c:\5bthnn.exec:\5bthnn.exe189⤵
-
\??\c:\hhbnhn.exec:\hhbnhn.exe190⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe191⤵
-
\??\c:\vjvvj.exec:\vjvvj.exe192⤵
-
\??\c:\frflxfl.exec:\frflxfl.exe193⤵
-
\??\c:\xrlxffr.exec:\xrlxffr.exe194⤵
-
\??\c:\bththh.exec:\bththh.exe195⤵
-
\??\c:\bbtnbh.exec:\bbtnbh.exe196⤵
-
\??\c:\tntbhh.exec:\tntbhh.exe197⤵
-
\??\c:\5jvdj.exec:\5jvdj.exe198⤵
-
\??\c:\ppjjp.exec:\ppjjp.exe199⤵
-
\??\c:\5rlxlrf.exec:\5rlxlrf.exe200⤵
-
\??\c:\xlrxffl.exec:\xlrxffl.exe201⤵
-
\??\c:\tnnhtt.exec:\tnnhtt.exe202⤵
-
\??\c:\lxrffrr.exec:\lxrffrr.exe203⤵
-
\??\c:\9bthbh.exec:\9bthbh.exe204⤵
-
\??\c:\ppvjv.exec:\ppvjv.exe205⤵
-
\??\c:\jvjdj.exec:\jvjdj.exe206⤵
-
\??\c:\llfrxxr.exec:\llfrxxr.exe207⤵
-
\??\c:\hbnntt.exec:\hbnntt.exe208⤵
-
\??\c:\7bnnnt.exec:\7bnnnt.exe209⤵
-
\??\c:\dpvdd.exec:\dpvdd.exe210⤵
-
\??\c:\9pjjp.exec:\9pjjp.exe211⤵
-
\??\c:\fxrflrf.exec:\fxrflrf.exe212⤵
-
\??\c:\rxffxxl.exec:\rxffxxl.exe213⤵
-
\??\c:\1bhhtn.exec:\1bhhtn.exe214⤵
-
\??\c:\9thntt.exec:\9thntt.exe215⤵
-
\??\c:\1vjpp.exec:\1vjpp.exe216⤵
-
\??\c:\jdvdd.exec:\jdvdd.exe217⤵
-
\??\c:\lxrrxxl.exec:\lxrrxxl.exe218⤵
-
\??\c:\7lffxrx.exec:\7lffxrx.exe219⤵
-
\??\c:\nhbnbb.exec:\nhbnbb.exe220⤵
-
\??\c:\7tnnbb.exec:\7tnnbb.exe221⤵
-
\??\c:\jvjjv.exec:\jvjjv.exe222⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe223⤵
-
\??\c:\xrxxffl.exec:\xrxxffl.exe224⤵
-
\??\c:\rllrrxx.exec:\rllrrxx.exe225⤵
-
\??\c:\nbttbh.exec:\nbttbh.exe226⤵
-
\??\c:\3bbhnn.exec:\3bbhnn.exe227⤵
-
\??\c:\3dvdp.exec:\3dvdp.exe228⤵
-
\??\c:\9dppd.exec:\9dppd.exe229⤵
-
\??\c:\1rlfllr.exec:\1rlfllr.exe230⤵
-
\??\c:\lxlrfff.exec:\lxlrfff.exe231⤵
-
\??\c:\nhnbhn.exec:\nhnbhn.exe232⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe233⤵
-
\??\c:\pjpvv.exec:\pjpvv.exe234⤵
-
\??\c:\9rxfrxf.exec:\9rxfrxf.exe235⤵
-
\??\c:\5xrfffl.exec:\5xrfffl.exe236⤵
-
\??\c:\hbnntb.exec:\hbnntb.exe237⤵
-
\??\c:\nhnttt.exec:\nhnttt.exe238⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe239⤵
-
\??\c:\5vjpv.exec:\5vjpv.exe240⤵
-
\??\c:\rlrrffl.exec:\rlrrffl.exe241⤵