Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
24-05-2024 20:52
General
-
Target
3f96140f40b7a7d83a6e82c02acbefdb7063d7ea6848f4294e4d4edd6c54df1e.exe
-
Size
173KB
-
MD5
48770176d1e34cff0e55453c92e4b567
-
SHA1
2d31c077156947f2171502e3927d9e7fcb61cd3f
-
SHA256
3f96140f40b7a7d83a6e82c02acbefdb7063d7ea6848f4294e4d4edd6c54df1e
-
SHA512
a31939810f3325860a9fc5e426e9ede221eb72ea70074ee5b4da073d393b7f2aed192aae410cbacb00a664501e1c888ad59e62e3fba009dc6ac19675c02eed63
-
SSDEEP
3072:6hOmTsF93UYfwC6GIoutQ0tSe5yLpcka62c+8+dRNN7Yk+6C2W/:6cm4FmowdHoSQ0tH6lCXb7Yb/
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
UPX dump on OEP (original entry point) 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3f96140f40b7a7d83a6e82c02acbefdb7063d7ea6848f4294e4d4edd6c54df1e.exe"C:\Users\Admin\AppData\Local\Temp\3f96140f40b7a7d83a6e82c02acbefdb7063d7ea6848f4294e4d4edd6c54df1e.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7ppvp.exec:\7ppvp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntnnh.exec:\tntnnh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjv.exec:\vjpjv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxrxx.exec:\xrfxrxx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxxxxr.exec:\lrxxxxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbtbb.exec:\nhbtbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tbttt.exec:\7tbttt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxxrff.exec:\xfxxrff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbntnt.exec:\bbntnt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppppj.exec:\ppppj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xfxllf.exec:\3xfxllf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfrlll.exec:\frfrlll.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7djdv.exec:\7djdv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddvp.exec:\pddvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbbb.exec:\nhhbbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnttnh.exec:\tnttnh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxrlf.exec:\lffxrlf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bbbtt.exec:\9bbbtt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpjp.exec:\pvpjp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllfxrr.exec:\lllfxrr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhhhh.exec:\hhhhhh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpjd.exec:\jvpjd.exe23⤵
- Executes dropped EXE
-
\??\c:\btbtnn.exec:\btbtnn.exe24⤵
- Executes dropped EXE
-
\??\c:\nhhhtt.exec:\nhhhtt.exe25⤵
- Executes dropped EXE
-
\??\c:\3jppj.exec:\3jppj.exe26⤵
- Executes dropped EXE
-
\??\c:\dvvjd.exec:\dvvjd.exe27⤵
- Executes dropped EXE
-
\??\c:\fllffxl.exec:\fllffxl.exe28⤵
- Executes dropped EXE
-
\??\c:\bnnnhh.exec:\bnnnhh.exe29⤵
- Executes dropped EXE
-
\??\c:\thtttt.exec:\thtttt.exe30⤵
- Executes dropped EXE
-
\??\c:\dvjdv.exec:\dvjdv.exe31⤵
- Executes dropped EXE
-
\??\c:\rfllflf.exec:\rfllflf.exe32⤵
- Executes dropped EXE
-
\??\c:\nbtthh.exec:\nbtthh.exe33⤵
- Executes dropped EXE
-
\??\c:\xlrlffx.exec:\xlrlffx.exe34⤵
- Executes dropped EXE
-
\??\c:\xxrlffx.exec:\xxrlffx.exe35⤵
- Executes dropped EXE
-
\??\c:\tbnnnn.exec:\tbnnnn.exe36⤵
- Executes dropped EXE
-
\??\c:\9vdvp.exec:\9vdvp.exe37⤵
- Executes dropped EXE
-
\??\c:\5fffrxr.exec:\5fffrxr.exe38⤵
- Executes dropped EXE
-
\??\c:\5fllfff.exec:\5fllfff.exe39⤵
- Executes dropped EXE
-
\??\c:\nbhhbb.exec:\nbhhbb.exe40⤵
-
\??\c:\hntnnh.exec:\hntnnh.exe41⤵
- Executes dropped EXE
-
\??\c:\djddd.exec:\djddd.exe42⤵
- Executes dropped EXE
-
\??\c:\frxlfff.exec:\frxlfff.exe43⤵
- Executes dropped EXE
-
\??\c:\rfxrrrl.exec:\rfxrrrl.exe44⤵
- Executes dropped EXE
-
\??\c:\htbtbh.exec:\htbtbh.exe45⤵
- Executes dropped EXE
-
\??\c:\hbnhnh.exec:\hbnhnh.exe46⤵
- Executes dropped EXE
-
\??\c:\jdvpv.exec:\jdvpv.exe47⤵
- Executes dropped EXE
-
\??\c:\pdvpj.exec:\pdvpj.exe48⤵
- Executes dropped EXE
-
\??\c:\xrrrflf.exec:\xrrrflf.exe49⤵
- Executes dropped EXE
-
\??\c:\lffxrlf.exec:\lffxrlf.exe50⤵
- Executes dropped EXE
-
\??\c:\9hhbtb.exec:\9hhbtb.exe51⤵
- Executes dropped EXE
-
\??\c:\vvvvp.exec:\vvvvp.exe52⤵
- Executes dropped EXE
-
\??\c:\jjdvd.exec:\jjdvd.exe53⤵
- Executes dropped EXE
-
\??\c:\llxlxrf.exec:\llxlxrf.exe54⤵
- Executes dropped EXE
-
\??\c:\htnnnn.exec:\htnnnn.exe55⤵
- Executes dropped EXE
-
\??\c:\nnbnnn.exec:\nnbnnn.exe56⤵
- Executes dropped EXE
-
\??\c:\djvvj.exec:\djvvj.exe57⤵
- Executes dropped EXE
-
\??\c:\vpdvv.exec:\vpdvv.exe58⤵
- Executes dropped EXE
-
\??\c:\xxlfrrr.exec:\xxlfrrr.exe59⤵
- Executes dropped EXE
-
\??\c:\rffxrrl.exec:\rffxrrl.exe60⤵
- Executes dropped EXE
-
\??\c:\bbnntt.exec:\bbnntt.exe61⤵
- Executes dropped EXE
-
\??\c:\jvjvp.exec:\jvjvp.exe62⤵
- Executes dropped EXE
-
\??\c:\jvvpd.exec:\jvvpd.exe63⤵
- Executes dropped EXE
-
\??\c:\lxxrfff.exec:\lxxrfff.exe64⤵
- Executes dropped EXE
-
\??\c:\7lrlffx.exec:\7lrlffx.exe65⤵
- Executes dropped EXE
-
\??\c:\ttttnn.exec:\ttttnn.exe66⤵
- Executes dropped EXE
-
\??\c:\vjjjj.exec:\vjjjj.exe67⤵
-
\??\c:\ddpjj.exec:\ddpjj.exe68⤵
-
\??\c:\fflfxxr.exec:\fflfxxr.exe69⤵
-
\??\c:\bhtttt.exec:\bhtttt.exe70⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe71⤵
-
\??\c:\rxrlxxl.exec:\rxrlxxl.exe72⤵
-
\??\c:\rlrfxxr.exec:\rlrfxxr.exe73⤵
-
\??\c:\thbbtt.exec:\thbbtt.exe74⤵
-
\??\c:\9jpdp.exec:\9jpdp.exe75⤵
-
\??\c:\djvvp.exec:\djvvp.exe76⤵
-
\??\c:\3xfxrrl.exec:\3xfxrrl.exe77⤵
-
\??\c:\xxlfxxx.exec:\xxlfxxx.exe78⤵
-
\??\c:\btnnhh.exec:\btnnhh.exe79⤵
-
\??\c:\7jppj.exec:\7jppj.exe80⤵
-
\??\c:\dvpdd.exec:\dvpdd.exe81⤵
-
\??\c:\7xxxrrl.exec:\7xxxrrl.exe82⤵
-
\??\c:\thnhbb.exec:\thnhbb.exe83⤵
-
\??\c:\tnnnhn.exec:\tnnnhn.exe84⤵
-
\??\c:\1pdvp.exec:\1pdvp.exe85⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe86⤵
-
\??\c:\1frxffx.exec:\1frxffx.exe87⤵
-
\??\c:\hntntn.exec:\hntntn.exe88⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe89⤵
-
\??\c:\dvvjd.exec:\dvvjd.exe90⤵
-
\??\c:\rrrrlll.exec:\rrrrlll.exe91⤵
-
\??\c:\fxfxllx.exec:\fxfxllx.exe92⤵
-
\??\c:\bhhhbb.exec:\bhhhbb.exe93⤵
-
\??\c:\pvjdp.exec:\pvjdp.exe94⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe95⤵
-
\??\c:\frxrllf.exec:\frxrllf.exe96⤵
-
\??\c:\nttbnb.exec:\nttbnb.exe97⤵
-
\??\c:\thhbtt.exec:\thhbtt.exe98⤵
-
\??\c:\1dvpj.exec:\1dvpj.exe99⤵
-
\??\c:\pvdvp.exec:\pvdvp.exe100⤵
-
\??\c:\lxllffx.exec:\lxllffx.exe101⤵
-
\??\c:\7rxxrll.exec:\7rxxrll.exe102⤵
-
\??\c:\7hhbbb.exec:\7hhbbb.exe103⤵
-
\??\c:\hhhhht.exec:\hhhhht.exe104⤵
-
\??\c:\7jjdd.exec:\7jjdd.exe105⤵
-
\??\c:\9xfffxx.exec:\9xfffxx.exe106⤵
-
\??\c:\nttttn.exec:\nttttn.exe107⤵
-
\??\c:\3tnthh.exec:\3tnthh.exe108⤵
-
\??\c:\jjvpp.exec:\jjvpp.exe109⤵
-
\??\c:\7pvjd.exec:\7pvjd.exe110⤵
-
\??\c:\lflfllx.exec:\lflfllx.exe111⤵
-
\??\c:\lrrrrrf.exec:\lrrrrrf.exe112⤵
-
\??\c:\bbttnn.exec:\bbttnn.exe113⤵
-
\??\c:\hnbttt.exec:\hnbttt.exe114⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe115⤵
-
\??\c:\xfrrrrr.exec:\xfrrrrr.exe116⤵
-
\??\c:\rrxrrrl.exec:\rrxrrrl.exe117⤵
-
\??\c:\tbbbnh.exec:\tbbbnh.exe118⤵
-
\??\c:\5xfxrrl.exec:\5xfxrrl.exe119⤵
-
\??\c:\7tbbtt.exec:\7tbbtt.exe120⤵
-
\??\c:\tttnhh.exec:\tttnhh.exe121⤵
-
\??\c:\djddp.exec:\djddp.exe122⤵
-
\??\c:\dpddp.exec:\dpddp.exe123⤵
-
\??\c:\3xfffff.exec:\3xfffff.exe124⤵
-
\??\c:\rlfxffl.exec:\rlfxffl.exe125⤵
-
\??\c:\bbbnnh.exec:\bbbnnh.exe126⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe127⤵
-
\??\c:\ddjpv.exec:\ddjpv.exe128⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe129⤵
-
\??\c:\rrrxrrl.exec:\rrrxrrl.exe130⤵
-
\??\c:\3bhbbb.exec:\3bhbbb.exe131⤵
-
\??\c:\3bthth.exec:\3bthth.exe132⤵
-
\??\c:\vjdvv.exec:\vjdvv.exe133⤵
-
\??\c:\3jpjj.exec:\3jpjj.exe134⤵
-
\??\c:\ffxrlfx.exec:\ffxrlfx.exe135⤵
-
\??\c:\rllfxxf.exec:\rllfxxf.exe136⤵
-
\??\c:\1tbnnt.exec:\1tbnnt.exe137⤵
-
\??\c:\ddjpp.exec:\ddjpp.exe138⤵
-
\??\c:\9pjdd.exec:\9pjdd.exe139⤵
-
\??\c:\rflfxrl.exec:\rflfxrl.exe140⤵
-
\??\c:\9thbtt.exec:\9thbtt.exe141⤵
-
\??\c:\ppvjv.exec:\ppvjv.exe142⤵
-
\??\c:\vvdpj.exec:\vvdpj.exe143⤵
-
\??\c:\lfflfxx.exec:\lfflfxx.exe144⤵
-
\??\c:\bbnnhn.exec:\bbnnhn.exe145⤵
-
\??\c:\3hnhtt.exec:\3hnhtt.exe146⤵
-
\??\c:\ppvdd.exec:\ppvdd.exe147⤵
-
\??\c:\vppjv.exec:\vppjv.exe148⤵
-
\??\c:\rrxrllf.exec:\rrxrllf.exe149⤵
-
\??\c:\hnhbtt.exec:\hnhbtt.exe150⤵
-
\??\c:\pdjdj.exec:\pdjdj.exe151⤵
-
\??\c:\pjppp.exec:\pjppp.exe152⤵
-
\??\c:\7vdpd.exec:\7vdpd.exe153⤵
-
\??\c:\ffffflf.exec:\ffffflf.exe154⤵
-
\??\c:\hbnhnb.exec:\hbnhnb.exe155⤵
-
\??\c:\vpppj.exec:\vpppj.exe156⤵
-
\??\c:\jvddd.exec:\jvddd.exe157⤵
-
\??\c:\frfxrrl.exec:\frfxrrl.exe158⤵
-
\??\c:\rlfxffr.exec:\rlfxffr.exe159⤵
-
\??\c:\tnbttt.exec:\tnbttt.exe160⤵
-
\??\c:\tnhbtt.exec:\tnhbtt.exe161⤵
-
\??\c:\lllfrrf.exec:\lllfrrf.exe162⤵
-
\??\c:\3xrlfll.exec:\3xrlfll.exe163⤵
-
\??\c:\bhnnnt.exec:\bhnnnt.exe164⤵
-
\??\c:\9tnhtt.exec:\9tnhtt.exe165⤵
-
\??\c:\1djjd.exec:\1djjd.exe166⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe167⤵
-
\??\c:\5xfxrrf.exec:\5xfxrrf.exe168⤵
-
\??\c:\1llfxxr.exec:\1llfxxr.exe169⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe170⤵
-
\??\c:\tnhbnn.exec:\tnhbnn.exe171⤵
-
\??\c:\pjvdv.exec:\pjvdv.exe172⤵
-
\??\c:\vppjd.exec:\vppjd.exe173⤵
-
\??\c:\lffllll.exec:\lffllll.exe174⤵
-
\??\c:\5lxrrrx.exec:\5lxrrrx.exe175⤵
-
\??\c:\htbttb.exec:\htbttb.exe176⤵
-
\??\c:\1ttnhh.exec:\1ttnhh.exe177⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe178⤵
-
\??\c:\fflrlfl.exec:\fflrlfl.exe179⤵
-
\??\c:\fxxrllf.exec:\fxxrllf.exe180⤵
-
\??\c:\tnttnn.exec:\tnttnn.exe181⤵
-
\??\c:\bthttt.exec:\bthttt.exe182⤵
-
\??\c:\5pdvv.exec:\5pdvv.exe183⤵
-
\??\c:\9jppj.exec:\9jppj.exe184⤵
-
\??\c:\7rrlffx.exec:\7rrlffx.exe185⤵
-
\??\c:\3bbbtt.exec:\3bbbtt.exe186⤵
-
\??\c:\hnnnnn.exec:\hnnnnn.exe187⤵
-
\??\c:\vpjjj.exec:\vpjjj.exe188⤵
-
\??\c:\llxrrrx.exec:\llxrrrx.exe189⤵
-
\??\c:\lrrrrll.exec:\lrrrrll.exe190⤵
-
\??\c:\9ttnnh.exec:\9ttnnh.exe191⤵
-
\??\c:\tbnhhh.exec:\tbnhhh.exe192⤵
-
\??\c:\vdddv.exec:\vdddv.exe193⤵
-
\??\c:\ffffxxr.exec:\ffffxxr.exe194⤵
-
\??\c:\rlfxffl.exec:\rlfxffl.exe195⤵
-
\??\c:\3tbhht.exec:\3tbhht.exe196⤵
-
\??\c:\9pvvv.exec:\9pvvv.exe197⤵
-
\??\c:\lrrflll.exec:\lrrflll.exe198⤵
-
\??\c:\xxrlrrx.exec:\xxrlrrx.exe199⤵
-
\??\c:\bbhhhn.exec:\bbhhhn.exe200⤵
-
\??\c:\pdjjp.exec:\pdjjp.exe201⤵
-
\??\c:\fxlffff.exec:\fxlffff.exe202⤵
-
\??\c:\fxfffff.exec:\fxfffff.exe203⤵
-
\??\c:\thtttt.exec:\thtttt.exe204⤵
-
\??\c:\1ththh.exec:\1ththh.exe205⤵
-
\??\c:\tnbbbb.exec:\tnbbbb.exe206⤵
-
\??\c:\jvdjv.exec:\jvdjv.exe207⤵
-
\??\c:\fxrflxl.exec:\fxrflxl.exe208⤵
-
\??\c:\lxlrfxl.exec:\lxlrfxl.exe209⤵
-
\??\c:\tthhtt.exec:\tthhtt.exe210⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe211⤵
-
\??\c:\dddvv.exec:\dddvv.exe212⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe213⤵
-
\??\c:\fxfxrll.exec:\fxfxrll.exe214⤵
-
\??\c:\hnbtnh.exec:\hnbtnh.exe215⤵
-
\??\c:\thnhht.exec:\thnhht.exe216⤵
-
\??\c:\vvjjj.exec:\vvjjj.exe217⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe218⤵
-
\??\c:\rfxrllf.exec:\rfxrllf.exe219⤵
-
\??\c:\5llrllf.exec:\5llrllf.exe220⤵
-
\??\c:\nhnnhh.exec:\nhnnhh.exe221⤵
-
\??\c:\vppjd.exec:\vppjd.exe222⤵
-
\??\c:\9vvvj.exec:\9vvvj.exe223⤵
-
\??\c:\ppvvd.exec:\ppvvd.exe224⤵
-
\??\c:\xfrlfff.exec:\xfrlfff.exe225⤵
-
\??\c:\xxlrxxl.exec:\xxlrxxl.exe226⤵
-
\??\c:\1bhhnn.exec:\1bhhnn.exe227⤵
-
\??\c:\ppjdv.exec:\ppjdv.exe228⤵
-
\??\c:\vdpdv.exec:\vdpdv.exe229⤵
-
\??\c:\xrrrlll.exec:\xrrrlll.exe230⤵
-
\??\c:\3rxxrxr.exec:\3rxxrxr.exe231⤵
-
\??\c:\ntbtbb.exec:\ntbtbb.exe232⤵
-
\??\c:\tthbbb.exec:\tthbbb.exe233⤵
-
\??\c:\djdvv.exec:\djdvv.exe234⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe235⤵
-
\??\c:\fxffxxr.exec:\fxffxxr.exe236⤵
-
\??\c:\1ntnht.exec:\1ntnht.exe237⤵
-
\??\c:\3tttnh.exec:\3tttnh.exe238⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe239⤵
-
\??\c:\7ddvp.exec:\7ddvp.exe240⤵
-
\??\c:\ffxxffl.exec:\ffxxffl.exe241⤵