Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
25-05-2024 01:20
General
-
Target
9d2b6a5699dc24c7f0ece2ddded7111ae313166970e4ddf6061a700a69f87d21.exe
-
Size
82KB
-
MD5
6f06c39347bc945671eb2a41db567c07
-
SHA1
0e6b4e0b88f8a92e607d5afa9b9e5cd877507899
-
SHA256
9d2b6a5699dc24c7f0ece2ddded7111ae313166970e4ddf6061a700a69f87d21
-
SHA512
bdfe21808c65b4b0a37312ef6acb19ecc959e6cba3695463e1a5eec44ace7a7a07f2f462315e73b6827528a135f05ab37b1f9848b0345f4ba0e6ee07e4cfa136
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDInWeNCYGyA2R7JkZPsv7B:ymb3NkkiQ3mdBjFIWeFGyA9Pq
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
UPX dump on OEP (original entry point) 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9d2b6a5699dc24c7f0ece2ddded7111ae313166970e4ddf6061a700a69f87d21.exe"C:\Users\Admin\AppData\Local\Temp\9d2b6a5699dc24c7f0ece2ddded7111ae313166970e4ddf6061a700a69f87d21.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbnbt.exec:\nhbnbt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhhnn.exec:\thhhnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjj.exec:\vpdjj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxlxrr.exec:\llxlxrr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3llxffl.exec:\3llxffl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbhnt.exec:\bnbhnt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthbbb.exec:\bthbbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflrrrx.exec:\lflrrrx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxllxxx.exec:\fxllxxx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dpdp.exec:\5dpdp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frffrrx.exec:\frffrrx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xffrfr.exec:\1xffrfr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtntt.exec:\nhtntt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vjjv.exec:\5vjjv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdvv.exec:\pvdvv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlflflx.exec:\rlflflx.exe17⤵
- Executes dropped EXE
-
\??\c:\xxlrffl.exec:\xxlrffl.exe18⤵
- Executes dropped EXE
-
\??\c:\thbbnn.exec:\thbbnn.exe19⤵
- Executes dropped EXE
-
\??\c:\5dvpv.exec:\5dvpv.exe20⤵
- Executes dropped EXE
-
\??\c:\pjjvd.exec:\pjjvd.exe21⤵
- Executes dropped EXE
-
\??\c:\rlrrrll.exec:\rlrrrll.exe22⤵
- Executes dropped EXE
-
\??\c:\fxlxrxl.exec:\fxlxrxl.exe23⤵
- Executes dropped EXE
-
\??\c:\1ttnhh.exec:\1ttnhh.exe24⤵
- Executes dropped EXE
-
\??\c:\pjdjp.exec:\pjdjp.exe25⤵
- Executes dropped EXE
-
\??\c:\7vjjp.exec:\7vjjp.exe26⤵
- Executes dropped EXE
-
\??\c:\9frrrrr.exec:\9frrrrr.exe27⤵
- Executes dropped EXE
-
\??\c:\rrfxlxr.exec:\rrfxlxr.exe28⤵
- Executes dropped EXE
-
\??\c:\nhtbnt.exec:\nhtbnt.exe29⤵
- Executes dropped EXE
-
\??\c:\ppdjp.exec:\ppdjp.exe30⤵
- Executes dropped EXE
-
\??\c:\7pjvj.exec:\7pjvj.exe31⤵
- Executes dropped EXE
-
\??\c:\9rrxxxx.exec:\9rrxxxx.exe32⤵
- Executes dropped EXE
-
\??\c:\hhbtht.exec:\hhbtht.exe33⤵
- Executes dropped EXE
-
\??\c:\thbhnn.exec:\thbhnn.exe34⤵
- Executes dropped EXE
-
\??\c:\1dvvv.exec:\1dvvv.exe35⤵
- Executes dropped EXE
-
\??\c:\ppjjv.exec:\ppjjv.exe36⤵
- Executes dropped EXE
-
\??\c:\xrrrffr.exec:\xrrrffr.exe37⤵
- Executes dropped EXE
-
\??\c:\9xrrrrx.exec:\9xrrrrx.exe38⤵
- Executes dropped EXE
-
\??\c:\nhtthh.exec:\nhtthh.exe39⤵
- Executes dropped EXE
-
\??\c:\btbhhh.exec:\btbhhh.exe40⤵
- Executes dropped EXE
-
\??\c:\vvppv.exec:\vvppv.exe41⤵
- Executes dropped EXE
-
\??\c:\3pjvd.exec:\3pjvd.exe42⤵
- Executes dropped EXE
-
\??\c:\jjdpp.exec:\jjdpp.exe43⤵
- Executes dropped EXE
-
\??\c:\fxxffrx.exec:\fxxffrx.exe44⤵
- Executes dropped EXE
-
\??\c:\rlxflrf.exec:\rlxflrf.exe45⤵
- Executes dropped EXE
-
\??\c:\3hhtbt.exec:\3hhtbt.exe46⤵
- Executes dropped EXE
-
\??\c:\btntth.exec:\btntth.exe47⤵
- Executes dropped EXE
-
\??\c:\pjpjv.exec:\pjpjv.exe48⤵
- Executes dropped EXE
-
\??\c:\vpddd.exec:\vpddd.exe49⤵
- Executes dropped EXE
-
\??\c:\fxrfrrx.exec:\fxrfrrx.exe50⤵
- Executes dropped EXE
-
\??\c:\9rffffr.exec:\9rffffr.exe51⤵
- Executes dropped EXE
-
\??\c:\bthhbb.exec:\bthhbb.exe52⤵
- Executes dropped EXE
-
\??\c:\nhnnnn.exec:\nhnnnn.exe53⤵
- Executes dropped EXE
-
\??\c:\pjvvd.exec:\pjvvd.exe54⤵
- Executes dropped EXE
-
\??\c:\vvjvv.exec:\vvjvv.exe55⤵
- Executes dropped EXE
-
\??\c:\1jdjj.exec:\1jdjj.exe56⤵
- Executes dropped EXE
-
\??\c:\fxrxffr.exec:\fxrxffr.exe57⤵
- Executes dropped EXE
-
\??\c:\5fllrxf.exec:\5fllrxf.exe58⤵
- Executes dropped EXE
-
\??\c:\nnbhhh.exec:\nnbhhh.exe59⤵
- Executes dropped EXE
-
\??\c:\nhttnn.exec:\nhttnn.exe60⤵
- Executes dropped EXE
-
\??\c:\3vvdv.exec:\3vvdv.exe61⤵
- Executes dropped EXE
-
\??\c:\3pjdj.exec:\3pjdj.exe62⤵
- Executes dropped EXE
-
\??\c:\vpvvd.exec:\vpvvd.exe63⤵
- Executes dropped EXE
-
\??\c:\1fxxxfr.exec:\1fxxxfr.exe64⤵
- Executes dropped EXE
-
\??\c:\5rffrxr.exec:\5rffrxr.exe65⤵
- Executes dropped EXE
-
\??\c:\nhbntt.exec:\nhbntt.exe66⤵
-
\??\c:\9nnntb.exec:\9nnntb.exe67⤵
-
\??\c:\vppvd.exec:\vppvd.exe68⤵
-
\??\c:\vjppv.exec:\vjppv.exe69⤵
-
\??\c:\xrffrrx.exec:\xrffrrx.exe70⤵
-
\??\c:\fxflxfl.exec:\fxflxfl.exe71⤵
-
\??\c:\9ttbhn.exec:\9ttbhn.exe72⤵
-
\??\c:\nnbntb.exec:\nnbntb.exe73⤵
-
\??\c:\1dddj.exec:\1dddj.exe74⤵
-
\??\c:\5pdpv.exec:\5pdpv.exe75⤵
-
\??\c:\xrfrxlx.exec:\xrfrxlx.exe76⤵
-
\??\c:\lflxxxl.exec:\lflxxxl.exe77⤵
-
\??\c:\jvpjd.exec:\jvpjd.exe78⤵
-
\??\c:\3vdjp.exec:\3vdjp.exe79⤵
-
\??\c:\fxrxrlr.exec:\fxrxrlr.exe80⤵
-
\??\c:\frfrxfr.exec:\frfrxfr.exe81⤵
-
\??\c:\bthnbh.exec:\bthnbh.exe82⤵
-
\??\c:\nhntbh.exec:\nhntbh.exe83⤵
-
\??\c:\tnhhbb.exec:\tnhhbb.exe84⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe85⤵
-
\??\c:\jdppj.exec:\jdppj.exe86⤵
-
\??\c:\ffrrffr.exec:\ffrrffr.exe87⤵
-
\??\c:\rrllffr.exec:\rrllffr.exe88⤵
-
\??\c:\hhtbnt.exec:\hhtbnt.exe89⤵
-
\??\c:\tnhhnh.exec:\tnhhnh.exe90⤵
-
\??\c:\pjvjj.exec:\pjvjj.exe91⤵
-
\??\c:\1pjdv.exec:\1pjdv.exe92⤵
-
\??\c:\frrxllr.exec:\frrxllr.exe93⤵
-
\??\c:\9rrflrl.exec:\9rrflrl.exe94⤵
-
\??\c:\nnhhtb.exec:\nnhhtb.exe95⤵
-
\??\c:\nbtttt.exec:\nbtttt.exe96⤵
-
\??\c:\bnnhhn.exec:\bnnhhn.exe97⤵
-
\??\c:\pjvpd.exec:\pjvpd.exe98⤵
-
\??\c:\5dvjp.exec:\5dvjp.exe99⤵
-
\??\c:\xfxlfrf.exec:\xfxlfrf.exe100⤵
-
\??\c:\lffflfx.exec:\lffflfx.exe101⤵
-
\??\c:\fxflxxf.exec:\fxflxxf.exe102⤵
-
\??\c:\tnhntt.exec:\tnhntt.exe103⤵
-
\??\c:\nhnntt.exec:\nhnntt.exe104⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe105⤵
-
\??\c:\jvddd.exec:\jvddd.exe106⤵
-
\??\c:\3xlfffl.exec:\3xlfffl.exe107⤵
-
\??\c:\lfxfrrf.exec:\lfxfrrf.exe108⤵
-
\??\c:\nhtbhh.exec:\nhtbhh.exe109⤵
-
\??\c:\thnhhb.exec:\thnhhb.exe110⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe111⤵
-
\??\c:\pjjpd.exec:\pjjpd.exe112⤵
-
\??\c:\5pdjp.exec:\5pdjp.exe113⤵
-
\??\c:\rlfflrx.exec:\rlfflrx.exe114⤵
-
\??\c:\rrllxfr.exec:\rrllxfr.exe115⤵
-
\??\c:\hbtbnt.exec:\hbtbnt.exe116⤵
-
\??\c:\3nbttn.exec:\3nbttn.exe117⤵
-
\??\c:\3bttnn.exec:\3bttnn.exe118⤵
-
\??\c:\9pvpp.exec:\9pvpp.exe119⤵
-
\??\c:\7vpjp.exec:\7vpjp.exe120⤵
-
\??\c:\lfxlfrx.exec:\lfxlfrx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-