Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
25/05/2024, 01:20
General
-
Target
9d2b6a5699dc24c7f0ece2ddded7111ae313166970e4ddf6061a700a69f87d21.exe
-
Size
82KB
-
MD5
6f06c39347bc945671eb2a41db567c07
-
SHA1
0e6b4e0b88f8a92e607d5afa9b9e5cd877507899
-
SHA256
9d2b6a5699dc24c7f0ece2ddded7111ae313166970e4ddf6061a700a69f87d21
-
SHA512
bdfe21808c65b4b0a37312ef6acb19ecc959e6cba3695463e1a5eec44ace7a7a07f2f462315e73b6827528a135f05ab37b1f9848b0345f4ba0e6ee07e4cfa136
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDInWeNCYGyA2R7JkZPsv7B:ymb3NkkiQ3mdBjFIWeFGyA9Pq
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
UPX dump on OEP (original entry point) 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9d2b6a5699dc24c7f0ece2ddded7111ae313166970e4ddf6061a700a69f87d21.exe"C:\Users\Admin\AppData\Local\Temp\9d2b6a5699dc24c7f0ece2ddded7111ae313166970e4ddf6061a700a69f87d21.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvpj.exec:\jpvpj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvvj.exec:\djvvj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnntt.exec:\hbnntt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnbb.exec:\bttnbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjppj.exec:\jjppj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpj.exec:\dvvpj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jdvp.exec:\7jdvp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bbbhn.exec:\5bbbhn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbthbt.exec:\hbthbt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppp.exec:\jdppp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdv.exec:\pdjdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnntt.exec:\btnntt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddd.exec:\dvddd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppp.exec:\jdppp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxrxlx.exec:\lrxrxlx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhttnn.exec:\hhttnn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjdv.exec:\pvjdv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfxxxx.exec:\llfxxxx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llllflf.exec:\llllflf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1httnn.exec:\1httnn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpppd.exec:\dpppd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjd.exec:\vppjd.exe23⤵
- Executes dropped EXE
-
\??\c:\5lrxxrr.exec:\5lrxxrr.exe24⤵
- Executes dropped EXE
-
\??\c:\bnbbbb.exec:\bnbbbb.exe25⤵
- Executes dropped EXE
-
\??\c:\vjjjj.exec:\vjjjj.exe26⤵
- Executes dropped EXE
-
\??\c:\dvjjd.exec:\dvjjd.exe27⤵
- Executes dropped EXE
-
\??\c:\llxrrrr.exec:\llxrrrr.exe28⤵
- Executes dropped EXE
-
\??\c:\nhhnhn.exec:\nhhnhn.exe29⤵
- Executes dropped EXE
-
\??\c:\7hhhnn.exec:\7hhhnn.exe30⤵
- Executes dropped EXE
-
\??\c:\jddpp.exec:\jddpp.exe31⤵
- Executes dropped EXE
-
\??\c:\1ddvp.exec:\1ddvp.exe32⤵
- Executes dropped EXE
-
\??\c:\frfxxxx.exec:\frfxxxx.exe33⤵
- Executes dropped EXE
-
\??\c:\tntthn.exec:\tntthn.exe34⤵
- Executes dropped EXE
-
\??\c:\bbtttb.exec:\bbtttb.exe35⤵
- Executes dropped EXE
-
\??\c:\vjdvj.exec:\vjdvj.exe36⤵
- Executes dropped EXE
-
\??\c:\1xxrffx.exec:\1xxrffx.exe37⤵
- Executes dropped EXE
-
\??\c:\hhnnnn.exec:\hhnnnn.exe38⤵
- Executes dropped EXE
-
\??\c:\nhtntt.exec:\nhtntt.exe39⤵
- Executes dropped EXE
-
\??\c:\vpjjj.exec:\vpjjj.exe40⤵
- Executes dropped EXE
-
\??\c:\rfllffx.exec:\rfllffx.exe41⤵
- Executes dropped EXE
-
\??\c:\7rlfxrl.exec:\7rlfxrl.exe42⤵
- Executes dropped EXE
-
\??\c:\hhtttt.exec:\hhtttt.exe43⤵
- Executes dropped EXE
-
\??\c:\hhhtnn.exec:\hhhtnn.exe44⤵
- Executes dropped EXE
-
\??\c:\vvjjj.exec:\vvjjj.exe45⤵
- Executes dropped EXE
-
\??\c:\ppjpj.exec:\ppjpj.exe46⤵
- Executes dropped EXE
-
\??\c:\llrrrrx.exec:\llrrrrx.exe47⤵
- Executes dropped EXE
-
\??\c:\fxllffl.exec:\fxllffl.exe48⤵
- Executes dropped EXE
-
\??\c:\bbtttt.exec:\bbtttt.exe49⤵
- Executes dropped EXE
-
\??\c:\7nnnhh.exec:\7nnnhh.exe50⤵
- Executes dropped EXE
-
\??\c:\jjdvp.exec:\jjdvp.exe51⤵
- Executes dropped EXE
-
\??\c:\5ddvp.exec:\5ddvp.exe52⤵
- Executes dropped EXE
-
\??\c:\rlfxrrl.exec:\rlfxrrl.exe53⤵
- Executes dropped EXE
-
\??\c:\fxfffff.exec:\fxfffff.exe54⤵
- Executes dropped EXE
-
\??\c:\hhhbhn.exec:\hhhbhn.exe55⤵
- Executes dropped EXE
-
\??\c:\ttnntt.exec:\ttnntt.exe56⤵
- Executes dropped EXE
-
\??\c:\pjjdd.exec:\pjjdd.exe57⤵
- Executes dropped EXE
-
\??\c:\jvdvv.exec:\jvdvv.exe58⤵
- Executes dropped EXE
-
\??\c:\lrxxrrf.exec:\lrxxrrf.exe59⤵
- Executes dropped EXE
-
\??\c:\rlffffx.exec:\rlffffx.exe60⤵
- Executes dropped EXE
-
\??\c:\nthtbh.exec:\nthtbh.exe61⤵
- Executes dropped EXE
-
\??\c:\hbhhbb.exec:\hbhhbb.exe62⤵
- Executes dropped EXE
-
\??\c:\nhnhnn.exec:\nhnhnn.exe63⤵
- Executes dropped EXE
-
\??\c:\1vjjv.exec:\1vjjv.exe64⤵
- Executes dropped EXE
-
\??\c:\jdpvp.exec:\jdpvp.exe65⤵
- Executes dropped EXE
-
\??\c:\rlxxrxf.exec:\rlxxrxf.exe66⤵
-
\??\c:\9xllllr.exec:\9xllllr.exe67⤵
-
\??\c:\htttnb.exec:\htttnb.exe68⤵
-
\??\c:\vvjjd.exec:\vvjjd.exe69⤵
-
\??\c:\vvdpj.exec:\vvdpj.exe70⤵
-
\??\c:\5lfxlxr.exec:\5lfxlxr.exe71⤵
-
\??\c:\xlrlffr.exec:\xlrlffr.exe72⤵
-
\??\c:\3hbhbh.exec:\3hbhbh.exe73⤵
-
\??\c:\dpjjv.exec:\dpjjv.exe74⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe75⤵
-
\??\c:\3llfrrr.exec:\3llfrrr.exe76⤵
-
\??\c:\bhbttn.exec:\bhbttn.exe77⤵
-
\??\c:\5thbhh.exec:\5thbhh.exe78⤵
-
\??\c:\dpddv.exec:\dpddv.exe79⤵
-
\??\c:\vvjdv.exec:\vvjdv.exe80⤵
-
\??\c:\5llxlff.exec:\5llxlff.exe81⤵
-
\??\c:\fxffxxx.exec:\fxffxxx.exe82⤵
-
\??\c:\nbnnhb.exec:\nbnnhb.exe83⤵
-
\??\c:\htnhhn.exec:\htnhhn.exe84⤵
-
\??\c:\ddjdd.exec:\ddjdd.exe85⤵
-
\??\c:\7vvpv.exec:\7vvpv.exe86⤵
-
\??\c:\rrxfxfx.exec:\rrxfxfx.exe87⤵
-
\??\c:\llrxrrx.exec:\llrxrrx.exe88⤵
-
\??\c:\hbnnnt.exec:\hbnnnt.exe89⤵
-
\??\c:\1nbbbb.exec:\1nbbbb.exe90⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe91⤵
-
\??\c:\ppvpj.exec:\ppvpj.exe92⤵
-
\??\c:\fxffrrr.exec:\fxffrrr.exe93⤵
-
\??\c:\9thhnn.exec:\9thhnn.exe94⤵
-
\??\c:\nhnnnn.exec:\nhnnnn.exe95⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe96⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe97⤵
-
\??\c:\5rfxflx.exec:\5rfxflx.exe98⤵
-
\??\c:\rrxllll.exec:\rrxllll.exe99⤵
-
\??\c:\lllllrl.exec:\lllllrl.exe100⤵
-
\??\c:\nhnnnn.exec:\nhnnnn.exe101⤵
-
\??\c:\nhntnn.exec:\nhntnn.exe102⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe103⤵
-
\??\c:\dvdjv.exec:\dvdjv.exe104⤵
-
\??\c:\3xlrrrr.exec:\3xlrrrr.exe105⤵
-
\??\c:\llllflf.exec:\llllflf.exe106⤵
-
\??\c:\bbbbbn.exec:\bbbbbn.exe107⤵
-
\??\c:\nhhhth.exec:\nhhhth.exe108⤵
-
\??\c:\jjvvp.exec:\jjvvp.exe109⤵
-
\??\c:\9vdvv.exec:\9vdvv.exe110⤵
-
\??\c:\lfxrflf.exec:\lfxrflf.exe111⤵
-
\??\c:\xrrrlrl.exec:\xrrrlrl.exe112⤵
-
\??\c:\nhhhbb.exec:\nhhhbb.exe113⤵
-
\??\c:\btnhbb.exec:\btnhbb.exe114⤵
-
\??\c:\vvvvd.exec:\vvvvd.exe115⤵
-
\??\c:\7vjjp.exec:\7vjjp.exe116⤵
-
\??\c:\dvddp.exec:\dvddp.exe117⤵
-
\??\c:\rrrfffx.exec:\rrrfffx.exe118⤵
-
\??\c:\rrffxxl.exec:\rrffxxl.exe119⤵
-
\??\c:\tnbbnn.exec:\tnbbnn.exe120⤵
-
\??\c:\1jvvp.exec:\1jvvp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-