Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
25-05-2024 01:58
General
-
Target
abd35364d342750bfcd6f9b9522723c94dffe088fa5ac48a7d469030d62c6109.exe
-
Size
73KB
-
MD5
1cc97735b4ce3a0152cd4f12224df765
-
SHA1
a2f83b798fc7a58c42371fee7151753a11a8befb
-
SHA256
abd35364d342750bfcd6f9b9522723c94dffe088fa5ac48a7d469030d62c6109
-
SHA512
1ea66915c0daa299229da5f09f64b8ace53f36d5fa18ef4f2be788169ceb52fa2e583dad948d0f2039a1698f7a4ddab4a8865365ea569236694ce0202c5ac31a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIfv7+afCD+QsQbKQPV790v:ymb3NkkiQ3mdBjFIfvTfCD+HlQgv
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 30 IoCs
-
UPX dump on OEP (original entry point) 34 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\abd35364d342750bfcd6f9b9522723c94dffe088fa5ac48a7d469030d62c6109.exe"C:\Users\Admin\AppData\Local\Temp\abd35364d342750bfcd6f9b9522723c94dffe088fa5ac48a7d469030d62c6109.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rflllrr.exec:\rflllrr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbtth.exec:\btbtth.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjddv.exec:\vjddv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrllrrl.exec:\rrllrrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hnnhn.exec:\7hnnhn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1htbhh.exec:\1htbhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxflxf.exec:\rrxflxf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jddd.exec:\3jddd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djppj.exec:\djppj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnnhb.exec:\bnnnhb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpp.exec:\jvvpp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrlfxl.exec:\xxrlfxl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbnht.exec:\nnbnht.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ddvv.exec:\1ddvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpjd.exec:\djpjd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhhh.exec:\bnnhhh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhtt.exec:\bnnhtt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frffxfx.exec:\frffxfx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xlrxrx.exec:\5xlrxrx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbttnn.exec:\bbttnn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvvv.exec:\jvvvv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxrlrr.exec:\llxrlrr.exe23⤵
- Executes dropped EXE
-
\??\c:\5bnthn.exec:\5bnthn.exe24⤵
- Executes dropped EXE
-
\??\c:\vdppd.exec:\vdppd.exe25⤵
- Executes dropped EXE
-
\??\c:\rllrflx.exec:\rllrflx.exe26⤵
- Executes dropped EXE
-
\??\c:\nhnttt.exec:\nhnttt.exe27⤵
- Executes dropped EXE
-
\??\c:\jvddd.exec:\jvddd.exe28⤵
- Executes dropped EXE
-
\??\c:\rxllxxf.exec:\rxllxxf.exe29⤵
- Executes dropped EXE
-
\??\c:\nbhhtt.exec:\nbhhtt.exe30⤵
- Executes dropped EXE
-
\??\c:\tbnhtt.exec:\tbnhtt.exe31⤵
- Executes dropped EXE
-
\??\c:\frxrfff.exec:\frxrfff.exe32⤵
- Executes dropped EXE
-
\??\c:\rrxlfxx.exec:\rrxlfxx.exe33⤵
- Executes dropped EXE
-
\??\c:\5bhbtt.exec:\5bhbtt.exe34⤵
- Executes dropped EXE
-
\??\c:\pjjdp.exec:\pjjdp.exe35⤵
- Executes dropped EXE
-
\??\c:\ffxrlfx.exec:\ffxrlfx.exe36⤵
- Executes dropped EXE
-
\??\c:\flrrfff.exec:\flrrfff.exe37⤵
- Executes dropped EXE
-
\??\c:\bnnnhh.exec:\bnnnhh.exe38⤵
- Executes dropped EXE
-
\??\c:\jvvvv.exec:\jvvvv.exe39⤵
- Executes dropped EXE
-
\??\c:\llrxrxx.exec:\llrxrxx.exe40⤵
- Executes dropped EXE
-
\??\c:\nhnhhb.exec:\nhnhhb.exe41⤵
- Executes dropped EXE
-
\??\c:\nbnbbb.exec:\nbnbbb.exe42⤵
- Executes dropped EXE
-
\??\c:\jdddj.exec:\jdddj.exe43⤵
- Executes dropped EXE
-
\??\c:\nthnbn.exec:\nthnbn.exe44⤵
- Executes dropped EXE
-
\??\c:\nhbtnn.exec:\nhbtnn.exe45⤵
- Executes dropped EXE
-
\??\c:\jddjv.exec:\jddjv.exe46⤵
- Executes dropped EXE
-
\??\c:\5xxxrrx.exec:\5xxxrrx.exe47⤵
- Executes dropped EXE
-
\??\c:\lllfxfl.exec:\lllfxfl.exe48⤵
- Executes dropped EXE
-
\??\c:\nbbbtb.exec:\nbbbtb.exe49⤵
- Executes dropped EXE
-
\??\c:\vvjjv.exec:\vvjjv.exe50⤵
- Executes dropped EXE
-
\??\c:\lfxlflx.exec:\lfxlflx.exe51⤵
- Executes dropped EXE
-
\??\c:\3nnhnh.exec:\3nnhnh.exe52⤵
- Executes dropped EXE
-
\??\c:\htnbhh.exec:\htnbhh.exe53⤵
- Executes dropped EXE
-
\??\c:\jjvpp.exec:\jjvpp.exe54⤵
- Executes dropped EXE
-
\??\c:\dvvdp.exec:\dvvdp.exe55⤵
- Executes dropped EXE
-
\??\c:\lxfxxrr.exec:\lxfxxrr.exe56⤵
- Executes dropped EXE
-
\??\c:\tnbttt.exec:\tnbttt.exe57⤵
- Executes dropped EXE
-
\??\c:\vjpdd.exec:\vjpdd.exe58⤵
- Executes dropped EXE
-
\??\c:\xfffxfx.exec:\xfffxfx.exe59⤵
- Executes dropped EXE
-
\??\c:\tbhhnn.exec:\tbhhnn.exe60⤵
- Executes dropped EXE
-
\??\c:\htttnn.exec:\htttnn.exe61⤵
- Executes dropped EXE
-
\??\c:\ppddd.exec:\ppddd.exe62⤵
- Executes dropped EXE
-
\??\c:\5rfxrrl.exec:\5rfxrrl.exe63⤵
- Executes dropped EXE
-
\??\c:\xrfrrrr.exec:\xrfrrrr.exe64⤵
- Executes dropped EXE
-
\??\c:\1tnnnn.exec:\1tnnnn.exe65⤵
- Executes dropped EXE
-
\??\c:\pdjjv.exec:\pdjjv.exe66⤵
-
\??\c:\xflrrrr.exec:\xflrrrr.exe67⤵
-
\??\c:\nhnttt.exec:\nhnttt.exe68⤵
-
\??\c:\djjvv.exec:\djjvv.exe69⤵
-
\??\c:\3dvdv.exec:\3dvdv.exe70⤵
-
\??\c:\rxrffrf.exec:\rxrffrf.exe71⤵
-
\??\c:\1hhbtb.exec:\1hhbtb.exe72⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe73⤵
-
\??\c:\xrfffxx.exec:\xrfffxx.exe74⤵
-
\??\c:\frlrfrl.exec:\frlrfrl.exe75⤵
-
\??\c:\1tbbbb.exec:\1tbbbb.exe76⤵
-
\??\c:\pjppv.exec:\pjppv.exe77⤵
-
\??\c:\pdpdd.exec:\pdpdd.exe78⤵
-
\??\c:\xllllll.exec:\xllllll.exe79⤵
-
\??\c:\flxxllx.exec:\flxxllx.exe80⤵
-
\??\c:\9bhbbb.exec:\9bhbbb.exe81⤵
-
\??\c:\dpdvp.exec:\dpdvp.exe82⤵
-
\??\c:\xfflfrf.exec:\xfflfrf.exe83⤵
-
\??\c:\ffxfflf.exec:\ffxfflf.exe84⤵
-
\??\c:\bbnntt.exec:\bbnntt.exe85⤵
-
\??\c:\pddvp.exec:\pddvp.exe86⤵
-
\??\c:\jppjp.exec:\jppjp.exe87⤵
-
\??\c:\lflfxfx.exec:\lflfxfx.exe88⤵
-
\??\c:\llrrlrl.exec:\llrrlrl.exe89⤵
-
\??\c:\3bbhtt.exec:\3bbhtt.exe90⤵
-
\??\c:\5bhhbh.exec:\5bhhbh.exe91⤵
-
\??\c:\dpdpp.exec:\dpdpp.exe92⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe93⤵
-
\??\c:\flrrxxf.exec:\flrrxxf.exe94⤵
-
\??\c:\lfxrrll.exec:\lfxrrll.exe95⤵
-
\??\c:\nbhttb.exec:\nbhttb.exe96⤵
-
\??\c:\jjppj.exec:\jjppj.exe97⤵
-
\??\c:\pppvj.exec:\pppvj.exe98⤵
-
\??\c:\xrrlflf.exec:\xrrlflf.exe99⤵
-
\??\c:\9nhnnn.exec:\9nhnnn.exe100⤵
-
\??\c:\rfrrlll.exec:\rfrrlll.exe101⤵
-
\??\c:\bhntbh.exec:\bhntbh.exe102⤵
-
\??\c:\tnnnnt.exec:\tnnnnt.exe103⤵
-
\??\c:\jvddv.exec:\jvddv.exe104⤵
-
\??\c:\fxllfff.exec:\fxllfff.exe105⤵
-
\??\c:\llxxxll.exec:\llxxxll.exe106⤵
-
\??\c:\nhtnhh.exec:\nhtnhh.exe107⤵
-
\??\c:\nbhhnn.exec:\nbhhnn.exe108⤵
-
\??\c:\vvddv.exec:\vvddv.exe109⤵
-
\??\c:\xrrrfff.exec:\xrrrfff.exe110⤵
-
\??\c:\xfxrllf.exec:\xfxrllf.exe111⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe112⤵
-
\??\c:\htbhnb.exec:\htbhnb.exe113⤵
-
\??\c:\djjdd.exec:\djjdd.exe114⤵
-
\??\c:\ffllxxl.exec:\ffllxxl.exe115⤵
-
\??\c:\ffxrrxx.exec:\ffxrrxx.exe116⤵
-
\??\c:\5bnnbh.exec:\5bnnbh.exe117⤵
-
\??\c:\jvvvv.exec:\jvvvv.exe118⤵
-
\??\c:\vvddp.exec:\vvddp.exe119⤵
-
\??\c:\rlrlffx.exec:\rlrlffx.exe120⤵
-
\??\c:\llfxxff.exec:\llfxxff.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-