Analysis
-
max time kernel
151s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
26-05-2024 22:59
General
-
Target
70a61c711351d78281993666f6520903ba1fca51bce98cdf849e58088a2dc36f.exe
-
Size
401KB
-
MD5
35d76ad4c29ed71577654ff32a3d0e73
-
SHA1
6129c83ea9d08672553791dc92dabd03732f6014
-
SHA256
70a61c711351d78281993666f6520903ba1fca51bce98cdf849e58088a2dc36f
-
SHA512
883294ffb9fa7058e4f099662af2061886ae7c7044ce084aae93d98a9f0e862dfd53af3cff3874673601139552728e23d9b900efe36f5a637dcf9a8d7e048935
-
SSDEEP
3072:ymb3NkkiQ3mdBjFIi/0RU6QeYQsm71vPmX5kr+uIBpkJITEEuR9XTVyXmGN:n3C9BRIG0asYFm71mJkr+uIBe1T8V
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
UPX dump on OEP (original entry point) 31 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\70a61c711351d78281993666f6520903ba1fca51bce98cdf849e58088a2dc36f.exe"C:\Users\Admin\AppData\Local\Temp\70a61c711351d78281993666f6520903ba1fca51bce98cdf849e58088a2dc36f.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\kb93331.exec:\kb93331.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4k12j.exec:\4k12j.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3d943.exec:\3d943.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\20f9e75.exec:\20f9e75.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\wwb6q.exec:\wwb6q.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ld8e95q.exec:\ld8e95q.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\kv9o1j.exec:\kv9o1j.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\64r330w.exec:\64r330w.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tsvf419.exec:\tsvf419.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\625395.exec:\625395.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdq5.exec:\ppdq5.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\va8g157.exec:\va8g157.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\94wqi3.exec:\94wqi3.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w7qq9.exec:\w7qq9.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5s3h3.exec:\5s3h3.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\397jwk5.exec:\397jwk5.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\l3k33o.exec:\l3k33o.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3p7a9.exec:\3p7a9.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\89u926.exec:\89u926.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v947h99.exec:\v947h99.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\o75lbj6.exec:\o75lbj6.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\074s6.exec:\074s6.exe23⤵
- Executes dropped EXE
-
\??\c:\574t9wh.exec:\574t9wh.exe24⤵
- Executes dropped EXE
-
\??\c:\g87k1.exec:\g87k1.exe25⤵
- Executes dropped EXE
-
\??\c:\6bdt9f.exec:\6bdt9f.exe26⤵
- Executes dropped EXE
-
\??\c:\fs4tqw.exec:\fs4tqw.exe27⤵
- Executes dropped EXE
-
\??\c:\tj30t3.exec:\tj30t3.exe28⤵
- Executes dropped EXE
-
\??\c:\957do9.exec:\957do9.exe29⤵
- Executes dropped EXE
-
\??\c:\xb5l48.exec:\xb5l48.exe30⤵
- Executes dropped EXE
-
\??\c:\lc8ju00.exec:\lc8ju00.exe31⤵
- Executes dropped EXE
-
\??\c:\4181k.exec:\4181k.exe32⤵
- Executes dropped EXE
-
\??\c:\rouan6.exec:\rouan6.exe33⤵
- Executes dropped EXE
-
\??\c:\b2k9s.exec:\b2k9s.exe34⤵
- Executes dropped EXE
-
\??\c:\p9s591w.exec:\p9s591w.exe35⤵
- Executes dropped EXE
-
\??\c:\rkb947.exec:\rkb947.exe36⤵
- Executes dropped EXE
-
\??\c:\2vqc06u.exec:\2vqc06u.exe37⤵
- Executes dropped EXE
-
\??\c:\307s41n.exec:\307s41n.exe38⤵
- Executes dropped EXE
-
\??\c:\hnqx33.exec:\hnqx33.exe39⤵
- Executes dropped EXE
-
\??\c:\7fo69.exec:\7fo69.exe40⤵
- Executes dropped EXE
-
\??\c:\ou1ix92.exec:\ou1ix92.exe41⤵
- Executes dropped EXE
-
\??\c:\9qol72.exec:\9qol72.exe42⤵
- Executes dropped EXE
-
\??\c:\60nrr3j.exec:\60nrr3j.exe43⤵
- Executes dropped EXE
-
\??\c:\o1ltc6.exec:\o1ltc6.exe44⤵
- Executes dropped EXE
-
\??\c:\96x66.exec:\96x66.exe45⤵
- Executes dropped EXE
-
\??\c:\ov8861.exec:\ov8861.exe46⤵
- Executes dropped EXE
-
\??\c:\wur262a.exec:\wur262a.exe47⤵
- Executes dropped EXE
-
\??\c:\1o517.exec:\1o517.exe48⤵
- Executes dropped EXE
-
\??\c:\8gk3kn.exec:\8gk3kn.exe49⤵
- Executes dropped EXE
-
\??\c:\f5135aj.exec:\f5135aj.exe50⤵
- Executes dropped EXE
-
\??\c:\9fo1m.exec:\9fo1m.exe51⤵
- Executes dropped EXE
-
\??\c:\n191p0.exec:\n191p0.exe52⤵
- Executes dropped EXE
-
\??\c:\t7calm.exec:\t7calm.exe53⤵
- Executes dropped EXE
-
\??\c:\ssakll.exec:\ssakll.exe54⤵
- Executes dropped EXE
-
\??\c:\a94rc.exec:\a94rc.exe55⤵
- Executes dropped EXE
-
\??\c:\kn581t.exec:\kn581t.exe56⤵
- Executes dropped EXE
-
\??\c:\o1r2ui7.exec:\o1r2ui7.exe57⤵
- Executes dropped EXE
-
\??\c:\29d83nr.exec:\29d83nr.exe58⤵
- Executes dropped EXE
-
\??\c:\xge1h6.exec:\xge1h6.exe59⤵
- Executes dropped EXE
-
\??\c:\t11lq9.exec:\t11lq9.exe60⤵
- Executes dropped EXE
-
\??\c:\rcxa5j.exec:\rcxa5j.exe61⤵
- Executes dropped EXE
-
\??\c:\eg9p6k9.exec:\eg9p6k9.exe62⤵
- Executes dropped EXE
-
\??\c:\x397g7.exec:\x397g7.exe63⤵
- Executes dropped EXE
-
\??\c:\6r5kwe9.exec:\6r5kwe9.exe64⤵
- Executes dropped EXE
-
\??\c:\7q39r7e.exec:\7q39r7e.exe65⤵
- Executes dropped EXE
-
\??\c:\27o1ro.exec:\27o1ro.exe66⤵
-
\??\c:\0eh5br.exec:\0eh5br.exe67⤵
-
\??\c:\g33o5.exec:\g33o5.exe68⤵
-
\??\c:\1cu68.exec:\1cu68.exe69⤵
-
\??\c:\212173r.exec:\212173r.exe70⤵
-
\??\c:\jn1o74.exec:\jn1o74.exe71⤵
-
\??\c:\cps3ux.exec:\cps3ux.exe72⤵
-
\??\c:\p1j83u8.exec:\p1j83u8.exe73⤵
-
\??\c:\g178e28.exec:\g178e28.exe74⤵
-
\??\c:\o5os30.exec:\o5os30.exe75⤵
-
\??\c:\34571b.exec:\34571b.exe76⤵
-
\??\c:\7e21sgp.exec:\7e21sgp.exe77⤵
-
\??\c:\u2vaq.exec:\u2vaq.exe78⤵
-
\??\c:\x9g5n.exec:\x9g5n.exe79⤵
-
\??\c:\455l7.exec:\455l7.exe80⤵
-
\??\c:\rh2v1.exec:\rh2v1.exe81⤵
-
\??\c:\16695.exec:\16695.exe82⤵
-
\??\c:\945152.exec:\945152.exe83⤵
-
\??\c:\4ocig39.exec:\4ocig39.exe84⤵
-
\??\c:\c83d7s.exec:\c83d7s.exe85⤵
-
\??\c:\f53ad3.exec:\f53ad3.exe86⤵
-
\??\c:\o432u9p.exec:\o432u9p.exe87⤵
-
\??\c:\38d7i8j.exec:\38d7i8j.exe88⤵
-
\??\c:\6ds9m32.exec:\6ds9m32.exe89⤵
-
\??\c:\937j1.exec:\937j1.exe90⤵
-
\??\c:\52791a.exec:\52791a.exe91⤵
-
\??\c:\991c3g.exec:\991c3g.exe92⤵
-
\??\c:\sg56fof.exec:\sg56fof.exe93⤵
-
\??\c:\923a1.exec:\923a1.exe94⤵
-
\??\c:\b5t1bb4.exec:\b5t1bb4.exe95⤵
-
\??\c:\d9a9jw.exec:\d9a9jw.exe96⤵
-
\??\c:\v9jt074.exec:\v9jt074.exe97⤵
-
\??\c:\68jjudg.exec:\68jjudg.exe98⤵
-
\??\c:\xp841xi.exec:\xp841xi.exe99⤵
-
\??\c:\0vs32.exec:\0vs32.exe100⤵
-
\??\c:\4ti8uip.exec:\4ti8uip.exe101⤵
-
\??\c:\68gga.exec:\68gga.exe102⤵
-
\??\c:\a9sw8k2.exec:\a9sw8k2.exe103⤵
-
\??\c:\s4315d.exec:\s4315d.exe104⤵
-
\??\c:\l3808k.exec:\l3808k.exe105⤵
-
\??\c:\ne109h.exec:\ne109h.exe106⤵
-
\??\c:\tnh5ux.exec:\tnh5ux.exe107⤵
-
\??\c:\7367sg5.exec:\7367sg5.exe108⤵
-
\??\c:\esm8h5.exec:\esm8h5.exe109⤵
-
\??\c:\b82s9.exec:\b82s9.exe110⤵
-
\??\c:\nps8s.exec:\nps8s.exe111⤵
-
\??\c:\tw7gf8.exec:\tw7gf8.exe112⤵
-
\??\c:\kuw6ba5.exec:\kuw6ba5.exe113⤵
-
\??\c:\af5p00.exec:\af5p00.exe114⤵
-
\??\c:\2fc049.exec:\2fc049.exe115⤵
-
\??\c:\084cr5j.exec:\084cr5j.exe116⤵
-
\??\c:\q8jfi.exec:\q8jfi.exe117⤵
-
\??\c:\fo4q1r.exec:\fo4q1r.exe118⤵
-
\??\c:\7k75u.exec:\7k75u.exe119⤵
-
\??\c:\luh1pa.exec:\luh1pa.exe120⤵
-
\??\c:\187mb.exec:\187mb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-