Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
26/05/2024, 23:47
General
-
Target
82f738009cc8eca09eb63f130f5a08239f0eafb9b2cb8b4e967aa40037834c71.exe
-
Size
62KB
-
MD5
73b6889383c902479af41d20da85a9d9
-
SHA1
801445647689d4f538c104e9526446955d710881
-
SHA256
82f738009cc8eca09eb63f130f5a08239f0eafb9b2cb8b4e967aa40037834c71
-
SHA512
3df075b598cbdead6c8b10629f7a7e40d94614e243c8ae91420eb7a44d7164424c605d2a15f26c06a45290ede8059c65d73a5b32ab7ead5a3fa6909f68359c02
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDISoFGDnV:ymb3NkkiQ3mdBjFIkjV
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
UPX dump on OEP (original entry point) 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 21 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\82f738009cc8eca09eb63f130f5a08239f0eafb9b2cb8b4e967aa40037834c71.exe"C:\Users\Admin\AppData\Local\Temp\82f738009cc8eca09eb63f130f5a08239f0eafb9b2cb8b4e967aa40037834c71.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjpv.exec:\jdjpv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxxlrr.exec:\rfxxlrr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\48024.exec:\48024.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k68800.exec:\k68800.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnhbt.exec:\hnnhbt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxxrrf.exec:\flxxrrf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\446244.exec:\446244.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\46260.exec:\46260.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrlfrf.exec:\xfrlfrf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\00640.exec:\00640.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvpj.exec:\vdvpj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\42446.exec:\42446.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jpdv.exec:\5jpdv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\80826.exec:\80826.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lxrxrx.exec:\9lxrxrx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4042688.exec:\4042688.exe17⤵
- Executes dropped EXE
-
\??\c:\lfrxrll.exec:\lfrxrll.exe18⤵
- Executes dropped EXE
-
\??\c:\6844000.exec:\6844000.exe19⤵
- Executes dropped EXE
-
\??\c:\3lxxllx.exec:\3lxxllx.exe20⤵
- Executes dropped EXE
-
\??\c:\60880.exec:\60880.exe21⤵
- Executes dropped EXE
-
\??\c:\jdjjv.exec:\jdjjv.exe22⤵
- Executes dropped EXE
-
\??\c:\m0884.exec:\m0884.exe23⤵
- Executes dropped EXE
-
\??\c:\lflxffl.exec:\lflxffl.exe24⤵
- Executes dropped EXE
-
\??\c:\7thhhb.exec:\7thhhb.exe25⤵
- Executes dropped EXE
-
\??\c:\420688.exec:\420688.exe26⤵
- Executes dropped EXE
-
\??\c:\9xrlxrl.exec:\9xrlxrl.exe27⤵
- Executes dropped EXE
-
\??\c:\428400.exec:\428400.exe28⤵
- Executes dropped EXE
-
\??\c:\lflrxfr.exec:\lflrxfr.exe29⤵
- Executes dropped EXE
-
\??\c:\0844268.exec:\0844268.exe30⤵
- Executes dropped EXE
-
\??\c:\622680.exec:\622680.exe31⤵
- Executes dropped EXE
-
\??\c:\xlrrfrr.exec:\xlrrfrr.exe32⤵
- Executes dropped EXE
-
\??\c:\44668.exec:\44668.exe33⤵
- Executes dropped EXE
-
\??\c:\xxlxllx.exec:\xxlxllx.exe34⤵
- Executes dropped EXE
-
\??\c:\3nttnt.exec:\3nttnt.exe35⤵
- Executes dropped EXE
-
\??\c:\824640.exec:\824640.exe36⤵
- Executes dropped EXE
-
\??\c:\rlxxlxf.exec:\rlxxlxf.exe37⤵
- Executes dropped EXE
-
\??\c:\9btthn.exec:\9btthn.exe38⤵
- Executes dropped EXE
-
\??\c:\xlrrlfr.exec:\xlrrlfr.exe39⤵
- Executes dropped EXE
-
\??\c:\802066.exec:\802066.exe40⤵
- Executes dropped EXE
-
\??\c:\026820.exec:\026820.exe41⤵
- Executes dropped EXE
-
\??\c:\646604.exec:\646604.exe42⤵
- Executes dropped EXE
-
\??\c:\vpjpv.exec:\vpjpv.exe43⤵
- Executes dropped EXE
-
\??\c:\m8884.exec:\m8884.exe44⤵
- Executes dropped EXE
-
\??\c:\084620.exec:\084620.exe45⤵
- Executes dropped EXE
-
\??\c:\202848.exec:\202848.exe46⤵
- Executes dropped EXE
-
\??\c:\2406248.exec:\2406248.exe47⤵
- Executes dropped EXE
-
\??\c:\22028.exec:\22028.exe48⤵
- Executes dropped EXE
-
\??\c:\dvdpd.exec:\dvdpd.exe49⤵
- Executes dropped EXE
-
\??\c:\nhbnnn.exec:\nhbnnn.exe50⤵
- Executes dropped EXE
-
\??\c:\8486008.exec:\8486008.exe51⤵
- Executes dropped EXE
-
\??\c:\bbnhhh.exec:\bbnhhh.exe52⤵
- Executes dropped EXE
-
\??\c:\dppjv.exec:\dppjv.exe53⤵
- Executes dropped EXE
-
\??\c:\86202.exec:\86202.exe54⤵
- Executes dropped EXE
-
\??\c:\4246402.exec:\4246402.exe55⤵
- Executes dropped EXE
-
\??\c:\886820.exec:\886820.exe56⤵
- Executes dropped EXE
-
\??\c:\44624.exec:\44624.exe57⤵
- Executes dropped EXE
-
\??\c:\fxllrxf.exec:\fxllrxf.exe58⤵
- Executes dropped EXE
-
\??\c:\nhntbh.exec:\nhntbh.exe59⤵
- Executes dropped EXE
-
\??\c:\nhnthn.exec:\nhnthn.exe60⤵
- Executes dropped EXE
-
\??\c:\888080.exec:\888080.exe61⤵
- Executes dropped EXE
-
\??\c:\tnbtbb.exec:\tnbtbb.exe62⤵
- Executes dropped EXE
-
\??\c:\4240068.exec:\4240068.exe63⤵
- Executes dropped EXE
-
\??\c:\60284.exec:\60284.exe64⤵
- Executes dropped EXE
-
\??\c:\bbtbth.exec:\bbtbth.exe65⤵
- Executes dropped EXE
-
\??\c:\4244428.exec:\4244428.exe66⤵
-
\??\c:\s8664.exec:\s8664.exe67⤵
-
\??\c:\004846.exec:\004846.exe68⤵
-
\??\c:\26828.exec:\26828.exe69⤵
-
\??\c:\08040.exec:\08040.exe70⤵
-
\??\c:\hbbbnn.exec:\hbbbnn.exe71⤵
-
\??\c:\fxfxlrf.exec:\fxfxlrf.exe72⤵
-
\??\c:\24488.exec:\24488.exe73⤵
-
\??\c:\0024024.exec:\0024024.exe74⤵
-
\??\c:\484000.exec:\484000.exe75⤵
-
\??\c:\w20026.exec:\w20026.exe76⤵
-
\??\c:\288686.exec:\288686.exe77⤵
-
\??\c:\6466220.exec:\6466220.exe78⤵
-
\??\c:\264846.exec:\264846.exe79⤵
-
\??\c:\bhbtth.exec:\bhbtth.exe80⤵
-
\??\c:\hnbbhb.exec:\hnbbhb.exe81⤵
-
\??\c:\flfrrll.exec:\flfrrll.exe82⤵
-
\??\c:\hnbtbn.exec:\hnbtbn.exe83⤵
-
\??\c:\pdddd.exec:\pdddd.exe84⤵
-
\??\c:\jppjv.exec:\jppjv.exe85⤵
-
\??\c:\nhtbbn.exec:\nhtbbn.exe86⤵
-
\??\c:\xlflfxl.exec:\xlflfxl.exe87⤵
-
\??\c:\46840.exec:\46840.exe88⤵
-
\??\c:\4802402.exec:\4802402.exe89⤵
-
\??\c:\8288402.exec:\8288402.exe90⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe91⤵
-
\??\c:\lflrlrf.exec:\lflrlrf.exe92⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe93⤵
-
\??\c:\204888.exec:\204888.exe94⤵
-
\??\c:\0468024.exec:\0468024.exe95⤵
-
\??\c:\062604.exec:\062604.exe96⤵
-
\??\c:\646220.exec:\646220.exe97⤵
-
\??\c:\08064.exec:\08064.exe98⤵
-
\??\c:\1ppjj.exec:\1ppjj.exe99⤵
-
\??\c:\pjvjd.exec:\pjvjd.exe100⤵
-
\??\c:\w64426.exec:\w64426.exe101⤵
-
\??\c:\pjpdd.exec:\pjpdd.exe102⤵
-
\??\c:\2028006.exec:\2028006.exe103⤵
-
\??\c:\s2428.exec:\s2428.exe104⤵
-
\??\c:\1pddd.exec:\1pddd.exe105⤵
-
\??\c:\08844.exec:\08844.exe106⤵
-
\??\c:\66042.exec:\66042.exe107⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe108⤵
-
\??\c:\w24444.exec:\w24444.exe109⤵
-
\??\c:\vpddj.exec:\vpddj.exe110⤵
-
\??\c:\btnttt.exec:\btnttt.exe111⤵
-
\??\c:\rrflrrf.exec:\rrflrrf.exe112⤵
-
\??\c:\024088.exec:\024088.exe113⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe114⤵
-
\??\c:\7pddj.exec:\7pddj.exe115⤵
-
\??\c:\fxlrxxl.exec:\fxlrxxl.exe116⤵
-
\??\c:\hbnbnh.exec:\hbnbnh.exe117⤵
-
\??\c:\hbhhbb.exec:\hbhhbb.exe118⤵
-
\??\c:\8000488.exec:\8000488.exe119⤵
-
\??\c:\826262.exec:\826262.exe120⤵
-
\??\c:\u080624.exec:\u080624.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-