Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
26/05/2024, 04:40
General
-
Target
f2210b70009fcf097e937f6fd43ce01e2e75be5de6d3385e8ad58ed3e55f146f.exe
-
Size
80KB
-
MD5
3ac6fc0911398b63f7e1e4f931ba5034
-
SHA1
926183e671843a781108f1123d067936faf2c9a2
-
SHA256
f2210b70009fcf097e937f6fd43ce01e2e75be5de6d3385e8ad58ed3e55f146f
-
SHA512
74f6a6535becf65f386046baef426efb91a14714a57febd91602c843c05e60b9851ef8b773ed4c7a56c976006a8e9fedcad5bddee682128880a973fa0fdb9c67
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73t6MwIYSPEpF:ymb3NkkiQ3mdBjFo73t+SM3
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
UPX dump on OEP (original entry point) 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f2210b70009fcf097e937f6fd43ce01e2e75be5de6d3385e8ad58ed3e55f146f.exe"C:\Users\Admin\AppData\Local\Temp\f2210b70009fcf097e937f6fd43ce01e2e75be5de6d3385e8ad58ed3e55f146f.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxllr.exec:\rrxxllr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nnbbt.exec:\9nnbbt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dvvj.exec:\1dvvj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3llrxxl.exec:\3llrxxl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbht.exec:\btbbht.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nhtth.exec:\5nhtth.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpdj.exec:\ddpdj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfrlxf.exec:\xrfrlxf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hbhbn.exec:\3hbhbn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbht.exec:\nbhbht.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdd.exec:\pjvdd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjpv.exec:\jjjpv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxlfrl.exec:\rlxlfrl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btthtb.exec:\btthtb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnthhh.exec:\nnthhh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjvd.exec:\ppjvd.exe17⤵
- Executes dropped EXE
-
\??\c:\vvdjj.exec:\vvdjj.exe18⤵
- Executes dropped EXE
-
\??\c:\ffxxlxx.exec:\ffxxlxx.exe19⤵
- Executes dropped EXE
-
\??\c:\hhbnbh.exec:\hhbnbh.exe20⤵
- Executes dropped EXE
-
\??\c:\tnbhtn.exec:\tnbhtn.exe21⤵
- Executes dropped EXE
-
\??\c:\ddvjj.exec:\ddvjj.exe22⤵
- Executes dropped EXE
-
\??\c:\rxllrrl.exec:\rxllrrl.exe23⤵
- Executes dropped EXE
-
\??\c:\rxrfllx.exec:\rxrfllx.exe24⤵
- Executes dropped EXE
-
\??\c:\nnhtnt.exec:\nnhtnt.exe25⤵
- Executes dropped EXE
-
\??\c:\1hbbnb.exec:\1hbbnb.exe26⤵
- Executes dropped EXE
-
\??\c:\vvpvd.exec:\vvpvd.exe27⤵
- Executes dropped EXE
-
\??\c:\ppvvd.exec:\ppvvd.exe28⤵
- Executes dropped EXE
-
\??\c:\xxllxxf.exec:\xxllxxf.exe29⤵
- Executes dropped EXE
-
\??\c:\hbbnbb.exec:\hbbnbb.exe30⤵
- Executes dropped EXE
-
\??\c:\jjdpd.exec:\jjdpd.exe31⤵
- Executes dropped EXE
-
\??\c:\pdvdd.exec:\pdvdd.exe32⤵
- Executes dropped EXE
-
\??\c:\9rfrxlx.exec:\9rfrxlx.exe33⤵
- Executes dropped EXE
-
\??\c:\lflflrf.exec:\lflflrf.exe34⤵
- Executes dropped EXE
-
\??\c:\3thbnt.exec:\3thbnt.exe35⤵
- Executes dropped EXE
-
\??\c:\hbntnh.exec:\hbntnh.exe36⤵
- Executes dropped EXE
-
\??\c:\9jdjp.exec:\9jdjp.exe37⤵
- Executes dropped EXE
-
\??\c:\9rlxffl.exec:\9rlxffl.exe38⤵
- Executes dropped EXE
-
\??\c:\llrxxxr.exec:\llrxxxr.exe39⤵
- Executes dropped EXE
-
\??\c:\5hhnhh.exec:\5hhnhh.exe40⤵
- Executes dropped EXE
-
\??\c:\1htbbb.exec:\1htbbb.exe41⤵
- Executes dropped EXE
-
\??\c:\3jpvd.exec:\3jpvd.exe42⤵
- Executes dropped EXE
-
\??\c:\lflxflx.exec:\lflxflx.exe43⤵
- Executes dropped EXE
-
\??\c:\7fxlrlf.exec:\7fxlrlf.exe44⤵
- Executes dropped EXE
-
\??\c:\nhntnt.exec:\nhntnt.exe45⤵
- Executes dropped EXE
-
\??\c:\bthhbh.exec:\bthhbh.exe46⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe47⤵
- Executes dropped EXE
-
\??\c:\ddpdv.exec:\ddpdv.exe48⤵
- Executes dropped EXE
-
\??\c:\rrlllrx.exec:\rrlllrx.exe49⤵
- Executes dropped EXE
-
\??\c:\7fxrflx.exec:\7fxrflx.exe50⤵
- Executes dropped EXE
-
\??\c:\tnbhtt.exec:\tnbhtt.exe51⤵
- Executes dropped EXE
-
\??\c:\bnntbh.exec:\bnntbh.exe52⤵
- Executes dropped EXE
-
\??\c:\vvjjv.exec:\vvjjv.exe53⤵
- Executes dropped EXE
-
\??\c:\ppdpj.exec:\ppdpj.exe54⤵
- Executes dropped EXE
-
\??\c:\lfxfffr.exec:\lfxfffr.exe55⤵
- Executes dropped EXE
-
\??\c:\rfxxllr.exec:\rfxxllr.exe56⤵
- Executes dropped EXE
-
\??\c:\bthnnb.exec:\bthnnb.exe57⤵
- Executes dropped EXE
-
\??\c:\thbbhh.exec:\thbbhh.exe58⤵
- Executes dropped EXE
-
\??\c:\9jdjj.exec:\9jdjj.exe59⤵
- Executes dropped EXE
-
\??\c:\fflrrxf.exec:\fflrrxf.exe60⤵
- Executes dropped EXE
-
\??\c:\5lflxfl.exec:\5lflxfl.exe61⤵
- Executes dropped EXE
-
\??\c:\3bhnbh.exec:\3bhnbh.exe62⤵
- Executes dropped EXE
-
\??\c:\tnttbh.exec:\tnttbh.exe63⤵
- Executes dropped EXE
-
\??\c:\7vvdv.exec:\7vvdv.exe64⤵
- Executes dropped EXE
-
\??\c:\9dpvj.exec:\9dpvj.exe65⤵
- Executes dropped EXE
-
\??\c:\1lxflxl.exec:\1lxflxl.exe66⤵
-
\??\c:\3xxlrfr.exec:\3xxlrfr.exe67⤵
-
\??\c:\hbtbht.exec:\hbtbht.exe68⤵
-
\??\c:\bthnbn.exec:\bthnbn.exe69⤵
-
\??\c:\jdjpp.exec:\jdjpp.exe70⤵
-
\??\c:\frrrlrl.exec:\frrrlrl.exe71⤵
-
\??\c:\lflrflr.exec:\lflrflr.exe72⤵
-
\??\c:\9lllfll.exec:\9lllfll.exe73⤵
-
\??\c:\hhbnbh.exec:\hhbnbh.exe74⤵
-
\??\c:\hbtbtb.exec:\hbtbtb.exe75⤵
-
\??\c:\jjpdj.exec:\jjpdj.exe76⤵
-
\??\c:\3jdvj.exec:\3jdvj.exe77⤵
-
\??\c:\ffxxfll.exec:\ffxxfll.exe78⤵
-
\??\c:\rlxxffr.exec:\rlxxffr.exe79⤵
-
\??\c:\httttn.exec:\httttn.exe80⤵
-
\??\c:\nhthbb.exec:\nhthbb.exe81⤵
-
\??\c:\ddvpv.exec:\ddvpv.exe82⤵
-
\??\c:\dddjd.exec:\dddjd.exe83⤵
-
\??\c:\xrlxflx.exec:\xrlxflx.exe84⤵
-
\??\c:\fllfxrl.exec:\fllfxrl.exe85⤵
-
\??\c:\flfrfrl.exec:\flfrfrl.exe86⤵
-
\??\c:\5bbnhb.exec:\5bbnhb.exe87⤵
-
\??\c:\bbnbtb.exec:\bbnbtb.exe88⤵
-
\??\c:\jdpvv.exec:\jdpvv.exe89⤵
-
\??\c:\jjjjv.exec:\jjjjv.exe90⤵
-
\??\c:\xfxlfxl.exec:\xfxlfxl.exe91⤵
-
\??\c:\rrrfrfx.exec:\rrrfrfx.exe92⤵
-
\??\c:\bbthtb.exec:\bbthtb.exe93⤵
-
\??\c:\nnbbhh.exec:\nnbbhh.exe94⤵
-
\??\c:\vvvdd.exec:\vvvdd.exe95⤵
-
\??\c:\3dvdj.exec:\3dvdj.exe96⤵
-
\??\c:\flllrrf.exec:\flllrrf.exe97⤵
-
\??\c:\fxllxfr.exec:\fxllxfr.exe98⤵
-
\??\c:\hbbbhn.exec:\hbbbhn.exe99⤵
-
\??\c:\1bbntb.exec:\1bbntb.exe100⤵
-
\??\c:\pjdjd.exec:\pjdjd.exe101⤵
-
\??\c:\vjdpv.exec:\vjdpv.exe102⤵
-
\??\c:\9dpdd.exec:\9dpdd.exe103⤵
-
\??\c:\rrfflrx.exec:\rrfflrx.exe104⤵
-
\??\c:\xrfrlxl.exec:\xrfrlxl.exe105⤵
-
\??\c:\9ntbhn.exec:\9ntbhn.exe106⤵
-
\??\c:\1hbhnh.exec:\1hbhnh.exe107⤵
-
\??\c:\ppjpd.exec:\ppjpd.exe108⤵
-
\??\c:\pjjjp.exec:\pjjjp.exe109⤵
-
\??\c:\fxfrrfr.exec:\fxfrrfr.exe110⤵
-
\??\c:\bbhnht.exec:\bbhnht.exe111⤵
-
\??\c:\thnbhn.exec:\thnbhn.exe112⤵
-
\??\c:\jppvj.exec:\jppvj.exe113⤵
-
\??\c:\ddppj.exec:\ddppj.exe114⤵
-
\??\c:\5ddjp.exec:\5ddjp.exe115⤵
-
\??\c:\lxflffr.exec:\lxflffr.exe116⤵
-
\??\c:\nbbnhn.exec:\nbbnhn.exe117⤵
-
\??\c:\bbhntt.exec:\bbhntt.exe118⤵
-
\??\c:\ttttbh.exec:\ttttbh.exe119⤵
-
\??\c:\7pppd.exec:\7pppd.exe120⤵
-
\??\c:\7pjvv.exec:\7pjvv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-