Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
26-05-2024 20:43
General
-
Target
39f7ab2c42ea954636dfdb1629ec4bf1ac0e399976311321acad3dbbcc8e9b99.exe
-
Size
55KB
-
MD5
c28e502d21a67804ca110e38b7b7ec7a
-
SHA1
4d32e43149a99d228ac432eae3914f0daa417028
-
SHA256
39f7ab2c42ea954636dfdb1629ec4bf1ac0e399976311321acad3dbbcc8e9b99
-
SHA512
f683edbea339b5d62964bea028eae2b2f04eb24d447bdcbd6e7560427d3af21f8f2e513ad06f9f64c5d7dea585d594d774d2480a4f206234bb3433e083aae95c
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIfEq:ymb3NkkiQ3mdBjFIB
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
UPX dump on OEP (original entry point) 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\39f7ab2c42ea954636dfdb1629ec4bf1ac0e399976311321acad3dbbcc8e9b99.exe"C:\Users\Admin\AppData\Local\Temp\39f7ab2c42ea954636dfdb1629ec4bf1ac0e399976311321acad3dbbcc8e9b99.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1dvpp.exec:\1dvpp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrllxrr.exec:\xrllxrr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxxxxx.exec:\rfxxxxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttttb.exec:\bttttb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3btttt.exec:\3btttt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpdd.exec:\jdpdd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rxxfxf.exec:\1rxxfxf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntbbb.exec:\bntbbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hhhbb.exec:\9hhhbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpjp.exec:\pdpjp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxfffl.exec:\fxxfffl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthhbh.exec:\tthhbh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddd.exec:\dvddd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpdj.exec:\jdpdj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rllffx.exec:\9rllffx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtbbt.exec:\thtbbt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjdd.exec:\dvjdd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlfffr.exec:\lrlfffr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxlxrf.exec:\xrxlxrf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bbnnn.exec:\3bbnnn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpvv.exec:\dvpvv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llllfff.exec:\llllfff.exe23⤵
- Executes dropped EXE
-
\??\c:\btbhnn.exec:\btbhnn.exe24⤵
- Executes dropped EXE
-
\??\c:\jddjv.exec:\jddjv.exe25⤵
- Executes dropped EXE
-
\??\c:\fxxxrxx.exec:\fxxxrxx.exe26⤵
- Executes dropped EXE
-
\??\c:\nnthhn.exec:\nnthhn.exe27⤵
- Executes dropped EXE
-
\??\c:\pjjjv.exec:\pjjjv.exe28⤵
- Executes dropped EXE
-
\??\c:\rflflll.exec:\rflflll.exe29⤵
- Executes dropped EXE
-
\??\c:\rrfffrl.exec:\rrfffrl.exe30⤵
- Executes dropped EXE
-
\??\c:\bhhbtn.exec:\bhhbtn.exe31⤵
- Executes dropped EXE
-
\??\c:\vpvvv.exec:\vpvvv.exe32⤵
- Executes dropped EXE
-
\??\c:\dpvpd.exec:\dpvpd.exe33⤵
- Executes dropped EXE
-
\??\c:\rfxrrrl.exec:\rfxrrrl.exe34⤵
- Executes dropped EXE
-
\??\c:\bntnnt.exec:\bntnnt.exe35⤵
- Executes dropped EXE
-
\??\c:\bhbtnb.exec:\bhbtnb.exe36⤵
- Executes dropped EXE
-
\??\c:\jjdvj.exec:\jjdvj.exe37⤵
- Executes dropped EXE
-
\??\c:\jvppd.exec:\jvppd.exe38⤵
- Executes dropped EXE
-
\??\c:\lflffxx.exec:\lflffxx.exe39⤵
- Executes dropped EXE
-
\??\c:\xrrrrrr.exec:\xrrrrrr.exe40⤵
- Executes dropped EXE
-
\??\c:\nhbntb.exec:\nhbntb.exe41⤵
- Executes dropped EXE
-
\??\c:\1pvpj.exec:\1pvpj.exe42⤵
- Executes dropped EXE
-
\??\c:\7rrlffx.exec:\7rrlffx.exe43⤵
- Executes dropped EXE
-
\??\c:\xlrlffl.exec:\xlrlffl.exe44⤵
- Executes dropped EXE
-
\??\c:\ttbhnt.exec:\ttbhnt.exe45⤵
- Executes dropped EXE
-
\??\c:\1bhhbb.exec:\1bhhbb.exe46⤵
- Executes dropped EXE
-
\??\c:\pdppp.exec:\pdppp.exe47⤵
- Executes dropped EXE
-
\??\c:\ffxxxfl.exec:\ffxxxfl.exe48⤵
- Executes dropped EXE
-
\??\c:\fxxffff.exec:\fxxffff.exe49⤵
- Executes dropped EXE
-
\??\c:\thhbth.exec:\thhbth.exe50⤵
- Executes dropped EXE
-
\??\c:\djpvp.exec:\djpvp.exe51⤵
- Executes dropped EXE
-
\??\c:\vpvjj.exec:\vpvjj.exe52⤵
- Executes dropped EXE
-
\??\c:\frxrrxr.exec:\frxrrxr.exe53⤵
- Executes dropped EXE
-
\??\c:\7htnnt.exec:\7htnnt.exe54⤵
- Executes dropped EXE
-
\??\c:\btbhtb.exec:\btbhtb.exe55⤵
- Executes dropped EXE
-
\??\c:\dpvpp.exec:\dpvpp.exe56⤵
- Executes dropped EXE
-
\??\c:\ffrlffx.exec:\ffrlffx.exe57⤵
- Executes dropped EXE
-
\??\c:\fxlffll.exec:\fxlffll.exe58⤵
- Executes dropped EXE
-
\??\c:\bbbbht.exec:\bbbbht.exe59⤵
- Executes dropped EXE
-
\??\c:\hbbhbb.exec:\hbbhbb.exe60⤵
- Executes dropped EXE
-
\??\c:\pjpjj.exec:\pjpjj.exe61⤵
- Executes dropped EXE
-
\??\c:\3rfxffr.exec:\3rfxffr.exe62⤵
- Executes dropped EXE
-
\??\c:\7rrxrfx.exec:\7rrxrfx.exe63⤵
- Executes dropped EXE
-
\??\c:\bbbbtt.exec:\bbbbtt.exe64⤵
- Executes dropped EXE
-
\??\c:\dvjpd.exec:\dvjpd.exe65⤵
- Executes dropped EXE
-
\??\c:\jvddv.exec:\jvddv.exe66⤵
-
\??\c:\3frxxxx.exec:\3frxxxx.exe67⤵
-
\??\c:\bbhbbt.exec:\bbhbbt.exe68⤵
-
\??\c:\1nttbb.exec:\1nttbb.exe69⤵
-
\??\c:\pdddd.exec:\pdddd.exe70⤵
-
\??\c:\pvjjj.exec:\pvjjj.exe71⤵
-
\??\c:\xfllfff.exec:\xfllfff.exe72⤵
-
\??\c:\1rrrrll.exec:\1rrrrll.exe73⤵
-
\??\c:\nbnbbb.exec:\nbnbbb.exe74⤵
-
\??\c:\vjpvv.exec:\vjpvv.exe75⤵
-
\??\c:\jjjjv.exec:\jjjjv.exe76⤵
-
\??\c:\rrlffrx.exec:\rrlffrx.exe77⤵
-
\??\c:\fxfxfxf.exec:\fxfxfxf.exe78⤵
-
\??\c:\bttnnn.exec:\bttnnn.exe79⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe80⤵
-
\??\c:\hbthbn.exec:\hbthbn.exe81⤵
-
\??\c:\hbbthn.exec:\hbbthn.exe82⤵
-
\??\c:\jjvvd.exec:\jjvvd.exe83⤵
-
\??\c:\xrrfrfx.exec:\xrrfrfx.exe84⤵
-
\??\c:\lxfffll.exec:\lxfffll.exe85⤵
-
\??\c:\bthbhh.exec:\bthbhh.exe86⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe87⤵
-
\??\c:\rxrrrrx.exec:\rxrrrrx.exe88⤵
-
\??\c:\hbnhhn.exec:\hbnhhn.exe89⤵
-
\??\c:\bbbhtb.exec:\bbbhtb.exe90⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe91⤵
-
\??\c:\vvpjj.exec:\vvpjj.exe92⤵
-
\??\c:\fllfxxr.exec:\fllfxxr.exe93⤵
-
\??\c:\5hnnnn.exec:\5hnnnn.exe94⤵
-
\??\c:\nnbbnn.exec:\nnbbnn.exe95⤵
-
\??\c:\vvjjp.exec:\vvjjp.exe96⤵
-
\??\c:\rlffffx.exec:\rlffffx.exe97⤵
-
\??\c:\lffffll.exec:\lffffll.exe98⤵
-
\??\c:\nhnnnb.exec:\nhnnnb.exe99⤵
-
\??\c:\1httnt.exec:\1httnt.exe100⤵
-
\??\c:\5vvvp.exec:\5vvvp.exe101⤵
-
\??\c:\rlfxfxr.exec:\rlfxfxr.exe102⤵
-
\??\c:\9rlfrrf.exec:\9rlfrrf.exe103⤵
-
\??\c:\tnnhhh.exec:\tnnhhh.exe104⤵
-
\??\c:\hthbtb.exec:\hthbtb.exe105⤵
-
\??\c:\9dpjv.exec:\9dpjv.exe106⤵
-
\??\c:\fllfrlf.exec:\fllfrlf.exe107⤵
-
\??\c:\ttbnbb.exec:\ttbnbb.exe108⤵
-
\??\c:\vvjjd.exec:\vvjjd.exe109⤵
-
\??\c:\ppjjj.exec:\ppjjj.exe110⤵
-
\??\c:\flxxlll.exec:\flxxlll.exe111⤵
-
\??\c:\rllllll.exec:\rllllll.exe112⤵
-
\??\c:\hhnnnn.exec:\hhnnnn.exe113⤵
-
\??\c:\jjpvp.exec:\jjpvp.exe114⤵
-
\??\c:\vpvdd.exec:\vpvdd.exe115⤵
-
\??\c:\9lxxrxr.exec:\9lxxrxr.exe116⤵
-
\??\c:\nttbbn.exec:\nttbbn.exe117⤵
-
\??\c:\tttnbn.exec:\tttnbn.exe118⤵
-
\??\c:\pdddp.exec:\pdddp.exe119⤵
-
\??\c:\pvvvj.exec:\pvvvj.exe120⤵
-
\??\c:\frlfxff.exec:\frlfxff.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-