Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
27/05/2024, 04:22
General
-
Target
f20519a9c8f70f3e78a1ef5c8a7cedf6dd22ba5776fff8f195a3b85ba645b8f1.exe
-
Size
247KB
-
MD5
64faf630f2df173f8bc440f5db9f7d72
-
SHA1
db21c91b016f48ef9c2cb6edad8ec2feae322eea
-
SHA256
f20519a9c8f70f3e78a1ef5c8a7cedf6dd22ba5776fff8f195a3b85ba645b8f1
-
SHA512
89645a481e32cd947517fa54630185aa6f05ed690fef53d68fcc89c5e17202165e9e29b13e9c13367666a8b5e7812fff1be60d5001e9fe56b298b80a3600134c
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4MAWvGjR17:n3C9BRo7MlrWKo+lxtvGt17
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
UPX dump on OEP (original entry point) 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f20519a9c8f70f3e78a1ef5c8a7cedf6dd22ba5776fff8f195a3b85ba645b8f1.exe"C:\Users\Admin\AppData\Local\Temp\f20519a9c8f70f3e78a1ef5c8a7cedf6dd22ba5776fff8f195a3b85ba645b8f1.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpjp.exec:\jjpjp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrfrlf.exec:\xxrfrlf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnhbb.exec:\bhnhbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpjj.exec:\ddpjj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpj.exec:\jdvpj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ppjv.exec:\9ppjv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxfrfl.exec:\ffxfrfl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntnnn.exec:\hntnnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhthnn.exec:\bhthnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdp.exec:\pjjdp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxrfxr.exec:\flxrfxr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthbhh.exec:\bthbhh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3flfflf.exec:\3flfflf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbnhh.exec:\hhbnhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdv.exec:\jdjdv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lrrlll.exec:\3lrrlll.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbhhh.exec:\bbbhhh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjvj.exec:\dpjvj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfffxx.exec:\xrfffxx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnnn.exec:\bttnnn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrxxfr.exec:\xrrxxfr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrrrr.exec:\fxxrrrr.exe23⤵
- Executes dropped EXE
-
\??\c:\tnhtbb.exec:\tnhtbb.exe24⤵
- Executes dropped EXE
-
\??\c:\xfrfrfl.exec:\xfrfrfl.exe25⤵
- Executes dropped EXE
-
\??\c:\xllrxfx.exec:\xllrxfx.exe26⤵
- Executes dropped EXE
-
\??\c:\bhnnbb.exec:\bhnnbb.exe27⤵
- Executes dropped EXE
-
\??\c:\fxxxrrr.exec:\fxxxrrr.exe28⤵
- Executes dropped EXE
-
\??\c:\xflllxx.exec:\xflllxx.exe29⤵
- Executes dropped EXE
-
\??\c:\1bbttt.exec:\1bbttt.exe30⤵
- Executes dropped EXE
-
\??\c:\xxlrflf.exec:\xxlrflf.exe31⤵
- Executes dropped EXE
-
\??\c:\bthnbb.exec:\bthnbb.exe32⤵
- Executes dropped EXE
-
\??\c:\ddjjd.exec:\ddjjd.exe33⤵
- Executes dropped EXE
-
\??\c:\lfrfrfx.exec:\lfrfrfx.exe34⤵
- Executes dropped EXE
-
\??\c:\ntttnn.exec:\ntttnn.exe35⤵
- Executes dropped EXE
-
\??\c:\nbtthn.exec:\nbtthn.exe36⤵
-
\??\c:\5ddvd.exec:\5ddvd.exe37⤵
- Executes dropped EXE
-
\??\c:\1rxrrrf.exec:\1rxrrrf.exe38⤵
- Executes dropped EXE
-
\??\c:\xrrfxll.exec:\xrrfxll.exe39⤵
- Executes dropped EXE
-
\??\c:\3tbbtb.exec:\3tbbtb.exe40⤵
- Executes dropped EXE
-
\??\c:\dpppv.exec:\dpppv.exe41⤵
- Executes dropped EXE
-
\??\c:\ppjjd.exec:\ppjjd.exe42⤵
- Executes dropped EXE
-
\??\c:\lrxrllf.exec:\lrxrllf.exe43⤵
- Executes dropped EXE
-
\??\c:\nnttbb.exec:\nnttbb.exe44⤵
- Executes dropped EXE
-
\??\c:\nnhnnn.exec:\nnhnnn.exe45⤵
- Executes dropped EXE
-
\??\c:\pvjdv.exec:\pvjdv.exe46⤵
- Executes dropped EXE
-
\??\c:\7flxrrl.exec:\7flxrrl.exe47⤵
- Executes dropped EXE
-
\??\c:\tbtnhb.exec:\tbtnhb.exe48⤵
- Executes dropped EXE
-
\??\c:\1vdvj.exec:\1vdvj.exe49⤵
- Executes dropped EXE
-
\??\c:\vdvpj.exec:\vdvpj.exe50⤵
- Executes dropped EXE
-
\??\c:\llfffxf.exec:\llfffxf.exe51⤵
- Executes dropped EXE
-
\??\c:\1nhbnh.exec:\1nhbnh.exe52⤵
- Executes dropped EXE
-
\??\c:\bhnbth.exec:\bhnbth.exe53⤵
- Executes dropped EXE
-
\??\c:\jppjd.exec:\jppjd.exe54⤵
- Executes dropped EXE
-
\??\c:\fxxxlrl.exec:\fxxxlrl.exe55⤵
- Executes dropped EXE
-
\??\c:\frxrxrl.exec:\frxrxrl.exe56⤵
- Executes dropped EXE
-
\??\c:\htttnh.exec:\htttnh.exe57⤵
- Executes dropped EXE
-
\??\c:\1jjdp.exec:\1jjdp.exe58⤵
- Executes dropped EXE
-
\??\c:\7lrxrll.exec:\7lrxrll.exe59⤵
- Executes dropped EXE
-
\??\c:\bhhbnn.exec:\bhhbnn.exe60⤵
- Executes dropped EXE
-
\??\c:\jpppj.exec:\jpppj.exe61⤵
- Executes dropped EXE
-
\??\c:\rffxrlf.exec:\rffxrlf.exe62⤵
- Executes dropped EXE
-
\??\c:\1lrxlxf.exec:\1lrxlxf.exe63⤵
- Executes dropped EXE
-
\??\c:\nbtnhb.exec:\nbtnhb.exe64⤵
- Executes dropped EXE
-
\??\c:\bhtbnn.exec:\bhtbnn.exe65⤵
- Executes dropped EXE
-
\??\c:\ddjdv.exec:\ddjdv.exe66⤵
- Executes dropped EXE
-
\??\c:\5rxfrrl.exec:\5rxfrrl.exe67⤵
-
\??\c:\tntnhh.exec:\tntnhh.exe68⤵
-
\??\c:\vvjpv.exec:\vvjpv.exe69⤵
-
\??\c:\5rfxffl.exec:\5rfxffl.exe70⤵
-
\??\c:\hbhbbt.exec:\hbhbbt.exe71⤵
-
\??\c:\9jvvv.exec:\9jvvv.exe72⤵
-
\??\c:\3dvjj.exec:\3dvjj.exe73⤵
-
\??\c:\5lrxlrx.exec:\5lrxlrx.exe74⤵
-
\??\c:\bbhhht.exec:\bbhhht.exe75⤵
-
\??\c:\httthb.exec:\httthb.exe76⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe77⤵
-
\??\c:\frxlxfl.exec:\frxlxfl.exe78⤵
-
\??\c:\bhbbbt.exec:\bhbbbt.exe79⤵
-
\??\c:\pdppv.exec:\pdppv.exe80⤵
-
\??\c:\dpjpj.exec:\dpjpj.exe81⤵
-
\??\c:\rlxrllf.exec:\rlxrllf.exe82⤵
-
\??\c:\hnnhbb.exec:\hnnhbb.exe83⤵
-
\??\c:\tthhbb.exec:\tthhbb.exe84⤵
-
\??\c:\jjjpp.exec:\jjjpp.exe85⤵
-
\??\c:\frxrllf.exec:\frxrllf.exe86⤵
-
\??\c:\thnnhh.exec:\thnnhh.exe87⤵
-
\??\c:\pdjvv.exec:\pdjvv.exe88⤵
-
\??\c:\3ffxrxx.exec:\3ffxrxx.exe89⤵
-
\??\c:\llxlxrr.exec:\llxlxrr.exe90⤵
-
\??\c:\thtnhh.exec:\thtnhh.exe91⤵
-
\??\c:\1vdpd.exec:\1vdpd.exe92⤵
-
\??\c:\rllllxr.exec:\rllllxr.exe93⤵
-
\??\c:\frrfxff.exec:\frrfxff.exe94⤵
-
\??\c:\frfrfrx.exec:\frfrfrx.exe95⤵
-
\??\c:\nhhhbb.exec:\nhhhbb.exe96⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe97⤵
-
\??\c:\rlxrxxl.exec:\rlxrxxl.exe98⤵
-
\??\c:\bbhnhn.exec:\bbhnhn.exe99⤵
-
\??\c:\jpdjp.exec:\jpdjp.exe100⤵
-
\??\c:\rxrxfxf.exec:\rxrxfxf.exe101⤵
-
\??\c:\1bhttn.exec:\1bhttn.exe102⤵
-
\??\c:\9tbnbb.exec:\9tbnbb.exe103⤵
-
\??\c:\jjdvj.exec:\jjdvj.exe104⤵
-
\??\c:\rlrxrfx.exec:\rlrxrfx.exe105⤵
-
\??\c:\xlxfrrl.exec:\xlxfrrl.exe106⤵
-
\??\c:\tbhbnn.exec:\tbhbnn.exe107⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe108⤵
-
\??\c:\rlflrlf.exec:\rlflrlf.exe109⤵
-
\??\c:\ntbtnh.exec:\ntbtnh.exe110⤵
-
\??\c:\ntttnn.exec:\ntttnn.exe111⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe112⤵
-
\??\c:\fflfxxx.exec:\fflfxxx.exe113⤵
-
\??\c:\hhhbbb.exec:\hhhbbb.exe114⤵
-
\??\c:\nnbtnh.exec:\nnbtnh.exe115⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe116⤵
-
\??\c:\rlllrll.exec:\rlllrll.exe117⤵
-
\??\c:\ntttnh.exec:\ntttnh.exe118⤵
-
\??\c:\dpjdv.exec:\dpjdv.exe119⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe120⤵
-
\??\c:\9xfrrll.exec:\9xfrrll.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-