Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
27/05/2024, 21:09
General
-
Target
3ae0de75564dd6ed8fafb2016d82010d438144f77bdbd5fdd4bd9e61f9af982c.exe
-
Size
67KB
-
MD5
08f776fa66adaa2709be6cd8ab81f792
-
SHA1
c69f0d2c0aa0e10e5f0be035b1464d4dc510909b
-
SHA256
3ae0de75564dd6ed8fafb2016d82010d438144f77bdbd5fdd4bd9e61f9af982c
-
SHA512
fc7c9fb4994b098b1414e06bf7967f8f9d686fe06d383a55cba8e85a7f5d410a43b0cd7ab33111a3f124709fe93d3a983273ae2ae6a979e3d6ee18cf0075012a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzk358nLrx:ymb3NkkiQ3mdBjFIvl358nLrx
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
UPX dump on OEP (original entry point) 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3ae0de75564dd6ed8fafb2016d82010d438144f77bdbd5fdd4bd9e61f9af982c.exe"C:\Users\Admin\AppData\Local\Temp\3ae0de75564dd6ed8fafb2016d82010d438144f77bdbd5fdd4bd9e61f9af982c.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvpj.exec:\pvvpj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjv.exec:\vjpjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbtnn.exec:\hnbtnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthbbb.exec:\tthbbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjdv.exec:\jpjdv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fxrffr.exec:\9fxrffr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxrrr.exec:\lffxrrr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbttn.exec:\bbbttn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvjd.exec:\pvvjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdv.exec:\pjjdv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rxxllf.exec:\1rxxllf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbnhh.exec:\thbnhh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jdvj.exec:\7jdvj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrlllf.exec:\flrlllf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbnbn.exec:\htbnbn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bbthn.exec:\3bbthn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdpv.exec:\ppdpv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxlfrr.exec:\lfxlfrr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbtt.exec:\hbbbtt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbtnb.exec:\btbtnb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddvp.exec:\pddvp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxllr.exec:\xrfxllr.exe23⤵
- Executes dropped EXE
-
\??\c:\bhnhtt.exec:\bhnhtt.exe24⤵
- Executes dropped EXE
-
\??\c:\bttnbb.exec:\bttnbb.exe25⤵
- Executes dropped EXE
-
\??\c:\vvdvp.exec:\vvdvp.exe26⤵
- Executes dropped EXE
-
\??\c:\jjpjp.exec:\jjpjp.exe27⤵
- Executes dropped EXE
-
\??\c:\3rrlxfr.exec:\3rrlxfr.exe28⤵
- Executes dropped EXE
-
\??\c:\hbbnnn.exec:\hbbnnn.exe29⤵
- Executes dropped EXE
-
\??\c:\5btnbb.exec:\5btnbb.exe30⤵
- Executes dropped EXE
-
\??\c:\nnttbb.exec:\nnttbb.exe31⤵
- Executes dropped EXE
-
\??\c:\tnttbb.exec:\tnttbb.exe32⤵
- Executes dropped EXE
-
\??\c:\jpppd.exec:\jpppd.exe33⤵
- Executes dropped EXE
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe34⤵
- Executes dropped EXE
-
\??\c:\nhbbtt.exec:\nhbbtt.exe35⤵
- Executes dropped EXE
-
\??\c:\tbhhbt.exec:\tbhhbt.exe36⤵
- Executes dropped EXE
-
\??\c:\vjjjd.exec:\vjjjd.exe37⤵
- Executes dropped EXE
-
\??\c:\lxxlfxx.exec:\lxxlfxx.exe38⤵
- Executes dropped EXE
-
\??\c:\tbbbnn.exec:\tbbbnn.exe39⤵
- Executes dropped EXE
-
\??\c:\3vjjv.exec:\3vjjv.exe40⤵
- Executes dropped EXE
-
\??\c:\jdvvp.exec:\jdvvp.exe41⤵
- Executes dropped EXE
-
\??\c:\llfxrll.exec:\llfxrll.exe42⤵
- Executes dropped EXE
-
\??\c:\hhnntt.exec:\hhnntt.exe43⤵
- Executes dropped EXE
-
\??\c:\jpvjd.exec:\jpvjd.exe44⤵
- Executes dropped EXE
-
\??\c:\lfffxrf.exec:\lfffxrf.exe45⤵
- Executes dropped EXE
-
\??\c:\nthtbn.exec:\nthtbn.exe46⤵
- Executes dropped EXE
-
\??\c:\jdvpp.exec:\jdvpp.exe47⤵
- Executes dropped EXE
-
\??\c:\jpjdp.exec:\jpjdp.exe48⤵
- Executes dropped EXE
-
\??\c:\fxxxrll.exec:\fxxxrll.exe49⤵
- Executes dropped EXE
-
\??\c:\7nttnb.exec:\7nttnb.exe50⤵
- Executes dropped EXE
-
\??\c:\jjdjd.exec:\jjdjd.exe51⤵
- Executes dropped EXE
-
\??\c:\dpvpp.exec:\dpvpp.exe52⤵
- Executes dropped EXE
-
\??\c:\5flllll.exec:\5flllll.exe53⤵
- Executes dropped EXE
-
\??\c:\xrrrrrl.exec:\xrrrrrl.exe54⤵
- Executes dropped EXE
-
\??\c:\tnnbtb.exec:\tnnbtb.exe55⤵
- Executes dropped EXE
-
\??\c:\vpvvd.exec:\vpvvd.exe56⤵
- Executes dropped EXE
-
\??\c:\vjjdp.exec:\vjjdp.exe57⤵
- Executes dropped EXE
-
\??\c:\lrlffrl.exec:\lrlffrl.exe58⤵
- Executes dropped EXE
-
\??\c:\xflfxrl.exec:\xflfxrl.exe59⤵
- Executes dropped EXE
-
\??\c:\5nnhhb.exec:\5nnhhb.exe60⤵
- Executes dropped EXE
-
\??\c:\nbbthb.exec:\nbbthb.exe61⤵
- Executes dropped EXE
-
\??\c:\ddvvj.exec:\ddvvj.exe62⤵
- Executes dropped EXE
-
\??\c:\pvpjd.exec:\pvpjd.exe63⤵
- Executes dropped EXE
-
\??\c:\3xlfrlf.exec:\3xlfrlf.exe64⤵
- Executes dropped EXE
-
\??\c:\frllffx.exec:\frllffx.exe65⤵
- Executes dropped EXE
-
\??\c:\5hhbtb.exec:\5hhbtb.exe66⤵
-
\??\c:\tnhthh.exec:\tnhthh.exe67⤵
-
\??\c:\7djdp.exec:\7djdp.exe68⤵
-
\??\c:\3dvpd.exec:\3dvpd.exe69⤵
-
\??\c:\xrfxrll.exec:\xrfxrll.exe70⤵
-
\??\c:\rlxrlll.exec:\rlxrlll.exe71⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe72⤵
-
\??\c:\nhnnnh.exec:\nhnnnh.exe73⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe74⤵
-
\??\c:\1xrlfxx.exec:\1xrlfxx.exe75⤵
-
\??\c:\rlxfxff.exec:\rlxfxff.exe76⤵
-
\??\c:\hnhhbb.exec:\hnhhbb.exe77⤵
-
\??\c:\nnbbtt.exec:\nnbbtt.exe78⤵
-
\??\c:\9xfxrlf.exec:\9xfxrlf.exe79⤵
-
\??\c:\bthhbb.exec:\bthhbb.exe80⤵
-
\??\c:\hbttnn.exec:\hbttnn.exe81⤵
-
\??\c:\pdvjv.exec:\pdvjv.exe82⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe83⤵
-
\??\c:\lffrfrl.exec:\lffrfrl.exe84⤵
-
\??\c:\lfllfxx.exec:\lfllfxx.exe85⤵
-
\??\c:\3tbbth.exec:\3tbbth.exe86⤵
-
\??\c:\jvpdv.exec:\jvpdv.exe87⤵
-
\??\c:\7lfxllf.exec:\7lfxllf.exe88⤵
-
\??\c:\lrrlfxr.exec:\lrrlfxr.exe89⤵
-
\??\c:\nbhhbt.exec:\nbhhbt.exe90⤵
-
\??\c:\pvvjd.exec:\pvvjd.exe91⤵
-
\??\c:\vvpjp.exec:\vvpjp.exe92⤵
-
\??\c:\flffrrr.exec:\flffrrr.exe93⤵
-
\??\c:\xxfxrrl.exec:\xxfxrrl.exe94⤵
-
\??\c:\bntnhb.exec:\bntnhb.exe95⤵
-
\??\c:\5ddpd.exec:\5ddpd.exe96⤵
-
\??\c:\ddjjd.exec:\ddjjd.exe97⤵
-
\??\c:\fxrrlll.exec:\fxrrlll.exe98⤵
-
\??\c:\fffxrfx.exec:\fffxrfx.exe99⤵
-
\??\c:\ntttnn.exec:\ntttnn.exe100⤵
-
\??\c:\jvdjp.exec:\jvdjp.exe101⤵
-
\??\c:\lllrlrl.exec:\lllrlrl.exe102⤵
-
\??\c:\fxrrlfx.exec:\fxrrlfx.exe103⤵
-
\??\c:\hnhhhb.exec:\hnhhhb.exe104⤵
-
\??\c:\3hnnnt.exec:\3hnnnt.exe105⤵
-
\??\c:\dpdpp.exec:\dpdpp.exe106⤵
-
\??\c:\7xxrfxx.exec:\7xxrfxx.exe107⤵
-
\??\c:\rlxrfxl.exec:\rlxrfxl.exe108⤵
-
\??\c:\hhbbtt.exec:\hhbbtt.exe109⤵
-
\??\c:\hbbtnh.exec:\hbbtnh.exe110⤵
-
\??\c:\vppjp.exec:\vppjp.exe111⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe112⤵
-
\??\c:\rrfxrfx.exec:\rrfxrfx.exe113⤵
-
\??\c:\rlrlrlr.exec:\rlrlrlr.exe114⤵
-
\??\c:\nhtntt.exec:\nhtntt.exe115⤵
-
\??\c:\bthhtt.exec:\bthhtt.exe116⤵
-
\??\c:\5ddvj.exec:\5ddvj.exe117⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe118⤵
-
\??\c:\xrxxxff.exec:\xrxxxff.exe119⤵
-
\??\c:\5rrlfxr.exec:\5rrlfxr.exe120⤵
-
\??\c:\3hhnhb.exec:\3hhnhb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-