Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
28/05/2024, 21:30
General
-
Target
52e99bce8a655504a1f863258411e35d3f5f11878b9a18c263920c3a48317aea.exe
-
Size
76KB
-
MD5
0ee137ecbc2743936f07e1e510da7ab6
-
SHA1
796dc40751f3ebe9175e8f16f81f5575159f2221
-
SHA256
52e99bce8a655504a1f863258411e35d3f5f11878b9a18c263920c3a48317aea
-
SHA512
72dc3dc52bc3758b971c48a7f75712444619656ae8b34bc140d0f9758e987eaf407245e2bd25bf21229112b789fa64a6260f0339cf080e0a1a06b6e85f4050f2
-
SSDEEP
1536:9vQBeOGtrYS3srx93UBWfwC6Ggnouy8PbhnyLFWoFLAxZhMDzE8H:9hOmTsF93UYfwC6GIoutz5yLpOSDV
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 41 IoCs
-
UPX dump on OEP (original entry point) 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\52e99bce8a655504a1f863258411e35d3f5f11878b9a18c263920c3a48317aea.exe"C:\Users\Admin\AppData\Local\Temp\52e99bce8a655504a1f863258411e35d3f5f11878b9a18c263920c3a48317aea.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5frrrrr.exec:\5frrrrr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bnttt.exec:\7bnttt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxlrf.exec:\fxfxlrf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrrfx.exec:\rxxrrfx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhtb.exec:\tnhhtb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjpp.exec:\vpjpp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvvj.exec:\jdvvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfflrxx.exec:\lfflrxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hbntb.exec:\1hbntb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbttnh.exec:\nbttnh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjp.exec:\jdjjp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffllrr.exec:\fffllrr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhtb.exec:\nhbhtb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbnhn.exec:\hhbnhn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddp.exec:\dvddp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxlrxf.exec:\xrxlrxf.exe17⤵
- Executes dropped EXE
-
\??\c:\hhbbhh.exec:\hhbbhh.exe18⤵
- Executes dropped EXE
-
\??\c:\nbhbhh.exec:\nbhbhh.exe19⤵
- Executes dropped EXE
-
\??\c:\pppdj.exec:\pppdj.exe20⤵
- Executes dropped EXE
-
\??\c:\dvjpj.exec:\dvjpj.exe21⤵
- Executes dropped EXE
-
\??\c:\fxlrllr.exec:\fxlrllr.exe22⤵
- Executes dropped EXE
-
\??\c:\bttbhb.exec:\bttbhb.exe23⤵
- Executes dropped EXE
-
\??\c:\1dddv.exec:\1dddv.exe24⤵
- Executes dropped EXE
-
\??\c:\vpppv.exec:\vpppv.exe25⤵
- Executes dropped EXE
-
\??\c:\fxlrffr.exec:\fxlrffr.exe26⤵
- Executes dropped EXE
-
\??\c:\hbbnbh.exec:\hbbnbh.exe27⤵
- Executes dropped EXE
-
\??\c:\jjdjd.exec:\jjdjd.exe28⤵
- Executes dropped EXE
-
\??\c:\xrfrffl.exec:\xrfrffl.exe29⤵
- Executes dropped EXE
-
\??\c:\ttnbnb.exec:\ttnbnb.exe30⤵
- Executes dropped EXE
-
\??\c:\nhbbtt.exec:\nhbbtt.exe31⤵
- Executes dropped EXE
-
\??\c:\vpdpj.exec:\vpdpj.exe32⤵
- Executes dropped EXE
-
\??\c:\xlflxlx.exec:\xlflxlx.exe33⤵
- Executes dropped EXE
-
\??\c:\1bnhnt.exec:\1bnhnt.exe34⤵
- Executes dropped EXE
-
\??\c:\7htttb.exec:\7htttb.exe35⤵
- Executes dropped EXE
-
\??\c:\dvpvd.exec:\dvpvd.exe36⤵
- Executes dropped EXE
-
\??\c:\5vvjv.exec:\5vvjv.exe37⤵
- Executes dropped EXE
-
\??\c:\xrxxllx.exec:\xrxxllx.exe38⤵
- Executes dropped EXE
-
\??\c:\tnbhnt.exec:\tnbhnt.exe39⤵
- Executes dropped EXE
-
\??\c:\1tnbnn.exec:\1tnbnn.exe40⤵
- Executes dropped EXE
-
\??\c:\pjvjv.exec:\pjvjv.exe41⤵
- Executes dropped EXE
-
\??\c:\3dpvv.exec:\3dpvv.exe42⤵
- Executes dropped EXE
-
\??\c:\flfllrf.exec:\flfllrf.exe43⤵
- Executes dropped EXE
-
\??\c:\rrflxrf.exec:\rrflxrf.exe44⤵
- Executes dropped EXE
-
\??\c:\1nntbn.exec:\1nntbn.exe45⤵
- Executes dropped EXE
-
\??\c:\9bhttn.exec:\9bhttn.exe46⤵
- Executes dropped EXE
-
\??\c:\jdpdv.exec:\jdpdv.exe47⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe48⤵
- Executes dropped EXE
-
\??\c:\xffllrf.exec:\xffllrf.exe49⤵
- Executes dropped EXE
-
\??\c:\xlfrrlf.exec:\xlfrrlf.exe50⤵
- Executes dropped EXE
-
\??\c:\nbnnbh.exec:\nbnnbh.exe51⤵
- Executes dropped EXE
-
\??\c:\btnnbb.exec:\btnnbb.exe52⤵
- Executes dropped EXE
-
\??\c:\dvppj.exec:\dvppj.exe53⤵
- Executes dropped EXE
-
\??\c:\vjppj.exec:\vjppj.exe54⤵
- Executes dropped EXE
-
\??\c:\7xlrxxf.exec:\7xlrxxf.exe55⤵
- Executes dropped EXE
-
\??\c:\3xxxffl.exec:\3xxxffl.exe56⤵
- Executes dropped EXE
-
\??\c:\9hhhbt.exec:\9hhhbt.exe57⤵
- Executes dropped EXE
-
\??\c:\bbnbhn.exec:\bbnbhn.exe58⤵
- Executes dropped EXE
-
\??\c:\ddvjp.exec:\ddvjp.exe59⤵
- Executes dropped EXE
-
\??\c:\pjvjv.exec:\pjvjv.exe60⤵
- Executes dropped EXE
-
\??\c:\xrffrrf.exec:\xrffrrf.exe61⤵
- Executes dropped EXE
-
\??\c:\5lflrrf.exec:\5lflrrf.exe62⤵
- Executes dropped EXE
-
\??\c:\ttnhbh.exec:\ttnhbh.exe63⤵
- Executes dropped EXE
-
\??\c:\ddvvv.exec:\ddvvv.exe64⤵
- Executes dropped EXE
-
\??\c:\7dpdd.exec:\7dpdd.exe65⤵
- Executes dropped EXE
-
\??\c:\fxlrlrx.exec:\fxlrlrx.exe66⤵
-
\??\c:\rllrxxf.exec:\rllrxxf.exe67⤵
-
\??\c:\bbbhnn.exec:\bbbhnn.exe68⤵
-
\??\c:\btnhtn.exec:\btnhtn.exe69⤵
-
\??\c:\vppdp.exec:\vppdp.exe70⤵
-
\??\c:\5xrrxfl.exec:\5xrrxfl.exe71⤵
-
\??\c:\fxflrfl.exec:\fxflrfl.exe72⤵
-
\??\c:\7thbhn.exec:\7thbhn.exe73⤵
-
\??\c:\nhbnnn.exec:\nhbnnn.exe74⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe75⤵
-
\??\c:\dpddd.exec:\dpddd.exe76⤵
-
\??\c:\xrllrrf.exec:\xrllrrf.exe77⤵
-
\??\c:\5xrxrxf.exec:\5xrxrxf.exe78⤵
-
\??\c:\3nhbnt.exec:\3nhbnt.exe79⤵
-
\??\c:\1tbnbb.exec:\1tbnbb.exe80⤵
-
\??\c:\vvdpd.exec:\vvdpd.exe81⤵
-
\??\c:\llffffl.exec:\llffffl.exe82⤵
-
\??\c:\lfrxffr.exec:\lfrxffr.exe83⤵
-
\??\c:\5bbnbt.exec:\5bbnbt.exe84⤵
-
\??\c:\9ntnbt.exec:\9ntnbt.exe85⤵
-
\??\c:\3vpvj.exec:\3vpvj.exe86⤵
-
\??\c:\vppvj.exec:\vppvj.exe87⤵
-
\??\c:\lfxffrl.exec:\lfxffrl.exe88⤵
-
\??\c:\lfrxlrx.exec:\lfrxlrx.exe89⤵
-
\??\c:\nhttbh.exec:\nhttbh.exe90⤵
-
\??\c:\9bnbnb.exec:\9bnbnb.exe91⤵
-
\??\c:\jdpdj.exec:\jdpdj.exe92⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe93⤵
-
\??\c:\fxlllrx.exec:\fxlllrx.exe94⤵
-
\??\c:\9llrflf.exec:\9llrflf.exe95⤵
-
\??\c:\1btbnn.exec:\1btbnn.exe96⤵
-
\??\c:\hbntnn.exec:\hbntnn.exe97⤵
-
\??\c:\jjvjp.exec:\jjvjp.exe98⤵
-
\??\c:\3ddjp.exec:\3ddjp.exe99⤵
-
\??\c:\rlllxxl.exec:\rlllxxl.exe100⤵
-
\??\c:\frfffff.exec:\frfffff.exe101⤵
-
\??\c:\3tnhtn.exec:\3tnhtn.exe102⤵
-
\??\c:\tnhnnn.exec:\tnhnnn.exe103⤵
-
\??\c:\7pdjj.exec:\7pdjj.exe104⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe105⤵
-
\??\c:\7rrxllr.exec:\7rrxllr.exe106⤵
-
\??\c:\lxflflx.exec:\lxflflx.exe107⤵
-
\??\c:\7tntnh.exec:\7tntnh.exe108⤵
-
\??\c:\hbnthh.exec:\hbnthh.exe109⤵
-
\??\c:\7bthhn.exec:\7bthhn.exe110⤵
-
\??\c:\vjppd.exec:\vjppd.exe111⤵
-
\??\c:\vppvj.exec:\vppvj.exe112⤵
-
\??\c:\llrlrxf.exec:\llrlrxf.exe113⤵
-
\??\c:\frffllr.exec:\frffllr.exe114⤵
-
\??\c:\tnntbb.exec:\tnntbb.exe115⤵
-
\??\c:\nnthnh.exec:\nnthnh.exe116⤵
-
\??\c:\jdppd.exec:\jdppd.exe117⤵
-
\??\c:\5jpvd.exec:\5jpvd.exe118⤵
-
\??\c:\1lrlllx.exec:\1lrlllx.exe119⤵
-
\??\c:\lfrlrrx.exec:\lfrlrrx.exe120⤵
-
\??\c:\tnhnhh.exec:\tnhnhh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-