Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
28-05-2024 23:12
General
-
Target
809c5fc1547f340e8bea2d7a9fad5e44bcbcc594d6c56709bed15741f049a50f.exe
-
Size
73KB
-
MD5
0390225b08b783e4b3e8f34b47b464f6
-
SHA1
f80e008a0e5880c861871dfc64561ea0f55257d0
-
SHA256
809c5fc1547f340e8bea2d7a9fad5e44bcbcc594d6c56709bed15741f049a50f
-
SHA512
4ff9a365b4d6ec6c1443470e313a12ffda93436650cc3c36f3a21e3dd3895fe8f2f67aebed88f646d935b42d02f403a95bf6ec3ea282bceded5c64f7c2ec4dfd
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIfv7+afCD+QsQbKQPVxL:ymb3NkkiQ3mdBjFIfvTfCD+HlQLL
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
UPX dump on OEP (original entry point) 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\809c5fc1547f340e8bea2d7a9fad5e44bcbcc594d6c56709bed15741f049a50f.exe"C:\Users\Admin\AppData\Local\Temp\809c5fc1547f340e8bea2d7a9fad5e44bcbcc594d6c56709bed15741f049a50f.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjdd.exec:\pvjdd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhtbh.exec:\tnhtbh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jjdp.exec:\9jjdp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjjj.exec:\pdjjj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrlxrl.exec:\flrlxrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdj.exec:\vvjdj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pdvv.exec:\7pdvv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdjj.exec:\jpdjj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllffrx.exec:\rllffrx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbhbt.exec:\ttbhbt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrxxrr.exec:\lxrxxrr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtnhb.exec:\thtnhb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddddp.exec:\ddddp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1llllrr.exec:\1llllrr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ntnhh.exec:\3ntnhh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhtbn.exec:\nhhtbn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjdv.exec:\dpjdv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fxffrx.exec:\9fxffrx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntthh.exec:\tntthh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ddvj.exec:\7ddvj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjjj.exec:\dpjjj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrxflf.exec:\rfrxflf.exe23⤵
- Executes dropped EXE
-
\??\c:\hnhntb.exec:\hnhntb.exe24⤵
- Executes dropped EXE
-
\??\c:\ppvpj.exec:\ppvpj.exe25⤵
- Executes dropped EXE
-
\??\c:\xflrllr.exec:\xflrllr.exe26⤵
- Executes dropped EXE
-
\??\c:\nhnhtb.exec:\nhnhtb.exe27⤵
- Executes dropped EXE
-
\??\c:\1jjdp.exec:\1jjdp.exe28⤵
- Executes dropped EXE
-
\??\c:\xffllxl.exec:\xffllxl.exe29⤵
- Executes dropped EXE
-
\??\c:\hhhhtt.exec:\hhhhtt.exe30⤵
- Executes dropped EXE
-
\??\c:\ffllxff.exec:\ffllxff.exe31⤵
- Executes dropped EXE
-
\??\c:\lllfxlf.exec:\lllfxlf.exe32⤵
- Executes dropped EXE
-
\??\c:\hbhhhh.exec:\hbhhhh.exe33⤵
- Executes dropped EXE
-
\??\c:\jpvdp.exec:\jpvdp.exe34⤵
- Executes dropped EXE
-
\??\c:\vvdvp.exec:\vvdvp.exe35⤵
- Executes dropped EXE
-
\??\c:\xxxfxrf.exec:\xxxfxrf.exe36⤵
- Executes dropped EXE
-
\??\c:\bnhbtn.exec:\bnhbtn.exe37⤵
- Executes dropped EXE
-
\??\c:\nbtttb.exec:\nbtttb.exe38⤵
- Executes dropped EXE
-
\??\c:\ddvdv.exec:\ddvdv.exe39⤵
- Executes dropped EXE
-
\??\c:\frrlfll.exec:\frrlfll.exe40⤵
- Executes dropped EXE
-
\??\c:\fxrlfrr.exec:\fxrlfrr.exe41⤵
- Executes dropped EXE
-
\??\c:\5hhbtt.exec:\5hhbtt.exe42⤵
- Executes dropped EXE
-
\??\c:\1ddvp.exec:\1ddvp.exe43⤵
- Executes dropped EXE
-
\??\c:\5lllflf.exec:\5lllflf.exe44⤵
- Executes dropped EXE
-
\??\c:\bbhnnh.exec:\bbhnnh.exe45⤵
- Executes dropped EXE
-
\??\c:\nhhbtn.exec:\nhhbtn.exe46⤵
- Executes dropped EXE
-
\??\c:\ddvpd.exec:\ddvpd.exe47⤵
- Executes dropped EXE
-
\??\c:\jvpjd.exec:\jvpjd.exe48⤵
- Executes dropped EXE
-
\??\c:\fxlfxll.exec:\fxlfxll.exe49⤵
- Executes dropped EXE
-
\??\c:\hhnhhb.exec:\hhnhhb.exe50⤵
- Executes dropped EXE
-
\??\c:\jjdvp.exec:\jjdvp.exe51⤵
- Executes dropped EXE
-
\??\c:\1dpjd.exec:\1dpjd.exe52⤵
- Executes dropped EXE
-
\??\c:\rrxlfrl.exec:\rrxlfrl.exe53⤵
- Executes dropped EXE
-
\??\c:\nbnhhb.exec:\nbnhhb.exe54⤵
- Executes dropped EXE
-
\??\c:\vdpvj.exec:\vdpvj.exe55⤵
- Executes dropped EXE
-
\??\c:\fxxlfxx.exec:\fxxlfxx.exe56⤵
- Executes dropped EXE
-
\??\c:\ntnhth.exec:\ntnhth.exe57⤵
- Executes dropped EXE
-
\??\c:\ddpjd.exec:\ddpjd.exe58⤵
- Executes dropped EXE
-
\??\c:\vpdvp.exec:\vpdvp.exe59⤵
- Executes dropped EXE
-
\??\c:\5frlxxr.exec:\5frlxxr.exe60⤵
- Executes dropped EXE
-
\??\c:\jpjvp.exec:\jpjvp.exe61⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe62⤵
- Executes dropped EXE
-
\??\c:\lxflxrf.exec:\lxflxrf.exe63⤵
- Executes dropped EXE
-
\??\c:\htbbtt.exec:\htbbtt.exe64⤵
- Executes dropped EXE
-
\??\c:\djddv.exec:\djddv.exe65⤵
- Executes dropped EXE
-
\??\c:\xfrflxf.exec:\xfrflxf.exe66⤵
-
\??\c:\hhbbhb.exec:\hhbbhb.exe67⤵
-
\??\c:\hbbthh.exec:\hbbthh.exe68⤵
-
\??\c:\vdjpd.exec:\vdjpd.exe69⤵
-
\??\c:\xrxrrfl.exec:\xrxrrfl.exe70⤵
-
\??\c:\tnthbb.exec:\tnthbb.exe71⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe72⤵
-
\??\c:\9dvjd.exec:\9dvjd.exe73⤵
-
\??\c:\1fxllfx.exec:\1fxllfx.exe74⤵
-
\??\c:\bbtbbh.exec:\bbtbbh.exe75⤵
-
\??\c:\3dddp.exec:\3dddp.exe76⤵
-
\??\c:\xrlfffx.exec:\xrlfffx.exe77⤵
-
\??\c:\xxffffx.exec:\xxffffx.exe78⤵
-
\??\c:\1bhhhn.exec:\1bhhhn.exe79⤵
-
\??\c:\jvjjv.exec:\jvjjv.exe80⤵
-
\??\c:\rffxllf.exec:\rffxllf.exe81⤵
-
\??\c:\tnthhh.exec:\tnthhh.exe82⤵
-
\??\c:\nthhth.exec:\nthhth.exe83⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe84⤵
-
\??\c:\frlrlfx.exec:\frlrlfx.exe85⤵
-
\??\c:\ntbtnn.exec:\ntbtnn.exe86⤵
-
\??\c:\1ddvp.exec:\1ddvp.exe87⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe88⤵
-
\??\c:\lxrlxxr.exec:\lxrlxxr.exe89⤵
-
\??\c:\hnttnn.exec:\hnttnn.exe90⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe91⤵
-
\??\c:\5pvpj.exec:\5pvpj.exe92⤵
-
\??\c:\lflrrrl.exec:\lflrrrl.exe93⤵
-
\??\c:\7htttt.exec:\7htttt.exe94⤵
-
\??\c:\1hnhtt.exec:\1hnhtt.exe95⤵
-
\??\c:\5dpjv.exec:\5dpjv.exe96⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe97⤵
-
\??\c:\9rfffff.exec:\9rfffff.exe98⤵
-
\??\c:\lfrrlrl.exec:\lfrrlrl.exe99⤵
-
\??\c:\jppjj.exec:\jppjj.exe100⤵
-
\??\c:\ddpjj.exec:\ddpjj.exe101⤵
-
\??\c:\9llfxxx.exec:\9llfxxx.exe102⤵
-
\??\c:\rrffrxx.exec:\rrffrxx.exe103⤵
-
\??\c:\nhhtnn.exec:\nhhtnn.exe104⤵
-
\??\c:\9ttbbb.exec:\9ttbbb.exe105⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe106⤵
-
\??\c:\lfxrllf.exec:\lfxrllf.exe107⤵
-
\??\c:\rfxrlfx.exec:\rfxrlfx.exe108⤵
-
\??\c:\9btbth.exec:\9btbth.exe109⤵
-
\??\c:\hhbnbb.exec:\hhbnbb.exe110⤵
-
\??\c:\jjpdj.exec:\jjpdj.exe111⤵
-
\??\c:\1ffxrlf.exec:\1ffxrlf.exe112⤵
-
\??\c:\lxfxrrr.exec:\lxfxrrr.exe113⤵
-
\??\c:\nbhhhn.exec:\nbhhhn.exe114⤵
-
\??\c:\hnbtnn.exec:\hnbtnn.exe115⤵
-
\??\c:\jpjvp.exec:\jpjvp.exe116⤵
-
\??\c:\lrfrrxx.exec:\lrfrrxx.exe117⤵
-
\??\c:\httnhb.exec:\httnhb.exe118⤵
-
\??\c:\vpvjd.exec:\vpvjd.exe119⤵
-
\??\c:\vddvj.exec:\vddvj.exe120⤵
-
\??\c:\7bbhnn.exec:\7bbhnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-