Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
28/05/2024, 03:48
General
-
Target
dda15f82aadc4edac833dd32fd66d2b9dac10a34e21b918c4d8d937b01a836e6.exe
-
Size
67KB
-
MD5
a80e634de8e51a464fd354299098f1fd
-
SHA1
494417d36dfe792e50f0bdd44dac8cbc528d61a5
-
SHA256
dda15f82aadc4edac833dd32fd66d2b9dac10a34e21b918c4d8d937b01a836e6
-
SHA512
58e5bdfce3dc88e5b0efbda676b515ae4c881d077abdf8175934444464638a70278ea6ce162b0ad1a82c27f700b22e93038bff6478efc966c120cc34c06f2907
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFdJUDbAIu:ymb3NkkiQ3mdBjFIFdJ8bG
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
UPX dump on OEP (original entry point) 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\dda15f82aadc4edac833dd32fd66d2b9dac10a34e21b918c4d8d937b01a836e6.exe"C:\Users\Admin\AppData\Local\Temp\dda15f82aadc4edac833dd32fd66d2b9dac10a34e21b918c4d8d937b01a836e6.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vjppv.exec:\vjppv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjd.exec:\dvpjd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxllf.exec:\lffxllf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbbbb.exec:\htbbbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnbnn.exec:\ttnbnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdp.exec:\jdjdp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllfxxr.exec:\fllfxxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbthhh.exec:\hbthhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdd.exec:\jdjdd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrllf.exec:\xrxrllf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthttn.exec:\hthttn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvppd.exec:\vvppd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrlfff.exec:\rlrlfff.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbtt.exec:\nbhbtt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pddp.exec:\5pddp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfffxf.exec:\rrfffxf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbbb.exec:\hthbbb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjj.exec:\vppjj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlxllf.exec:\rrlxllf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bhtnt.exec:\7bhtnt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddpj.exec:\pddpj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjd.exec:\jdpjd.exe23⤵
- Executes dropped EXE
-
\??\c:\vpdvj.exec:\vpdvj.exe24⤵
- Executes dropped EXE
-
\??\c:\3llfrrr.exec:\3llfrrr.exe25⤵
- Executes dropped EXE
-
\??\c:\lxxrxxf.exec:\lxxrxxf.exe26⤵
- Executes dropped EXE
-
\??\c:\3bbbbb.exec:\3bbbbb.exe27⤵
- Executes dropped EXE
-
\??\c:\dddvp.exec:\dddvp.exe28⤵
- Executes dropped EXE
-
\??\c:\jvdvp.exec:\jvdvp.exe29⤵
- Executes dropped EXE
-
\??\c:\lrxxxxx.exec:\lrxxxxx.exe30⤵
- Executes dropped EXE
-
\??\c:\hhhbbn.exec:\hhhbbn.exe31⤵
- Executes dropped EXE
-
\??\c:\lxxrffx.exec:\lxxrffx.exe32⤵
- Executes dropped EXE
-
\??\c:\bhhbhh.exec:\bhhbhh.exe33⤵
- Executes dropped EXE
-
\??\c:\dvddv.exec:\dvddv.exe34⤵
- Executes dropped EXE
-
\??\c:\ppdpj.exec:\ppdpj.exe35⤵
- Executes dropped EXE
-
\??\c:\fxffrfx.exec:\fxffrfx.exe36⤵
- Executes dropped EXE
-
\??\c:\rfffxrr.exec:\rfffxrr.exe37⤵
- Executes dropped EXE
-
\??\c:\hbnntn.exec:\hbnntn.exe38⤵
- Executes dropped EXE
-
\??\c:\jjpjj.exec:\jjpjj.exe39⤵
- Executes dropped EXE
-
\??\c:\fxrrfff.exec:\fxrrfff.exe40⤵
- Executes dropped EXE
-
\??\c:\7hnhbb.exec:\7hnhbb.exe41⤵
- Executes dropped EXE
-
\??\c:\pjvvj.exec:\pjvvj.exe42⤵
- Executes dropped EXE
-
\??\c:\rllfxxr.exec:\rllfxxr.exe43⤵
- Executes dropped EXE
-
\??\c:\lfffxxx.exec:\lfffxxx.exe44⤵
- Executes dropped EXE
-
\??\c:\tnntnb.exec:\tnntnb.exe45⤵
- Executes dropped EXE
-
\??\c:\jjvvj.exec:\jjvvj.exe46⤵
- Executes dropped EXE
-
\??\c:\jddvd.exec:\jddvd.exe47⤵
- Executes dropped EXE
-
\??\c:\7lxrlrl.exec:\7lxrlrl.exe48⤵
- Executes dropped EXE
-
\??\c:\3ttttt.exec:\3ttttt.exe49⤵
- Executes dropped EXE
-
\??\c:\tnttnn.exec:\tnttnn.exe50⤵
- Executes dropped EXE
-
\??\c:\jvddp.exec:\jvddp.exe51⤵
- Executes dropped EXE
-
\??\c:\7ffxrxx.exec:\7ffxrxx.exe52⤵
- Executes dropped EXE
-
\??\c:\rrrrlll.exec:\rrrrlll.exe53⤵
- Executes dropped EXE
-
\??\c:\7htbtn.exec:\7htbtn.exe54⤵
- Executes dropped EXE
-
\??\c:\vdjjj.exec:\vdjjj.exe55⤵
- Executes dropped EXE
-
\??\c:\jdddp.exec:\jdddp.exe56⤵
- Executes dropped EXE
-
\??\c:\1rllxrr.exec:\1rllxrr.exe57⤵
- Executes dropped EXE
-
\??\c:\ttnbbb.exec:\ttnbbb.exe58⤵
- Executes dropped EXE
-
\??\c:\nhtntt.exec:\nhtntt.exe59⤵
- Executes dropped EXE
-
\??\c:\jdpjd.exec:\jdpjd.exe60⤵
- Executes dropped EXE
-
\??\c:\rxlxlxf.exec:\rxlxlxf.exe61⤵
- Executes dropped EXE
-
\??\c:\nbbttt.exec:\nbbttt.exe62⤵
- Executes dropped EXE
-
\??\c:\htbbtb.exec:\htbbtb.exe63⤵
- Executes dropped EXE
-
\??\c:\vvpjd.exec:\vvpjd.exe64⤵
- Executes dropped EXE
-
\??\c:\5pdvv.exec:\5pdvv.exe65⤵
- Executes dropped EXE
-
\??\c:\lrrxllf.exec:\lrrxllf.exe66⤵
-
\??\c:\bthnhh.exec:\bthnhh.exe67⤵
-
\??\c:\jvjdj.exec:\jvjdj.exe68⤵
-
\??\c:\rrrrflf.exec:\rrrrflf.exe69⤵
-
\??\c:\tthnnn.exec:\tthnnn.exe70⤵
-
\??\c:\nhnhbb.exec:\nhnhbb.exe71⤵
-
\??\c:\7pdjj.exec:\7pdjj.exe72⤵
-
\??\c:\rxllfff.exec:\rxllfff.exe73⤵
-
\??\c:\lrrllrl.exec:\lrrllrl.exe74⤵
-
\??\c:\1bnhnn.exec:\1bnhnn.exe75⤵
-
\??\c:\bbbbnn.exec:\bbbbnn.exe76⤵
-
\??\c:\vpddd.exec:\vpddd.exe77⤵
-
\??\c:\lllrlrl.exec:\lllrlrl.exe78⤵
-
\??\c:\nhttnt.exec:\nhttnt.exe79⤵
-
\??\c:\hhnhtb.exec:\hhnhtb.exe80⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe81⤵
-
\??\c:\rxrxxxx.exec:\rxrxxxx.exe82⤵
-
\??\c:\3ffxxlf.exec:\3ffxxlf.exe83⤵
-
\??\c:\hbhnnt.exec:\hbhnnt.exe84⤵
-
\??\c:\vpvdv.exec:\vpvdv.exe85⤵
-
\??\c:\vppvj.exec:\vppvj.exe86⤵
-
\??\c:\fxxfxxx.exec:\fxxfxxx.exe87⤵
-
\??\c:\rlllfff.exec:\rlllfff.exe88⤵
-
\??\c:\hhhhhh.exec:\hhhhhh.exe89⤵
-
\??\c:\pvpjv.exec:\pvpjv.exe90⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe91⤵
-
\??\c:\xfflfff.exec:\xfflfff.exe92⤵
-
\??\c:\hhhntb.exec:\hhhntb.exe93⤵
-
\??\c:\bnnhbt.exec:\bnnhbt.exe94⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe95⤵
-
\??\c:\llxxlff.exec:\llxxlff.exe96⤵
-
\??\c:\rfffxxr.exec:\rfffxxr.exe97⤵
-
\??\c:\tthtnn.exec:\tthtnn.exe98⤵
-
\??\c:\bhbtnn.exec:\bhbtnn.exe99⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe100⤵
-
\??\c:\xxrlffx.exec:\xxrlffx.exe101⤵
-
\??\c:\fxrrllf.exec:\fxrrllf.exe102⤵
-
\??\c:\hhtttt.exec:\hhtttt.exe103⤵
-
\??\c:\9bbthb.exec:\9bbthb.exe104⤵
-
\??\c:\vdpjj.exec:\vdpjj.exe105⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe106⤵
-
\??\c:\3lrrfff.exec:\3lrrfff.exe107⤵
-
\??\c:\fxxfxrl.exec:\fxxfxrl.exe108⤵
-
\??\c:\nhhhbb.exec:\nhhhbb.exe109⤵
-
\??\c:\hbtnbb.exec:\hbtnbb.exe110⤵
-
\??\c:\ddjjj.exec:\ddjjj.exe111⤵
-
\??\c:\fxfxrrx.exec:\fxfxrrx.exe112⤵
-
\??\c:\5rffxxr.exec:\5rffxxr.exe113⤵
-
\??\c:\btbtnn.exec:\btbtnn.exe114⤵
-
\??\c:\ntbtnn.exec:\ntbtnn.exe115⤵
-
\??\c:\7pvpj.exec:\7pvpj.exe116⤵
-
\??\c:\dvjpj.exec:\dvjpj.exe117⤵
-
\??\c:\tnnnhb.exec:\tnnnhb.exe118⤵
-
\??\c:\9bbbtt.exec:\9bbbtt.exe119⤵
-
\??\c:\1dpjd.exec:\1dpjd.exe120⤵
-
\??\c:\vvdjd.exec:\vvdjd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-