Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
29-05-2024 00:21
General
-
Target
99fb0fbb49f0f2fa1f665cb59992d1be8adfaae7a71238f59bdebb3ddbb78d10.exe
-
Size
56KB
-
MD5
74a907cb15cd3d113450636803ff5011
-
SHA1
b06d03f8eb620791b69c9a8f2a663fbe602b13f0
-
SHA256
99fb0fbb49f0f2fa1f665cb59992d1be8adfaae7a71238f59bdebb3ddbb78d10
-
SHA512
449b04a93453fa15721f079029fa3eea71219cdb5839e774f3ab93af660a66a3e617c8f550a05f84ae8121dade39caa98115b42f9b935c2fa81980128f768efb
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0chVn8:ymb3NkkiQ3mdBjF0cr8
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
UPX dump on OEP (original entry point) 32 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\99fb0fbb49f0f2fa1f665cb59992d1be8adfaae7a71238f59bdebb3ddbb78d10.exe"C:\Users\Admin\AppData\Local\Temp\99fb0fbb49f0f2fa1f665cb59992d1be8adfaae7a71238f59bdebb3ddbb78d10.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3jpvv.exec:\3jpvv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxfllx.exec:\xrxfllx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvpj.exec:\pvvpj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pdpp.exec:\7pdpp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lxlrll.exec:\3lxlrll.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbnnn.exec:\bnbnnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddpj.exec:\pddpj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppddd.exec:\ppddd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlrfrr.exec:\lrlrfrr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbbtt.exec:\htbbtt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddv.exec:\jdddv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vddv.exec:\9vddv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrxlrf.exec:\xlrxlrf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hbbhh.exec:\7hbbhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbthnb.exec:\hbthnb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdddp.exec:\pdddp.exe17⤵
- Executes dropped EXE
-
\??\c:\pddvd.exec:\pddvd.exe18⤵
- Executes dropped EXE
-
\??\c:\lxffrrx.exec:\lxffrrx.exe19⤵
- Executes dropped EXE
-
\??\c:\hhbtth.exec:\hhbtth.exe20⤵
- Executes dropped EXE
-
\??\c:\bbthbn.exec:\bbthbn.exe21⤵
- Executes dropped EXE
-
\??\c:\dvddj.exec:\dvddj.exe22⤵
- Executes dropped EXE
-
\??\c:\vpppp.exec:\vpppp.exe23⤵
- Executes dropped EXE
-
\??\c:\9flrrrx.exec:\9flrrrx.exe24⤵
- Executes dropped EXE
-
\??\c:\hnthbh.exec:\hnthbh.exe25⤵
- Executes dropped EXE
-
\??\c:\pjppd.exec:\pjppd.exe26⤵
- Executes dropped EXE
-
\??\c:\fxxlfxx.exec:\fxxlfxx.exe27⤵
- Executes dropped EXE
-
\??\c:\fxfrrlx.exec:\fxfrrlx.exe28⤵
- Executes dropped EXE
-
\??\c:\5ntnth.exec:\5ntnth.exe29⤵
- Executes dropped EXE
-
\??\c:\fxxffxf.exec:\fxxffxf.exe30⤵
- Executes dropped EXE
-
\??\c:\fflxfrl.exec:\fflxfrl.exe31⤵
- Executes dropped EXE
-
\??\c:\1tnhtn.exec:\1tnhtn.exe32⤵
- Executes dropped EXE
-
\??\c:\1jvjv.exec:\1jvjv.exe33⤵
- Executes dropped EXE
-
\??\c:\xrxxxfx.exec:\xrxxxfx.exe34⤵
- Executes dropped EXE
-
\??\c:\rfrxfxl.exec:\rfrxfxl.exe35⤵
- Executes dropped EXE
-
\??\c:\1tbbhb.exec:\1tbbhb.exe36⤵
- Executes dropped EXE
-
\??\c:\tnbtbb.exec:\tnbtbb.exe37⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe38⤵
- Executes dropped EXE
-
\??\c:\pdjvv.exec:\pdjvv.exe39⤵
- Executes dropped EXE
-
\??\c:\rlllxxf.exec:\rlllxxf.exe40⤵
- Executes dropped EXE
-
\??\c:\xxrxlrf.exec:\xxrxlrf.exe41⤵
- Executes dropped EXE
-
\??\c:\hnnbbn.exec:\hnnbbn.exe42⤵
- Executes dropped EXE
-
\??\c:\9jvvv.exec:\9jvvv.exe43⤵
- Executes dropped EXE
-
\??\c:\pddvv.exec:\pddvv.exe44⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe45⤵
- Executes dropped EXE
-
\??\c:\3rlrxxf.exec:\3rlrxxf.exe46⤵
- Executes dropped EXE
-
\??\c:\7hbttt.exec:\7hbttt.exe47⤵
- Executes dropped EXE
-
\??\c:\ntbthb.exec:\ntbthb.exe48⤵
- Executes dropped EXE
-
\??\c:\dpdjp.exec:\dpdjp.exe49⤵
- Executes dropped EXE
-
\??\c:\djddj.exec:\djddj.exe50⤵
- Executes dropped EXE
-
\??\c:\dvddd.exec:\dvddd.exe51⤵
- Executes dropped EXE
-
\??\c:\ffxfrrf.exec:\ffxfrrf.exe52⤵
- Executes dropped EXE
-
\??\c:\lrxllrf.exec:\lrxllrf.exe53⤵
- Executes dropped EXE
-
\??\c:\7thnnn.exec:\7thnnn.exe54⤵
- Executes dropped EXE
-
\??\c:\7htbbt.exec:\7htbbt.exe55⤵
- Executes dropped EXE
-
\??\c:\jddjj.exec:\jddjj.exe56⤵
- Executes dropped EXE
-
\??\c:\dvdvv.exec:\dvdvv.exe57⤵
- Executes dropped EXE
-
\??\c:\xrxrlff.exec:\xrxrlff.exe58⤵
- Executes dropped EXE
-
\??\c:\llxxfll.exec:\llxxfll.exe59⤵
- Executes dropped EXE
-
\??\c:\frrllrx.exec:\frrllrx.exe60⤵
- Executes dropped EXE
-
\??\c:\ttnhbh.exec:\ttnhbh.exe61⤵
- Executes dropped EXE
-
\??\c:\pjddj.exec:\pjddj.exe62⤵
- Executes dropped EXE
-
\??\c:\vdjvd.exec:\vdjvd.exe63⤵
- Executes dropped EXE
-
\??\c:\1pjdd.exec:\1pjdd.exe64⤵
- Executes dropped EXE
-
\??\c:\lxrxlrr.exec:\lxrxlrr.exe65⤵
- Executes dropped EXE
-
\??\c:\lxlxffx.exec:\lxlxffx.exe66⤵
-
\??\c:\nhbhnn.exec:\nhbhnn.exe67⤵
-
\??\c:\tnbtbt.exec:\tnbtbt.exe68⤵
-
\??\c:\vdvjj.exec:\vdvjj.exe69⤵
-
\??\c:\3vjvv.exec:\3vjvv.exe70⤵
-
\??\c:\7xffxlr.exec:\7xffxlr.exe71⤵
-
\??\c:\xrxxfxf.exec:\xrxxfxf.exe72⤵
-
\??\c:\5tbbtt.exec:\5tbbtt.exe73⤵
-
\??\c:\hhtntt.exec:\hhtntt.exe74⤵
-
\??\c:\ddpvd.exec:\ddpvd.exe75⤵
-
\??\c:\9jjpd.exec:\9jjpd.exe76⤵
-
\??\c:\rxrrrrf.exec:\rxrrrrf.exe77⤵
-
\??\c:\1frflfl.exec:\1frflfl.exe78⤵
-
\??\c:\thnhhb.exec:\thnhhb.exe79⤵
-
\??\c:\tnhhht.exec:\tnhhht.exe80⤵
-
\??\c:\vdjdd.exec:\vdjdd.exe81⤵
-
\??\c:\7frrxfl.exec:\7frrxfl.exe82⤵
-
\??\c:\rfrrrrr.exec:\rfrrrrr.exe83⤵
-
\??\c:\xlrxxfr.exec:\xlrxxfr.exe84⤵
-
\??\c:\tnbhnt.exec:\tnbhnt.exe85⤵
-
\??\c:\hbhnbh.exec:\hbhnbh.exe86⤵
-
\??\c:\3pjjd.exec:\3pjjd.exe87⤵
-
\??\c:\vdpdp.exec:\vdpdp.exe88⤵
-
\??\c:\rflllfl.exec:\rflllfl.exe89⤵
-
\??\c:\7xrxllr.exec:\7xrxllr.exe90⤵
-
\??\c:\tnnnnh.exec:\tnnnnh.exe91⤵
-
\??\c:\bnbtnh.exec:\bnbtnh.exe92⤵
-
\??\c:\9djvj.exec:\9djvj.exe93⤵
-
\??\c:\1pjvd.exec:\1pjvd.exe94⤵
-
\??\c:\llrxrrl.exec:\llrxrrl.exe95⤵
-
\??\c:\xfxfrfr.exec:\xfxfrfr.exe96⤵
-
\??\c:\1bnhnn.exec:\1bnhnn.exe97⤵
-
\??\c:\vjjjj.exec:\vjjjj.exe98⤵
-
\??\c:\3jvdd.exec:\3jvdd.exe99⤵
-
\??\c:\rflfxxf.exec:\rflfxxf.exe100⤵
-
\??\c:\llxrxfl.exec:\llxrxfl.exe101⤵
-
\??\c:\nnhnth.exec:\nnhnth.exe102⤵
-
\??\c:\htbttt.exec:\htbttt.exe103⤵
-
\??\c:\5djjp.exec:\5djjp.exe104⤵
-
\??\c:\dpdpp.exec:\dpdpp.exe105⤵
-
\??\c:\3fxrfrx.exec:\3fxrfrx.exe106⤵
-
\??\c:\lflrfxr.exec:\lflrfxr.exe107⤵
-
\??\c:\bbnbhh.exec:\bbnbhh.exe108⤵
-
\??\c:\7nbbhh.exec:\7nbbhh.exe109⤵
-
\??\c:\ppvvj.exec:\ppvvj.exe110⤵
-
\??\c:\vjdvv.exec:\vjdvv.exe111⤵
-
\??\c:\xlrllrr.exec:\xlrllrr.exe112⤵
-
\??\c:\rlxfllr.exec:\rlxfllr.exe113⤵
-
\??\c:\hnbnnn.exec:\hnbnnn.exe114⤵
-
\??\c:\vvpvv.exec:\vvpvv.exe115⤵
-
\??\c:\lffrxrx.exec:\lffrxrx.exe116⤵
-
\??\c:\5nbhhh.exec:\5nbhhh.exe117⤵
-
\??\c:\hbnntb.exec:\hbnntb.exe118⤵
-
\??\c:\5vvvj.exec:\5vvvj.exe119⤵
-
\??\c:\dpddj.exec:\dpddj.exe120⤵
-
\??\c:\rflllrr.exec:\rflllrr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-