Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
29-05-2024 00:21
General
-
Target
99fb0fbb49f0f2fa1f665cb59992d1be8adfaae7a71238f59bdebb3ddbb78d10.exe
-
Size
56KB
-
MD5
74a907cb15cd3d113450636803ff5011
-
SHA1
b06d03f8eb620791b69c9a8f2a663fbe602b13f0
-
SHA256
99fb0fbb49f0f2fa1f665cb59992d1be8adfaae7a71238f59bdebb3ddbb78d10
-
SHA512
449b04a93453fa15721f079029fa3eea71219cdb5839e774f3ab93af660a66a3e617c8f550a05f84ae8121dade39caa98115b42f9b935c2fa81980128f768efb
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0chVn8:ymb3NkkiQ3mdBjF0cr8
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
UPX dump on OEP (original entry point) 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\99fb0fbb49f0f2fa1f665cb59992d1be8adfaae7a71238f59bdebb3ddbb78d10.exe"C:\Users\Admin\AppData\Local\Temp\99fb0fbb49f0f2fa1f665cb59992d1be8adfaae7a71238f59bdebb3ddbb78d10.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3xxrlfl.exec:\3xxrlfl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnhht.exec:\nnnhht.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllrxxx.exec:\xllrxxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffflll.exec:\fffflll.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbthh.exec:\bbbthh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdd.exec:\pjjdd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrfxxr.exec:\frrfxxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhttnn.exec:\bhttnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjjv.exec:\ddjjv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxxrrx.exec:\xfxxrrx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbtnn.exec:\nbbtnn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpdp.exec:\pjpdp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdvp.exec:\djdvp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrlxr.exec:\fxxrlxr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbbb.exec:\hbhbbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ddvp.exec:\9ddvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxllf.exec:\lfxxllf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tnnhn.exec:\3tnnhn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnhtt.exec:\nnnhtt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpdp.exec:\pvpdp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxrrll.exec:\frxrrll.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnbhn.exec:\bhnbhn.exe23⤵
- Executes dropped EXE
-
\??\c:\5thhtb.exec:\5thhtb.exe24⤵
- Executes dropped EXE
-
\??\c:\vvvpv.exec:\vvvpv.exe25⤵
- Executes dropped EXE
-
\??\c:\lfrlffr.exec:\lfrlffr.exe26⤵
- Executes dropped EXE
-
\??\c:\nnhhbb.exec:\nnhhbb.exe27⤵
- Executes dropped EXE
-
\??\c:\hbttnh.exec:\hbttnh.exe28⤵
- Executes dropped EXE
-
\??\c:\1jddp.exec:\1jddp.exe29⤵
- Executes dropped EXE
-
\??\c:\lfrlrll.exec:\lfrlrll.exe30⤵
- Executes dropped EXE
-
\??\c:\xflfffx.exec:\xflfffx.exe31⤵
- Executes dropped EXE
-
\??\c:\htbbbb.exec:\htbbbb.exe32⤵
- Executes dropped EXE
-
\??\c:\jdjjv.exec:\jdjjv.exe33⤵
- Executes dropped EXE
-
\??\c:\xlfrlll.exec:\xlfrlll.exe34⤵
- Executes dropped EXE
-
\??\c:\flxffll.exec:\flxffll.exe35⤵
- Executes dropped EXE
-
\??\c:\httnht.exec:\httnht.exe36⤵
- Executes dropped EXE
-
\??\c:\pjjjj.exec:\pjjjj.exe37⤵
- Executes dropped EXE
-
\??\c:\vvjvp.exec:\vvjvp.exe38⤵
- Executes dropped EXE
-
\??\c:\flrlxxr.exec:\flrlxxr.exe39⤵
- Executes dropped EXE
-
\??\c:\tnhnbb.exec:\tnhnbb.exe40⤵
- Executes dropped EXE
-
\??\c:\vpdvv.exec:\vpdvv.exe41⤵
- Executes dropped EXE
-
\??\c:\jdjdd.exec:\jdjdd.exe42⤵
- Executes dropped EXE
-
\??\c:\frlrrxr.exec:\frlrrxr.exe43⤵
- Executes dropped EXE
-
\??\c:\5hnnnn.exec:\5hnnnn.exe44⤵
- Executes dropped EXE
-
\??\c:\ppddd.exec:\ppddd.exe45⤵
- Executes dropped EXE
-
\??\c:\pppjp.exec:\pppjp.exe46⤵
- Executes dropped EXE
-
\??\c:\rrrlffx.exec:\rrrlffx.exe47⤵
- Executes dropped EXE
-
\??\c:\9hhhbt.exec:\9hhhbt.exe48⤵
- Executes dropped EXE
-
\??\c:\bnhbnh.exec:\bnhbnh.exe49⤵
- Executes dropped EXE
-
\??\c:\jvjjv.exec:\jvjjv.exe50⤵
- Executes dropped EXE
-
\??\c:\flrrllf.exec:\flrrllf.exe51⤵
- Executes dropped EXE
-
\??\c:\bbbtnh.exec:\bbbtnh.exe52⤵
- Executes dropped EXE
-
\??\c:\nntnhh.exec:\nntnhh.exe53⤵
- Executes dropped EXE
-
\??\c:\1vdvv.exec:\1vdvv.exe54⤵
- Executes dropped EXE
-
\??\c:\vvjjv.exec:\vvjjv.exe55⤵
- Executes dropped EXE
-
\??\c:\tnbbnh.exec:\tnbbnh.exe56⤵
- Executes dropped EXE
-
\??\c:\ntnbtt.exec:\ntnbtt.exe57⤵
- Executes dropped EXE
-
\??\c:\pjvpd.exec:\pjvpd.exe58⤵
- Executes dropped EXE
-
\??\c:\xxfxrrl.exec:\xxfxrrl.exe59⤵
- Executes dropped EXE
-
\??\c:\1xxrlff.exec:\1xxrlff.exe60⤵
- Executes dropped EXE
-
\??\c:\hbhbhb.exec:\hbhbhb.exe61⤵
- Executes dropped EXE
-
\??\c:\hnhbtt.exec:\hnhbtt.exe62⤵
- Executes dropped EXE
-
\??\c:\vdvvp.exec:\vdvvp.exe63⤵
- Executes dropped EXE
-
\??\c:\rrrlxlr.exec:\rrrlxlr.exe64⤵
- Executes dropped EXE
-
\??\c:\hntttt.exec:\hntttt.exe65⤵
- Executes dropped EXE
-
\??\c:\nnnhhb.exec:\nnnhhb.exe66⤵
-
\??\c:\ppvpp.exec:\ppvpp.exe67⤵
-
\??\c:\vvjjj.exec:\vvjjj.exe68⤵
-
\??\c:\rlrlfff.exec:\rlrlfff.exe69⤵
-
\??\c:\7fffrxr.exec:\7fffrxr.exe70⤵
-
\??\c:\tnnnbb.exec:\tnnnbb.exe71⤵
-
\??\c:\bhbthh.exec:\bhbthh.exe72⤵
-
\??\c:\3pppj.exec:\3pppj.exe73⤵
-
\??\c:\xllllll.exec:\xllllll.exe74⤵
-
\??\c:\nnbhtt.exec:\nnbhtt.exe75⤵
-
\??\c:\bhhbtt.exec:\bhhbtt.exe76⤵
-
\??\c:\pvpjd.exec:\pvpjd.exe77⤵
-
\??\c:\vjdpp.exec:\vjdpp.exe78⤵
-
\??\c:\xxxxfff.exec:\xxxxfff.exe79⤵
-
\??\c:\hthnbn.exec:\hthnbn.exe80⤵
-
\??\c:\nhnnbh.exec:\nhnnbh.exe81⤵
-
\??\c:\vvjvp.exec:\vvjvp.exe82⤵
-
\??\c:\9xllfff.exec:\9xllfff.exe83⤵
-
\??\c:\xfxxrrl.exec:\xfxxrrl.exe84⤵
-
\??\c:\nhnnnn.exec:\nhnnnn.exe85⤵
-
\??\c:\vjpvv.exec:\vjpvv.exe86⤵
-
\??\c:\llrrfff.exec:\llrrfff.exe87⤵
-
\??\c:\xxrrrrx.exec:\xxrrrrx.exe88⤵
-
\??\c:\nnttnt.exec:\nnttnt.exe89⤵
-
\??\c:\tntnbb.exec:\tntnbb.exe90⤵
-
\??\c:\dddvd.exec:\dddvd.exe91⤵
-
\??\c:\3jvpv.exec:\3jvpv.exe92⤵
-
\??\c:\3rxrlrl.exec:\3rxrlrl.exe93⤵
-
\??\c:\rfllrxx.exec:\rfllrxx.exe94⤵
-
\??\c:\bbnhtt.exec:\bbnhtt.exe95⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe96⤵
-
\??\c:\vppjv.exec:\vppjv.exe97⤵
-
\??\c:\7lrllrx.exec:\7lrllrx.exe98⤵
-
\??\c:\5xrrlrr.exec:\5xrrlrr.exe99⤵
-
\??\c:\nttnnn.exec:\nttnnn.exe100⤵
-
\??\c:\tbbbbb.exec:\tbbbbb.exe101⤵
-
\??\c:\ddddd.exec:\ddddd.exe102⤵
-
\??\c:\lxfxrxr.exec:\lxfxrxr.exe103⤵
-
\??\c:\tbnttt.exec:\tbnttt.exe104⤵
-
\??\c:\hbnttb.exec:\hbnttb.exe105⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe106⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe107⤵
-
\??\c:\3xrrlrl.exec:\3xrrlrl.exe108⤵
-
\??\c:\flxxffr.exec:\flxxffr.exe109⤵
-
\??\c:\btttnn.exec:\btttnn.exe110⤵
-
\??\c:\nhnnnt.exec:\nhnnnt.exe111⤵
-
\??\c:\pppjj.exec:\pppjj.exe112⤵
-
\??\c:\pjpvp.exec:\pjpvp.exe113⤵
-
\??\c:\llxrllr.exec:\llxrllr.exe114⤵
-
\??\c:\3rxlfff.exec:\3rxlfff.exe115⤵
-
\??\c:\bbttnn.exec:\bbttnn.exe116⤵
-
\??\c:\nntnhn.exec:\nntnhn.exe117⤵
-
\??\c:\7jjdv.exec:\7jjdv.exe118⤵
-
\??\c:\djpdv.exec:\djpdv.exe119⤵
-
\??\c:\flrrrxr.exec:\flrrrxr.exe120⤵
-
\??\c:\fxrrrrr.exec:\fxrrrrr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-