Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
29-05-2024 02:28
General
-
Target
cd32a4089d9edb8d2d6fe8db76a87ed625e90bef68efe4d463b4a031f020228d.exe
-
Size
90KB
-
MD5
651fecb833695bb6bbed49c8bd0531bd
-
SHA1
ff0fc3df2dfa87d357d1c20d83a70c4639d59b93
-
SHA256
cd32a4089d9edb8d2d6fe8db76a87ed625e90bef68efe4d463b4a031f020228d
-
SHA512
9f2f893dd327c44704409d8370d5c31e5041601c69d35a7de54c16075c641dc797b9b0a7681da81185d43c1d1b3a6f19d26f65caf09b41b276576a000457e0af
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDodtzac0Hobv0byLufTJfJ0:ymb3NkkiQ3mdBjFodt27HobvcyLufNfi
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
UPX dump on OEP (original entry point) 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cd32a4089d9edb8d2d6fe8db76a87ed625e90bef68efe4d463b4a031f020228d.exe"C:\Users\Admin\AppData\Local\Temp\cd32a4089d9edb8d2d6fe8db76a87ed625e90bef68efe4d463b4a031f020228d.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\llxflrx.exec:\llxflrx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tnntb.exec:\7tnntb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frffrxf.exec:\frffrxf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfllxxx.exec:\rfllxxx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bbnbn.exec:\9bbnbn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpppd.exec:\dpppd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llflrfr.exec:\llflrfr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxllrrr.exec:\fxllrrr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnthht.exec:\tnthht.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjpp.exec:\jvjpp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrrfrf.exec:\rfrrfrf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrfrxf.exec:\fxrfrxf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtthb.exec:\hbtthb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvjd.exec:\vpvjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxrlxf.exec:\lrxrlxf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbhtn.exec:\nnbhtn.exe17⤵
- Executes dropped EXE
-
\??\c:\5bnntn.exec:\5bnntn.exe18⤵
- Executes dropped EXE
-
\??\c:\1pdjp.exec:\1pdjp.exe19⤵
- Executes dropped EXE
-
\??\c:\fflrfxr.exec:\fflrfxr.exe20⤵
- Executes dropped EXE
-
\??\c:\hthttb.exec:\hthttb.exe21⤵
- Executes dropped EXE
-
\??\c:\nhtbnt.exec:\nhtbnt.exe22⤵
- Executes dropped EXE
-
\??\c:\9jvdd.exec:\9jvdd.exe23⤵
- Executes dropped EXE
-
\??\c:\rlflrxf.exec:\rlflrxf.exe24⤵
- Executes dropped EXE
-
\??\c:\7lxrxfl.exec:\7lxrxfl.exe25⤵
- Executes dropped EXE
-
\??\c:\nbntht.exec:\nbntht.exe26⤵
- Executes dropped EXE
-
\??\c:\vjvjp.exec:\vjvjp.exe27⤵
- Executes dropped EXE
-
\??\c:\lfflxfr.exec:\lfflxfr.exe28⤵
- Executes dropped EXE
-
\??\c:\tnnntt.exec:\tnnntt.exe29⤵
- Executes dropped EXE
-
\??\c:\9vpjv.exec:\9vpjv.exe30⤵
- Executes dropped EXE
-
\??\c:\9lxfffr.exec:\9lxfffr.exe31⤵
- Executes dropped EXE
-
\??\c:\rlxlxxl.exec:\rlxlxxl.exe32⤵
- Executes dropped EXE
-
\??\c:\1tnbht.exec:\1tnbht.exe33⤵
- Executes dropped EXE
-
\??\c:\1jvvj.exec:\1jvvj.exe34⤵
- Executes dropped EXE
-
\??\c:\vpvdd.exec:\vpvdd.exe35⤵
- Executes dropped EXE
-
\??\c:\9frlffx.exec:\9frlffx.exe36⤵
- Executes dropped EXE
-
\??\c:\fxfffff.exec:\fxfffff.exe37⤵
- Executes dropped EXE
-
\??\c:\ttnbnb.exec:\ttnbnb.exe38⤵
- Executes dropped EXE
-
\??\c:\5bntbh.exec:\5bntbh.exe39⤵
- Executes dropped EXE
-
\??\c:\vjvpp.exec:\vjvpp.exe40⤵
- Executes dropped EXE
-
\??\c:\vpjjv.exec:\vpjjv.exe41⤵
- Executes dropped EXE
-
\??\c:\xxrxlrf.exec:\xxrxlrf.exe42⤵
- Executes dropped EXE
-
\??\c:\1htttt.exec:\1htttt.exe43⤵
- Executes dropped EXE
-
\??\c:\bbnthb.exec:\bbnthb.exe44⤵
- Executes dropped EXE
-
\??\c:\vvdpj.exec:\vvdpj.exe45⤵
- Executes dropped EXE
-
\??\c:\pjvvv.exec:\pjvvv.exe46⤵
- Executes dropped EXE
-
\??\c:\3fflrfx.exec:\3fflrfx.exe47⤵
- Executes dropped EXE
-
\??\c:\9flrrrx.exec:\9flrrrx.exe48⤵
- Executes dropped EXE
-
\??\c:\htbhhh.exec:\htbhhh.exe49⤵
- Executes dropped EXE
-
\??\c:\hbbhnt.exec:\hbbhnt.exe50⤵
- Executes dropped EXE
-
\??\c:\pjpjp.exec:\pjpjp.exe51⤵
- Executes dropped EXE
-
\??\c:\vpjpd.exec:\vpjpd.exe52⤵
- Executes dropped EXE
-
\??\c:\9rfrrrx.exec:\9rfrrrx.exe53⤵
- Executes dropped EXE
-
\??\c:\9llxflx.exec:\9llxflx.exe54⤵
- Executes dropped EXE
-
\??\c:\hbnbnn.exec:\hbnbnn.exe55⤵
- Executes dropped EXE
-
\??\c:\nhtntn.exec:\nhtntn.exe56⤵
- Executes dropped EXE
-
\??\c:\7vvpp.exec:\7vvpp.exe57⤵
- Executes dropped EXE
-
\??\c:\dvdjp.exec:\dvdjp.exe58⤵
- Executes dropped EXE
-
\??\c:\lfrfrrf.exec:\lfrfrrf.exe59⤵
- Executes dropped EXE
-
\??\c:\xxflrrf.exec:\xxflrrf.exe60⤵
- Executes dropped EXE
-
\??\c:\hbtbnt.exec:\hbtbnt.exe61⤵
- Executes dropped EXE
-
\??\c:\nbnhnn.exec:\nbnhnn.exe62⤵
- Executes dropped EXE
-
\??\c:\jdjvd.exec:\jdjvd.exe63⤵
- Executes dropped EXE
-
\??\c:\7rlrfff.exec:\7rlrfff.exe64⤵
- Executes dropped EXE
-
\??\c:\rffrrxf.exec:\rffrrxf.exe65⤵
- Executes dropped EXE
-
\??\c:\btnnbb.exec:\btnnbb.exe66⤵
-
\??\c:\jjpdd.exec:\jjpdd.exe67⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe68⤵
-
\??\c:\frxxxrf.exec:\frxxxrf.exe69⤵
-
\??\c:\frxffxf.exec:\frxffxf.exe70⤵
-
\??\c:\btbnnt.exec:\btbnnt.exe71⤵
-
\??\c:\btnbhn.exec:\btnbhn.exe72⤵
-
\??\c:\jjpvv.exec:\jjpvv.exe73⤵
-
\??\c:\1dpvj.exec:\1dpvj.exe74⤵
-
\??\c:\ffxxfll.exec:\ffxxfll.exe75⤵
-
\??\c:\9fxlrxf.exec:\9fxlrxf.exe76⤵
-
\??\c:\7bnbtt.exec:\7bnbtt.exe77⤵
-
\??\c:\dpvvd.exec:\dpvvd.exe78⤵
-
\??\c:\jdddj.exec:\jdddj.exe79⤵
-
\??\c:\rrrflxx.exec:\rrrflxx.exe80⤵
-
\??\c:\5frxxlr.exec:\5frxxlr.exe81⤵
-
\??\c:\ttnhtb.exec:\ttnhtb.exe82⤵
-
\??\c:\7jddv.exec:\7jddv.exe83⤵
-
\??\c:\dvvpv.exec:\dvvpv.exe84⤵
-
\??\c:\7rflxfr.exec:\7rflxfr.exe85⤵
-
\??\c:\ffxlrlx.exec:\ffxlrlx.exe86⤵
-
\??\c:\rrxflff.exec:\rrxflff.exe87⤵
-
\??\c:\bhhthn.exec:\bhhthn.exe88⤵
-
\??\c:\ppjvp.exec:\ppjvp.exe89⤵
-
\??\c:\3jjpj.exec:\3jjpj.exe90⤵
-
\??\c:\rrflxfl.exec:\rrflxfl.exe91⤵
-
\??\c:\xrlxlrx.exec:\xrlxlrx.exe92⤵
-
\??\c:\tbbbtt.exec:\tbbbtt.exe93⤵
-
\??\c:\nbhnnt.exec:\nbhnnt.exe94⤵
-
\??\c:\vpddj.exec:\vpddj.exe95⤵
-
\??\c:\dvjvv.exec:\dvjvv.exe96⤵
-
\??\c:\xrxxxxf.exec:\xrxxxxf.exe97⤵
-
\??\c:\3nbhtt.exec:\3nbhtt.exe98⤵
-
\??\c:\hhbbhh.exec:\hhbbhh.exe99⤵
-
\??\c:\vvdjp.exec:\vvdjp.exe100⤵
-
\??\c:\jjvjp.exec:\jjvjp.exe101⤵
-
\??\c:\xrlfllx.exec:\xrlfllx.exe102⤵
-
\??\c:\llrlxfx.exec:\llrlxfx.exe103⤵
-
\??\c:\tthtbb.exec:\tthtbb.exe104⤵
-
\??\c:\vvjdd.exec:\vvjdd.exe105⤵
-
\??\c:\vpvpv.exec:\vpvpv.exe106⤵
-
\??\c:\3vpvv.exec:\3vpvv.exe107⤵
-
\??\c:\9llrfrf.exec:\9llrfrf.exe108⤵
-
\??\c:\nnbhnh.exec:\nnbhnh.exe109⤵
-
\??\c:\bbthth.exec:\bbthth.exe110⤵
-
\??\c:\pppdp.exec:\pppdp.exe111⤵
-
\??\c:\jvvjj.exec:\jvvjj.exe112⤵
-
\??\c:\fxflfxx.exec:\fxflfxx.exe113⤵
-
\??\c:\xxxrlxr.exec:\xxxrlxr.exe114⤵
-
\??\c:\rlflrxf.exec:\rlflrxf.exe115⤵
-
\??\c:\xxrfxlf.exec:\xxrfxlf.exe116⤵
-
\??\c:\9bnntt.exec:\9bnntt.exe117⤵
-
\??\c:\hhbhbn.exec:\hhbhbn.exe118⤵
-
\??\c:\vpdpp.exec:\vpdpp.exe119⤵
-
\??\c:\1jdjd.exec:\1jdjd.exe120⤵
-
\??\c:\fxflrxf.exec:\fxflrxf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-