Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
29-05-2024 03:24
General
-
Target
e31d6025997bb78485544193c717463169b67fef14c9eb4d4a1757ae6392c610.exe
-
Size
69KB
-
MD5
0e5b4dd9bd0795cd41b88a1d343047fb
-
SHA1
f98a197ad2f366aa65d3c102d425189158b110cc
-
SHA256
e31d6025997bb78485544193c717463169b67fef14c9eb4d4a1757ae6392c610
-
SHA512
af7fa431ce6a7735fa7f3cb5b8dc53ef372aefede01fb282ac82f06373a5f44cd8fc0914ea96fefba53e1da33d03c46c5b1e09318d47a027a163b91b82754761
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIfv7+afCD+QsQbu0:ymb3NkkiQ3mdBjFIfvTfCD+HU
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
UPX dump on OEP (original entry point) 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e31d6025997bb78485544193c717463169b67fef14c9eb4d4a1757ae6392c610.exe"C:\Users\Admin\AppData\Local\Temp\e31d6025997bb78485544193c717463169b67fef14c9eb4d4a1757ae6392c610.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpdd.exec:\dvpdd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5frllfl.exec:\5frllfl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnnn.exec:\bntnnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpvd.exec:\pdpvd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfrfxf.exec:\rlfrfxf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxfxll.exec:\lxxfxll.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbbh.exec:\tnhbbh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpddj.exec:\jpddj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfxlr.exec:\lflfxlr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hbbhn.exec:\3hbbhn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtthh.exec:\bbtthh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjdj.exec:\ppjdj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrxlxl.exec:\ffrxlxl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbntn.exec:\hhbntn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbthtb.exec:\bbthtb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vdjp.exec:\9vdjp.exe17⤵
- Executes dropped EXE
-
\??\c:\5fllflr.exec:\5fllflr.exe18⤵
- Executes dropped EXE
-
\??\c:\xlrrxfx.exec:\xlrrxfx.exe19⤵
- Executes dropped EXE
-
\??\c:\ntnbtb.exec:\ntnbtb.exe20⤵
- Executes dropped EXE
-
\??\c:\vvpvj.exec:\vvpvj.exe21⤵
- Executes dropped EXE
-
\??\c:\dvdjv.exec:\dvdjv.exe22⤵
- Executes dropped EXE
-
\??\c:\xrrxlfl.exec:\xrrxlfl.exe23⤵
- Executes dropped EXE
-
\??\c:\1bbbbh.exec:\1bbbbh.exe24⤵
- Executes dropped EXE
-
\??\c:\jvppj.exec:\jvppj.exe25⤵
- Executes dropped EXE
-
\??\c:\jpjjp.exec:\jpjjp.exe26⤵
- Executes dropped EXE
-
\??\c:\lfxrxff.exec:\lfxrxff.exe27⤵
- Executes dropped EXE
-
\??\c:\btntbn.exec:\btntbn.exe28⤵
- Executes dropped EXE
-
\??\c:\djjpp.exec:\djjpp.exe29⤵
- Executes dropped EXE
-
\??\c:\jjvjp.exec:\jjvjp.exe30⤵
- Executes dropped EXE
-
\??\c:\rrrxllf.exec:\rrrxllf.exe31⤵
- Executes dropped EXE
-
\??\c:\lxxlxff.exec:\lxxlxff.exe32⤵
- Executes dropped EXE
-
\??\c:\3bhbhh.exec:\3bhbhh.exe33⤵
- Executes dropped EXE
-
\??\c:\ddvvv.exec:\ddvvv.exe34⤵
- Executes dropped EXE
-
\??\c:\jdjpv.exec:\jdjpv.exe35⤵
- Executes dropped EXE
-
\??\c:\fxxfllr.exec:\fxxfllr.exe36⤵
- Executes dropped EXE
-
\??\c:\5rffflr.exec:\5rffflr.exe37⤵
- Executes dropped EXE
-
\??\c:\bnbhnn.exec:\bnbhnn.exe38⤵
- Executes dropped EXE
-
\??\c:\tnttth.exec:\tnttth.exe39⤵
- Executes dropped EXE
-
\??\c:\pjppv.exec:\pjppv.exe40⤵
- Executes dropped EXE
-
\??\c:\vjpvv.exec:\vjpvv.exe41⤵
- Executes dropped EXE
-
\??\c:\frfllfl.exec:\frfllfl.exe42⤵
- Executes dropped EXE
-
\??\c:\llfrxxf.exec:\llfrxxf.exe43⤵
- Executes dropped EXE
-
\??\c:\3nnbhh.exec:\3nnbhh.exe44⤵
- Executes dropped EXE
-
\??\c:\vdjpp.exec:\vdjpp.exe45⤵
- Executes dropped EXE
-
\??\c:\pdpjp.exec:\pdpjp.exe46⤵
- Executes dropped EXE
-
\??\c:\lflxrrf.exec:\lflxrrf.exe47⤵
- Executes dropped EXE
-
\??\c:\lxxfflx.exec:\lxxfflx.exe48⤵
- Executes dropped EXE
-
\??\c:\bnthtt.exec:\bnthtt.exe49⤵
- Executes dropped EXE
-
\??\c:\5htbtn.exec:\5htbtn.exe50⤵
- Executes dropped EXE
-
\??\c:\vpvpv.exec:\vpvpv.exe51⤵
- Executes dropped EXE
-
\??\c:\9llrxfl.exec:\9llrxfl.exe52⤵
- Executes dropped EXE
-
\??\c:\1xflrrr.exec:\1xflrrr.exe53⤵
- Executes dropped EXE
-
\??\c:\thhhhn.exec:\thhhhn.exe54⤵
- Executes dropped EXE
-
\??\c:\btbhhn.exec:\btbhhn.exe55⤵
- Executes dropped EXE
-
\??\c:\dpdjp.exec:\dpdjp.exe56⤵
- Executes dropped EXE
-
\??\c:\jvjpv.exec:\jvjpv.exe57⤵
- Executes dropped EXE
-
\??\c:\rllrflf.exec:\rllrflf.exe58⤵
- Executes dropped EXE
-
\??\c:\bttbht.exec:\bttbht.exe59⤵
- Executes dropped EXE
-
\??\c:\nhnbhh.exec:\nhnbhh.exe60⤵
- Executes dropped EXE
-
\??\c:\jddpv.exec:\jddpv.exe61⤵
- Executes dropped EXE
-
\??\c:\vpjpd.exec:\vpjpd.exe62⤵
- Executes dropped EXE
-
\??\c:\rlxxflf.exec:\rlxxflf.exe63⤵
- Executes dropped EXE
-
\??\c:\frfrrlr.exec:\frfrrlr.exe64⤵
- Executes dropped EXE
-
\??\c:\ttntbb.exec:\ttntbb.exe65⤵
- Executes dropped EXE
-
\??\c:\nhbbnt.exec:\nhbbnt.exe66⤵
-
\??\c:\vjvdd.exec:\vjvdd.exe67⤵
-
\??\c:\9dvpv.exec:\9dvpv.exe68⤵
-
\??\c:\xrrxfxf.exec:\xrrxfxf.exe69⤵
-
\??\c:\bthnnn.exec:\bthnnn.exe70⤵
-
\??\c:\hbthtb.exec:\hbthtb.exe71⤵
-
\??\c:\5vpdd.exec:\5vpdd.exe72⤵
-
\??\c:\jjjvp.exec:\jjjvp.exe73⤵
-
\??\c:\xlxxfxl.exec:\xlxxfxl.exe74⤵
-
\??\c:\fxrffxx.exec:\fxrffxx.exe75⤵
-
\??\c:\bnnhhh.exec:\bnnhhh.exe76⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe77⤵
-
\??\c:\7pdpv.exec:\7pdpv.exe78⤵
-
\??\c:\fxlfffr.exec:\fxlfffr.exe79⤵
-
\??\c:\3flfrrf.exec:\3flfrrf.exe80⤵
-
\??\c:\9hntnb.exec:\9hntnb.exe81⤵
-
\??\c:\5nbhbh.exec:\5nbhbh.exe82⤵
-
\??\c:\pdjpv.exec:\pdjpv.exe83⤵
-
\??\c:\3rffrrr.exec:\3rffrrr.exe84⤵
-
\??\c:\rlllflr.exec:\rlllflr.exe85⤵
-
\??\c:\nnhbbb.exec:\nnhbbb.exe86⤵
-
\??\c:\7bntnn.exec:\7bntnn.exe87⤵
-
\??\c:\vjpvp.exec:\vjpvp.exe88⤵
-
\??\c:\rfxxfxf.exec:\rfxxfxf.exe89⤵
-
\??\c:\rffxxrx.exec:\rffxxrx.exe90⤵
-
\??\c:\tnbnbh.exec:\tnbnbh.exe91⤵
-
\??\c:\9htbbt.exec:\9htbbt.exe92⤵
-
\??\c:\djpvj.exec:\djpvj.exe93⤵
-
\??\c:\lfxxxfr.exec:\lfxxxfr.exe94⤵
-
\??\c:\7lxlrrx.exec:\7lxlrrx.exe95⤵
-
\??\c:\tnhnhh.exec:\tnhnhh.exe96⤵
-
\??\c:\bnbttt.exec:\bnbttt.exe97⤵
-
\??\c:\dpppp.exec:\dpppp.exe98⤵
-
\??\c:\jvddj.exec:\jvddj.exe99⤵
-
\??\c:\ffffflx.exec:\ffffflx.exe100⤵
-
\??\c:\frxffll.exec:\frxffll.exe101⤵
-
\??\c:\nbnnhh.exec:\nbnnhh.exe102⤵
-
\??\c:\5tntbh.exec:\5tntbh.exe103⤵
-
\??\c:\jjjdj.exec:\jjjdj.exe104⤵
-
\??\c:\fxlxflr.exec:\fxlxflr.exe105⤵
-
\??\c:\xxfflff.exec:\xxfflff.exe106⤵
-
\??\c:\hbbntt.exec:\hbbntt.exe107⤵
-
\??\c:\nbntbt.exec:\nbntbt.exe108⤵
-
\??\c:\jpdjv.exec:\jpdjv.exe109⤵
-
\??\c:\vddpp.exec:\vddpp.exe110⤵
-
\??\c:\xxffrrf.exec:\xxffrrf.exe111⤵
-
\??\c:\ffrlrxf.exec:\ffrlrxf.exe112⤵
-
\??\c:\bnttnt.exec:\bnttnt.exe113⤵
-
\??\c:\jdppv.exec:\jdppv.exe114⤵
-
\??\c:\rxrxflr.exec:\rxrxflr.exe115⤵
-
\??\c:\hhtbnh.exec:\hhtbnh.exe116⤵
-
\??\c:\nnbttt.exec:\nnbttt.exe117⤵
-
\??\c:\ppjpv.exec:\ppjpv.exe118⤵
-
\??\c:\3ddpv.exec:\3ddpv.exe119⤵
-
\??\c:\lfrrflx.exec:\lfrrflx.exe120⤵
-
\??\c:\7lxlflr.exec:\7lxlflr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-