Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
29/05/2024, 03:24
General
-
Target
e31d6025997bb78485544193c717463169b67fef14c9eb4d4a1757ae6392c610.exe
-
Size
69KB
-
MD5
0e5b4dd9bd0795cd41b88a1d343047fb
-
SHA1
f98a197ad2f366aa65d3c102d425189158b110cc
-
SHA256
e31d6025997bb78485544193c717463169b67fef14c9eb4d4a1757ae6392c610
-
SHA512
af7fa431ce6a7735fa7f3cb5b8dc53ef372aefede01fb282ac82f06373a5f44cd8fc0914ea96fefba53e1da33d03c46c5b1e09318d47a027a163b91b82754761
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIfv7+afCD+QsQbu0:ymb3NkkiQ3mdBjFIfvTfCD+HU
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
UPX dump on OEP (original entry point) 33 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e31d6025997bb78485544193c717463169b67fef14c9eb4d4a1757ae6392c610.exe"C:\Users\Admin\AppData\Local\Temp\e31d6025997bb78485544193c717463169b67fef14c9eb4d4a1757ae6392c610.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7lrllll.exec:\7lrllll.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htttnn.exec:\htttnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddp.exec:\vvddp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ddvp.exec:\1ddvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxxflr.exec:\xxxxflr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtntt.exec:\nhtntt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hhnnb.exec:\7hhnnb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjjd.exec:\pjjjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrlrrl.exec:\ffrlrrl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hnhbb.exec:\9hnhbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjjp.exec:\ddjjp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrflx.exec:\rxxrflx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nnhhh.exec:\5nnhhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bhhhn.exec:\1bhhhn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddd.exec:\vvddd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5flxllf.exec:\5flxllf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbbbb.exec:\ttbbbb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbttnn.exec:\hbttnn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjddj.exec:\jjddj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxxff.exec:\xrxxxff.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtttb.exec:\hbtttb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjd.exec:\vjpjd.exe23⤵
- Executes dropped EXE
-
\??\c:\pjpjv.exec:\pjpjv.exe24⤵
- Executes dropped EXE
-
\??\c:\flrxfxx.exec:\flrxfxx.exe25⤵
- Executes dropped EXE
-
\??\c:\thhhht.exec:\thhhht.exe26⤵
- Executes dropped EXE
-
\??\c:\vvvpj.exec:\vvvpj.exe27⤵
- Executes dropped EXE
-
\??\c:\pjppd.exec:\pjppd.exe28⤵
- Executes dropped EXE
-
\??\c:\ffxrfff.exec:\ffxrfff.exe29⤵
- Executes dropped EXE
-
\??\c:\bbthhn.exec:\bbthhn.exe30⤵
- Executes dropped EXE
-
\??\c:\jdppd.exec:\jdppd.exe31⤵
- Executes dropped EXE
-
\??\c:\jpddd.exec:\jpddd.exe32⤵
- Executes dropped EXE
-
\??\c:\rlllfll.exec:\rlllfll.exe33⤵
- Executes dropped EXE
-
\??\c:\ntbnnt.exec:\ntbnnt.exe34⤵
- Executes dropped EXE
-
\??\c:\7dpjv.exec:\7dpjv.exe35⤵
- Executes dropped EXE
-
\??\c:\1vvpp.exec:\1vvpp.exe36⤵
- Executes dropped EXE
-
\??\c:\xflfffl.exec:\xflfffl.exe37⤵
- Executes dropped EXE
-
\??\c:\rrllllr.exec:\rrllllr.exe38⤵
- Executes dropped EXE
-
\??\c:\nttttt.exec:\nttttt.exe39⤵
-
\??\c:\btbhnn.exec:\btbhnn.exe40⤵
- Executes dropped EXE
-
\??\c:\lflrxxr.exec:\lflrxxr.exe41⤵
- Executes dropped EXE
-
\??\c:\rrrxffl.exec:\rrrxffl.exe42⤵
- Executes dropped EXE
-
\??\c:\htnhnn.exec:\htnhnn.exe43⤵
- Executes dropped EXE
-
\??\c:\nbbbtt.exec:\nbbbtt.exe44⤵
- Executes dropped EXE
-
\??\c:\5hbbnt.exec:\5hbbnt.exe45⤵
- Executes dropped EXE
-
\??\c:\pjpjv.exec:\pjpjv.exe46⤵
- Executes dropped EXE
-
\??\c:\rllfrll.exec:\rllfrll.exe47⤵
- Executes dropped EXE
-
\??\c:\5xfffff.exec:\5xfffff.exe48⤵
- Executes dropped EXE
-
\??\c:\btnhtt.exec:\btnhtt.exe49⤵
- Executes dropped EXE
-
\??\c:\1ntnbh.exec:\1ntnbh.exe50⤵
- Executes dropped EXE
-
\??\c:\7djdv.exec:\7djdv.exe51⤵
- Executes dropped EXE
-
\??\c:\7jvpj.exec:\7jvpj.exe52⤵
- Executes dropped EXE
-
\??\c:\9rrllfx.exec:\9rrllfx.exe53⤵
- Executes dropped EXE
-
\??\c:\fxffxxr.exec:\fxffxxr.exe54⤵
- Executes dropped EXE
-
\??\c:\hhttbb.exec:\hhttbb.exe55⤵
- Executes dropped EXE
-
\??\c:\5vjdd.exec:\5vjdd.exe56⤵
- Executes dropped EXE
-
\??\c:\pvppj.exec:\pvppj.exe57⤵
- Executes dropped EXE
-
\??\c:\lxlfxxr.exec:\lxlfxxr.exe58⤵
- Executes dropped EXE
-
\??\c:\rflffff.exec:\rflffff.exe59⤵
- Executes dropped EXE
-
\??\c:\9bthbh.exec:\9bthbh.exe60⤵
- Executes dropped EXE
-
\??\c:\7nhhbb.exec:\7nhhbb.exe61⤵
- Executes dropped EXE
-
\??\c:\vdvpd.exec:\vdvpd.exe62⤵
- Executes dropped EXE
-
\??\c:\ppjjd.exec:\ppjjd.exe63⤵
- Executes dropped EXE
-
\??\c:\llrrrrl.exec:\llrrrrl.exe64⤵
- Executes dropped EXE
-
\??\c:\xxxrrrr.exec:\xxxrrrr.exe65⤵
- Executes dropped EXE
-
\??\c:\bnttnn.exec:\bnttnn.exe66⤵
- Executes dropped EXE
-
\??\c:\bhnhnn.exec:\bhnhnn.exe67⤵
-
\??\c:\7vjdd.exec:\7vjdd.exe68⤵
-
\??\c:\pjppj.exec:\pjppj.exe69⤵
-
\??\c:\fxlfffl.exec:\fxlfffl.exe70⤵
-
\??\c:\1hbhbb.exec:\1hbhbb.exe71⤵
-
\??\c:\nttntt.exec:\nttntt.exe72⤵
-
\??\c:\jddvd.exec:\jddvd.exe73⤵
-
\??\c:\1djdv.exec:\1djdv.exe74⤵
-
\??\c:\3rfxrrx.exec:\3rfxrrx.exe75⤵
-
\??\c:\5llfffx.exec:\5llfffx.exe76⤵
-
\??\c:\nnntnn.exec:\nnntnn.exe77⤵
-
\??\c:\tnhttt.exec:\tnhttt.exe78⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe79⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe80⤵
-
\??\c:\5flfrxr.exec:\5flfrxr.exe81⤵
-
\??\c:\lrxxrfx.exec:\lrxxrfx.exe82⤵
-
\??\c:\tnhtbh.exec:\tnhtbh.exe83⤵
-
\??\c:\ttbttt.exec:\ttbttt.exe84⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe85⤵
-
\??\c:\xrrfllx.exec:\xrrfllx.exe86⤵
-
\??\c:\hnbthn.exec:\hnbthn.exe87⤵
-
\??\c:\7jdvd.exec:\7jdvd.exe88⤵
-
\??\c:\7lrrllf.exec:\7lrrllf.exe89⤵
-
\??\c:\flllfff.exec:\flllfff.exe90⤵
-
\??\c:\5btttt.exec:\5btttt.exe91⤵
-
\??\c:\nnttht.exec:\nnttht.exe92⤵
-
\??\c:\5jvdv.exec:\5jvdv.exe93⤵
-
\??\c:\5jpjp.exec:\5jpjp.exe94⤵
-
\??\c:\flrrlrr.exec:\flrrlrr.exe95⤵
-
\??\c:\xllffff.exec:\xllffff.exe96⤵
-
\??\c:\nhhbhh.exec:\nhhbhh.exe97⤵
-
\??\c:\ttbbbh.exec:\ttbbbh.exe98⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe99⤵
-
\??\c:\vdjjv.exec:\vdjjv.exe100⤵
-
\??\c:\9flfrrx.exec:\9flfrrx.exe101⤵
-
\??\c:\btbhhh.exec:\btbhhh.exe102⤵
-
\??\c:\ppvpd.exec:\ppvpd.exe103⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe104⤵
-
\??\c:\dpvdp.exec:\dpvdp.exe105⤵
-
\??\c:\xffxxxx.exec:\xffxxxx.exe106⤵
-
\??\c:\9tbbbb.exec:\9tbbbb.exe107⤵
-
\??\c:\ppjdv.exec:\ppjdv.exe108⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe109⤵
-
\??\c:\1lxxxxl.exec:\1lxxxxl.exe110⤵
-
\??\c:\xfrrffl.exec:\xfrrffl.exe111⤵
-
\??\c:\nbhhhn.exec:\nbhhhn.exe112⤵
-
\??\c:\tnttbn.exec:\tnttbn.exe113⤵
-
\??\c:\9pjjd.exec:\9pjjd.exe114⤵
-
\??\c:\7pjdv.exec:\7pjdv.exe115⤵
-
\??\c:\lxfxxfx.exec:\lxfxxfx.exe116⤵
-
\??\c:\xrxxxfx.exec:\xrxxxfx.exe117⤵
-
\??\c:\5lrxxrx.exec:\5lrxxrx.exe118⤵
-
\??\c:\tbhbbt.exec:\tbhbbt.exe119⤵
-
\??\c:\1bbtnb.exec:\1bbtnb.exe120⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-