Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
30-05-2024 21:49
General
-
Target
699dcdd12472bad708eee49a8b91bf144dac7cbee9f85e38e6aef29e5828cf1a.exe
-
Size
387KB
-
MD5
09703ac57af97c8a50a93b9d653b45c2
-
SHA1
8fbd8a5e21263923dd75936ffe461fca19a36aa4
-
SHA256
699dcdd12472bad708eee49a8b91bf144dac7cbee9f85e38e6aef29e5828cf1a
-
SHA512
13354f6bb7327e81916927b38fba584e4b21217b67873a6f78576ab37cfc3eb7ce32e2f5bcbb912d1932140797a6448faa15fddf0574f92fea17adcf7eb444b3
-
SSDEEP
6144:n3C9BRIG0asYFm71mPfkVB8dKwaO5CVwthY0:n3C9uYA7okVqdKwaO5CVMhb
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\699dcdd12472bad708eee49a8b91bf144dac7cbee9f85e38e6aef29e5828cf1a.exe"C:\Users\Admin\AppData\Local\Temp\699dcdd12472bad708eee49a8b91bf144dac7cbee9f85e38e6aef29e5828cf1a.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\frfxxff.exec:\frfxxff.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlfxr.exec:\xrrlfxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjdp.exec:\vdjdp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\684826.exec:\684826.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnnhb.exec:\bbnnhb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbtnh.exec:\btbtnh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpjd.exec:\jjpjd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8888222.exec:\8888222.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\024606.exec:\024606.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbtbh.exec:\hbbtbh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\84484.exec:\84484.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u220820.exec:\u220820.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdvv.exec:\jjdvv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0060448.exec:\0060448.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpj.exec:\vpvpj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\62202.exec:\62202.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\600482.exec:\600482.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrllll.exec:\xfrllll.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\64066.exec:\64066.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2622004.exec:\2622004.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6460262.exec:\6460262.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtnbn.exec:\nhtnbn.exe23⤵
- Executes dropped EXE
-
\??\c:\62682.exec:\62682.exe24⤵
- Executes dropped EXE
-
\??\c:\442602.exec:\442602.exe25⤵
- Executes dropped EXE
-
\??\c:\24482.exec:\24482.exe26⤵
- Executes dropped EXE
-
\??\c:\1ddpj.exec:\1ddpj.exe27⤵
- Executes dropped EXE
-
\??\c:\84826.exec:\84826.exe28⤵
- Executes dropped EXE
-
\??\c:\60882.exec:\60882.exe29⤵
- Executes dropped EXE
-
\??\c:\g4840.exec:\g4840.exe30⤵
- Executes dropped EXE
-
\??\c:\btnhbt.exec:\btnhbt.exe31⤵
- Executes dropped EXE
-
\??\c:\68882.exec:\68882.exe32⤵
- Executes dropped EXE
-
\??\c:\0220804.exec:\0220804.exe33⤵
- Executes dropped EXE
-
\??\c:\pdvjj.exec:\pdvjj.exe34⤵
- Executes dropped EXE
-
\??\c:\0066282.exec:\0066282.exe35⤵
- Executes dropped EXE
-
\??\c:\868220.exec:\868220.exe36⤵
- Executes dropped EXE
-
\??\c:\46042.exec:\46042.exe37⤵
- Executes dropped EXE
-
\??\c:\400448.exec:\400448.exe38⤵
- Executes dropped EXE
-
\??\c:\hbhnbt.exec:\hbhnbt.exe39⤵
- Executes dropped EXE
-
\??\c:\06220.exec:\06220.exe40⤵
- Executes dropped EXE
-
\??\c:\462604.exec:\462604.exe41⤵
- Executes dropped EXE
-
\??\c:\2644260.exec:\2644260.exe42⤵
- Executes dropped EXE
-
\??\c:\frrlllf.exec:\frrlllf.exe43⤵
- Executes dropped EXE
-
\??\c:\808204.exec:\808204.exe44⤵
- Executes dropped EXE
-
\??\c:\frfrllf.exec:\frfrllf.exe45⤵
- Executes dropped EXE
-
\??\c:\pjjdp.exec:\pjjdp.exe46⤵
- Executes dropped EXE
-
\??\c:\9fxlfxl.exec:\9fxlfxl.exe47⤵
- Executes dropped EXE
-
\??\c:\6446082.exec:\6446082.exe48⤵
- Executes dropped EXE
-
\??\c:\ntttth.exec:\ntttth.exe49⤵
- Executes dropped EXE
-
\??\c:\204000.exec:\204000.exe50⤵
- Executes dropped EXE
-
\??\c:\nbtnhb.exec:\nbtnhb.exe51⤵
- Executes dropped EXE
-
\??\c:\6844642.exec:\6844642.exe52⤵
- Executes dropped EXE
-
\??\c:\3frlfxr.exec:\3frlfxr.exe53⤵
- Executes dropped EXE
-
\??\c:\ttbnth.exec:\ttbnth.exe54⤵
- Executes dropped EXE
-
\??\c:\62866.exec:\62866.exe55⤵
- Executes dropped EXE
-
\??\c:\844824.exec:\844824.exe56⤵
- Executes dropped EXE
-
\??\c:\00448.exec:\00448.exe57⤵
- Executes dropped EXE
-
\??\c:\bnbtnn.exec:\bnbtnn.exe58⤵
- Executes dropped EXE
-
\??\c:\o226842.exec:\o226842.exe59⤵
- Executes dropped EXE
-
\??\c:\dvvpd.exec:\dvvpd.exe60⤵
- Executes dropped EXE
-
\??\c:\lfxrlrr.exec:\lfxrlrr.exe61⤵
- Executes dropped EXE
-
\??\c:\1bbnbt.exec:\1bbnbt.exe62⤵
- Executes dropped EXE
-
\??\c:\7bnhtn.exec:\7bnhtn.exe63⤵
- Executes dropped EXE
-
\??\c:\7tnhbb.exec:\7tnhbb.exe64⤵
- Executes dropped EXE
-
\??\c:\e20868.exec:\e20868.exe65⤵
- Executes dropped EXE
-
\??\c:\htbthh.exec:\htbthh.exe66⤵
-
\??\c:\08086.exec:\08086.exe67⤵
-
\??\c:\4088484.exec:\4088484.exe68⤵
-
\??\c:\lffrffx.exec:\lffrffx.exe69⤵
-
\??\c:\pjpdv.exec:\pjpdv.exe70⤵
-
\??\c:\86622.exec:\86622.exe71⤵
-
\??\c:\640606.exec:\640606.exe72⤵
-
\??\c:\bbhbbt.exec:\bbhbbt.exe73⤵
-
\??\c:\1nbnnn.exec:\1nbnnn.exe74⤵
-
\??\c:\2880826.exec:\2880826.exe75⤵
-
\??\c:\xrfxrrl.exec:\xrfxrrl.exe76⤵
-
\??\c:\822660.exec:\822660.exe77⤵
-
\??\c:\8246862.exec:\8246862.exe78⤵
-
\??\c:\o426406.exec:\o426406.exe79⤵
-
\??\c:\bhnhbt.exec:\bhnhbt.exe80⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe81⤵
-
\??\c:\xllrllx.exec:\xllrllx.exe82⤵
-
\??\c:\408204.exec:\408204.exe83⤵
-
\??\c:\6426424.exec:\6426424.exe84⤵
-
\??\c:\g2004.exec:\g2004.exe85⤵
-
\??\c:\28040.exec:\28040.exe86⤵
-
\??\c:\6820468.exec:\6820468.exe87⤵
-
\??\c:\6068046.exec:\6068046.exe88⤵
-
\??\c:\6060482.exec:\6060482.exe89⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe90⤵
-
\??\c:\48040.exec:\48040.exe91⤵
-
\??\c:\006628.exec:\006628.exe92⤵
-
\??\c:\2608048.exec:\2608048.exe93⤵
-
\??\c:\rrxrrrr.exec:\rrxrrrr.exe94⤵
-
\??\c:\hhhhhb.exec:\hhhhhb.exe95⤵
-
\??\c:\22608.exec:\22608.exe96⤵
-
\??\c:\fxxlrlf.exec:\fxxlrlf.exe97⤵
-
\??\c:\rffxxxx.exec:\rffxxxx.exe98⤵
-
\??\c:\frfrlxf.exec:\frfrlxf.exe99⤵
-
\??\c:\nnnhhb.exec:\nnnhhb.exe100⤵
-
\??\c:\46882.exec:\46882.exe101⤵
-
\??\c:\8688680.exec:\8688680.exe102⤵
-
\??\c:\hhhhtn.exec:\hhhhtn.exe103⤵
-
\??\c:\vdpvj.exec:\vdpvj.exe104⤵
-
\??\c:\flxllxf.exec:\flxllxf.exe105⤵
-
\??\c:\1vdpv.exec:\1vdpv.exe106⤵
-
\??\c:\jvjpj.exec:\jvjpj.exe107⤵
-
\??\c:\xrlxxrl.exec:\xrlxxrl.exe108⤵
-
\??\c:\hnbntn.exec:\hnbntn.exe109⤵
-
\??\c:\220442.exec:\220442.exe110⤵
-
\??\c:\rflllrf.exec:\rflllrf.exe111⤵
-
\??\c:\k22800.exec:\k22800.exe112⤵
-
\??\c:\bbnhtn.exec:\bbnhtn.exe113⤵
-
\??\c:\8202026.exec:\8202026.exe114⤵
-
\??\c:\vjppv.exec:\vjppv.exe115⤵
-
\??\c:\40604.exec:\40604.exe116⤵
-
\??\c:\btnhbb.exec:\btnhbb.exe117⤵
-
\??\c:\7pjdv.exec:\7pjdv.exe118⤵
-
\??\c:\fflflxf.exec:\fflflxf.exe119⤵
-
\??\c:\a2822.exec:\a2822.exe120⤵
-
\??\c:\60660.exec:\60660.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-