Analysis
-
max time kernel
151s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
30/05/2024, 00:46
General
-
Target
9a9cb27350d85f3668617c9f51094a6e258f826dfda98449611a2eac007c0c8d.exe
-
Size
61KB
-
MD5
4b3d8fdaf3a13182ac42e1b7d7ec8e27
-
SHA1
0c5671ac945adc99d3ae4c426598df489a5e94d0
-
SHA256
9a9cb27350d85f3668617c9f51094a6e258f826dfda98449611a2eac007c0c8d
-
SHA512
3c017d56f4fa063aed6604c272c4f016cab19c82d6d5ec9489331a42b1cf0c26de33e2c987be73a343785134d9a29b15764467c48463455db84a9d4e91277640
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI9L27h:ymb3NkkiQ3mdBjFI9Q
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
UPX dump on OEP (original entry point) 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9a9cb27350d85f3668617c9f51094a6e258f826dfda98449611a2eac007c0c8d.exe"C:\Users\Admin\AppData\Local\Temp\9a9cb27350d85f3668617c9f51094a6e258f826dfda98449611a2eac007c0c8d.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pxrbr.exec:\pxrbr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hxldj.exec:\hxldj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btlnxnf.exec:\btlnxnf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xvlthn.exec:\xvlthn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rthhx.exec:\rthhx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tvtlxdh.exec:\tvtlxdh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dxpthnv.exec:\dxpthnv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btdtlh.exec:\btdtlh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hjrdhb.exec:\hjrdhb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dthbbdd.exec:\dthbbdd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dlxvxt.exec:\dlxvxt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pljndb.exec:\pljndb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ljnvxdx.exec:\ljnvxdx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dfnrjfv.exec:\dfnrjfv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxhvd.exec:\xxhvd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dbxtp.exec:\dbxtp.exe17⤵
- Executes dropped EXE
-
\??\c:\plbhr.exec:\plbhr.exe18⤵
- Executes dropped EXE
-
\??\c:\xnbpr.exec:\xnbpr.exe19⤵
- Executes dropped EXE
-
\??\c:\ldbnjrr.exec:\ldbnjrr.exe20⤵
- Executes dropped EXE
-
\??\c:\tbbjllp.exec:\tbbjllp.exe21⤵
- Executes dropped EXE
-
\??\c:\blrxx.exec:\blrxx.exe22⤵
- Executes dropped EXE
-
\??\c:\hjnll.exec:\hjnll.exe23⤵
- Executes dropped EXE
-
\??\c:\jftjt.exec:\jftjt.exe24⤵
- Executes dropped EXE
-
\??\c:\ljphr.exec:\ljphr.exe25⤵
- Executes dropped EXE
-
\??\c:\tbhxtt.exec:\tbhxtt.exe26⤵
- Executes dropped EXE
-
\??\c:\rjxrttd.exec:\rjxrttd.exe27⤵
- Executes dropped EXE
-
\??\c:\npndlpl.exec:\npndlpl.exe28⤵
- Executes dropped EXE
-
\??\c:\dltrh.exec:\dltrh.exe29⤵
- Executes dropped EXE
-
\??\c:\tjpjj.exec:\tjpjj.exe30⤵
- Executes dropped EXE
-
\??\c:\rvbnb.exec:\rvbnb.exe31⤵
- Executes dropped EXE
-
\??\c:\llthxf.exec:\llthxf.exe32⤵
- Executes dropped EXE
-
\??\c:\xlhjn.exec:\xlhjn.exe33⤵
- Executes dropped EXE
-
\??\c:\lrxdhd.exec:\lrxdhd.exe34⤵
- Executes dropped EXE
-
\??\c:\vlhprb.exec:\vlhprb.exe35⤵
- Executes dropped EXE
-
\??\c:\nrhlftd.exec:\nrhlftd.exe36⤵
- Executes dropped EXE
-
\??\c:\hjhdvh.exec:\hjhdvh.exe37⤵
- Executes dropped EXE
-
\??\c:\ptjldd.exec:\ptjldd.exe38⤵
- Executes dropped EXE
-
\??\c:\hhptbt.exec:\hhptbt.exe39⤵
- Executes dropped EXE
-
\??\c:\dfbhrpb.exec:\dfbhrpb.exe40⤵
- Executes dropped EXE
-
\??\c:\thrjjtb.exec:\thrjjtb.exe41⤵
- Executes dropped EXE
-
\??\c:\lhjjj.exec:\lhjjj.exe42⤵
- Executes dropped EXE
-
\??\c:\hbbjnnj.exec:\hbbjnnj.exe43⤵
- Executes dropped EXE
-
\??\c:\bvdhj.exec:\bvdhj.exe44⤵
- Executes dropped EXE
-
\??\c:\ptjhn.exec:\ptjhn.exe45⤵
- Executes dropped EXE
-
\??\c:\thtrvr.exec:\thtrvr.exe46⤵
- Executes dropped EXE
-
\??\c:\dhnvhln.exec:\dhnvhln.exe47⤵
- Executes dropped EXE
-
\??\c:\dnrfl.exec:\dnrfl.exe48⤵
- Executes dropped EXE
-
\??\c:\hrdvd.exec:\hrdvd.exe49⤵
- Executes dropped EXE
-
\??\c:\djjtl.exec:\djjtl.exe50⤵
- Executes dropped EXE
-
\??\c:\bxrfj.exec:\bxrfj.exe51⤵
- Executes dropped EXE
-
\??\c:\xhbljtj.exec:\xhbljtj.exe52⤵
- Executes dropped EXE
-
\??\c:\lxdbrj.exec:\lxdbrj.exe53⤵
- Executes dropped EXE
-
\??\c:\xxjtlxt.exec:\xxjtlxt.exe54⤵
- Executes dropped EXE
-
\??\c:\hpfpnrt.exec:\hpfpnrt.exe55⤵
- Executes dropped EXE
-
\??\c:\rpxpjv.exec:\rpxpjv.exe56⤵
- Executes dropped EXE
-
\??\c:\llpbn.exec:\llpbn.exe57⤵
- Executes dropped EXE
-
\??\c:\dhhdl.exec:\dhhdl.exe58⤵
- Executes dropped EXE
-
\??\c:\vjdbf.exec:\vjdbf.exe59⤵
- Executes dropped EXE
-
\??\c:\xprjxr.exec:\xprjxr.exe60⤵
- Executes dropped EXE
-
\??\c:\jpxlhtt.exec:\jpxlhtt.exe61⤵
- Executes dropped EXE
-
\??\c:\rxdjph.exec:\rxdjph.exe62⤵
- Executes dropped EXE
-
\??\c:\lrdjrvt.exec:\lrdjrvt.exe63⤵
- Executes dropped EXE
-
\??\c:\pnfrppt.exec:\pnfrppt.exe64⤵
- Executes dropped EXE
-
\??\c:\lrpnpdb.exec:\lrpnpdb.exe65⤵
- Executes dropped EXE
-
\??\c:\xjbrbvt.exec:\xjbrbvt.exe66⤵
-
\??\c:\pxdnjxb.exec:\pxdnjxb.exe67⤵
-
\??\c:\xnxxprj.exec:\xnxxprj.exe68⤵
-
\??\c:\plpxt.exec:\plpxt.exe69⤵
-
\??\c:\vbfbj.exec:\vbfbj.exe70⤵
-
\??\c:\rbvxhn.exec:\rbvxhn.exe71⤵
-
\??\c:\htjvtfd.exec:\htjvtfd.exe72⤵
-
\??\c:\jxpndvv.exec:\jxpndvv.exe73⤵
-
\??\c:\dvfrf.exec:\dvfrf.exe74⤵
-
\??\c:\btrxrt.exec:\btrxrt.exe75⤵
-
\??\c:\dpdjp.exec:\dpdjp.exe76⤵
-
\??\c:\vlfdlx.exec:\vlfdlx.exe77⤵
-
\??\c:\hxxvrl.exec:\hxxvrl.exe78⤵
-
\??\c:\bbllf.exec:\bbllf.exe79⤵
-
\??\c:\lndjb.exec:\lndjb.exe80⤵
-
\??\c:\pbjnr.exec:\pbjnr.exe81⤵
-
\??\c:\ddxrxt.exec:\ddxrxt.exe82⤵
-
\??\c:\tdxfth.exec:\tdxfth.exe83⤵
-
\??\c:\vnnjp.exec:\vnnjp.exe84⤵
-
\??\c:\hbrlbxv.exec:\hbrlbxv.exe85⤵
-
\??\c:\vlrjbbr.exec:\vlrjbbr.exe86⤵
-
\??\c:\brrhftr.exec:\brrhftr.exe87⤵
-
\??\c:\nrlfb.exec:\nrlfb.exe88⤵
-
\??\c:\bpbdxdb.exec:\bpbdxdb.exe89⤵
-
\??\c:\pjvvjhj.exec:\pjvvjhj.exe90⤵
-
\??\c:\jhldxp.exec:\jhldxp.exe91⤵
-
\??\c:\flfdl.exec:\flfdl.exe92⤵
-
\??\c:\tlvtxl.exec:\tlvtxl.exe93⤵
-
\??\c:\drrpr.exec:\drrpr.exe94⤵
-
\??\c:\vptdv.exec:\vptdv.exe95⤵
-
\??\c:\xvtlxpp.exec:\xvtlxpp.exe96⤵
-
\??\c:\dfvvdn.exec:\dfvvdn.exe97⤵
-
\??\c:\nbnbvnx.exec:\nbnbvnx.exe98⤵
-
\??\c:\htjfj.exec:\htjfj.exe99⤵
-
\??\c:\jxbjf.exec:\jxbjf.exe100⤵
-
\??\c:\drlddbl.exec:\drlddbl.exe101⤵
-
\??\c:\tllnr.exec:\tllnr.exe102⤵
-
\??\c:\dftblvr.exec:\dftblvr.exe103⤵
-
\??\c:\tfblnp.exec:\tfblnp.exe104⤵
-
\??\c:\tdtlldd.exec:\tdtlldd.exe105⤵
-
\??\c:\xbdfx.exec:\xbdfx.exe106⤵
-
\??\c:\nxpxj.exec:\nxpxj.exe107⤵
-
\??\c:\ttpjrpn.exec:\ttpjrpn.exe108⤵
-
\??\c:\rlhpnf.exec:\rlhpnf.exe109⤵
-
\??\c:\rnhhvl.exec:\rnhhvl.exe110⤵
-
\??\c:\bnrfblh.exec:\bnrfblh.exe111⤵
-
\??\c:\nbbjbbt.exec:\nbbjbbt.exe112⤵
-
\??\c:\dtlff.exec:\dtlff.exe113⤵
-
\??\c:\xvdxvp.exec:\xvdxvp.exe114⤵
-
\??\c:\bbvpl.exec:\bbvpl.exe115⤵
-
\??\c:\dfnvbvl.exec:\dfnvbvl.exe116⤵
-
\??\c:\dljtjj.exec:\dljtjj.exe117⤵
-
\??\c:\frbnv.exec:\frbnv.exe118⤵
-
\??\c:\vpdtn.exec:\vpdtn.exe119⤵
-
\??\c:\djrtvhf.exec:\djrtvhf.exe120⤵
-
\??\c:\nlvdtd.exec:\nlvdtd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-