Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
30/05/2024, 03:45
General
-
Target
d93aa9ab5622ce245bfe421c2cbe8409d202b6b56918cb8e808332a9290b6032.exe
-
Size
67KB
-
MD5
0a8843d541fd3ea43e8c2695e4f08306
-
SHA1
39533acd276bb220b720171c98083b26b7ba2dca
-
SHA256
d93aa9ab5622ce245bfe421c2cbe8409d202b6b56918cb8e808332a9290b6032
-
SHA512
ffc5e6e79baa7bea7aefd73bc5c274669b26569d818e7196b6832a9e006a4341202504509dbd7b7c695d0508fab89c079346783f5ddd90bf6a01756667ed60ed
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFdJUDbAIVQ:ymb3NkkiQ3mdBjFIFdJ8bG
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
UPX dump on OEP (original entry point) 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d93aa9ab5622ce245bfe421c2cbe8409d202b6b56918cb8e808332a9290b6032.exe"C:\Users\Admin\AppData\Local\Temp\d93aa9ab5622ce245bfe421c2cbe8409d202b6b56918cb8e808332a9290b6032.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxfllx.exec:\lfxfllx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhtbtn.exec:\bhtbtn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpdv.exec:\vdpdv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflfrrl.exec:\xflfrrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrffxrf.exec:\xrffxrf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbhb.exec:\nbhbhb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvpj.exec:\dpvpj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxxxff.exec:\xxxxxff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrrxr.exec:\ffrrrxr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxffflr.exec:\fxffflr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtbht.exec:\hbtbht.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddv.exec:\dvddv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdvv.exec:\ppdvv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfffff.exec:\rlfffff.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bhhnt.exec:\5bhhnt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhbh.exec:\bthhbh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjp.exec:\dvpjp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfxxxx.exec:\frfxxxx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbbbh.exec:\nnbbbh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbnhh.exec:\nnbnhh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvvv.exec:\jdvvv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rxlffx.exec:\5rxlffx.exe23⤵
- Executes dropped EXE
-
\??\c:\bbtttt.exec:\bbtttt.exe24⤵
- Executes dropped EXE
-
\??\c:\nhnhbh.exec:\nhnhbh.exe25⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe26⤵
- Executes dropped EXE
-
\??\c:\fxxrllf.exec:\fxxrllf.exe27⤵
- Executes dropped EXE
-
\??\c:\tnhbtn.exec:\tnhbtn.exe28⤵
- Executes dropped EXE
-
\??\c:\9vdvp.exec:\9vdvp.exe29⤵
- Executes dropped EXE
-
\??\c:\pddvj.exec:\pddvj.exe30⤵
- Executes dropped EXE
-
\??\c:\lxrlxxr.exec:\lxrlxxr.exe31⤵
- Executes dropped EXE
-
\??\c:\tnnbtt.exec:\tnnbtt.exe32⤵
- Executes dropped EXE
-
\??\c:\ppvvv.exec:\ppvvv.exe33⤵
- Executes dropped EXE
-
\??\c:\3fxrffx.exec:\3fxrffx.exe34⤵
- Executes dropped EXE
-
\??\c:\5htthh.exec:\5htthh.exe35⤵
- Executes dropped EXE
-
\??\c:\pdvpj.exec:\pdvpj.exe36⤵
- Executes dropped EXE
-
\??\c:\jdvdv.exec:\jdvdv.exe37⤵
- Executes dropped EXE
-
\??\c:\5vjdj.exec:\5vjdj.exe38⤵
- Executes dropped EXE
-
\??\c:\lxrlxxr.exec:\lxrlxxr.exe39⤵
- Executes dropped EXE
-
\??\c:\hhbthh.exec:\hhbthh.exe40⤵
- Executes dropped EXE
-
\??\c:\nbhbnn.exec:\nbhbnn.exe41⤵
- Executes dropped EXE
-
\??\c:\jppjv.exec:\jppjv.exe42⤵
- Executes dropped EXE
-
\??\c:\lfrrxxx.exec:\lfrrxxx.exe43⤵
- Executes dropped EXE
-
\??\c:\thtttt.exec:\thtttt.exe44⤵
- Executes dropped EXE
-
\??\c:\btnhbb.exec:\btnhbb.exe45⤵
- Executes dropped EXE
-
\??\c:\jjdvv.exec:\jjdvv.exe46⤵
- Executes dropped EXE
-
\??\c:\jddjd.exec:\jddjd.exe47⤵
- Executes dropped EXE
-
\??\c:\lrxlfxr.exec:\lrxlfxr.exe48⤵
- Executes dropped EXE
-
\??\c:\bbhbtt.exec:\bbhbtt.exe49⤵
- Executes dropped EXE
-
\??\c:\3nttnn.exec:\3nttnn.exe50⤵
- Executes dropped EXE
-
\??\c:\vvvpd.exec:\vvvpd.exe51⤵
- Executes dropped EXE
-
\??\c:\vjdvj.exec:\vjdvj.exe52⤵
- Executes dropped EXE
-
\??\c:\xxfrrrf.exec:\xxfrrrf.exe53⤵
- Executes dropped EXE
-
\??\c:\fxffxff.exec:\fxffxff.exe54⤵
- Executes dropped EXE
-
\??\c:\3hhbhb.exec:\3hhbhb.exe55⤵
- Executes dropped EXE
-
\??\c:\pjjdd.exec:\pjjdd.exe56⤵
- Executes dropped EXE
-
\??\c:\ppvpd.exec:\ppvpd.exe57⤵
- Executes dropped EXE
-
\??\c:\fxfxrrr.exec:\fxfxrrr.exe58⤵
- Executes dropped EXE
-
\??\c:\frxrlll.exec:\frxrlll.exe59⤵
- Executes dropped EXE
-
\??\c:\bbnhhb.exec:\bbnhhb.exe60⤵
- Executes dropped EXE
-
\??\c:\3bhbbh.exec:\3bhbbh.exe61⤵
- Executes dropped EXE
-
\??\c:\5jjdv.exec:\5jjdv.exe62⤵
- Executes dropped EXE
-
\??\c:\vvvpd.exec:\vvvpd.exe63⤵
- Executes dropped EXE
-
\??\c:\ffffxxr.exec:\ffffxxr.exe64⤵
- Executes dropped EXE
-
\??\c:\xrllfff.exec:\xrllfff.exe65⤵
- Executes dropped EXE
-
\??\c:\ntnnnb.exec:\ntnnnb.exe66⤵
-
\??\c:\nnbnnn.exec:\nnbnnn.exe67⤵
-
\??\c:\pddvp.exec:\pddvp.exe68⤵
-
\??\c:\jdvjd.exec:\jdvjd.exe69⤵
-
\??\c:\vjdvj.exec:\vjdvj.exe70⤵
-
\??\c:\3rlfxxr.exec:\3rlfxxr.exe71⤵
-
\??\c:\fxxrlfx.exec:\fxxrlfx.exe72⤵
-
\??\c:\bnbbbb.exec:\bnbbbb.exe73⤵
-
\??\c:\vpddd.exec:\vpddd.exe74⤵
-
\??\c:\lllxllf.exec:\lllxllf.exe75⤵
-
\??\c:\xlrfxxr.exec:\xlrfxxr.exe76⤵
-
\??\c:\ttbtnn.exec:\ttbtnn.exe77⤵
-
\??\c:\pddvv.exec:\pddvv.exe78⤵
-
\??\c:\djppd.exec:\djppd.exe79⤵
-
\??\c:\lrrlxxl.exec:\lrrlxxl.exe80⤵
-
\??\c:\1xxxrlf.exec:\1xxxrlf.exe81⤵
-
\??\c:\tbbtnt.exec:\tbbtnt.exe82⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe83⤵
-
\??\c:\pjjdj.exec:\pjjdj.exe84⤵
-
\??\c:\5lllxxr.exec:\5lllxxr.exe85⤵
-
\??\c:\thhbbb.exec:\thhbbb.exe86⤵
-
\??\c:\hbnhbb.exec:\hbnhbb.exe87⤵
-
\??\c:\ntnhtt.exec:\ntnhtt.exe88⤵
-
\??\c:\pjddv.exec:\pjddv.exe89⤵
-
\??\c:\vdjdp.exec:\vdjdp.exe90⤵
-
\??\c:\ffxrffx.exec:\ffxrffx.exe91⤵
-
\??\c:\htttnn.exec:\htttnn.exe92⤵
-
\??\c:\hbhhnb.exec:\hbhhnb.exe93⤵
-
\??\c:\9vpjd.exec:\9vpjd.exe94⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe95⤵
-
\??\c:\xffrlfx.exec:\xffrlfx.exe96⤵
-
\??\c:\lfrlrrx.exec:\lfrlrrx.exe97⤵
-
\??\c:\9hhhtn.exec:\9hhhtn.exe98⤵
-
\??\c:\3ttbnb.exec:\3ttbnb.exe99⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe100⤵
-
\??\c:\3flfxxx.exec:\3flfxxx.exe101⤵
-
\??\c:\rlflrrr.exec:\rlflrrr.exe102⤵
-
\??\c:\3ttnhh.exec:\3ttnhh.exe103⤵
-
\??\c:\nbhbtt.exec:\nbhbtt.exe104⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe105⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe106⤵
-
\??\c:\xflfrrf.exec:\xflfrrf.exe107⤵
-
\??\c:\xfllfff.exec:\xfllfff.exe108⤵
-
\??\c:\bhhhbt.exec:\bhhhbt.exe109⤵
-
\??\c:\bhhbbt.exec:\bhhbbt.exe110⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe111⤵
-
\??\c:\pvdjj.exec:\pvdjj.exe112⤵
-
\??\c:\xlfxrll.exec:\xlfxrll.exe113⤵
-
\??\c:\xxrrffx.exec:\xxrrffx.exe114⤵
-
\??\c:\hhbbbb.exec:\hhbbbb.exe115⤵
-
\??\c:\5ttthn.exec:\5ttthn.exe116⤵
-
\??\c:\5pjdp.exec:\5pjdp.exe117⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe118⤵
-
\??\c:\xlfxrlf.exec:\xlfxrlf.exe119⤵
-
\??\c:\lllfxll.exec:\lllfxll.exe120⤵
-
\??\c:\3ttntn.exec:\3ttntn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-