Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
30/05/2024, 04:07
General
-
Target
e0fc12842e79da0b02a9eab69237916eb2853fc9b723978fee3da542215d6a3c.exe
-
Size
72KB
-
MD5
e7a16f2dfadceb1b4ac6ff4635a8c2b9
-
SHA1
bdcd1d0a6177b254bc3f36743083254877b3dc82
-
SHA256
e0fc12842e79da0b02a9eab69237916eb2853fc9b723978fee3da542215d6a3c
-
SHA512
ed6457d7f118e27fb0caf206f3ee7e5a0e8a2a34da06d109ad0ab7971d5f11cff33d170ed85050f355b964d83040d462170a978852a9d07fb6eccc847f6df4f5
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIfv7+afCD+QsQbKQPVxn:ymb3NkkiQ3mdBjFIfvTfCD+HlQLn
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
UPX dump on OEP (original entry point) 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e0fc12842e79da0b02a9eab69237916eb2853fc9b723978fee3da542215d6a3c.exe"C:\Users\Admin\AppData\Local\Temp\e0fc12842e79da0b02a9eab69237916eb2853fc9b723978fee3da542215d6a3c.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpvv.exec:\jjpvv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrrxr.exec:\xrlrrxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhthh.exec:\nbhthh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjpd.exec:\dvjpd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvdd.exec:\vjvdd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxlxrx.exec:\lfxlxrx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrlfxx.exec:\flrlfxx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbhnn.exec:\tnbhnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppddp.exec:\ppddp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpv.exec:\vpvpv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxfrrf.exec:\rlxfrrf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nbhnt.exec:\3nbhnt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtnbn.exec:\bbtnbn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjd.exec:\dvjjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pjpv.exec:\1pjpv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrfrrf.exec:\llrfrrf.exe17⤵
- Executes dropped EXE
-
\??\c:\rlxllfr.exec:\rlxllfr.exe18⤵
- Executes dropped EXE
-
\??\c:\1bntbt.exec:\1bntbt.exe19⤵
- Executes dropped EXE
-
\??\c:\3bnnnn.exec:\3bnnnn.exe20⤵
- Executes dropped EXE
-
\??\c:\pdpvp.exec:\pdpvp.exe21⤵
- Executes dropped EXE
-
\??\c:\dpjvj.exec:\dpjvj.exe22⤵
- Executes dropped EXE
-
\??\c:\xxrxflr.exec:\xxrxflr.exe23⤵
- Executes dropped EXE
-
\??\c:\tbhhhh.exec:\tbhhhh.exe24⤵
- Executes dropped EXE
-
\??\c:\7nnnnn.exec:\7nnnnn.exe25⤵
- Executes dropped EXE
-
\??\c:\pjjjv.exec:\pjjjv.exe26⤵
- Executes dropped EXE
-
\??\c:\pvjvp.exec:\pvjvp.exe27⤵
- Executes dropped EXE
-
\??\c:\ffflrrr.exec:\ffflrrr.exe28⤵
- Executes dropped EXE
-
\??\c:\bttbhh.exec:\bttbhh.exe29⤵
- Executes dropped EXE
-
\??\c:\hhhhnb.exec:\hhhhnb.exe30⤵
- Executes dropped EXE
-
\??\c:\5dvvd.exec:\5dvvd.exe31⤵
- Executes dropped EXE
-
\??\c:\3xrxxlr.exec:\3xrxxlr.exe32⤵
- Executes dropped EXE
-
\??\c:\9bbbnt.exec:\9bbbnt.exe33⤵
- Executes dropped EXE
-
\??\c:\hhbbbh.exec:\hhbbbh.exe34⤵
- Executes dropped EXE
-
\??\c:\5dppv.exec:\5dppv.exe35⤵
- Executes dropped EXE
-
\??\c:\ppjpd.exec:\ppjpd.exe36⤵
- Executes dropped EXE
-
\??\c:\xrxfrxf.exec:\xrxfrxf.exe37⤵
- Executes dropped EXE
-
\??\c:\7rlrxlr.exec:\7rlrxlr.exe38⤵
- Executes dropped EXE
-
\??\c:\hbntnt.exec:\hbntnt.exe39⤵
- Executes dropped EXE
-
\??\c:\bbhtbh.exec:\bbhtbh.exe40⤵
- Executes dropped EXE
-
\??\c:\9bbbhn.exec:\9bbbhn.exe41⤵
- Executes dropped EXE
-
\??\c:\vvvdd.exec:\vvvdd.exe42⤵
- Executes dropped EXE
-
\??\c:\pjpdp.exec:\pjpdp.exe43⤵
- Executes dropped EXE
-
\??\c:\5rflrxl.exec:\5rflrxl.exe44⤵
- Executes dropped EXE
-
\??\c:\rlxxrxr.exec:\rlxxrxr.exe45⤵
- Executes dropped EXE
-
\??\c:\btbhbh.exec:\btbhbh.exe46⤵
- Executes dropped EXE
-
\??\c:\ttnhtb.exec:\ttnhtb.exe47⤵
- Executes dropped EXE
-
\??\c:\pjvvv.exec:\pjvvv.exe48⤵
- Executes dropped EXE
-
\??\c:\ddvvv.exec:\ddvvv.exe49⤵
- Executes dropped EXE
-
\??\c:\lrrxxrx.exec:\lrrxxrx.exe50⤵
- Executes dropped EXE
-
\??\c:\xrlrflf.exec:\xrlrflf.exe51⤵
- Executes dropped EXE
-
\??\c:\hbbhtt.exec:\hbbhtt.exe52⤵
- Executes dropped EXE
-
\??\c:\bttbbb.exec:\bttbbb.exe53⤵
- Executes dropped EXE
-
\??\c:\5vjjj.exec:\5vjjj.exe54⤵
- Executes dropped EXE
-
\??\c:\pvjvd.exec:\pvjvd.exe55⤵
- Executes dropped EXE
-
\??\c:\3lllllx.exec:\3lllllx.exe56⤵
- Executes dropped EXE
-
\??\c:\xlrrxxx.exec:\xlrrxxx.exe57⤵
- Executes dropped EXE
-
\??\c:\hbtnbh.exec:\hbtnbh.exe58⤵
- Executes dropped EXE
-
\??\c:\tntthn.exec:\tntthn.exe59⤵
- Executes dropped EXE
-
\??\c:\ppjjj.exec:\ppjjj.exe60⤵
- Executes dropped EXE
-
\??\c:\5jjpd.exec:\5jjpd.exe61⤵
- Executes dropped EXE
-
\??\c:\htnbht.exec:\htnbht.exe62⤵
- Executes dropped EXE
-
\??\c:\9thhhh.exec:\9thhhh.exe63⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe64⤵
- Executes dropped EXE
-
\??\c:\dvvvd.exec:\dvvvd.exe65⤵
- Executes dropped EXE
-
\??\c:\9rllfrx.exec:\9rllfrx.exe66⤵
-
\??\c:\3lxxffr.exec:\3lxxffr.exe67⤵
-
\??\c:\nhbttb.exec:\nhbttb.exe68⤵
-
\??\c:\htttbn.exec:\htttbn.exe69⤵
-
\??\c:\jpjjv.exec:\jpjjv.exe70⤵
-
\??\c:\fffllrl.exec:\fffllrl.exe71⤵
-
\??\c:\xlfxxfl.exec:\xlfxxfl.exe72⤵
-
\??\c:\5thhnn.exec:\5thhnn.exe73⤵
-
\??\c:\hbhbbb.exec:\hbhbbb.exe74⤵
-
\??\c:\pvddv.exec:\pvddv.exe75⤵
-
\??\c:\9vdvd.exec:\9vdvd.exe76⤵
-
\??\c:\3rllllr.exec:\3rllllr.exe77⤵
-
\??\c:\xxrrlfx.exec:\xxrrlfx.exe78⤵
-
\??\c:\hthbnb.exec:\hthbnb.exe79⤵
-
\??\c:\tnbhbh.exec:\tnbhbh.exe80⤵
-
\??\c:\pppvd.exec:\pppvd.exe81⤵
-
\??\c:\xlrlrlx.exec:\xlrlrlx.exe82⤵
-
\??\c:\fxfffll.exec:\fxfffll.exe83⤵
-
\??\c:\rrlrllf.exec:\rrlrllf.exe84⤵
-
\??\c:\tnhtbn.exec:\tnhtbn.exe85⤵
-
\??\c:\5hthhn.exec:\5hthhn.exe86⤵
-
\??\c:\ppvjp.exec:\ppvjp.exe87⤵
-
\??\c:\jddpv.exec:\jddpv.exe88⤵
-
\??\c:\xlxxllx.exec:\xlxxllx.exe89⤵
-
\??\c:\xrflrxf.exec:\xrflrxf.exe90⤵
-
\??\c:\ffrxflr.exec:\ffrxflr.exe91⤵
-
\??\c:\nnhtnt.exec:\nnhtnt.exe92⤵
-
\??\c:\hhnttt.exec:\hhnttt.exe93⤵
-
\??\c:\jvdpv.exec:\jvdpv.exe94⤵
-
\??\c:\vpddd.exec:\vpddd.exe95⤵
-
\??\c:\fllllxf.exec:\fllllxf.exe96⤵
-
\??\c:\3lxlrxf.exec:\3lxlrxf.exe97⤵
-
\??\c:\3xrxxfl.exec:\3xrxxfl.exe98⤵
-
\??\c:\ththtt.exec:\ththtt.exe99⤵
-
\??\c:\nhbttb.exec:\nhbttb.exe100⤵
-
\??\c:\bthntb.exec:\bthntb.exe101⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe102⤵
-
\??\c:\jvdpj.exec:\jvdpj.exe103⤵
-
\??\c:\lfffrxl.exec:\lfffrxl.exe104⤵
-
\??\c:\9fxflrr.exec:\9fxflrr.exe105⤵
-
\??\c:\bbtthb.exec:\bbtthb.exe106⤵
-
\??\c:\ttntnb.exec:\ttntnb.exe107⤵
-
\??\c:\hhbhnt.exec:\hhbhnt.exe108⤵
-
\??\c:\ddpjd.exec:\ddpjd.exe109⤵
-
\??\c:\rflxxll.exec:\rflxxll.exe110⤵
-
\??\c:\3lffrfr.exec:\3lffrfr.exe111⤵
-
\??\c:\9rrrfll.exec:\9rrrfll.exe112⤵
-
\??\c:\9bhhhh.exec:\9bhhhh.exe113⤵
-
\??\c:\nbnnbt.exec:\nbnnbt.exe114⤵
-
\??\c:\dvpdv.exec:\dvpdv.exe115⤵
-
\??\c:\1vddv.exec:\1vddv.exe116⤵
-
\??\c:\1llfxfx.exec:\1llfxfx.exe117⤵
-
\??\c:\5lrflll.exec:\5lrflll.exe118⤵
-
\??\c:\htnnnt.exec:\htnnnt.exe119⤵
-
\??\c:\tthnbn.exec:\tthnbn.exe120⤵
-
\??\c:\dpvvd.exec:\dpvvd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-