Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
30/05/2024, 04:42
General
-
Target
ec75dda566357aea9445a021836951061ba7e6d4075c54fe2bce6c4c2a9b9423.exe
-
Size
72KB
-
MD5
f47e4a63904b8587617122eba54a9254
-
SHA1
c1be4f1929383d4d1f56dd647de796e6ebc15b38
-
SHA256
ec75dda566357aea9445a021836951061ba7e6d4075c54fe2bce6c4c2a9b9423
-
SHA512
7c1f20dfd8b34265939f5cb5a522a98b8030c94eb8aa0a5b4b37c3158d6f708366abfd9f5a74455dd1d7715224e1eb2938851cd8d2087c7a2079b6d26f70a9e6
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb7GTi3ldj:ymb3NkkiQ3mdBjFIWY9
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
UPX dump on OEP (original entry point) 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ec75dda566357aea9445a021836951061ba7e6d4075c54fe2bce6c4c2a9b9423.exe"C:\Users\Admin\AppData\Local\Temp\ec75dda566357aea9445a021836951061ba7e6d4075c54fe2bce6c4c2a9b9423.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxlfxr.exec:\lxxlfxr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxffx.exec:\rlxxffx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhnnn.exec:\nbhnnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jjjv.exec:\9jjjv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvdv.exec:\pdvdv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhtht.exec:\bbhtht.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvvd.exec:\djvvd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlxrrf.exec:\lrlxrrf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnhth.exec:\nbnhth.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhnnn.exec:\hbhnnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlfxx.exec:\xrrlfxx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbbb.exec:\nhtbbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvvv.exec:\ppvvv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfxxx.exec:\rllfxxx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bttnn.exec:\5bttnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvpj.exec:\jjvpj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlxlfr.exec:\rxlxlfr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhhnt.exec:\bbhhnt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvjj.exec:\dpvjj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfxxxx.exec:\frfxxxx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjdv.exec:\jjjdv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpppv.exec:\dpppv.exe23⤵
- Executes dropped EXE
-
\??\c:\xxfffff.exec:\xxfffff.exe24⤵
- Executes dropped EXE
-
\??\c:\httttt.exec:\httttt.exe25⤵
- Executes dropped EXE
-
\??\c:\vdddj.exec:\vdddj.exe26⤵
- Executes dropped EXE
-
\??\c:\lfxrrrf.exec:\lfxrrrf.exe27⤵
- Executes dropped EXE
-
\??\c:\rlxrrrl.exec:\rlxrrrl.exe28⤵
- Executes dropped EXE
-
\??\c:\jpddv.exec:\jpddv.exe29⤵
- Executes dropped EXE
-
\??\c:\xllfrlx.exec:\xllfrlx.exe30⤵
- Executes dropped EXE
-
\??\c:\lfrfrxx.exec:\lfrfrxx.exe31⤵
- Executes dropped EXE
-
\??\c:\bthhht.exec:\bthhht.exe32⤵
- Executes dropped EXE
-
\??\c:\jjvpd.exec:\jjvpd.exe33⤵
- Executes dropped EXE
-
\??\c:\xfllllr.exec:\xfllllr.exe34⤵
- Executes dropped EXE
-
\??\c:\thtttt.exec:\thtttt.exe35⤵
- Executes dropped EXE
-
\??\c:\nthnbb.exec:\nthnbb.exe36⤵
- Executes dropped EXE
-
\??\c:\djdpd.exec:\djdpd.exe37⤵
- Executes dropped EXE
-
\??\c:\fxfrrxf.exec:\fxfrrxf.exe38⤵
- Executes dropped EXE
-
\??\c:\9flfllf.exec:\9flfllf.exe39⤵
- Executes dropped EXE
-
\??\c:\nntnnn.exec:\nntnnn.exe40⤵
- Executes dropped EXE
-
\??\c:\dpvpv.exec:\dpvpv.exe41⤵
- Executes dropped EXE
-
\??\c:\lllfrfx.exec:\lllfrfx.exe42⤵
- Executes dropped EXE
-
\??\c:\jdpdp.exec:\jdpdp.exe43⤵
- Executes dropped EXE
-
\??\c:\rlrrxfr.exec:\rlrrxfr.exe44⤵
- Executes dropped EXE
-
\??\c:\bnhnbb.exec:\bnhnbb.exe45⤵
- Executes dropped EXE
-
\??\c:\9jjvp.exec:\9jjvp.exe46⤵
- Executes dropped EXE
-
\??\c:\xlrxxfr.exec:\xlrxxfr.exe47⤵
- Executes dropped EXE
-
\??\c:\1lfffff.exec:\1lfffff.exe48⤵
- Executes dropped EXE
-
\??\c:\1vddj.exec:\1vddj.exe49⤵
- Executes dropped EXE
-
\??\c:\3frrrff.exec:\3frrrff.exe50⤵
- Executes dropped EXE
-
\??\c:\tbnnnt.exec:\tbnnnt.exe51⤵
- Executes dropped EXE
-
\??\c:\dpvpd.exec:\dpvpd.exe52⤵
- Executes dropped EXE
-
\??\c:\rlrrlff.exec:\rlrrlff.exe53⤵
- Executes dropped EXE
-
\??\c:\hbbbtb.exec:\hbbbtb.exe54⤵
- Executes dropped EXE
-
\??\c:\nthbtt.exec:\nthbtt.exe55⤵
- Executes dropped EXE
-
\??\c:\vvvvj.exec:\vvvvj.exe56⤵
- Executes dropped EXE
-
\??\c:\rfxllfl.exec:\rfxllfl.exe57⤵
- Executes dropped EXE
-
\??\c:\htbnnh.exec:\htbnnh.exe58⤵
- Executes dropped EXE
-
\??\c:\7httnn.exec:\7httnn.exe59⤵
- Executes dropped EXE
-
\??\c:\nnttbh.exec:\nnttbh.exe60⤵
- Executes dropped EXE
-
\??\c:\pvdpv.exec:\pvdpv.exe61⤵
- Executes dropped EXE
-
\??\c:\hnhtnh.exec:\hnhtnh.exe62⤵
- Executes dropped EXE
-
\??\c:\1dpjd.exec:\1dpjd.exe63⤵
- Executes dropped EXE
-
\??\c:\fflffll.exec:\fflffll.exe64⤵
- Executes dropped EXE
-
\??\c:\ffllfff.exec:\ffllfff.exe65⤵
- Executes dropped EXE
-
\??\c:\5bnhtt.exec:\5bnhtt.exe66⤵
-
\??\c:\jvddv.exec:\jvddv.exe67⤵
-
\??\c:\rrfxrff.exec:\rrfxrff.exe68⤵
-
\??\c:\9rrrlrr.exec:\9rrrlrr.exe69⤵
-
\??\c:\lxrxxrr.exec:\lxrxxrr.exe70⤵
-
\??\c:\btttnt.exec:\btttnt.exe71⤵
-
\??\c:\pvjjd.exec:\pvjjd.exe72⤵
-
\??\c:\pdjdj.exec:\pdjdj.exe73⤵
-
\??\c:\7lllfff.exec:\7lllfff.exe74⤵
-
\??\c:\nntnnn.exec:\nntnnn.exe75⤵
-
\??\c:\tbntnt.exec:\tbntnt.exe76⤵
-
\??\c:\djjjd.exec:\djjjd.exe77⤵
-
\??\c:\jjpjj.exec:\jjpjj.exe78⤵
-
\??\c:\lffxxfx.exec:\lffxxfx.exe79⤵
-
\??\c:\btthhh.exec:\btthhh.exe80⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe81⤵
-
\??\c:\ddvvj.exec:\ddvvj.exe82⤵
-
\??\c:\lfrrxlx.exec:\lfrrxlx.exe83⤵
-
\??\c:\btttnn.exec:\btttnn.exe84⤵
-
\??\c:\tbhhth.exec:\tbhhth.exe85⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe86⤵
-
\??\c:\9fllfxx.exec:\9fllfxx.exe87⤵
-
\??\c:\hhhtbt.exec:\hhhtbt.exe88⤵
-
\??\c:\hhthth.exec:\hhthth.exe89⤵
-
\??\c:\5jvpv.exec:\5jvpv.exe90⤵
-
\??\c:\fflfxff.exec:\fflfxff.exe91⤵
-
\??\c:\rxlfffr.exec:\rxlfffr.exe92⤵
-
\??\c:\5ntntt.exec:\5ntntt.exe93⤵
-
\??\c:\3ffllrr.exec:\3ffllrr.exe94⤵
-
\??\c:\nbhhbh.exec:\nbhhbh.exe95⤵
-
\??\c:\tnbhnt.exec:\tnbhnt.exe96⤵
-
\??\c:\jvjpp.exec:\jvjpp.exe97⤵
-
\??\c:\vvppj.exec:\vvppj.exe98⤵
-
\??\c:\frxrxfr.exec:\frxrxfr.exe99⤵
-
\??\c:\flllfrl.exec:\flllfrl.exe100⤵
-
\??\c:\tttbbt.exec:\tttbbt.exe101⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe102⤵
-
\??\c:\vppjd.exec:\vppjd.exe103⤵
-
\??\c:\xlrrfff.exec:\xlrrfff.exe104⤵
-
\??\c:\frrrrrr.exec:\frrrrrr.exe105⤵
-
\??\c:\5tnthb.exec:\5tnthb.exe106⤵
-
\??\c:\bbtntt.exec:\bbtntt.exe107⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe108⤵
-
\??\c:\jvvjj.exec:\jvvjj.exe109⤵
-
\??\c:\rrlrfll.exec:\rrlrfll.exe110⤵
-
\??\c:\hbhhhh.exec:\hbhhhh.exe111⤵
-
\??\c:\jpdjj.exec:\jpdjj.exe112⤵
-
\??\c:\bhhbbt.exec:\bhhbbt.exe113⤵
-
\??\c:\bnnhbb.exec:\bnnhbb.exe114⤵
-
\??\c:\thhhbn.exec:\thhhbn.exe115⤵
-
\??\c:\pvjdj.exec:\pvjdj.exe116⤵
-
\??\c:\lxxlffl.exec:\lxxlffl.exe117⤵
-
\??\c:\9rrrrxr.exec:\9rrrrxr.exe118⤵
-
\??\c:\bbhnnn.exec:\bbhnnn.exe119⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe120⤵
-
\??\c:\3xlfxrl.exec:\3xlfxrl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-