Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
31/05/2024, 00:36
General
-
Target
6f877068b6d373e9a339558b501b4d991843ee616b8294e3285aea03c288f378.exe
-
Size
54KB
-
MD5
91637b7d530edf7636beb4bec67b7dc1
-
SHA1
745bc703ba5f113ab3b25cd7632e2d141a216f5e
-
SHA256
6f877068b6d373e9a339558b501b4d991843ee616b8294e3285aea03c288f378
-
SHA512
47d43588f1b2cb2d9819de3ec126933306660b527ab4dac286130fc61f26850f975025d8b73b9bf4962579d8ac2a7d6850647a6d35fdaa25d324dfe051f1029f
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFU:ymb3NkkiQ3mdBjFIFU
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6f877068b6d373e9a339558b501b4d991843ee616b8294e3285aea03c288f378.exe"C:\Users\Admin\AppData\Local\Temp\6f877068b6d373e9a339558b501b4d991843ee616b8294e3285aea03c288f378.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrxflx.exec:\xrrxflx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbhb.exec:\nhtbhb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pdvv.exec:\5pdvv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rlxlfr.exec:\3rlxlfr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httttn.exec:\httttn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppp.exec:\jdppp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pdpj.exec:\3pdpj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrrlff.exec:\lxrrlff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnttt.exec:\thnttt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbbh.exec:\hthbbh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpvd.exec:\pjpvd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjpj.exec:\jvjpj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxxrx.exec:\rlxxxrx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntttt.exec:\tntttt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9htbhh.exec:\9htbhh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjv.exec:\dvpjv.exe17⤵
- Executes dropped EXE
-
\??\c:\dpdvv.exec:\dpdvv.exe18⤵
- Executes dropped EXE
-
\??\c:\1rrlfrx.exec:\1rrlfrx.exe19⤵
- Executes dropped EXE
-
\??\c:\nbbtbt.exec:\nbbtbt.exe20⤵
- Executes dropped EXE
-
\??\c:\htntbh.exec:\htntbh.exe21⤵
- Executes dropped EXE
-
\??\c:\dpdvd.exec:\dpdvd.exe22⤵
- Executes dropped EXE
-
\??\c:\vdvjd.exec:\vdvjd.exe23⤵
- Executes dropped EXE
-
\??\c:\xrflrll.exec:\xrflrll.exe24⤵
- Executes dropped EXE
-
\??\c:\llxfxfx.exec:\llxfxfx.exe25⤵
- Executes dropped EXE
-
\??\c:\1hnnht.exec:\1hnnht.exe26⤵
- Executes dropped EXE
-
\??\c:\nhnbbb.exec:\nhnbbb.exe27⤵
- Executes dropped EXE
-
\??\c:\jpjvd.exec:\jpjvd.exe28⤵
- Executes dropped EXE
-
\??\c:\lfrflxr.exec:\lfrflxr.exe29⤵
- Executes dropped EXE
-
\??\c:\lffxllr.exec:\lffxllr.exe30⤵
- Executes dropped EXE
-
\??\c:\vvppv.exec:\vvppv.exe31⤵
- Executes dropped EXE
-
\??\c:\1vvpd.exec:\1vvpd.exe32⤵
- Executes dropped EXE
-
\??\c:\rxlfxlf.exec:\rxlfxlf.exe33⤵
- Executes dropped EXE
-
\??\c:\hbttbb.exec:\hbttbb.exe34⤵
- Executes dropped EXE
-
\??\c:\5ttbbb.exec:\5ttbbb.exe35⤵
- Executes dropped EXE
-
\??\c:\jjpvj.exec:\jjpvj.exe36⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe37⤵
- Executes dropped EXE
-
\??\c:\3xrxrxl.exec:\3xrxrxl.exe38⤵
- Executes dropped EXE
-
\??\c:\bbhhhb.exec:\bbhhhb.exe39⤵
- Executes dropped EXE
-
\??\c:\nnhnth.exec:\nnhnth.exe40⤵
- Executes dropped EXE
-
\??\c:\vjvjj.exec:\vjvjj.exe41⤵
- Executes dropped EXE
-
\??\c:\vvddj.exec:\vvddj.exe42⤵
- Executes dropped EXE
-
\??\c:\5lxxxxf.exec:\5lxxxxf.exe43⤵
- Executes dropped EXE
-
\??\c:\bthtbh.exec:\bthtbh.exe44⤵
- Executes dropped EXE
-
\??\c:\tbnbtt.exec:\tbnbtt.exe45⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe46⤵
- Executes dropped EXE
-
\??\c:\5jdvd.exec:\5jdvd.exe47⤵
- Executes dropped EXE
-
\??\c:\xlxfflr.exec:\xlxfflr.exe48⤵
- Executes dropped EXE
-
\??\c:\btnntb.exec:\btnntb.exe49⤵
- Executes dropped EXE
-
\??\c:\hnhnnn.exec:\hnhnnn.exe50⤵
- Executes dropped EXE
-
\??\c:\dvjdj.exec:\dvjdj.exe51⤵
- Executes dropped EXE
-
\??\c:\jjdjp.exec:\jjdjp.exe52⤵
- Executes dropped EXE
-
\??\c:\rxxffrf.exec:\rxxffrf.exe53⤵
- Executes dropped EXE
-
\??\c:\9xxflrl.exec:\9xxflrl.exe54⤵
- Executes dropped EXE
-
\??\c:\hbbhtn.exec:\hbbhtn.exe55⤵
- Executes dropped EXE
-
\??\c:\btbbbb.exec:\btbbbb.exe56⤵
- Executes dropped EXE
-
\??\c:\jdpvv.exec:\jdpvv.exe57⤵
- Executes dropped EXE
-
\??\c:\vdppv.exec:\vdppv.exe58⤵
- Executes dropped EXE
-
\??\c:\3rrflrf.exec:\3rrflrf.exe59⤵
- Executes dropped EXE
-
\??\c:\rfrrxxl.exec:\rfrrxxl.exe60⤵
- Executes dropped EXE
-
\??\c:\nhnttb.exec:\nhnttb.exe61⤵
- Executes dropped EXE
-
\??\c:\bthhnh.exec:\bthhnh.exe62⤵
- Executes dropped EXE
-
\??\c:\5htnbh.exec:\5htnbh.exe63⤵
- Executes dropped EXE
-
\??\c:\ppdvd.exec:\ppdvd.exe64⤵
- Executes dropped EXE
-
\??\c:\jdvpd.exec:\jdvpd.exe65⤵
- Executes dropped EXE
-
\??\c:\fxxxxfr.exec:\fxxxxfr.exe66⤵
-
\??\c:\7rlrxrx.exec:\7rlrxrx.exe67⤵
-
\??\c:\bhnntb.exec:\bhnntb.exe68⤵
-
\??\c:\pjvpj.exec:\pjvpj.exe69⤵
-
\??\c:\7vpvv.exec:\7vpvv.exe70⤵
-
\??\c:\xlxxffl.exec:\xlxxffl.exe71⤵
-
\??\c:\7flrxxl.exec:\7flrxxl.exe72⤵
-
\??\c:\thnhnn.exec:\thnhnn.exe73⤵
-
\??\c:\tbbhhh.exec:\tbbhhh.exe74⤵
-
\??\c:\ddppj.exec:\ddppj.exe75⤵
-
\??\c:\djjvv.exec:\djjvv.exe76⤵
-
\??\c:\1rfxfff.exec:\1rfxfff.exe77⤵
-
\??\c:\xlxfllr.exec:\xlxfllr.exe78⤵
-
\??\c:\nhnnnt.exec:\nhnnnt.exe79⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe80⤵
-
\??\c:\7dpjp.exec:\7dpjp.exe81⤵
-
\??\c:\3lxxxxf.exec:\3lxxxxf.exe82⤵
-
\??\c:\lffflrx.exec:\lffflrx.exe83⤵
-
\??\c:\nhtthn.exec:\nhtthn.exe84⤵
-
\??\c:\bnhhhb.exec:\bnhhhb.exe85⤵
-
\??\c:\1vvvv.exec:\1vvvv.exe86⤵
-
\??\c:\fxfxxxr.exec:\fxfxxxr.exe87⤵
-
\??\c:\1lfflrx.exec:\1lfflrx.exe88⤵
-
\??\c:\htbbbb.exec:\htbbbb.exe89⤵
-
\??\c:\7htbbh.exec:\7htbbh.exe90⤵
-
\??\c:\jjjpv.exec:\jjjpv.exe91⤵
-
\??\c:\9vppp.exec:\9vppp.exe92⤵
-
\??\c:\ddjjp.exec:\ddjjp.exe93⤵
-
\??\c:\lrxrrrx.exec:\lrxrrrx.exe94⤵
-
\??\c:\rrflrrl.exec:\rrflrrl.exe95⤵
-
\??\c:\hbhhnn.exec:\hbhhnn.exe96⤵
-
\??\c:\pjpvv.exec:\pjpvv.exe97⤵
-
\??\c:\3jppv.exec:\3jppv.exe98⤵
-
\??\c:\rflllfl.exec:\rflllfl.exe99⤵
-
\??\c:\xrxrxrx.exec:\xrxrxrx.exe100⤵
-
\??\c:\htbhnn.exec:\htbhnn.exe101⤵
-
\??\c:\thttbt.exec:\thttbt.exe102⤵
-
\??\c:\jvpjv.exec:\jvpjv.exe103⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe104⤵
-
\??\c:\xflfxfr.exec:\xflfxfr.exe105⤵
-
\??\c:\llxxfxf.exec:\llxxfxf.exe106⤵
-
\??\c:\tthttb.exec:\tthttb.exe107⤵
-
\??\c:\3jppp.exec:\3jppp.exe108⤵
-
\??\c:\jvjdj.exec:\jvjdj.exe109⤵
-
\??\c:\ffffxlf.exec:\ffffxlf.exe110⤵
-
\??\c:\ffrfrrx.exec:\ffrfrrx.exe111⤵
-
\??\c:\hntntn.exec:\hntntn.exe112⤵
-
\??\c:\9ppvp.exec:\9ppvp.exe113⤵
-
\??\c:\1lxxflr.exec:\1lxxflr.exe114⤵
-
\??\c:\fxxllrr.exec:\fxxllrr.exe115⤵
-
\??\c:\fflrxxx.exec:\fflrxxx.exe116⤵
-
\??\c:\nbnbhb.exec:\nbnbhb.exe117⤵
-
\??\c:\nhnnnn.exec:\nhnnnn.exe118⤵
-
\??\c:\3pjvp.exec:\3pjvp.exe119⤵
-
\??\c:\xrlxrff.exec:\xrlxrff.exe120⤵
-
\??\c:\fxlrflr.exec:\fxlrflr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-