Analysis
-
max time kernel
150s -
max time network
109s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
01-06-2024 23:13
General
-
Target
7c164f79531d3c2e02c117f04f4ba087f450e5281552e7a2e833faa7c0ca7566.exe
-
Size
77KB
-
MD5
7eca1619dc0b3af265d2f918a8ab6b7a
-
SHA1
6d3484b570ae4e8e43088425b60085e6a8f271ff
-
SHA256
7c164f79531d3c2e02c117f04f4ba087f450e5281552e7a2e833faa7c0ca7566
-
SHA512
217ee96b2cd881106e178b6bf2c59b9e7a9e6b6095fbede86811944da70f2ddc25ef83332d8649c11aa4d1f898a32cf55a3765630a72fc66ebfbd295464d552f
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoAX8YieVIJclPvPJtcdcY:ymb3NkkiQ3mdBjFo68YBVIJc9JtxY
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
UPX dump on OEP (original entry point) 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7c164f79531d3c2e02c117f04f4ba087f450e5281552e7a2e833faa7c0ca7566.exe"C:\Users\Admin\AppData\Local\Temp\7c164f79531d3c2e02c117f04f4ba087f450e5281552e7a2e833faa7c0ca7566.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvvv.exec:\vvvvv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxfxx.exec:\fxfxfxx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrffflf.exec:\xrffflf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhhbb.exec:\nnhhbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpp.exec:\dvvpp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ffxxxf.exec:\3ffxxxf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxffrrr.exec:\xxffrrr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nnhhh.exec:\1nnhhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvpj.exec:\pvvpj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pjjd.exec:\9pjjd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhtnt.exec:\hhhtnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vdvp.exec:\9vdvp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfffll.exec:\xrfffll.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthbbb.exec:\nthbbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbbbh.exec:\bnbbbh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjvp.exec:\vpjvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlfrrl.exec:\frlfrrl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhnhh.exec:\hnhnhh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbttt.exec:\htbttt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddp.exec:\vpddp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxrlxl.exec:\rrxrlxl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbntbb.exec:\hbntbb.exe23⤵
- Executes dropped EXE
-
\??\c:\vdvdp.exec:\vdvdp.exe24⤵
- Executes dropped EXE
-
\??\c:\rllllll.exec:\rllllll.exe25⤵
- Executes dropped EXE
-
\??\c:\5tbtbh.exec:\5tbtbh.exe26⤵
- Executes dropped EXE
-
\??\c:\hhhbbb.exec:\hhhbbb.exe27⤵
- Executes dropped EXE
-
\??\c:\pjpjd.exec:\pjpjd.exe28⤵
- Executes dropped EXE
-
\??\c:\rrrxxxl.exec:\rrrxxxl.exe29⤵
- Executes dropped EXE
-
\??\c:\rlxrllf.exec:\rlxrllf.exe30⤵
- Executes dropped EXE
-
\??\c:\nhbttt.exec:\nhbttt.exe31⤵
- Executes dropped EXE
-
\??\c:\7httbb.exec:\7httbb.exe32⤵
- Executes dropped EXE
-
\??\c:\dvvjp.exec:\dvvjp.exe33⤵
- Executes dropped EXE
-
\??\c:\xfrrlrr.exec:\xfrrlrr.exe34⤵
- Executes dropped EXE
-
\??\c:\bnnhhh.exec:\bnnhhh.exe35⤵
- Executes dropped EXE
-
\??\c:\7bhbtt.exec:\7bhbtt.exe36⤵
- Executes dropped EXE
-
\??\c:\pvdvp.exec:\pvdvp.exe37⤵
- Executes dropped EXE
-
\??\c:\fxrlxxl.exec:\fxrlxxl.exe38⤵
- Executes dropped EXE
-
\??\c:\xxrrllf.exec:\xxrrllf.exe39⤵
- Executes dropped EXE
-
\??\c:\bnttnh.exec:\bnttnh.exe40⤵
- Executes dropped EXE
-
\??\c:\vvpjj.exec:\vvpjj.exe41⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe42⤵
- Executes dropped EXE
-
\??\c:\5lxflll.exec:\5lxflll.exe43⤵
- Executes dropped EXE
-
\??\c:\rflrlll.exec:\rflrlll.exe44⤵
- Executes dropped EXE
-
\??\c:\hhbtnn.exec:\hhbtnn.exe45⤵
- Executes dropped EXE
-
\??\c:\htbtnn.exec:\htbtnn.exe46⤵
- Executes dropped EXE
-
\??\c:\vdjjj.exec:\vdjjj.exe47⤵
- Executes dropped EXE
-
\??\c:\dpvpp.exec:\dpvpp.exe48⤵
- Executes dropped EXE
-
\??\c:\xlxxrll.exec:\xlxxrll.exe49⤵
- Executes dropped EXE
-
\??\c:\lfrlffr.exec:\lfrlffr.exe50⤵
- Executes dropped EXE
-
\??\c:\nhhtbb.exec:\nhhtbb.exe51⤵
- Executes dropped EXE
-
\??\c:\7jpdv.exec:\7jpdv.exe52⤵
- Executes dropped EXE
-
\??\c:\lxxrfff.exec:\lxxrfff.exe53⤵
- Executes dropped EXE
-
\??\c:\tnnhbb.exec:\tnnhbb.exe54⤵
- Executes dropped EXE
-
\??\c:\9tbbtt.exec:\9tbbtt.exe55⤵
- Executes dropped EXE
-
\??\c:\jddvv.exec:\jddvv.exe56⤵
- Executes dropped EXE
-
\??\c:\pvvdv.exec:\pvvdv.exe57⤵
- Executes dropped EXE
-
\??\c:\3llfrrf.exec:\3llfrrf.exe58⤵
- Executes dropped EXE
-
\??\c:\tnhhbb.exec:\tnhhbb.exe59⤵
- Executes dropped EXE
-
\??\c:\dpjvp.exec:\dpjvp.exe60⤵
- Executes dropped EXE
-
\??\c:\jjjjv.exec:\jjjjv.exe61⤵
- Executes dropped EXE
-
\??\c:\frxlffx.exec:\frxlffx.exe62⤵
- Executes dropped EXE
-
\??\c:\lfxxrrx.exec:\lfxxrrx.exe63⤵
- Executes dropped EXE
-
\??\c:\bntbtt.exec:\bntbtt.exe64⤵
- Executes dropped EXE
-
\??\c:\tnnhhb.exec:\tnnhhb.exe65⤵
- Executes dropped EXE
-
\??\c:\jvpjd.exec:\jvpjd.exe66⤵
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe67⤵
-
\??\c:\nhhhbb.exec:\nhhhbb.exe68⤵
-
\??\c:\pddvd.exec:\pddvd.exe69⤵
-
\??\c:\1fllrfr.exec:\1fllrfr.exe70⤵
-
\??\c:\lrrxflx.exec:\lrrxflx.exe71⤵
-
\??\c:\httnnn.exec:\httnnn.exe72⤵
-
\??\c:\vvpjd.exec:\vvpjd.exe73⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe74⤵
-
\??\c:\7xrllff.exec:\7xrllff.exe75⤵
-
\??\c:\ffrrllf.exec:\ffrrllf.exe76⤵
-
\??\c:\btnhbt.exec:\btnhbt.exe77⤵
-
\??\c:\pvpdj.exec:\pvpdj.exe78⤵
-
\??\c:\7jvpd.exec:\7jvpd.exe79⤵
-
\??\c:\rlfxllf.exec:\rlfxllf.exe80⤵
-
\??\c:\fxxrrxr.exec:\fxxrrxr.exe81⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe82⤵
-
\??\c:\5tnhbt.exec:\5tnhbt.exe83⤵
-
\??\c:\jpvpd.exec:\jpvpd.exe84⤵
-
\??\c:\1ddvj.exec:\1ddvj.exe85⤵
-
\??\c:\9flfrfx.exec:\9flfrfx.exe86⤵
-
\??\c:\fxxrrll.exec:\fxxrrll.exe87⤵
-
\??\c:\hnnhbb.exec:\hnnhbb.exe88⤵
-
\??\c:\7vvvv.exec:\7vvvv.exe89⤵
-
\??\c:\djdpj.exec:\djdpj.exe90⤵
-
\??\c:\rlllfxr.exec:\rlllfxr.exe91⤵
-
\??\c:\nbbbnn.exec:\nbbbnn.exe92⤵
-
\??\c:\tnhbtt.exec:\tnhbtt.exe93⤵
-
\??\c:\vppjd.exec:\vppjd.exe94⤵
-
\??\c:\vjpjv.exec:\vjpjv.exe95⤵
-
\??\c:\xxrlffx.exec:\xxrlffx.exe96⤵
-
\??\c:\lxxxxrr.exec:\lxxxxrr.exe97⤵
-
\??\c:\bnhhbb.exec:\bnhhbb.exe98⤵
-
\??\c:\vppvp.exec:\vppvp.exe99⤵
-
\??\c:\vjdvp.exec:\vjdvp.exe100⤵
-
\??\c:\9rlllll.exec:\9rlllll.exe101⤵
-
\??\c:\5rrrrrl.exec:\5rrrrrl.exe102⤵
-
\??\c:\tnttnt.exec:\tnttnt.exe103⤵
-
\??\c:\nhnhhh.exec:\nhnhhh.exe104⤵
-
\??\c:\dvppd.exec:\dvppd.exe105⤵
-
\??\c:\lfffllx.exec:\lfffllx.exe106⤵
-
\??\c:\frxrllf.exec:\frxrllf.exe107⤵
-
\??\c:\nbnhtt.exec:\nbnhtt.exe108⤵
-
\??\c:\tthhnn.exec:\tthhnn.exe109⤵
-
\??\c:\3vvpd.exec:\3vvpd.exe110⤵
-
\??\c:\7vpvj.exec:\7vpvj.exe111⤵
-
\??\c:\lffxlll.exec:\lffxlll.exe112⤵
-
\??\c:\rlllfxx.exec:\rlllfxx.exe113⤵
-
\??\c:\ntbtnn.exec:\ntbtnn.exe114⤵
-
\??\c:\hbttnn.exec:\hbttnn.exe115⤵
-
\??\c:\dpdjj.exec:\dpdjj.exe116⤵
-
\??\c:\fxxrrrf.exec:\fxxrrrf.exe117⤵
-
\??\c:\1ntnnn.exec:\1ntnnn.exe118⤵
-
\??\c:\1hnnhn.exec:\1hnnhn.exe119⤵
-
\??\c:\7vjdp.exec:\7vjdp.exe120⤵
-
\??\c:\rrrrlrl.exec:\rrrrlrl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-