Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
01-06-2024 01:27
General
-
Target
a43dc91b3beb7bf3275cdad059683b1bd2a1d9202529f4f9446f02da719af054.exe
-
Size
383KB
-
MD5
45c6ee5c01e868751da11a2f72e69999
-
SHA1
439d36161743dbe12eab1aca8c857a4e3fff362e
-
SHA256
a43dc91b3beb7bf3275cdad059683b1bd2a1d9202529f4f9446f02da719af054
-
SHA512
2b9ce2c036bf50e00de39678016cffdf281b727d5d66aa147bafcee9259754b6a30f7f3a400639dde0942054d063572991a6da8d2357d0a1dbc2be065d421895
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73tvn+Yp99zm+/KZBHqL3yeHmlwe+axBcot39vUDbYhzod03:n3C9BRo7tvnJ99T/KZEL3c5BTkPXKpv
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
UPX dump on OEP (original entry point) 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a43dc91b3beb7bf3275cdad059683b1bd2a1d9202529f4f9446f02da719af054.exe"C:\Users\Admin\AppData\Local\Temp\a43dc91b3beb7bf3275cdad059683b1bd2a1d9202529f4f9446f02da719af054.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxfrxr.exec:\ffxfrxr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vvdv.exec:\9vvdv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxflrr.exec:\rlxflrr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthntb.exec:\bthntb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hbhnn.exec:\7hbhnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvdj.exec:\dvvdj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrflxfr.exec:\rrflxfr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tbhth.exec:\7tbhth.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxlfxf.exec:\lrxlfxf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbbnt.exec:\nbbbnt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpvj.exec:\vvpvj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lfflrx.exec:\7lfflrx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhth.exec:\nhhhth.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvdp.exec:\pdvdp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlllrf.exec:\frlllrf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httbtn.exec:\httbtn.exe17⤵
- Executes dropped EXE
-
\??\c:\dvpvd.exec:\dvpvd.exe18⤵
- Executes dropped EXE
-
\??\c:\jjddp.exec:\jjddp.exe19⤵
- Executes dropped EXE
-
\??\c:\hhbhbh.exec:\hhbhbh.exe20⤵
- Executes dropped EXE
-
\??\c:\fxrlrfx.exec:\fxrlrfx.exe21⤵
- Executes dropped EXE
-
\??\c:\xrrxxfr.exec:\xrrxxfr.exe22⤵
- Executes dropped EXE
-
\??\c:\pjpdp.exec:\pjpdp.exe23⤵
- Executes dropped EXE
-
\??\c:\xxxxlxl.exec:\xxxxlxl.exe24⤵
- Executes dropped EXE
-
\??\c:\1nhntb.exec:\1nhntb.exe25⤵
- Executes dropped EXE
-
\??\c:\dvjpp.exec:\dvjpp.exe26⤵
- Executes dropped EXE
-
\??\c:\ffllxrr.exec:\ffllxrr.exe27⤵
- Executes dropped EXE
-
\??\c:\9bnhtb.exec:\9bnhtb.exe28⤵
- Executes dropped EXE
-
\??\c:\vpjvd.exec:\vpjvd.exe29⤵
- Executes dropped EXE
-
\??\c:\7rlrflx.exec:\7rlrflx.exe30⤵
- Executes dropped EXE
-
\??\c:\btnntb.exec:\btnntb.exe31⤵
- Executes dropped EXE
-
\??\c:\dvpvd.exec:\dvpvd.exe32⤵
- Executes dropped EXE
-
\??\c:\lfffffl.exec:\lfffffl.exe33⤵
- Executes dropped EXE
-
\??\c:\btthht.exec:\btthht.exe34⤵
-
\??\c:\hbhnhb.exec:\hbhnhb.exe35⤵
- Executes dropped EXE
-
\??\c:\5jjjd.exec:\5jjjd.exe36⤵
- Executes dropped EXE
-
\??\c:\5rxxfrr.exec:\5rxxfrr.exe37⤵
- Executes dropped EXE
-
\??\c:\nhhtbh.exec:\nhhtbh.exe38⤵
- Executes dropped EXE
-
\??\c:\7pddv.exec:\7pddv.exe39⤵
- Executes dropped EXE
-
\??\c:\flrxlxx.exec:\flrxlxx.exe40⤵
- Executes dropped EXE
-
\??\c:\1nhbnt.exec:\1nhbnt.exe41⤵
- Executes dropped EXE
-
\??\c:\1pjpp.exec:\1pjpp.exe42⤵
- Executes dropped EXE
-
\??\c:\lfxxlrf.exec:\lfxxlrf.exe43⤵
- Executes dropped EXE
-
\??\c:\xrlllrx.exec:\xrlllrx.exe44⤵
- Executes dropped EXE
-
\??\c:\hhtntn.exec:\hhtntn.exe45⤵
- Executes dropped EXE
-
\??\c:\tbthhh.exec:\tbthhh.exe46⤵
- Executes dropped EXE
-
\??\c:\jpjdj.exec:\jpjdj.exe47⤵
- Executes dropped EXE
-
\??\c:\pdpjv.exec:\pdpjv.exe48⤵
- Executes dropped EXE
-
\??\c:\lxlrrll.exec:\lxlrrll.exe49⤵
- Executes dropped EXE
-
\??\c:\1nthht.exec:\1nthht.exe50⤵
- Executes dropped EXE
-
\??\c:\btbnnn.exec:\btbnnn.exe51⤵
- Executes dropped EXE
-
\??\c:\dpddj.exec:\dpddj.exe52⤵
- Executes dropped EXE
-
\??\c:\7xrxxxl.exec:\7xrxxxl.exe53⤵
- Executes dropped EXE
-
\??\c:\rxxfrrr.exec:\rxxfrrr.exe54⤵
- Executes dropped EXE
-
\??\c:\bbntnh.exec:\bbntnh.exe55⤵
- Executes dropped EXE
-
\??\c:\dpddv.exec:\dpddv.exe56⤵
- Executes dropped EXE
-
\??\c:\pdppp.exec:\pdppp.exe57⤵
- Executes dropped EXE
-
\??\c:\xrxxfrx.exec:\xrxxfrx.exe58⤵
- Executes dropped EXE
-
\??\c:\hhtbhn.exec:\hhtbhn.exe59⤵
- Executes dropped EXE
-
\??\c:\jvjdv.exec:\jvjdv.exe60⤵
- Executes dropped EXE
-
\??\c:\dvjvv.exec:\dvjvv.exe61⤵
- Executes dropped EXE
-
\??\c:\xxfrfxl.exec:\xxfrfxl.exe62⤵
- Executes dropped EXE
-
\??\c:\lxrxflx.exec:\lxrxflx.exe63⤵
- Executes dropped EXE
-
\??\c:\tnnthn.exec:\tnnthn.exe64⤵
- Executes dropped EXE
-
\??\c:\vpdpd.exec:\vpdpd.exe65⤵
- Executes dropped EXE
-
\??\c:\vvjjv.exec:\vvjjv.exe66⤵
- Executes dropped EXE
-
\??\c:\xxfllxx.exec:\xxfllxx.exe67⤵
-
\??\c:\ntbnht.exec:\ntbnht.exe68⤵
-
\??\c:\bhhhhb.exec:\bhhhhb.exe69⤵
-
\??\c:\1jdvj.exec:\1jdvj.exe70⤵
-
\??\c:\xlxfrrl.exec:\xlxfrrl.exe71⤵
-
\??\c:\rxxlxfr.exec:\rxxlxfr.exe72⤵
-
\??\c:\7hbntb.exec:\7hbntb.exe73⤵
-
\??\c:\thbhhb.exec:\thbhhb.exe74⤵
-
\??\c:\9vpvv.exec:\9vpvv.exe75⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe76⤵
-
\??\c:\1xlrxxf.exec:\1xlrxxf.exe77⤵
-
\??\c:\xlxfllr.exec:\xlxfllr.exe78⤵
-
\??\c:\tnbhnt.exec:\tnbhnt.exe79⤵
-
\??\c:\3dvdj.exec:\3dvdj.exe80⤵
-
\??\c:\dppvp.exec:\dppvp.exe81⤵
-
\??\c:\rrlxlrr.exec:\rrlxlrr.exe82⤵
-
\??\c:\5fxrxxl.exec:\5fxrxxl.exe83⤵
-
\??\c:\bhtnbh.exec:\bhtnbh.exe84⤵
-
\??\c:\vdvdj.exec:\vdvdj.exe85⤵
-
\??\c:\vjvjd.exec:\vjvjd.exe86⤵
-
\??\c:\3xfflff.exec:\3xfflff.exe87⤵
-
\??\c:\nhbbtn.exec:\nhbbtn.exe88⤵
-
\??\c:\5btbhn.exec:\5btbhn.exe89⤵
-
\??\c:\1vddv.exec:\1vddv.exe90⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe91⤵
-
\??\c:\fflrlff.exec:\fflrlff.exe92⤵
-
\??\c:\hbthnt.exec:\hbthnt.exe93⤵
-
\??\c:\hbhbbn.exec:\hbhbbn.exe94⤵
-
\??\c:\ddppj.exec:\ddppj.exe95⤵
-
\??\c:\9pdvd.exec:\9pdvd.exe96⤵
-
\??\c:\7xrxrxl.exec:\7xrxrxl.exe97⤵
-
\??\c:\xxlxlrl.exec:\xxlxlrl.exe98⤵
-
\??\c:\bhnhnh.exec:\bhnhnh.exe99⤵
-
\??\c:\pvpvj.exec:\pvpvj.exe100⤵
-
\??\c:\9dvdv.exec:\9dvdv.exe101⤵
-
\??\c:\7rxrfrx.exec:\7rxrfrx.exe102⤵
-
\??\c:\ffxlxff.exec:\ffxlxff.exe103⤵
-
\??\c:\3tntht.exec:\3tntht.exe104⤵
-
\??\c:\5jvjp.exec:\5jvjp.exe105⤵
-
\??\c:\5dpvv.exec:\5dpvv.exe106⤵
-
\??\c:\1lxxffl.exec:\1lxxffl.exe107⤵
-
\??\c:\xxrflrl.exec:\xxrflrl.exe108⤵
-
\??\c:\9thhnt.exec:\9thhnt.exe109⤵
-
\??\c:\hbnbhh.exec:\hbnbhh.exe110⤵
-
\??\c:\jppjd.exec:\jppjd.exe111⤵
-
\??\c:\lfrrffr.exec:\lfrrffr.exe112⤵
-
\??\c:\fxlrrrr.exec:\fxlrrrr.exe113⤵
-
\??\c:\fxrrxxl.exec:\fxrrxxl.exe114⤵
-
\??\c:\ffllfxr.exec:\ffllfxr.exe115⤵
-
\??\c:\1pdpd.exec:\1pdpd.exe116⤵
-
\??\c:\rrffxfx.exec:\rrffxfx.exe117⤵
-
\??\c:\httnnb.exec:\httnnb.exe118⤵
-
\??\c:\jvppp.exec:\jvppp.exe119⤵
-
\??\c:\ffxlxff.exec:\ffxlxff.exe120⤵
-
\??\c:\thbhnt.exec:\thbhnt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-