Analysis
-
max time kernel
151s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
04-06-2024 00:53
General
-
Target
9f93a58d3dc257f8529a228814bd78f008e5577567b13ae9268ff4ca94d7adde.exe
-
Size
78KB
-
MD5
8e380aaa624d1485e3c6c4b598fec408
-
SHA1
3be3eb4b716930567c597d1fe6f8eb9003000222
-
SHA256
9f93a58d3dc257f8529a228814bd78f008e5577567b13ae9268ff4ca94d7adde
-
SHA512
9751dbe1646640b46f30c28e40a0d4e395f38bda492ad4cdc70b3f51fe4592a6bcb52370d23563a8de4e3aa598858e05ba5505f1519c73ce8a6f9c7d05a3c317
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoAX8YieVIJclPvPJtcdc1:ymb3NkkiQ3mdBjFo68YBVIJc9Jtx1
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 18 IoCs
-
UPX dump on OEP (original entry point) 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9f93a58d3dc257f8529a228814bd78f008e5577567b13ae9268ff4ca94d7adde.exe"C:\Users\Admin\AppData\Local\Temp\9f93a58d3dc257f8529a228814bd78f008e5577567b13ae9268ff4ca94d7adde.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jjxvx.exec:\jjxvx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxnvb.exec:\rxnvb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrbrrbj.exec:\lrbrrbj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pbpfjt.exec:\pbpfjt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dxjlh.exec:\dxjlh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rldhx.exec:\rldhx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nxvfdp.exec:\nxvfdp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dthjxl.exec:\dthjxl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\drhjnl.exec:\drhjnl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fbdrl.exec:\fbdrl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\blrxvlf.exec:\blrxvlf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbxhnhv.exec:\nbxhnhv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nxvnl.exec:\nxvnl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tjpbl.exec:\tjpbl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hvrvvfd.exec:\hvrvvfd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdhrjn.exec:\vdhrjn.exe17⤵
- Executes dropped EXE
-
\??\c:\dpltfvn.exec:\dpltfvn.exe18⤵
- Executes dropped EXE
-
\??\c:\xnrnv.exec:\xnrnv.exe19⤵
- Executes dropped EXE
-
\??\c:\ltxxjjf.exec:\ltxxjjf.exe20⤵
- Executes dropped EXE
-
\??\c:\vrnldf.exec:\vrnldf.exe21⤵
- Executes dropped EXE
-
\??\c:\dtxrbjj.exec:\dtxrbjj.exe22⤵
- Executes dropped EXE
-
\??\c:\nvtjfrj.exec:\nvtjfrj.exe23⤵
- Executes dropped EXE
-
\??\c:\fflvf.exec:\fflvf.exe24⤵
- Executes dropped EXE
-
\??\c:\nttpbn.exec:\nttpbn.exe25⤵
- Executes dropped EXE
-
\??\c:\rnpldl.exec:\rnpldl.exe26⤵
- Executes dropped EXE
-
\??\c:\vntjpf.exec:\vntjpf.exe27⤵
- Executes dropped EXE
-
\??\c:\tffdp.exec:\tffdp.exe28⤵
- Executes dropped EXE
-
\??\c:\prxtfth.exec:\prxtfth.exe29⤵
- Executes dropped EXE
-
\??\c:\jphjpv.exec:\jphjpv.exe30⤵
- Executes dropped EXE
-
\??\c:\xbntf.exec:\xbntf.exe31⤵
- Executes dropped EXE
-
\??\c:\jnvvffh.exec:\jnvvffh.exe32⤵
- Executes dropped EXE
-
\??\c:\lrfnn.exec:\lrfnn.exe33⤵
- Executes dropped EXE
-
\??\c:\jthdrln.exec:\jthdrln.exe34⤵
- Executes dropped EXE
-
\??\c:\nhvdt.exec:\nhvdt.exe35⤵
- Executes dropped EXE
-
\??\c:\njnpv.exec:\njnpv.exe36⤵
- Executes dropped EXE
-
\??\c:\hbrplv.exec:\hbrplv.exe37⤵
- Executes dropped EXE
-
\??\c:\plddrj.exec:\plddrj.exe38⤵
- Executes dropped EXE
-
\??\c:\vfhpbx.exec:\vfhpbx.exe39⤵
- Executes dropped EXE
-
\??\c:\rvrdvtn.exec:\rvrdvtn.exe40⤵
- Executes dropped EXE
-
\??\c:\brvjxbr.exec:\brvjxbr.exe41⤵
- Executes dropped EXE
-
\??\c:\lldhr.exec:\lldhr.exe42⤵
- Executes dropped EXE
-
\??\c:\vrvtpr.exec:\vrvtpr.exe43⤵
- Executes dropped EXE
-
\??\c:\lptflfp.exec:\lptflfp.exe44⤵
- Executes dropped EXE
-
\??\c:\bxtvl.exec:\bxtvl.exe45⤵
- Executes dropped EXE
-
\??\c:\bhnfn.exec:\bhnfn.exe46⤵
- Executes dropped EXE
-
\??\c:\xnpxb.exec:\xnpxb.exe47⤵
- Executes dropped EXE
-
\??\c:\jbltbfn.exec:\jbltbfn.exe48⤵
- Executes dropped EXE
-
\??\c:\tjvbvb.exec:\tjvbvb.exe49⤵
- Executes dropped EXE
-
\??\c:\lxjnj.exec:\lxjnj.exe50⤵
- Executes dropped EXE
-
\??\c:\frbbf.exec:\frbbf.exe51⤵
- Executes dropped EXE
-
\??\c:\hfnltxt.exec:\hfnltxt.exe52⤵
- Executes dropped EXE
-
\??\c:\njbdnfl.exec:\njbdnfl.exe53⤵
- Executes dropped EXE
-
\??\c:\ftpvn.exec:\ftpvn.exe54⤵
- Executes dropped EXE
-
\??\c:\pjjhrn.exec:\pjjhrn.exe55⤵
- Executes dropped EXE
-
\??\c:\dlvrbf.exec:\dlvrbf.exe56⤵
- Executes dropped EXE
-
\??\c:\dtlhnxd.exec:\dtlhnxd.exe57⤵
- Executes dropped EXE
-
\??\c:\ptdprdt.exec:\ptdprdt.exe58⤵
- Executes dropped EXE
-
\??\c:\pfvlhd.exec:\pfvlhd.exe59⤵
- Executes dropped EXE
-
\??\c:\frdrntb.exec:\frdrntb.exe60⤵
- Executes dropped EXE
-
\??\c:\hxbjxf.exec:\hxbjxf.exe61⤵
- Executes dropped EXE
-
\??\c:\jhlxhnb.exec:\jhlxhnb.exe62⤵
- Executes dropped EXE
-
\??\c:\nnblr.exec:\nnblr.exe63⤵
- Executes dropped EXE
-
\??\c:\rfnhfnf.exec:\rfnhfnf.exe64⤵
- Executes dropped EXE
-
\??\c:\vhxxb.exec:\vhxxb.exe65⤵
- Executes dropped EXE
-
\??\c:\vtrjf.exec:\vtrjf.exe66⤵
-
\??\c:\lhdtn.exec:\lhdtn.exe67⤵
-
\??\c:\fvpvfb.exec:\fvpvfb.exe68⤵
-
\??\c:\fdjhlnf.exec:\fdjhlnf.exe69⤵
-
\??\c:\fvllvvr.exec:\fvllvvr.exe70⤵
-
\??\c:\fbvjd.exec:\fbvjd.exe71⤵
-
\??\c:\dftflb.exec:\dftflb.exe72⤵
-
\??\c:\tvnjf.exec:\tvnjf.exe73⤵
-
\??\c:\xbltrb.exec:\xbltrb.exe74⤵
-
\??\c:\xtdvvr.exec:\xtdvvr.exe75⤵
-
\??\c:\fprvtbn.exec:\fprvtbn.exe76⤵
-
\??\c:\brfll.exec:\brfll.exe77⤵
-
\??\c:\jljfj.exec:\jljfj.exe78⤵
-
\??\c:\tffrtlj.exec:\tffrtlj.exe79⤵
-
\??\c:\dpvdff.exec:\dpvdff.exe80⤵
-
\??\c:\bpptlt.exec:\bpptlt.exe81⤵
-
\??\c:\rtjtfv.exec:\rtjtfv.exe82⤵
-
\??\c:\dprnlnr.exec:\dprnlnr.exe83⤵
-
\??\c:\lrhnppn.exec:\lrhnppn.exe84⤵
-
\??\c:\vlfptpv.exec:\vlfptpv.exe85⤵
-
\??\c:\bbhxr.exec:\bbhxr.exe86⤵
-
\??\c:\btdjn.exec:\btdjn.exe87⤵
-
\??\c:\prpbld.exec:\prpbld.exe88⤵
-
\??\c:\dbpdjdd.exec:\dbpdjdd.exe89⤵
-
\??\c:\rvhbhht.exec:\rvhbhht.exe90⤵
-
\??\c:\rlnpxd.exec:\rlnpxd.exe91⤵
-
\??\c:\dbxvfb.exec:\dbxvfb.exe92⤵
-
\??\c:\ttlnnj.exec:\ttlnnj.exe93⤵
-
\??\c:\lnbnx.exec:\lnbnx.exe94⤵
-
\??\c:\jvvltt.exec:\jvvltt.exe95⤵
-
\??\c:\fvvtf.exec:\fvvtf.exe96⤵
-
\??\c:\rtntj.exec:\rtntj.exe97⤵
-
\??\c:\hnfdjj.exec:\hnfdjj.exe98⤵
-
\??\c:\xbfvvvd.exec:\xbfvvvd.exe99⤵
-
\??\c:\nvttpp.exec:\nvttpp.exe100⤵
-
\??\c:\lbhxph.exec:\lbhxph.exe101⤵
-
\??\c:\rffjv.exec:\rffjv.exe102⤵
-
\??\c:\htdjjr.exec:\htdjjr.exe103⤵
-
\??\c:\xhffx.exec:\xhffx.exe104⤵
-
\??\c:\jjdpd.exec:\jjdpd.exe105⤵
-
\??\c:\rfxnb.exec:\rfxnb.exe106⤵
-
\??\c:\npvtxj.exec:\npvtxj.exe107⤵
-
\??\c:\bxpftp.exec:\bxpftp.exe108⤵
-
\??\c:\hlptflx.exec:\hlptflx.exe109⤵
-
\??\c:\jxrxn.exec:\jxrxn.exe110⤵
-
\??\c:\ldxjlb.exec:\ldxjlb.exe111⤵
-
\??\c:\jdhjn.exec:\jdhjn.exe112⤵
-
\??\c:\lvpjh.exec:\lvpjh.exe113⤵
-
\??\c:\bxrfj.exec:\bxrfj.exe114⤵
-
\??\c:\vtfttjh.exec:\vtfttjh.exe115⤵
-
\??\c:\hnjhxrn.exec:\hnjhxrn.exe116⤵
-
\??\c:\hvvfth.exec:\hvvfth.exe117⤵
-
\??\c:\nlbddr.exec:\nlbddr.exe118⤵
-
\??\c:\lxfxn.exec:\lxfxn.exe119⤵
-
\??\c:\tfrnnr.exec:\tfrnnr.exe120⤵
-
\??\c:\rntdb.exec:\rntdb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-