Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
05-06-2024 22:00
General
-
Target
45bbd0fcf11d155fffaecda111fb0686cbc254480c7f46ce73ad09b9992fbeb5.exe
-
Size
90KB
-
MD5
b589a7b0e66283bdb85b2a5e6354856e
-
SHA1
660a2d5c0286f1ad669c60fa81197e689e431ec6
-
SHA256
45bbd0fcf11d155fffaecda111fb0686cbc254480c7f46ce73ad09b9992fbeb5
-
SHA512
b1ee6dda13c672dde0a237f7a34a0b793c4ab796d19ec224b475b356c3be4d576caa3fade7c94a46e72d0bf743f082104f7930aae044b6e30d6610cc07a98deb
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIQIDyviFxx2hCtgIMLP9rBZaRBY:ymb3NkkiQ3mdBjFIVLd2hWZGreRCYBy5
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
UPX dump on OEP (original entry point) 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\45bbd0fcf11d155fffaecda111fb0686cbc254480c7f46ce73ad09b9992fbeb5.exe"C:\Users\Admin\AppData\Local\Temp\45bbd0fcf11d155fffaecda111fb0686cbc254480c7f46ce73ad09b9992fbeb5.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xlhdhhl.exec:\xlhdhhl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lptrrp.exec:\lptrrp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxjt.exec:\lxxjt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vnfxpvx.exec:\vnfxpvx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjb.exec:\jdjjb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xdlxdd.exec:\xdlxdd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hvpdbdh.exec:\hvpdbdh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lddjj.exec:\lddjj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vbnjj.exec:\vbnjj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\prdfpp.exec:\prdfpp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ptxbhv.exec:\ptxbhv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nvtxp.exec:\nvtxp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hpbrpb.exec:\hpbrpb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddbdlf.exec:\jddbdlf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nlhff.exec:\nlhff.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjrjpv.exec:\pjjrjpv.exe17⤵
- Executes dropped EXE
-
\??\c:\lfjlf.exec:\lfjlf.exe18⤵
- Executes dropped EXE
-
\??\c:\ntdnth.exec:\ntdnth.exe19⤵
- Executes dropped EXE
-
\??\c:\vtrxlj.exec:\vtrxlj.exe20⤵
- Executes dropped EXE
-
\??\c:\fhdfnd.exec:\fhdfnd.exe21⤵
- Executes dropped EXE
-
\??\c:\jbbdn.exec:\jbbdn.exe22⤵
- Executes dropped EXE
-
\??\c:\rfpbft.exec:\rfpbft.exe23⤵
- Executes dropped EXE
-
\??\c:\ttthb.exec:\ttthb.exe24⤵
- Executes dropped EXE
-
\??\c:\nnpldp.exec:\nnpldp.exe25⤵
- Executes dropped EXE
-
\??\c:\htdpd.exec:\htdpd.exe26⤵
- Executes dropped EXE
-
\??\c:\drhbl.exec:\drhbl.exe27⤵
- Executes dropped EXE
-
\??\c:\xbftlx.exec:\xbftlx.exe28⤵
- Executes dropped EXE
-
\??\c:\pfblbn.exec:\pfblbn.exe29⤵
- Executes dropped EXE
-
\??\c:\jtbnft.exec:\jtbnft.exe30⤵
- Executes dropped EXE
-
\??\c:\lfnrnd.exec:\lfnrnd.exe31⤵
- Executes dropped EXE
-
\??\c:\jhbxn.exec:\jhbxn.exe32⤵
- Executes dropped EXE
-
\??\c:\tvxhlj.exec:\tvxhlj.exe33⤵
- Executes dropped EXE
-
\??\c:\jbpjv.exec:\jbpjv.exe34⤵
- Executes dropped EXE
-
\??\c:\hpjbtp.exec:\hpjbtp.exe35⤵
- Executes dropped EXE
-
\??\c:\ftlttv.exec:\ftlttv.exe36⤵
- Executes dropped EXE
-
\??\c:\jxrjfrl.exec:\jxrjfrl.exe37⤵
- Executes dropped EXE
-
\??\c:\nhvpxf.exec:\nhvpxf.exe38⤵
- Executes dropped EXE
-
\??\c:\bxhtnhv.exec:\bxhtnhv.exe39⤵
- Executes dropped EXE
-
\??\c:\fhdxlft.exec:\fhdxlft.exe40⤵
- Executes dropped EXE
-
\??\c:\fjhvnjl.exec:\fjhvnjl.exe41⤵
- Executes dropped EXE
-
\??\c:\hhdtbft.exec:\hhdtbft.exe42⤵
- Executes dropped EXE
-
\??\c:\xjbpvfj.exec:\xjbpvfj.exe43⤵
- Executes dropped EXE
-
\??\c:\vdfjhx.exec:\vdfjhx.exe44⤵
- Executes dropped EXE
-
\??\c:\tbbhhl.exec:\tbbhhl.exe45⤵
- Executes dropped EXE
-
\??\c:\ndhbp.exec:\ndhbp.exe46⤵
- Executes dropped EXE
-
\??\c:\ndpnvhh.exec:\ndpnvhh.exe47⤵
- Executes dropped EXE
-
\??\c:\lflbhdr.exec:\lflbhdr.exe48⤵
- Executes dropped EXE
-
\??\c:\rlbrd.exec:\rlbrd.exe49⤵
- Executes dropped EXE
-
\??\c:\jtnjf.exec:\jtnjf.exe50⤵
- Executes dropped EXE
-
\??\c:\jtjjbpt.exec:\jtjjbpt.exe51⤵
- Executes dropped EXE
-
\??\c:\xrdfn.exec:\xrdfn.exe52⤵
- Executes dropped EXE
-
\??\c:\jtrfhp.exec:\jtrfhp.exe53⤵
- Executes dropped EXE
-
\??\c:\vjfdrh.exec:\vjfdrh.exe54⤵
- Executes dropped EXE
-
\??\c:\lrbtptr.exec:\lrbtptr.exe55⤵
- Executes dropped EXE
-
\??\c:\vvbxtbb.exec:\vvbxtbb.exe56⤵
- Executes dropped EXE
-
\??\c:\hvfhpdl.exec:\hvfhpdl.exe57⤵
- Executes dropped EXE
-
\??\c:\dxhvf.exec:\dxhvf.exe58⤵
- Executes dropped EXE
-
\??\c:\xbpbvb.exec:\xbpbvb.exe59⤵
- Executes dropped EXE
-
\??\c:\jrdfh.exec:\jrdfh.exe60⤵
- Executes dropped EXE
-
\??\c:\npvbnx.exec:\npvbnx.exe61⤵
- Executes dropped EXE
-
\??\c:\blvltj.exec:\blvltj.exe62⤵
- Executes dropped EXE
-
\??\c:\tnpxvbv.exec:\tnpxvbv.exe63⤵
- Executes dropped EXE
-
\??\c:\hxrlnvp.exec:\hxrlnvp.exe64⤵
- Executes dropped EXE
-
\??\c:\hddjrh.exec:\hddjrh.exe65⤵
- Executes dropped EXE
-
\??\c:\plhjv.exec:\plhjv.exe66⤵
-
\??\c:\ptfpvr.exec:\ptfpvr.exe67⤵
-
\??\c:\dndhx.exec:\dndhx.exe68⤵
-
\??\c:\bxhdn.exec:\bxhdn.exe69⤵
-
\??\c:\jpbbn.exec:\jpbbn.exe70⤵
-
\??\c:\ldtdfrj.exec:\ldtdfrj.exe71⤵
-
\??\c:\hvhjl.exec:\hvhjl.exe72⤵
-
\??\c:\trxvvl.exec:\trxvvl.exe73⤵
-
\??\c:\ffhfh.exec:\ffhfh.exe74⤵
-
\??\c:\fnvjfh.exec:\fnvjfh.exe75⤵
-
\??\c:\rrttfr.exec:\rrttfr.exe76⤵
-
\??\c:\htdln.exec:\htdln.exe77⤵
-
\??\c:\dvxdxv.exec:\dvxdxv.exe78⤵
-
\??\c:\llhppnn.exec:\llhppnn.exe79⤵
-
\??\c:\nfttx.exec:\nfttx.exe80⤵
-
\??\c:\rftjhjh.exec:\rftjhjh.exe81⤵
-
\??\c:\lpjjjp.exec:\lpjjjp.exe82⤵
-
\??\c:\nrnldxh.exec:\nrnldxh.exe83⤵
-
\??\c:\btdbfv.exec:\btdbfv.exe84⤵
-
\??\c:\dpdnp.exec:\dpdnp.exe85⤵
-
\??\c:\nphll.exec:\nphll.exe86⤵
-
\??\c:\jhpnbx.exec:\jhpnbx.exe87⤵
-
\??\c:\drptffb.exec:\drptffb.exe88⤵
-
\??\c:\prjbn.exec:\prjbn.exe89⤵
-
\??\c:\rbfrl.exec:\rbfrl.exe90⤵
-
\??\c:\xxtxnnn.exec:\xxtxnnn.exe91⤵
-
\??\c:\bdvhj.exec:\bdvhj.exe92⤵
-
\??\c:\tlbjhrf.exec:\tlbjhrf.exe93⤵
-
\??\c:\pxfnbt.exec:\pxfnbt.exe94⤵
-
\??\c:\fffxlr.exec:\fffxlr.exe95⤵
-
\??\c:\ndbdd.exec:\ndbdd.exe96⤵
-
\??\c:\dvjrt.exec:\dvjrt.exe97⤵
-
\??\c:\txfblt.exec:\txfblt.exe98⤵
-
\??\c:\nplhd.exec:\nplhd.exe99⤵
-
\??\c:\njvjjl.exec:\njvjjl.exe100⤵
-
\??\c:\xnnpff.exec:\xnnpff.exe101⤵
-
\??\c:\rjrph.exec:\rjrph.exe102⤵
-
\??\c:\jbfplpb.exec:\jbfplpb.exe103⤵
-
\??\c:\tfndth.exec:\tfndth.exe104⤵
-
\??\c:\tnhptb.exec:\tnhptb.exe105⤵
-
\??\c:\lnpdb.exec:\lnpdb.exe106⤵
-
\??\c:\tblhp.exec:\tblhp.exe107⤵
-
\??\c:\nhxtb.exec:\nhxtb.exe108⤵
-
\??\c:\plfdhhf.exec:\plfdhhf.exe109⤵
-
\??\c:\lnjbt.exec:\lnjbt.exe110⤵
-
\??\c:\fjntbrr.exec:\fjntbrr.exe111⤵
-
\??\c:\bhttdh.exec:\bhttdh.exe112⤵
-
\??\c:\trvvf.exec:\trvvf.exe113⤵
-
\??\c:\bnnbflp.exec:\bnnbflp.exe114⤵
-
\??\c:\ljxxhlf.exec:\ljxxhlf.exe115⤵
-
\??\c:\lxhrjfx.exec:\lxhrjfx.exe116⤵
-
\??\c:\nhhnhr.exec:\nhhnhr.exe117⤵
-
\??\c:\tfnfb.exec:\tfnfb.exe118⤵
-
\??\c:\lrlrpnp.exec:\lrlrpnp.exe119⤵
-
\??\c:\bfjph.exec:\bfjph.exe120⤵
-
\??\c:\hfddtxn.exec:\hfddtxn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-