Analysis
-
max time kernel
89s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
05-06-2024 23:32
General
-
Target
60769ef80ed3561395e20a8a323753a7dddfc1652a2ba38f5ef8baac0113aa4b.exe
-
Size
56KB
-
MD5
e6e289d7da43b219357e6b84f76f2502
-
SHA1
a48dab30d929ccb20c41dfe7ae4b11d984c0d51e
-
SHA256
60769ef80ed3561395e20a8a323753a7dddfc1652a2ba38f5ef8baac0113aa4b
-
SHA512
5d1b458484d321a4d70d26a3358c336079c2748bfe08b7dd90189025a379724b81ee1695c0f26cd7cb8c881bd15ee86224b96bfcc35944d2df70d9e52e717625
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0chV/5:ymb3NkkiQ3mdBjF0crR
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
UPX dump on OEP (original entry point) 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\60769ef80ed3561395e20a8a323753a7dddfc1652a2ba38f5ef8baac0113aa4b.exe"C:\Users\Admin\AppData\Local\Temp\60769ef80ed3561395e20a8a323753a7dddfc1652a2ba38f5ef8baac0113aa4b.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtntt.exec:\hhtntt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nhtbn.exec:\1nhtbn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppddp.exec:\ppddp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvp.exec:\vpdvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxllxrx.exec:\xxllxrx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxllrlx.exec:\fxllrlx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hthnt.exec:\9hthnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttbnn.exec:\tttbnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpppd.exec:\dpppd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjpj.exec:\dvjpj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rfxllr.exec:\9rfxllr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xxfrfr.exec:\1xxfrfr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnnbb.exec:\htnnbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbhn.exec:\bbtbhn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvpd.exec:\djvpd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjpj.exec:\jjjpj.exe17⤵
- Executes dropped EXE
-
\??\c:\fxllrrx.exec:\fxllrrx.exe18⤵
- Executes dropped EXE
-
\??\c:\xrlrflx.exec:\xrlrflx.exe19⤵
- Executes dropped EXE
-
\??\c:\xrffrrx.exec:\xrffrrx.exe20⤵
- Executes dropped EXE
-
\??\c:\nbtbtt.exec:\nbtbtt.exe21⤵
- Executes dropped EXE
-
\??\c:\bttnth.exec:\bttnth.exe22⤵
- Executes dropped EXE
-
\??\c:\vpdpv.exec:\vpdpv.exe23⤵
- Executes dropped EXE
-
\??\c:\3pppd.exec:\3pppd.exe24⤵
- Executes dropped EXE
-
\??\c:\ddjpd.exec:\ddjpd.exe25⤵
- Executes dropped EXE
-
\??\c:\ffrrffr.exec:\ffrrffr.exe26⤵
- Executes dropped EXE
-
\??\c:\rrflrrx.exec:\rrflrrx.exe27⤵
- Executes dropped EXE
-
\??\c:\hbbhth.exec:\hbbhth.exe28⤵
- Executes dropped EXE
-
\??\c:\3bnnth.exec:\3bnnth.exe29⤵
- Executes dropped EXE
-
\??\c:\ddvdp.exec:\ddvdp.exe30⤵
- Executes dropped EXE
-
\??\c:\pdpjj.exec:\pdpjj.exe31⤵
- Executes dropped EXE
-
\??\c:\1lrllfl.exec:\1lrllfl.exe32⤵
- Executes dropped EXE
-
\??\c:\lfllrrf.exec:\lfllrrf.exe33⤵
- Executes dropped EXE
-
\??\c:\tnthhh.exec:\tnthhh.exe34⤵
- Executes dropped EXE
-
\??\c:\btbttt.exec:\btbttt.exe35⤵
- Executes dropped EXE
-
\??\c:\hbtthh.exec:\hbtthh.exe36⤵
- Executes dropped EXE
-
\??\c:\dpddp.exec:\dpddp.exe37⤵
- Executes dropped EXE
-
\??\c:\vpddv.exec:\vpddv.exe38⤵
- Executes dropped EXE
-
\??\c:\fxflflx.exec:\fxflflx.exe39⤵
- Executes dropped EXE
-
\??\c:\rfrrlll.exec:\rfrrlll.exe40⤵
- Executes dropped EXE
-
\??\c:\xxflllx.exec:\xxflllx.exe41⤵
- Executes dropped EXE
-
\??\c:\nbtntt.exec:\nbtntt.exe42⤵
- Executes dropped EXE
-
\??\c:\nbthtb.exec:\nbthtb.exe43⤵
- Executes dropped EXE
-
\??\c:\jdpdd.exec:\jdpdd.exe44⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe45⤵
- Executes dropped EXE
-
\??\c:\vjppv.exec:\vjppv.exe46⤵
- Executes dropped EXE
-
\??\c:\rlrxlrx.exec:\rlrxlrx.exe47⤵
- Executes dropped EXE
-
\??\c:\7rlfrxl.exec:\7rlfrxl.exe48⤵
- Executes dropped EXE
-
\??\c:\xrffxlr.exec:\xrffxlr.exe49⤵
- Executes dropped EXE
-
\??\c:\nnhbtb.exec:\nnhbtb.exe50⤵
- Executes dropped EXE
-
\??\c:\tbhttb.exec:\tbhttb.exe51⤵
- Executes dropped EXE
-
\??\c:\ddpvd.exec:\ddpvd.exe52⤵
- Executes dropped EXE
-
\??\c:\3vjpd.exec:\3vjpd.exe53⤵
- Executes dropped EXE
-
\??\c:\7pddj.exec:\7pddj.exe54⤵
- Executes dropped EXE
-
\??\c:\3rlxfxx.exec:\3rlxfxx.exe55⤵
- Executes dropped EXE
-
\??\c:\fxflrrx.exec:\fxflrrx.exe56⤵
- Executes dropped EXE
-
\??\c:\bbttbh.exec:\bbttbh.exe57⤵
- Executes dropped EXE
-
\??\c:\9btthh.exec:\9btthh.exe58⤵
- Executes dropped EXE
-
\??\c:\hbhhtt.exec:\hbhhtt.exe59⤵
- Executes dropped EXE
-
\??\c:\jjvdv.exec:\jjvdv.exe60⤵
- Executes dropped EXE
-
\??\c:\pjvvj.exec:\pjvvj.exe61⤵
- Executes dropped EXE
-
\??\c:\9pjvj.exec:\9pjvj.exe62⤵
- Executes dropped EXE
-
\??\c:\lfrlrxf.exec:\lfrlrxf.exe63⤵
- Executes dropped EXE
-
\??\c:\ffxfxxr.exec:\ffxfxxr.exe64⤵
- Executes dropped EXE
-
\??\c:\7bhtbn.exec:\7bhtbn.exe65⤵
- Executes dropped EXE
-
\??\c:\tbhbtn.exec:\tbhbtn.exe66⤵
-
\??\c:\tbhhnn.exec:\tbhhnn.exe67⤵
-
\??\c:\pppjj.exec:\pppjj.exe68⤵
-
\??\c:\dvppj.exec:\dvppj.exe69⤵
-
\??\c:\1ddvv.exec:\1ddvv.exe70⤵
-
\??\c:\frfxlrf.exec:\frfxlrf.exe71⤵
-
\??\c:\xxxfrll.exec:\xxxfrll.exe72⤵
-
\??\c:\hnbtbt.exec:\hnbtbt.exe73⤵
-
\??\c:\htnnbn.exec:\htnnbn.exe74⤵
-
\??\c:\5htnht.exec:\5htnht.exe75⤵
-
\??\c:\pvjdj.exec:\pvjdj.exe76⤵
-
\??\c:\jvjpp.exec:\jvjpp.exe77⤵
-
\??\c:\fffflrf.exec:\fffflrf.exe78⤵
-
\??\c:\llfllxx.exec:\llfllxx.exe79⤵
-
\??\c:\7hthht.exec:\7hthht.exe80⤵
-
\??\c:\btbhtt.exec:\btbhtt.exe81⤵
-
\??\c:\jjdpd.exec:\jjdpd.exe82⤵
-
\??\c:\vvvvj.exec:\vvvvj.exe83⤵
-
\??\c:\jjdjp.exec:\jjdjp.exe84⤵
-
\??\c:\5rlrfrx.exec:\5rlrfrx.exe85⤵
-
\??\c:\fxffrrl.exec:\fxffrrl.exe86⤵
-
\??\c:\fxrfxxl.exec:\fxrfxxl.exe87⤵
-
\??\c:\nhnhhh.exec:\nhnhhh.exe88⤵
-
\??\c:\9hhnbn.exec:\9hhnbn.exe89⤵
-
\??\c:\btbhhb.exec:\btbhhb.exe90⤵
-
\??\c:\jppjj.exec:\jppjj.exe91⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe92⤵
-
\??\c:\7pvjp.exec:\7pvjp.exe93⤵
-
\??\c:\jpvvj.exec:\jpvvj.exe94⤵
-
\??\c:\lfllxfl.exec:\lfllxfl.exe95⤵
-
\??\c:\rlrflrx.exec:\rlrflrx.exe96⤵
-
\??\c:\nbnnbh.exec:\nbnnbh.exe97⤵
-
\??\c:\htnhtn.exec:\htnhtn.exe98⤵
-
\??\c:\hhttnn.exec:\hhttnn.exe99⤵
-
\??\c:\hbnbnn.exec:\hbnbnn.exe100⤵
-
\??\c:\5dvpd.exec:\5dvpd.exe101⤵
-
\??\c:\vpjvv.exec:\vpjvv.exe102⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe103⤵
-
\??\c:\ffxlxxf.exec:\ffxlxxf.exe104⤵
-
\??\c:\3rffxfl.exec:\3rffxfl.exe105⤵
-
\??\c:\rlflflr.exec:\rlflflr.exe106⤵
-
\??\c:\nbhtnh.exec:\nbhtnh.exe107⤵
-
\??\c:\hhtbht.exec:\hhtbht.exe108⤵
-
\??\c:\bhnbhb.exec:\bhnbhb.exe109⤵
-
\??\c:\1dvvd.exec:\1dvvd.exe110⤵
-
\??\c:\vvpvj.exec:\vvpvj.exe111⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe112⤵
-
\??\c:\xxllxfr.exec:\xxllxfr.exe113⤵
-
\??\c:\7lxxlxf.exec:\7lxxlxf.exe114⤵
-
\??\c:\rrfrxfl.exec:\rrfrxfl.exe115⤵
-
\??\c:\7djdp.exec:\7djdp.exe116⤵
-
\??\c:\jddjv.exec:\jddjv.exe117⤵
-
\??\c:\xrlxlrx.exec:\xrlxlrx.exe118⤵
-
\??\c:\lxrxxxf.exec:\lxrxxxf.exe119⤵
-
\??\c:\3lxrffr.exec:\3lxrffr.exe120⤵
-
\??\c:\xxlxrrl.exec:\xxlxrrl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-