Analysis
-
max time kernel
79s -
max time network
108s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
05/06/2024, 23:32
General
-
Target
60769ef80ed3561395e20a8a323753a7dddfc1652a2ba38f5ef8baac0113aa4b.exe
-
Size
56KB
-
MD5
e6e289d7da43b219357e6b84f76f2502
-
SHA1
a48dab30d929ccb20c41dfe7ae4b11d984c0d51e
-
SHA256
60769ef80ed3561395e20a8a323753a7dddfc1652a2ba38f5ef8baac0113aa4b
-
SHA512
5d1b458484d321a4d70d26a3358c336079c2748bfe08b7dd90189025a379724b81ee1695c0f26cd7cb8c881bd15ee86224b96bfcc35944d2df70d9e52e717625
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0chV/5:ymb3NkkiQ3mdBjF0crR
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
UPX dump on OEP (original entry point) 35 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 35 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\60769ef80ed3561395e20a8a323753a7dddfc1652a2ba38f5ef8baac0113aa4b.exe"C:\Users\Admin\AppData\Local\Temp\60769ef80ed3561395e20a8a323753a7dddfc1652a2ba38f5ef8baac0113aa4b.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pddvv.exec:\pddvv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpj.exec:\jdvpj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlfxxf.exec:\rrlfxxf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxrrl.exec:\fxfxrrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbbb.exec:\hbbbbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnnnn.exec:\htnnnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjdd.exec:\jjjdd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpj.exec:\dvvpj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lrrlxx.exec:\5lrrlxx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffffff.exec:\lffffff.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhnnn.exec:\nhhnnn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdvj.exec:\dpdvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvpv.exec:\vvvpv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jjjd.exec:\7jjjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rxxlll.exec:\7rxxlll.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflffll.exec:\rflffll.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhnhn.exec:\tnhnhn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhhtb.exec:\bhhhtb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jpjd.exec:\3jpjd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjjd.exec:\jjjjd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrlll.exec:\rrrrlll.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xxxxll.exec:\1xxxxll.exe23⤵
- Executes dropped EXE
-
\??\c:\nhtnhh.exec:\nhtnhh.exe24⤵
- Executes dropped EXE
-
\??\c:\7ppjd.exec:\7ppjd.exe25⤵
- Executes dropped EXE
-
\??\c:\fxfffff.exec:\fxfffff.exe26⤵
- Executes dropped EXE
-
\??\c:\xrlrlrr.exec:\xrlrlrr.exe27⤵
- Executes dropped EXE
-
\??\c:\hbbtnt.exec:\hbbtnt.exe28⤵
- Executes dropped EXE
-
\??\c:\nhnhhh.exec:\nhnhhh.exe29⤵
- Executes dropped EXE
-
\??\c:\3jvdv.exec:\3jvdv.exe30⤵
- Executes dropped EXE
-
\??\c:\3vvpj.exec:\3vvpj.exe31⤵
- Executes dropped EXE
-
\??\c:\lllfrxx.exec:\lllfrxx.exe32⤵
- Executes dropped EXE
-
\??\c:\xlllrrl.exec:\xlllrrl.exe33⤵
- Executes dropped EXE
-
\??\c:\9thhbb.exec:\9thhbb.exe34⤵
- Executes dropped EXE
-
\??\c:\nhnhbb.exec:\nhnhbb.exe35⤵
- Executes dropped EXE
-
\??\c:\jvddd.exec:\jvddd.exe36⤵
- Executes dropped EXE
-
\??\c:\vpvvp.exec:\vpvvp.exe37⤵
- Executes dropped EXE
-
\??\c:\xlxrrxx.exec:\xlxrrxx.exe38⤵
- Executes dropped EXE
-
\??\c:\lxxxxxx.exec:\lxxxxxx.exe39⤵
- Executes dropped EXE
-
\??\c:\hbhbnn.exec:\hbhbnn.exe40⤵
- Executes dropped EXE
-
\??\c:\3nhhbb.exec:\3nhhbb.exe41⤵
- Executes dropped EXE
-
\??\c:\9jpjv.exec:\9jpjv.exe42⤵
- Executes dropped EXE
-
\??\c:\7pjdv.exec:\7pjdv.exe43⤵
- Executes dropped EXE
-
\??\c:\pvvjd.exec:\pvvjd.exe44⤵
- Executes dropped EXE
-
\??\c:\rfrlfff.exec:\rfrlfff.exe45⤵
- Executes dropped EXE
-
\??\c:\rrffffl.exec:\rrffffl.exe46⤵
- Executes dropped EXE
-
\??\c:\nbbnhh.exec:\nbbnhh.exe47⤵
- Executes dropped EXE
-
\??\c:\tnnhbb.exec:\tnnhbb.exe48⤵
- Executes dropped EXE
-
\??\c:\7dddv.exec:\7dddv.exe49⤵
- Executes dropped EXE
-
\??\c:\ddddd.exec:\ddddd.exe50⤵
- Executes dropped EXE
-
\??\c:\ffrllrr.exec:\ffrllrr.exe51⤵
- Executes dropped EXE
-
\??\c:\7xxxrrl.exec:\7xxxrrl.exe52⤵
- Executes dropped EXE
-
\??\c:\flfrrxl.exec:\flfrrxl.exe53⤵
- Executes dropped EXE
-
\??\c:\bhntth.exec:\bhntth.exe54⤵
- Executes dropped EXE
-
\??\c:\htnnbh.exec:\htnnbh.exe55⤵
- Executes dropped EXE
-
\??\c:\vvjdv.exec:\vvjdv.exe56⤵
- Executes dropped EXE
-
\??\c:\jjjjj.exec:\jjjjj.exe57⤵
- Executes dropped EXE
-
\??\c:\xxfxrrr.exec:\xxfxrrr.exe58⤵
- Executes dropped EXE
-
\??\c:\rlfxrfx.exec:\rlfxrfx.exe59⤵
- Executes dropped EXE
-
\??\c:\nhhbtt.exec:\nhhbtt.exe60⤵
- Executes dropped EXE
-
\??\c:\nthnhn.exec:\nthnhn.exe61⤵
- Executes dropped EXE
-
\??\c:\jjjdv.exec:\jjjdv.exe62⤵
- Executes dropped EXE
-
\??\c:\jpdpp.exec:\jpdpp.exe63⤵
- Executes dropped EXE
-
\??\c:\rllrlxx.exec:\rllrlxx.exe64⤵
- Executes dropped EXE
-
\??\c:\rlffxff.exec:\rlffxff.exe65⤵
- Executes dropped EXE
-
\??\c:\ffflfxr.exec:\ffflfxr.exe66⤵
-
\??\c:\3nbtnn.exec:\3nbtnn.exe67⤵
-
\??\c:\bbbbth.exec:\bbbbth.exe68⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe69⤵
-
\??\c:\9ddvp.exec:\9ddvp.exe70⤵
-
\??\c:\5vvpv.exec:\5vvpv.exe71⤵
-
\??\c:\xrxxlll.exec:\xrxxlll.exe72⤵
-
\??\c:\lfxxrxl.exec:\lfxxrxl.exe73⤵
-
\??\c:\nhbbbb.exec:\nhbbbb.exe74⤵
-
\??\c:\ttbhnb.exec:\ttbhnb.exe75⤵
-
\??\c:\3jppj.exec:\3jppj.exe76⤵
-
\??\c:\jpdvp.exec:\jpdvp.exe77⤵
-
\??\c:\5jjdv.exec:\5jjdv.exe78⤵
-
\??\c:\xffxrxr.exec:\xffxrxr.exe79⤵
-
\??\c:\1flfxxr.exec:\1flfxxr.exe80⤵
-
\??\c:\rrrllrr.exec:\rrrllrr.exe81⤵
-
\??\c:\nhtbhh.exec:\nhtbhh.exe82⤵
-
\??\c:\hbhbhh.exec:\hbhbhh.exe83⤵
-
\??\c:\dpddv.exec:\dpddv.exe84⤵
-
\??\c:\1dvpv.exec:\1dvpv.exe85⤵
-
\??\c:\frxlfff.exec:\frxlfff.exe86⤵
-
\??\c:\llrrxfl.exec:\llrrxfl.exe87⤵
-
\??\c:\5frlrlx.exec:\5frlrlx.exe88⤵
-
\??\c:\hntbht.exec:\hntbht.exe89⤵
-
\??\c:\bbtttt.exec:\bbtttt.exe90⤵
-
\??\c:\jpvpp.exec:\jpvpp.exe91⤵
-
\??\c:\djjdv.exec:\djjdv.exe92⤵
-
\??\c:\pjpvj.exec:\pjpvj.exe93⤵
-
\??\c:\5lrlxfx.exec:\5lrlxfx.exe94⤵
-
\??\c:\fxxrrrr.exec:\fxxrrrr.exe95⤵
-
\??\c:\bnnnhh.exec:\bnnnhh.exe96⤵
-
\??\c:\hbtnbh.exec:\hbtnbh.exe97⤵
-
\??\c:\5tbbhn.exec:\5tbbhn.exe98⤵
-
\??\c:\1dppj.exec:\1dppj.exe99⤵
-
\??\c:\ddvvv.exec:\ddvvv.exe100⤵
-
\??\c:\xxrxrxr.exec:\xxrxrxr.exe101⤵
-
\??\c:\rrfffff.exec:\rrfffff.exe102⤵
-
\??\c:\btbtnn.exec:\btbtnn.exe103⤵
-
\??\c:\tttnhh.exec:\tttnhh.exe104⤵
-
\??\c:\dppjd.exec:\dppjd.exe105⤵
-
\??\c:\vjpdv.exec:\vjpdv.exe106⤵
-
\??\c:\3nhhhh.exec:\3nhhhh.exe107⤵
-
\??\c:\7tbthh.exec:\7tbthh.exe108⤵
-
\??\c:\1ppjv.exec:\1ppjv.exe109⤵
-
\??\c:\9ddvd.exec:\9ddvd.exe110⤵
-
\??\c:\xrxrllf.exec:\xrxrllf.exe111⤵
-
\??\c:\fllfxxx.exec:\fllfxxx.exe112⤵
-
\??\c:\thhhhh.exec:\thhhhh.exe113⤵
-
\??\c:\3hhbtt.exec:\3hhbtt.exe114⤵
-
\??\c:\bthnhb.exec:\bthnhb.exe115⤵
-
\??\c:\jdpdv.exec:\jdpdv.exe116⤵
-
\??\c:\3pvdv.exec:\3pvdv.exe117⤵
-
\??\c:\3xxxlrl.exec:\3xxxlrl.exe118⤵
-
\??\c:\3rrrlrr.exec:\3rrrlrr.exe119⤵
-
\??\c:\tttttt.exec:\tttttt.exe120⤵
-
\??\c:\hhtttt.exec:\hhtttt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-