Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
05-06-2024 00:48
General
-
Target
98939571c92ac1ef54b0a2254b0ca4668489d7974b9fd96e6c26a1e86fcb69ed.exe
-
Size
92KB
-
MD5
01fbb3c604ed878c2bddff0ec99f709c
-
SHA1
3edabe63bd0ad047fc58d0503eda33b646f7fdcc
-
SHA256
98939571c92ac1ef54b0a2254b0ca4668489d7974b9fd96e6c26a1e86fcb69ed
-
SHA512
068c0c977a0e304e6af0a5b45c146c6fa59abbe8ae622f6e975c3db972ca8c14de38c19f420f6de6dec1a8c34c07154f8327e757a6c087637f1182210d89a828
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIQIDyviFxx2hCtgIMLP9rBZaRBi:ymb3NkkiQ3mdBjFIVLd2hWZGreRCUlba
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
UPX dump on OEP (original entry point) 30 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\98939571c92ac1ef54b0a2254b0ca4668489d7974b9fd96e6c26a1e86fcb69ed.exe"C:\Users\Admin\AppData\Local\Temp\98939571c92ac1ef54b0a2254b0ca4668489d7974b9fd96e6c26a1e86fcb69ed.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvpj.exec:\pjvpj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvjj.exec:\jjvjj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrxffx.exec:\fxrxffx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhnhb.exec:\nnhnhb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbhn.exec:\btbbhn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdpj.exec:\ppdpj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfrxfl.exec:\frfrxfl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhtbb.exec:\bnhtbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tnnbh.exec:\1tnnbh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvdp.exec:\dpvdp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrlll.exec:\xrxrlll.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhntb.exec:\nnhntb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjddj.exec:\vjddj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvpd.exec:\jpvpd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxllxfx.exec:\xxllxfx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnhbh.exec:\ttnhbh.exe17⤵
- Executes dropped EXE
-
\??\c:\htnthh.exec:\htnthh.exe18⤵
- Executes dropped EXE
-
\??\c:\9vppd.exec:\9vppd.exe19⤵
- Executes dropped EXE
-
\??\c:\xrrrxxf.exec:\xrrrxxf.exe20⤵
- Executes dropped EXE
-
\??\c:\nhnnhn.exec:\nhnnhn.exe21⤵
- Executes dropped EXE
-
\??\c:\tthtbn.exec:\tthtbn.exe22⤵
- Executes dropped EXE
-
\??\c:\jdvdp.exec:\jdvdp.exe23⤵
- Executes dropped EXE
-
\??\c:\llflfrl.exec:\llflfrl.exe24⤵
- Executes dropped EXE
-
\??\c:\nhthbn.exec:\nhthbn.exe25⤵
- Executes dropped EXE
-
\??\c:\5bnbhh.exec:\5bnbhh.exe26⤵
- Executes dropped EXE
-
\??\c:\ddvjv.exec:\ddvjv.exe27⤵
- Executes dropped EXE
-
\??\c:\lrrlrxl.exec:\lrrlrxl.exe28⤵
- Executes dropped EXE
-
\??\c:\thnntb.exec:\thnntb.exe29⤵
- Executes dropped EXE
-
\??\c:\vjvdp.exec:\vjvdp.exe30⤵
- Executes dropped EXE
-
\??\c:\lrrrxxf.exec:\lrrrxxf.exe31⤵
- Executes dropped EXE
-
\??\c:\hnbhtt.exec:\hnbhtt.exe32⤵
- Executes dropped EXE
-
\??\c:\tbttbt.exec:\tbttbt.exe33⤵
- Executes dropped EXE
-
\??\c:\ppppd.exec:\ppppd.exe34⤵
- Executes dropped EXE
-
\??\c:\rfrrlff.exec:\rfrrlff.exe35⤵
- Executes dropped EXE
-
\??\c:\7lxrxrl.exec:\7lxrxrl.exe36⤵
- Executes dropped EXE
-
\??\c:\hbttbn.exec:\hbttbn.exe37⤵
- Executes dropped EXE
-
\??\c:\ntbnbt.exec:\ntbnbt.exe38⤵
- Executes dropped EXE
-
\??\c:\djppj.exec:\djppj.exe39⤵
- Executes dropped EXE
-
\??\c:\djvjj.exec:\djvjj.exe40⤵
- Executes dropped EXE
-
\??\c:\rrxlrfx.exec:\rrxlrfx.exe41⤵
- Executes dropped EXE
-
\??\c:\hhhtbh.exec:\hhhtbh.exe42⤵
- Executes dropped EXE
-
\??\c:\hnnhth.exec:\hnnhth.exe43⤵
- Executes dropped EXE
-
\??\c:\vjvdv.exec:\vjvdv.exe44⤵
- Executes dropped EXE
-
\??\c:\ffxlxrx.exec:\ffxlxrx.exe45⤵
- Executes dropped EXE
-
\??\c:\flxllxl.exec:\flxllxl.exe46⤵
- Executes dropped EXE
-
\??\c:\9llrflx.exec:\9llrflx.exe47⤵
- Executes dropped EXE
-
\??\c:\ttntbh.exec:\ttntbh.exe48⤵
- Executes dropped EXE
-
\??\c:\dvpdj.exec:\dvpdj.exe49⤵
- Executes dropped EXE
-
\??\c:\ppdjp.exec:\ppdjp.exe50⤵
- Executes dropped EXE
-
\??\c:\dpdjj.exec:\dpdjj.exe51⤵
- Executes dropped EXE
-
\??\c:\lfflxrx.exec:\lfflxrx.exe52⤵
- Executes dropped EXE
-
\??\c:\frflrxx.exec:\frflrxx.exe53⤵
- Executes dropped EXE
-
\??\c:\hbntbb.exec:\hbntbb.exe54⤵
- Executes dropped EXE
-
\??\c:\pjjdj.exec:\pjjdj.exe55⤵
- Executes dropped EXE
-
\??\c:\djpjj.exec:\djpjj.exe56⤵
- Executes dropped EXE
-
\??\c:\xffxrrf.exec:\xffxrrf.exe57⤵
- Executes dropped EXE
-
\??\c:\lllfrfx.exec:\lllfrfx.exe58⤵
- Executes dropped EXE
-
\??\c:\ttbhnt.exec:\ttbhnt.exe59⤵
- Executes dropped EXE
-
\??\c:\dpppp.exec:\dpppp.exe60⤵
- Executes dropped EXE
-
\??\c:\jdvvv.exec:\jdvvv.exe61⤵
- Executes dropped EXE
-
\??\c:\7flrrxr.exec:\7flrrxr.exe62⤵
- Executes dropped EXE
-
\??\c:\fxllxrx.exec:\fxllxrx.exe63⤵
- Executes dropped EXE
-
\??\c:\btntnt.exec:\btntnt.exe64⤵
- Executes dropped EXE
-
\??\c:\3nhhnn.exec:\3nhhnn.exe65⤵
- Executes dropped EXE
-
\??\c:\vvvdp.exec:\vvvdp.exe66⤵
-
\??\c:\3jdjj.exec:\3jdjj.exe67⤵
-
\??\c:\1rllrrf.exec:\1rllrrf.exe68⤵
-
\??\c:\rllrxll.exec:\rllrxll.exe69⤵
-
\??\c:\nhtnnb.exec:\nhtnnb.exe70⤵
-
\??\c:\ddpvd.exec:\ddpvd.exe71⤵
-
\??\c:\pvvdp.exec:\pvvdp.exe72⤵
-
\??\c:\rfxlxrx.exec:\rfxlxrx.exe73⤵
-
\??\c:\lflrflr.exec:\lflrflr.exe74⤵
-
\??\c:\3tntbt.exec:\3tntbt.exe75⤵
-
\??\c:\hhtbtt.exec:\hhtbtt.exe76⤵
-
\??\c:\pvdvj.exec:\pvdvj.exe77⤵
-
\??\c:\vpdjd.exec:\vpdjd.exe78⤵
-
\??\c:\fxrrrrf.exec:\fxrrrrf.exe79⤵
-
\??\c:\fffrxxr.exec:\fffrxxr.exe80⤵
-
\??\c:\ttbntt.exec:\ttbntt.exe81⤵
-
\??\c:\tthbhh.exec:\tthbhh.exe82⤵
-
\??\c:\1tnhht.exec:\1tnhht.exe83⤵
-
\??\c:\pdvpj.exec:\pdvpj.exe84⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe85⤵
-
\??\c:\xrrxxrx.exec:\xrrxxrx.exe86⤵
-
\??\c:\btthbb.exec:\btthbb.exe87⤵
-
\??\c:\hbntbb.exec:\hbntbb.exe88⤵
-
\??\c:\vvpjj.exec:\vvpjj.exe89⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe90⤵
-
\??\c:\xrflflx.exec:\xrflflx.exe91⤵
-
\??\c:\tnbhnt.exec:\tnbhnt.exe92⤵
-
\??\c:\ttbbnn.exec:\ttbbnn.exe93⤵
-
\??\c:\3dvdd.exec:\3dvdd.exe94⤵
-
\??\c:\dvppv.exec:\dvppv.exe95⤵
-
\??\c:\lxffxff.exec:\lxffxff.exe96⤵
-
\??\c:\5xlfrrx.exec:\5xlfrrx.exe97⤵
-
\??\c:\5hhhnn.exec:\5hhhnn.exe98⤵
-
\??\c:\7bhnbb.exec:\7bhnbb.exe99⤵
-
\??\c:\dvvdv.exec:\dvvdv.exe100⤵
-
\??\c:\ppdvd.exec:\ppdvd.exe101⤵
-
\??\c:\3xrrrrx.exec:\3xrrrrx.exe102⤵
-
\??\c:\5fxxfxf.exec:\5fxxfxf.exe103⤵
-
\??\c:\nnhhht.exec:\nnhhht.exe104⤵
-
\??\c:\hbbbnn.exec:\hbbbnn.exe105⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe106⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe107⤵
-
\??\c:\rflrlrr.exec:\rflrlrr.exe108⤵
-
\??\c:\tnnhbh.exec:\tnnhbh.exe109⤵
-
\??\c:\jpdjp.exec:\jpdjp.exe110⤵
-
\??\c:\frfllxx.exec:\frfllxx.exe111⤵
-
\??\c:\rllrrfl.exec:\rllrrfl.exe112⤵
-
\??\c:\thntnn.exec:\thntnn.exe113⤵
-
\??\c:\bbnhnn.exec:\bbnhnn.exe114⤵
-
\??\c:\vvjvd.exec:\vvjvd.exe115⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe116⤵
-
\??\c:\xlxrrxl.exec:\xlxrrxl.exe117⤵
-
\??\c:\httttb.exec:\httttb.exe118⤵
-
\??\c:\1tthbb.exec:\1tthbb.exe119⤵
-
\??\c:\5dpdp.exec:\5dpdp.exe120⤵
-
\??\c:\lfrffxl.exec:\lfrffxl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-