Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
05-06-2024 21:23
General
-
Target
3bd260d941d668fb8f2b1bb6445caec8b3ad5054fe615c1751b1dbe8e66f85e4.exe
-
Size
88KB
-
MD5
34d98139b962358120d16021585c89ee
-
SHA1
b7a46376673134d2bc84cf60157801ca118f29ea
-
SHA256
3bd260d941d668fb8f2b1bb6445caec8b3ad5054fe615c1751b1dbe8e66f85e4
-
SHA512
bd4f086ac26efa597d39f125432947f6a9b7ca2c6ecedd5e7cf68b064a6b804aba11d24a339ba4b06efc75d99915a9870e3de92c5baa4a538c3992411385300c
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND+3T4+C2wV3jaCJ5jH3e79:ymb3NkkiQ3mdBjF+3TU2K3bJZXy
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
UPX dump on OEP (original entry point) 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3bd260d941d668fb8f2b1bb6445caec8b3ad5054fe615c1751b1dbe8e66f85e4.exe"C:\Users\Admin\AppData\Local\Temp\3bd260d941d668fb8f2b1bb6445caec8b3ad5054fe615c1751b1dbe8e66f85e4.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pddpj.exec:\pddpj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xfxrrl.exec:\5xfxrrl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrlfxr.exec:\xfrlfxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pddv.exec:\3pddv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pvpp.exec:\3pvpp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrlxxr.exec:\rxrlxxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnnhh.exec:\hhnnhh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjv.exec:\vppjv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rxxxxx.exec:\7rxxxxx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbthb.exec:\btbthb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pvjd.exec:\1pvjd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjjp.exec:\pdjjp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfrlfx.exec:\lxfrlfx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnnhh.exec:\nnnnhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvvp.exec:\ppvvp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lrfxxr.exec:\7lrfxxr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxfxxr.exec:\frxfxxr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbnhh.exec:\nhbnhh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhnnn.exec:\bnhnnn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvpd.exec:\pjvpd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rfffll.exec:\5rfffll.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrfxrl.exec:\frrfxrl.exe23⤵
- Executes dropped EXE
-
\??\c:\bthbtn.exec:\bthbtn.exe24⤵
- Executes dropped EXE
-
\??\c:\vjppp.exec:\vjppp.exe25⤵
- Executes dropped EXE
-
\??\c:\fxffxrf.exec:\fxffxrf.exe26⤵
- Executes dropped EXE
-
\??\c:\ttttbh.exec:\ttttbh.exe27⤵
- Executes dropped EXE
-
\??\c:\9nnnnh.exec:\9nnnnh.exe28⤵
- Executes dropped EXE
-
\??\c:\dpjdv.exec:\dpjdv.exe29⤵
- Executes dropped EXE
-
\??\c:\jdvpj.exec:\jdvpj.exe30⤵
- Executes dropped EXE
-
\??\c:\xllfxrl.exec:\xllfxrl.exe31⤵
- Executes dropped EXE
-
\??\c:\7hhhbb.exec:\7hhhbb.exe32⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe33⤵
- Executes dropped EXE
-
\??\c:\1pjdp.exec:\1pjdp.exe34⤵
- Executes dropped EXE
-
\??\c:\1lrlrrf.exec:\1lrlrrf.exe35⤵
- Executes dropped EXE
-
\??\c:\ffrlfff.exec:\ffrlfff.exe36⤵
- Executes dropped EXE
-
\??\c:\btbbbb.exec:\btbbbb.exe37⤵
- Executes dropped EXE
-
\??\c:\nthhtt.exec:\nthhtt.exe38⤵
- Executes dropped EXE
-
\??\c:\1pdvp.exec:\1pdvp.exe39⤵
- Executes dropped EXE
-
\??\c:\5fllrrx.exec:\5fllrrx.exe40⤵
- Executes dropped EXE
-
\??\c:\ffrxxff.exec:\ffrxxff.exe41⤵
- Executes dropped EXE
-
\??\c:\bbtnbb.exec:\bbtnbb.exe42⤵
- Executes dropped EXE
-
\??\c:\tthhnt.exec:\tthhnt.exe43⤵
- Executes dropped EXE
-
\??\c:\jjvjj.exec:\jjvjj.exe44⤵
- Executes dropped EXE
-
\??\c:\vjdvj.exec:\vjdvj.exe45⤵
- Executes dropped EXE
-
\??\c:\rrrlfll.exec:\rrrlfll.exe46⤵
- Executes dropped EXE
-
\??\c:\rllrfxl.exec:\rllrfxl.exe47⤵
- Executes dropped EXE
-
\??\c:\btbbtt.exec:\btbbtt.exe48⤵
- Executes dropped EXE
-
\??\c:\bthtth.exec:\bthtth.exe49⤵
- Executes dropped EXE
-
\??\c:\dvvvd.exec:\dvvvd.exe50⤵
- Executes dropped EXE
-
\??\c:\rrlfrrl.exec:\rrlfrrl.exe51⤵
- Executes dropped EXE
-
\??\c:\xrlfrll.exec:\xrlfrll.exe52⤵
- Executes dropped EXE
-
\??\c:\7bhtnh.exec:\7bhtnh.exe53⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe54⤵
- Executes dropped EXE
-
\??\c:\rffrrlf.exec:\rffrrlf.exe55⤵
- Executes dropped EXE
-
\??\c:\lrlfrrl.exec:\lrlfrrl.exe56⤵
- Executes dropped EXE
-
\??\c:\ttbbth.exec:\ttbbth.exe57⤵
- Executes dropped EXE
-
\??\c:\5htthh.exec:\5htthh.exe58⤵
- Executes dropped EXE
-
\??\c:\1vddj.exec:\1vddj.exe59⤵
- Executes dropped EXE
-
\??\c:\jdppd.exec:\jdppd.exe60⤵
- Executes dropped EXE
-
\??\c:\9flfxxr.exec:\9flfxxr.exe61⤵
- Executes dropped EXE
-
\??\c:\bhtttb.exec:\bhtttb.exe62⤵
- Executes dropped EXE
-
\??\c:\bhtnhh.exec:\bhtnhh.exe63⤵
- Executes dropped EXE
-
\??\c:\dvjpp.exec:\dvjpp.exe64⤵
- Executes dropped EXE
-
\??\c:\xxfxrrr.exec:\xxfxrrr.exe65⤵
- Executes dropped EXE
-
\??\c:\xrrxrrl.exec:\xrrxrrl.exe66⤵
-
\??\c:\nbbnnn.exec:\nbbnnn.exe67⤵
-
\??\c:\vvvdv.exec:\vvvdv.exe68⤵
-
\??\c:\vvdvj.exec:\vvdvj.exe69⤵
-
\??\c:\1vvpd.exec:\1vvpd.exe70⤵
-
\??\c:\xlrllfx.exec:\xlrllfx.exe71⤵
-
\??\c:\xlllxff.exec:\xlllxff.exe72⤵
-
\??\c:\nhhbtn.exec:\nhhbtn.exe73⤵
-
\??\c:\ddjjd.exec:\ddjjd.exe74⤵
-
\??\c:\jpppj.exec:\jpppj.exe75⤵
-
\??\c:\ppdvj.exec:\ppdvj.exe76⤵
-
\??\c:\xlxlfff.exec:\xlxlfff.exe77⤵
-
\??\c:\xxlxllr.exec:\xxlxllr.exe78⤵
-
\??\c:\9nnnhh.exec:\9nnnhh.exe79⤵
-
\??\c:\jdddp.exec:\jdddp.exe80⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe81⤵
-
\??\c:\lxfxllr.exec:\lxfxllr.exe82⤵
-
\??\c:\httttn.exec:\httttn.exe83⤵
-
\??\c:\nbbtnt.exec:\nbbtnt.exe84⤵
-
\??\c:\ddvpv.exec:\ddvpv.exe85⤵
-
\??\c:\3pvpp.exec:\3pvpp.exe86⤵
-
\??\c:\lrxxxxx.exec:\lrxxxxx.exe87⤵
-
\??\c:\nbbnhn.exec:\nbbnhn.exe88⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe89⤵
-
\??\c:\rlrllfr.exec:\rlrllfr.exe90⤵
-
\??\c:\xrrrrrl.exec:\xrrrrrl.exe91⤵
-
\??\c:\nttnhh.exec:\nttnhh.exe92⤵
-
\??\c:\7vvpj.exec:\7vvpj.exe93⤵
-
\??\c:\ffrlrrr.exec:\ffrlrrr.exe94⤵
-
\??\c:\xfllffr.exec:\xfllffr.exe95⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe96⤵
-
\??\c:\bnbbtt.exec:\bnbbtt.exe97⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe98⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe99⤵
-
\??\c:\xxxrllf.exec:\xxxrllf.exe100⤵
-
\??\c:\fxllfff.exec:\fxllfff.exe101⤵
-
\??\c:\tnttbt.exec:\tnttbt.exe102⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe103⤵
-
\??\c:\pjdpp.exec:\pjdpp.exe104⤵
-
\??\c:\xrlxllf.exec:\xrlxllf.exe105⤵
-
\??\c:\3xxrlll.exec:\3xxrlll.exe106⤵
-
\??\c:\5btnhb.exec:\5btnhb.exe107⤵
-
\??\c:\5thnnn.exec:\5thnnn.exe108⤵
-
\??\c:\3jdvv.exec:\3jdvv.exe109⤵
-
\??\c:\9vvjd.exec:\9vvjd.exe110⤵
-
\??\c:\lrffxxl.exec:\lrffxxl.exe111⤵
-
\??\c:\xlxrxxl.exec:\xlxrxxl.exe112⤵
-
\??\c:\5hhbhh.exec:\5hhbhh.exe113⤵
-
\??\c:\hbbtbt.exec:\hbbtbt.exe114⤵
-
\??\c:\3dpdd.exec:\3dpdd.exe115⤵
-
\??\c:\3vdvp.exec:\3vdvp.exe116⤵
-
\??\c:\fxxxfxr.exec:\fxxxfxr.exe117⤵
-
\??\c:\bhtttt.exec:\bhtttt.exe118⤵
-
\??\c:\btnnhh.exec:\btnnhh.exe119⤵
-
\??\c:\7jvjj.exec:\7jvjj.exe120⤵
-
\??\c:\jpppj.exec:\jpppj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-