Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
06-06-2024 08:01
General
-
Target
d9c96b2b7c433fb567d6a5f3abca5c6ada92682bd759f48638d0b6d3cf43ce45.exe
-
Size
86KB
-
MD5
7fff6d0a3cdbf7320ab4f7a378c92c85
-
SHA1
de363c54132e4276e51d6a15f95b9e157aa98592
-
SHA256
d9c96b2b7c433fb567d6a5f3abca5c6ada92682bd759f48638d0b6d3cf43ce45
-
SHA512
cb3aef588e122b0da6efb4d3e730cd3b1a4967591919d25469e20ae8748991007531ed3bf24bb73adb73f6919ff8a6151056b116d46be3229bfa10f1faf89a3b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73t6MlYqn+jMp9jXX8:ymb3NkkiQ3mdBjFo73tvn+Yp9jn8
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d9c96b2b7c433fb567d6a5f3abca5c6ada92682bd759f48638d0b6d3cf43ce45.exe"C:\Users\Admin\AppData\Local\Temp\d9c96b2b7c433fb567d6a5f3abca5c6ada92682bd759f48638d0b6d3cf43ce45.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dpppj.exec:\dpppj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlrfll.exec:\xxlrfll.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhhht.exec:\bnhhht.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntbth.exec:\nntbth.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lrlfff.exec:\7lrlfff.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nbbtb.exec:\1nbbtb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthttn.exec:\hthttn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvvp.exec:\vpvvp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxrrrr.exec:\xlxrrrr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbbbh.exec:\hhbbbh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjpp.exec:\vvjpp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffffrx.exec:\fffffrx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflllrr.exec:\fflllrr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbtb.exec:\hbbbtb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddp.exec:\vpddp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xffxfx.exec:\5xffxfx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tnttb.exec:\7tnttb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jjjd.exec:\9jjjd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vjjd.exec:\7vjjd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxrrr.exec:\rrxxrrr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnntb.exec:\nbnntb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjjd.exec:\ddjjd.exe23⤵
- Executes dropped EXE
-
\??\c:\dvddv.exec:\dvddv.exe24⤵
- Executes dropped EXE
-
\??\c:\xflfrxx.exec:\xflfrxx.exe25⤵
- Executes dropped EXE
-
\??\c:\bbbbhn.exec:\bbbbhn.exe26⤵
- Executes dropped EXE
-
\??\c:\jvvpj.exec:\jvvpj.exe27⤵
- Executes dropped EXE
-
\??\c:\9pvvp.exec:\9pvvp.exe28⤵
- Executes dropped EXE
-
\??\c:\5bnnhn.exec:\5bnnhn.exe29⤵
- Executes dropped EXE
-
\??\c:\ntbbtn.exec:\ntbbtn.exe30⤵
- Executes dropped EXE
-
\??\c:\vvvjj.exec:\vvvjj.exe31⤵
- Executes dropped EXE
-
\??\c:\frllffl.exec:\frllffl.exe32⤵
- Executes dropped EXE
-
\??\c:\flxxlrr.exec:\flxxlrr.exe33⤵
- Executes dropped EXE
-
\??\c:\tnhnnt.exec:\tnhnnt.exe34⤵
- Executes dropped EXE
-
\??\c:\vpddd.exec:\vpddd.exe35⤵
- Executes dropped EXE
-
\??\c:\pdjjj.exec:\pdjjj.exe36⤵
- Executes dropped EXE
-
\??\c:\9rlrlfl.exec:\9rlrlfl.exe37⤵
-
\??\c:\xfxxxfl.exec:\xfxxxfl.exe38⤵
- Executes dropped EXE
-
\??\c:\tttttt.exec:\tttttt.exe39⤵
- Executes dropped EXE
-
\??\c:\tttbbb.exec:\tttbbb.exe40⤵
- Executes dropped EXE
-
\??\c:\vdppj.exec:\vdppj.exe41⤵
- Executes dropped EXE
-
\??\c:\ddpvd.exec:\ddpvd.exe42⤵
- Executes dropped EXE
-
\??\c:\5frrllr.exec:\5frrllr.exe43⤵
- Executes dropped EXE
-
\??\c:\7xllrrx.exec:\7xllrrx.exe44⤵
- Executes dropped EXE
-
\??\c:\nththn.exec:\nththn.exe45⤵
- Executes dropped EXE
-
\??\c:\nnhnhh.exec:\nnhnhh.exe46⤵
- Executes dropped EXE
-
\??\c:\1pvvv.exec:\1pvvv.exe47⤵
- Executes dropped EXE
-
\??\c:\jvvpd.exec:\jvvpd.exe48⤵
- Executes dropped EXE
-
\??\c:\9xlllrr.exec:\9xlllrr.exe49⤵
- Executes dropped EXE
-
\??\c:\flllflf.exec:\flllflf.exe50⤵
- Executes dropped EXE
-
\??\c:\7htbtb.exec:\7htbtb.exe51⤵
- Executes dropped EXE
-
\??\c:\rxxxxff.exec:\rxxxxff.exe52⤵
- Executes dropped EXE
-
\??\c:\7rxllrf.exec:\7rxllrf.exe53⤵
- Executes dropped EXE
-
\??\c:\5tthnt.exec:\5tthnt.exe54⤵
- Executes dropped EXE
-
\??\c:\tbthhn.exec:\tbthhn.exe55⤵
- Executes dropped EXE
-
\??\c:\vjvpj.exec:\vjvpj.exe56⤵
- Executes dropped EXE
-
\??\c:\pjvjp.exec:\pjvjp.exe57⤵
- Executes dropped EXE
-
\??\c:\frlflxx.exec:\frlflxx.exe58⤵
- Executes dropped EXE
-
\??\c:\nnbbnt.exec:\nnbbnt.exe59⤵
- Executes dropped EXE
-
\??\c:\tttbbb.exec:\tttbbb.exe60⤵
- Executes dropped EXE
-
\??\c:\jpvvv.exec:\jpvvv.exe61⤵
- Executes dropped EXE
-
\??\c:\pdppp.exec:\pdppp.exe62⤵
- Executes dropped EXE
-
\??\c:\rlxxrxx.exec:\rlxxrxx.exe63⤵
- Executes dropped EXE
-
\??\c:\1xlxxll.exec:\1xlxxll.exe64⤵
- Executes dropped EXE
-
\??\c:\nnbbnt.exec:\nnbbnt.exe65⤵
- Executes dropped EXE
-
\??\c:\nhtnnh.exec:\nhtnnh.exe66⤵
- Executes dropped EXE
-
\??\c:\djppv.exec:\djppv.exe67⤵
-
\??\c:\djvpd.exec:\djvpd.exe68⤵
-
\??\c:\frfffrx.exec:\frfffrx.exe69⤵
-
\??\c:\5rllrxl.exec:\5rllrxl.exe70⤵
-
\??\c:\bhtttt.exec:\bhtttt.exe71⤵
-
\??\c:\nbnbtb.exec:\nbnbtb.exe72⤵
-
\??\c:\dpppp.exec:\dpppp.exe73⤵
-
\??\c:\5vjdv.exec:\5vjdv.exe74⤵
-
\??\c:\frrrllr.exec:\frrrllr.exe75⤵
-
\??\c:\5rfffff.exec:\5rfffff.exe76⤵
-
\??\c:\9hnntt.exec:\9hnntt.exe77⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe78⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe79⤵
-
\??\c:\pjppj.exec:\pjppj.exe80⤵
-
\??\c:\fxrrrrf.exec:\fxrrrrf.exe81⤵
-
\??\c:\9rffxfl.exec:\9rffxfl.exe82⤵
-
\??\c:\7nbnhh.exec:\7nbnhh.exe83⤵
-
\??\c:\jjpvv.exec:\jjpvv.exe84⤵
-
\??\c:\ffrxxff.exec:\ffrxxff.exe85⤵
-
\??\c:\rffxxrl.exec:\rffxxrl.exe86⤵
-
\??\c:\btbbhn.exec:\btbbhn.exe87⤵
-
\??\c:\3dppj.exec:\3dppj.exe88⤵
-
\??\c:\jvjdp.exec:\jvjdp.exe89⤵
-
\??\c:\llxxffx.exec:\llxxffx.exe90⤵
-
\??\c:\rrfffll.exec:\rrfffll.exe91⤵
-
\??\c:\nhhhhh.exec:\nhhhhh.exe92⤵
-
\??\c:\nhnttb.exec:\nhnttb.exe93⤵
-
\??\c:\pvvpv.exec:\pvvpv.exe94⤵
-
\??\c:\3jvvd.exec:\3jvvd.exe95⤵
-
\??\c:\xrlxxrl.exec:\xrlxxrl.exe96⤵
-
\??\c:\bhhhht.exec:\bhhhht.exe97⤵
-
\??\c:\nttttb.exec:\nttttb.exe98⤵
-
\??\c:\vjvdv.exec:\vjvdv.exe99⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe100⤵
-
\??\c:\7frrrxr.exec:\7frrrxr.exe101⤵
-
\??\c:\rxffrrx.exec:\rxffrrx.exe102⤵
-
\??\c:\btnnnn.exec:\btnnnn.exe103⤵
-
\??\c:\vjppp.exec:\vjppp.exe104⤵
-
\??\c:\jvdpp.exec:\jvdpp.exe105⤵
-
\??\c:\lrxrllf.exec:\lrxrllf.exe106⤵
-
\??\c:\tnhbtt.exec:\tnhbtt.exe107⤵
-
\??\c:\nbhnhn.exec:\nbhnhn.exe108⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe109⤵
-
\??\c:\ddppp.exec:\ddppp.exe110⤵
-
\??\c:\rxfxxxr.exec:\rxfxxxr.exe111⤵
-
\??\c:\thnnnh.exec:\thnnnh.exe112⤵
-
\??\c:\7hbbtt.exec:\7hbbtt.exe113⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe114⤵
-
\??\c:\llrlllx.exec:\llrlllx.exe115⤵
-
\??\c:\xrfxfxx.exec:\xrfxfxx.exe116⤵
-
\??\c:\tthhtb.exec:\tthhtb.exe117⤵
-
\??\c:\btnbbb.exec:\btnbbb.exe118⤵
-
\??\c:\1jpdv.exec:\1jpdv.exe119⤵
-
\??\c:\pjppv.exec:\pjppv.exe120⤵
-
\??\c:\tbnhnn.exec:\tbnhnn.exe121⤵
-
\??\c:\hnbhbh.exec:\hnbhbh.exe122⤵
-
\??\c:\jjpvp.exec:\jjpvp.exe123⤵
-
\??\c:\7rlfrxl.exec:\7rlfrxl.exe124⤵
-
\??\c:\ffflrrx.exec:\ffflrrx.exe125⤵
-
\??\c:\hhhhhn.exec:\hhhhhn.exe126⤵
-
\??\c:\hhtttt.exec:\hhtttt.exe127⤵
-
\??\c:\3nbbht.exec:\3nbbht.exe128⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe129⤵
-
\??\c:\7jppj.exec:\7jppj.exe130⤵
-
\??\c:\frxxxfl.exec:\frxxxfl.exe131⤵
-
\??\c:\httbbh.exec:\httbbh.exe132⤵
-
\??\c:\ddjjd.exec:\ddjjd.exe133⤵
-
\??\c:\xxfxrxl.exec:\xxfxrxl.exe134⤵
-
\??\c:\lfxflll.exec:\lfxflll.exe135⤵
-
\??\c:\bhnnbb.exec:\bhnnbb.exe136⤵
-
\??\c:\djddv.exec:\djddv.exe137⤵
-
\??\c:\vvjjd.exec:\vvjjd.exe138⤵
-
\??\c:\xrrlllx.exec:\xrrlllx.exe139⤵
-
\??\c:\rlfllll.exec:\rlfllll.exe140⤵
-
\??\c:\nnttnt.exec:\nnttnt.exe141⤵
-
\??\c:\bbhhnt.exec:\bbhhnt.exe142⤵
-
\??\c:\jjvvp.exec:\jjvvp.exe143⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe144⤵
-
\??\c:\7fffxxx.exec:\7fffxxx.exe145⤵
-
\??\c:\rxrllxx.exec:\rxrllxx.exe146⤵
-
\??\c:\htnttb.exec:\htnttb.exe147⤵
-
\??\c:\hhtttb.exec:\hhtttb.exe148⤵
-
\??\c:\vjpvv.exec:\vjpvv.exe149⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe150⤵
-
\??\c:\frrxfff.exec:\frrxfff.exe151⤵
-
\??\c:\frfffff.exec:\frfffff.exe152⤵
-
\??\c:\bbhntt.exec:\bbhntt.exe153⤵
-
\??\c:\hbtttt.exec:\hbtttt.exe154⤵
-
\??\c:\7pvvd.exec:\7pvvd.exe155⤵
-
\??\c:\ppppp.exec:\ppppp.exe156⤵
-
\??\c:\lrlfxff.exec:\lrlfxff.exe157⤵
-
\??\c:\lllrflx.exec:\lllrflx.exe158⤵
-
\??\c:\bhbnbt.exec:\bhbnbt.exe159⤵
-
\??\c:\9nttnt.exec:\9nttnt.exe160⤵
-
\??\c:\jdvdv.exec:\jdvdv.exe161⤵
-
\??\c:\ddppj.exec:\ddppj.exe162⤵
-
\??\c:\9flffff.exec:\9flffff.exe163⤵
-
\??\c:\rlrxxxr.exec:\rlrxxxr.exe164⤵
-
\??\c:\3xflrxx.exec:\3xflrxx.exe165⤵
-
\??\c:\nntbtb.exec:\nntbtb.exe166⤵
-
\??\c:\5hnbbn.exec:\5hnbbn.exe167⤵
-
\??\c:\ddvvp.exec:\ddvvp.exe168⤵
-
\??\c:\pvjjp.exec:\pvjjp.exe169⤵
-
\??\c:\9lxxrlr.exec:\9lxxrlr.exe170⤵
-
\??\c:\rlxffll.exec:\rlxffll.exe171⤵
-
\??\c:\bhtbhn.exec:\bhtbhn.exe172⤵
-
\??\c:\hhnttt.exec:\hhnttt.exe173⤵
-
\??\c:\5nnnnn.exec:\5nnnnn.exe174⤵
-
\??\c:\jvppp.exec:\jvppp.exe175⤵
-
\??\c:\5vddd.exec:\5vddd.exe176⤵
-
\??\c:\rrxlffl.exec:\rrxlffl.exe177⤵
-
\??\c:\rrxxxff.exec:\rrxxxff.exe178⤵
-
\??\c:\3ttttt.exec:\3ttttt.exe179⤵
-
\??\c:\bbnthn.exec:\bbnthn.exe180⤵
-
\??\c:\9vvdv.exec:\9vvdv.exe181⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe182⤵
-
\??\c:\ddjjj.exec:\ddjjj.exe183⤵
-
\??\c:\xlxxrrx.exec:\xlxxrrx.exe184⤵
-
\??\c:\xrxxfxx.exec:\xrxxfxx.exe185⤵
-
\??\c:\htbbbh.exec:\htbbbh.exe186⤵
-
\??\c:\nthntb.exec:\nthntb.exe187⤵
-
\??\c:\djvdp.exec:\djvdp.exe188⤵
-
\??\c:\ffllxff.exec:\ffllxff.exe189⤵
-
\??\c:\nbbbbh.exec:\nbbbbh.exe190⤵
-
\??\c:\jjppj.exec:\jjppj.exe191⤵
-
\??\c:\xxxxfll.exec:\xxxxfll.exe192⤵
-
\??\c:\rrrxlll.exec:\rrrxlll.exe193⤵
-
\??\c:\tntnth.exec:\tntnth.exe194⤵
-
\??\c:\hbnttb.exec:\hbnttb.exe195⤵
-
\??\c:\jdddv.exec:\jdddv.exe196⤵
-
\??\c:\jdppj.exec:\jdppj.exe197⤵
-
\??\c:\lfxxlrl.exec:\lfxxlrl.exe198⤵
-
\??\c:\rrxffll.exec:\rrxffll.exe199⤵
-
\??\c:\5tbhhh.exec:\5tbhhh.exe200⤵
-
\??\c:\1pvvp.exec:\1pvvp.exe201⤵
-
\??\c:\pppjd.exec:\pppjd.exe202⤵
-
\??\c:\ffffxff.exec:\ffffxff.exe203⤵
-
\??\c:\rlllfll.exec:\rlllfll.exe204⤵
-
\??\c:\lflllrr.exec:\lflllrr.exe205⤵
-
\??\c:\ttbbbh.exec:\ttbbbh.exe206⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe207⤵
-
\??\c:\llfllrf.exec:\llfllrf.exe208⤵
-
\??\c:\hhbbnb.exec:\hhbbnb.exe209⤵
-
\??\c:\xxffrxl.exec:\xxffrxl.exe210⤵
-
\??\c:\1bnnnt.exec:\1bnnnt.exe211⤵
-
\??\c:\nntthh.exec:\nntthh.exe212⤵
-
\??\c:\vjvvp.exec:\vjvvp.exe213⤵
-
\??\c:\9lxxlrl.exec:\9lxxlrl.exe214⤵
-
\??\c:\3lrxxff.exec:\3lrxxff.exe215⤵
-
\??\c:\bnbbbb.exec:\bnbbbb.exe216⤵
-
\??\c:\hhntbb.exec:\hhntbb.exe217⤵
-
\??\c:\vvvvp.exec:\vvvvp.exe218⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe219⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe220⤵
-
\??\c:\fxrrrrf.exec:\fxrrrrf.exe221⤵
-
\??\c:\bthnnt.exec:\bthnnt.exe222⤵
-
\??\c:\ntnnnt.exec:\ntnnnt.exe223⤵
-
\??\c:\vppvp.exec:\vppvp.exe224⤵
-
\??\c:\dpjdj.exec:\dpjdj.exe225⤵
-
\??\c:\jjjjp.exec:\jjjjp.exe226⤵
-
\??\c:\frfrrxx.exec:\frfrrxx.exe227⤵
-
\??\c:\7lxfffl.exec:\7lxfffl.exe228⤵
-
\??\c:\hbbbtb.exec:\hbbbtb.exe229⤵
-
\??\c:\5bhtnt.exec:\5bhtnt.exe230⤵
-
\??\c:\vvvvp.exec:\vvvvp.exe231⤵
-
\??\c:\vpddp.exec:\vpddp.exe232⤵
-
\??\c:\xfrllrl.exec:\xfrllrl.exe233⤵
-
\??\c:\3rffflr.exec:\3rffflr.exe234⤵
-
\??\c:\nhnttb.exec:\nhnttb.exe235⤵
-
\??\c:\bbttnt.exec:\bbttnt.exe236⤵
-
\??\c:\jjppv.exec:\jjppv.exe237⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe238⤵
-
\??\c:\9lrllrr.exec:\9lrllrr.exe239⤵
-
\??\c:\hhntth.exec:\hhntth.exe240⤵