Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
06-06-2024 08:01
General
-
Target
d9c96b2b7c433fb567d6a5f3abca5c6ada92682bd759f48638d0b6d3cf43ce45.exe
-
Size
86KB
-
MD5
7fff6d0a3cdbf7320ab4f7a378c92c85
-
SHA1
de363c54132e4276e51d6a15f95b9e157aa98592
-
SHA256
d9c96b2b7c433fb567d6a5f3abca5c6ada92682bd759f48638d0b6d3cf43ce45
-
SHA512
cb3aef588e122b0da6efb4d3e730cd3b1a4967591919d25469e20ae8748991007531ed3bf24bb73adb73f6919ff8a6151056b116d46be3229bfa10f1faf89a3b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73t6MlYqn+jMp9jXX8:ymb3NkkiQ3mdBjFo73tvn+Yp9jn8
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d9c96b2b7c433fb567d6a5f3abca5c6ada92682bd759f48638d0b6d3cf43ce45.exe"C:\Users\Admin\AppData\Local\Temp\d9c96b2b7c433fb567d6a5f3abca5c6ada92682bd759f48638d0b6d3cf43ce45.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dpppj.exec:\dpppj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlrfll.exec:\xxlrfll.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhhht.exec:\bnhhht.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntbth.exec:\nntbth.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lrlfff.exec:\7lrlfff.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nbbtb.exec:\1nbbtb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthttn.exec:\hthttn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvvp.exec:\vpvvp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxrrrr.exec:\xlxrrrr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbbbh.exec:\hhbbbh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjpp.exec:\vvjpp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffffrx.exec:\fffffrx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflllrr.exec:\fflllrr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbtb.exec:\hbbbtb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddp.exec:\vpddp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xffxfx.exec:\5xffxfx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tnttb.exec:\7tnttb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jjjd.exec:\9jjjd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vjjd.exec:\7vjjd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxrrr.exec:\rrxxrrr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnntb.exec:\nbnntb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjjd.exec:\ddjjd.exe23⤵
- Executes dropped EXE
-
\??\c:\dvddv.exec:\dvddv.exe24⤵
- Executes dropped EXE
-
\??\c:\xflfrxx.exec:\xflfrxx.exe25⤵
- Executes dropped EXE
-
\??\c:\bbbbhn.exec:\bbbbhn.exe26⤵
- Executes dropped EXE
-
\??\c:\jvvpj.exec:\jvvpj.exe27⤵
- Executes dropped EXE
-
\??\c:\9pvvp.exec:\9pvvp.exe28⤵
- Executes dropped EXE
-
\??\c:\5bnnhn.exec:\5bnnhn.exe29⤵
- Executes dropped EXE
-
\??\c:\ntbbtn.exec:\ntbbtn.exe30⤵
- Executes dropped EXE
-
\??\c:\vvvjj.exec:\vvvjj.exe31⤵
- Executes dropped EXE
-
\??\c:\frllffl.exec:\frllffl.exe32⤵
- Executes dropped EXE
-
\??\c:\flxxlrr.exec:\flxxlrr.exe33⤵
- Executes dropped EXE
-
\??\c:\tnhnnt.exec:\tnhnnt.exe34⤵
- Executes dropped EXE
-
\??\c:\vpddd.exec:\vpddd.exe35⤵
- Executes dropped EXE
-
\??\c:\pdjjj.exec:\pdjjj.exe36⤵
- Executes dropped EXE
-
\??\c:\9rlrlfl.exec:\9rlrlfl.exe37⤵
-
\??\c:\xfxxxfl.exec:\xfxxxfl.exe38⤵
- Executes dropped EXE
-
\??\c:\tttttt.exec:\tttttt.exe39⤵
- Executes dropped EXE
-
\??\c:\tttbbb.exec:\tttbbb.exe40⤵
- Executes dropped EXE
-
\??\c:\vdppj.exec:\vdppj.exe41⤵
- Executes dropped EXE
-
\??\c:\ddpvd.exec:\ddpvd.exe42⤵
- Executes dropped EXE
-
\??\c:\5frrllr.exec:\5frrllr.exe43⤵
- Executes dropped EXE
-
\??\c:\7xllrrx.exec:\7xllrrx.exe44⤵
- Executes dropped EXE
-
\??\c:\nththn.exec:\nththn.exe45⤵
- Executes dropped EXE
-
\??\c:\nnhnhh.exec:\nnhnhh.exe46⤵
- Executes dropped EXE
-
\??\c:\1pvvv.exec:\1pvvv.exe47⤵
- Executes dropped EXE
-
\??\c:\jvvpd.exec:\jvvpd.exe48⤵
- Executes dropped EXE
-
\??\c:\9xlllrr.exec:\9xlllrr.exe49⤵
- Executes dropped EXE
-
\??\c:\flllflf.exec:\flllflf.exe50⤵
- Executes dropped EXE
-
\??\c:\7htbtb.exec:\7htbtb.exe51⤵
- Executes dropped EXE
-
\??\c:\rxxxxff.exec:\rxxxxff.exe52⤵
- Executes dropped EXE
-
\??\c:\7rxllrf.exec:\7rxllrf.exe53⤵
- Executes dropped EXE
-
\??\c:\5tthnt.exec:\5tthnt.exe54⤵
- Executes dropped EXE
-
\??\c:\tbthhn.exec:\tbthhn.exe55⤵
- Executes dropped EXE
-
\??\c:\vjvpj.exec:\vjvpj.exe56⤵
- Executes dropped EXE
-
\??\c:\pjvjp.exec:\pjvjp.exe57⤵
- Executes dropped EXE
-
\??\c:\frlflxx.exec:\frlflxx.exe58⤵
- Executes dropped EXE
-
\??\c:\nnbbnt.exec:\nnbbnt.exe59⤵
- Executes dropped EXE
-
\??\c:\tttbbb.exec:\tttbbb.exe60⤵
- Executes dropped EXE
-
\??\c:\jpvvv.exec:\jpvvv.exe61⤵
- Executes dropped EXE
-
\??\c:\pdppp.exec:\pdppp.exe62⤵
- Executes dropped EXE
-
\??\c:\rlxxrxx.exec:\rlxxrxx.exe63⤵
- Executes dropped EXE
-
\??\c:\1xlxxll.exec:\1xlxxll.exe64⤵
- Executes dropped EXE
-
\??\c:\nnbbnt.exec:\nnbbnt.exe65⤵
- Executes dropped EXE
-
\??\c:\nhtnnh.exec:\nhtnnh.exe66⤵
- Executes dropped EXE
-
\??\c:\djppv.exec:\djppv.exe67⤵
-
\??\c:\djvpd.exec:\djvpd.exe68⤵
-
\??\c:\frfffrx.exec:\frfffrx.exe69⤵
-
\??\c:\5rllrxl.exec:\5rllrxl.exe70⤵
-
\??\c:\bhtttt.exec:\bhtttt.exe71⤵
-
\??\c:\nbnbtb.exec:\nbnbtb.exe72⤵
-
\??\c:\dpppp.exec:\dpppp.exe73⤵
-
\??\c:\5vjdv.exec:\5vjdv.exe74⤵
-
\??\c:\frrrllr.exec:\frrrllr.exe75⤵
-
\??\c:\5rfffff.exec:\5rfffff.exe76⤵
-
\??\c:\9hnntt.exec:\9hnntt.exe77⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe78⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe79⤵
-
\??\c:\pjppj.exec:\pjppj.exe80⤵
-
\??\c:\fxrrrrf.exec:\fxrrrrf.exe81⤵
-
\??\c:\9rffxfl.exec:\9rffxfl.exe82⤵
-
\??\c:\7nbnhh.exec:\7nbnhh.exe83⤵
-
\??\c:\jjpvv.exec:\jjpvv.exe84⤵
-
\??\c:\ffrxxff.exec:\ffrxxff.exe85⤵
-
\??\c:\rffxxrl.exec:\rffxxrl.exe86⤵
-
\??\c:\btbbhn.exec:\btbbhn.exe87⤵
-
\??\c:\3dppj.exec:\3dppj.exe88⤵
-
\??\c:\jvjdp.exec:\jvjdp.exe89⤵
-
\??\c:\llxxffx.exec:\llxxffx.exe90⤵
-
\??\c:\rrfffll.exec:\rrfffll.exe91⤵
-
\??\c:\nhhhhh.exec:\nhhhhh.exe92⤵
-
\??\c:\nhnttb.exec:\nhnttb.exe93⤵
-
\??\c:\pvvpv.exec:\pvvpv.exe94⤵
-
\??\c:\3jvvd.exec:\3jvvd.exe95⤵
-
\??\c:\xrlxxrl.exec:\xrlxxrl.exe96⤵
-
\??\c:\bhhhht.exec:\bhhhht.exe97⤵
-
\??\c:\nttttb.exec:\nttttb.exe98⤵
-
\??\c:\vjvdv.exec:\vjvdv.exe99⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe100⤵
-
\??\c:\7frrrxr.exec:\7frrrxr.exe101⤵
-
\??\c:\rxffrrx.exec:\rxffrrx.exe102⤵
-
\??\c:\btnnnn.exec:\btnnnn.exe103⤵
-
\??\c:\vjppp.exec:\vjppp.exe104⤵
-
\??\c:\jvdpp.exec:\jvdpp.exe105⤵
-
\??\c:\lrxrllf.exec:\lrxrllf.exe106⤵
-
\??\c:\tnhbtt.exec:\tnhbtt.exe107⤵
-
\??\c:\nbhnhn.exec:\nbhnhn.exe108⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe109⤵
-
\??\c:\ddppp.exec:\ddppp.exe110⤵
-
\??\c:\rxfxxxr.exec:\rxfxxxr.exe111⤵
-
\??\c:\thnnnh.exec:\thnnnh.exe112⤵
-
\??\c:\7hbbtt.exec:\7hbbtt.exe113⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe114⤵
-
\??\c:\llrlllx.exec:\llrlllx.exe115⤵
-
\??\c:\xrfxfxx.exec:\xrfxfxx.exe116⤵
-
\??\c:\tthhtb.exec:\tthhtb.exe117⤵
-
\??\c:\btnbbb.exec:\btnbbb.exe118⤵
-
\??\c:\1jpdv.exec:\1jpdv.exe119⤵
-
\??\c:\pjppv.exec:\pjppv.exe120⤵
-
\??\c:\tbnhnn.exec:\tbnhnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-