Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
06-06-2024 08:36
General
-
Target
d9c96b2b7c433fb567d6a5f3abca5c6ada92682bd759f48638d0b6d3cf43ce45.exe
-
Size
86KB
-
MD5
7fff6d0a3cdbf7320ab4f7a378c92c85
-
SHA1
de363c54132e4276e51d6a15f95b9e157aa98592
-
SHA256
d9c96b2b7c433fb567d6a5f3abca5c6ada92682bd759f48638d0b6d3cf43ce45
-
SHA512
cb3aef588e122b0da6efb4d3e730cd3b1a4967591919d25469e20ae8748991007531ed3bf24bb73adb73f6919ff8a6151056b116d46be3229bfa10f1faf89a3b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73t6MlYqn+jMp9jXX8:ymb3NkkiQ3mdBjFo73tvn+Yp9jn8
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d9c96b2b7c433fb567d6a5f3abca5c6ada92682bd759f48638d0b6d3cf43ce45.exe"C:\Users\Admin\AppData\Local\Temp\d9c96b2b7c433fb567d6a5f3abca5c6ada92682bd759f48638d0b6d3cf43ce45.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1bhhhn.exec:\1bhhhn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ffrrxl.exec:\3ffrrxl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thttth.exec:\thttth.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jvvd.exec:\5jvvd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lrrxll.exec:\3lrrxll.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfrrfr.exec:\frfrrfr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbntt.exec:\nhbntt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvjp.exec:\ddvjp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1frflrl.exec:\1frflrl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxlrrx.exec:\xrxlrrx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnhtt.exec:\thnhtt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jdvj.exec:\9jdvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxxfxf.exec:\rfxxfxf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlrflf.exec:\lxlrflf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbbhn.exec:\bnbbhn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnntb.exec:\hbnntb.exe17⤵
- Executes dropped EXE
-
\??\c:\dvpvv.exec:\dvpvv.exe18⤵
- Executes dropped EXE
-
\??\c:\3frxrrf.exec:\3frxrrf.exe19⤵
- Executes dropped EXE
-
\??\c:\tnhntn.exec:\tnhntn.exe20⤵
- Executes dropped EXE
-
\??\c:\hbhntb.exec:\hbhntb.exe21⤵
- Executes dropped EXE
-
\??\c:\hthntb.exec:\hthntb.exe22⤵
- Executes dropped EXE
-
\??\c:\djjjj.exec:\djjjj.exe23⤵
- Executes dropped EXE
-
\??\c:\frfllrf.exec:\frfllrf.exe24⤵
- Executes dropped EXE
-
\??\c:\llxlllf.exec:\llxlllf.exe25⤵
- Executes dropped EXE
-
\??\c:\thnttn.exec:\thnttn.exe26⤵
- Executes dropped EXE
-
\??\c:\vdvdv.exec:\vdvdv.exe27⤵
- Executes dropped EXE
-
\??\c:\lfrxxfl.exec:\lfrxxfl.exe28⤵
- Executes dropped EXE
-
\??\c:\hbbhht.exec:\hbbhht.exe29⤵
- Executes dropped EXE
-
\??\c:\hbtbnn.exec:\hbtbnn.exe30⤵
- Executes dropped EXE
-
\??\c:\9ppdj.exec:\9ppdj.exe31⤵
- Executes dropped EXE
-
\??\c:\rlfrxxl.exec:\rlfrxxl.exe32⤵
- Executes dropped EXE
-
\??\c:\3ffrxxx.exec:\3ffrxxx.exe33⤵
- Executes dropped EXE
-
\??\c:\1tnttn.exec:\1tnttn.exe34⤵
- Executes dropped EXE
-
\??\c:\ttbhhh.exec:\ttbhhh.exe35⤵
- Executes dropped EXE
-
\??\c:\pjpvd.exec:\pjpvd.exe36⤵
- Executes dropped EXE
-
\??\c:\vjjpv.exec:\vjjpv.exe37⤵
- Executes dropped EXE
-
\??\c:\xrrxflx.exec:\xrrxflx.exe38⤵
- Executes dropped EXE
-
\??\c:\9nnbhn.exec:\9nnbhn.exe39⤵
- Executes dropped EXE
-
\??\c:\tntbtb.exec:\tntbtb.exe40⤵
- Executes dropped EXE
-
\??\c:\dpvvv.exec:\dpvvv.exe41⤵
- Executes dropped EXE
-
\??\c:\dpdjp.exec:\dpdjp.exe42⤵
- Executes dropped EXE
-
\??\c:\jjvjv.exec:\jjvjv.exe43⤵
- Executes dropped EXE
-
\??\c:\lfxfflx.exec:\lfxfflx.exe44⤵
- Executes dropped EXE
-
\??\c:\7rlrflr.exec:\7rlrflr.exe45⤵
- Executes dropped EXE
-
\??\c:\nhtbhh.exec:\nhtbhh.exe46⤵
- Executes dropped EXE
-
\??\c:\hbttth.exec:\hbttth.exe47⤵
- Executes dropped EXE
-
\??\c:\7vppp.exec:\7vppp.exe48⤵
- Executes dropped EXE
-
\??\c:\fxxrxfl.exec:\fxxrxfl.exe49⤵
- Executes dropped EXE
-
\??\c:\9rxxlff.exec:\9rxxlff.exe50⤵
- Executes dropped EXE
-
\??\c:\hbnntn.exec:\hbnntn.exe51⤵
- Executes dropped EXE
-
\??\c:\btbntn.exec:\btbntn.exe52⤵
- Executes dropped EXE
-
\??\c:\nhbbnh.exec:\nhbbnh.exe53⤵
- Executes dropped EXE
-
\??\c:\vvjpv.exec:\vvjpv.exe54⤵
- Executes dropped EXE
-
\??\c:\fxlfxfl.exec:\fxlfxfl.exe55⤵
- Executes dropped EXE
-
\??\c:\5fllxxx.exec:\5fllxxx.exe56⤵
- Executes dropped EXE
-
\??\c:\nhhnnt.exec:\nhhnnt.exe57⤵
- Executes dropped EXE
-
\??\c:\bnhhbh.exec:\bnhhbh.exe58⤵
- Executes dropped EXE
-
\??\c:\jdjdp.exec:\jdjdp.exe59⤵
- Executes dropped EXE
-
\??\c:\pjvdd.exec:\pjvdd.exe60⤵
- Executes dropped EXE
-
\??\c:\lfxfrrx.exec:\lfxfrrx.exe61⤵
- Executes dropped EXE
-
\??\c:\nhtbnt.exec:\nhtbnt.exe62⤵
- Executes dropped EXE
-
\??\c:\jdjvj.exec:\jdjvj.exe63⤵
- Executes dropped EXE
-
\??\c:\7xrxffl.exec:\7xrxffl.exe64⤵
- Executes dropped EXE
-
\??\c:\lfllllx.exec:\lfllllx.exe65⤵
- Executes dropped EXE
-
\??\c:\hbthnt.exec:\hbthnt.exe66⤵
-
\??\c:\nhbbnt.exec:\nhbbnt.exe67⤵
-
\??\c:\tnthtt.exec:\tnthtt.exe68⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe69⤵
-
\??\c:\ppjpp.exec:\ppjpp.exe70⤵
-
\??\c:\xrlrrrf.exec:\xrlrrrf.exe71⤵
-
\??\c:\1lxfrrx.exec:\1lxfrrx.exe72⤵
-
\??\c:\hbnthh.exec:\hbnthh.exe73⤵
-
\??\c:\1tbnnn.exec:\1tbnnn.exe74⤵
-
\??\c:\vpdvd.exec:\vpdvd.exe75⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe76⤵
-
\??\c:\xrxlfrf.exec:\xrxlfrf.exe77⤵
-
\??\c:\lfxxfxf.exec:\lfxxfxf.exe78⤵
-
\??\c:\3thhtb.exec:\3thhtb.exe79⤵
-
\??\c:\5jddj.exec:\5jddj.exe80⤵
-
\??\c:\jvppd.exec:\jvppd.exe81⤵
-
\??\c:\rfrrrlr.exec:\rfrrrlr.exe82⤵
-
\??\c:\3frrxrf.exec:\3frrxrf.exe83⤵
-
\??\c:\1nttbh.exec:\1nttbh.exe84⤵
-
\??\c:\bnbhtt.exec:\bnbhtt.exe85⤵
-
\??\c:\7pppd.exec:\7pppd.exe86⤵
-
\??\c:\dddpv.exec:\dddpv.exe87⤵
-
\??\c:\lxlrrrf.exec:\lxlrrrf.exe88⤵
-
\??\c:\fxlxfxx.exec:\fxlxfxx.exe89⤵
-
\??\c:\tnbhtb.exec:\tnbhtb.exe90⤵
-
\??\c:\5tbbhn.exec:\5tbbhn.exe91⤵
-
\??\c:\dpdpp.exec:\dpdpp.exe92⤵
-
\??\c:\dvppd.exec:\dvppd.exe93⤵
-
\??\c:\lfllrlx.exec:\lfllrlx.exe94⤵
-
\??\c:\lxfrrxl.exec:\lxfrrxl.exe95⤵
-
\??\c:\thntbb.exec:\thntbb.exe96⤵
-
\??\c:\3bbhtt.exec:\3bbhtt.exe97⤵
-
\??\c:\1hnttb.exec:\1hnttb.exe98⤵
-
\??\c:\vpdpp.exec:\vpdpp.exe99⤵
-
\??\c:\9pdjp.exec:\9pdjp.exe100⤵
-
\??\c:\rrflrrx.exec:\rrflrrx.exe101⤵
-
\??\c:\xrxfflr.exec:\xrxfflr.exe102⤵
-
\??\c:\5bthnt.exec:\5bthnt.exe103⤵
-
\??\c:\htbbbb.exec:\htbbbb.exe104⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe105⤵
-
\??\c:\pdpvv.exec:\pdpvv.exe106⤵
-
\??\c:\rxfrrlf.exec:\rxfrrlf.exe107⤵
-
\??\c:\ffxlxfl.exec:\ffxlxfl.exe108⤵
-
\??\c:\bthbnn.exec:\bthbnn.exe109⤵
-
\??\c:\thhhtt.exec:\thhhtt.exe110⤵
-
\??\c:\hthhtb.exec:\hthhtb.exe111⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe112⤵
-
\??\c:\pdvpv.exec:\pdvpv.exe113⤵
-
\??\c:\lrlfrlf.exec:\lrlfrlf.exe114⤵
-
\??\c:\xxxllrx.exec:\xxxllrx.exe115⤵
-
\??\c:\nnhntb.exec:\nnhntb.exe116⤵
-
\??\c:\1nhtbb.exec:\1nhtbb.exe117⤵
-
\??\c:\jdppp.exec:\jdppp.exe118⤵
-
\??\c:\vpddj.exec:\vpddj.exe119⤵
-
\??\c:\rrffrxx.exec:\rrffrxx.exe120⤵
-
\??\c:\lxllxxf.exec:\lxllxxf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-