Analysis
-
max time kernel
150s -
max time network
107s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
06-06-2024 08:36
General
-
Target
d9c96b2b7c433fb567d6a5f3abca5c6ada92682bd759f48638d0b6d3cf43ce45.exe
-
Size
86KB
-
MD5
7fff6d0a3cdbf7320ab4f7a378c92c85
-
SHA1
de363c54132e4276e51d6a15f95b9e157aa98592
-
SHA256
d9c96b2b7c433fb567d6a5f3abca5c6ada92682bd759f48638d0b6d3cf43ce45
-
SHA512
cb3aef588e122b0da6efb4d3e730cd3b1a4967591919d25469e20ae8748991007531ed3bf24bb73adb73f6919ff8a6151056b116d46be3229bfa10f1faf89a3b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73t6MlYqn+jMp9jXX8:ymb3NkkiQ3mdBjFo73tvn+Yp9jn8
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d9c96b2b7c433fb567d6a5f3abca5c6ada92682bd759f48638d0b6d3cf43ce45.exe"C:\Users\Admin\AppData\Local\Temp\d9c96b2b7c433fb567d6a5f3abca5c6ada92682bd759f48638d0b6d3cf43ce45.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlllrr.exec:\rrlllrr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxrxr.exec:\xrfxrxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nbbnt.exec:\7nbbnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjpp.exec:\vdjpp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pvpp.exec:\3pvpp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfllrl.exec:\xlfllrl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrffxff.exec:\rrffxff.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvjj.exec:\ddvjj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7llflll.exec:\7llflll.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfllll.exec:\fxfllll.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntbtb.exec:\hntbtb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppjd.exec:\pppjd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnnhh.exec:\nnnnhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhbb.exec:\nhhhbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppppj.exec:\ppppj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffllxlr.exec:\ffllxlr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thntbh.exec:\thntbh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbbb.exec:\nhtbbb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvvv.exec:\pdvvv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrlfff.exec:\lfrlfff.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbbbh.exec:\htbbbh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbthn.exec:\thbthn.exe23⤵
- Executes dropped EXE
-
\??\c:\vvvvd.exec:\vvvvd.exe24⤵
- Executes dropped EXE
-
\??\c:\rlrrlxx.exec:\rlrrlxx.exe25⤵
- Executes dropped EXE
-
\??\c:\fxrrxxl.exec:\fxrrxxl.exe26⤵
- Executes dropped EXE
-
\??\c:\nhnnnt.exec:\nhnnnt.exe27⤵
- Executes dropped EXE
-
\??\c:\pjvpd.exec:\pjvpd.exe28⤵
- Executes dropped EXE
-
\??\c:\ppvvp.exec:\ppvvp.exe29⤵
- Executes dropped EXE
-
\??\c:\xrxrrrl.exec:\xrxrrrl.exe30⤵
- Executes dropped EXE
-
\??\c:\btttbt.exec:\btttbt.exe31⤵
- Executes dropped EXE
-
\??\c:\hhhbbb.exec:\hhhbbb.exe32⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe33⤵
- Executes dropped EXE
-
\??\c:\5lrfxff.exec:\5lrfxff.exe34⤵
- Executes dropped EXE
-
\??\c:\lrlxfrx.exec:\lrlxfrx.exe35⤵
- Executes dropped EXE
-
\??\c:\bbhhhh.exec:\bbhhhh.exe36⤵
- Executes dropped EXE
-
\??\c:\rlllxxl.exec:\rlllxxl.exe37⤵
- Executes dropped EXE
-
\??\c:\rfxflrx.exec:\rfxflrx.exe38⤵
- Executes dropped EXE
-
\??\c:\bnhbhb.exec:\bnhbhb.exe39⤵
- Executes dropped EXE
-
\??\c:\3vdvj.exec:\3vdvj.exe40⤵
- Executes dropped EXE
-
\??\c:\jvvdd.exec:\jvvdd.exe41⤵
- Executes dropped EXE
-
\??\c:\rxflxxx.exec:\rxflxxx.exe42⤵
- Executes dropped EXE
-
\??\c:\xfrrrxr.exec:\xfrrrxr.exe43⤵
- Executes dropped EXE
-
\??\c:\bnntbb.exec:\bnntbb.exe44⤵
- Executes dropped EXE
-
\??\c:\3tttnn.exec:\3tttnn.exe45⤵
- Executes dropped EXE
-
\??\c:\vjvpj.exec:\vjvpj.exe46⤵
- Executes dropped EXE
-
\??\c:\3djjd.exec:\3djjd.exe47⤵
- Executes dropped EXE
-
\??\c:\xrrrlrr.exec:\xrrrlrr.exe48⤵
- Executes dropped EXE
-
\??\c:\frrlfxr.exec:\frrlfxr.exe49⤵
- Executes dropped EXE
-
\??\c:\tnttnt.exec:\tnttnt.exe50⤵
- Executes dropped EXE
-
\??\c:\pjppj.exec:\pjppj.exe51⤵
- Executes dropped EXE
-
\??\c:\fxlfxrf.exec:\fxlfxrf.exe52⤵
- Executes dropped EXE
-
\??\c:\rrffllr.exec:\rrffllr.exe53⤵
- Executes dropped EXE
-
\??\c:\5hbnth.exec:\5hbnth.exe54⤵
- Executes dropped EXE
-
\??\c:\bnnhhh.exec:\bnnhhh.exe55⤵
- Executes dropped EXE
-
\??\c:\vddvv.exec:\vddvv.exe56⤵
- Executes dropped EXE
-
\??\c:\jjddj.exec:\jjddj.exe57⤵
- Executes dropped EXE
-
\??\c:\lffllrr.exec:\lffllrr.exe58⤵
- Executes dropped EXE
-
\??\c:\1rxxxfl.exec:\1rxxxfl.exe59⤵
- Executes dropped EXE
-
\??\c:\nhbtnn.exec:\nhbtnn.exe60⤵
- Executes dropped EXE
-
\??\c:\5pppp.exec:\5pppp.exe61⤵
- Executes dropped EXE
-
\??\c:\vvjjv.exec:\vvjjv.exe62⤵
- Executes dropped EXE
-
\??\c:\frfrxxf.exec:\frfrxxf.exe63⤵
- Executes dropped EXE
-
\??\c:\xfrrffl.exec:\xfrrffl.exe64⤵
- Executes dropped EXE
-
\??\c:\tbhhbb.exec:\tbhhbb.exe65⤵
- Executes dropped EXE
-
\??\c:\jjdvp.exec:\jjdvp.exe66⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe67⤵
-
\??\c:\flxflll.exec:\flxflll.exe68⤵
-
\??\c:\1xllxfl.exec:\1xllxfl.exe69⤵
-
\??\c:\3hhhtt.exec:\3hhhtt.exe70⤵
-
\??\c:\3hnnnt.exec:\3hnnnt.exe71⤵
-
\??\c:\ddddd.exec:\ddddd.exe72⤵
-
\??\c:\5xfxrrr.exec:\5xfxrrr.exe73⤵
-
\??\c:\btttbb.exec:\btttbb.exe74⤵
-
\??\c:\tbnhbt.exec:\tbnhbt.exe75⤵
-
\??\c:\vpvdd.exec:\vpvdd.exe76⤵
-
\??\c:\pppjv.exec:\pppjv.exe77⤵
-
\??\c:\rrxrlrl.exec:\rrxrlrl.exe78⤵
-
\??\c:\fxrlflf.exec:\fxrlflf.exe79⤵
-
\??\c:\nttbbn.exec:\nttbbn.exe80⤵
-
\??\c:\5nttht.exec:\5nttht.exe81⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe82⤵
-
\??\c:\dvvpv.exec:\dvvpv.exe83⤵
-
\??\c:\xxrlxfr.exec:\xxrlxfr.exe84⤵
-
\??\c:\llrrrrl.exec:\llrrrrl.exe85⤵
-
\??\c:\btttnt.exec:\btttnt.exe86⤵
-
\??\c:\ttttnn.exec:\ttttnn.exe87⤵
-
\??\c:\pjpvj.exec:\pjpvj.exe88⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe89⤵
-
\??\c:\rffxxff.exec:\rffxxff.exe90⤵
-
\??\c:\rxllrrl.exec:\rxllrrl.exe91⤵
-
\??\c:\thttnn.exec:\thttnn.exe92⤵
-
\??\c:\jjppj.exec:\jjppj.exe93⤵
-
\??\c:\pjppj.exec:\pjppj.exe94⤵
-
\??\c:\rxxxxff.exec:\rxxxxff.exe95⤵
-
\??\c:\rlrllll.exec:\rlrllll.exe96⤵
-
\??\c:\xrrfxfx.exec:\xrrfxfx.exe97⤵
-
\??\c:\tthhhh.exec:\tthhhh.exe98⤵
-
\??\c:\ntnhbt.exec:\ntnhbt.exe99⤵
-
\??\c:\jdpvv.exec:\jdpvv.exe100⤵
-
\??\c:\pjppj.exec:\pjppj.exe101⤵
-
\??\c:\xrlfrrx.exec:\xrlfrrx.exe102⤵
-
\??\c:\hnnhbb.exec:\hnnhbb.exe103⤵
-
\??\c:\nnttnn.exec:\nnttnn.exe104⤵
-
\??\c:\hbbbhh.exec:\hbbbhh.exe105⤵
-
\??\c:\djddd.exec:\djddd.exe106⤵
-
\??\c:\9vdpp.exec:\9vdpp.exe107⤵
-
\??\c:\7lrxfff.exec:\7lrxfff.exe108⤵
-
\??\c:\lxfrrlr.exec:\lxfrrlr.exe109⤵
-
\??\c:\thnhhh.exec:\thnhhh.exe110⤵
-
\??\c:\bntnhh.exec:\bntnhh.exe111⤵
-
\??\c:\dddvv.exec:\dddvv.exe112⤵
-
\??\c:\vvpjd.exec:\vvpjd.exe113⤵
-
\??\c:\9jvpp.exec:\9jvpp.exe114⤵
-
\??\c:\xxxrfff.exec:\xxxrfff.exe115⤵
-
\??\c:\lxllllf.exec:\lxllllf.exe116⤵
-
\??\c:\nthhtt.exec:\nthhtt.exe117⤵
-
\??\c:\thnnnn.exec:\thnnnn.exe118⤵
-
\??\c:\vdvpd.exec:\vdvpd.exe119⤵
-
\??\c:\5jvdd.exec:\5jvdd.exe120⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe121⤵
-
\??\c:\xlrlrrr.exec:\xlrlrrr.exe122⤵
-
\??\c:\xfrrlll.exec:\xfrrlll.exe123⤵
-
\??\c:\bhnbnn.exec:\bhnbnn.exe124⤵
-
\??\c:\tthhht.exec:\tthhht.exe125⤵
-
\??\c:\ppppj.exec:\ppppj.exe126⤵
-
\??\c:\vpjdj.exec:\vpjdj.exe127⤵
-
\??\c:\dpppd.exec:\dpppd.exe128⤵
-
\??\c:\lfrlrrf.exec:\lfrlrrf.exe129⤵
-
\??\c:\htnttn.exec:\htnttn.exe130⤵
-
\??\c:\htnhtb.exec:\htnhtb.exe131⤵
-
\??\c:\hhnhbt.exec:\hhnhbt.exe132⤵
-
\??\c:\dppjj.exec:\dppjj.exe133⤵
-
\??\c:\pddvv.exec:\pddvv.exe134⤵
-
\??\c:\rlrrrxr.exec:\rlrrrxr.exe135⤵
-
\??\c:\xfxrffl.exec:\xfxrffl.exe136⤵
-
\??\c:\ttbbhn.exec:\ttbbhn.exe137⤵
-
\??\c:\hhnnnn.exec:\hhnnnn.exe138⤵
-
\??\c:\ddjjj.exec:\ddjjj.exe139⤵
-
\??\c:\dppvv.exec:\dppvv.exe140⤵
-
\??\c:\fxffxxx.exec:\fxffxxx.exe141⤵
-
\??\c:\hhhtbn.exec:\hhhtbn.exe142⤵
-
\??\c:\hhnnnt.exec:\hhnnnt.exe143⤵
-
\??\c:\jjjjj.exec:\jjjjj.exe144⤵
-
\??\c:\3vpjd.exec:\3vpjd.exe145⤵
-
\??\c:\xxxxxxl.exec:\xxxxxxl.exe146⤵
-
\??\c:\tbhbtt.exec:\tbhbtt.exe147⤵
-
\??\c:\7jppp.exec:\7jppp.exe148⤵
-
\??\c:\vdjjj.exec:\vdjjj.exe149⤵
-
\??\c:\rlxrxxf.exec:\rlxrxxf.exe150⤵
-
\??\c:\lxffxxx.exec:\lxffxxx.exe151⤵
-
\??\c:\nhbnhb.exec:\nhbnhb.exe152⤵
-
\??\c:\pvpvv.exec:\pvpvv.exe153⤵
-
\??\c:\lxrlfrf.exec:\lxrlfrf.exe154⤵
-
\??\c:\fxlxrff.exec:\fxlxrff.exe155⤵
-
\??\c:\nhttnn.exec:\nhttnn.exe156⤵
-
\??\c:\9thhhn.exec:\9thhhn.exe157⤵
-
\??\c:\1vvpv.exec:\1vvpv.exe158⤵
-
\??\c:\vpppd.exec:\vpppd.exe159⤵
-
\??\c:\9xxlflf.exec:\9xxlflf.exe160⤵
-
\??\c:\7fflllr.exec:\7fflllr.exe161⤵
-
\??\c:\btnhnh.exec:\btnhnh.exe162⤵
-
\??\c:\nhttnn.exec:\nhttnn.exe163⤵
-
\??\c:\9htbth.exec:\9htbth.exe164⤵
-
\??\c:\jjvdd.exec:\jjvdd.exe165⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe166⤵
-
\??\c:\3fllfll.exec:\3fllfll.exe167⤵
-
\??\c:\frfxxxx.exec:\frfxxxx.exe168⤵
-
\??\c:\tthhnt.exec:\tthhnt.exe169⤵
-
\??\c:\nntttb.exec:\nntttb.exe170⤵
-
\??\c:\1vpjp.exec:\1vpjp.exe171⤵
-
\??\c:\pddvp.exec:\pddvp.exe172⤵
-
\??\c:\9xlfllr.exec:\9xlfllr.exe173⤵
-
\??\c:\llrrlrr.exec:\llrrlrr.exe174⤵
-
\??\c:\rxxxfll.exec:\rxxxfll.exe175⤵
-
\??\c:\hhnnnn.exec:\hhnnnn.exe176⤵
-
\??\c:\tttttt.exec:\tttttt.exe177⤵
-
\??\c:\vvdjd.exec:\vvdjd.exe178⤵
-
\??\c:\3pvvp.exec:\3pvvp.exe179⤵
-
\??\c:\3tbbbh.exec:\3tbbbh.exe180⤵
-
\??\c:\3nnbbh.exec:\3nnbbh.exe181⤵
-
\??\c:\hbbbbb.exec:\hbbbbb.exe182⤵
-
\??\c:\vjppj.exec:\vjppj.exe183⤵
-
\??\c:\vvjvj.exec:\vvjvj.exe184⤵
-
\??\c:\rlrrlll.exec:\rlrrlll.exe185⤵
-
\??\c:\3rfxrfx.exec:\3rfxrfx.exe186⤵
-
\??\c:\hhnnnn.exec:\hhnnnn.exe187⤵
-
\??\c:\1nthbh.exec:\1nthbh.exe188⤵
-
\??\c:\vdjjd.exec:\vdjjd.exe189⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe190⤵
-
\??\c:\rrxxxfx.exec:\rrxxxfx.exe191⤵
-
\??\c:\xxxxxxx.exec:\xxxxxxx.exe192⤵
-
\??\c:\1bbthh.exec:\1bbthh.exe193⤵
-
\??\c:\hbhbtt.exec:\hbhbtt.exe194⤵
-
\??\c:\7jdvp.exec:\7jdvp.exe195⤵
-
\??\c:\djvvd.exec:\djvvd.exe196⤵
-
\??\c:\7fxrfrf.exec:\7fxrfrf.exe197⤵
-
\??\c:\flffllr.exec:\flffllr.exe198⤵
-
\??\c:\1thhnb.exec:\1thhnb.exe199⤵
-
\??\c:\nbhbtt.exec:\nbhbtt.exe200⤵
-
\??\c:\ddddv.exec:\ddddv.exe201⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe202⤵
-
\??\c:\xffxxfr.exec:\xffxxfr.exe203⤵
-
\??\c:\frrrlrr.exec:\frrrlrr.exe204⤵
-
\??\c:\bnhhnt.exec:\bnhhnt.exe205⤵
-
\??\c:\nnthtn.exec:\nnthtn.exe206⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe207⤵
-
\??\c:\vvjdv.exec:\vvjdv.exe208⤵
-
\??\c:\ffxxxfx.exec:\ffxxxfx.exe209⤵
-
\??\c:\frrlfxr.exec:\frrlfxr.exe210⤵
-
\??\c:\1bhbtt.exec:\1bhbtt.exe211⤵
-
\??\c:\hbttnt.exec:\hbttnt.exe212⤵
-
\??\c:\vvvpv.exec:\vvvpv.exe213⤵
-
\??\c:\7dvpp.exec:\7dvpp.exe214⤵
-
\??\c:\5rxflfx.exec:\5rxflfx.exe215⤵
-
\??\c:\tnbbbt.exec:\tnbbbt.exe216⤵
-
\??\c:\vppjd.exec:\vppjd.exe217⤵
-
\??\c:\pppjv.exec:\pppjv.exe218⤵
-
\??\c:\rrlffff.exec:\rrlffff.exe219⤵
-
\??\c:\lfflfll.exec:\lfflfll.exe220⤵
-
\??\c:\thhnnt.exec:\thhnnt.exe221⤵
-
\??\c:\bhbtbh.exec:\bhbtbh.exe222⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe223⤵
-
\??\c:\7vppj.exec:\7vppj.exe224⤵
-
\??\c:\xrlfxxx.exec:\xrlfxxx.exe225⤵
-
\??\c:\3fxxffl.exec:\3fxxffl.exe226⤵
-
\??\c:\3hnnnt.exec:\3hnnnt.exe227⤵
-
\??\c:\3ttthn.exec:\3ttthn.exe228⤵
-
\??\c:\ddvvv.exec:\ddvvv.exe229⤵
-
\??\c:\jdddd.exec:\jdddd.exe230⤵
-
\??\c:\9rlfxrl.exec:\9rlfxrl.exe231⤵
-
\??\c:\1rxffff.exec:\1rxffff.exe232⤵
-
\??\c:\bbbnnb.exec:\bbbnnb.exe233⤵
-
\??\c:\9bhhtt.exec:\9bhhtt.exe234⤵
-
\??\c:\ppjdd.exec:\ppjdd.exe235⤵
-
\??\c:\pvdjd.exec:\pvdjd.exe236⤵
-
\??\c:\rxfxxff.exec:\rxfxxff.exe237⤵
-
\??\c:\xrffxfx.exec:\xrffxfx.exe238⤵
-
\??\c:\bhhhtt.exec:\bhhhtt.exe239⤵
-
\??\c:\htbbbb.exec:\htbbbb.exe240⤵