Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
06/06/2024, 18:30
General
-
Target
073dc549aa6aecd244155473c7c1e1ab86c1017276fd022e6f4677f2a80bab9d.exe
-
Size
84KB
-
MD5
07bf44c783963132cb3744ac5fd31141
-
SHA1
1d463822299829abd0183dc3715c33f86ba9f9a9
-
SHA256
073dc549aa6aecd244155473c7c1e1ab86c1017276fd022e6f4677f2a80bab9d
-
SHA512
b32a286ff8949ec97361ccbc536403bd42fd7952f54ccfe1eb19577273d50b9f590689bf83dbc674603e003dda4be090dab9a965e5e78c3979fb3b17a361c6c6
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIgt7WxZKmNDnX77lY8/X5Qgrciv:ymb3NkkiQ3mdBjFIgte0mNb77Bptfr
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
UPX dump on OEP (original entry point) 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\073dc549aa6aecd244155473c7c1e1ab86c1017276fd022e6f4677f2a80bab9d.exe"C:\Users\Admin\AppData\Local\Temp\073dc549aa6aecd244155473c7c1e1ab86c1017276fd022e6f4677f2a80bab9d.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfxrrl.exec:\lxfxrrl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbbtb.exec:\bbbbtb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnhb.exec:\bttnhb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdpv.exec:\dvdpv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrrlxx.exec:\lfrrlxx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnnnt.exec:\htnnnt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ttbnn.exec:\9ttbnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvd.exec:\pjdvd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbbbb.exec:\htbbbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhhbt.exec:\nbhhbt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpppp.exec:\jpppp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlfxlf.exec:\xxlfxlf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3htttt.exec:\3htttt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjvd.exec:\ppjvd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxrfxr.exec:\lxxrfxr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbtbb.exec:\hhbtbb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdv.exec:\vpjdv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxllr.exec:\xrfxllr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbhbb.exec:\nnbhbb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpjd.exec:\ddpjd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lfxllf.exec:\7lfxllf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ntttn.exec:\7ntttn.exe23⤵
- Executes dropped EXE
-
\??\c:\jdjpj.exec:\jdjpj.exe24⤵
- Executes dropped EXE
-
\??\c:\jpppj.exec:\jpppj.exe25⤵
- Executes dropped EXE
-
\??\c:\xllllll.exec:\xllllll.exe26⤵
- Executes dropped EXE
-
\??\c:\9httnn.exec:\9httnn.exe27⤵
- Executes dropped EXE
-
\??\c:\bbbbnn.exec:\bbbbnn.exe28⤵
- Executes dropped EXE
-
\??\c:\vddvv.exec:\vddvv.exe29⤵
- Executes dropped EXE
-
\??\c:\5rrlxlr.exec:\5rrlxlr.exe30⤵
- Executes dropped EXE
-
\??\c:\3httnn.exec:\3httnn.exe31⤵
- Executes dropped EXE
-
\??\c:\vpdvj.exec:\vpdvj.exe32⤵
- Executes dropped EXE
-
\??\c:\xrlfxff.exec:\xrlfxff.exe33⤵
- Executes dropped EXE
-
\??\c:\frrrllf.exec:\frrrllf.exe34⤵
- Executes dropped EXE
-
\??\c:\bntnnh.exec:\bntnnh.exe35⤵
- Executes dropped EXE
-
\??\c:\thnthb.exec:\thnthb.exe36⤵
- Executes dropped EXE
-
\??\c:\pvvpd.exec:\pvvpd.exe37⤵
- Executes dropped EXE
-
\??\c:\lxrrrlf.exec:\lxrrrlf.exe38⤵
- Executes dropped EXE
-
\??\c:\7thbnn.exec:\7thbnn.exe39⤵
- Executes dropped EXE
-
\??\c:\tnntnn.exec:\tnntnn.exe40⤵
- Executes dropped EXE
-
\??\c:\vjjjd.exec:\vjjjd.exe41⤵
- Executes dropped EXE
-
\??\c:\rxrlfrf.exec:\rxrlfrf.exe42⤵
- Executes dropped EXE
-
\??\c:\nhbnhn.exec:\nhbnhn.exe43⤵
- Executes dropped EXE
-
\??\c:\thnhbt.exec:\thnhbt.exe44⤵
- Executes dropped EXE
-
\??\c:\vjvvv.exec:\vjvvv.exe45⤵
- Executes dropped EXE
-
\??\c:\7xxfffr.exec:\7xxfffr.exe46⤵
- Executes dropped EXE
-
\??\c:\7bhhtt.exec:\7bhhtt.exe47⤵
- Executes dropped EXE
-
\??\c:\1ppjj.exec:\1ppjj.exe48⤵
- Executes dropped EXE
-
\??\c:\pdpjj.exec:\pdpjj.exe49⤵
- Executes dropped EXE
-
\??\c:\ffllffx.exec:\ffllffx.exe50⤵
- Executes dropped EXE
-
\??\c:\nhtbbt.exec:\nhtbbt.exe51⤵
- Executes dropped EXE
-
\??\c:\hthntt.exec:\hthntt.exe52⤵
- Executes dropped EXE
-
\??\c:\pvddd.exec:\pvddd.exe53⤵
- Executes dropped EXE
-
\??\c:\lrfrlfr.exec:\lrfrlfr.exe54⤵
- Executes dropped EXE
-
\??\c:\xxlrrxf.exec:\xxlrrxf.exe55⤵
- Executes dropped EXE
-
\??\c:\nnhhhh.exec:\nnhhhh.exe56⤵
- Executes dropped EXE
-
\??\c:\htbhtb.exec:\htbhtb.exe57⤵
- Executes dropped EXE
-
\??\c:\jjvvp.exec:\jjvvp.exe58⤵
- Executes dropped EXE
-
\??\c:\rllfrxr.exec:\rllfrxr.exe59⤵
- Executes dropped EXE
-
\??\c:\nhtnnn.exec:\nhtnnn.exe60⤵
- Executes dropped EXE
-
\??\c:\ttthth.exec:\ttthth.exe61⤵
- Executes dropped EXE
-
\??\c:\jjddv.exec:\jjddv.exe62⤵
- Executes dropped EXE
-
\??\c:\3dddv.exec:\3dddv.exe63⤵
- Executes dropped EXE
-
\??\c:\7flxflr.exec:\7flxflr.exe64⤵
- Executes dropped EXE
-
\??\c:\tnbthb.exec:\tnbthb.exe65⤵
- Executes dropped EXE
-
\??\c:\1nnhtb.exec:\1nnhtb.exe66⤵
-
\??\c:\jpppv.exec:\jpppv.exe67⤵
-
\??\c:\lrxrxfl.exec:\lrxrxfl.exe68⤵
-
\??\c:\tttntb.exec:\tttntb.exe69⤵
-
\??\c:\3hntnn.exec:\3hntnn.exe70⤵
-
\??\c:\ppvpd.exec:\ppvpd.exe71⤵
-
\??\c:\llrrlxr.exec:\llrrlxr.exe72⤵
-
\??\c:\hbnntb.exec:\hbnntb.exe73⤵
-
\??\c:\vdjdj.exec:\vdjdj.exe74⤵
-
\??\c:\3llfxxx.exec:\3llfxxx.exe75⤵
-
\??\c:\tnntnt.exec:\tnntnt.exe76⤵
-
\??\c:\hhbtnh.exec:\hhbtnh.exe77⤵
-
\??\c:\vvppv.exec:\vvppv.exe78⤵
-
\??\c:\lxfffxr.exec:\lxfffxr.exe79⤵
-
\??\c:\3ffxxrr.exec:\3ffxxrr.exe80⤵
-
\??\c:\bnbttt.exec:\bnbttt.exe81⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe82⤵
-
\??\c:\xrlxllf.exec:\xrlxllf.exe83⤵
-
\??\c:\frrlxlf.exec:\frrlxlf.exe84⤵
-
\??\c:\hbbhhh.exec:\hbbhhh.exe85⤵
-
\??\c:\vdpvj.exec:\vdpvj.exe86⤵
-
\??\c:\pddpj.exec:\pddpj.exe87⤵
-
\??\c:\9rlllll.exec:\9rlllll.exe88⤵
-
\??\c:\5lllfrl.exec:\5lllfrl.exe89⤵
-
\??\c:\bnbbbh.exec:\bnbbbh.exe90⤵
-
\??\c:\vpddv.exec:\vpddv.exe91⤵
-
\??\c:\7djdp.exec:\7djdp.exe92⤵
-
\??\c:\1rxrlrl.exec:\1rxrlrl.exe93⤵
-
\??\c:\thhbtn.exec:\thhbtn.exe94⤵
-
\??\c:\1nnnnh.exec:\1nnnnh.exe95⤵
-
\??\c:\jddvv.exec:\jddvv.exe96⤵
-
\??\c:\xlffrrl.exec:\xlffrrl.exe97⤵
-
\??\c:\rxlfrfl.exec:\rxlfrfl.exe98⤵
-
\??\c:\7thbbb.exec:\7thbbb.exe99⤵
-
\??\c:\7vvvj.exec:\7vvvj.exe100⤵
-
\??\c:\5pddv.exec:\5pddv.exe101⤵
-
\??\c:\llrrrrr.exec:\llrrrrr.exe102⤵
-
\??\c:\7lxrrxx.exec:\7lxrrxx.exe103⤵
-
\??\c:\hbhnbn.exec:\hbhnbn.exe104⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe105⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe106⤵
-
\??\c:\xrllrrr.exec:\xrllrrr.exe107⤵
-
\??\c:\5lffxxx.exec:\5lffxxx.exe108⤵
-
\??\c:\tthtnt.exec:\tthtnt.exe109⤵
-
\??\c:\thttbb.exec:\thttbb.exe110⤵
-
\??\c:\ppddd.exec:\ppddd.exe111⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe112⤵
-
\??\c:\lxfllfx.exec:\lxfllfx.exe113⤵
-
\??\c:\1ttttb.exec:\1ttttb.exe114⤵
-
\??\c:\bhnbbb.exec:\bhnbbb.exe115⤵
-
\??\c:\nhnbbn.exec:\nhnbbn.exe116⤵
-
\??\c:\vdjpp.exec:\vdjpp.exe117⤵
-
\??\c:\tthbhn.exec:\tthbhn.exe118⤵
-
\??\c:\nttnhh.exec:\nttnhh.exe119⤵
-
\??\c:\7pvdd.exec:\7pvdd.exe120⤵
-
\??\c:\lxrflfl.exec:\lxrflfl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-