Analysis
-
max time kernel
70s -
max time network
132s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
08-06-2024 22:38
General
-
Target
47b9c3634b0669661c256df10be741fecb613eaafa379bc17e400f282ea63711.exe
-
Size
88KB
-
MD5
cc9941d010fe2642e7168bd2eed14266
-
SHA1
dded130601d6a64b3d798a1c2cb760866132b8f7
-
SHA256
47b9c3634b0669661c256df10be741fecb613eaafa379bc17e400f282ea63711
-
SHA512
3d194cbc5319b52d5f4118f079b624a07397f28e538735eb21a8e5cb475b227ceef098ca33e1ca7c6f7de7bda0c54e417099511fd647600621bc29fdf7c321d9
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND+3T4+C2iJvRirE0DmmdL2jqWkgo:ymb3NkkiQ3mdBjF+3TU2iBRioSumWuF
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
UPX dump on OEP (original entry point) 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\47b9c3634b0669661c256df10be741fecb613eaafa379bc17e400f282ea63711.exe"C:\Users\Admin\AppData\Local\Temp\47b9c3634b0669661c256df10be741fecb613eaafa379bc17e400f282ea63711.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjjp.exec:\ddjjp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddpv.exec:\jddpv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfrffx.exec:\rrfrffx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthtth.exec:\hthtth.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7djpd.exec:\7djpd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpvp.exec:\vjpvp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxlxxx.exec:\lrxlxxx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrxrlx.exec:\xlrxrlx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bbtbb.exec:\5bbtbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnhb.exec:\bttnhb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvvp.exec:\pvvvp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrrrx.exec:\rlrrrrx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhbtt.exec:\tbhbtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpjj.exec:\djpjj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffrlfx.exec:\lffrlfx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btthbn.exec:\btthbn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvvv.exec:\jpvvv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxrxx.exec:\xrxxrxx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtbbb.exec:\hbtbbb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppvj.exec:\vppvj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xxfrxf.exec:\1xxfrxf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhhtt.exec:\bbhhtt.exe23⤵
- Executes dropped EXE
-
\??\c:\dvpdj.exec:\dvpdj.exe24⤵
- Executes dropped EXE
-
\??\c:\5fffxrr.exec:\5fffxrr.exe25⤵
- Executes dropped EXE
-
\??\c:\vjvpp.exec:\vjvpp.exe26⤵
- Executes dropped EXE
-
\??\c:\jddvv.exec:\jddvv.exe27⤵
- Executes dropped EXE
-
\??\c:\htnnht.exec:\htnnht.exe28⤵
- Executes dropped EXE
-
\??\c:\xlrxxrf.exec:\xlrxxrf.exe29⤵
- Executes dropped EXE
-
\??\c:\bhnnht.exec:\bhnnht.exe30⤵
- Executes dropped EXE
-
\??\c:\nhnhbb.exec:\nhnhbb.exe31⤵
- Executes dropped EXE
-
\??\c:\5xlffxx.exec:\5xlffxx.exe32⤵
- Executes dropped EXE
-
\??\c:\hbnnbt.exec:\hbnnbt.exe33⤵
- Executes dropped EXE
-
\??\c:\hnbbnn.exec:\hnbbnn.exe34⤵
- Executes dropped EXE
-
\??\c:\jdddp.exec:\jdddp.exe35⤵
- Executes dropped EXE
-
\??\c:\xlrxxxf.exec:\xlrxxxf.exe36⤵
- Executes dropped EXE
-
\??\c:\ntbbbh.exec:\ntbbbh.exe37⤵
- Executes dropped EXE
-
\??\c:\bntthh.exec:\bntthh.exe38⤵
- Executes dropped EXE
-
\??\c:\pjpjd.exec:\pjpjd.exe39⤵
- Executes dropped EXE
-
\??\c:\fxfxfxx.exec:\fxfxfxx.exe40⤵
- Executes dropped EXE
-
\??\c:\bbbbth.exec:\bbbbth.exe41⤵
- Executes dropped EXE
-
\??\c:\tnnnbh.exec:\tnnnbh.exe42⤵
- Executes dropped EXE
-
\??\c:\5dvpd.exec:\5dvpd.exe43⤵
- Executes dropped EXE
-
\??\c:\3dddv.exec:\3dddv.exe44⤵
- Executes dropped EXE
-
\??\c:\3rflfll.exec:\3rflfll.exe45⤵
- Executes dropped EXE
-
\??\c:\bhhbhh.exec:\bhhbhh.exe46⤵
- Executes dropped EXE
-
\??\c:\tnhhbh.exec:\tnhhbh.exe47⤵
- Executes dropped EXE
-
\??\c:\ppdpp.exec:\ppdpp.exe48⤵
- Executes dropped EXE
-
\??\c:\jjpjv.exec:\jjpjv.exe49⤵
- Executes dropped EXE
-
\??\c:\5llllll.exec:\5llllll.exe50⤵
- Executes dropped EXE
-
\??\c:\nttbhh.exec:\nttbhh.exe51⤵
- Executes dropped EXE
-
\??\c:\7httnt.exec:\7httnt.exe52⤵
- Executes dropped EXE
-
\??\c:\pvjvd.exec:\pvjvd.exe53⤵
- Executes dropped EXE
-
\??\c:\pdjpv.exec:\pdjpv.exe54⤵
- Executes dropped EXE
-
\??\c:\lrxfflr.exec:\lrxfflr.exe55⤵
- Executes dropped EXE
-
\??\c:\5lxllfr.exec:\5lxllfr.exe56⤵
- Executes dropped EXE
-
\??\c:\ntbbtb.exec:\ntbbtb.exe57⤵
- Executes dropped EXE
-
\??\c:\3bbhhh.exec:\3bbhhh.exe58⤵
- Executes dropped EXE
-
\??\c:\vjpjd.exec:\vjpjd.exe59⤵
- Executes dropped EXE
-
\??\c:\xfffflx.exec:\xfffflx.exe60⤵
- Executes dropped EXE
-
\??\c:\flrxfrx.exec:\flrxfrx.exe61⤵
- Executes dropped EXE
-
\??\c:\nhnhbb.exec:\nhnhbb.exe62⤵
- Executes dropped EXE
-
\??\c:\pjvvv.exec:\pjvvv.exe63⤵
- Executes dropped EXE
-
\??\c:\djppp.exec:\djppp.exe64⤵
- Executes dropped EXE
-
\??\c:\xffflrr.exec:\xffflrr.exe65⤵
- Executes dropped EXE
-
\??\c:\bhhnhh.exec:\bhhnhh.exe66⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe67⤵
-
\??\c:\vppvp.exec:\vppvp.exe68⤵
-
\??\c:\rxfrxrr.exec:\rxfrxrr.exe69⤵
-
\??\c:\3flxrll.exec:\3flxrll.exe70⤵
-
\??\c:\hbtbbn.exec:\hbtbbn.exe71⤵
-
\??\c:\pppjd.exec:\pppjd.exe72⤵
-
\??\c:\pvjvd.exec:\pvjvd.exe73⤵
-
\??\c:\rflrrlf.exec:\rflrrlf.exe74⤵
-
\??\c:\ffrrxxf.exec:\ffrrxxf.exe75⤵
-
\??\c:\nbbhbh.exec:\nbbhbh.exe76⤵
-
\??\c:\dvddd.exec:\dvddd.exe77⤵
-
\??\c:\9dvjv.exec:\9dvjv.exe78⤵
-
\??\c:\lfrlfff.exec:\lfrlfff.exe79⤵
-
\??\c:\rlxflfr.exec:\rlxflfr.exe80⤵
-
\??\c:\btbnht.exec:\btbnht.exe81⤵
-
\??\c:\vjvvp.exec:\vjvvp.exe82⤵
-
\??\c:\9jjvp.exec:\9jjvp.exe83⤵
-
\??\c:\xfrlxxf.exec:\xfrlxxf.exe84⤵
-
\??\c:\flrrlfr.exec:\flrrlfr.exe85⤵
-
\??\c:\nbnnhn.exec:\nbnnhn.exe86⤵
-
\??\c:\hhhhnt.exec:\hhhhnt.exe87⤵
-
\??\c:\djpjd.exec:\djpjd.exe88⤵
-
\??\c:\vdddv.exec:\vdddv.exe89⤵
-
\??\c:\rlxfxxl.exec:\rlxfxxl.exe90⤵
-
\??\c:\rrxrfxf.exec:\rrxrfxf.exe91⤵
-
\??\c:\nnhhhh.exec:\nnhhhh.exe92⤵
-
\??\c:\7dvpv.exec:\7dvpv.exe93⤵
-
\??\c:\pdvpp.exec:\pdvpp.exe94⤵
-
\??\c:\lffrrll.exec:\lffrrll.exe95⤵
-
\??\c:\5rlxxll.exec:\5rlxxll.exe96⤵
-
\??\c:\hbtttt.exec:\hbtttt.exe97⤵
-
\??\c:\btbthh.exec:\btbthh.exe98⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe99⤵
-
\??\c:\fxrxfxf.exec:\fxrxfxf.exe100⤵
-
\??\c:\ttnbht.exec:\ttnbht.exe101⤵
-
\??\c:\ttbntb.exec:\ttbntb.exe102⤵
-
\??\c:\dpjjj.exec:\dpjjj.exe103⤵
-
\??\c:\llrlxxf.exec:\llrlxxf.exe104⤵
-
\??\c:\lfxlfrl.exec:\lfxlfrl.exe105⤵
-
\??\c:\btnhbh.exec:\btnhbh.exe106⤵
-
\??\c:\tbbtnh.exec:\tbbtnh.exe107⤵
-
\??\c:\jpdvv.exec:\jpdvv.exe108⤵
-
\??\c:\llxrllr.exec:\llxrllr.exe109⤵
-
\??\c:\rxrlfxr.exec:\rxrlfxr.exe110⤵
-
\??\c:\tnnbbt.exec:\tnnbbt.exe111⤵
-
\??\c:\hnhhnb.exec:\hnhhnb.exe112⤵
-
\??\c:\9jjjj.exec:\9jjjj.exe113⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe114⤵
-
\??\c:\frxxflf.exec:\frxxflf.exe115⤵
-
\??\c:\rfxrlll.exec:\rfxrlll.exe116⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe117⤵
-
\??\c:\lfllllr.exec:\lfllllr.exe118⤵
-
\??\c:\lrlffrl.exec:\lrlffrl.exe119⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe120⤵
-
\??\c:\1nbtbb.exec:\1nbtbb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-