Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
10/06/2024, 04:54
General
-
Target
295eea87c576ceaa0327eb318b28e40b1e2a6a2e436b3437778cc2cd399e218f.exe
-
Size
63KB
-
MD5
fd6e65a4a44a135befdf31e3e6c8645b
-
SHA1
6135ec50702dfa21e42d229935a18b8134d48fe9
-
SHA256
295eea87c576ceaa0327eb318b28e40b1e2a6a2e436b3437778cc2cd399e218f
-
SHA512
f59d9a66d6b74a03743e1fd29f356e683371453d2ca8a732ef91196505dec1f5ba676f3d09b413d7475484d6f11bd15c0fc58931e3a3559b06c2e66e7ff0f223
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFdJULh12A:ymb3NkkiQ3mdBjFIFdJmj
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
UPX dump on OEP (original entry point) 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\295eea87c576ceaa0327eb318b28e40b1e2a6a2e436b3437778cc2cd399e218f.exe"C:\Users\Admin\AppData\Local\Temp\295eea87c576ceaa0327eb318b28e40b1e2a6a2e436b3437778cc2cd399e218f.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxlfr.exec:\lfxxlfr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrrrxf.exec:\lfrrrxf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnnnt.exec:\ttnnnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvj.exec:\pjvvj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddp.exec:\vvddp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdpd.exec:\pjdpd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3frxffx.exec:\3frxffx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xffrfl.exec:\5xffrfl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbtbb.exec:\nnbtbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhntt.exec:\hbhntt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpvd.exec:\pvpvd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjd.exec:\pjdjd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxfrf.exec:\lfxxfrf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllxlrf.exec:\lllxlrf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbht.exec:\btbbht.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbhnn.exec:\btbhnn.exe17⤵
- Executes dropped EXE
-
\??\c:\dvpvv.exec:\dvpvv.exe18⤵
- Executes dropped EXE
-
\??\c:\vpjpd.exec:\vpjpd.exe19⤵
- Executes dropped EXE
-
\??\c:\ffxlfrx.exec:\ffxlfrx.exe20⤵
- Executes dropped EXE
-
\??\c:\fffrxfr.exec:\fffrxfr.exe21⤵
- Executes dropped EXE
-
\??\c:\9hhhnn.exec:\9hhhnn.exe22⤵
- Executes dropped EXE
-
\??\c:\3tnhtt.exec:\3tnhtt.exe23⤵
- Executes dropped EXE
-
\??\c:\9dvdp.exec:\9dvdp.exe24⤵
- Executes dropped EXE
-
\??\c:\3dpdp.exec:\3dpdp.exe25⤵
- Executes dropped EXE
-
\??\c:\lfrlrfx.exec:\lfrlrfx.exe26⤵
- Executes dropped EXE
-
\??\c:\hbbnhb.exec:\hbbnhb.exe27⤵
- Executes dropped EXE
-
\??\c:\ththnt.exec:\ththnt.exe28⤵
- Executes dropped EXE
-
\??\c:\pjddp.exec:\pjddp.exe29⤵
- Executes dropped EXE
-
\??\c:\3dpvj.exec:\3dpvj.exe30⤵
- Executes dropped EXE
-
\??\c:\7lrxrlr.exec:\7lrxrlr.exe31⤵
- Executes dropped EXE
-
\??\c:\3fffrrx.exec:\3fffrrx.exe32⤵
- Executes dropped EXE
-
\??\c:\7ttnht.exec:\7ttnht.exe33⤵
- Executes dropped EXE
-
\??\c:\nnntnb.exec:\nnntnb.exe34⤵
- Executes dropped EXE
-
\??\c:\thbbhn.exec:\thbbhn.exe35⤵
- Executes dropped EXE
-
\??\c:\vpvpv.exec:\vpvpv.exe36⤵
- Executes dropped EXE
-
\??\c:\7jdvv.exec:\7jdvv.exe37⤵
- Executes dropped EXE
-
\??\c:\rfrxllr.exec:\rfrxllr.exe38⤵
- Executes dropped EXE
-
\??\c:\xrxlrrx.exec:\xrxlrrx.exe39⤵
- Executes dropped EXE
-
\??\c:\rlrllrf.exec:\rlrllrf.exe40⤵
- Executes dropped EXE
-
\??\c:\thnnnn.exec:\thnnnn.exe41⤵
- Executes dropped EXE
-
\??\c:\3hnhhn.exec:\3hnhhn.exe42⤵
- Executes dropped EXE
-
\??\c:\pdppv.exec:\pdppv.exe43⤵
- Executes dropped EXE
-
\??\c:\pjdjj.exec:\pjdjj.exe44⤵
- Executes dropped EXE
-
\??\c:\vjvvd.exec:\vjvvd.exe45⤵
- Executes dropped EXE
-
\??\c:\frlrflr.exec:\frlrflr.exe46⤵
- Executes dropped EXE
-
\??\c:\xrrrllr.exec:\xrrrllr.exe47⤵
- Executes dropped EXE
-
\??\c:\tnbthn.exec:\tnbthn.exe48⤵
- Executes dropped EXE
-
\??\c:\thnthh.exec:\thnthh.exe49⤵
- Executes dropped EXE
-
\??\c:\dvjpj.exec:\dvjpj.exe50⤵
- Executes dropped EXE
-
\??\c:\dpvdj.exec:\dpvdj.exe51⤵
- Executes dropped EXE
-
\??\c:\dpvpv.exec:\dpvpv.exe52⤵
- Executes dropped EXE
-
\??\c:\3frrfff.exec:\3frrfff.exe53⤵
- Executes dropped EXE
-
\??\c:\5fxxffx.exec:\5fxxffx.exe54⤵
- Executes dropped EXE
-
\??\c:\llrflrr.exec:\llrflrr.exe55⤵
- Executes dropped EXE
-
\??\c:\tnhntb.exec:\tnhntb.exe56⤵
- Executes dropped EXE
-
\??\c:\1nbbbb.exec:\1nbbbb.exe57⤵
- Executes dropped EXE
-
\??\c:\vjddd.exec:\vjddd.exe58⤵
- Executes dropped EXE
-
\??\c:\5jpdd.exec:\5jpdd.exe59⤵
- Executes dropped EXE
-
\??\c:\1tntbn.exec:\1tntbn.exe60⤵
- Executes dropped EXE
-
\??\c:\htnbbh.exec:\htnbbh.exe61⤵
- Executes dropped EXE
-
\??\c:\bbnnhn.exec:\bbnnhn.exe62⤵
- Executes dropped EXE
-
\??\c:\dpvvj.exec:\dpvvj.exe63⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe64⤵
- Executes dropped EXE
-
\??\c:\rfrlfll.exec:\rfrlfll.exe65⤵
- Executes dropped EXE
-
\??\c:\xrxlfxr.exec:\xrxlfxr.exe66⤵
-
\??\c:\nbtntt.exec:\nbtntt.exe67⤵
-
\??\c:\nhttnn.exec:\nhttnn.exe68⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe69⤵
-
\??\c:\dvjvj.exec:\dvjvj.exe70⤵
-
\??\c:\lxllxfl.exec:\lxllxfl.exe71⤵
-
\??\c:\lfrxxxx.exec:\lfrxxxx.exe72⤵
-
\??\c:\7lxflrr.exec:\7lxflrr.exe73⤵
-
\??\c:\hbhnht.exec:\hbhnht.exe74⤵
-
\??\c:\tnbbbt.exec:\tnbbbt.exe75⤵
-
\??\c:\jvjpv.exec:\jvjpv.exe76⤵
-
\??\c:\lxlfflx.exec:\lxlfflx.exe77⤵
-
\??\c:\lrffxfl.exec:\lrffxfl.exe78⤵
-
\??\c:\lfrflrl.exec:\lfrflrl.exe79⤵
-
\??\c:\5bhhtt.exec:\5bhhtt.exe80⤵
-
\??\c:\tbnnbh.exec:\tbnnbh.exe81⤵
-
\??\c:\9tntbb.exec:\9tntbb.exe82⤵
-
\??\c:\9pvvv.exec:\9pvvv.exe83⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe84⤵
-
\??\c:\xrxllrx.exec:\xrxllrx.exe85⤵
-
\??\c:\fxrrxfx.exec:\fxrrxfx.exe86⤵
-
\??\c:\nbnhnn.exec:\nbnhnn.exe87⤵
-
\??\c:\7bhbbb.exec:\7bhbbb.exe88⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe89⤵
-
\??\c:\dpvpv.exec:\dpvpv.exe90⤵
-
\??\c:\5flxrxr.exec:\5flxrxr.exe91⤵
-
\??\c:\lfxxllr.exec:\lfxxllr.exe92⤵
-
\??\c:\7xflrxx.exec:\7xflrxx.exe93⤵
-
\??\c:\3tbhnt.exec:\3tbhnt.exe94⤵
-
\??\c:\nttntt.exec:\nttntt.exe95⤵
-
\??\c:\9tbtnn.exec:\9tbtnn.exe96⤵
-
\??\c:\dvjvp.exec:\dvjvp.exe97⤵
-
\??\c:\9dpjv.exec:\9dpjv.exe98⤵
-
\??\c:\dvpjp.exec:\dvpjp.exe99⤵
-
\??\c:\1lxxfff.exec:\1lxxfff.exe100⤵
-
\??\c:\rrxfxfr.exec:\rrxfxfr.exe101⤵
-
\??\c:\9tnbhh.exec:\9tnbhh.exe102⤵
-
\??\c:\nnhhhb.exec:\nnhhhb.exe103⤵
-
\??\c:\tbhhhn.exec:\tbhhhn.exe104⤵
-
\??\c:\jpjjv.exec:\jpjjv.exe105⤵
-
\??\c:\pdjjj.exec:\pdjjj.exe106⤵
-
\??\c:\pdvpp.exec:\pdvpp.exe107⤵
-
\??\c:\1fxxxfl.exec:\1fxxxfl.exe108⤵
-
\??\c:\lxfflrx.exec:\lxfflrx.exe109⤵
-
\??\c:\nbhthh.exec:\nbhthh.exe110⤵
-
\??\c:\7htnnn.exec:\7htnnn.exe111⤵
-
\??\c:\3tnnnh.exec:\3tnnnh.exe112⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe113⤵
-
\??\c:\jdvjj.exec:\jdvjj.exe114⤵
-
\??\c:\ppjvj.exec:\ppjvj.exe115⤵
-
\??\c:\lfrrlxf.exec:\lfrrlxf.exe116⤵
-
\??\c:\rlxfrrx.exec:\rlxfrrx.exe117⤵
-
\??\c:\1xrflrf.exec:\1xrflrf.exe118⤵
-
\??\c:\nnbbhb.exec:\nnbbhb.exe119⤵
-
\??\c:\nnhbtn.exec:\nnhbtn.exe120⤵
-
\??\c:\bntthn.exec:\bntthn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-