Analysis
-
max time kernel
150s -
max time network
52s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
10-06-2024 12:31
General
-
Target
5a95eabee5fba7dd9b6b3e52f14148e9c5e6fb297b2fb5e2df33387ad0478ab2.exe
-
Size
75KB
-
MD5
c8b7340b884ce99d9b011dc9fec0e09f
-
SHA1
ee65c5c214ca4dd749f917be532c2a7e1a312630
-
SHA256
5a95eabee5fba7dd9b6b3e52f14148e9c5e6fb297b2fb5e2df33387ad0478ab2
-
SHA512
07a4e2702750e9a67706845a8fcdfa4892bb1f57ffe677b9e9a705bf4749a5e405e0ffc11f216b1fe44f22187ee3ee54f3e44bfe7c609a1d65085763fa3fc924
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDWiekja1br3GGBxfot0ijs:ymb3NkkiQ3mdBjFWXkj7afoS
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5a95eabee5fba7dd9b6b3e52f14148e9c5e6fb297b2fb5e2df33387ad0478ab2.exe"C:\Users\Admin\AppData\Local\Temp\5a95eabee5fba7dd9b6b3e52f14148e9c5e6fb297b2fb5e2df33387ad0478ab2.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nthbnb.exec:\nthbnb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjdv.exec:\dvjdv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxflfx.exec:\flxflfx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htttbb.exec:\htttbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvvd.exec:\djvvd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddvv.exec:\dddvv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfrxrx.exec:\xlfrxrx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhttbh.exec:\nhttbh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddjv.exec:\vddjv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffllll.exec:\lffllll.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrlrrr.exec:\frrlrrr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jjdv.exec:\3jjdv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrfllfx.exec:\lrfllfx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppp.exec:\pjppp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdd.exec:\vvjdd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrrrlr.exec:\llrrrlr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbtnn.exec:\hbbtnn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjdp.exec:\jpjdp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddp.exec:\jdddp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xrfrrl.exec:\7xrfrrl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hhhhn.exec:\1hhhhn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjjv.exec:\djjjv.exe23⤵
- Executes dropped EXE
-
\??\c:\frllflf.exec:\frllflf.exe24⤵
- Executes dropped EXE
-
\??\c:\nthbth.exec:\nthbth.exe25⤵
- Executes dropped EXE
-
\??\c:\7jppp.exec:\7jppp.exe26⤵
- Executes dropped EXE
-
\??\c:\flflrxl.exec:\flflrxl.exe27⤵
- Executes dropped EXE
-
\??\c:\vjpjd.exec:\vjpjd.exe28⤵
- Executes dropped EXE
-
\??\c:\fxxxxxr.exec:\fxxxxxr.exe29⤵
- Executes dropped EXE
-
\??\c:\bththn.exec:\bththn.exe30⤵
- Executes dropped EXE
-
\??\c:\pjpjp.exec:\pjpjp.exe31⤵
- Executes dropped EXE
-
\??\c:\ppjjd.exec:\ppjjd.exe32⤵
- Executes dropped EXE
-
\??\c:\rlrlffx.exec:\rlrlffx.exe33⤵
- Executes dropped EXE
-
\??\c:\thhhbb.exec:\thhhbb.exe34⤵
- Executes dropped EXE
-
\??\c:\9tbbnn.exec:\9tbbnn.exe35⤵
- Executes dropped EXE
-
\??\c:\pjjdd.exec:\pjjdd.exe36⤵
- Executes dropped EXE
-
\??\c:\5ddvp.exec:\5ddvp.exe37⤵
- Executes dropped EXE
-
\??\c:\rrxxrff.exec:\rrxxrff.exe38⤵
- Executes dropped EXE
-
\??\c:\frxrrrl.exec:\frxrrrl.exe39⤵
- Executes dropped EXE
-
\??\c:\ttbbtt.exec:\ttbbtt.exe40⤵
- Executes dropped EXE
-
\??\c:\btbtnn.exec:\btbtnn.exe41⤵
- Executes dropped EXE
-
\??\c:\jdjpd.exec:\jdjpd.exe42⤵
- Executes dropped EXE
-
\??\c:\9dpdv.exec:\9dpdv.exe43⤵
- Executes dropped EXE
-
\??\c:\djvdv.exec:\djvdv.exe44⤵
- Executes dropped EXE
-
\??\c:\fxfrllx.exec:\fxfrllx.exe45⤵
- Executes dropped EXE
-
\??\c:\rlllrxx.exec:\rlllrxx.exe46⤵
- Executes dropped EXE
-
\??\c:\bthhtt.exec:\bthhtt.exe47⤵
- Executes dropped EXE
-
\??\c:\bbnnbb.exec:\bbnnbb.exe48⤵
- Executes dropped EXE
-
\??\c:\5vddp.exec:\5vddp.exe49⤵
- Executes dropped EXE
-
\??\c:\dvddv.exec:\dvddv.exe50⤵
- Executes dropped EXE
-
\??\c:\lllfrrr.exec:\lllfrrr.exe51⤵
- Executes dropped EXE
-
\??\c:\9xxfxrx.exec:\9xxfxrx.exe52⤵
- Executes dropped EXE
-
\??\c:\nnnhbb.exec:\nnnhbb.exe53⤵
- Executes dropped EXE
-
\??\c:\7nbttt.exec:\7nbttt.exe54⤵
- Executes dropped EXE
-
\??\c:\jvdpp.exec:\jvdpp.exe55⤵
- Executes dropped EXE
-
\??\c:\djjjv.exec:\djjjv.exe56⤵
- Executes dropped EXE
-
\??\c:\vvddp.exec:\vvddp.exe57⤵
- Executes dropped EXE
-
\??\c:\lfrlfxx.exec:\lfrlfxx.exe58⤵
- Executes dropped EXE
-
\??\c:\nbbbtn.exec:\nbbbtn.exe59⤵
- Executes dropped EXE
-
\??\c:\pjppv.exec:\pjppv.exe60⤵
- Executes dropped EXE
-
\??\c:\dpddd.exec:\dpddd.exe61⤵
- Executes dropped EXE
-
\??\c:\fxxxrfx.exec:\fxxxrfx.exe62⤵
- Executes dropped EXE
-
\??\c:\xrxrllx.exec:\xrxrllx.exe63⤵
- Executes dropped EXE
-
\??\c:\hntbbn.exec:\hntbbn.exe64⤵
- Executes dropped EXE
-
\??\c:\dvppv.exec:\dvppv.exe65⤵
- Executes dropped EXE
-
\??\c:\3dddj.exec:\3dddj.exe66⤵
-
\??\c:\xfflrrr.exec:\xfflrrr.exe67⤵
-
\??\c:\xlxxrrl.exec:\xlxxrrl.exe68⤵
-
\??\c:\bbbtnt.exec:\bbbtnt.exe69⤵
-
\??\c:\1bhhbh.exec:\1bhhbh.exe70⤵
-
\??\c:\7dvjj.exec:\7dvjj.exe71⤵
-
\??\c:\fxxrlff.exec:\fxxrlff.exe72⤵
-
\??\c:\xlxrxxf.exec:\xlxrxxf.exe73⤵
-
\??\c:\htnhhh.exec:\htnhhh.exe74⤵
-
\??\c:\hhnhth.exec:\hhnhth.exe75⤵
-
\??\c:\lxfflxf.exec:\lxfflxf.exe76⤵
-
\??\c:\fffxrxf.exec:\fffxrxf.exe77⤵
-
\??\c:\hbttnn.exec:\hbttnn.exe78⤵
-
\??\c:\tnnbbb.exec:\tnnbbb.exe79⤵
-
\??\c:\7vvpv.exec:\7vvpv.exe80⤵
-
\??\c:\fxxlfrx.exec:\fxxlfrx.exe81⤵
-
\??\c:\rfxxxfl.exec:\rfxxxfl.exe82⤵
-
\??\c:\nttttb.exec:\nttttb.exe83⤵
-
\??\c:\hhnttt.exec:\hhnttt.exe84⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe85⤵
-
\??\c:\rrrlxrr.exec:\rrrlxrr.exe86⤵
-
\??\c:\7rxffff.exec:\7rxffff.exe87⤵
-
\??\c:\hbnntt.exec:\hbnntt.exe88⤵
-
\??\c:\vjdjd.exec:\vjdjd.exe89⤵
-
\??\c:\jpjdv.exec:\jpjdv.exe90⤵
-
\??\c:\rxxrlff.exec:\rxxrlff.exe91⤵
-
\??\c:\btnnnn.exec:\btnnnn.exe92⤵
-
\??\c:\nbntth.exec:\nbntth.exe93⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe94⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe95⤵
-
\??\c:\rllxllr.exec:\rllxllr.exe96⤵
-
\??\c:\5xxxrrl.exec:\5xxxrrl.exe97⤵
-
\??\c:\nbbttt.exec:\nbbttt.exe98⤵
-
\??\c:\thhhtt.exec:\thhhtt.exe99⤵
-
\??\c:\jddvp.exec:\jddvp.exe100⤵
-
\??\c:\jjvpv.exec:\jjvpv.exe101⤵
-
\??\c:\rlflllr.exec:\rlflllr.exe102⤵
-
\??\c:\5lllfxr.exec:\5lllfxr.exe103⤵
-
\??\c:\nhttbt.exec:\nhttbt.exe104⤵
-
\??\c:\3tbbbb.exec:\3tbbbb.exe105⤵
-
\??\c:\pvjdd.exec:\pvjdd.exe106⤵
-
\??\c:\vjpvv.exec:\vjpvv.exe107⤵
-
\??\c:\xlrxlll.exec:\xlrxlll.exe108⤵
-
\??\c:\xlxxxff.exec:\xlxxxff.exe109⤵
-
\??\c:\hbtttt.exec:\hbtttt.exe110⤵
-
\??\c:\pdppj.exec:\pdppj.exe111⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe112⤵
-
\??\c:\rrffxxf.exec:\rrffxxf.exe113⤵
-
\??\c:\rfrrrxx.exec:\rfrrrxx.exe114⤵
-
\??\c:\5thhbh.exec:\5thhbh.exe115⤵
-
\??\c:\jvjdd.exec:\jvjdd.exe116⤵
-
\??\c:\ddpdv.exec:\ddpdv.exe117⤵
-
\??\c:\xffrfrx.exec:\xffrfrx.exe118⤵
-
\??\c:\llffffx.exec:\llffffx.exe119⤵
-
\??\c:\thnhbb.exec:\thnhbb.exe120⤵
-
\??\c:\ntnbbb.exec:\ntnbbb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-